0
@@ -1,5 +1,7 @@
0
 * 0.7.2 OFFICIAL *
0
 
0
+* Add another possible key to check for HTTP Basic Authentication
0
+
0
 * Add shortcut to disable comments on an article from the comment moderation page.
0
 
0
 * 0.7.1 PRE-RELEASE *

0
@@ -54,9 +54,7 @@ module AuthenticatedSystem
0
     end
0
     
0
     def basic_auth_required
0
-      unless session[:user] = User.authenticate_for(*get_auth_data.unshift(site)) 
0
-        access_denied_with_basic_auth
0
-      end 
0
+      User.authenticate_for(*get_auth_data.unshift(site)) || access_denied_with_basic_auth
0
     end
0
     
0
     # adds ActionView helper methods
0
@@ -80,22 +78,10 @@ module AuthenticatedSystem
0
       render :text => "Could't authenticate you", :status => '401 Unauthorized'
0
     end
0
 
0
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
0
     # gets BASIC auth info
0
     def get_auth_data
0
-      user, pass = '', '' 
0
-      # extract authorisation credentials 
0
-      if request.env.has_key? 'X-HTTP_AUTHORIZATION' 
0
-        # try to get it where mod_rewrite might have put it 
0
-        authdata = request.env['X-HTTP_AUTHORIZATION'].to_s.split 
0
-      elsif request.env.has_key? 'HTTP_AUTHORIZATION' 
0
-        # this is the regular location 
0
-        authdata = request.env['HTTP_AUTHORIZATION'].to_s.split  
0
-      end 
0
-       
0
-      # at the moment we only support basic authentication 
0
-      if authdata && authdata[0] == 'Basic' 
0
-        user, pass = Base64.decode64(authdata[1]).split(':')[0..1] 
0
-      end 
0
-      return [user, pass] 
0
+      authdata = request.env[@@http_auth_headers.detect { |h| request.env.has_key?(h) }].to_s.split
0
+      return authdata[0] == 'Basic' ? Base64.decode64(authdata[1]).split(':')[0..1] : ['', ''] 
0
     end
0
 end