Permalink
Browse files

Eliminate newlines in basic auth. fixes #2882

  • Loading branch information...
1 parent de03d4f commit 9959233e24eedec4b39e53b6ea0261420ac41f63 @tenderlove tenderlove committed Sep 7, 2011
@@ -145,7 +145,7 @@ def decode_credentials(request)
end
def encode_credentials(user_name, password)
- "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}"
+ "Basic #{ActiveSupport::Base64.encode64s("#{user_name}:#{password}")}"
end
def authentication_request(controller, realm)
@@ -85,6 +85,14 @@ def authenticate_long_credentials
end
end
+ def test_encode_credentials_has_no_newline
+ username = 'laskjdfhalksdjfhalkjdsfhalksdjfhklsdjhalksdjfhalksdjfhlakdsjfh'
+ password = 'kjfhueyt9485osdfasdkljfh4lkjhakldjfhalkdsjf'
+ result = ActionController::HttpAuthentication::Basic.encode_credentials(
+ username, password)
+ assert_no_match(/\n/, result)
+ end
+
test "authentication request without credential" do
get :display

0 comments on commit 9959233

Please sign in to comment.