[Chicken-janitors] Re: #401: authorization header parsing for digest aut

chicken-janitors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-janitors] Re: #401: authorization header parsing for digest aut

From:	Chicken Trac
Subject:	[Chicken-janitors] Re: #401: authorization header parsing for digest authentication (intarweb)
Date:	Fri, 01 Oct 2010 15:03:39 -0000

#401: authorization header parsing for digest authentication (intarweb)
-------------------------+--------------------------------------------------
  Reporter:  daishi      |       Owner:  sjamaan        
      Type:  defect      |      Status:  accepted       
  Priority:  critical    |   Milestone:  4.7.0          
 Component:  extensions  |     Version:  4.6.x          
Resolution:              |    Keywords:  spiffy intarweb
-------------------------+--------------------------------------------------

Comment(by daishi):

 I'm writing my server code, which does digest authentication. I've been
 using it for chicken3/http-server.
 I know it's native type is integer, but the purpose is to authenticate,
 and for that we need 8LENHEX.

 The code I am having as a workaround is:
 (let ([user (header-param 'username 'authorization hdrs)]
       [qop (header-param 'qop 'authorization hdrs)]
       [nonce (header-param 'nonce 'authorization hdrs)]
       [cnonce (header-param 'cnonce 'authorization hdrs)]
       [nc (let* ([nc (header-param 'nc 'authorization hdrs)]
                  [nc-str (number->string nc 16)]
                  [len (- 8 (string-length nc-str))])
               (string-append (make-string len #\0) nc-str))]
       [uri (uri->string (header-param 'uri 'authorization hdrs))]
       [response (header-param 'response 'authorization hdrs)])
   (and user qop nonce cnonce nc uri response
        (equal? response
                (md5-digest
                 (string-append
                  (get-user user) ;;this is md5 value stored in the server
 side.
                  ":"
                  nonce
                  ":"
                  nc
                  ":"
                  cnonce
                  ":"
                  qop
                  ":"
                  (md5-digest (string-append method ":" uri)))))))

 So, I had to make nc back to 8LENHEX and uri to string.
 I would assume its nature is a number but it has to be treated as a HEX
 string.

-- 
Ticket URL: <http://bugs.call-cc.org/ticket/401#comment:3>
Chicken Scheme <http://www.call-with-current-continuation.org/>
Chicken Scheme is a compiler for the Scheme programming language.

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-janitors] Re: #401: authorization header parsing for digest authentication (intarweb), Chicken Trac <=
- [Chicken-janitors] Re: #401: authorization header parsing for digest authentication (intarweb), Chicken Trac, 2010/10/05

Prev by Date: [Chicken-janitors] Re: #403: Add HTTP proxy support to http-client
Next by Date: [Chicken-janitors] Re: #362: Official CHICKEN capitalization
Previous by thread: [Chicken-janitors] Re: #403: Add HTTP proxy support to http-client
Next by thread: [Chicken-janitors] Re: #401: authorization header parsing for digest authentication (intarweb)
Index(es):
- Date
- Thread