Merge pull request #15683 from larrylv/fix-token-with-empty-value

Fix parsed token value with header `Authorization token=`.

1 files changed, 23 insertions, 6 deletions

diff --git a/actionpack/test/controller/http_token_authentication_test.rb b/actionpack/test/controller/http_token_authentication_test.rb
index 86b94652ce..ef90fff178 100644
--- a/actionpack/test/controller/http_token_authentication_test.rb
+++ b/actionpack/test/controller/http_token_authentication_test.rb
@@ -132,13 +132,30 @@ class HttpTokenAuthenticationTest < ActionController::TestCase
     assert_equal(expected, actual)
   end
 
-  private
-
-  def sample_request(token)
-    @sample_request ||= OpenStruct.new authorization: %{Token token="#{token}"}
+  test "token_and_options returns empty string with empty token" do
+    token = ''
+    actual = ActionController::HttpAuthentication::Token.token_and_options(sample_request(token)).first
+    expected = token
+    assert_equal(expected, actual)
   end
 
-  def encode_credentials(token, options = {})
-    ActionController::HttpAuthentication::Token.encode_credentials(token, options)
+  test "token_and_options returns nil with no value after the equal sign" do
+    actual = ActionController::HttpAuthentication::Token.token_and_options(malformed_request).first
+    expected = nil
+    assert_equal(expected, actual)
   end
+
+  private
+
+    def sample_request(token)
+      @sample_request ||= OpenStruct.new authorization: %{Token token="#{token}", nonce="def"}
+    end
+
+    def malformed_request
+      @malformed_request ||= OpenStruct.new authorization: %{Token token=}
+    end
+
+    def encode_credentials(token, options = {})
+      ActionController::HttpAuthentication::Token.encode_credentials(token, options)
+    end
 end