http-auth digest using express js

Question

I'm developing an API in Express JS. I want to use http-auth library and I've been trying to use digest authentication, but I have not been able to use it. Here is my code:

var app        = require('express')(),
    routes     = require('./routes'),
    bodyParser = require('body-parser'),
    auth       = require('http-auth'); 

app.use(bodyParser.json()); // Soporta json encoded bodies
app.use(bodyParser.urlencoded({ // Soporta encoded bodies
    extended: true
}));

var digest = auth.digest({
    realm: 'prueba',
    file: __dirname + "/usr.pass"
});

app.use(auth.connect(digest));

// Conectamos todas nuestras rutas
app.use('/', routes);

// Levantamos servidor
app.listen(9999, () => {
    Console.log('running');
});

My usr.pass file has this line: jdurini:prueba:88bfcf02e7f554f9e9ea350b699bc6a7 (password is a MD5 representation por '2315').

I'm using POSTMAN to call my endpoints. In this case, I'm trying POST method on localhost:9999, and everytime I try, It goes to digest.on('fail') event.

In the Authorization tab, I use this data.

What am I doing wrong? This is my first time using Express, so any comment could be helpful.

Edit 1 - August 14th

Authorization header in postman is as follows:Digest username="jdurini", realm="prueba", nonce="", uri="/", response="2c01bce3e1980c575fc82e32f9943617", opaque="" . This header is autogenerated when I fill Authorization's form with:

type: Digest Auth
username: jdurini
Realm: prueba
Password: 2315

No other header is used in the request.

score 3 · Accepted Answer · answered Aug 12 '17 at 10:02

3

Reason

Looks like there is a problem with your authentication file.

Soluton

I just re-generated authentication line with htdigest:

htdigest usr.pass prueba jdurini

and got something like this:

jdurini:prueba:546bb2109e9d875fb486bf90a55fdbd6

And new version works for me.

Notice

I guess you may want to change Console.log('running') line to lower case, as your version does not compile for me.

answered Aug 12 '17 at 10:02

gevorg

4,835
4
35
52

Thanks for your awnser. I used htdigest to generate my password file. But it keeps returning "401 Unauthorized" in Postman – Juan Carlos Durini Aug 14 '17 at 14:37
Give me more info on request, response headers please. – gevorg Aug 14 '17 at 15:12
for difference try with simple browser to verify if that is not a problem related to Postman configuration. – gevorg Aug 14 '17 at 15:26
It worked in Chrome! Thanks @gevorg. What do you think is the problem with postman? – Juan Carlos Durini Aug 14 '17 at 15:28
The problem is that postman ignores nonce sent by server and hardcodes the one provided by you. – gevorg Aug 14 '17 at 15:33
see https://github.com/postmanlabs/postman-app-support/issues/932, it is a postman bug – gevorg Aug 14 '17 at 15:34
I see... One last question. Which Algorithm uses htdigest for password encryption? I thought it was MD5 but neigher MySQL or [this page](http://www.md5.cz/) return this hash: `546bb2109e9d875fb486bf90a55fdbd6`, they return this one: `88bfcf02e7f554f9e9ea350b699bc6a7`. – Juan Carlos Durini Aug 14 '17 at 15:53
it is md5, however it depends what you put into input: utils.md5(`${username}:${realm}:${password}`) – gevorg Aug 14 '17 at 15:58
oh, I see... it applies MD5 to those fields.. thanks! – Juan Carlos Durini Aug 14 '17 at 16:14

http-auth digest using express js

Edit 1 - August 14th

1 Answers1

Reason

Soluton

Notice

Linked