| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.
`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.
Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.
Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
|
| |
|
|
|
| |
As we all know that Accessing mime types via constants is deprecated. Now, we are using `Mime::Type[:JSON]` instead of `Mime::JSON`
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This will silence deprecation warnings.
Most of the test can be changed from `render :text` to render `:plain`
or `render :body` right away. However, there are some tests that needed
to be fixed by hand as they actually assert the default Content-Type
returned from `render :body`.
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
Digest allowed the messages.
Add the same feature to basic and token
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/ruby/ruby/pull/579 - there is a new optimization
since ruby 2.2
Previously regexp patterns were faster (since a string was converted to
regexp underneath anyway). But now string patterns are faster and
better reflect the purpose.
Benchmark.ips do |bm|
bm.report('regexp') { 'this is ::a random string'.gsub(/::/, '/') }
bm.report('string') { 'this is ::a random string'.gsub('::', '/') }
bm.compare!
end
# string: 753724.4 i/s
# regexp: 501443.1 i/s - 1.50x slower
|
| |
|
| |
|
| |
|
|
|
| |
Example does not work with session headers, should use request headers. [ci skip]
|
|\
| |
| |
| | |
Allow authentication header to not have to specify 'token=' key.
|
| |
| |
| |
| | |
Fixes: https://github.com/rails/rails/issues/17108.
|
|/
|
|
|
|
|
|
| |
I grepped the source code for code snippets wrapped in backticks in the comments
and replaced the backticks with plus signs so they are correctly displayed in
the Rails documentation.
[ci skip]
|
|
|
|
| |
add a test case to test the regex for the helper method raw_params
|
| |
|
|
|
|
|
|
|
| |
The 401 status should be set first because setting the response body in
a live controller also closes the response to further changes.
Fixes #14229.
|
|\
| |
| | |
Check authentication scheme in Basic auth
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`authenticate_with_http_basic` and its families should check the authentication
schema is "Basic".
Different schema, such as OAuth2 Bearer should be rejected by basic auth, but
it was passing as the test shows.
This fixes #10257.
|
| | |
|
|/
|
|
| |
ref #14062
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 637a7d9d357a0f3f725b0548282ca8c5e7d4af4a, reversing
changes made to 5937bd02dee112646469848d7fe8a8bfcef5b4c1.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding a test for the equal trun bug
Adding a test for the after equal trunc bug
Adding a test for the slash bug
Adding a test for the slash quote bug
Adding a helper method for creating a sample request object with token
Writing a method to create params array from raw params
Writing a method to rewrite param values in the params
Writing a method to get the token params from an authorization value
Refactoring the token_and_options method to fix bugs
Removing unnessecary test
A constant for this shared regex seemed appropriate
Wanting to split up this logic
Adding small documentation pieces
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
Conflicts:
activemodel/lib/active_model/secure_password.rb
activerecord/lib/active_record/associations/collection_proxy.rb
|
| |
| |
| |
| | |
HTTP Token authentication in integration tests
|
|\ \
| | |
| | | |
Fix for digest authentication bug - issue #2301 in rails/rails
|
| | | |
|
|/ / |
|
|/
|
|
|
| |
Conflicts:
actionpack/lib/action_controller/metal/http_authentication.rb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When someone sends malformed authorization header, like:
Authorization: Token foobar
given token should be just ignored and resource should not be authorized,
instead of raising error. Before this patch controller would return 401 header
only for well formed tokens, like:
Authorization: Token token=foobar
and would return 500 in former case.
|
| |
|
| |
|
| |
|
| |
|