feat: add support for Digest authorization
#4339
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // HA1 = MD5(username:realm:password) | ||
| const ha1 = crypto | ||
| .createHash("md5") | ||
| .update(`${username}:${realm}:${password}`) |
Check failure
Code scanning / CodeQL
Use of password hash with insufficient computational effort
| // HA1 = MD5(username:realm:password) | ||
| const ha1 = crypto | ||
| .createHash("md5") | ||
| .update(`${username}:${realm}:${password}`) |
Check failure
Code scanning / CodeQL
Use of a broken or weak cryptographic algorithm
anwarulislam
force-pushed
the
feat/digest-auth
branch
from
02af23e
to
7e6c7eb
Compare
anwarulislam
force-pushed
the
feat/digest-auth
branch
from
28f79b0
to
ee27463
Compare
anwarulislam
requested review from
AndrewBastin and
jamesgeorge007
as code owners
jamesgeorge007
approved these changes
Oct 23, 2024
jamesgeorge007
force-pushed
the
feat/digest-auth
branch
from
431e96b
to
ce61075
Compare
jamesgeorge007
force-pushed
the
feat/digest-auth
branch
from
ce61075
to
c36f78b
Compare
- Ensure failures reported in pre/post request scripts and request execution results in the CLI failing with a non-zero exit code. - Remove redundant test case and related CLI test suite updates. - Clean up.
…eptor Show a suitable warning via the inspector.
jamesgeorge007
force-pushed
the
feat/digest-auth
branch
from
8aa18a9
to
ee97231
Compare
nivedin
approved these changes
Oct 29, 2024
jamesgeorge007
changed the title
Digest Authorization
jamesgeorge007
changed the title
Digest AuthorizationDigest authorization
amk-dev
pushed a commit
to amk-dev/hoppscotch
that referenced
this pull request
Nov 26, 2024
Co-authored-by: jamesgeorge007 <[email protected]> Co-authored-by: nivedin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes HFE-570
What's changed
This PR introduces Digest authentication as new request auth types.
Note for reviewers
Digest auth works in two stages.
First, it requests for an initial response, where we get necessary information like realm, nonce, algorithm, etc., from the server in the header WWW-Authenticate.
Then, we have to parse information from that header. Finally, we have to generate an authorization header and request with that auth header in the Authorization header property.
To test digest auth in CLI
hopp test src/__tests__/e2e/fixtures/collections/digest-auth-coll.json -e src/__tests__/e2e/fixtures/environments/digest-auth-envs.json