[PR #4494] [MERGED] fix: process headers correctly in Digest Auth and other updates #4831

New issue

Closed

opened 2026-03-17 02:20:02 +03:00 by kerem · 0 comments

kerem commented

2026-03-17 02:20:02 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hoppscotch/hoppscotch/pull/4494
Author: @jamesgeorge007
Created: 10/30/2024
Status: ✅ Merged
Merged: 10/30/2024
Merged by: @jamesgeorge007

Base: next ← Head: fix/digest-auth

📝 Commits (5)

a16f343 fix: process headers correctly in Digest Auth
8206482 chore: ensure CLI fails with non-zero exit code when appropriate
c9dbd64 chore: remove the ability to disable retrying requests
0803b9d chore: cleanup
783383e fix: include request body hash for auth-int qop

📊 Changes

8 files changed (+105 additions, -85 deletions)

View changed files

📝 packages/hoppscotch-cli/src/__tests__/e2e/commands/test.spec.ts (+17 -1)
➖ packages/hoppscotch-cli/src/__tests__/e2e/fixtures/collections/digest-auth-coll.json (+0 -43)
📝 packages/hoppscotch-cli/src/utils/auth/digest.ts (+31 -12)
📝 packages/hoppscotch-cli/src/utils/pre-request.ts (+10 -8)
📝 packages/hoppscotch-cli/src/utils/request.ts (+9 -3)
📝 packages/hoppscotch-common/src/components/http/authorization/Digest.vue (+3 -2)
📝 packages/hoppscotch-common/src/helpers/auth/digest.ts (+27 -14)
📝 packages/hoppscotch-common/src/helpers/utils/EffectiveURL.ts (+8 -2)

📄 Description

What's changed

This PR includes a couple of updates to how the resultant headers were computed for Digest Authorization, ensuring the request is transmitted in the expected format:

Only include the path and query parameters in the URI.
Account for the opted algorithm (additional implementation for MD5-sess) while hashing username, realm and password.
Include an entity (request) body hash when qop is set to auth-init. For content types like multipart/form-data where the request body is not a string, it falls back to an empty string while hashing for now.

Additionally, it includes the following changes:

Account for the www-authenticate header received from the server in the initial response in a case-insensitive manner. Previously, if the server responded with the WWW-Authenticate header, the initial response would be marked with an unexpected response since www-authenticate was referred to straightaway.
Removes the Disable Retrying Requests for the time being until a mechanism is in place to handle failed requests gracefully in such a case. CLI will still support this.
The CLI behaviour has been updated so that any failures reported in the pre/post scripts and request execution will result in a non-zero exit code. Previously, this behaviour was exclusive to failed test assertions.
CLI test suite updates.

Notes to reviewers

Ensure the request succeeds every time. Also, export the collection and run it via the CLI. Specify disableRetry: true in the exported collection under auth for the request and observe the request failing with a suitable message.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hoppscotch/hoppscotch/pull/4494 **Author:** [@jamesgeorge007](https://github.com/jamesgeorge007) **Created:** 10/30/2024 **Status:** ✅ Merged **Merged:** 10/30/2024 **Merged by:** [@jamesgeorge007](https://github.com/jamesgeorge007) **Base:** `next` ← **Head:** `fix/digest-auth` --- ### 📝 Commits (5) - [`a16f343`](https://github.com/hoppscotch/hoppscotch/commit/a16f34341a95f3e9ddb338efe992429a89f01412) fix: process headers correctly in Digest Auth - [`8206482`](https://github.com/hoppscotch/hoppscotch/commit/82064826dc01a95562797e61f4fe78adf01f7263) chore: ensure CLI fails with non-zero exit code when appropriate - [`c9dbd64`](https://github.com/hoppscotch/hoppscotch/commit/c9dbd648ccef44aca32b7973f9965a69ce033934) chore: remove the ability to disable retrying requests - [`0803b9d`](https://github.com/hoppscotch/hoppscotch/commit/0803b9d94963fa1fce849827a1eed6005ed6fb51) chore: cleanup - [`783383e`](https://github.com/hoppscotch/hoppscotch/commit/783383e768e0f2b953747a8dd4f250940ead10ee) fix: include request body hash for `auth-int` qop ### 📊 Changes **8 files changed** (+105 additions, -85 deletions) <details> <summary>View changed files</summary> 📝 `packages/hoppscotch-cli/src/__tests__/e2e/commands/test.spec.ts` (+17 -1) ➖ `packages/hoppscotch-cli/src/__tests__/e2e/fixtures/collections/digest-auth-coll.json` (+0 -43) 📝 `packages/hoppscotch-cli/src/utils/auth/digest.ts` (+31 -12) 📝 `packages/hoppscotch-cli/src/utils/pre-request.ts` (+10 -8) 📝 `packages/hoppscotch-cli/src/utils/request.ts` (+9 -3) 📝 `packages/hoppscotch-common/src/components/http/authorization/Digest.vue` (+3 -2) 📝 `packages/hoppscotch-common/src/helpers/auth/digest.ts` (+27 -14) 📝 `packages/hoppscotch-common/src/helpers/utils/EffectiveURL.ts` (+8 -2) </details> ### 📄 Description ### What's changed This PR includes a couple of updates to how the resultant headers were computed for Digest Authorization, ensuring the request is transmitted in the expected format: - Only include the path and query parameters in the URI. - Account for the opted algorithm (additional implementation for `MD5-sess`) while hashing username, realm and password. - Include an entity (request) body hash when `qop` is set to `auth-init`. For content types like `multipart/form-data` where the request body is not a string, it falls back to an empty string while hashing for now. Additionally, it includes the following changes: - Account for the `www-authenticate` header received from the server in the initial response in a case-insensitive manner. Previously, if the server responded with the `WWW-Authenticate` header, the initial response would be marked with an unexpected response since `www-authenticate` was referred to straightaway. - Removes the `Disable Retrying Requests` for the time being until a mechanism is in place to handle failed requests gracefully in such a case. CLI will still support this. - The CLI behaviour has been updated so that any failures reported in the pre/post scripts and request execution will result in a non-zero exit code. Previously, this behaviour was exclusive to failed test assertions. - CLI test suite updates. ### Notes to reviewers Ensure the request succeeds every time. Also, export the collection and run it via the CLI. Specify `disableRetry: true` in the exported collection under `auth` for the request and observe the request failing with a suitable message. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>