@@ -225,6 +225,12 @@ ngx_http_auth_digest_handler(ngx_http_request_t *r)
225225 p [0 ] = '\0' ;
226226 passwd_line .len = i - begin ;
227227 rc = ngx_http_auth_digest_verify_user (r , auth_fields , & passwd_line );
228+
229+ if (rc == NGX_HTTP_AUTH_DIGEST_USERNOTFOUND ) {
230+ ngx_log_error (NGX_LOG_ERR , r -> connection -> log , 0 , "invalid username or password for %*s" , auth_fields -> username .len , auth_fields -> username .data );
231+ rc = NGX_DECLINED ;
232+ }
233+
228234 if (rc != NGX_DECLINED ){
229235 ngx_http_auth_digest_close (& file );
230236 return rc ;
@@ -245,6 +251,10 @@ ngx_http_auth_digest_handler(ngx_http_request_t *r)
245251 p [0 ] = '\0' ;
246252 passwd_line .len = i - begin ;
247253 rc = ngx_http_auth_digest_verify_user (r , auth_fields , & passwd_line );
254+ if (rc == NGX_HTTP_AUTH_DIGEST_USERNOTFOUND ) {
255+ ngx_log_error (NGX_LOG_ERR , r -> connection -> log , 0 , "invalid username or password for %*s" , auth_fields -> username .len , auth_fields -> username .data );
256+ rc = NGX_DECLINED ;
257+ }
248258 if (rc != NGX_DECLINED ){
249259 ngx_http_auth_digest_close (& file );
250260 return rc ;
@@ -262,7 +272,7 @@ ngx_http_auth_digest_handler(ngx_http_request_t *r)
262272 }
263273
264274 ngx_http_auth_digest_close (& file );
265-
275+
266276 // since no match was found based on the fields in the authorization header,
267277 // send a new challenge and let the client retry
268278 return ngx_http_auth_digest_send_challenge (r , & alcf -> realm , auth_fields -> stale );
@@ -592,7 +602,11 @@ ngx_http_auth_digest_verify_user(ngx_http_request_t *r, ngx_http_auth_digest_cre
592602 }
593603 }
594604
595- return (nomatch ) ? NGX_DECLINED : ngx_http_auth_digest_verify_hash (r , fields , & buf [from ]);
605+ if (nomatch ) {
606+ return NGX_HTTP_AUTH_DIGEST_USERNOTFOUND ;
607+ }
608+
609+ return ngx_http_auth_digest_verify_hash (r , fields , & buf [from ]);
596610}
597611
598612static ngx_int_t
0 commit comments