Permalink
Browse files

fix for the invalid header race condition

  • Loading branch information...
jcast authored and jcasts committed Mar 15, 2011
1 parent 729b7d4 commit 4d6f5ee2b7b553060c7c836caf2fe5514ac35bd5
Showing with 8 additions and 6 deletions.
  1. +4 −1 lib/mappoint/digest_auth.rb
  2. +4 −5 lib/mappoint/service.rb
@@ -4,14 +4,17 @@ module MapPoint
module DigestAuth
@@nonce_count = Hash.new(0)
+
CNONCE = Digest::MD5.hexdigest("%x" % (Time.now.to_i + rand(65535)))
+ VALID_AUTH_HEADER = /^(\w+) (.*)/
+
# FIXME We need to clear out @@nonce_count every once in a
# great while, but I'm uncertain when the spec allows this.
# FIXME only works for POST
def self.gen_auth_header(uri, auth_header, user, password, is_IIS = false)
- auth_header =~ /^(\w+) (.*)/
+ auth_header =~ VALID_AUTH_HEADER
params = {}
$2.gsub(/(\w+)=("[^"]*"|[^,]*)/) {
View
@@ -56,12 +56,11 @@ def ns
{'xmlns' => "http://s.mappoint.net/mappoint-30/"}
end
- # FIXME Race condition
def set_digest_header(http_response)
- # FIXME we need to make sure this header exists, and throw a new
- # error if it doesn't.
- self.class.cached_digest_header =
- http_response.headers['www-authenticate'][0]
+ auth_header = http_response.headers['www-authenticate'][0]
+ return unless auth_header =~ DigestAuth::VALID_AUTH_HEADER
+
+ self.class.cached_digest_header = auth_header
end
def digest_auth_header_from_response

5 comments on commit 4d6f5ee

Collaborator

austinrfnd replied Mar 23, 2011

Jeremie, either AT&T still uses this stuff or you just love mappoint.

Collaborator

jcasts replied Mar 23, 2011

I'll let you take a wild guess

Owner

jmhodges replied Mar 24, 2011

Collaborator

jcasts replied Mar 24, 2011

We actually pull this repo into our internal github server so we shouldn't need this one anymore in the future.

Collaborator

jdunphy replied Mar 24, 2011

Please sign in to comment.