Skip to content

Commit a35035f

Browse files
lightzlme-no-dev
lightzl
authored and
me-no-dev
committed
fix authrization problem (espressif#3329)
I compiled the sample "WebServer -> HttpAdvancedAuth". But the right username and password can not login in. I found the file "Webserver.h" may be have some problem. So I fix it. Please check it.
1 parent 9ef3e2d commit a35035f

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

libraries/WebServer/src/WebServer.cpp

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@
3333

3434

3535
static const char AUTHORIZATION_HEADER[] = "Authorization";
36-
static const char qop_auth[] = "qop=auth";
36+
static const char qop_auth[] = "qop=\"auth\"";
3737
static const char WWW_Authenticate[] = "WWW-Authenticate";
3838
static const char Content_Length[] = "Content-Length";
3939

@@ -161,17 +161,17 @@ bool WebServer::authenticate(const char * username, const char * password){
161161
} else if(authReq.startsWith(F("Digest"))) {
162162
authReq = authReq.substring(7);
163163
log_v("%s", authReq.c_str());
164-
String _username = _extractParam(authReq,F("username=\""));
164+
String _username = _extractParam(authReq,F("username=\""),'\"');
165165
if(!_username.length() || _username != String(username)) {
166166
authReq = "";
167167
return false;
168168
}
169169
// extracting required parameters for RFC 2069 simpler Digest
170-
String _realm = _extractParam(authReq, F("realm=\""));
171-
String _nonce = _extractParam(authReq, F("nonce=\""));
172-
String _uri = _extractParam(authReq, F("uri=\""));
173-
String _response = _extractParam(authReq, F("response=\""));
174-
String _opaque = _extractParam(authReq, F("opaque=\""));
170+
String _realm = _extractParam(authReq, F("realm=\""),'\"');
171+
String _nonce = _extractParam(authReq, F("nonce=\""),'\"');
172+
String _uri = _extractParam(authReq, F("uri=\""),'\"');
173+
String _response = _extractParam(authReq, F("response=\""),'\"');
174+
String _opaque = _extractParam(authReq, F("opaque=\""),'\"');
175175

176176
if((!_realm.length()) || (!_nonce.length()) || (!_uri.length()) || (!_response.length()) || (!_opaque.length())) {
177177
authReq = "";
@@ -185,7 +185,7 @@ bool WebServer::authenticate(const char * username, const char * password){
185185
String _nc,_cnonce;
186186
if(authReq.indexOf(FPSTR(qop_auth)) != -1) {
187187
_nc = _extractParam(authReq, F("nc="), ',');
188-
_cnonce = _extractParam(authReq, F("cnonce=\""));
188+
_cnonce = _extractParam(authReq, F("cnonce=\""),'\"');
189189
}
190190
String _H1 = md5str(String(username) + ':' + _realm + ':' + String(password));
191191
log_v("Hash of user:realm:pass=%s", _H1.c_str());

0 commit comments

Comments
 (0)