diff options
| author | Donald Parish <donald.parish@buckle.com> | 2009-02-16 20:19:54 +0100 |
|---|---|---|
| committer | Pratik Naik <pratiknaik@gmail.com> | 2009-02-16 20:20:23 +0100 |
| commit | 86d8f922828677e64892c166adf26cd421f0991a (patch) | |
| tree | f8100f437dd661d9f7cceb3ea6e8ad2b0c50bf95 /actionpack | |
| parent | 238a6bb62dc153743a0abc6eb1e35392ac799d65 (diff) | |
| download | rails-86d8f922828677e64892c166adf26cd421f0991a.tar.gz rails-86d8f922828677e64892c166adf26cd421f0991a.tar.bz2 rails-86d8f922828677e64892c166adf26cd421f0991a.zip | |
Fixed http digest authentication to use credentials URI passed from client. [#1848 state:resolved]
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/http_authentication.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/http_digest_authentication_test.rb | 11 |
2 files changed, 11 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/http_authentication.rb b/actionpack/lib/action_controller/http_authentication.rb index 5d915fda08..2ccbc22420 100644 --- a/actionpack/lib/action_controller/http_authentication.rb +++ b/actionpack/lib/action_controller/http_authentication.rb @@ -183,7 +183,7 @@ module ActionController if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque] password = password_procedure.call(credentials[:username]) - expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password) + expected = expected_response(request.env['REQUEST_METHOD'], credentials[:uri], credentials, password) expected == credentials[:response] end end diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb index 59f7a403b5..4913e7633b 100644 --- a/actionpack/test/controller/http_digest_authentication_test.rb +++ b/actionpack/test/controller/http_digest_authentication_test.rb @@ -107,6 +107,15 @@ class HttpDigestAuthenticationTest < ActionController::TestCase assert_equal 'Definitely Maybe', @response.body end + test "authentication request with relative URI" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "/", :username => 'pretty', :password => 'please') + get :display + + assert_response :success + assert assigns(:logged_in) + assert_equal 'Definitely Maybe', @response.body + end + private def encode_credentials(options) @@ -120,7 +129,7 @@ class HttpDigestAuthenticationTest < ActionController::TestCase credentials = decode_credentials(@response.headers['WWW-Authenticate']) credentials.merge!(options) - credentials.merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}") + credentials.reverse_merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}") ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password) end |