Add HA1-based digest authentication support #360
Merged
+299
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds check_digest_auth_ha1() method that accepts pre-computed HA1 hash bytes instead of plaintext password. This allows secure storage of password hashes rather than plaintext passwords. Changes: - Add digest_algorithm enum (MD5, SHA256) without AUTO since libmicrohttpd cannot auto-detect algorithm from raw hash bytes - Add md5_digest_size and sha256_digest_size constants - Add check_digest_auth_ha1() to http_request - Add integration tests for HA1-based digest authentication
- Add algorithm parameter to digest_auth_fail_response constructor (defaults to MD5 for backward compatibility) - Use MHD_queue_auth_fail_response2() to specify the algorithm in the WWW-Authenticate challenge header - Add separate MD5 and SHA256 test resources for deterministic testing - Add SHA256 digest auth tests alongside existing MD5 tests This enables server-driven algorithm selection, where the server requests a specific digest algorithm in the challenge and curl responds using that algorithm.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
check_digest_auth_ha1()method tohttp_requestthat accepts pre-computed HA1 hash bytes instead of plaintext passworddigest_algorithmenum withMD5andSHA256values (noAUTOsince libmicrohttpd cannot auto-detect algorithm from raw hash bytes)md5_digest_size(16) andsha256_digest_size(32) constantsTest plan