Permalink
Browse files

Run login_procedure only when the auth_scheme is valid

  • Loading branch information...
tomykaira committed Jul 7, 2013
1 parent a7a377f commit 15a98a88c08a30234ece4ba0bf697f18474c04bf
Showing with 14 additions and 7 deletions.
  1. +14 −7 actionpack/lib/action_controller/metal/http_authentication.rb
@@ -90,22 +90,29 @@ def request_http_basic_authentication(realm = "Application")
end
def authenticate(request, &login_procedure)
- unless request.authorization.blank?
+ if has_basic_credentials?(request)
login_procedure.call(*user_name_and_password(request))
end
end
+ def has_basic_credentials?(request)
+ request.authorization.present? && (auth_scheme(request) == 'Basic')
+ end
+
def user_name_and_password(request)
decode_credentials(request).split(/:/, 2)
end
def decode_credentials(request)
- scheme, param = request.authorization.split(' ', 2)
- if scheme == 'Basic'
- ::Base64.decode64(param || '')
- else
- ''
- end
+ ::Base64.decode64(auth_param(request) || '')
+ end
+
+ def auth_scheme(request)
+ request.authorization.split(' ', 2).first
+ end
+
+ def auth_param(request)
+ request.authorization.split(' ', 2).second
end
def encode_credentials(user_name, password)

1 comment on commit 15a98a8

@Meekohi

This comment has been minimized.

Show comment Hide comment
@Meekohi

Meekohi Apr 28, 2016

My client's auth scheme was not valid. :'(

My client's auth scheme was not valid. :'(

Please sign in to comment.