Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Make http digest work with different server/browser combinations. [#3006

 status:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
  • Loading branch information...
commit 2d2216fadb0bb6eb6feebe697d3e7041f7d0d965 1 parent 32c2355
@josevalim josevalim authored lifo committed
View
3  actionpack/lib/action_controller/http_authentication.rb
@@ -195,9 +195,10 @@ def validate_digest_response(request, realm, &password_procedure)
return false unless password
method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
+ uri = credentials[:uri][0,1] == '/' ? request.request_uri : request.url
[true, false].any? do |password_is_ha1|
- expected = expected_response(method, request.env['REQUEST_URI'], credentials, password, password_is_ha1)
+ expected = expected_response(method, uri, credentials, password, password_is_ha1)
expected == credentials[:response]
end
end
View
35 actionpack/test/controller/http_digest_authentication_test.rb
@@ -129,7 +129,7 @@ def authenticate_with_request
assert_equal 'Definitely Maybe', @response.body
end
- test "authentication request with request-uri that doesn't match credentials digest-uri" do
+ test "authentication request with request-uri that doesn't match credentials digest-uri" do
@request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
@request.env['REQUEST_URI'] = "/http_digest_authentication_test/dummy_digest/altered/uri"
get :display
@@ -138,10 +138,33 @@ def authenticate_with_request
assert_equal "Authentication Failed", @response.body
end
- test "authentication request with absolute uri" do
- @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "http://test.host/http_digest_authentication_test/dummy_digest/display",
+ test "authentication request with absolute request uri (as in webrick)" do
+ @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
+ @request.env['REQUEST_URI'] = "http://test.host/http_digest_authentication_test/dummy_digest"
+
+ get :display
+
+ assert_response :success
+ assert assigns(:logged_in)
+ assert_equal 'Definitely Maybe', @response.body
+ end
+
+ test "authentication request with absolute uri in credentials (as in IE)" do
+ @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:url => "http://test.host/http_digest_authentication_test/dummy_digest",
:username => 'pretty', :password => 'please')
- @request.env['REQUEST_URI'] = "http://test.host/http_digest_authentication_test/dummy_digest/display"
+
+ get :display
+
+ assert_response :success
+ assert assigns(:logged_in)
+ assert_equal 'Definitely Maybe', @response.body
+ end
+
+ test "authentication request with absolute uri in both request and credentials (as in Webrick with IE)" do
+ @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:url => "http://test.host/http_digest_authentication_test/dummy_digest",
+ :username => 'pretty', :password => 'please')
+ @request.env['REQUEST_URI'] = "http://test.host/http_digest_authentication_test/dummy_digest"
+
get :display
assert_response :success
@@ -199,11 +222,11 @@ def encode_credentials(options)
credentials = decode_credentials(@response.headers['WWW-Authenticate'])
credentials.merge!(options)
- credentials.reverse_merge!(:uri => "#{@request.env['REQUEST_URI']}")
+ credentials.merge!(:uri => @request.env['REQUEST_URI'].to_s)
ActionController::HttpAuthentication::Digest.encode_credentials(method, credentials, password, options[:password_is_ha1])
end
def decode_credentials(header)
ActionController::HttpAuthentication::Digest.decode_credentials(@response.headers['WWW-Authenticate'])
end
-end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.