aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/http_authentication.rb
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Merge pull request #8989 from robertomiranda/use-rails-4-find-by"Guillermo Iguaran2013-01-181-2/+2
| | | | | This reverts commit 637a7d9d357a0f3f725b0548282ca8c5e7d4af4a, reversing changes made to 5937bd02dee112646469848d7fe8a8bfcef5b4c1.
* User Rails 4 find_byrobertomiranda2013-01-181-2/+2
|
* Namespace HashWithIndifferentAccessAkira Matsuda2013-01-071-1/+1
|
* "warning: ambiguous first argument; put parentheses or even spaces"Akira Matsuda2012-12-241-1/+1
|
* Refactoring the token_and_options method to fix bugsKurtis Rainbolt-Greene2012-12-151-11/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding a test for the equal trun bug Adding a test for the after equal trunc bug Adding a test for the slash bug Adding a test for the slash quote bug Adding a helper method for creating a sample request object with token Writing a method to create params array from raw params Writing a method to rewrite param values in the params Writing a method to get the token params from an authorization value Refactoring the token_and_options method to fix bugs Removing unnessecary test A constant for this shared regex seemed appropriate Wanting to split up this logic Adding small documentation pieces
* update documentation and code to use _action callbacksFrancesco Rodriguez2012-12-071-5/+5
|
* Allow users to change the default salt if they want, shouldn't be necessarySantiago Pastorino2012-11-031-2/+3
|
* Use derived keys everywhere, http_authentication was missing itSantiago Pastorino2012-11-031-3/+2
|
* Multiple changes to 1,9 hash syntaxAvnerCohen2012-10-271-10/+10
|
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-08-041-1/+1
|\ | | | | | | | | | | Conflicts: activemodel/lib/active_model/secure_password.rb activerecord/lib/active_record/associations/collection_proxy.rb
| * use 'HTTP_AUTHORIZATION' instead of :authorization as key when dealing with ↵Francesco Rodriguez2012-07-271-1/+1
| | | | | | | | HTTP Token authentication in integration tests
* | Merge pull request #7240 from steveklabnik/fix_2301Rafael Mendonça França2012-08-021-1/+1
|\ \ | | | | | | Fix for digest authentication bug - issue #2301 in rails/rails
| * | Fix for digest authentication bug - issue #2301 in rails/railsArthur Smith2012-08-021-1/+1
| | |
* | | load active_support/core_ext/object/blank in active_support/railsXavier Noria2012-08-021-1/+0
|/ /
* / * Do not convert digest auth strings to symbols. CVE-2012-3424Aaron Patterson2012-07-261-2/+2
|/ | | | | Conflicts: actionpack/lib/action_controller/metal/http_authentication.rb
* Don't raise an error if http auth token isn't well formattedPiotr Sarnacki2012-07-111-4/+6
| | | | | | | | | | | | | | When someone sends malformed authorization header, like: Authorization: Token foobar given token should be just ignored and resource should not be authorized, instead of raising error. Before this patch controller would return 401 header only for well formed tokens, like: Authorization: Token token=foobar and would return 500 in former case.
* moar copy edits [ci skip]Vijay Dev2012-06-141-2/+1
|
* fixed http token authentication formattingJakub Kuźma2012-06-121-8/+13
|
* Move HTTP Token auth docs above the Token moduleElia Schito2012-05-111-42/+44
|
* Updated/changed useless tr/gsubsJurriaan Pruis2012-04-031-1/+1
|
* fix api doc [ci skip]Vijay Dev2012-03-011-1/+1
|
* Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-2/+2
| | | | | | | | | | | | | | | | PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
* example bracket errorDamian Le Nouaille2012-01-231-1/+1
|
* fix base64 requireSergey Nartimov2012-01-031-1/+1
|
* remove ActiveSupport::Base64 in favor of ::Base64Sergey Nartimov2012-01-021-4/+4
|
* deprecate Base64.encode64s from AS. Use Base64.strict_encode64 insteadVasiliy Ermolovich2011-12-271-2/+2
|
* Fix http digest authentication with trailing '/' or '?' (fixes #4038 and #3228)Piotr Sarnacki2011-12-211-5/+8
|
* Eliminate newlines in basic auth. fixes #2882Aaron Patterson2011-09-061-1/+1
|
* remove warning: assigned but unused variableSantiago Pastorino2011-06-081-1/+1
|
* Removing trailing white-spacesGuillermo Iguaran2011-05-311-2/+2
|
* Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-2/+2
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-04-031-1/+1
|\
| * Trivial fix to HTTP Digest auth MD5 exampleJon Cooper2011-03-311-1/+1
| |
* | Dont call authenticate_or_request_with_http_basic twiceDavid Heinemeier Hansson2011-03-291-4/+2
| |
* | Fix examplesDavid Heinemeier Hansson2011-03-281-1/+1
| |
* | Added Base.http_basic_authenticate_with to do simple http basic ↵David Heinemeier Hansson2011-03-281-14/+16
|/ | | | authentication with a single class method call [DHH]
* replace if ! with unlessNeeraj Singh2010-10-171-1/+1
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* reduce function calls on ArrayAaron Patterson2010-09-291-3/+2
|
* removing more lolinjectAaron Patterson2010-09-291-8/+7
|
* removing lollerjectAaron Patterson2010-09-291-1/+1
|
* Remove deprecated stuff in ActionControllerCarlos Antonio da Silva2010-09-261-1/+1
| | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
* Refactor decode_credentials to avoid inject and use map instead.Emilio Tagua2010-09-221-6/+5
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* cleanup of ActionController::Metal inline documentationJoost Baaij2010-08-261-14/+18
|
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-2/+2
| | | | 's/[ \t]*$//' -i {} \;)
* API Docs: Use 'HTTP_AUTHORIZATION' and not :authorize as key in integration ↵Rohit Arondekar2010-07-301-1/+1
| | | | tests.
* add HTTP Token Authorization support to complement Basic and Digest ↵rick2010-04-301-0/+158
| | | | Authorization.
* Rename config.cookie_secret to config.secret_token and pass it as ↵José Valim2010-04-051-5/+12
| | | | configuration in request.env. This is another step forward removing global configuration.
* adds missing requires for Object#blank? and Object#present?Xavier Noria2010-03-281-0/+1
|
* Remove uneeded methods.José Valim2010-03-101-18/+4
|
* Deprecated ActionController::Base.session_options= and ↵Carlhuda2010-03-041-2/+2
| | | | ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.