frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00
Code Issues Releases Wiki Activity

Added SHA-256 and SHA-512-256 algorithms to http digest authentication

Browse Source
This commit is contained in:
Steven Roebert 2023-03-11 12:07:54 +01:00
parent 586006de4d
commit daa84c9415
1 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
packages/node_modules/@node-red/nodes/core/network/21-httprequest.js vendored
View File

@ -699,25 +699,43 @@ in your Node-RED user directory (${RED.settings.userDir}).
}); });
const md5 = (value) => { return crypto.createHash('md5').update(value).digest('hex') } const md5 = (value) => { return crypto.createHash('md5').update(value).digest('hex') }
const sha256 = (value) => { return crypto.createHash('sha256').update(value).digest('hex') }
const sha512 = (value) => { return crypto.createHash('sha512').update(value).digest('hex') }
function digestCompute(algorithm, value) {
var lowercaseAlgorithm = ""
if (algorithm) {
lowercaseAlgorithm = algorithm.toLowerCase().replace(/-sess$/, '')
}
if (lowercaseAlgorithm === "sha-256") {
return sha256(value)
} else if (lowercaseAlgorithm === "sha-512-256") {
var hash = sha512(value)
return hash.slice(0, 64) // Only use the first 256 bits
} else {
return md5(value)
}
}
function ha1Compute(algorithm, user, realm, pass, nonce, cnonce) { function ha1Compute(algorithm, user, realm, pass, nonce, cnonce) {
/** /**
* RFC 2617: handle both MD5 and MD5-sess algorithms. * RFC 2617: handle both standard and -sess algorithms.
* *
* If the algorithm directive's value is "MD5" or unspecified, then HA1 is * If the algorithm directive's value ends with "-sess", then HA1 is
* HA1=MD5(username:realm:password) * HA1=digestCompute(digestCompute(username:realm:password):nonce:cnonce)
* If the algorithm directive's value is "MD5-sess", then HA1 is *
* HA1=MD5(MD5(username:realm:password):nonce:cnonce) * If the algorithm directive's value does not end with "-sess", then HA1 is
* HA1=digestCompute(username:realm:password)
*/ */
var ha1 = md5(user + ':' + realm + ':' + pass) var ha1 = digestCompute(algorithm, user + ':' + realm + ':' + pass)
if (algorithm && algorithm.toLowerCase() === 'md5-sess') { if (algorithm && /-sess$/i.test(algorithm)) {
return md5(ha1 + ':' + nonce + ':' + cnonce) return digestCompute(algorithm, ha1 + ':' + nonce + ':' + cnonce)
} else { } else {
return ha1 return ha1
} }
} }
function buildDigestHeader(user, pass, method, path, authHeader) { function buildDigestHeader(user, pass, method, path, authHeader) {
var challenge = {} var challenge = {}
var re = /([a-z0-9_-]+)=(?:"([^"]+)"|([a-z0-9_-]+))/gi var re = /([a-z0-9_-]+)=(?:"([^"]+)"|([a-z0-9_-]+))/gi
@ -732,10 +750,10 @@ in your Node-RED user directory (${RED.settings.userDir}).
var nc = qop && '00000001' var nc = qop && '00000001'
var cnonce = qop && uuid().replace(/-/g, '') var cnonce = qop && uuid().replace(/-/g, '')
var ha1 = ha1Compute(challenge.algorithm, user, challenge.realm, pass, challenge.nonce, cnonce) var ha1 = ha1Compute(challenge.algorithm, user, challenge.realm, pass, challenge.nonce, cnonce)
var ha2 = md5(method + ':' + path) var ha2 = digestCompute(challenge.algorithm, method + ':' + path)
var digestResponse = qop var digestResponse = qop
? md5(ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2) ? digestCompute(challenge.algorithm, ha1 + ':' + challenge.nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2)
: md5(ha1 + ':' + challenge.nonce + ':' + ha2) : digestCompute(challenge.algorithm, ha1 + ':' + challenge.nonce + ':' + ha2)
var authValues = { var authValues = {
username: user, username: user,
realm: challenge.realm, realm: challenge.realm,