Nix the part of 1ad6385 that attempted to handle userinfo strings wit…

…h more than one colon in them, which doesn't seem to be legal anyway The RFC doesn't mention this, but either way, it's not possible to reliably determine which part is the username and which is the password when handling the request, so the only way would be to iterate through the possible permutations. Yuck.
bjeanes · Jul 4, 2009 · 7c1dbfe · 7c1dbfe
1 parent 4aa03ae
commit 7c1dbfe
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/lib/fake_web/ext/net_http.rb b/lib/fake_web/ext/net_http.rb
@@ -44,7 +44,7 @@ def request(request, body = nil, &block)
         userinfo = request["authorization"].sub(/^Basic /, "").unpack("m").first
         # TODO: extract method
         unsafe_in_userinfo = /[^#{URI::REGEXP::PATTERN::UNRESERVED};&=+$,]|^(#{URI::REGEXP::PATTERN::ESCAPED})/
-        userinfo = URI.escape(userinfo.split(":")[0...-1].join(":"), unsafe_in_userinfo) + ":" +
+        userinfo = URI.escape(userinfo.split(":").first, unsafe_in_userinfo) + ":" +
                    URI.escape(userinfo.split(":").last, unsafe_in_userinfo) + "@"
       else
         userinfo = ""

diff --git a/test/test_fake_authentication.rb b/test/test_fake_authentication.rb
@@ -73,14 +73,6 @@ def test_basic_auth_when_userinfo_contains_at_sign
     assert_equal "authorized", http.request(request).body
   end
 
-  def test_basic_auth_when_userinfo_contains_colon
-    FakeWeb.register_uri(:get, "http://songs%3Aohia:secret@example.com", :body => "authorized")
-    http = Net::HTTP.new("example.com")
-    request = Net::HTTP::Get.new("/")
-    request.basic_auth("songs:ohia", "secret")
-    assert_equal "authorized", http.request(request).body
-  end
-
   def test_basic_auth_when_userinfo_contains_ampersand
     FakeWeb.register_uri(:get, "http://roses&hello:solongs@example.com", :body => "authorized")
     http = Net::HTTP.new("example.com")