Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
HTTP Digest Authentication
//HTTP Digest Authentication
//---------------------------
//Step 1: Send request to server with no credentials
//Step 2: Get 410 response with Www-Authenticate header containing Digest variables and do magic
//Step 3: Send back request with new magical header
//Step 4: Receive original request data
==================================================
function parseAuthenticationResponse(h) {
//Ti.API.info(headers['Www-Authenticate']);
var auth = {
headers : {}
};
var scre = /^\w+/;
var scheme = scre.exec(h);
auth.scheme = scheme[0];
var nvre = /(\w+)=['"]([^'"]+)['"]/g;
var pairs = h.match(nvre);
var vre = /(\w+)=['"]([^'"]+)['"]/;
var i = 0;
for (; i < pairs.length; i++) {
var v = vre.exec(pairs[i]);
if (v) {
auth.headers[v[1]] = v[2];
}
}
return auth;
}
module.exports.httpClient = function(requestType, url, inParams, postData, header, callback) {
var xhr = Titanium.Network.createHTTPClient();
xhr.onload = function() {
xhr = null;
//Step 4: Receive original request data
callback({
result : JSON.parse(this.responseText),
message : 'Success'
});
};
xhr.onerror = function(e) {
alert('Sorry, there appears to be a problem with your device\'s connection to the internet.\n\nPlease turn off Airplane mode or use Wi-Fi to access data.');
xhr = null;
callback({
result : 0,
message : 'Connection Error'
});
};
xhr.setTimeout(20000);
var encodedURI = encodeURI(url);
xhr.open(requestType, encodedURI);
xhr.setRequestHeader('Content-Type', 'application/json; charset=utf-8');
header && xhr.setRequestHeader("Authorization", header);
if (requestType == "POST" && postData != "") {
xhr.send(postData);
} else {
xhr.send();
}
};
module.exports.httpClientDigest = function(requestType, url, inParams, postData, callback) {
var xhr = Titanium.Network.createHTTPClient();
xhr.onload = function() {
xhr = null;
callback({
result : JSON.parse(this.responseText),
message : 'Success'
});
};
xhr.onerror = function(e) {
if (this.status == 401) {
//Step 2: Get 401 response and do work
var headers = this.getResponseHeaders();
var tokensObj = parseAuthenticationResponse(headers['Www-Authenticate']);
//NOTE : some servers will require a unique cnonce everytime
tokensObj.headers["cnonce"] = 'bd5fd9b093dccaa1';
tokensObj.headers["nc"] = '00000001';
tokensObj.headers["algorithm"] = 'MD5';
tokensObj.headers["method"] = 'GET';
tokensObj.headers["domain"] = '/';
//tokensObj["domain"] = '/GEM/api/survey/allAvailable'
var HA1 = Ti.Utils.md5HexDigest(Ti.App.Properties.getString('user', '') + ':' + tokensObj.headers["realm"] + ':' + Ti.App.Properties.getString('pass', ''));
var HA2 = Ti.Utils.md5HexDigest(tokensObj.headers["method"] + ':' + tokensObj.headers["domain"]);
var authResponse = Ti.Utils.md5HexDigest(HA1 + ':' + tokensObj.headers["nonce"] + ':' + tokensObj.headers["nc"] + ':' + tokensObj.headers["cnonce"] + ':' + tokensObj.headers["qop"] + ':' + HA2);
var responseContentHeader = 'Digest username="' + Ti.App.Properties.getString('user', '') + '"' + ', realm="' + tokensObj.headers["realm"] + '"' + ', nonce="' + tokensObj.headers["nonce"] + '"' + ', uri="' + tokensObj.headers["domain"] + '"' + ', algorithm="' + tokensObj.headers["algorithm"] + '"' + ', response="' + authResponse + '"' + ', qop="' + tokensObj.headers["qop"] + '"' + ', nc=' + tokensObj.headers["nc"] + ', cnonce="' + tokensObj.headers["cnonce"] + '"';
//Step 3: Send response back with new header
exports.httpClient(requestType, url, inParams, postData, responseContentHeader, callback);
} else {
alert('Error!');
}
};
var encodedURI = encodeURI(url);
xhr.open(requestType, encodedURI);
xhr.setRequestHeader('Content-Type', 'application/json; charset=utf-8');
if (requestType == "POST" && postData != "") {
xhr.send(postData);
} else {
xhr.send();
}
};
//Step 1: Call method and send request
exports.httpClientDigest('GET', url, '', '', function(e){
alert(e);
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.