diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2015-06-01 12:41:18 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2015-06-01 12:41:18 -0300 |
| commit | cf484e3ee3f5935e41fed1a93b2ab069d9e4f969 (patch) | |
| tree | c23ae5cc5dbf2d43cbfb968079280e31eb81cd87 /actionpack | |
| parent | 4e63bde623a0478ec55bcbfbe1afd8b4938148c8 (diff) | |
| parent | 4d4440c5a86fc1611b0a236b3253aa3339366788 (diff) | |
| download | rails-cf484e3ee3f5935e41fed1a93b2ab069d9e4f969.tar.gz rails-cf484e3ee3f5935e41fed1a93b2ab069d9e4f969.tar.bz2 rails-cf484e3ee3f5935e41fed1a93b2ab069d9e4f969.zip | |
Merge pull request #19094 from phoet/have_bearer_be_valid_as_well
Have Bearer be valid as well
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 10 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/http_token_authentication_test.rb | 9 |
3 files changed, 19 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 332ebc9e77..66f1d8c6a6 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -69,6 +69,16 @@ *Adam Forsyth* +* Allow `Bearer` as token-keyword in `Authorization-Header`. + + Aditionally to `Token`, the keyword `Bearer` is acceptable as a keyword + for the auth-token. The `Bearer` keyword is described in the original + OAuth RFC and used in libraries like Angular-JWT. + + See #19094. + + *Peter Schröder* + * Drop request class from RouteSet constructor. If you would like to use a custom request class, please subclass and implement diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 32c3c9652f..fb0a52b076 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -397,7 +397,7 @@ module ActionController # RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L] module Token TOKEN_KEY = 'token=' - TOKEN_REGEX = /^Token / + TOKEN_REGEX = /^(Token|Bearer) / AUTHN_PAIR_DELIMITERS = /(?:,|;|\t+)/ extend self diff --git a/actionpack/test/controller/http_token_authentication_test.rb b/actionpack/test/controller/http_token_authentication_test.rb index 2521f0322c..802c17b6bf 100644 --- a/actionpack/test/controller/http_token_authentication_test.rb +++ b/actionpack/test/controller/http_token_authentication_test.rb @@ -80,13 +80,20 @@ class HttpTokenAuthenticationTest < ActionController::TestCase end test "authentication request with badly formatted header" do - @request.env['HTTP_AUTHORIZATION'] = "Token foobar" + @request.env['HTTP_AUTHORIZATION'] = 'Token token$"lifo"' get :index assert_response :unauthorized assert_equal "HTTP Token: Access denied.\n", @response.body, "Authentication header was not properly parsed" end + test "successful authentication request with Bearer instead of Token" do + @request.env['HTTP_AUTHORIZATION'] = 'Bearer lifo' + get :index + + assert_response :success + end + test "authentication request without credential" do get :display |