allow Bearer as well as Token

rails · Jun 1, 2015 · 4b4e890 · 4b4e890
1 parent 90918b5
commit 4b4e890
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -397,7 +397,7 @@ def opaque(secret_key)
     #   RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
     module Token
       TOKEN_KEY = 'token='
-      TOKEN_REGEX = /^Token /
+      TOKEN_REGEX = /^(Token|Bearer) /
       AUTHN_PAIR_DELIMITERS = /(?:,|;|\t+)/
       extend self
 

diff --git a/actionpack/test/controller/http_token_authentication_test.rb b/actionpack/test/controller/http_token_authentication_test.rb
@@ -87,6 +87,13 @@ def authenticate_long_credentials
     assert_equal "HTTP Token: Access denied.\n", @response.body, "Authentication header was not properly parsed"
   end
 
+  test "successful authentication request with Bearer instead of Token" do
+    @request.env['HTTP_AUTHORIZATION'] = 'Bearer lifo'
+    get :index
+
+    assert_response :success
+  end
+
   test "authentication request without credential" do
     get :display