Fix authentication in Safari.

We now offer 'qop="auth"', because without it, authentication in Safari fails immediately. With the field set to auth, authentication seems to work in the latest Firefox, Safari, Chrome and Internet Explorer. However, the HTTP package as used in cabal-install has a bug where it send 'qop="auth"' without an 'nc' or 'cnonce' field. So we are lenient: when these fields are not present, we fall back to no qop. Fixes haskell#132. [1] haskell/HTTP#54
hesselink · Apr 8, 2014 · 53311d6 · 53311d6
1 parent e3103a3
commit 53311d6
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/Distribution/Server/Framework/Auth.hs b/Distribution/Server/Framework/Auth.hs
@@ -248,6 +248,8 @@ getDigestAuthInfo authHeader req = do
                       nc     <- Map.lookup "nc"     authMap
                       cnonce <- Map.lookup "cnonce" authMap
                       return (QopAuth nc cnonce)
+                      `mplus`
+                      return QopNone
                     Nothing -> return QopNone
                     _       -> mzero
     return DigestAuthInfo {
@@ -293,12 +295,11 @@ headerDigestAuthChallenge (RealmName realmName) = do
     headerName = "WWW-Authenticate"
     -- Note that offering both qop=\"auth,auth-int\" can confuse some browsers
     -- e.g. see http://code.google.com/p/chromium/issues/detail?id=45194
-    -- TODO: can't even offer qop="auth" because the HTTP package does it wrong
     headerValue nonce =
       "Digest " ++
       intercalate ", "
         [ "realm="     ++ inQuotes realmName
-        , "qop="       ++ inQuotes ""
+        , "qop="       ++ inQuotes "auth"
         , "nonce="     ++ inQuotes nonce
         , "opaque="    ++ inQuotes ""
         ]