aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
diff options
context:
space:
mode:
authorTyler Hunt <tyler@tylerhunt.com>2014-02-26 11:38:34 -0500
committerTyler Hunt <tyler@tylerhunt.com>2014-02-26 11:38:34 -0500
commitd5a0d71037921320210ab719921c9ba621b98ec2 (patch)
treea67f41302070acdcc04a33f6419d839d6c361efb /actionpack/test
parent671e997e5a71fbe0ba44d589b34c48b6c6502323 (diff)
downloadrails-d5a0d71037921320210ab719921c9ba621b98ec2.tar.gz
rails-d5a0d71037921320210ab719921c9ba621b98ec2.tar.bz2
rails-d5a0d71037921320210ab719921c9ba621b98ec2.zip
Handle tab in token authentication header.
The HTTP spec allows for LWS to precede the header content, which could include multiple SP and HT characters. Update the regex used to match the Token authorization header to account for this, instead of matching on a single SP. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html and http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html for the relevant parts of the specification.
Diffstat (limited to 'actionpack/test')
-rw-r--r--actionpack/test/controller/http_token_authentication_test.rb8
1 files changed, 8 insertions, 0 deletions
diff --git a/actionpack/test/controller/http_token_authentication_test.rb b/actionpack/test/controller/http_token_authentication_test.rb
index 86b94652ce..b7d7cf9c6c 100644
--- a/actionpack/test/controller/http_token_authentication_test.rb
+++ b/actionpack/test/controller/http_token_authentication_test.rb
@@ -87,6 +87,14 @@ class HttpTokenAuthenticationTest < ActionController::TestCase
assert_equal "HTTP Token: Access denied.\n", @response.body, "Authentication header was not properly parsed"
end
+ test "authentication request with tab in header" do
+ @request.env['HTTP_AUTHORIZATION'] = "Token\ttoken=\"lifo\""
+ get :index
+
+ assert_response :success
+ assert_equal 'Hello Secret', @response.body
+ end
+
test "authentication request without credential" do
get :display