Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Eliminate newlines in basic auth. fixes #2882

  • Loading branch information...
commit 9959233e24eedec4b39e53b6ea0261420ac41f63 1 parent de03d4f
Aaron Patterson tenderlove authored
2  actionpack/lib/action_controller/metal/http_authentication.rb
View
@@ -145,7 +145,7 @@ def decode_credentials(request)
end
def encode_credentials(user_name, password)
- "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}"
+ "Basic #{ActiveSupport::Base64.encode64s("#{user_name}:#{password}")}"
end
def authentication_request(controller, realm)
8 actionpack/test/controller/http_basic_authentication_test.rb
View
@@ -85,6 +85,14 @@ def authenticate_long_credentials
end
end
+ def test_encode_credentials_has_no_newline
+ username = 'laskjdfhalksdjfhalkjdsfhalksdjfhklsdjhalksdjfhalksdjfhlakdsjfh'
+ password = 'kjfhueyt9485osdfasdkljfh4lkjhakldjfhalkdsjf'
+ result = ActionController::HttpAuthentication::Basic.encode_credentials(
+ username, password)
+ assert_no_match(/\n/, result)
+ end
+
test "authentication request without credential" do
get :display
Please sign in to comment.
Something went wrong with that request. Please try again.