Parameter 'response' position in Credentials.String() is important for Lilin cameras

Question

Parameter 'response' position in Credentials.String() is important for Lilin cameras

sealbro opened this issue 2 years ago · comments

Alexander commented 2 years ago

Hi, Guys!

I have some problems with digest authorization on Lilin's cameras

try to explain:

200 code from Postman or Python requests:
- Digest username="user", realm="my camera", nonce="NzQ4OWJmNzI3MDEzZmY5ZDY1ZDA4ZDZiZWZhZGU0N2M6Mzc3Mjk5Nzc2NzgxNA==", uri="/snap1", algorithm="MD5", qop=auth, nc=00000001, cnonce="f35lPAce", response="49e0700bf5aed546860166453207b33e"
401 code from icholy/digest
- Digest username="user", realm="my camera", nonce="NzQ4OWJmNzI3MDEzZmY5ZDY1ZDA4ZDZiZWZhZGU0N2M6Mzc3Mjk5Nzc2NzgxNA==", uri="/snap1", response="49e0700bf5aed546860166453207b33e", cnonce="7e6e0b9f03113421", qop=auth, nc=00000001

It is OK if I make a PR where I change the order of the response in the formation of the string (c *Credentials) String() ?

Ilia Choly · Answer 1 · Thu Dec 22 2022 22:39:32 GMT+0800 (China Standard Time)

The RFC doesn't specify an order to the parameters, but I just checked and curl also puts in the response at the end. However, I noticed that curl doesn't include the algorithm=MD5 if the server didn't send one. Can you test to see if it works without that change?

Alexander · Answer 2 · Thu Dec 22 2022 23:29:54 GMT+0800 (China Standard Time)

The RFC doesn't specify an order to the parameters, but I just checked and curl also puts in the response at the end. However, I noticed that curl doesn't include the algorithm=MD5 if the server didn't send one. Can you test to see if it works without that change?

yes, it is not important (removed it)

Ilia Choly · Answer 3 · Fri Dec 23 2022 00:06:41 GMT+0800 (China Standard Time)

I tagged this as v0.1.22

Ilia Choly · Answer 4 · Fri Dec 23 2022 00:09:06 GMT+0800 (China Standard Time)

Thank you for the contribution.