New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix digest auth #789

Merged

jeevatkm merged 2 commits into go-resty:v2 from phw:fix-digest-auth

Apr 16, 2024

Contributor

phw commented Apr 12, 2024 •

edited

Loading

This re-implements parsing the digest challenge to fix authentication against servers returning multiple values for qop.

Take this example from https://httpwg.org/specs/rfc7616.html:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest
    realm="http-auth@example.org",
    qop="auth, auth-int",
    algorithm=SHA-256,
    nonce="7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v",
    opaque="FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS"

Here qop is set to qop="auth, auth-int". Because the previous parser split the entire list by comma to obtain the key value pairs this gets separated into qop="auth and auth-int", which eventually failes to parse.

The new parser goes over the challenge rune by rune and does not split when inside a quotation.

Also some servers will respond with qop="auth,auth-int" (no space after the comma). Hence also adjust validateQop to handle this.

phw added 2 commits

April 12, 2024 19:10


          fix: handle commas in digest challenge values

ff6ba7a

Reimplement parsing of digest auth challenge to handle cases where
the values of key/value pairs contain commas, such as in
qop="auth, auth-int"


          fix: digest auth handle qop values separated without spaces

853c78d

The digest auth qop validation did only handle values separated
like "auth, auth-int", but not "auth,auth-int".

phw force-pushed the fix-digest-auth branch from 221087c to 853c78d Compare

April 12, 2024 17:10

jeevatkm assigned phw

jeevatkm added this to the v2.13.0 milestone

jeevatkm approved these changes

View reviewed changes

Member

jeevatkm left a comment

@phw Thanks for the PR.

jeevatkm added the enhancement label

jeevatkm merged commit 877d7e3 into go-resty:v2

1 check passed

Michsior14 referenced this pull request in Michsior14/transmission-gluetun-port-update


          build(deps): update module github.com/go-resty/resty/v2 to v2.13.0 (#12)

2d7c2ce

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) |
`v2.12.0` -> `v2.13.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>go-resty/resty (github.com/go-resty/resty/v2)</summary>

###
[`v2.13.0`](https://github.com/go-resty/resty/releases/tag/v2.13.0)

[Compare
Source](https://github.com/go-resty/resty/compare/v2.12.0...v2.13.0)

### Release Notes

#### Enhancements

- build: update github actions by
[@&#8203;segevda](https://github.com/segevda) in
[https://github.com/go-resty/resty/pull/785](https://github.com/go-resty/resty/pull/785)
- update dependency golang.org/x/net and codecov ci integration by
[@&#8203;jeevatkm](https://github.com/jeevatkm) in
[https://github.com/go-resty/resty/pull/792](https://github.com/go-resty/resty/pull/792)

#### Bug Fixes

- fix: digest auth by [@&#8203;phw](https://github.com/phw) in
[https://github.com/go-resty/resty/pull/789](https://github.com/go-resty/resty/pull/789)

#### New Contributors

- [@&#8203;phw](https://github.com/phw) made their first contribution
in
[https://github.com/go-resty/resty/pull/789](https://github.com/go-resty/resty/pull/789)

**Full Changelog**:
go-resty/resty@v2.12.0...v2.13.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Michsior14/transmission-gluetun-port-update).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

phw deleted the fix-digest-auth branch

May 12, 2024 09:27

renovate bot referenced this pull request in anza-labs/lke-operator


          fix(deps): update module github.com/go-resty/resty/v2 to v2.13.1 (#7)

45dec2d

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) |
`v2.12.0` -> `v2.13.1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>go-resty/resty (github.com/go-resty/resty/v2)</summary>

###
[`v2.13.1`](https://github.com/go-resty/resty/releases/tag/v2.13.1)

[Compare
Source](https://github.com/go-resty/resty/compare/v2.13.0...v2.13.1)

### Release Notes

#### Fixes

- fix: correct resty version number which was missed in the previous
release by [@&#8203;jeevatkm](https://github.com/jeevatkm) in
[https://github.com/go-resty/resty/pull/793](https://github.com/go-resty/resty/pull/793)

**Full Changelog**:
go-resty/resty@v2.13.0...v2.13.1

###
[`v2.13.0`](https://github.com/go-resty/resty/releases/tag/v2.13.0)

[Compare
Source](https://github.com/go-resty/resty/compare/v2.12.0...v2.13.0)

### Release Notes

#### Enhancements

- build: update github actions by
[@&#8203;segevda](https://github.com/segevda) in
[https://github.com/go-resty/resty/pull/785](https://github.com/go-resty/resty/pull/785)
- update dependency golang.org/x/net and codecov ci integration by
[@&#8203;jeevatkm](https://github.com/jeevatkm) in
[https://github.com/go-resty/resty/pull/792](https://github.com/go-resty/resty/pull/792)

#### Bug Fixes

- fix: digest auth by [@&#8203;phw](https://github.com/phw) in
[https://github.com/go-resty/resty/pull/789](https://github.com/go-resty/resty/pull/789)

#### New Contributors

- [@&#8203;phw](https://github.com/phw) made their first contribution
in
[https://github.com/go-resty/resty/pull/789](https://github.com/go-resty/resty/pull/789)

**Full Changelog**:
go-resty/resty@v2.12.0...v2.13.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/anza-labs/lke-operator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhcmVhL2RlcGVuZGVuY3kiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels