Method havePreviousDigestAuthorizationAndShouldAbort do not check nonce
Closed this issue · 2 comments
andrefrsousa commented
I think there is a problem with your method havePreviousDigestAuthorizationAndShouldAbort.
It receives a "String nonce" but it never checks if the nonce is available in the previous request header.
That way you will log "previous digest authentication with same nonce failed, returning null" even when the nonce was never present in the request.
rburgst commented
I am not sure I understand, the method will only return true in case where the initing request had an authorization header and the server told us that the previous nonce was stale, in all other cases (i.e. no authorization, no nonce, etc) it will simply return false and therefore, not log anything.
Can you construct a test case?
rburgst commented
closing due to lack of feedback.