icholy / digest

Go HTTP Digest Access Authentication

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Parameter 'response' position in Credentials.String() is important for Lilin cameras

sealbro opened this issue · comments

Hi, Guys!

I have some problems with digest authorization on Lilin's cameras

try to explain:

  • 200 code from Postman or Python requests:

    • Digest username="user", realm="my camera", nonce="NzQ4OWJmNzI3MDEzZmY5ZDY1ZDA4ZDZiZWZhZGU0N2M6Mzc3Mjk5Nzc2NzgxNA==", uri="/snap1", algorithm="MD5", qop=auth, nc=00000001, cnonce="f35lPAce", response="49e0700bf5aed546860166453207b33e"
  • 401 code from icholy/digest

    • Digest username="user", realm="my camera", nonce="NzQ4OWJmNzI3MDEzZmY5ZDY1ZDA4ZDZiZWZhZGU0N2M6Mzc3Mjk5Nzc2NzgxNA==", uri="/snap1", response="49e0700bf5aed546860166453207b33e", cnonce="7e6e0b9f03113421", qop=auth, nc=00000001

It is OK if I make a PR where I change the order of the response in the formation of the string (c *Credentials) String() ?

The RFC doesn't specify an order to the parameters, but I just checked and curl also puts in the response at the end. However, I noticed that curl doesn't include the algorithm=MD5 if the server didn't send one. Can you test to see if it works without that change?

The RFC doesn't specify an order to the parameters, but I just checked and curl also puts in the response at the end. However, I noticed that curl doesn't include the algorithm=MD5 if the server didn't send one. Can you test to see if it works without that change?

yes, it is not important (removed it)

I tagged this as v0.1.22

Thank you for the contribution.