support auth headers with zero or more spaces between keys

2025-10-06 15:46:51 +08:00 · 2020-06-27 22:35:37 +02:00
parent 6bbbfefb75
commit 496c25a09c
2 changed files with 16 additions and 3 deletions
--- a/header-auth.go
+++ b/header-auth.go
@@ -13,6 +13,8 @@ type HeaderAuth struct {
 	Values map[string]string
 }

+var regHeaderAuthKeyValue = regexp.MustCompile("^([a-z]+)=(\"(.+?)\"|([a-zA-Z0-9]+))(, *|$)")
+
 // ReadHeaderAuth parses an Authenticate or a WWW-Authenticate header.
 func ReadHeaderAuth(in string) (*HeaderAuth, error) {
 	ha := &HeaderAuth{
@@ -25,10 +27,8 @@ func ReadHeaderAuth(in string) (*HeaderAuth, error) {
 	}
 	ha.Prefix, in = in[:i], in[i+1:]

-	r := regexp.MustCompile("^([a-z]+)=(\"(.+?)\"|([a-zA-Z0-9]+))(, )?")
-
 	for len(in) > 0 {
-		m := r.FindStringSubmatch(in)
+		m := regHeaderAuthKeyValue.FindStringSubmatch(in)
 		if m == nil {
 			return nil, fmt.Errorf("unable to parse key-value (%s)", in)
 		}
--- a/header-auth_test.go
+++ b/header-auth_test.go
@@ -49,6 +49,19 @@ var casesHeaderAuth = []struct {
 			},
 		},
 	},
+	{
+		"digest request 3",
+		`Digest realm="4419b63f5e51",nonce="133767111917411116111311118211673010032",  stale="FALSE"`,
+		`Digest realm="4419b63f5e51", nonce="133767111917411116111311118211673010032", stale="FALSE"`,
+		&HeaderAuth{
+			Prefix: "Digest",
+			Values: map[string]string{
+				"realm": "4419b63f5e51",
+				"nonce": "133767111917411116111311118211673010032",
+				"stale": "FALSE",
+			},
+		},
+	},
 	{
 		"digest response",
 		`Digest username="aa", realm="bb", nonce="cc", uri="dd", response="ee"`,