Fix Rack::Auth::Digest query string bug

Signed-off-by: Joshua Peek <josh@joshpeek.com>
rack · Dec 13, 2010 · f80df39 · f80df39
1 parent 9ad83ca
commit f80df39
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/lib/rack/auth/abstract/request.rb b/lib/rack/auth/abstract/request.rb
@@ -1,3 +1,5 @@
+require 'rack/request'
+
 module Rack
   module Auth
     class AbstractRequest
@@ -6,6 +8,10 @@ def initialize(env)
         @env = env
       end
 
+      def request
+        @request ||= Request.new(@env)
+      end
+
       def provided?
         !authorization_key.nil?
       end

diff --git a/lib/rack/auth/digest/request.rb b/lib/rack/auth/digest/request.rb
@@ -16,7 +16,7 @@ def digest?
         end
 
         def correct_uri?
-          (@env['SCRIPT_NAME'].to_s + @env['PATH_INFO'].to_s) == uri
+          request.fullpath == uri
         end
 
         def nonce

diff --git a/test/spec_auth_digest.rb b/test/spec_auth_digest.rb
@@ -8,7 +8,8 @@ def realm
 
   def unprotected_app
     lambda do |env|
-      [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ]
+      friend = Rack::Utils.parse_query(env["QUERY_STRING"])["friend"]
+      [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}#{friend ? " and #{friend}" : ''}"] ]
     end
   end
 
@@ -201,6 +202,23 @@ def assert_bad_request(response)
     end
   end
 
+  should 'return application output when used with a query string and path as uri' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request_with_digest_auth 'GET', '/protected?friend=Mike', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice and Mike'
+    end
+  end
+
+  should 'return application output when used with a query string and fullpath as uri' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    qs_uri = '/protected?friend=Mike'
+    request_with_digest_auth 'GET', qs_uri, 'Alice', 'correct-password', 'uri' => qs_uri do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice and Mike'
+    end
+  end
+
   should 'return application output if correct credentials given for POST' do
     request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response|
       response.status.should.equal 200