fix: process headers correctly in Digest Auth and other updates (#4494)

2024-10-30 04:42:19 -07:00
parent 1236e6b719
commit 8ac934599a
8 changed files with 105 additions and 85 deletions
--- a/packages/hoppscotch-common/src/components/http/authorization/Digest.vue
+++ b/packages/hoppscotch-common/src/components/http/authorization/Digest.vue
@@ -129,14 +129,15 @@
      />
    </div>

-    <div class="px-4 pt-3 pb-6">
+    <!-- TODO: Enable once request failure due to disabling retries is handled gracefully -->
+    <!-- <div class="px-4 pt-3 pb-6">
      <HoppSmartCheckbox
        :on="auth.disableRetry"
        @change="auth.disableRetry = !auth.disableRetry"
      >
        {{ t("authorization.digest.disable_retry") }}
      </HoppSmartCheckbox>
-    </div>
+    </div> -->
  </div>
 </template>

--- a/packages/hoppscotch-common/src/helpers/auth/digest.ts
+++ b/packages/hoppscotch-common/src/helpers/auth/digest.ts
@@ -17,6 +17,7 @@ export interface DigestAuthParams {
  nc?: string
  opaque?: string
  cnonce?: string // client nonce (optional but typically required in qop='auth')
+  reqBody?: string
 }

 // Function to generate Digest Auth Header
@@ -33,18 +34,28 @@ export async function generateDigestAuthHeader(params: DigestAuthParams) {
    nc = "00000001",
    opaque,
    cnonce,
+    reqBody = " ",
  } = params

-  const uri = endpoint.replace(/(^\w+:|^)\/\//, "")
+  const url = new URL(endpoint)
+  const uri = url.pathname + url.search

  // Generate client nonce if not provided
  const generatedCnonce = cnonce || md5(`${Math.random()}`)

-  // Step 1: Hash the username, realm, and password
-  const ha1 = md5(`${username}:${realm}:${password}`)
+  // Step 1: Hash the username, realm, password and any additional fields based on the algorithm
+  const ha1 =
+    algorithm === "MD5-sess"
+      ? md5(
+          `${md5(`${username}:${realm}:${password}`)}:${nonce}:${generatedCnonce}`
+        )
+      : md5(`${username}:${realm}:${password}`)

  // Step 2: Hash the method and URI
-  const ha2 = md5(`${method}:${uri}`)
+  const ha2 =
+    qop === "auth-int"
+      ? md5(`${method}:${uri}:${md5(reqBody)}`) // Entity body hash for `auth-int`
+      : md5(`${method}:${uri}`)

  // Step 3: Compute the response hash
  const response = md5(`${ha1}:${nonce}:${nc}:${generatedCnonce}:${qop}:${ha2}`)
@@ -69,8 +80,7 @@ export interface DigestAuthInfo {

 export async function fetchInitialDigestAuthInfo(
  url: string,
-  method: string,
-  disableRetry: boolean
+  method: string
 ): Promise<DigestAuthInfo> {
  const t = getI18n()

@@ -91,8 +101,14 @@ export async function fetchInitialDigestAuthInfo(
    }

    // Check if the response status is 401 (which is expected in Digest Auth flow)
-    if (initialResponse.right.status === 401 && !disableRetry) {
-      const authHeader = initialResponse.right.headers["www-authenticate"]
+    if (initialResponse.right.status === 401) {
+      const authHeaderEntry = Object.keys(initialResponse.right.headers).find(
+        (header) => header.toLowerCase() === "www-authenticate"
+      )
+
+      const authHeader = authHeaderEntry
+        ? (initialResponse.right.headers[authHeaderEntry] ?? null)
+        : null

      if (authHeader) {
        const authParams = parseDigestAuthHeader(authHeader)
@@ -111,16 +127,13 @@ export async function fetchInitialDigestAuthInfo(
          }
        }
      }
+
      throw new Error(
        "Failed to parse authentication parameters from WWW-Authenticate header"
      )
-    } else if (initialResponse.right.status === 401 && disableRetry) {
-      throw new Error(
-        `401 Unauthorized received. Retry is disabled as specified, so no further attempts will be made.`
-      )
-    } else {
-      throw new Error(`Unexpected response: ${initialResponse.right.status}`)
    }
+
+    throw new Error(`Unexpected response: ${initialResponse.right.status}`)
  } catch (error) {
    const errMsg = error instanceof Error ? error.message : error

--- a/packages/hoppscotch-common/src/helpers/utils/EffectiveURL.ts
+++ b/packages/hoppscotch-common/src/helpers/utils/EffectiveURL.ts
@@ -111,8 +111,13 @@ export const getComputedAuthHeaders = async (
    // Step 1: Fetch the initial auth info (nonce, realm, etc.)
    const authInfo = await fetchInitialDigestAuthInfo(
      parseTemplateString(endpoint, envVars),
-      method,
-      request.auth.disableRetry
+      method
+    )
+
+    const reqBody = getFinalBodyFromRequest(
+      req as HoppRESTRequest,
+      envVars,
+      showKeyIfSecret
    )

    // Step 2: Set up the parameters for the digest authentication header
@@ -134,6 +139,7 @@ export const getComputedAuthHeaders = async (
      opaque: request.auth.opaque
        ? parseTemplateString(request.auth.opaque, envVars)
        : authInfo.opaque,
+      reqBody: typeof reqBody === "string" ? reqBody : "",
    }

    // Step 3: Generate the Authorization header