From 13cf3959420cf505c375415de2af5954a61ee58f Mon Sep 17 00:00:00 2001 From: Florian Feka Date: Mon, 2 Jun 2025 14:05:15 +0200 Subject: [PATCH] Properly handle the NTLM part being embedded inside other authentication headers ref: https://github.com/Catbuttes/axios-ntlm/commit/7d0e834586908a41a67c541e4d9214a862132c8f --- server/modules/axios-ntlm/lib/ntlmClient.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/server/modules/axios-ntlm/lib/ntlmClient.js b/server/modules/axios-ntlm/lib/ntlmClient.js index 682de5f9a..a0a96ab3e 100644 --- a/server/modules/axios-ntlm/lib/ntlmClient.js +++ b/server/modules/axios-ntlm/lib/ntlmClient.js @@ -89,6 +89,7 @@ function NtlmClient(credentials, AxiosConfig) { switch (_b.label) { case 0: error = err.response; + const ntlmheader = error.headers['www-authenticate'].split(',').find(_ => _.match(/ *NTLM/))?.trim() || ''; if (!(error && error.status === 401 && error.headers['www-authenticate'] && error.headers['www-authenticate'].includes('NTLM'))) return [3 /*break*/, 3]; @@ -96,12 +97,12 @@ function NtlmClient(credentials, AxiosConfig) { // include the Negotiate option when responding with the T2 message // There is nore we could do to ensure we are processing correctly, // but this is the easiest option for now - if (error.headers['www-authenticate'].length < 50) { + if (ntlmheader.length < 50) { t1Msg = ntlm.createType1Message(credentials.workstation, credentials.domain); error.config.headers["Authorization"] = t1Msg; } else { - t2Msg = ntlm.decodeType2Message((error.headers['www-authenticate'].match(/^NTLM\s+(.+?)(,|\s+|$)/) || [])[1]); + t2Msg = ntlm.decodeType2Message((ntlmheader.match(/^NTLM\s+(.+?)(,|\s+|$)/) || [])[1]); t3Msg = ntlm.createType3Message(t2Msg, credentials.username, credentials.password, credentials.workstation, credentials.domain); error.config.headers["X-retry"] = "false"; error.config.headers["Authorization"] = t3Msg;