Skip to content
Browse files

Refactor decode_credentials to avoid inject and use map instead.

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
  • Loading branch information...
1 parent e66c1ce commit 49d54b4fb66672ba0c4ad68b760f4413cd80da4a @miloops miloops committed with spastorino Sep 22, 2010
View
18 actionpack/lib/action_controller/metal/http_authentication.rb
@@ -95,12 +95,11 @@ module HttpAuthentication
# end
# end
#
- # NOTE: The +authenticate_or_request_with_http_digest+ block must return the user's password or the ha1 digest hash so the framework can appropriately
- # hash to check the user's credentials. Returning +nil+ will cause authentication to fail.
- # Storing the ha1 hash: MD5(username:realm:password), is better than storing a plain password. If
- # the password file or database is compromised, the attacker would be able to use the ha1 hash to
- # authenticate as the user at this +realm+, but would not have the user's password to try using at
- # other sites.
+ # === Notes
+ #
+ # The +authenticate_or_request_with_http_digest+ block must return the user's password
+ # or the ha1 digest hash so the framework can appropriately hash to check the user's
+ # credentials. Returning +nil+ will cause authentication to fail.
#
# On shared hosts, Apache sometimes doesn't pass authentication headers to
# FCGI instances. If your environment matches this description and you cannot
@@ -218,11 +217,10 @@ def decode_credentials_header(request)
end
def decode_credentials(header)
- header.to_s.gsub(/^Digest\s+/,'').split(',').inject({}) do |hash, pair|
+ Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
key, value = pair.split('=', 2)
- hash[key.strip.to_sym] = value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')
- hash
- end
+ [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+ end]
end
def authentication_header(controller, realm)
View
2 actionpack/lib/action_view/test_case.rb
@@ -189,7 +189,7 @@ def _instance_variables
end
def _assigns
- _instance_variables.map { |var| [ var[1..-1].to_sym, instance_variable_get(var)] }
+ _instance_variables.map { |var| [var[1..-1].to_sym, instance_variable_get(var)] }
end
def _routes

0 comments on commit 49d54b4

Please sign in to comment.
Something went wrong with that request. Please try again.