aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/http_authentication.rb
Commit message (Collapse)AuthorAgeFilesLines
* Minor documentation edits [ci skip]Robin Dupret2014-12-281-1/+1
|
* Update example test documentationBen Prew2014-12-281-4/+2
| | | Example does not work with session headers, should use request headers. [ci skip]
* Merge pull request #17186 from tgxworld/header_authentication_tokenMatthew Draper2014-11-271-2/+9
|\ | | | | | | Allow authentication header to not have to specify 'token=' key.
| * Allow authentication header to not have to specify 'token=' key.Guo Xiang Tan2014-10-101-2/+9
| | | | | | | | Fixes: https://github.com/rails/rails/issues/17108.
* | Wrap code snippets in +, not backticks, in sdocclaudiob2014-11-201-3/+3
|/ | | | | | | | I grepped the source code for code snippets wrapped in backticks in the comments and replaced the backticks with plus signs so they are correctly displayed in the Rails documentation. [ci skip]
* Improve token_and_options regex and testXinjiang Lu2014-07-011-1/+1
| | | | add a test case to test the regex for the helper method raw_params
* Fix parsed token value with header `Authorization token=`.Larry Lv2014-06-131-2/+2
|
* Set the status before of setting the response bodyGuillermo Iguaran2014-06-131-2/+2
| | | | | | | The 401 status should be set first because setting the response body in a live controller also closes the response to further changes. Fixes #14229.
* Merge pull request #11346 from tomykaira/fix_10257Rafael Mendonça França2014-05-201-2/+14
|\ | | | | Check authentication scheme in Basic auth
| * Run login_procedure only when the auth_scheme is validtomykaira2013-07-081-7/+14
| |
| * Check authentication scheme in Basic authtomykaira2013-07-071-1/+6
| | | | | | | | | | | | | | | | | | | | `authenticate_with_http_basic` and its families should check the authentication schema is "Basic". Different schema, such as OAuth2 Bearer should be rejected by basic auth, but it was passing as the test shows. This fixes #10257.
* | Replace trivial regexp with string or index, twice as fastKelley Reynolds2014-03-281-1/+1
| |
* | Update Docs in favor to use render plain instead of text optionrobertomiranda2014-02-181-6/+6
|/ | | | ref #14062
* Prefer find_by over dynamic finders in rdocSam Ruby2013-04-021-2/+2
|
* Digest auth should not 500 when given a basic header.Brad Dunbar2013-03-181-0/+1
|
* Revert "Merge pull request #8989 from robertomiranda/use-rails-4-find-by"Guillermo Iguaran2013-01-181-2/+2
| | | | | This reverts commit 637a7d9d357a0f3f725b0548282ca8c5e7d4af4a, reversing changes made to 5937bd02dee112646469848d7fe8a8bfcef5b4c1.
* User Rails 4 find_byrobertomiranda2013-01-181-2/+2
|
* Namespace HashWithIndifferentAccessAkira Matsuda2013-01-071-1/+1
|
* "warning: ambiguous first argument; put parentheses or even spaces"Akira Matsuda2012-12-241-1/+1
|
* Refactoring the token_and_options method to fix bugsKurtis Rainbolt-Greene2012-12-151-11/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding a test for the equal trun bug Adding a test for the after equal trunc bug Adding a test for the slash bug Adding a test for the slash quote bug Adding a helper method for creating a sample request object with token Writing a method to create params array from raw params Writing a method to rewrite param values in the params Writing a method to get the token params from an authorization value Refactoring the token_and_options method to fix bugs Removing unnessecary test A constant for this shared regex seemed appropriate Wanting to split up this logic Adding small documentation pieces
* update documentation and code to use _action callbacksFrancesco Rodriguez2012-12-071-5/+5
|
* Allow users to change the default salt if they want, shouldn't be necessarySantiago Pastorino2012-11-031-2/+3
|
* Use derived keys everywhere, http_authentication was missing itSantiago Pastorino2012-11-031-3/+2
|
* Multiple changes to 1,9 hash syntaxAvnerCohen2012-10-271-10/+10
|
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-08-041-1/+1
|\ | | | | | | | | | | Conflicts: activemodel/lib/active_model/secure_password.rb activerecord/lib/active_record/associations/collection_proxy.rb
| * use 'HTTP_AUTHORIZATION' instead of :authorization as key when dealing with ↵Francesco Rodriguez2012-07-271-1/+1
| | | | | | | | HTTP Token authentication in integration tests
* | Merge pull request #7240 from steveklabnik/fix_2301Rafael Mendonça França2012-08-021-1/+1
|\ \ | | | | | | Fix for digest authentication bug - issue #2301 in rails/rails
| * | Fix for digest authentication bug - issue #2301 in rails/railsArthur Smith2012-08-021-1/+1
| | |
* | | load active_support/core_ext/object/blank in active_support/railsXavier Noria2012-08-021-1/+0
|/ /
* / * Do not convert digest auth strings to symbols. CVE-2012-3424Aaron Patterson2012-07-261-2/+2
|/ | | | | Conflicts: actionpack/lib/action_controller/metal/http_authentication.rb
* Don't raise an error if http auth token isn't well formattedPiotr Sarnacki2012-07-111-4/+6
| | | | | | | | | | | | | | When someone sends malformed authorization header, like: Authorization: Token foobar given token should be just ignored and resource should not be authorized, instead of raising error. Before this patch controller would return 401 header only for well formed tokens, like: Authorization: Token token=foobar and would return 500 in former case.
* moar copy edits [ci skip]Vijay Dev2012-06-141-2/+1
|
* fixed http token authentication formattingJakub Kuźma2012-06-121-8/+13
|
* Move HTTP Token auth docs above the Token moduleElia Schito2012-05-111-42/+44
|
* Updated/changed useless tr/gsubsJurriaan Pruis2012-04-031-1/+1
|
* fix api doc [ci skip]Vijay Dev2012-03-011-1/+1
|
* Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-2/+2
| | | | | | | | | | | | | | | | PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
* example bracket errorDamian Le Nouaille2012-01-231-1/+1
|
* fix base64 requireSergey Nartimov2012-01-031-1/+1
|
* remove ActiveSupport::Base64 in favor of ::Base64Sergey Nartimov2012-01-021-4/+4
|
* deprecate Base64.encode64s from AS. Use Base64.strict_encode64 insteadVasiliy Ermolovich2011-12-271-2/+2
|
* Fix http digest authentication with trailing '/' or '?' (fixes #4038 and #3228)Piotr Sarnacki2011-12-211-5/+8
|
* Eliminate newlines in basic auth. fixes #2882Aaron Patterson2011-09-061-1/+1
|
* remove warning: assigned but unused variableSantiago Pastorino2011-06-081-1/+1
|
* Removing trailing white-spacesGuillermo Iguaran2011-05-311-2/+2
|
* Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-2/+2
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-04-031-1/+1
|\
| * Trivial fix to HTTP Digest auth MD5 exampleJon Cooper2011-03-311-1/+1
| |
* | Dont call authenticate_or_request_with_http_basic twiceDavid Heinemeier Hansson2011-03-291-4/+2
| |
* | Fix examplesDavid Heinemeier Hansson2011-03-281-1/+1
| |