fix: process headers correctly in Digest Auth and other updates (#4494)
This commit is contained in:
James George
GitHub
@@ -15,6 +15,7 @@ export interface DigestAuthParams {
|
||||
nc?: string;
|
||||
opaque?: string;
|
||||
cnonce?: string; // client nonce (optional but typically required in qop='auth')
|
||||
reqBody?: string;
|
||||
}
|
||||
|
||||
export interface DigestAuthInfo {
|
||||
@@ -55,18 +56,28 @@ export const generateDigestAuthHeader = async (params: DigestAuthParams) => {
|
||||
nc = "00000001",
|
||||
opaque,
|
||||
cnonce,
|
||||
reqBody = "",
|
||||
} = params;
|
||||
|
||||
const uri = endpoint.replace(/(^\w+:|^)\/\//, "");
|
||||
const url = new URL(endpoint);
|
||||
const uri = url.pathname + url.search;
|
||||
|
||||
// Generate client nonce if not provided
|
||||
const generatedCnonce = cnonce || md5(`${Math.random()}`);
|
||||
|
||||
// Step 1: Hash the username, realm, and password
|
||||
const ha1 = md5(`${username}:${realm}:${password}`);
|
||||
// Step 1: Hash the username, realm, password and any additional fields based on the algorithm
|
||||
const ha1 =
|
||||
algorithm === "MD5-sess"
|
||||
? md5(
|
||||
`${md5(`${username}:${realm}:${password}`)}:${nonce}:${generatedCnonce}`
|
||||
)
|
||||
: md5(`${username}:${realm}:${password}`);
|
||||
|
||||
// Step 2: Hash the method and URI
|
||||
const ha2 = md5(`${method}:${uri}`);
|
||||
const ha2 =
|
||||
qop === "auth-int"
|
||||
? md5(`${method}:${uri}:${md5(reqBody)}`) // Entity body hash for `auth-int`
|
||||
: md5(`${method}:${uri}`);
|
||||
|
||||
// Step 3: Compute the response hash
|
||||
const response = md5(
|
||||
@@ -95,9 +106,21 @@ export const fetchInitialDigestAuthInfo = async (
|
||||
validateStatus: () => true, // Allow handling of all status codes
|
||||
});
|
||||
|
||||
if (disableRetry) {
|
||||
throw new Error(
|
||||
`Received status: ${initialResponse.status}. Retry is disabled as specified, so no further attempts will be made.`
|
||||
);
|
||||
}
|
||||
|
||||
// Check if the response status is 401 (which is expected in Digest Auth flow)
|
||||
if (initialResponse.status === 401 && !disableRetry) {
|
||||
const authHeader = initialResponse.headers["www-authenticate"];
|
||||
if (initialResponse.status === 401) {
|
||||
const authHeaderEntry = Object.keys(initialResponse.headers).find(
|
||||
(header) => header.toLowerCase() === "www-authenticate"
|
||||
);
|
||||
|
||||
const authHeader = authHeaderEntry
|
||||
? (initialResponse.headers[authHeaderEntry] ?? null)
|
||||
: null;
|
||||
|
||||
if (authHeader) {
|
||||
const authParams = parseDigestAuthHeader(authHeader);
|
||||
@@ -119,13 +142,9 @@ export const fetchInitialDigestAuthInfo = async (
|
||||
throw new Error(
|
||||
"Failed to parse authentication parameters from WWW-Authenticate header"
|
||||
);
|
||||
} else if (initialResponse.status === 401 && disableRetry) {
|
||||
throw new Error(
|
||||
`401 Unauthorized received. Retry is disabled as specified, so no further attempts will be made.`
|
||||
);
|
||||
} else {
|
||||
throw new Error(`Unexpected response: ${initialResponse.status}`);
|
||||
}
|
||||
|
||||
throw new Error(`Unexpected response: ${initialResponse.status}`);
|
||||
} catch (error) {
|
||||
const errMsg = error instanceof Error ? error.message : error;
|
||||
|
||||
|
||||
@@ -120,6 +120,15 @@ export async function getEffectiveRESTRequest(
|
||||
}
|
||||
const effectiveFinalParams = _effectiveFinalParams.right;
|
||||
|
||||
// Parsing final-body with applied ENVs.
|
||||
const _effectiveFinalBody = getFinalBodyFromRequest(
|
||||
request,
|
||||
resolvedVariables
|
||||
);
|
||||
if (E.isLeft(_effectiveFinalBody)) {
|
||||
return _effectiveFinalBody;
|
||||
}
|
||||
|
||||
// Authentication
|
||||
if (request.auth.authActive) {
|
||||
// TODO: Support a better b64 implementation than btoa ?
|
||||
@@ -266,6 +275,7 @@ export async function getEffectiveRESTRequest(
|
||||
opaque: request.auth.opaque
|
||||
? parseTemplateString(request.auth.opaque, resolvedVariables)
|
||||
: authInfo.opaque,
|
||||
reqBody: typeof request.body.body === "string" ? request.body.body : "",
|
||||
};
|
||||
|
||||
// Step 3: Generate the Authorization header
|
||||
@@ -280,14 +290,6 @@ export async function getEffectiveRESTRequest(
|
||||
}
|
||||
}
|
||||
|
||||
// Parsing final-body with applied ENVs.
|
||||
const _effectiveFinalBody = getFinalBodyFromRequest(
|
||||
request,
|
||||
resolvedVariables
|
||||
);
|
||||
if (E.isLeft(_effectiveFinalBody)) {
|
||||
return _effectiveFinalBody;
|
||||
}
|
||||
const effectiveFinalBody = _effectiveFinalBody.right;
|
||||
|
||||
if (
|
||||
|
||||
@@ -240,7 +240,9 @@ export const processRequest =
|
||||
|
||||
// Updating report for errors & current result
|
||||
report.errors.push(preRequestRes.left);
|
||||
report.result = report.result;
|
||||
|
||||
// Ensure, the CLI fails with a non-zero exit code if there are any errors
|
||||
report.result = false;
|
||||
} else {
|
||||
// Updating effective-request and consuming updated envs after pre-request script execution
|
||||
({ effectiveRequest, updatedEnvs } = preRequestRes.right);
|
||||
@@ -268,7 +270,9 @@ export const processRequest =
|
||||
if (E.isLeft(requestRunnerRes)) {
|
||||
// Updating report for errors & current result
|
||||
report.errors.push(requestRunnerRes.left);
|
||||
report.result = report.result;
|
||||
|
||||
// Ensure, the CLI fails with a non-zero exit code if there are any errors
|
||||
report.result = false;
|
||||
|
||||
printRequestRunner.fail();
|
||||
} else {
|
||||
@@ -291,7 +295,9 @@ export const processRequest =
|
||||
|
||||
// Updating report with current errors & result.
|
||||
report.errors.push(testRunnerRes.left);
|
||||
report.result = report.result;
|
||||
|
||||
// Ensure, the CLI fails with a non-zero exit code if there are any errors
|
||||
report.result = false;
|
||||
} else {
|
||||
const { envs, testsReport, duration } = testRunnerRes.right;
|
||||
const _hasFailedTestCases = hasFailedTestCases(testsReport);
|
||||
|
||||
Reference in New Issue
Block a user