request - npm Package Compare versions

Comparing version 2.29.0 to 2.30.0

index.js

@@ -16,4 +16,5 @@ // Copyright 2010-2012 Mikeal Rogers
 var optional = require('./lib/optional')
-  , Cookie = optional('tough-cookie')
-  , CookieJar = Cookie && Cookie.CookieJar
+  , cookie = optional('tough-cookie')
+  , Cookie = cookie && cookie.Cookie
+  , CookieJar = cookie && cookie.CookieJar
   , cookieJar = CookieJar && new CookieJar
@@ -108,3 +109,3 @@
   if (optionsArg) {
-    for (option in optionsArg) {
+    for (var option in optionsArg) {
       options[option] = optionsArg[option]
@@ -111,0 +112,0 @@ }

package.json

@@ -10,3 +10,3 @@ {
   ],
-  "version": "2.29.0",
+  "version": "2.30.0",
   "author": "Mikeal Rogers <mikeal.rogers@gmail.com>",
@@ -13,0 +13,0 @@ "repository": {

request.js

@@ -706,14 +706,20 @@ var optional = require('./lib/optional')
       case 'Digest':
-        // TODO: More complete implementation of RFC 2617.  For reference:
+        // TODO: More complete implementation of RFC 2617.
+        //   - check challenge.algorithm
+        //   - support algorithm="MD5-sess"
+        //   - handle challenge.domain
+        //   - support qop="auth-int" only
+        //   - handle Authentication-Info (not necessarily?)
+        //   - check challenge.stale (not necessarily?)
+        //   - increase nc (not necessarily?)
+        // For reference:
         // http://tools.ietf.org/html/rfc2617#section-3
         // https://github.com/bagder/curl/blob/master/lib/http_digest.c
 
-        var matches = authHeader.match(/([a-z0-9_-]+)="([^"]+)"/gi)
         var challenge = {}
-
-        for (var i = 0; i < matches.length; i++) {
-          var eqPos = matches[i].indexOf('=')
-          var key = matches[i].substring(0, eqPos)
-          var quotedValue = matches[i].substring(eqPos + 1)
-          challenge[key] = quotedValue.substring(1, quotedValue.length - 1)
+        var re = /([a-z0-9_-]+)=(?:"([^"]+)"|([a-z0-9_-]+))/gi
+        for (;;) {
+          var match = re.exec(authHeader)
+          if (!match) break
+          challenge[match[1]] = match[2] || match[3];
         }
@@ -723,4 +729,6 @@
         var ha2 = md5(self.method + ':' + self.uri.path)
-        var cnonce = uuid().replace(/-/g, '')
-        var digestResponse = md5(ha1 + ':' + challenge.nonce + ':1:' + cnonce + ':auth:' + ha2)
+        var qop = /(^|,)\s*auth\s*($|,)/.test(challenge.qop) && 'auth'
+        var nc = qop && '00000001'
+        var cnonce = qop && uuid().replace(/-/g, '')
+        var digestResponse = qop ? md5(ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2) : md5(ha1 + ':' + challenge.nonce + ':' + ha2)
         var authValues = {
@@ -731,6 +739,8 @@ username: self._user,
           uri: self.uri.path,
-          qop: challenge.qop,
+          qop: qop,
           response: digestResponse,
-          nc: 1,
-          cnonce: cnonce
+          nc: nc,
+          cnonce: cnonce,
+          algorithm: challenge.algorithm,
+          opaque: challenge.opaque
         }
@@ -740,3 +750,9 @@
         for (var k in authValues) {
-          authHeader.push(k + '="' + authValues[k] + '"')
+          if (!authValues[k]) {
+            //ignore
+          } else if (k === 'qop' || k === 'nc' || k === 'algorithm') {
+            authHeader.push(k + '=' + authValues[k])
+          } else {
+            authHeader.push(k + '="' + authValues[k] + '"')
+          }
         }
@@ -743,0 +759,0 @@ authHeader = 'Digest ' + authHeader.join(', ')

No alert changes

Improved metrics

Total package byte prevSize

68007

increased by1.03%

Lines of code

1282

increased by1.42%

No dependency changes