squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-20 15:37:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use HTTP digest mode for Web UI authentication (instead of Basic)

Browse Source
This commit is contained in:
Christophe Dumez
2010-01-15 14:20:20 +00:00
parent 4522174555
commit c7ca51f950
5 changed files with 126 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/httpconnection.cpp
View File

@@ -137,14 +137,14 @@ void HttpConnection::respond() {
write();
return;
}
QStringList auth = parser.value("Authorization").split(" ", QString::SkipEmptyParts);
if (auth.size() != 2 || QString::compare(auth[0], "Basic", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth[1].toLocal8Bit())) {
QString auth = parser.value("Authorization");
if (QString::compare(auth.split(" ").first(), "Digest", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth.toLocal8Bit(), parser.method())) {
// Update failed attempt counter
parent->client_failed_attempts.insert(socket->peerAddress().toString(), nb_fail+1);
qDebug("client IP: %s (%d failed attempts)", socket->peerAddress().toString().toLocal8Bit().data(), nb_fail);
// Return unauthorized header
generator.setStatusLine(401, "Unauthorized");
generator.setValue("WWW-Authenticate", "Basic realm=\"you know what\"");
generator.setValue("WWW-Authenticate", "Digest realm=\""+QString(QBT_REALM)+"\", nonce=\""+parent->generateNonce()+"\", algorithm=\"MD5\", qop=\"auth\"");
write();
return;
}