diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-08-02 13:50:54 -0700 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-08-02 13:50:54 -0700 |
| commit | 6e523766d8a64bf18ac6d0e261c6bd962bc6c0a9 (patch) | |
| tree | f12673dc1a34a580c77884bd79e1c4e71cdd479a /actionpack | |
| parent | 077372b20d1024eace791af27792b71c0b7ccdb9 (diff) | |
| parent | 6beaafd0c4289d5f19b2e01f84338cd7e2ff8032 (diff) | |
| download | rails-6e523766d8a64bf18ac6d0e261c6bd962bc6c0a9.tar.gz rails-6e523766d8a64bf18ac6d0e261c6bd962bc6c0a9.tar.bz2 rails-6e523766d8a64bf18ac6d0e261c6bd962bc6c0a9.zip | |
Merge pull request #7240 from steveklabnik/fix_2301
Fix for digest authentication bug - issue #2301 in rails/rails
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/http_digest_authentication_test.rb | 7 |
3 files changed, 7 insertions, 4 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index d5326e3d0b..68cce142a2 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,7 @@ ## Rails 4.0.0 (unreleased) ## +* Fixed issue with where Digest authentication would not work behind a proxy. *Arthur Smith* + * Added ActionController::Live. Mix it in to your controller and you can stream data to the client live. For example: diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 5f59f0766e..70e7ec7e81 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -193,7 +193,7 @@ module ActionController return false unless password method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD'] - uri = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url + uri = credentials[:uri] [true, false].any? do |trailing_question_mark| [true, false].any? do |password_is_ha1| diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb index 828ea5b0fb..b11ad633bd 100644 --- a/actionpack/test/controller/http_digest_authentication_test.rb +++ b/actionpack/test/controller/http_digest_authentication_test.rb @@ -139,11 +139,12 @@ class HttpDigestAuthenticationTest < ActionController::TestCase test "authentication request with request-uri that doesn't match credentials digest-uri" do @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please') - @request.env['ORIGINAL_FULLPATH'] = "/http_digest_authentication_test/dummy_digest/altered/uri" + @request.env['PATH_INFO'] = "/proxied/uri" get :display - assert_response :unauthorized - assert_equal "Authentication Failed", @response.body + assert_response :success + assert assigns(:logged_in) + assert_equal 'Definitely Maybe', @response.body end test "authentication request with absolute request uri (as in webrick)" do |