d4708/qBittorrent
1
0
Fork 0
mirror of https://github.com/d47081/qBittorrent.git synced 2025-01-23 04:54:18 +00:00
Code Issues Projects Releases Wiki Activity

Made Web UI authentication even more robust

Browse Source
This commit is contained in:
Christophe Dumez 2010-03-12 20:55:09 +00:00
parent 671a997092
commit 80d5c5d85c
1 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/httpserver.cpp
View File

@ -132,16 +132,12 @@ void HttpServer::setAuthorization(QString _username, QString _password_ha1) {
password_ha1 = _password_ha1.toLocal8Bit(); password_ha1 = _password_ha1.toLocal8Bit();
} }
// AUTH string is: Digest username="chris", // Parse HTTP AUTH string
// realm="Web UI Access", // http://tools.ietf.org/html/rfc2617
// nonce="570d04de93444b7fd3eaeaecb00e635e",
// uri="/", algorithm=MD5,
// response="ba886766d19b45313c0e2195e4344264",
// qop=auth, nc=00000001, cnonce="e8ac970779c17075"
bool HttpServer::isAuthorized(QByteArray auth, QString method) const { bool HttpServer::isAuthorized(QByteArray auth, QString method) const {
qDebug("AUTH string is %s", auth.data()); qDebug("AUTH string is %s", auth.data());
// Get user name // Get user name
QRegExp regex_user(".*username=\"([^\"]+)\".*"); QRegExp regex_user(".*username=\"([^\"]+)\".*"); // Must be a quoted string
if(regex_user.indexIn(auth) < 0) return false; if(regex_user.indexIn(auth) < 0) return false;
QString prop_user = regex_user.cap(1); QString prop_user = regex_user.cap(1);
qDebug("AUTH: Proposed username is %s, real username is %s", prop_user.toLocal8Bit().data(), username.data()); qDebug("AUTH: Proposed username is %s, real username is %s", prop_user.toLocal8Bit().data(), username.data());
@ -151,7 +147,7 @@ bool HttpServer::isAuthorized(QByteArray auth, QString method) const {
return false; return false;
} }
// Get realm // Get realm
QRegExp regex_realm(".*realm=\"([^\"]+)\".*"); QRegExp regex_realm(".*realm=\"([^\"]+)\".*"); // Must be a quoted string
if(regex_realm.indexIn(auth) < 0) { if(regex_realm.indexIn(auth) < 0) {
qDebug("AUTH-PROB: Missing realm"); qDebug("AUTH-PROB: Missing realm");
return false; return false;
@ -162,7 +158,7 @@ bool HttpServer::isAuthorized(QByteArray auth, QString method) const {
return false; return false;
} }
// get nonce // get nonce
QRegExp regex_nonce(".*nonce=\"([^\"]+)\".*"); QRegExp regex_nonce(".*nonce=[\"]?([\\w=]+)[\"]?.*");
if(regex_nonce.indexIn(auth) < 0) { if(regex_nonce.indexIn(auth) < 0) {
qDebug("AUTH-PROB: missing nonce"); qDebug("AUTH-PROB: missing nonce");
return false; return false;
@ -178,7 +174,7 @@ bool HttpServer::isAuthorized(QByteArray auth, QString method) const {
QByteArray prop_uri = regex_uri.cap(1).toLocal8Bit(); QByteArray prop_uri = regex_uri.cap(1).toLocal8Bit();
qDebug("prop uri is: %s", prop_uri.data()); qDebug("prop uri is: %s", prop_uri.data());
// get response // get response
QRegExp regex_response(".*response=\"([^\"]+)\".*"); QRegExp regex_response(".*response=[\"]?([\\w=]+)[\"]?.*");
if(regex_response.indexIn(auth) < 0) { if(regex_response.indexIn(auth) < 0) {
qDebug("AUTH-PROB: Missing response"); qDebug("AUTH-PROB: Missing response");
return false; return false;
@ -193,14 +189,14 @@ bool HttpServer::isAuthorized(QByteArray auth, QString method) const {
if(auth.contains("qop=")) { if(auth.contains("qop=")) {
QCryptographicHash md5_ha(QCryptographicHash::Md5); QCryptographicHash md5_ha(QCryptographicHash::Md5);
// Get nc // Get nc
QRegExp regex_nc(".*nc=[\"]?(\\w+)[\"]?.*"); QRegExp regex_nc(".*nc=[\"]?([\\w=]+)[\"]?.*");
if(regex_nc.indexIn(auth) < 0) { if(regex_nc.indexIn(auth) < 0) {
qDebug("AUTH-PROB: qop but missing nc"); qDebug("AUTH-PROB: qop but missing nc");
return false; return false;
} }
QByteArray prop_nc = regex_nc.cap(1).toLocal8Bit(); QByteArray prop_nc = regex_nc.cap(1).toLocal8Bit();
qDebug("prop nc is: %s", prop_nc.data()); qDebug("prop nc is: %s", prop_nc.data());
QRegExp regex_cnonce(".*cnonce=\"([^\"]+)\".*"); QRegExp regex_cnonce(".*cnonce=[\"]?([\\w=]+)[\"]?.*");
if(regex_cnonce.indexIn(auth) < 0) { if(regex_cnonce.indexIn(auth) < 0) {
qDebug("AUTH-PROB: qop but missing cnonce"); qDebug("AUTH-PROB: qop but missing cnonce");
return false; return false;