From 80ab9e2a7434a445eaacb097832fbad24ed01960 Mon Sep 17 00:00:00 2001
From: Piotr Sarnacki <drogus@gmail.com>
Date: Tue, 20 Dec 2011 20:34:04 +0100
Subject: Add original_fullpath and original_url methods to Request

---
 actionpack/lib/action_dispatch/http/request.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index c5c48ec489..820921252d 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -122,10 +122,18 @@ module ActionDispatch
       Http::Headers.new(@env)
     end
 
+    def original_fullpath
+      @original_fullpath ||= (env["ORIGINAL_FULLPATH"] || fullpath)
+    end
+
     def fullpath
       @fullpath ||= super
     end
 
+    def original_url
+      base_url + original_fullpath
+    end
+
     def media_type
       content_mime_type.to_s
     end
-- 
cgit v1.2.3


From 3131a9379766a735a80220fd2e94cb07791bed9c Mon Sep 17 00:00:00 2001
From: Piotr Sarnacki <drogus@gmail.com>
Date: Tue, 20 Dec 2011 21:01:47 +0100
Subject: Fix http digest authentication with trailing '/' or '?' (fixes #4038
 and #3228)

---
 .../lib/action_controller/metal/http_authentication.rb      | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 264806cd36..56335a22cb 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -192,12 +192,15 @@ module ActionController
           return false unless password
 
           method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
-          uri    = credentials[:uri][0,1] == '/' ? request.fullpath : request.url
+          uri    = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url
 
-         [true, false].any? do |password_is_ha1|
-           expected = expected_response(method, uri, credentials, password, password_is_ha1)
-           expected == credentials[:response]
-         end
+          [true, false].any? do |trailing_question_mark|
+            [true, false].any? do |password_is_ha1|
+              _uri = trailing_question_mark ? uri + "?" : uri
+              expected = expected_response(method, _uri, credentials, password, password_is_ha1)
+              expected == credentials[:response]
+            end
+          end
         end
       end
 
-- 
cgit v1.2.3