diff options
| author | George Claghorn <george@basecamp.com> | 2018-12-24 15:16:22 -0500 |
|---|---|---|
| committer | George Claghorn <george@basecamp.com> | 2018-12-25 21:32:35 -0500 |
| commit | a5b2fff64ca0c1fa7be5124f40a251d991c10a85 (patch) | |
| tree | 33a79841402b7151e52d9ad3949ce54f320c10aa /actionpack/lib | |
| parent | 4298df00ae6219b9b5b7c40f281d4fa4d66f4383 (diff) | |
| parent | dcddff1d2d0c695318670686a27429a76f20ae03 (diff) | |
| download | rails-a5b2fff64ca0c1fa7be5124f40a251d991c10a85.tar.gz rails-a5b2fff64ca0c1fa7be5124f40a251d991c10a85.tar.bz2 rails-a5b2fff64ca0c1fa7be5124f40a251d991c10a85.zip | |
Import Action Mailbox
Diffstat (limited to 'actionpack/lib')
| -rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 7036123d5d..6a274d35cb 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -69,21 +69,20 @@ module ActionController extend ActiveSupport::Concern module ClassMethods - def http_basic_authenticate_with(options = {}) - before_action(options.except(:name, :password, :realm)) do - authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password| - # This comparison uses & so that it doesn't short circuit and - # uses `secure_compare` so that length information - # isn't leaked. - ActiveSupport::SecurityUtils.secure_compare(name, options[:name]) & - ActiveSupport::SecurityUtils.secure_compare(password, options[:password]) - end - end + def http_basic_authenticate_with(name:, password:, realm: nil, **options) + before_action(options) { http_basic_authenticate_or_request_with name: name, password: password, realm: realm } + end + end + + def http_basic_authenticate_or_request_with(name:, password:, realm: nil, message: nil) + authenticate_or_request_with_http_basic(realm, message) do |given_name, given_password| + ActiveSupport::SecurityUtils.secure_compare(given_name, name) & + ActiveSupport::SecurityUtils.secure_compare(given_password, password) end end - def authenticate_or_request_with_http_basic(realm = "Application", message = nil, &login_procedure) - authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm, message) + def authenticate_or_request_with_http_basic(realm = nil, message = nil, &login_procedure) + authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm || "Application", message) end def authenticate_with_http_basic(&login_procedure) |