Skip to content

Commit

Permalink
Merge pull request #84 from gmoore/master
Browse files Browse the repository at this point in the history 
Only send opaque auth attribute if the server sent it with the challenge
  • Loading branch information
@rafaelfranca
rafaelfranca committed Nov 30, 2015
2 parents d4d8da9 + 0d7ea15 commit 11c59c4
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 12 deletions.
23 changes: 13 additions & 10 deletions lib/active_resource/connection.rb
View file
Expand Up @@ -269,16 +269,19 @@ def extract_params_from_response
end

def auth_attributes_for(uri, request_digest, params)
[
%Q(username="#{@user}"),
%Q(realm="#{params['realm']}"),
%Q(qop="#{params['qop']}"),
%Q(uri="#{uri.path}"),
%Q(nonce="#{params['nonce']}"),
%Q(nc="0"),
%Q(cnonce="#{params['cnonce']}"),
%Q(opaque="#{params['opaque']}"),
%Q(response="#{request_digest}")].join(", ")
auth_attrs =
[
%Q(username="#{@user}"),
%Q(realm="#{params['realm']}"),
%Q(qop="#{params['qop']}"),
%Q(uri="#{uri.path}"),
%Q(nonce="#{params['nonce']}"),
%Q(nc="0"),
%Q(cnonce="#{params['cnonce']}"),
%Q(response="#{request_digest}")]

auth_attrs << %Q(opaque="#{params['opaque']}") unless params['opaque'].blank?
auth_attrs.join(", ")
end

def http_format_header(http_method)
Expand Down
4 changes: 2 additions & 2 deletions test/cases/authorization_test.rb
View file
Expand Up @@ -238,11 +238,11 @@ def test_raises_invalid_request_on_unauthorized_requests_with_digest_auth

private
def blank_digest_auth_header(uri, response)
%Q(Digest username="david", realm="", qop="", uri="#{uri}", nonce="", nc="0", cnonce="i-am-a-client-nonce", opaque="", response="#{response}")
%Q(Digest username="david", realm="", qop="", uri="#{uri}", nonce="", nc="0", cnonce="i-am-a-client-nonce", response="#{response}")
end

def request_digest_auth_header(uri, response)
%Q(Digest username="david", realm="RailsTestApp", qop="auth", uri="#{uri}", nonce="#{@nonce}", nc="0", cnonce="i-am-a-client-nonce", opaque="ef6dfb078ba22298d366f99567814ffb", response="#{response}")
%Q(Digest username="david", realm="RailsTestApp", qop="auth", uri="#{uri}", nonce="#{@nonce}", nc="0", cnonce="i-am-a-client-nonce", response="#{response}", opaque="ef6dfb078ba22298d366f99567814ffb")
end

def response_digest_auth_header
Expand Down

0 comments on commit 11c59c4

Please sign in to comment.