From 76a5ed5f2a14d8f9625a467be1a01eb58920cd43 Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Tue, 7 Jan 2020 15:35:16 +0100 Subject: [PATCH] multi: change WWW-Authenticate header format To be compliant with RFC 7235 section 4.1 we change the format of the WWW-Authenticate header field to double quoted and comma separated fields. --- README.md | 2 +- auth/authenticator.go | 2 +- auth/mock_authenticator.go | 9 ++++++++- static/index.html | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d8b4a99..509e53c 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ First, let's request the BOS scores until we hit the freebie limit: At some point, we will get an answer 402 with an authorization header: ``` -www-authenticate: LSAT macaroon='...' invoice='lntb10n1...' +www-authenticate: LSAT macaroon="...", invoice="lntb10n1..." ``` We will need both these values, the `macaroon` and the `invoice` so copy them diff --git a/auth/authenticator.go b/auth/authenticator.go index 69dbc26..a66de66 100644 --- a/auth/authenticator.go +++ b/auth/authenticator.go @@ -98,7 +98,7 @@ func (l *LsatAuthenticator) FreshChallengeHeader(r *http.Request, log.Errorf("Error serializing LSAT: %v", err) } - str := fmt.Sprintf("LSAT macaroon='%s' invoice='%s'", + str := fmt.Sprintf("LSAT macaroon=\"%s\", invoice=\"%s\"", base64.StdEncoding.EncodeToString(macBytes), paymentRequest) header := r.Header header.Set("WWW-Authenticate", str) diff --git a/auth/mock_authenticator.go b/auth/mock_authenticator.go index 487cb9f..8078f3f 100644 --- a/auth/mock_authenticator.go +++ b/auth/mock_authenticator.go @@ -35,6 +35,13 @@ func (a MockAuthenticator) FreshChallengeHeader(r *http.Request, _ string) (http.Header, error) { header := r.Header - header.Set("WWW-Authenticate", "LSAT macaroon='AGIAJEemVQUTEyNCR0exk7ek90Cg==' invoice='lnbc1500n1pw5kjhmpp5fu6xhthlt2vucmzkx6c7wtlh2r625r30cyjsfqhu8rsx4xpz5lwqdpa2fjkzep6yptksct5yp5hxgrrv96hx6twvusycn3qv9jx7ur5d9hkugr5dusx6cqzpgxqr23s79ruapxc4j5uskt4htly2salw4drq979d7rcela9wz02elhypmdzmzlnxuknpgfyfm86pntt8vvkvffma5qc9n50h4mvqhngadqy3ngqjcym5a'") + header.Set( + "WWW-Authenticate", "LSAT macaroon=\"AGIAJEemVQUTEyNCR0exk7ek9"+ + "0Cg==\", invoice=\"lnbc1500n1pw5kjhmpp5fu6xhthlt2vucm"+ + "zkx6c7wtlh2r625r30cyjsfqhu8rsx4xpz5lwqdpa2fjkzep6yptk"+ + "sct5yp5hxgrrv96hx6twvusycn3qv9jx7ur5d9hkugr5dusx6cqzp"+ + "gxqr23s79ruapxc4j5uskt4htly2salw4drq979d7rcela9wz02el"+ + "hypmdzmzlnxuknpgfyfm86pntt8vvkvffma5qc9n50h4mvqhngadq"+ + "y3ngqjcym5a\"") return header, nil } diff --git a/static/index.html b/static/index.html index 7350b32..0b1cab0 100644 --- a/static/index.html +++ b/static/index.html @@ -53,7 +53,7 @@ let lastInvoice = null; function parseInvoice(invoice) { - const rex = /LSAT macaroon='(.*?)' invoice='(.*?)'/i; + const rex = /LSAT macaroon="(.*?)", invoice="(.*?)"/i; parts = invoice.match(rex); lastMacaroon = parts[1]; lastInvoice = parts[2];