| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| | |
Handle tab in token authentication header.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The HTTP spec allows for LWS to precede the header content, which
could include multiple SP and HT characters. Update the regex used to
match the Token authorization header to account for this, instead of
matching on a single SP.
See http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html and
http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html for the relevant
parts of the specification.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will silence deprecation warnings.
Most of the test can be changed from `render :text` to render `:plain`
or `render :body` right away. However, there are some tests that needed
to be fixed by hand as they actually assert the default Content-Type
returned from `render :body`.
|
| | |
|
| | |
|
| |
| |
| |
| | |
Digest allowed the messages.
Add the same feature to basic and token
|
| |
| |
| |
| | |
Fixes: https://github.com/rails/rails/issues/17108.
|
| |
| |
| |
| | |
add a test case to test the regex for the helper method raw_params
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding a test for the equal trun bug
Adding a test for the after equal trunc bug
Adding a test for the slash bug
Adding a test for the slash quote bug
Adding a helper method for creating a sample request object with token
Writing a method to create params array from raw params
Writing a method to rewrite param values in the params
Writing a method to get the token params from an authorization value
Refactoring the token_and_options method to fix bugs
Removing unnessecary test
A constant for this shared regex seemed appropriate
Wanting to split up this logic
Adding small documentation pieces
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When someone sends malformed authorization header, like:
Authorization: Token foobar
given token should be just ignored and resource should not be authorized,
instead of raising error. Before this patch controller would return 401 header
only for well formed tokens, like:
Authorization: Token token=foobar
and would return 500 in former case.
|
|
|
|
| |
's/[ \t]*$//' -i {} \;)
|
|
Authorization.
|