integrated Digest auth improvements from Anton Yabchinskiy

2025-11-02 03:27:56 +00:00 · 2012-01-09 15:50:57 +00:00
parent 8a237eb674
commit 9712de78ef
3 changed files with 73 additions and 18 deletions
--- a/Net/include/Poco/Net/HTTPCredentials.h
+++ b/Net/include/Poco/Net/HTTPCredentials.h
@@ -1,7 +1,7 @@
 //
 // HTTPCredentials.h
 //
-// $Id: //poco/1.4/Net/include/Poco/Net/HTTPCredentials.h#2 $
+// $Id: //poco/1.4/Net/include/Poco/Net/HTTPCredentials.h#3 $
 //
 // Library: Net
 // Package: HTTP
@@ -102,6 +102,16 @@ public:
 	~HTTPCredentials();
 		/// Destroys the HTTPCredentials.

+	void fromUserInfo(const std::string& userInfo);
+		/// Parses username:password string and sets username and password of
+		/// the credentials object.
+		/// Throws SyntaxException on invalid user information.
+
+	void fromURI(const URI& uri);
+		/// Extracts username and password from the given URI and sets username
+		/// and password of the credentials object.
+		/// Does nothing if URI has no user info part.
+
 	void setUsername(const std::string& username);
 		/// Sets the username.

@@ -132,6 +142,12 @@ public:
 	static bool isDigestCredentials(const std::string& header);
 		/// Returns true if authentication header is for Digest authentication.

+	static bool hasBasicCredentials(const HTTPRequest& request);
+		/// Returns true if Authorization with Basic credentials header is present in the request.
+
+	static bool hasDigestCredentials(const HTTPRequest& request);
+		/// Returns true if Authorization with Digest credentials header is present in the request.
+
 	static void extractCredentials(const std::string& userInfo, std::string& username, std::string& password);
 		/// Extracts username and password from user:password information string.

--- a/Net/src/HTTPCredentials.cpp
+++ b/Net/src/HTTPCredentials.cpp
@@ -1,7 +1,7 @@
 //
 // HTTPCredentials.cpp
 //
-// $Id: //poco/1.4/Net/src/HTTPCredentials.cpp#1 $
+// $Id: //poco/1.4/Net/src/HTTPCredentials.cpp#2 $
 //
 // Library: Net
 // Package: HTTP
@@ -42,6 +42,7 @@
 #include "Poco/Net/HTTPResponse.h"
 #include "Poco/Net/NetException.h"
 #include "Poco/String.h"
+#include "Poco/Ascii.h"
 #include "Poco/URI.h"


@@ -68,6 +69,30 @@ HTTPCredentials::~HTTPCredentials()
 }


+void HTTPCredentials::fromUserInfo(const std::string& userInfo)
+{
+	std::string username;
+	std::string password;
+
+	extractCredentials(userInfo, username, password);
+	setUsername(username);
+	setPassword(password);
+	// TODO: Reset digest state?
+}
+
+
+void HTTPCredentials::fromURI(const URI& uri)
+{
+	std::string username;
+	std::string password;
+
+	extractCredentials(uri, username, password);
+	setUsername(username);
+	setPassword(password);
+	// TODO: Reset digest state?
+}
+
+
 void HTTPCredentials::authenticate(HTTPRequest& request, const HTTPResponse& response)
 {
 	for (HTTPResponse::ConstIterator iter = response.find("WWW-Authenticate"); iter != response.end(); ++iter)
@@ -88,9 +113,9 @@ void HTTPCredentials::authenticate(HTTPRequest& request, const HTTPResponse& res

 void HTTPCredentials::updateAuthInfo(HTTPRequest& request)
 {
-	if (request.has("Authorization")) 
+	if (request.has(HTTPRequest::AUTHORIZATION)) 
 	{
-		const std::string& authorization = request.get("Authorization");
+		const std::string& authorization = request.get(HTTPRequest::AUTHORIZATION);

 		if (isBasicCredentials(authorization)) 
 		{
@@ -106,13 +131,25 @@ void HTTPCredentials::updateAuthInfo(HTTPRequest& request)

 bool HTTPCredentials::isBasicCredentials(const std::string& header)
 {
-	return icompare(header, 0, 6, "Basic ") == 0;
+	return icompare(header, 0, 5, "Basic") == 0 && (header.size() > 5 ? Poco::Ascii::isSpace(header[5]) : true);
 }


 bool HTTPCredentials::isDigestCredentials(const std::string& header)
 {
-	return icompare(header, 0, 7, "Digest ") == 0;
+	return icompare(header, 0, 6, "Digest") == 0 && (header.size() > 6 ? Poco::Ascii::isSpace(header[6]) : true);
+}
+
+
+bool HTTPCredentials::hasBasicCredentials(const HTTPRequest& request)
+{
+	return request.has(HTTPRequest::AUTHORIZATION) && isBasicCredentials(request.get(HTTPRequest::AUTHORIZATION));
+}
+
+
+bool HTTPCredentials::hasDigestCredentials(const HTTPRequest& request)
+{
+	return request.has(HTTPRequest::AUTHORIZATION) && isDigestCredentials(request.get(HTTPRequest::AUTHORIZATION));
 }


--- a/Net/src/HTTPDigestCredentials.cpp
+++ b/Net/src/HTTPDigestCredentials.cpp
@@ -1,7 +1,7 @@
 //
 // HTTPDigestCredentials.cpp
 //
-// $Id: //poco/1.4/Net/src/HTTPDigestCredentials.cpp#2 $
+// $Id: //poco/1.4/Net/src/HTTPDigestCredentials.cpp#3 $
 //
 // Library: Net
 // Package: HTTP
@@ -200,12 +200,7 @@ void HTTPDigestCredentials::createAuthParams(const HTTPRequest& request, const H

 	if (qop.empty())
 	{
-		MD5Engine engine;
-
-		const std::string ha1 = digest(engine, _username, realm, _password);
-		const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
-
-		_requestAuthParams.set(RESPONSE_PARAM, digest(engine, ha1, nonce, ha2));
+		updateAuthParams(request);
 	} 
 	else
 	{
@@ -230,13 +225,20 @@ void HTTPDigestCredentials::createAuthParams(const HTTPRequest& request, const H

 void HTTPDigestCredentials::updateAuthParams(const HTTPRequest& request)
 {
+	MD5Engine engine;
 	const std::string& qop = _requestAuthParams.get(QOP_PARAM, DEFAULT_QOP);
-	if (icompare(qop, AUTH_PARAM) == 0) 
-	{
-		MD5Engine engine;
+	const std::string& realm = _requestAuthParams.getRealm();
+	const std::string& nonce = _requestAuthParams.get(NONCE_PARAM);

-		const std::string& nonce = _requestAuthParams.get(NONCE_PARAM);
-		const std::string& realm = _requestAuthParams.getRealm();
+	if (qop.empty())
+	{
+		const std::string ha1 = digest(engine, _username, realm, _password);
+		const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
+
+		_requestAuthParams.set(RESPONSE_PARAM, digest(engine, ha1, nonce, ha2));
+	}
+	else if (icompare(qop, AUTH_PARAM) == 0) 
+	{
 		const std::string& cnonce = _requestAuthParams.get(CNONCE_PARAM);

 		const std::string ha1 = digest(engine, _username, realm, _password);