- $auth{$key} = $value;
- }
- unless (exists($auth{'username'}) &&
- exists($auth{'uri'}) &&
- exists($auth{'nonce'}) &&
- exists($auth{'opaque'}) &&
- exists($auth{'response'})) {
- output_401($r);
- return undef;
- }
- if ($r->uri ne $auth{'uri'}) {
- output_401($r);
- return undef;
- }
-
- # Verify that the opaque data does indeed look like a timestamp, and that the nonce
- # is indeed a signed version of it.
- if ($auth{'opaque'} !~ /^\d+$/) {
- output_401($r);
- return undef;
- }
- my $compare_nonce = Digest::HMAC_SHA1->hmac_sha1_hex($auth{'opaque'}, $Sesse::pr0n::Config::db_password);
- if ($auth{'nonce'} ne $compare_nonce) {
- output_401($r);
- return undef;
- }
-
- # Now look up the user's HA1 from the database, and calculate HA2.
- my ($user, $takenby) = extract_takenby($auth{'username'});
- my $ref = $dbh->selectrow_hashref('SELECT digest_ha1_hex FROM users WHERE username=? AND vhost=?',
- undef, $user, $r->get_server_name);
- if (!defined($ref)) {
- output_401($r);
- return undef;
- }
- if (!defined($ref->{'digest_ha1_hex'}) || $ref->{'digest_ha1_hex'} !~ /^[0-9a-f]{32}$/) {
- # A user that exists but has empty HA1 is a user that's not
- # ready for digest auth, so we hack it and resend 401,
- # only this time without digest auth.
- output_401($r, DigestAuth => 0);
- return undef;