Fix authentication in Safari.

We now offer 'qop="auth"', because without it, authentication in
Safari fails immediately. With the field set to auth, authentication
seems to work in the latest Firefox, Safari, Chrome and Internet
Explorer. However, the HTTP package as used in cabal-install has a bug
where it send 'qop="auth"' without an 'nc' or 'cnonce' field. So we
are lenient: when these fields are not present, we fall back to no
qop.

Fixes haskell#132.

[1] haskell/HTTP#54

Author: hesselink

Distribution/Server/Framework/Auth.hs

@@ -248,6 +248,8 @@ getDigestAuthInfo authHeader req = do
                       nc     <- Map.lookup "nc"     authMap
                       cnonce <- Map.lookup "cnonce" authMap
                       return (QopAuth nc cnonce)
+                      `mplus`
+                      return QopNone
                     Nothing -> return QopNone
                     _       -> mzero
     return DigestAuthInfo {
@@ -293,12 +295,11 @@ headerDigestAuthChallenge (RealmName realmName) = do
     headerName = "WWW-Authenticate"
     -- Note that offering both qop=\"auth,auth-int\" can confuse some browsers
     -- e.g. see http://code.google.com/p/chromium/issues/detail?id=45194
-    -- TODO: can't even offer qop="auth" because the HTTP package does it wrong
     headerValue nonce =
       "Digest " ++
       intercalate ", "
         [ "realm="     ++ inQuotes realmName
-        , "qop="       ++ inQuotes ""
+        , "qop="       ++ inQuotes "auth"
         , "nonce="     ++ inQuotes nonce
         , "opaque="    ++ inQuotes ""
         ]