Permalink
Browse files

Return a bad request for malformed basic auth

Closes #438
  • Loading branch information...
1 parent 6b115c5 commit e2c530c4917eee309c7a9b6be3187b0257981c53 @raggi raggi committed Nov 2, 2012
Showing with 9 additions and 1 deletion.
  1. +1 −1 lib/rack/auth/basic.rb
  2. +8 −0 test/spec_auth_basic.rb
View
@@ -41,7 +41,7 @@ def valid?(auth)
class Request < Auth::AbstractRequest
def basic?
- :basic == scheme
+ !parts.first.nil? && :basic == scheme
end
def credentials
View
@@ -66,6 +66,14 @@ def assert_basic_auth_challenge(response)
end
end
+ should 'return 400 Bad Request for a malformed authorization header' do
+ request 'HTTP_AUTHORIZATION' => '' do |response|
+ response.should.be.a.client_error
+ response.status.should.equal 400
+ response.should.not.include 'WWW-Authenticate'
+ end
+ end
+
it 'takes realm as optional constructor arg' do
app = Rack::Auth::Basic.new(unprotected_app, realm) { true }
realm.should == app.realm

0 comments on commit e2c530c

Please sign in to comment.