fix(digest-auth): fix Digest Auth when no QOP is set

(working on usebruno/bruno#5378)
2026-06-23 20:55:41 +00:00 · 2025-08-21 10:11:56 +02:00
parent 1d0ba135ff
commit 6204e90e9c
1 changed files with 21 additions and 7 deletions
--- a/packages/bruno-requests/src/auth/digestauth-helper.js
+++ b/packages/bruno-requests/src/auth/digestauth-helper.js
@@ -99,22 +99,36 @@ export function addDigestInterceptor(axiosInstance, request) {
        const method = (originalRequest.method || request.method || 'GET').toUpperCase();
        const HA1 = md5(`${username}:${authDetails.realm}:${password}`);
        const HA2 = md5(`${method}:${uri}`);
-        const response = md5(
-          `${HA1}:${authDetails.nonce}:${nonceCount}:${cnonce}:auth:${HA2}`
-        );
+        let response;
+        if (authDetails.qop && authDetails.qop.toLowerCase().includes('auth')) {
+          console.debug("Using QOP 'auth' for Digest Authentication");
+          response = md5(
+            `${HA1}:${authDetails.nonce}:${nonceCount}:${cnonce}:auth:${HA2}`
+          );
+        } else {
+          console.debug("No QOP specified, using simple digest");
+          response = md5(
+            `${HA1}:${authDetails.nonce}:${HA2}`
+          );
+        }

        const headerFields = [
          `username="${username}"`,
          `realm="${authDetails.realm}"`,
          `nonce="${authDetails.nonce}"`,
          `uri="${uri}"`,
-          `qop="auth"`,
-          `algorithm="${authDetails.algorithm}"`,
          `response="${response}"`,
-          `nc="${nonceCount}"`,
-          `cnonce="${cnonce}"`,
        ];

+        if (authDetails.qop && authDetails.qop.toLowerCase().includes('auth')) {
+          headerFields.push(
+            `qop="auth"`,
+            `algorithm="${authDetails.algorithm}"`,
+            `nc="${nonceCount}"`,
+            `cnonce="${cnonce}"`,
+          );
+        }
+
        if (authDetails.opaque) {
          headerFields.push(`opaque="${authDetails.opaque}"`);
        }