diff options
author | Ian Cordasco <graffatcolmingov@gmail.com> | 2015-01-19 18:50:50 -0600 |
---|---|---|
committer | Ian Cordasco <graffatcolmingov@gmail.com> | 2015-01-19 18:50:50 -0600 |
commit | 677bbe30d7b26b006d8b38107e1db9cbd429ac2f (patch) | |
tree | 0b27b99e0dcd82f005a4b19cc55faf256a8bc813 | |
parent | d2d576b6b1101e2871c82f63adf2c2b534c2dabc (diff) | |
download | python-requests-677bbe30d7b26b006d8b38107e1db9cbd429ac2f.tar.gz |
Move noncebit to the only place it is used
Since we only allow for "auth" qop-value, hardcode it
Fixes #2408
-rw-r--r-- | requests/auth.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/requests/auth.py b/requests/auth.py index b950181d..d1c48251 100644 --- a/requests/auth.py +++ b/requests/auth.py @@ -124,13 +124,15 @@ class HTTPDigestAuth(AuthBase): s += os.urandom(8) cnonce = (hashlib.sha1(s).hexdigest()[:16]) - noncebit = "%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, HA2) if _algorithm == 'MD5-SESS': HA1 = hash_utf8('%s:%s:%s' % (HA1, nonce, cnonce)) if qop is None: respdig = KD(HA1, "%s:%s" % (nonce, HA2)) elif qop == 'auth' or 'auth' in qop.split(','): + noncebit = "%s:%s:%s:%s:%s" % ( + nonce, ncvalue, cnonce, 'auth', HA2 + ) respdig = KD(HA1, noncebit) else: # XXX handle auth-int. |