1. cherrypy
  2. CherryPy

Commits

Sylvain Hellegouarch  committed 8970af8

Fixed #759

  • Participants
  • Parent commits e7cd0c9
  • Branches default

Comments (0)

Files changed (1)

File cherrypy/lib/httpauth.py

View file
  • Ignore whitespace
 SUPPORTED_ALGORITHM - list of supported 'Digest' algorithms
 SUPPORTED_QOP - list of supported 'Digest' 'qop'.
 """
-__version__ = 1, 0, 0
+__version__ = 1, 0, 1
 __author__ = "Tiago Cogumbreiro <cogumbreiro@users.sf.net>"
 __credits__ = """
     Peter van Kampen for its recipe which implement most of Digest authentication:
         if not params.has_key(k):
             return None
 
-    # If qop is sent then cnonce and cn MUST be present
-    if params.has_key("qop") and not params.has_key("cnonce") \
-                                  and params.has_key("cn"):
+    # If qop is sent then cnonce and nc MUST be present
+    if params.has_key("qop") and not (params.has_key("cnonce") \
+                                      and params.has_key("nc")):
+        return None
+
+    # If qop is not sent, neither cnonce nor nc can be present
+    if (params.has_key("cnonce") or params.has_key("nc")) and \
+       not params.has_key("qop"):
         return None
 
     return params