Permalink
Browse files

Fixed http digest authentication to use credentials URI passed from c…

…lient. [#1848 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
  • Loading branch information...
1 parent 238a6bb commit 86d8f922828677e64892c166adf26cd421f0991a Donald Parish committed with lifo Feb 16, 2009
View
2 actionpack/lib/action_controller/http_authentication.rb
@@ -183,7 +183,7 @@ def validate_digest_response(request, realm, &password_procedure)
if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque]
password = password_procedure.call(credentials[:username])
- expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password)
+ expected = expected_response(request.env['REQUEST_METHOD'], credentials[:uri], credentials, password)
expected == credentials[:response]
end
end
View
11 actionpack/test/controller/http_digest_authentication_test.rb
@@ -107,6 +107,15 @@ def authenticate_with_request
assert_equal 'Definitely Maybe', @response.body
end
+ test "authentication request with relative URI" do
+ @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "/", :username => 'pretty', :password => 'please')
+ get :display
+
+ assert_response :success
+ assert assigns(:logged_in)
+ assert_equal 'Definitely Maybe', @response.body
+ end
+
private
def encode_credentials(options)
@@ -120,7 +129,7 @@ def encode_credentials(options)
credentials = decode_credentials(@response.headers['WWW-Authenticate'])
credentials.merge!(options)
- credentials.merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
+ credentials.reverse_merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password)
end

0 comments on commit 86d8f92

Please sign in to comment.