From 095175a0a8ce2b75ef7f46fbeaecf57a42f76722 Mon Sep 17 00:00:00 2001
From: Erik Dubbelboer <erik@dubbelboer.com>
Date: Sun, 16 Aug 2015 09:16:41 +0000
Subject: [PATCH] Set $remote_user

Depends on: http://mailman.nginx.org/pipermail/nginx-devel/2015-August/007209.html

Fixes: #1 and https://github.com/samizdatco/nginx-http-auth-digest/issues/22
---
 ngx_http_auth_digest_module.c |  8 +++++++
 readme.rst                    | 12 +++++++++++
 test/.htdigest                |  1 +
 test/server.conf              | 39 +++++++++++++++++++++++++++++++++++
 test/test.sh                  | 11 ++++++++++
 5 files changed, 71 insertions(+)
 create mode 100644 test/.htdigest
 create mode 100644 test/server.conf
 create mode 100755 test/test.sh

diff --git a/ngx_http_auth_digest_module.c b/ngx_http_auth_digest_module.c
index 6086ee5..b897a61 100644
--- a/ngx_http_auth_digest_module.c
+++ b/ngx_http_auth_digest_module.c
@@ -769,6 +769,14 @@ ngx_http_auth_digest_verify_hash(ngx_http_request_t *r, ngx_http_auth_digest_cre
     info_header->key = hkey;
     info_header->value = hval;
     info_header->hash = 1;
+
+    /* This should be quite safe as long as r->headers_in.authorization
+     * doesn't get modified. See:
+     * https://github.com/atomx/nginx-http-auth-digest/blob/9a402045082291c1f2f0a432ac24475277e2d176/ngx_http_auth_digest_module.c#L338
+     * Otherwise we should make a copy here.
+     */
+    r->headers_in.user = fields->username;
+
     return NGX_OK;
   }else{
   invalid:
diff --git a/readme.rst b/readme.rst
index 97fa16a..be653a1 100644
--- a/readme.rst
+++ b/readme.rst
@@ -173,3 +173,15 @@ auth_digest_shm_size
 .. _Digest Authentication: http://en.wikipedia.org/wiki/Digest_access_authentication
 .. _Issue Tracker: https://github.com/samizdatco/nginx-http-auth-digest/issues
 .. _MitM: http://en.wikipedia.org/wiki/Man-in-the-middle_attack
+
+Testing
+==========
+Make sure to compile nginx with the ngx_echo module: https://github.com/openresty/echo-nginx-module::
+
+    $ ./configure --add-module=../samizdatco-nginx-http-auth-digest-xxxxxxx --add-module=../echo-nginx-module  [other configure options]
+
+After that you can run the test against the nginx binary::
+
+    $ cd test
+    $ NGINX=/home/erik/nginx-1.9.1/objs/nginx ./test.sh
+
diff --git a/test/.htdigest b/test/.htdigest
new file mode 100644
index 0000000..a08f9ae
--- /dev/null
+++ b/test/.htdigest
@@ -0,0 +1 @@
+test:test:aeeebbfd75d1499d24388f5b9b10e0ef
\ No newline at end of file
diff --git a/test/server.conf b/test/server.conf
new file mode 100644
index 0000000..b7a04ea
--- /dev/null
+++ b/test/server.conf
@@ -0,0 +1,39 @@
+#
+
+worker_processes      8;
+worker_rlimit_nofile  512;
+
+pid     test.pid;
+daemon  off;
+
+error_log  /dev/stdout crit;
+
+events {
+  worker_connections  512;
+  multi_accept        on;
+  use                 epoll;
+}
+
+http {
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  access_log  /dev/stdout;
+  access_log  off;
+
+  server {
+    listen       127.0.0.1:9090;
+    server_name  example.com;
+
+    auth_digest_user_file .htdigest;
+
+    location /remote_user_set {
+      auth_digest 'test';
+      echo "remote_user: $remote_user";
+    }
+    location /remote_user_unset {
+      echo "remote_user: $remote_user";
+    }
+  }
+}
+
diff --git a/test/test.sh b/test/test.sh
new file mode 100755
index 0000000..2274887
--- /dev/null
+++ b/test/test.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+$NGINX -p $PWD -c server.conf &
+sleep 1
+
+curl -s -S -H "Host: example.com" --digest -u "test:test" "http://127.0.0.1:9090/remote_user_set"
+curl -s -S -H "Host: example.com" --digest -u "test:test" "http://127.0.0.1:9090/remote_user_unset"
+curl -s -S -H "Host: example.com" "http://127.0.0.1:9090/remote_user_unset"
+
+kill `cat test.pid`
+sleep 1