Digest auth not working?

[jfederer]

Note I asked this on S.O. too: https://stackoverflow.com/questions/71430497/digest-authentication-in-nodejs

I'm using the urllib npm package with the following code:

options = {
    method: 'GET',
    rejectUnauthorized: false,
    digestAuth: `${user}:${pass}`
}

urllib.request(uri, options, function (err, data, res) {
    if (err) {
        throw err; // you need to handle error
    }
    console.log(res.statusCode);
    console.log(res.headers);
    // data is Buffer instance
    console.log(data.toString());
})

Unfortunately, I'm getting a 401 error back:

401
 { 'content-length': '222', 'content-type': 'text/plain',
connection: 'close', 'www-authenticate': 'Digest realm="000f7c16eacc", nonce="8652e7dfa50f6124896b84142eef93b5", stale="false", algorithm="MD5", qop="auth"', 'x-frame-options': 'SAMEORIGIN' } 
{ "Response": { 
    "ResponseURL": "/images/snapshot.jpg", 
    "ResponseCode": 3, 
    "SubResponseCode": 0, 
    "ResponseString": "Not Authorized", 
    "StatusCode": 401, 
    "StatusString": "Unauthorized", 
    "Data": "null" } }

The same uri, username, and password works when accessing via postman. What configuration details am I missing in this request? urllib doesn't provide a digest auth example.

I am not married to urllib and will take any working nodejs solution for pulling an image from an digest-auth endpoint.

[fengmk2]

you can follow this test case

urllib/test/digest_auth.test.js

Line 7 in f2a42d1

it.skip('should request with digest auth success in webdav', function(done) {

[jfederer]

Code matching that test case (with same user and pass) fails the assertion: assert(data.toString().indexOf('<p>The requested URL /auth-digest/user3 was not found on this server.</p>') >= 0); and the assertion that the status is 404

const urllib = require('urllib');
var url = 'http://test.webdav.org/auth-digest/user3';
    urllib.request(url, {
      digestAuth: 'user3:user3',
      timeout: 20000,
    }, function (err, data, res) {
     console.log('err :>> ', err);
	 console.log('data :>> ', data);
	 console.log('res :>> ', res);
    });

Output:

err :>>  null
data :>>  <Buffer 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e ... 234 more bytes>
res :>>  {
  status: 403,
  statusCode: 403,
  statusMessage: 'Forbidden',
  headers: {
    date: 'Wed, 23 Mar 2022 21:18:43 GMT',
    server: 'Apache',
    'content-length': '284',
    'keep-alive': 'timeout=5, max=100',
    connection: 'Keep-Alive',
    'content-type': 'text/html; charset=iso-8859-1'
  },
  size: 284,
  aborted: false,
  rt: 306,
  keepAliveSocket: false,
  data: <Buffer 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e ... 234 more bytes>,
  requestUrls: [ 'http://test.webdav.org/auth-digest/user3' ],
  timing: null,
  remoteAddress: '140.211.9.38',
  remotePort: 80,
  socketHandledRequests: 1,
  socketHandledResponses: 1
}

[fengmk2]

nodejs/undici#1611