diff options
author | Pratik Naik <pratiknaik@gmail.com> | 2009-01-29 22:06:03 +0000 |
---|---|---|
committer | Pratik Naik <pratiknaik@gmail.com> | 2009-01-29 22:06:03 +0000 |
commit | b3bc4fa5e02e71a992f8a432757548c762f0aad8 (patch) | |
tree | f9e8a2caa94130d917fdf5163f21cb28d5f347e6 /actionpack | |
parent | 8761663a68bd7ddd918f78fb3def4697784024f2 (diff) | |
download | rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.tar.gz rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.tar.bz2 rails-b3bc4fa5e02e71a992f8a432757548c762f0aad8.zip |
Digest#validate_digest_response should accept request instead of controller
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_controller/http_authentication.rb | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/actionpack/lib/action_controller/http_authentication.rb b/actionpack/lib/action_controller/http_authentication.rb index c91ef2ca48..5d915fda08 100644 --- a/actionpack/lib/action_controller/http_authentication.rb +++ b/actionpack/lib/action_controller/http_authentication.rb @@ -166,7 +166,7 @@ module ActionController # Returns false on a valid response, true otherwise def authenticate(controller, realm, &password_procedure) - authorization(controller.request) && validate_digest_response(controller, realm, &password_procedure) + authorization(controller.request) && validate_digest_response(controller.request, realm, &password_procedure) end def authorization(request) @@ -177,13 +177,13 @@ module ActionController end # Raises error unless the request credentials response value matches the expected value. - def validate_digest_response(controller, realm, &password_procedure) - credentials = decode_credentials_header(controller.request) - valid_nonce = validate_nonce(controller.request, credentials[:nonce]) + def validate_digest_response(request, realm, &password_procedure) + credentials = decode_credentials_header(request) + valid_nonce = validate_nonce(request, credentials[:nonce]) - if valid_nonce && realm == credentials[:realm] && opaque(controller.request.session.session_id) == credentials[:opaque] + if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque] password = password_procedure.call(credentials[:username]) - expected = expected_response(controller.request.env['REQUEST_METHOD'], controller.request.url, credentials, password) + expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password) expected == credentials[:response] end end |