Permalink
Browse files

Fix for digest authentication bug - issue #2301 in rails/rails

  • Loading branch information...
1 parent 1981159 commit 4fc735b9cd3c263190fe5f9a954ed599771f22fa @arthurpsmith committed Jul 28, 2011
View
2 actionpack/lib/action_controller/metal/http_authentication.rb
@@ -194,7 +194,7 @@ def validate_digest_response(request, realm, &password_procedure)
return false unless password
method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
- uri = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url
+ uri = credentials[:uri]
[true, false].any? do |trailing_question_mark|
[true, false].any? do |password_is_ha1|
View
7 actionpack/test/controller/http_digest_authentication_test.rb
@@ -139,11 +139,12 @@ def authenticate_with_request
test "authentication request with request-uri that doesn't match credentials digest-uri" do
@request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
- @request.env['ORIGINAL_FULLPATH'] = "/http_digest_authentication_test/dummy_digest/altered/uri"
+ @request.env['PATH_INFO'] = "/proxied/uri"
get :display
- assert_response :unauthorized
- assert_equal "Authentication Failed", @response.body
+ assert_response :success
+ assert assigns(:logged_in)
+ assert_equal 'Definitely Maybe', @response.body
end
test "authentication request with absolute request uri (as in webrick)" do

0 comments on commit 4fc735b

Please sign in to comment.