possible incorrect check of cn parameter in httpauth.py
I have a questions about function _parseDigestAuthorization lines 144-146 in lib/httpauth.py
# If qop is sent then cnonce and cn MUST be present if params.has_key("qop") and not params.has_key("cnonce") \ and params.has_key("cn"):
I don't know what "cn" is. I don't see where it's used in CherryPy code or in RFC2617. (Maybe it's used in some other RFC, but I don't know which one would be relevant.) "nc" is used in the CherryPy code and RFC2617, so maybe "cn" is a typo for "nc"?
The comment says that "cn" must be present, but the code returns error (None) if it is present. Maybe missing ()?
The code would make more sense to me if it was:
if params.has_key("qop") and not (params.has_key("cnonce") \ and params.has_key("nc")):
This code has been stable for quite some time, so I apologize in advance if I'm misunderstanding things.
Reported by firstname.lastname@example.org