diff options
Diffstat (limited to 'actionpack/test/controller/http_digest_authentication_test.rb')
-rw-r--r-- | actionpack/test/controller/http_digest_authentication_test.rb | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb index b8a2205ce6..15a11395bb 100644 --- a/actionpack/test/controller/http_digest_authentication_test.rb +++ b/actionpack/test/controller/http_digest_authentication_test.rb @@ -38,6 +38,15 @@ class HttpDigestAuthenticationTest < ActionController::TestCase tests DummyDigestController + setup do + # Used as secret in generating nonce to prevent tampering of timestamp + @old_secret, ActionController::Base.session_options[:secret] = ActionController::Base.session_options[:secret], "session_options_secret" + end + + teardown do + ActionController::Base.session_options[:secret] = @old_secret + end + AUTH_HEADERS.each do |header| test "successful authentication with #{header.downcase}" do @request.env[header] = encode_credentials(:username => 'lifo', :password => 'world') @@ -165,10 +174,6 @@ class HttpDigestAuthenticationTest < ActionController::TestCase options.reverse_merge!(:nc => "00000001", :cnonce => "0a4f113b", :password_is_ha1 => false) password = options.delete(:password) - # Set in /initializers/session_store.rb. Used as secret in generating nonce - # to prevent tampering of timestamp - ActionController::Base.session_options[:secret] = "session_options_secret" - # Perform unauthenticated request to retrieve digest parameters to use on subsequent request method = options.delete(:method) || 'GET' |