From 6204e90e9cd96eaf41e72977bdda7172b828cb7d Mon Sep 17 00:00:00 2001 From: Philipp Kolmann Date: Thu, 21 Aug 2025 10:11:56 +0200 Subject: [PATCH] fix(digest-auth): fix Digest Auth when no QOP is set (working on usebruno/bruno#5378) --- .../src/auth/digestauth-helper.js | 28 ++++++++++++++----- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/packages/bruno-requests/src/auth/digestauth-helper.js b/packages/bruno-requests/src/auth/digestauth-helper.js index d6b93b98f..4499555a7 100644 --- a/packages/bruno-requests/src/auth/digestauth-helper.js +++ b/packages/bruno-requests/src/auth/digestauth-helper.js @@ -99,22 +99,36 @@ export function addDigestInterceptor(axiosInstance, request) { const method = (originalRequest.method || request.method || 'GET').toUpperCase(); const HA1 = md5(`${username}:${authDetails.realm}:${password}`); const HA2 = md5(`${method}:${uri}`); - const response = md5( - `${HA1}:${authDetails.nonce}:${nonceCount}:${cnonce}:auth:${HA2}` - ); + let response; + if (authDetails.qop && authDetails.qop.toLowerCase().includes('auth')) { + console.debug("Using QOP 'auth' for Digest Authentication"); + response = md5( + `${HA1}:${authDetails.nonce}:${nonceCount}:${cnonce}:auth:${HA2}` + ); + } else { + console.debug("No QOP specified, using simple digest"); + response = md5( + `${HA1}:${authDetails.nonce}:${HA2}` + ); + } const headerFields = [ `username="${username}"`, `realm="${authDetails.realm}"`, `nonce="${authDetails.nonce}"`, `uri="${uri}"`, - `qop="auth"`, - `algorithm="${authDetails.algorithm}"`, `response="${response}"`, - `nc="${nonceCount}"`, - `cnonce="${cnonce}"`, ]; + if (authDetails.qop && authDetails.qop.toLowerCase().includes('auth')) { + headerFields.push( + `qop="auth"`, + `algorithm="${authDetails.algorithm}"`, + `nc="${nonceCount}"`, + `cnonce="${cnonce}"`, + ); + } + if (authDetails.opaque) { headerFields.push(`opaque="${authDetails.opaque}"`); }