Fixed bug in XMLRPC authenticator ('SHA256' typo instead of 'SHA-256' causing 401 because the authenticator can't understand the parameter), added Changelog

2026-01-17 10:08:05 +00:00 · 2020-10-16 15:55:33 +02:00 · 2020-10-16 15:55:33 +02:00 · 1922ff8eac
commit 1922ff8eac
parent 7c04fd3789
3 changed files with 24 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,22 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+Group changes to describe their impact on the project, as follows:
+
+| **Group name** | **Description**                                       |
+| ----------     | ----------------------------------------------------- |
+| Added          | New features                                          |
+| Changed        | Changes in existing functionality                     |
+| Deprecated     | Once-stable features removed in upcoming releases     |
+| Removed        | Deprecated features removed in this release           |
+| Fixed          | Any bug fixes                                         |
+| Security       | To invite users to upgrade in case of vulnerabilities |
+
+
+As of now, since Flexisip-account-amanger doesn't have a release yet, changes will be listed by build number.
+
+## Build 32 - 2020-10-16
+
+### [Fixed]
+ - 401 Unauthorized when trying to use provisioning with SHA-256 digest auth ('SHA256' typo)
--- a/flexisip-account-manager.spec
+++ b/flexisip-account-manager.spec
@ -8,7 +8,7 @@
 #%define _datadir           %{_datarootdir}
 #%define _docdir            %{_datadir}/doc

-%define build_number 31
+%define build_number 32
 %define var_dir /var/opt/belledonne-communications
 %define opt_dir /opt/belledonne-communications/share/flexisip-account-manager
 %define env_file "$RPM_BUILD_ROOT/etc/flexisip-account-manager/flexiapi.env"
--- a/src/xmlrpc/authentication.php
+++ b/src/xmlrpc/authentication.php
@ -91,7 +91,7 @@ function authenticate($auth_digest, $realm = "sip.example.org")
                $A2 = md5(getenv('REQUEST_METHOD').':'.$data['uri']);
                $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
                break;
-            case 'SHA256':
+            case 'SHA-256':
                $A1 = $password; // username:realm:password
                $A2 = hash('sha256', getenv('REQUEST_METHOD').':'.$data['uri']);
                $valid_response = hash('sha256', $A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);