diff -r abaf4a78f69b paste/auth/digest.py
--- a/paste/auth/digest.py Wed Dec 21 09:00:48 2011 -0800
+++ b/paste/auth/digest.py Wed Dec 21 16:03:49 2011 -0800
@@ -38,6 +38,34 @@
import time, random
from urllib import quote as url_quote
+def _split_auth_string(auth_string):
+ """ split a digest auth string into individual key=value strings """
+ prev = None
+ for item in auth_string.split(","):
+ try:
+ if prev.count('"') == 1:
+ prev = "%s,%s" % (prev, item)
+ continue
+ except AttributeError:
+ if prev == None:
+ prev = item
+ continue
+ else:
+ raise StopIteration
+ yield prev.strip()
+ prev = item
+
+ yield prev.strip()
+ raise StopIteration
+
+def _auth_to_kv_pairs(auth_string):
+ """ split a digest auth string into key, value pairs """
+ for item in _split_auth_string(auth_string):
+ (k, v) = item.split("=", 1)
+ if v.startswith('"') and len(v) > 1 and v.endswith('"'):
+ v = v[1:-1]
+ yield (k, v)
+
def digest_password(realm, username, password):
""" construct the appropriate hashcode needed for HTTP digest """
return md5("%s:%s:%s" % (username, realm, password)).hexdigest()
@@ -98,10 +126,7 @@
(authmeth, auth) = authorization.split(" ", 1)
if 'digest' != authmeth.lower():
return self.build_authentication()
- amap = {}
- for itm in auth.split(","):
- (k,v) = [s.strip() for s in itm.strip().split("=", 1)]
- amap[k] = v.replace('"', '')
+ amap = dict(_auth_to_kv_pairs(auth))
try:
username = amap['username']
authpath = amap['uri']