Merge pull request #11346 from tomykaira/fix_10257

Check authentication scheme in Basic auth
author: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-05-20 18:12:13 -0300
committer: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-05-20 18:12:13 -0300
commit: ef00bb719641c93fd7a4670a00e300efbc2c571d (patch)
tree: 4e3be941c37bcbfa153994781844c5655755b980 /actionpack/test
parent: 52b558695d5a1b33ff21516cbc71d1ae1dee4632 (diff)
parent: 15a98a88c08a30234ece4ba0bf697f18474c04bf (diff)
download: rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.tar.gz
rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.tar.bz2
rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/actionpack/test/controller/http_basic_authentication_test.rb b/actionpack/test/controller/http_basic_authentication_test.rb
index 90548d4294..9052fc6962 100644
--- a/actionpack/test/controller/http_basic_authentication_test.rb
+++ b/actionpack/test/controller/http_basic_authentication_test.rb
@@ -129,6 +129,13 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
     assert_response :unauthorized
   end
 
+  test "authentication request with wrong scheme" do
+    header = 'Bearer ' + encode_credentials('David', 'Goliath').split(' ', 2)[1]
+    @request.env['HTTP_AUTHORIZATION'] = header
+    get :search
+    assert_response :unauthorized
+  end
+
   private
 
   def encode_credentials(username, password)
author	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-05-20 18:12:13 -0300
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-05-20 18:12:13 -0300
commit	ef00bb719641c93fd7a4670a00e300efbc2c571d (patch)
tree	4e3be941c37bcbfa153994781844c5655755b980 /actionpack/test
parent	52b558695d5a1b33ff21516cbc71d1ae1dee4632 (diff)
parent	15a98a88c08a30234ece4ba0bf697f18474c04bf (diff)
download	rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.tar.gz rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.tar.bz2 rails-ef00bb719641c93fd7a4670a00e300efbc2c571d.zip