Skip to content
This repository
Browse code

Fixed http digest authentication to use credentials URI passed from c…

…lient. [#1848 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
  • Loading branch information...
commit 86d8f922828677e64892c166adf26cd421f0991a 1 parent 238a6bb
Donald Parish authored lifo committed
2  actionpack/lib/action_controller/http_authentication.rb
@@ -183,7 +183,7 @@ def validate_digest_response(request, realm, &password_procedure)
183 183
184 184 if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque]
185 185 password = password_procedure.call(credentials[:username])
186   - expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password)
  186 + expected = expected_response(request.env['REQUEST_METHOD'], credentials[:uri], credentials, password)
187 187 expected == credentials[:response]
188 188 end
189 189 end
11 actionpack/test/controller/http_digest_authentication_test.rb
@@ -107,6 +107,15 @@ def authenticate_with_request
107 107 assert_equal 'Definitely Maybe', @response.body
108 108 end
109 109
  110 + test "authentication request with relative URI" do
  111 + @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "/", :username => 'pretty', :password => 'please')
  112 + get :display
  113 +
  114 + assert_response :success
  115 + assert assigns(:logged_in)
  116 + assert_equal 'Definitely Maybe', @response.body
  117 + end
  118 +
110 119 private
111 120
112 121 def encode_credentials(options)
@@ -120,7 +129,7 @@ def encode_credentials(options)
120 129
121 130 credentials = decode_credentials(@response.headers['WWW-Authenticate'])
122 131 credentials.merge!(options)
123   - credentials.merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
  132 + credentials.reverse_merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
124 133 ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password)
125 134 end
126 135

0 comments on commit 86d8f92

Please sign in to comment.
Something went wrong with that request. Please try again.