Digest auth should not 500 when given a basic header.

author: Brad Dunbar <dunbarb2@gmail.com> 2013-01-21 15:31:34 -0500
committer: Brad Dunbar <dunbarb2@gmail.com> 2013-03-18 14:50:47 -0400
commit: 95332abe091d0fe8b6b108fffa8208af21a4cca0 (patch)
tree: 4123dfc4f7f432044ec9179f0e4c9a82c4e207df /actionpack/lib/action_controller/metal/http_authentication.rb
parent: bfdd3c2182156fa2cb81ed4f048b065a2d6f1341 (diff)
download: rails-95332abe091d0fe8b6b108fffa8208af21a4cca0.tar.gz
rails-95332abe091d0fe8b6b108fffa8208af21a4cca0.tar.bz2
rails-95332abe091d0fe8b6b108fffa8208af21a4cca0.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index e295002b16..c7bb2dd147 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -299,6 +299,7 @@ module ActionController
       # allow a user to use new nonce without prompting user again for their
       # username and password.
       def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)
+        return false if value.nil?
         t = ::Base64.decode64(value).split(":").first.to_i
         nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
       end
author	Brad Dunbar <dunbarb2@gmail.com>	2013-01-21 15:31:34 -0500
committer	Brad Dunbar <dunbarb2@gmail.com>	2013-03-18 14:50:47 -0400
commit	95332abe091d0fe8b6b108fffa8208af21a4cca0 (patch)
tree	4123dfc4f7f432044ec9179f0e4c9a82c4e207df /actionpack/lib/action_controller/metal/http_authentication.rb
parent	bfdd3c2182156fa2cb81ed4f048b065a2d6f1341 (diff)
download	rails-95332abe091d0fe8b6b108fffa8208af21a4cca0.tar.gz rails-95332abe091d0fe8b6b108fffa8208af21a4cca0.tar.bz2 rails-95332abe091d0fe8b6b108fffa8208af21a4cca0.zip