Anonymous avatar Anonymous committed c5138df

Fix digest authentication (it was picking up commas inside of the digest auth values)

Comments (0)

Files changed (1)

paste/auth/digest.py

 import time, random
 from urllib import quote as url_quote
 
+def _split_auth_string(auth_string):
+    """ split a digest auth string into individual key=value strings """
+    prev = None
+    for item in auth_string.split(","):
+        try:
+            if prev.count('"') == 1:
+                prev = "%s,%s" % (prev, item)
+                continue
+        except AttributeError:
+            if prev == None:
+                prev = item
+                continue
+            else:
+                raise StopIteration
+        yield prev.strip()
+        prev = item
+
+    yield prev.strip()
+    raise StopIteration
+
+def _auth_to_kv_pairs(auth_string):
+    """ split a digest auth string into key, value pairs """
+    for item in _split_auth_string(auth_string):
+        (k, v) = item.split("=", 1)
+        if v.startswith('"') and len(v) > 1 and v.endswith('"'):
+            v = v[1:-1]
+        yield (k, v)
+
 def digest_password(realm, username, password):
     """ construct the appropriate hashcode needed for HTTP digest """
     return md5("%s:%s:%s" % (username, realm, password)).hexdigest()
         (authmeth, auth) = authorization.split(" ", 1)
         if 'digest' != authmeth.lower():
             return self.build_authentication()
-        amap = {}
-        for itm in auth.split(","):
-            (k,v) = [s.strip() for s in itm.strip().split("=", 1)]
-            amap[k] = v.replace('"', '')
+        amap = dict(_auth_to_kv_pairs(auth))
         try:
             username = amap['username']
             authpath = amap['uri']
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.