Permalink
Browse files

Merge pull request #15683 from larrylv/fix-token-with-empty-value

Fix parsed token value with header `Authorization token=`.

Conflicts:
	actionpack/CHANGELOG.md
  • Loading branch information...
1 parent 3ea9cae commit 60d0aec7f97cfd0790f6d73f7a9ada16ee1245e7 @matthewd matthewd committed Jun 13, 2014
View
@@ -1,3 +1,11 @@
+* With authorization header `Authorization: Token token=`, `authenticate` now
+ recognize token as nil, instead of "token".
+
+ Fixes #14846.
+
+ *Larry Lv*
+
+
## Rails 4.1.2 (unreleased) ##
* Fix URL generation with `:trailing_slash` such that it does not add
@@ -449,7 +449,7 @@ def token_and_options(request)
authorization_request = request.authorization.to_s
if authorization_request[TOKEN_REGEX]
params = token_params_from authorization_request
- [params.shift.last, Hash[params].with_indifferent_access]
+ [params.shift[1], Hash[params].with_indifferent_access]
end
end
@@ -464,7 +464,7 @@ def params_array_from(raw_params)
# This removes the `"` characters wrapping the value.
def rewrite_param_values(array_params)
- array_params.each { |param| param.last.gsub! %r/^"|"$/, '' }
+ array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' }
end
# This method takes an authorization body and splits up the key-value
@@ -132,13 +132,30 @@ def authenticate_long_credentials
assert_equal(expected, actual)
end
- private
-
- def sample_request(token)
- @sample_request ||= OpenStruct.new authorization: %{Token token="#{token}"}
+ test "token_and_options returns empty string with empty token" do
+ token = ''
+ actual = ActionController::HttpAuthentication::Token.token_and_options(sample_request(token)).first
+ expected = token
+ assert_equal(expected, actual)
end
- def encode_credentials(token, options = {})
- ActionController::HttpAuthentication::Token.encode_credentials(token, options)
+ test "token_and_options returns nil with no value after the equal sign" do
+ actual = ActionController::HttpAuthentication::Token.token_and_options(malformed_request).first
+ expected = nil
+ assert_equal(expected, actual)
end
+
+ private
+
+ def sample_request(token)
+ @sample_request ||= OpenStruct.new authorization: %{Token token="#{token}", nonce="def"}
+ end
+
+ def malformed_request
+ @malformed_request ||= OpenStruct.new authorization: %{Token token=}
+ end
+
+ def encode_credentials(token, options = {})
+ ActionController::HttpAuthentication::Token.encode_credentials(token, options)
+ end
end

0 comments on commit 60d0aec

Please sign in to comment.