Permalink
Browse files

Fix Rack::Auth::Digest query string bug

Signed-off-by: Joshua Peek <josh@joshpeek.com>
  • Loading branch information...
1 parent 9ad83ca commit f80df3903f6b4e97051560382e0481a4754e4218 @catwell catwell committed with josh Dec 13, 2010
Showing with 26 additions and 2 deletions.
  1. +6 −0 lib/rack/auth/abstract/request.rb
  2. +1 −1 lib/rack/auth/digest/request.rb
  3. +19 −1 test/spec_auth_digest.rb
@@ -1,3 +1,5 @@
+require 'rack/request'
+
module Rack
module Auth
class AbstractRequest
@@ -6,6 +8,10 @@ def initialize(env)
@env = env
end
+ def request
+ @request ||= Request.new(@env)
+ end
+
def provided?
!authorization_key.nil?
end
@@ -16,7 +16,7 @@ def digest?
end
def correct_uri?
- (@env['SCRIPT_NAME'].to_s + @env['PATH_INFO'].to_s) == uri
+ request.fullpath == uri
end
def nonce
View
@@ -8,7 +8,8 @@ def realm
def unprotected_app
lambda do |env|
- [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ]
+ friend = Rack::Utils.parse_query(env["QUERY_STRING"])["friend"]
+ [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}#{friend ? " and #{friend}" : ''}"] ]
end
end
@@ -201,6 +202,23 @@ def assert_bad_request(response)
end
end
+ should 'return application output when used with a query string and path as uri' do
+ @request = Rack::MockRequest.new(partially_protected_app)
+ request_with_digest_auth 'GET', '/protected?friend=Mike', 'Alice', 'correct-password' do |response|
+ response.status.should.equal 200
+ response.body.to_s.should.equal 'Hi Alice and Mike'
+ end
+ end
+
+ should 'return application output when used with a query string and fullpath as uri' do
+ @request = Rack::MockRequest.new(partially_protected_app)
+ qs_uri = '/protected?friend=Mike'
+ request_with_digest_auth 'GET', qs_uri, 'Alice', 'correct-password', 'uri' => qs_uri do |response|
+ response.status.should.equal 200
+ response.body.to_s.should.equal 'Hi Alice and Mike'
+ end
+ end
+
should 'return application output if correct credentials given for POST' do
request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response|
response.status.should.equal 200

0 comments on commit f80df39

Please sign in to comment.