Digest With Multipart Form Upload -> 401

[jamestalmage]

This curl statement works:

curl --user username:password --digest -s -S -F "mysubmit=Install" -F "archive=@file.zip" -F "passwd=" http://host/path

This gives me 401's

var request = require('request');
var fs = require('fs');

var formData = {
  archive: {
    value: fs.readFileSync(__dirname + '/file.zip'),
    options: {
      filename: 'file.zip',
      contentType: 'application/zip'
    }
  },
  mysubmit: 'Install',
  passwd: ''
};

request.post({
  url: 'http://host/path',
  formData: formData,
  auth: {
    'user': 'username',
    'pass': 'password',
    'sendImmediately': false
  }
}, callback);

It appears that request is not honoring sendImmediately = false

Using Wireshark to inspect what is going on, this is the initial request using curl

POST /path HTTP/1.1
User-Agent: curl/7.30.0
Host: host
Accept: */*
Content-Length: 0

and the response

HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Digest qop="auth", realm="therealm", nonce="5452323445"

then curl follows up with another post request that contains the multipart form data.

request just uploads everything (including the contents of the multipart attachments) in the initial post.

POST /path HTTP/1.1
host: host
content-type: multipart/form-data; boundary=--------------------------214834890626340929689820
content-length: 49533
Connection: keep-alive

----------------------------214834890626340929689820

Even so, the correct 401 comes back with a nonce and realm, but there is no second request.

The auth.digest callback is getting called (verified with a console.log statement) and it appears it is receiving all the correct values (nonce, etc). But I am not seeing a second request that actually posts with the correct Authorization header.

[simov]

Hi @jamestalmage thanks for the thorough bug report. I was able to reproduce it, the fix is here #1510 Can you give it a try with your use case?

[jamestalmage]

Awesome! Fixed the problem for me.