Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix digest auth #789

Merged
merged 2 commits into from
Apr 16, 2024
Merged

Fix digest auth #789

merged 2 commits into from
Apr 16, 2024

Conversation

phw
Copy link
Contributor

@phw phw commented Apr 12, 2024

This re-implements parsing the digest challenge to fix authentication against servers returning multiple values for qop.

Take this example from https://httpwg.org/specs/rfc7616.html:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest
    realm="[email protected]",
    qop="auth, auth-int",
    algorithm=SHA-256,
    nonce="7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v",
    opaque="FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS"

Here qop is set to qop="auth, auth-int". Because the previous parser split the entire list by comma to obtain the key value pairs this gets separated into qop="auth and auth-int", which eventually failes to parse.

The new parser goes over the challenge rune by rune and does not split when inside a quotation.

Also some servers will respond with qop="auth,auth-int" (no space after the comma). Hence also adjust validateQop to handle this.

phw added 2 commits April 12, 2024 19:10
Reimplement parsing of digest auth challenge to handle cases where
the values of key/value pairs contain commas, such as in
qop="auth, auth-int"
The digest auth qop validation did only handle values separated
like "auth, auth-int", but not "auth,auth-int".
@phw phw force-pushed the fix-digest-auth branch from 221087c to 853c78d Compare April 12, 2024 17:10
@jeevatkm jeevatkm added this to the v2.13.0 milestone Apr 13, 2024
Copy link
Member

@jeevatkm jeevatkm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@phw Thanks for the PR.

@jeevatkm jeevatkm merged commit 877d7e3 into go-resty:v2 Apr 16, 2024
1 check passed
Michsior14 referenced this pull request in Michsior14/transmission-gluetun-port-update May 9, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/go-resty/resty/v2](https://togithub.com/go-resty/resty) |
`v2.12.0` -> `v2.13.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>go-resty/resty (github.com/go-resty/resty/v2)</summary>

###
[`v2.13.0`](https://togithub.com/go-resty/resty/releases/tag/v2.13.0)

[Compare
Source](https://togithub.com/go-resty/resty/compare/v2.12.0...v2.13.0)

### Release Notes

#### Enhancements

- build: update github actions by
[@&#8203;segevda](https://togithub.com/segevda) in
[https://github.com/go-resty/resty/pull/785](https://togithub.com/go-resty/resty/pull/785)
- update dependency golang.org/x/net and codecov ci integration by
[@&#8203;jeevatkm](https://togithub.com/jeevatkm) in
[https://github.com/go-resty/resty/pull/792](https://togithub.com/go-resty/resty/pull/792)

#### Bug Fixes

- fix: digest auth by [@&#8203;phw](https://togithub.com/phw) in
[https://github.com/go-resty/resty/pull/789](https://togithub.com/go-resty/resty/pull/789)

#### New Contributors

- [@&#8203;phw](https://togithub.com/phw) made their first contribution
in
[https://github.com/go-resty/resty/pull/789](https://togithub.com/go-resty/resty/pull/789)

**Full Changelog**:
go-resty/resty@v2.12.0...v2.13.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Michsior14/transmission-gluetun-port-update).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@phw phw deleted the fix-digest-auth branch May 12, 2024 09:27
renovate bot referenced this pull request in anza-labs/lke-operator May 14, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/go-resty/resty/v2](https://togithub.com/go-resty/resty) |
`v2.12.0` -> `v2.13.1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgo-resty%2fresty%2fv2/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-resty%2fresty%2fv2/v2.12.0/v2.13.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>go-resty/resty (github.com/go-resty/resty/v2)</summary>

###
[`v2.13.1`](https://togithub.com/go-resty/resty/releases/tag/v2.13.1)

[Compare
Source](https://togithub.com/go-resty/resty/compare/v2.13.0...v2.13.1)

### Release Notes

#### Fixes

- fix: correct resty version number which was missed in the previous
release by [@&#8203;jeevatkm](https://togithub.com/jeevatkm) in
[https://github.com/go-resty/resty/pull/793](https://togithub.com/go-resty/resty/pull/793)

**Full Changelog**:
go-resty/resty@v2.13.0...v2.13.1

###
[`v2.13.0`](https://togithub.com/go-resty/resty/releases/tag/v2.13.0)

[Compare
Source](https://togithub.com/go-resty/resty/compare/v2.12.0...v2.13.0)

### Release Notes

#### Enhancements

- build: update github actions by
[@&#8203;segevda](https://togithub.com/segevda) in
[https://github.com/go-resty/resty/pull/785](https://togithub.com/go-resty/resty/pull/785)
- update dependency golang.org/x/net and codecov ci integration by
[@&#8203;jeevatkm](https://togithub.com/jeevatkm) in
[https://github.com/go-resty/resty/pull/792](https://togithub.com/go-resty/resty/pull/792)

#### Bug Fixes

- fix: digest auth by [@&#8203;phw](https://togithub.com/phw) in
[https://github.com/go-resty/resty/pull/789](https://togithub.com/go-resty/resty/pull/789)

#### New Contributors

- [@&#8203;phw](https://togithub.com/phw) made their first contribution
in
[https://github.com/go-resty/resty/pull/789](https://togithub.com/go-resty/resty/pull/789)

**Full Changelog**:
go-resty/resty@v2.12.0...v2.13.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/anza-labs/lke-operator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhcmVhL2RlcGVuZGVuY3kiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

2 participants