github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-07-16 02:03:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Use HTTP digest mode for Web UI authentication (instead of Basic)

Browse source
This commit is contained in:
Christophe Dumez 2010-01-15 14:20:20 +00:00
parent 4522174555
commit c7ca51f950
5 changed files with 126 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/httpconnection.cpp
View file

@ -137,14 +137,14 @@ void HttpConnection::respond() {
write();
return;
}
QStringList auth = parser.value("Authorization").split(" ", QString::SkipEmptyParts);
if (auth.size() != 2 || QString::compare(auth[0], "Basic", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth[1].toLocal8Bit())) {
QString auth = parser.value("Authorization");
if (QString::compare(auth.split(" ").first(), "Digest", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth.toLocal8Bit(), parser.method())) {
// Update failed attempt counter
parent->client_failed_attempts.insert(socket->peerAddress().toString(), nb_fail+1);
qDebug("client IP: %s (%d failed attempts)", socket->peerAddress().toString().toLocal8Bit().data(), nb_fail);
// Return unauthorized header
generator.setStatusLine(401, "Unauthorized");
generator.setValue("WWW-Authenticate", "Basic realm=\"you know what\"");
generator.setValue("WWW-Authenticate", "Digest realm=\""+QString(QBT_REALM)+"\", nonce=\""+parent->generateNonce()+"\", algorithm=\"MD5\", qop=\"auth\"");
write();
return;
}