lpeg_patterns/http: Fixup parsing of RFC 7235 headers (WWW_authenticate, Authentication, etc)

daurnimator · daurnimator · commit 64e39a75e727 · 2016-11-23T00:57:34.000+11:00
diff --git a/lpeg_patterns/http.lua b/lpeg_patterns/http.lua
@@ -549,16 +549,17 @@ _M.Warning = comma_sep_trim(warning_value, 1)
 
 -- RFC 7235 Section 2
 local auth_scheme = _M.token
-local auth_param = _M.token * _M.BWS * P"=" * _M.BWS * (_M.token + _M.quoted_string)
-local token68 = (core.ALPHA + core.DIGIT + P"-" + P"." + P"_" + P"~" + P"+" + P"/" )^1 * (P"=")^0
-local challenge = auth_scheme * (core.SP^1 * (token68 + comma_sep(auth_param)))^-1
-local credentials = auth_scheme * (core.SP^1 * (token68 + comma_sep(auth_param)))^-1
+local auth_param = Cg(_M.token / string.lower * _M.BWS * P"=" * _M.BWS * (_M.token + _M.quoted_string))
+local token68 = C((core.ALPHA + core.DIGIT + P"-" + P"." + P"_" + P"~" + P"+" + P"/" )^1 * (P"=")^0)
+-- TODO: each parameter name MUST only occur once per challenge
+local challenge = auth_scheme * (core.SP^1 * (Cf(Ct(true) * comma_sep(auth_param), rawset) + token68))^-1
+local credentials = challenge
 
 -- RFC 7235 Section 4
 _M.WWW_Authenticate = comma_sep_trim(Ct(challenge), 1)
 _M.Authorization = credentials
-_M.Proxy_Authenticate = comma_sep_trim(Ct(challenge), 1)
-_M.Proxy_Authorization = credentials
+_M.Proxy_Authenticate = _M.WWW_Authenticate
+_M.Proxy_Authorization = _M.Proxy_Authorization
 
 -- RFC 7239 Section 4
 local value = _M.token + _M.quoted_string
diff --git a/spec/http_spec.lua b/spec/http_spec.lua
@@ -236,6 +236,15 @@ describe("http patterns", function()
 		assert.same({["max-age"] = "0"; includesubdomains = true}, sts_patt:match("max-age=0;includeSubdomains"))
 		assert.same({["max-age"] = "0"; includesubdomains = true}, sts_patt:match("max-age=0 ; includeSubdomains"))
 	end)
+	it("Parses an WWW_Authenticate header", function()
+		local WWW_Authenticate = lpeg.Ct(http.WWW_Authenticate) * EOF
+		assert.same({{"Newauth"}}, WWW_Authenticate:match"Newauth")
+		assert.same({{"Newauth", {realm = "apps"}}}, WWW_Authenticate:match[[Newauth realm="apps"]])
+		assert.same({{"Newauth", {realm = "apps"}}}, WWW_Authenticate:match[[Newauth ReaLm="apps"]])
+		assert.same({{"Newauth"}, {"Basic"}}, WWW_Authenticate:match"Newauth, Basic")
+		assert.same({{"Newauth", {realm = "apps", type="1", title="Login to \"apps\""}}, {"Basic", {realm="simple"}}},
+			WWW_Authenticate:match[[Newauth realm="apps", type=1, title="Login to \"apps\"", Basic realm="simple"]])
+	end)
 	it("Parses a HPKP header", function()
 		-- Example from RFC 7469 2.1.5
 		local pkp_patt = lpeg.Cf(lpeg.Ct(true) * http.Public_Key_Pins, function(t, k, v) table.insert(t, {k,v}) return t end) * EOF
