From 95332abe091d0fe8b6b108fffa8208af21a4cca0 Mon Sep 17 00:00:00 2001
From: Brad Dunbar <dunbarb2@gmail.com>
Date: Mon, 21 Jan 2013 15:31:34 -0500
Subject: Digest auth should not 500 when given a basic header.

---
 actionpack/lib/action_controller/metal/http_authentication.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index e295002b16..c7bb2dd147 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -299,6 +299,7 @@ module ActionController
       # allow a user to use new nonce without prompting user again for their
       # username and password.
       def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)
+        return false if value.nil?
         t = ::Base64.decode64(value).split(":").first.to_i
         nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
       end
-- 
cgit v1.2.3