CPE ACS Digest Authentication is still broken since in version=“1.2.13+240927064d”
message: "Authentication failure",
sessionContext: sessionContext,
});
resHeaders["Connection"] = "close";
} else {
if (getRequestOrigin(sessionContext.httpRequest).encrypted) {
resHeaders["WWW-Authenticate"] = `Basic realm="${REALM}"`;
} else {
const nonce = crypto.randomBytes(16).toString("hex");
sessionsNonces.set(sessionContext.httpRequest.socket, nonce);
let d = `Digest realm="${REALM}"`;
d += ',qop="auth,auth-int"';
d += `,nonce="${nonce}"`;
resHeaders["WWW-Authenticate"] = d;
}
currentSessions.set(sessionContext.httpRequest.socket, sessionContext);
}
const httpResponse = sessionContext.httpResponse;
sessionsNonces WeakMap is using sessionContext.httpRequest.socket which will different in the subsequent http request which contains the NONCE value in the Authentication header.
This meant that the value retrieve sessionsNonce in line
try {
authentication = auth.parseAuthorizationHeader(
sessionContext.httpRequest.headers["authorization"],
);
} catch (err) {
return false;
}
}
if (authentication?.method === "Digest") {
const sessionNonce = sessionsNonces.get(sessionContext.httpRequest.socket);
if (
!sessionNonce ||
authentication.nonce !== sessionNonce ||
(authentication.qop && (!authentication.cnonce || !authentication.nc))
)
return false;
authentication["body"] = body;
}
is NULL and authentication fails.
I would think it would make sense to create a Map using a deviceId but there is no object of device.
This issue is similar to : -
Hello again,
I finally found why there is a problem with the authentication with my CPE.
The header HTTP “Authorization” contains all values for authentication Digest and they are correct. But the problem is there is no space between thoses values and the CPE deny the authentication.
To allow this, I modified the file lib/auth.ts at line 169 by adding a space between all parameters :
let authString = `Digest username="${username}"`;
authString += `, realm="${authHeader.realm}"`;
aut…