aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/http_token_authentication_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #14212 from tylerhunt/fix-token-regexSean Griffin2015-12-151-0/+8
|\ | | | | | | Handle tab in token authentication header.
| * Handle tab in token authentication header.Tyler Hunt2014-02-261-0/+8
| | | | | | | | | | | | | | | | | | | | | | The HTTP spec allows for LWS to precede the header content, which could include multiple SP and HT characters. Update the regex used to match the Token authorization header to account for this, instead of matching on a single SP. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html and http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html for the relevant parts of the specification.
* | Stop using deprecated `render :text` in testPrem Sichanugrist2015-07-171-3/+3
| | | | | | | | | | | | | | | | | | This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
* | allow `Bearer` as well as `Token`phoet2015-06-011-0/+7
| |
* | actually test what the name saysphoet2015-06-011-1/+1
| |
* | Give authentication methods the ability to customize response message.Keenan Brock2015-05-031-3/+3
| | | | | | | | Digest allowed the messages. Add the same feature to basic and token
* | Allow authentication header to not have to specify 'token=' key.Guo Xiang Tan2014-10-101-2/+21
| | | | | | | | Fixes: https://github.com/rails/rails/issues/17108.
* | Improve token_and_options regex and testXinjiang Lu2014-07-011-2/+22
| | | | | | | | add a test case to test the regex for the helper method raw_params
* | Fix parsed token value with header `Authorization token=`.Larry Lv2014-06-131-6/+23
|/
* Remove unused argument.Francesco Rodriguez2014-01-241-1/+1
|
* Do not use the same tests descriptionRafael Mendonça França2012-12-311-3/+3
|
* Refactoring the token_and_options method to fix bugsKurtis Rainbolt-Greene2012-12-151-6/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding a test for the equal trun bug Adding a test for the after equal trunc bug Adding a test for the slash bug Adding a test for the slash quote bug Adding a helper method for creating a sample request object with token Writing a method to create params array from raw params Writing a method to rewrite param values in the params Writing a method to get the token params from an authorization value Refactoring the token_and_options method to fix bugs Removing unnessecary test A constant for this shared regex seemed appropriate Wanting to split up this logic Adding small documentation pieces
* update documentation and code to use _action callbacksFrancesco Rodriguez2012-12-071-3/+3
|
* Fix indentation.Piotr Sarnacki2012-07-111-4/+4
|
* Don't raise an error if http auth token isn't well formattedPiotr Sarnacki2012-07-111-0/+8
| | | | | | | | | | | | | | When someone sends malformed authorization header, like: Authorization: Token foobar given token should be just ignored and resource should not be authorized, instead of raising error. Before this patch controller would return 401 header only for well formed tokens, like: Authorization: Token token=foobar and would return 500 in former case.
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-3/+3
| | | | 's/[ \t]*$//' -i {} \;)
* add HTTP Token Authorization support to complement Basic and Digest ↵rick2010-04-301-0/+113
Authorization.