Digest#validate_digest_response should accept request instead of controller

author: Pratik Naik <pratiknaik@gmail.com> 2009-01-29 22:06:03 +0000
committer: Pratik Naik <pratiknaik@gmail.com> 2009-01-29 22:06:03 +0000
commit: b3bc4fa5e02e71a992f8a432757548c762f0aad8 (patch)
tree: f9e8a2caa94130d917fdf5163f21cb28d5f347e6 /actionpack/lib/action_controller/http_authentication.rb
parent: 8761663a68bd7ddd918f78fb3def4697784024f2 (diff)
download: rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.tar.gz
rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.tar.bz2
rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/actionpack/lib/action_controller/http_authentication.rb b/actionpack/lib/action_controller/http_authentication.rb
index c91ef2ca48..5d915fda08 100644
--- a/actionpack/lib/action_controller/http_authentication.rb
+++ b/actionpack/lib/action_controller/http_authentication.rb
@@ -166,7 +166,7 @@ module ActionController
 
       # Returns false on a valid response, true otherwise
       def authenticate(controller, realm, &password_procedure)
-        authorization(controller.request) && validate_digest_response(controller, realm, &password_procedure)
+        authorization(controller.request) && validate_digest_response(controller.request, realm, &password_procedure)
       end
 
       def authorization(request)
@@ -177,13 +177,13 @@ module ActionController
       end
 
       # Raises error unless the request credentials response value matches the expected value.
-      def validate_digest_response(controller, realm, &password_procedure)
-        credentials = decode_credentials_header(controller.request)
-        valid_nonce = validate_nonce(controller.request, credentials[:nonce])
+      def validate_digest_response(request, realm, &password_procedure)
+        credentials = decode_credentials_header(request)
+        valid_nonce = validate_nonce(request, credentials[:nonce])
 
-        if valid_nonce && realm == credentials[:realm] && opaque(controller.request.session.session_id) == credentials[:opaque]
+        if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque]
           password = password_procedure.call(credentials[:username])
-          expected = expected_response(controller.request.env['REQUEST_METHOD'], controller.request.url, credentials, password)
+          expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password)
           expected == credentials[:response]
         end
       end
author	Pratik Naik <pratiknaik@gmail.com>	2009-01-29 22:06:03 +0000
committer	Pratik Naik <pratiknaik@gmail.com>	2009-01-29 22:06:03 +0000
commit	b3bc4fa5e02e71a992f8a432757548c762f0aad8 (patch)
tree	f9e8a2caa94130d917fdf5163f21cb28d5f347e6 /actionpack/lib/action_controller/http_authentication.rb
parent	8761663a68bd7ddd918f78fb3def4697784024f2 (diff)
download	rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.tar.gz rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.tar.bz2 rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.zip