mhoc / axios-digest-auth Goto Github PK

Hi,
I am trying to use this module into my web application, but it keeps asking me username and password.
Here's my demo code:

const handleRequest =  (digestAuthProps: AxiosDigestAuth) => {
		digestAuthProps.request({
			headers: {Accept: "application/json"},
			method: "GET",
			url: baseUrl + 'account',
			withCredentials: true
		}).then((response: any) => {
			console.log(response);
		}).catch((err: any) => {
			console.log( err.response);
		});
	}

When in debug I inspect digestAuthProps I can see the correct login and password

Is this plugin works for client side web application or ONLY for NodeJs? It it works for web application what am I doing wrong?

Thanks

Caused by the following Code
index.ts Line 44
const authDetails = resp1.response.headers['www-authenticate'].split(',').map((v: string) => v.split('='));
The Nonce will be split if it has a '=' Character inside
This leads to the miscalculation of the hashes and an 401 Auth failed.

Hi,

I noticed a security vulnerability in axios package 0.22.0 related to SSRF. It seems to be originating from [@mhoc/axios-digest-auth 0.8.0] (https://www.npmjs.com/package/@mhoc/axios-digest-auth/v/0.8.0). Please refer to the screenshot below for more information.
Introduced through: package.json@* › @mhoc/[email protected] › [email protected]

I have checked axios package and they have new versions.

1. Will axios-digest-auth consider upgrading the version of axios from 0.22.0 to some stable version where we don't get the CSRF vulnerability?
2. If yes, could you please let us know the deadline by which this can be accomplished?

I'm trying to apply a simple scenario like the following:

import AxiosDigestAuth from '@mhoc/axios-digest-auth';

const digestAuth = new AxiosDigestAuth({
  password: 'pass',
  username: 'user',
});

const response = await digestAuth.request({
  headers: { Accept: 'application/json' },
  method: 'POST',
  data,
  url,
});

Is there anything I'm missing to add?

I'm getting the following in the logs:

"headers":{"Accept":"application/json","Content-Type":"application/x-www-form-urlencoded","authorization":"Digest username="user",realm="Something",nonce="F0WPyO/ckHwF7KbJIXQ4yWxhav/0jw9v",uri="uri",qop="auth",algorithm="MD5",response="8f84c8e1cdcf177bf74304b3d52675aa",nc="00000001",cnonce="17ff0f091b3949da7911654890914a55a380f2ff57a1ca13"","User-Agent":"axios/0.21.1","Content-Length":77,"x-datadog-trace-id":"385142050296865726","x-datadog-parent-id":"2471136348259650736","x-datadog-sampled":"1","x-datadog-sampling-priority":"1"},"transformRequest":[null],"transformResponse":[null],"timeout":0,"xsrfCookieName":"XSRF-TOKEN","xsrfHeaderName":"X-XSRF-TOKEN","maxContentLength":-1,"maxBodyLength":-1}}

Hi,

i install the package and clone your example Project.

import AxiosDigestAuth from "@mhoc/axios-digest-auth";

const digestAuth = new AxiosDigestAuth({
  password: "pass",
  username: "user",
});

const response = await digestAuth.request({
  headers: { Accept: "application/json" },
  method: "POST",
  data,
  url,
});

i get an error :(

const digestAuth = new AxiosDigestAuth({
                   ^

TypeError: AxiosDigestAuth is not a constructor

The demo used has an await function that isn't tied to any async function that I see. Simply copying and pasting the demo gives the error that the await function cannot be used out of an async function.

Removing the async function results in an error that the promise was rejected with the error "Cannot read property 'status' of undefined". I am not sure what is happening.