Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix request loop on non-stale nonce with time_limit parameter.

  • Loading branch information...
commit 4f81156e25e4d8bc1492fbe0b45295d71d70f320 1 parent edc8b92
@dayflower dayflower authored
Showing with 15 additions and 1 deletion.
  1. +1 −1  lib/rack/auth/digest/nonce.rb
  2. +14 −0 test/spec_auth_digest.rb
View
2  lib/rack/auth/digest/nonce.rb
@@ -38,7 +38,7 @@ def valid?
end
def stale?
- !self.class.time_limit.nil? && (@timestamp - Time.now.to_i) < self.class.time_limit
+ !self.class.time_limit.nil? && (Time.now.to_i - @timestamp) > self.class.time_limit
end
def fresh?
View
14 test/spec_auth_digest.rb
@@ -153,6 +153,20 @@ def assert_bad_request(response)
end
end
+ should 'not rechallenge if nonce is not stale' do
+ begin
+ Rack::Auth::Digest::Nonce.time_limit = 10
+
+ request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', :wait => 1 do |response|
+ response.status.should.equal 200
+ response.body.to_s.should.equal 'Hi Alice'
+ response.headers['WWW-Authenticate'].should.not =~ /\bstale=true\b/
+ end
+ ensure
+ Rack::Auth::Digest::Nonce.time_limit = nil
+ end
+ end
+
should 'rechallenge with stale parameter if nonce is stale' do
begin
Rack::Auth::Digest::Nonce.time_limit = 1
Please sign in to comment.
Something went wrong with that request. Please try again.