From b1fc47f3479c5618772af9dc68143b8499fdb086 Mon Sep 17 00:00:00 2001
From: clarencetw <mr.lin.clarence@gmail.com>
Date: Thu, 10 Nov 2016 23:17:36 +0800
Subject: [PATCH 1/2] Fix user name check.

---
 lib/passport-http/strategies/digest.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/passport-http/strategies/digest.js b/lib/passport-http/strategies/digest.js
index f0433e8..2fd88c0 100644
--- a/lib/passport-http/strategies/digest.js
+++ b/lib/passport-http/strategies/digest.js
@@ -137,7 +137,7 @@ DigestStrategy.prototype.authenticate = function(req) {
       if (typeof password === 'object' && password.ha1) {
         ha1 = password.ha1;
       } else  {
-        ha1 = md5(creds.username + ":" + creds.realm + ":" + password);
+        ha1 = md5(user + ":" + creds.realm + ":" + password);
       }
     } else if (creds.algorithm === 'MD5-sess') {
       // TODO: The nonce and cnonce used here should be the initial nonce

From 74a55b082be4b241a2bbd980ddf9d1f356f591ef Mon Sep 17 00:00:00 2001
From: Clarence <mr.lin.clarence@gmail.com>
Date: Sun, 15 Apr 2018 02:02:16 +0800
Subject: [PATCH 2/2] Fix digest user name check

---
 lib/passport-http/strategies/digest.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/passport-http/strategies/digest.js b/lib/passport-http/strategies/digest.js
index 2fd88c0..ac08332 100644
--- a/lib/passport-http/strategies/digest.js
+++ b/lib/passport-http/strategies/digest.js
@@ -137,7 +137,7 @@ DigestStrategy.prototype.authenticate = function(req) {
       if (typeof password === 'object' && password.ha1) {
         ha1 = password.ha1;
       } else  {
-        ha1 = md5(user + ":" + creds.realm + ":" + password);
+        ha1 = md5(user.username + ":" + creds.realm + ":" + password);
       }
     } else if (creds.algorithm === 'MD5-sess') {
       // TODO: The nonce and cnonce used here should be the initial nonce
@@ -147,7 +147,7 @@ DigestStrategy.prototype.authenticate = function(req) {
       //       resulting session key needs to be investigated.
       //
       //       See RFC 2617 (Section 3.2.2.2) for further details.
-      ha1 = md5(md5(creds.username + ":" + creds.realm + ":" + password) + ":" + creds.nonce + ":" + creds.cnonce);
+      ha1 = md5(md5(user.username + ":" + creds.realm + ":" + password) + ":" + creds.nonce + ":" + creds.cnonce);
     } else {
       return self.fail(400);
     }