search

jaredhanson / passport-http

HTTP Basic and Digest authentication strategies for Passport and Node.js.
https://www.passportjs.org/packages/passport-http/?utm_source=github&utm_medium=referral&utm_campaign=passport-http&utm_content=about
MIT License
268 stars 110 forks source link

Now it works with Express 4+ relative urls #49

Open delian opened 9 years ago

delian commented 9 years ago

Hello, I am proposing a little fix that adds req.baseUrl to the req.url to creds.uri checkup and this way allows the passport-http digest authentication to work fine with Express4 and 5 and especially with the relative urls it introduces.

If you build default project with Express4, you cannot simply add passport-http digest authentication to a sand-boxed route file, because digest.js verify req.uri to creds.uri. But req.uri is always relative while creds.uri is always full. Therefore the correct comparison is req.baseUrl+req.url == creds.uri.

This fix is quite simple and works very well to me, while it shall preserve compatibility with the old express versions.

Signed-off-by: Delian Delchev delian.delchev@gmail.com

cirinoalejandro commented 8 years ago

I would like this to be merged, just found the same issue, and the fix works.

sashkamal commented 8 years ago

Can we get this merged. Thanks.

matthewjustice commented 8 years ago

I ran into the same issue and the fix looks good. Can this be merged? Thank you!

beaulac commented 4 years ago

This is still an issue 4 years later :(

Is there a reason this change has not been merged?