TyleoDvDelaware3217/Kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2025-06-19 18:56:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fix: Properly handle the NTLM part being embedded inside other authentication headers (#5871)
Some checks failed
Auto Test / armv7-simple-test (18, ARMv7) (push) Has been cancelled
Details
Auto Test / armv7-simple-test (20, ARMv7) (push) Has been cancelled
Details
Auto Test / check-linters (push) Has been cancelled
Details
Auto Test / e2e-test (push) Has been cancelled
Details
CodeQL / Analyze (push) Has been cancelled
Details
Merge Conflict Labeler / Labeling (push) Has been cancelled
Details
validate / json-yaml-validate (push) Has been cancelled
Details
validate / validate (push) Has been cancelled
Details
Auto Test / auto-test (18, ARM64) (push) Has been cancelled
Details
Auto Test / auto-test (18, macos-latest) (push) Has been cancelled
Details
Auto Test / auto-test (18, ubuntu-latest) (push) Has been cancelled
Details
Auto Test / auto-test (18, windows-latest) (push) Has been cancelled
Details
Auto Test / auto-test (20, ARM64) (push) Has been cancelled
Details
Auto Test / auto-test (20, macos-latest) (push) Has been cancelled
Details
Auto Test / auto-test (20, ubuntu-latest) (push) Has been cancelled
Details
Auto Test / auto-test (20, windows-latest) (push) Has been cancelled
Details

Browse source 
Co-authored-by: Frank Elsinga <frank@elsinga.de>
This commit is contained in:
Florian Feka 2025-06-13 15:08:11 +02:00 committed by GitHub
parent 18cfa901ad
commit 55817061c0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
server/modules/axios-ntlm/lib/ntlmClient.js
View file

@ -89,6 +89,9 @@ function NtlmClient(credentials, AxiosConfig) {
switch (_b.label) { switch (_b.label) {
case 0: case 0:
error = err.response; error = err.response;
// The header may look like this: `Negotiate, NTLM, Basic realm="itsahiddenrealm.example.net"`Add commentMore actions
// so extract the 'NTLM' part first
const ntlmheader = error.headers['www-authenticate'].split(',').find(_ => _.match(/ *NTLM/))?.trim() || '';
if (!(error && error.status === 401 if (!(error && error.status === 401
&& error.headers['www-authenticate'] && error.headers['www-authenticate']
&& error.headers['www-authenticate'].includes('NTLM'))) return [3 /*break*/, 3]; && error.headers['www-authenticate'].includes('NTLM'))) return [3 /*break*/, 3];
@ -96,12 +99,12 @@ function NtlmClient(credentials, AxiosConfig) {
// include the Negotiate option when responding with the T2 message // include the Negotiate option when responding with the T2 message
// There is nore we could do to ensure we are processing correctly, // There is nore we could do to ensure we are processing correctly,
// but this is the easiest option for now // but this is the easiest option for now
if (error.headers['www-authenticate'].length < 50) { if (ntlmheader.length < 50) {
t1Msg = ntlm.createType1Message(credentials.workstation, credentials.domain); t1Msg = ntlm.createType1Message(credentials.workstation, credentials.domain);
error.config.headers["Authorization"] = t1Msg; error.config.headers["Authorization"] = t1Msg;
} }
else { else {
t2Msg = ntlm.decodeType2Message((error.headers['www-authenticate'].match(/^NTLM\s+(.+?)(,|\s+|$)/) || [])[1]); t2Msg = ntlm.decodeType2Message((ntlmheader.match(/^NTLM\s+(.+?)(,|\s+|$)/) || [])[1]);
t3Msg = ntlm.createType3Message(t2Msg, credentials.username, credentials.password, credentials.workstation, credentials.domain); t3Msg = ntlm.createType3Message(t2Msg, credentials.username, credentials.password, credentials.workstation, credentials.domain);
error.config.headers["X-retry"] = "false"; error.config.headers["X-retry"] = "false";
error.config.headers["Authorization"] = t3Msg; error.config.headers["Authorization"] = t3Msg;