fix authentication when algorithm field is not supported (#558)

(https://github.com/bluenviron/mediamtx/issues/3116) This fixes authentication issues with some TP-LINK cameras.
2025-10-05 23:26:54 +08:00 · 2024-05-15 10:21:30 +02:00
parent 9f6428bdb8
commit f283abc2e7
11 changed files with 373 additions and 209 deletions
--- a/pkg/auth/validate_test.go
+++ b/pkg/auth/validate_test.go
@@ -1,13 +1,88 @@
 package auth

 import (
+	"fmt"
 	"testing"

 	"github.com/bluenviron/gortsplib/v4/pkg/base"
-	"github.com/bluenviron/gortsplib/v4/pkg/headers"
 	"github.com/stretchr/testify/require"
 )

+func TestValidate(t *testing.T) {
+	for _, ca := range []struct {
+		name          string
+		authorization base.HeaderValue
+	}{
+		{
+			"basic",
+			base.HeaderValue{
+				"Basic bXl1c2VyOm15cGFzcw==",
+			},
+		},
+		{
+			"digest md5 implicit",
+			base.HeaderValue{
+				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
+			},
+		},
+		{
+			"digest md5 explicit",
+			base.HeaderValue{
+				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
+					"algorithm=\"MD5\"",
+			},
+		},
+		{
+			"digest sha256",
+			base.HeaderValue{
+				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
+					"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
+					"algorithm=\"SHA-256\"",
+			},
+		},
+		{
+			"digest vlc",
+			base.HeaderValue{
+				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+					"uri=\"rtsp://myhost/mypath?key=val/\", response=\"5ca5ceeca20a05e9a3f49ecde4b42655\"",
+			},
+		},
+	} {
+		t.Run(ca.name, func(t *testing.T) {
+			se, err := NewSender(
+				GenerateWWWAuthenticate([]ValidateMethod{ValidateMethodDigestMD5}, "myrealm", "f49ac6dd0ba708d4becddc9692d1f2ce"),
+				"myuser",
+				"mypass")
+			require.NoError(t, err)
+			req1 := &base.Request{
+				Method: base.Setup,
+				URL:    mustParseURL("rtsp://myhost/mypath?key=val/"),
+			}
+			se.AddAuthorization(req1)
+			fmt.Println(req1.Header)
+
+			req := &base.Request{
+				Method: base.Setup,
+				URL:    mustParseURL("rtsp://myhost/mypath?key=val/trackID=3"),
+				Header: base.Header{
+					"Authorization": ca.authorization,
+				},
+			}
+			err = Validate(
+				req,
+				"myuser",
+				"mypass",
+				nil,
+				"myrealm",
+				"f49ac6dd0ba708d4becddc9692d1f2ce")
+			require.NoError(t, err)
+		})
+	}
+}
+
 func FuzzValidate(f *testing.F) {
 	f.Add(`Invalid`)
 	f.Add(`Digest `)
@@ -35,21 +110,3 @@ func FuzzValidate(f *testing.F) {
 		)
 	})
 }
-
-func TestValidateAdditionalErrors(t *testing.T) {
-	err := Validate(
-		&base.Request{
-			Method: base.Describe,
-			URL:    nil,
-			Header: base.Header{
-				"Authorization": base.HeaderValue{"Basic bXl1c2VyOm15cGFzcw=="},
-			},
-		},
-		"myuser",
-		"mypass",
-		[]headers.AuthMethod{headers.AuthDigestMD5},
-		"IPCAM",
-		"abcde",
-	)
-	require.Error(t, err)
-}