From e56e1a63700021c52b60a8defca0c8095fda6977 Mon Sep 17 00:00:00 2001
From: omersiar <osiarbaysal@gmail.com>
Date: Wed, 21 Jun 2017 13:37:19 +0300
Subject: [PATCH] Bug Fix for #175 and #167 (#182)

Prevent double MD5 hashing
---
 src/WebAuthentication.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/WebAuthentication.cpp b/src/WebAuthentication.cpp
index 5ca41ed..4ddbf50 100644
--- a/src/WebAuthentication.cpp
+++ b/src/WebAuthentication.cpp
@@ -205,9 +205,9 @@ bool checkDigestAuthentication(const char * header, const char * method, const c
     }
   } while(nextBreak > 0);
 
-  String ha1 = (passwordIsHash) ? String(password) : myUsername + ":" + myRealm + ":" + String(password);
+  String ha1 = (passwordIsHash) ? String(password) : stringMD5(myUsername + ":" + myRealm + ":" + String(password));
   String ha2 = String(method) + ":" + myUri;
-  String response = stringMD5(ha1) + ":" + myNonce + ":" + myNc + ":" + myCnonce + ":" + myQop + ":" + stringMD5(ha2);
+  String response = ha1 + ":" + myNonce + ":" + myNc + ":" + myCnonce + ":" + myQop + ":" + stringMD5(ha2);
 
   if(myResponse.equals(stringMD5(response))){
     //os_printf("AUTH SUCCESS\n");