diff options
| author | Vipul A M <vipulnsward@gmail.com> | 2016-04-12 03:21:50 +0530 |
|---|---|---|
| committer | Vipul A M <vipulnsward@gmail.com> | 2016-04-12 03:21:50 +0530 |
| commit | 94697bb8e74c91fe14581cf6c245f4d4d0d3c710 (patch) | |
| tree | 7ca91fc34be77143931d5479ef33515b2e67d6c0 | |
| parent | 1a5fdf77122e32fc710148ea3e795fedb597ad46 (diff) | |
| parent | 750e6dafd23698ad3cd363cd52c55502b1a12375 (diff) | |
| download | rails-94697bb8e74c91fe14581cf6c245f4d4d0d3c710.tar.gz rails-94697bb8e74c91fe14581cf6c245f4d4d0d3c710.tar.bz2 rails-94697bb8e74c91fe14581cf6c245f4d4d0d3c710.zip | |
Merge pull request #24504 from nickmalcolm/master
Encourage best practice in the HTTP Token authentication example code
| -rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 35be6d9300..53527c08b6 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -347,7 +347,12 @@ module ActionController # private # def authenticate # authenticate_or_request_with_http_token do |token, options| - # token == TOKEN + # # Compare the tokens in a time-constant manner, to mitigate + # # timing attacks. + # ActiveSupport::SecurityUtils.secure_compare( + # ::Digest::SHA256.hexdigest(token), + # ::Digest::SHA256.hexdigest(TOKEN) + # ) # end # end # end |