diff --git a/lib/requester.js b/lib/requester.js index bb063426..8f922a2c 100644 --- a/lib/requester.js +++ b/lib/requester.js @@ -2,7 +2,7 @@ * Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ 'use strict'; -var createAuthInitializer = require('./www-authenticate/www-authenticate'); +var createAuthInitializer = require('./www-authenticate-patched/www-authenticate'); var Kerberos = require('./optional.js') .libraryProperty('kerberos', 'Kerberos'); var Multipart = require('multipart-stream'); diff --git a/lib/www-authenticate-patched/md5.js b/lib/www-authenticate-patched/md5.js new file mode 100644 index 00000000..732d576e --- /dev/null +++ b/lib/www-authenticate-patched/md5.js @@ -0,0 +1,18 @@ +/* + * www-authenticate + * https://github.com/randymized/www-authenticate + * + * Copyright (c) 2013 Randy McLaughlin + * Licensed under the MIT license. + */ + +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ +var crypto= require('crypto'); + +function md5(s) { + return crypto.createHash('md5').update(s).digest('hex'); +} + +module.exports= md5; \ No newline at end of file diff --git a/lib/www-authenticate/parsers.js b/lib/www-authenticate-patched/parsers.js similarity index 90% rename from lib/www-authenticate/parsers.js rename to lib/www-authenticate-patched/parsers.js index 65e2be1d..7deb6fe6 100644 --- a/lib/www-authenticate/parsers.js +++ b/lib/www-authenticate-patched/parsers.js @@ -1,3 +1,14 @@ +/* + * www-authenticate + * https://github.com/randymized/www-authenticate + * + * Copyright (c) 2013 Randy McLaughlin + * Licensed under the MIT license. + */ + +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ var ParseAuth= /(\w+)\s+(.*)/ // -> scheme, params , Separators= /([",=])/ ; diff --git a/lib/www-authenticate/user-credentials.js b/lib/www-authenticate-patched/user-credentials.js similarity index 79% rename from lib/www-authenticate/user-credentials.js rename to lib/www-authenticate-patched/user-credentials.js index 25bc405d..c1f5db0b 100644 --- a/lib/www-authenticate/user-credentials.js +++ b/lib/www-authenticate-patched/user-credentials.js @@ -1,3 +1,14 @@ +/* + * www-authenticate + * https://github.com/randymized/www-authenticate + * + * Copyright (c) 2013 Randy McLaughlin + * Licensed under the MIT license. + */ + +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ var md5= require('./md5'); /* diff --git a/lib/www-authenticate/www-authenticate.js b/lib/www-authenticate-patched/www-authenticate.js similarity index 95% rename from lib/www-authenticate/www-authenticate.js rename to lib/www-authenticate-patched/www-authenticate.js index f09c16ba..739006b8 100644 --- a/lib/www-authenticate/www-authenticate.js +++ b/lib/www-authenticate-patched/www-authenticate.js @@ -9,7 +9,6 @@ /* * Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ - 'use strict'; var crypto= require('crypto') @@ -42,20 +41,6 @@ var www_authenticator = function(username,password,options) cnonce= options.cnonce; } if (cnonce === void 0) cnonce= crypto.pseudoRandomBytes(8).toString('hex'); - - /** - * @typedef {Object} Authenticator - * @property {any} [err] - * @property {function(string=, string=): string} [authorize] - * @property {any} [parms] - * @property {string} [cnonce] - */ - - /** - * Parses the WWW-Authenticate header. - * @param {string} www_authenticate - * @returns {Authenticator} - */ var parse_header= function(www_authenticate) { function Authenticator() diff --git a/lib/www-authenticate/md5.js b/lib/www-authenticate/md5.js deleted file mode 100644 index 3e6de8bf..00000000 --- a/lib/www-authenticate/md5.js +++ /dev/null @@ -1,7 +0,0 @@ -var crypto= require('crypto'); - -function md5(s) { - return crypto.createHash('md5').update(s).digest('hex'); -} - -module.exports= md5; \ No newline at end of file diff --git a/test-basic/digestauth-fips-nomd5load.js b/test-basic/digestauth-fips-nomd5load.js index c90ca73d..fd244643 100644 --- a/test-basic/digestauth-fips-nomd5load.js +++ b/test-basic/digestauth-fips-nomd5load.js @@ -22,8 +22,8 @@ describe('FIPS test - ensure MD5 hash digester object is not loaded by default o * To simulate the require/load, we first delete the module from Node's require cache * and then require it again, which forces a reload of the module. */ - delete require.cache[require.resolve('../lib/www-authenticate/www-authenticate')]; - delete require.cache[require.resolve('../lib/www-authenticate/md5')]; + delete require.cache[require.resolve('../lib/www-authenticate-patched/www-authenticate')]; + delete require.cache[require.resolve('../lib/www-authenticate-patched/md5')]; const crypto = require('crypto'); const originalCreateHash = crypto.createHash; @@ -40,8 +40,8 @@ describe('FIPS test - ensure MD5 hash digester object is not loaded by default o (() => crypto.createHash('md5')).should.throw('FIPS emulation: MD5 digest algorithm is not allowed on this system!'); // Require the module - should not call to get MD5 digester so should not throw - (() => require('../lib/www-authenticate/md5')).should.not.throw(); - (() => require('../lib/www-authenticate/www-authenticate')).should.not.throw(); + (() => require('../lib/www-authenticate-patched/md5')).should.not.throw(); + (() => require('../lib/www-authenticate-patched/www-authenticate')).should.not.throw(); } finally { // Restore the original createHash function to avoid side effects