fixes #21

abbot · Jan 7, 2016 · aef0a09 · aef0a09
1 parent fa194fe
commit aef0a09
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/digest.go b/digest.go
@@ -20,10 +20,11 @@ type digest_client struct {
 }
 
 type DigestAuth struct {
-	Realm            string
-	Opaque           string
-	Secrets          SecretProvider
-	PlainTextSecrets bool
+	Realm                  string
+	Opaque                 string
+	Secrets                SecretProvider
+	PlainTextSecrets       bool
+	DisableNonceCountCheck bool
 
 	/*
 	   Approximate size of Client's Cache. When actual number of
@@ -164,7 +165,7 @@ func (da *DigestAuth) CheckAuth(r *http.Request) (username string, authinfo *str
 	if client, ok := da.clients[auth["nonce"]]; !ok {
 		return
 	} else {
-		if client.nc != 0 && client.nc >= nc {
+		if client.nc != 0 && client.nc >= nc && !da.DisableNonceCountCheck {
 			return
 		}
 		client.nc = nc

diff --git a/digest_test.go b/digest_test.go
@@ -33,10 +33,19 @@ func TestAuthDigest(t *testing.T) {
 	if u, _ := da.CheckAuth(r); u != "test" {
 		t.Fatal("empty auth for legitimate client")
 	}
+
+	// our nc is now 0, client nc is 1
 	if u, _ := da.CheckAuth(r); u != "" {
 		t.Fatal("non-empty auth for outdated nc")
 	}
 
+	// try again with nc checking off
+	da.DisableNonceCountCheck = true
+	if u, _ := da.CheckAuth(r); u != "test" {
+		t.Fatal("empty auth for outdated nc even though nc checking is off")
+	}
+	da.DisableNonceCountCheck = false
+
 	r.URL, _ = url.Parse("/")
 	da.clients["Vb9BP/h81n3GpTTB"] = &digest_client{nc: 0, last_seen: time.Now().UnixNano()}
 	if u, _ := da.CheckAuth(r); u != "" {