Digest auth not working for uri '/'
Closed this issue · 1 comments
I debugged and found out r->uri become '/index.html' even when the request line is 'GET / HTTP/1.1'.
On the other hand, r->unparsed_uri.data = '/ HTTP/1.1' and r->unparsed_uri.len = 1,
so we should take substring of length r->unparsed_uri.len of r->unparsed_uri.data.
This is achieved with two commits below:
chazmcgarvey@227871e
hnakamur@9d2824b
However, even with these fixes, it still does not work for uri '/'.
It seems that ngx_bitvector_test in ngx_int_tngx_http_auth_digest_verify_hash returns false.
Yes, Nginx does an internal redirect to the index file when r->uri is '/' (default index file is '/index.html'). So, even if r->unparsed_uri.data is used, the found->nc bitvector will already be cleared by the initial uri processing (to prevent replays).
One workaround is to check r->internal when found != NULL && ngx_bitvector_test(...) returns false. More checking needs to be done to ensure this is secure.