Closed awick closed 12 years ago
Thanks for the patch! I've merged this into the digest-ha1 branch, and will be moving it to master soon. Do you know of any definitive spec on the ha1 algorithm? A quick Google search didn't turn up anything obvious, and I'd like to make note of something in the documentation.
Thanks!
Nevermind. Just reread the patch more carefully. My question doesn't make sense.
Merged and published to npm as passport-http v0.1.4.
Heads up: I just published passport-http v0.2.0 which optimizes the callbacks used in the Digest strategy. It's detailed in the README, but they now look like this:
passport.use(new DigestStrategy({ qop: 'auth' },
function(username, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
return done(null, user, user.password);
});
},
function(params, done) {
// validate nonces as necessary
done(null, true)
}
));
Basically, user
now gets supplied by the first "secret" callback, and the final callback (which is optional), is just used to check nones and the like. This also eliminates the redundant query by username needed in the two callbacks in the 0.1.x strain.
Parse of
username=foo, realm="Users", nonce="C8KaC3ZZ1Z0EkU5cET3ACWVB5xYXhm1r", uri="/sessions.json?sEcho=2&iColumns=12", response="dcf32010f6b88a29cf51086f0929911a", qop=auth, nc=000001b6, cnonce="886127dfc73d3a5d"
would generate bad uri
username="foo", realm="Users", nonce="C8KaC3ZZ1Z0EkU5cET3ACWVB5xYXhm1r", uri="/sessions.json?sEcho="2&iColumns=12"", response="dcf32010f6b88a29cf51086f0929911a", qop="auth", nc="000001b6", cnonce="886127dfc73d3a5d"