From 8a084c88d2489df0c47975e3ab7e838c0beeb0b0 Mon Sep 17 00:00:00 2001 From: Aaron Borden Date: Mon, 24 Nov 2014 12:37:38 -0800 Subject: [PATCH 1/3] Fix uri check Check against req.originalUrl in case the middleware is mounted to an endpoint. --- lib/passport-http/strategies/digest.js | 4 ++- test/strategies/digest-test.js | 43 ++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/lib/passport-http/strategies/digest.js b/lib/passport-http/strategies/digest.js index 1984d89..0b88251 100644 --- a/lib/passport-http/strategies/digest.js +++ b/lib/passport-http/strategies/digest.js @@ -112,7 +112,9 @@ DigestStrategy.prototype.authenticate = function(req) { if (!creds.username) { return this.fail(this._challenge()); } - if (req.url !== creds.uri) { + + var url = req.originalUrl || req.url; + if (url !== creds.uri) { return this.fail(400); } diff --git a/test/strategies/digest-test.js b/test/strategies/digest-test.js index 28115ec..61abc7b 100644 --- a/test/strategies/digest-test.js +++ b/test/strategies/digest-test.js @@ -921,6 +921,49 @@ vows.describe('DigestStrategy').addBatch({ }, }, + 'strategy handling a request for endpoint mounted with `app.use` at a different route': { + topic: function() { + var strategy = new DigestStrategy( + function(username, done) { + done(null, { username: username }, 'secret'); + }, + function(options, done) { + done(null, true); + } + ); + return strategy; + }, + + 'after augmenting with actions': { + topic: function(strategy) { + var self = this; + var req = {}; + strategy.success = function(user) { + self.callback(null, user); + } + strategy.fail = function() { + self.callback(new Error('should not be called')); + } + + req.url = '/login'; + req.originalUrl = '/auth/login'; + req.method = 'HEAD'; + req.headers = {}; + req.headers.authorization = 'Digest username="bob", realm="Users", nonce="NOIEDJ3hJtqSKaty8KF8xlkaYbItAkiS", uri="/auth/login", response="966fae1f81aa1bb0e413e0e832e647c0"'; + process.nextTick(function () { + strategy.authenticate(req); + }); + }, + + 'should not generate an error' : function(err, user) { + assert.isNull(err); + }, + 'should authenticate' : function(err, user) { + assert.equal(user.username, 'bob'); + }, + }, + }, + 'strategy handling a request with unknown algorithm': { topic: function() { var strategy = new DigestStrategy({ algorithm: 'MD5' }, From f007ec95d127dbc6a8f860744f37c62d72bf482d Mon Sep 17 00:00:00 2001 From: goodeggs-terraformer <38260471+goodeggs-terraformer@users.noreply.github.com> Date: Fri, 16 Aug 2019 14:40:56 -0600 Subject: [PATCH 2/3] add .policy.yml [ci skip] [cd skip] --- .policy.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .policy.yml diff --git a/.policy.yml b/.policy.yml new file mode 100644 index 0000000..7e25786 --- /dev/null +++ b/.policy.yml @@ -0,0 +1,3 @@ +remote: goodeggs/policy-bot +path: policies/default.yml +ref: master From d6b0109c69238d50cc73c3093061c9faf3e98f1c Mon Sep 17 00:00:00 2001 From: goodeggs-terraformer <38260471+goodeggs-terraformer@users.noreply.github.com> Date: Wed, 22 Apr 2020 09:24:53 -1000 Subject: [PATCH 3/3] delete .policy.yml [ci skip] [cd skip] --- .policy.yml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 .policy.yml diff --git a/.policy.yml b/.policy.yml deleted file mode 100644 index 7e25786..0000000 --- a/.policy.yml +++ /dev/null @@ -1,3 +0,0 @@ -remote: goodeggs/policy-bot -path: policies/default.yml -ref: master