From b3e2abc4b130a27403ad1d25260c9200eb7cfaf0 Mon Sep 17 00:00:00 2001 From: Arthur Smith Date: Thu, 28 Jul 2011 10:06:45 -0400 Subject: Fix for digest authentication bug - issue #2301 in rails/rails --- actionpack/lib/action_controller/metal/http_authentication.rb | 2 +- actionpack/test/controller/http_digest_authentication_test.rb | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index d84588d3df..8466db5952 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -194,7 +194,7 @@ module ActionController return false unless password method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD'] - uri = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url + uri = credentials[:uri] [true, false].any? do |trailing_question_mark| [true, false].any? do |password_is_ha1| diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb index 828ea5b0fb..b11ad633bd 100644 --- a/actionpack/test/controller/http_digest_authentication_test.rb +++ b/actionpack/test/controller/http_digest_authentication_test.rb @@ -139,11 +139,12 @@ class HttpDigestAuthenticationTest < ActionController::TestCase test "authentication request with request-uri that doesn't match credentials digest-uri" do @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please') - @request.env['ORIGINAL_FULLPATH'] = "/http_digest_authentication_test/dummy_digest/altered/uri" + @request.env['PATH_INFO'] = "/proxied/uri" get :display - assert_response :unauthorized - assert_equal "Authentication Failed", @response.body + assert_response :success + assert assigns(:logged_in) + assert_equal 'Definitely Maybe', @response.body end test "authentication request with absolute request uri (as in webrick)" do -- cgit v1.2.3 From 6beaafd0c4289d5f19b2e01f84338cd7e2ff8032 Mon Sep 17 00:00:00 2001 From: Steve Klabnik Date: Thu, 2 Aug 2012 16:46:41 -0400 Subject: Changelog entry for Digest Auth fix (#2301) --- actionpack/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'actionpack') diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index d5326e3d0b..68cce142a2 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,7 @@ ## Rails 4.0.0 (unreleased) ## +* Fixed issue with where Digest authentication would not work behind a proxy. *Arthur Smith* + * Added ActionController::Live. Mix it in to your controller and you can stream data to the client live. For example: -- cgit v1.2.3