diff options
author | tomykaira <tomykaira@gmail.com> | 2013-07-08 07:00:42 +0900 |
---|---|---|
committer | tomykaira <tomykaira@gmail.com> | 2013-07-08 07:00:42 +0900 |
commit | 15a98a88c08a30234ece4ba0bf697f18474c04bf (patch) | |
tree | 8f757da90697b8669097f13582666738246852f1 | |
parent | a7a377ff3950078c44049031315b3b9a96c19bcf (diff) | |
download | rails-15a98a88c08a30234ece4ba0bf697f18474c04bf.tar.gz rails-15a98a88c08a30234ece4ba0bf697f18474c04bf.tar.bz2 rails-15a98a88c08a30234ece4ba0bf697f18474c04bf.zip |
Run login_procedure only when the auth_scheme is valid
-rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 0e3b0529f7..e7be751cd8 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -90,22 +90,29 @@ module ActionController end def authenticate(request, &login_procedure) - unless request.authorization.blank? + if has_basic_credentials?(request) login_procedure.call(*user_name_and_password(request)) end end + def has_basic_credentials?(request) + request.authorization.present? && (auth_scheme(request) == 'Basic') + end + def user_name_and_password(request) decode_credentials(request).split(/:/, 2) end def decode_credentials(request) - scheme, param = request.authorization.split(' ', 2) - if scheme == 'Basic' - ::Base64.decode64(param || '') - else - '' - end + ::Base64.decode64(auth_param(request) || '') + end + + def auth_scheme(request) + request.authorization.split(' ', 2).first + end + + def auth_param(request) + request.authorization.split(' ', 2).second end def encode_credentials(user_name, password) |