Anonymous avatar Anonymous committed cf08566

Fixed request.method not being passed through verify and digest to compute_hA2. Reported by Andrew Alcock.

Comments (0)

Files changed (1)

digestAuth/authdigest.py

         hashPass = self[authorization.username]
         if hashPass is None:
             return authResult.deny('unknown_user')
-        elif not self.alg.verify(authorization, hashPass, **kw):
+        elif not self.alg.verify(authorization, hashPass, request.method, **kw):
             return authResult.deny('invalid_password')
         else:
             return authResult.approve('success')
         self.algorithm = algorithm.lower()
         self.H = self.hashAlgorithms[self.algorithm]
 
-    def verify(self, authorization, hashPass=None, **kw):
-        reqResponse = self.digest(authorization, hashPass, **kw)
+    def verify(self, authorization, hashPass=None, method='GET', **kw):
+        reqResponse = self.digest(authorization, hashPass, method, **kw)
         if reqResponse:
             return (authorization.response.lower() == reqResponse.lower())
 
-    def digest(self, authorization, hashPass=None, **kw):
+    def digest(self, authorization, hashPass=None, method='GET', **kw):
         if authorization is None:
             return None
 
             hA1 = self._compute_hA1(authorization, kw['password'])
         else: hA1 = hashPass
 
-        hA2 = self._compute_hA2(authorization, kw.pop('method', 'GET'))
+        hA2 = self._compute_hA2(authorization, method)
 
         if 'auth' in authorization.qop:
             res = self._compute_qop_auth(authorization, hA1, hA2)
 
     def _compute_hA1(self, auth, password=None):
         return self.hashPassword(auth.username, auth.realm, password or auth.password)
-    def _compute_hA2(self, auth, method):
+    def _compute_hA2(self, auth, method='GET'):
         return self.H(method, auth.uri)
     def _compute_qop_auth(self, auth, hA1, hA2):
         return self.H(hA1, auth.nonce, auth.nc, auth.cnonce, auth.qop, hA2)
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.