HTTP Digest Authentication Fails With URL Parameters (CakePHP)

Question

I have a RESTful API set up and working with CakePHP using mapResources() and parseExtensions(). Authentication is handled by CakePHP's security component using HTTP Digest Authentication.

Everything works fine, unless I add parameters to the url, in the form:

http://example.com/locations.xml?distance=4

Which causes the authentication to always fail. Any ideas?

---

Edit: This seems to be an issue with the regex in parseDigestAuthData(). There's a semi-fix here: http://old.nabble.com/paginator-conflicts-with-Security-%3ErequireLogin---td16301573.html which now allows me to use the format:

http://example.com/locations/index/distance:4/.xml

But that's not RESTful and doesn't look all that pretty. Still, getting closer!

Answer 1

Solved:

/cake/libs/controller/components/security.php:386

change

preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $digest, $match, PREG_SET_ORDER);

to

preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./?&\_-]+)\2@', $digest, $match, PREG_SET_ORDER);

Parameters can now be passed in the form /locations.xml?key=value with Digest Authentication enabled.