digest authentication support

[tjaartvdwalt]

Hi, looks like only Basic authentication is currently supported? Would it be possible/easy to add Digest authentication?

I am trying to connect to a server that does not appear to support Basic Auth. I get the following error.

No 'Authorization: Digest' header found. Either the client didn't send one, or the server is misconfigured

[perry-mitchell]

Thanks @tjaartvdwalt - I suppose it wouldn't be too difficult to add. I'll try to look into it soon.

[tjaartvdwalt]

@perry-mitchell, thanks for the feedback.
I might look into this more to get my app working correctly. If I do, I will send a pull request.

[perry-mitchell]

That would be of course greatly appreciated.. good luck!

[perry-mitchell]

Hi @tjaartvdwalt - Did you have any luck here? If not I might look into it this week.

[zh99998]

there is a header generator
https://github.com/inorganik/digest-auth-request

[perry-mitchell]

@zh99998 Thanks for the link. This library looks great, however it uses its own request mechanism (XMLHttpRequest) under the hood, which is not compatible with out use case. This could be ported to this library, however, by thoroughly running through their source code. This library also provides another option for following source code, but also uses another request library.

[tjaartvdwalt]

I have have done some work on this. The code is probably 80% there, but maybe not production ready.

I will submit a pull request, then we can discuss further.

[tjaartvdwalt]

Update: my branch fell a bit behind, and I have quite a few merges I need to handle. Will try to get it fixed after work

[emilian]

Any updates on digest authentication? Has anybody implemented it?

[perry-mitchell]

@emilian I might get a chance to try this today.. installing Ubuntu server to setup digest auth as we speak. Have been meaning to get to it for a while now.

EDIT: Seems like there aren't really any decent pre-made tools about, so looking at this might still be the best option. Will try to get this done some time soon. I've got a webdav+digest server set up so it's easy to test at least.

[emilian]

Yes, the above tool looks pretty decent to handle the digest authentication.

In the end I went with this lower level library to PUT a file on the WebDAV server. It is the only thing that worked, since it seems that the request library only handles GET requests out of the box.

It would be awesome if this library could handle digest authentication since it supports a lot of the WebDAV features that will come in handy later on.

[perry-mitchell]

Good to know @emilian - I didn't unfortunately have the time to complete the implementation, but I'll try to soon. It'll involve me implementing it from scratch due to the fact that all of these libraries:

• Implement their own request functionality or use a third-party
• Make the auth requests themselves (and usually only as GET)

What I need from a digest auth implementation is the ability to dynamically complete the digest process upon the first request, and then just use the resulting headers from there on out. As it's a bit custom I'll just end up doing it myself. It's a bit safer not to rely on someone else's implementation. I'd also prefer to use built-in node-crypto libraries rather than crypto-js directly, which most of these libraries use.

[jbruni]

This looks like a good resource:
https://github.com/devfans/digest-fetch/blob/master/digest-fetch-src.js

[jbruni]

Actually, I got digest authentication working! I'm able to connect to a SabreDAV server.

First, apart from webdav, install also digest-fetch and crypto-js as dependencies:

npm install webdav digest-fetch crypto-js

Then, create the WebDAV client this way:

const DigestFetch = require('digest-fetch');
const createClient = require('webdav');

const digest = new DigestFetch('username', 'password'); // replace by real user and pass
createClient.setFetchMethod(digest.fetch.bind(digest));
const client = createClient('path'); // replace by real URL path

It works!

I will be using as a "dirty workaround", while @perry-mitchell prepares the official support.

BTW, thanks for this awesome WebDAV client package. 👍

[jbruni]

🤔 I actually got rid of both this digest-fetch package and its crypto-js dependency. I've used its source code and also the request package digest auth implementation code, and created my own "fetch method" with support for digest auth.

This is the result: https://gist.github.com/jbruni/8239af17fbc9e541900b2ca55759547d

[jbruni]

Well... I went a step further and integrated the digest authentication into this webdav-client code base, in the smoother way I could. I've opened pull request #96 for it. I hope it helps.

It is pretty cool that it works out of the box, using unchanged syntax:

var createClient = require("webdav");

var client = createClient(
    "https://webdav-server.org/remote.php/webdav",
    "username",
    "password"
);

[perry-mitchell]

Thanks for looking at this! I’m currently on holidays for a week and will check this next week..

[iencotech]

Hi, first of all thanks for this amazing library, keep up the good work! I wanted to know what are the current plans to support digest authentication. Is help for that accepted? Thanks in advance!

[jbruni]

@jienco - There is a work in progress. You may want to try it. It is at the digest branch: https://github.com/perry-mitchell/webdav-client/tree/digest

If you can help by testing it and providing the results as feedback, I think it would be greatly appreciated!

[jbruni]

@jienco - Note that, if you are going to test the digest branch, you need to include digest: true to the client options:

const { createClient } = require("webdav");

const client = createClient(
    "https://webdav.example.com/marie123",
    {
        username: "marie",
        password: "myS3curePa$$w0rd",
        digest: true
    }
);

[iencotech]

Thank you very much for the quick response, I will test and let you know!

[perry-mitchell]

Apologies for not getting this in sooner - I’ve planned to have @jbruni’s contribution for digest support merged long ago. I have some time this evening so I’ll see if I can’t get it out then.

[perry-mitchell]

Released in 2.9.0. Thanks @jbruni for all the help, wouldn't have happened without you!

[leviwheatcroft]

If I understand correctly, this relies on node's built in 'crypto' module, and therefore won't work in the browser. This should probably get a mention in the readme at least, given that the package description is "A WebDAV client written in JavaScript for NodeJS and the browser."

It looks like an earlier iteration was implemented with digest-fetch and crypto-js, which would have worked in the browser?

Also, it looks like MD5 is baked in as the only hash method. It would be nice to be able to choose other algorithms like SHA-256 which seems fairly common?

[perry-mitchell]

'crypto' module, and therefore won't work in the browser

It should, as it's compiled with Webpack and babel. It's not ideal, and would happily see it changed to a JS-only implementation. Also happy to see sha* support added, providing the bundle size isn't increased drastically.