fix for the invalid header race condition

jmhodges · Mar 22, 2011 · 4d6f5ee · 4d6f5ee · austinrfnd · Mar 23, 2011
1 parent 729b7d4
commit 4d6f5ee
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/lib/mappoint/digest_auth.rb b/lib/mappoint/digest_auth.rb
@@ -4,14 +4,17 @@ module MapPoint
 
 module DigestAuth
   @@nonce_count = Hash.new(0)
+
   CNONCE = Digest::MD5.hexdigest("%x" % (Time.now.to_i + rand(65535)))
 
+  VALID_AUTH_HEADER = /^(\w+) (.*)/
+
   # FIXME We need to clear out @@nonce_count every once in a
   # great while, but I'm uncertain when the spec allows this.
 
   # FIXME only works for POST
   def self.gen_auth_header(uri, auth_header, user, password, is_IIS = false)
-    auth_header =~ /^(\w+) (.*)/
+    auth_header =~ VALID_AUTH_HEADER
 
     params = {}
     $2.gsub(/(\w+)=("[^"]*"|[^,]*)/) {

diff --git a/lib/mappoint/service.rb b/lib/mappoint/service.rb
@@ -56,12 +56,11 @@ def ns
       {'xmlns' => "http://s.mappoint.net/mappoint-30/"}
     end
 
-    # FIXME Race condition
     def set_digest_header(http_response)
-      # FIXME we need to make sure this header exists, and throw a new
-      # error if it doesn't.
-      self.class.cached_digest_header =
-        http_response.headers['www-authenticate'][0]
+      auth_header = http_response.headers['www-authenticate'][0]
+      return unless auth_header =~ DigestAuth::VALID_AUTH_HEADER
+
+      self.class.cached_digest_header = auth_header
     end
 
     def digest_auth_header_from_response