Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #7240 from steveklabnik/fix_2301

Fix for digest authentication bug - issue #2301 in rails/rails
  • Loading branch information...
commit 6e523766d8a64bf18ac6d0e261c6bd962bc6c0a9 2 parents 077372b + 6beaafd
@rafaelfranca rafaelfranca authored
View
2  actionpack/CHANGELOG.md
@@ -1,5 +1,7 @@
## Rails 4.0.0 (unreleased) ##
+* Fixed issue with where Digest authentication would not work behind a proxy. *Arthur Smith*
+
* Added ActionController::Live. Mix it in to your controller and you can
stream data to the client live. For example:
View
2  actionpack/lib/action_controller/metal/http_authentication.rb
@@ -193,7 +193,7 @@ def validate_digest_response(request, realm, &password_procedure)
return false unless password
method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
- uri = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url
+ uri = credentials[:uri]
[true, false].any? do |trailing_question_mark|
[true, false].any? do |password_is_ha1|
View
7 actionpack/test/controller/http_digest_authentication_test.rb
@@ -139,11 +139,12 @@ def authenticate_with_request
test "authentication request with request-uri that doesn't match credentials digest-uri" do
@request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
- @request.env['ORIGINAL_FULLPATH'] = "/http_digest_authentication_test/dummy_digest/altered/uri"
+ @request.env['PATH_INFO'] = "/proxied/uri"
get :display
- assert_response :unauthorized
- assert_equal "Authentication Failed", @response.body
+ assert_response :success
+ assert assigns(:logged_in)
+ assert_equal 'Definitely Maybe', @response.body
end
test "authentication request with absolute request uri (as in webrick)" do
Please sign in to comment.
Something went wrong with that request. Please try again.