diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-05-20 18:12:13 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-05-20 18:12:13 -0300 |
| commit | ef00bb719641c93fd7a4670a00e300efbc2c571d (patch) | |
| tree | 4e3be941c37bcbfa153994781844c5655755b980 /actionpack/lib | |
| parent | 52b558695d5a1b33ff21516cbc71d1ae1dee4632 (diff) | |
| parent | 15a98a88c08a30234ece4ba0bf697f18474c04bf (diff) | |
| download | rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.tar.gz rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.tar.bz2 rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.zip | |
Merge pull request #11346 from tomykaira/fix_10257
Check authentication scheme in Basic auth
Diffstat (limited to 'actionpack/lib')
| -rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 2eb7853aa6..3111992f82 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -90,17 +90,29 @@ module ActionController end def authenticate(request, &login_procedure) - unless request.authorization.blank? + if has_basic_credentials?(request) login_procedure.call(*user_name_and_password(request)) end end + def has_basic_credentials?(request) + request.authorization.present? && (auth_scheme(request) == 'Basic') + end + def user_name_and_password(request) decode_credentials(request).split(':', 2) end def decode_credentials(request) - ::Base64.decode64(request.authorization.split(' ', 2).last || '') + ::Base64.decode64(auth_param(request) || '') + end + + def auth_scheme(request) + request.authorization.split(' ', 2).first + end + + def auth_param(request) + request.authorization.split(' ', 2).second end def encode_credentials(user_name, password) |