diff --git a/lib/passport-http/strategies/digest.js b/lib/passport-http/strategies/digest.js index 1984d89..0b88251 100644 --- a/lib/passport-http/strategies/digest.js +++ b/lib/passport-http/strategies/digest.js @@ -112,7 +112,9 @@ DigestStrategy.prototype.authenticate = function(req) { if (!creds.username) { return this.fail(this._challenge()); } - if (req.url !== creds.uri) { + + var url = req.originalUrl || req.url; + if (url !== creds.uri) { return this.fail(400); } diff --git a/test/strategies/digest-test.js b/test/strategies/digest-test.js index 28115ec..61abc7b 100644 --- a/test/strategies/digest-test.js +++ b/test/strategies/digest-test.js @@ -921,6 +921,49 @@ vows.describe('DigestStrategy').addBatch({ }, }, + 'strategy handling a request for endpoint mounted with `app.use` at a different route': { + topic: function() { + var strategy = new DigestStrategy( + function(username, done) { + done(null, { username: username }, 'secret'); + }, + function(options, done) { + done(null, true); + } + ); + return strategy; + }, + + 'after augmenting with actions': { + topic: function(strategy) { + var self = this; + var req = {}; + strategy.success = function(user) { + self.callback(null, user); + } + strategy.fail = function() { + self.callback(new Error('should not be called')); + } + + req.url = '/login'; + req.originalUrl = '/auth/login'; + req.method = 'HEAD'; + req.headers = {}; + req.headers.authorization = 'Digest username="bob", realm="Users", nonce="NOIEDJ3hJtqSKaty8KF8xlkaYbItAkiS", uri="/auth/login", response="966fae1f81aa1bb0e413e0e832e647c0"'; + process.nextTick(function () { + strategy.authenticate(req); + }); + }, + + 'should not generate an error' : function(err, user) { + assert.isNull(err); + }, + 'should authenticate' : function(err, user) { + assert.equal(user.username, 'bob'); + }, + }, + }, + 'strategy handling a request with unknown algorithm': { topic: function() { var strategy = new DigestStrategy({ algorithm: 'MD5' },