[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-janitors] Re: #401: authorization header parsing for digest aut
From: |
Chicken Trac |
Subject: |
[Chicken-janitors] Re: #401: authorization header parsing for digest authentication (intarweb) |
Date: |
Fri, 01 Oct 2010 15:03:39 -0000 |
#401: authorization header parsing for digest authentication (intarweb)
-------------------------+--------------------------------------------------
Reporter: daishi | Owner: sjamaan
Type: defect | Status: accepted
Priority: critical | Milestone: 4.7.0
Component: extensions | Version: 4.6.x
Resolution: | Keywords: spiffy intarweb
-------------------------+--------------------------------------------------
Comment(by daishi):
I'm writing my server code, which does digest authentication. I've been
using it for chicken3/http-server.
I know it's native type is integer, but the purpose is to authenticate,
and for that we need 8LENHEX.
The code I am having as a workaround is:
(let ([user (header-param 'username 'authorization hdrs)]
[qop (header-param 'qop 'authorization hdrs)]
[nonce (header-param 'nonce 'authorization hdrs)]
[cnonce (header-param 'cnonce 'authorization hdrs)]
[nc (let* ([nc (header-param 'nc 'authorization hdrs)]
[nc-str (number->string nc 16)]
[len (- 8 (string-length nc-str))])
(string-append (make-string len #\0) nc-str))]
[uri (uri->string (header-param 'uri 'authorization hdrs))]
[response (header-param 'response 'authorization hdrs)])
(and user qop nonce cnonce nc uri response
(equal? response
(md5-digest
(string-append
(get-user user) ;;this is md5 value stored in the server
side.
":"
nonce
":"
nc
":"
cnonce
":"
qop
":"
(md5-digest (string-append method ":" uri)))))))
So, I had to make nc back to 8LENHEX and uri to string.
I would assume its nature is a number but it has to be treated as a HEX
string.
--
Ticket URL: <http://bugs.call-cc.org/ticket/401#comment:3>
Chicken Scheme <http://www.call-with-current-continuation.org/>
Chicken Scheme is a compiler for the Scheme programming language.
- [Chicken-janitors] Re: #401: authorization header parsing for digest authentication (intarweb),
Chicken Trac <=