From 2ae757d76bdc4c02e47a43ebc5ecbfc8bb8dee41 Mon Sep 17 00:00:00 2001
From: Mikhail Denisenko <denisenk@amazon.com>
Date: Sun, 9 Aug 2015 16:52:22 -0400
Subject: Test basic auth with symbols in login and password

---
 .../test/controller/http_basic_authentication_test.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'actionpack/test/controller')

diff --git a/actionpack/test/controller/http_basic_authentication_test.rb b/actionpack/test/controller/http_basic_authentication_test.rb
index ed3632007d..df001a1de3 100644
--- a/actionpack/test/controller/http_basic_authentication_test.rb
+++ b/actionpack/test/controller/http_basic_authentication_test.rb
@@ -5,6 +5,7 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
     before_action :authenticate, only: :index
     before_action :authenticate_with_request, only: :display
     before_action :authenticate_long_credentials, only: :show
+    before_action :auth_with_special_chars, only: :special_creds
 
     http_basic_authenticate_with :name => "David", :password => "Goliath", :only => :search
 
@@ -20,6 +21,10 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
       render plain: 'Only for loooooong credentials'
     end
 
+    def special_creds
+      render plain: 'Only for special credentials'
+    end
+
     def search
       render plain: 'All inline'
     end
@@ -40,6 +45,12 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
       end
     end
 
+    def auth_with_special_chars
+      authenticate_or_request_with_http_basic do |username, password|
+        username == 'login!@#$%^&*()_+{}[];"\',./<>?`~ \n\r\t' && password == 'pwd:!@#$%^&*()_+{}[];"\',./<>?`~ \n\r\t'
+      end
+    end
+
     def authenticate_long_credentials
       authenticate_or_request_with_http_basic do |username, password|
         username == '1234567890123456789012345678901234567890' && password == '1234567890123456789012345678901234567890'
@@ -125,6 +136,14 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
     assert_equal 'Definitely Maybe', @response.body
   end
 
+  test "authentication request with valid credential special chars" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('login!@#$%^&*()_+{}[];"\',./<>?`~ \n\r\t', 'pwd:!@#$%^&*()_+{}[];"\',./<>?`~ \n\r\t')
+    get :special_creds
+
+    assert_response :success
+    assert_equal 'Only for special credentials', @response.body
+  end
+
   test "authenticate with class method" do
     @request.env['HTTP_AUTHORIZATION'] = encode_credentials('David', 'Goliath')
     get :search
-- 
cgit v1.2.3