From ed606e1323ca7243308237256e80c3a9cb500874 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Bri=C3=A8re?= <fbriere@fbriere.net>
Date: Sat, 21 Sep 2019 11:24:11 -0400
Subject: Support multiple WWW-Authenticate/Proxy-Authenticate headers

The server may send multiple WWW-Authenticate/Proxy-Authenticate
headers, with different digest algorithms, in decreasing order of
preference.  We must therefore avoid overwriting any supported challenge
once we've got a hold of one.

Closes #162
---
 src/parser/hdr_www_authenticate.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src')

diff --git a/src/parser/hdr_www_authenticate.cpp b/src/parser/hdr_www_authenticate.cpp
index ae87e99..2deb787 100644
--- a/src/parser/hdr_www_authenticate.cpp
+++ b/src/parser/hdr_www_authenticate.cpp
@@ -17,10 +17,23 @@
 
 #include "hdr_www_authenticate.h"
 #include "definitions.h"
+#include "util.h"
 
 t_hdr_www_authenticate::t_hdr_www_authenticate() : t_header("WWW-Authenticate") {}
 
 void t_hdr_www_authenticate::set_challenge(const t_challenge &c) {
+	// The server may send multiple WWW-Authenticate/Proxy-Authenticate
+	// headers, with different digest algorithms, in decreasing order of
+	// preference.  We must therefore avoid overwriting any supported
+	// challenge once we've got a hold of one.  (We don't simply ignore
+	// all unsupported challenges, however, just in case the server forgot
+	// to include a Digest challenge.)
+	if (populated) {
+		// Don't overwrite the previous challenge if it was supported
+		if (cmp_nocase(challenge.auth_scheme, AUTH_DIGEST) == 0) {
+			return;
+		}
+	}
 	populated = true;
 	challenge = c;
 }
-- 
cgit v1.2.3