Permalink
Browse files

Digest#validate_digest_response should accept request instead of cont…

…roller
  • Loading branch information...
1 parent 8761663 commit b3bc4fa5e02e71a992f8a432757548c762f0aad8 @lifo lifo committed Jan 29, 2009
Showing with 6 additions and 6 deletions.
  1. +6 −6 actionpack/lib/action_controller/http_authentication.rb
@@ -166,7 +166,7 @@ def request_http_digest_authentication(realm = "Application", message = nil)
# Returns false on a valid response, true otherwise
def authenticate(controller, realm, &password_procedure)
- authorization(controller.request) && validate_digest_response(controller, realm, &password_procedure)
+ authorization(controller.request) && validate_digest_response(controller.request, realm, &password_procedure)
end
def authorization(request)
@@ -177,13 +177,13 @@ def authorization(request)
end
# Raises error unless the request credentials response value matches the expected value.
- def validate_digest_response(controller, realm, &password_procedure)
- credentials = decode_credentials_header(controller.request)
- valid_nonce = validate_nonce(controller.request, credentials[:nonce])
+ def validate_digest_response(request, realm, &password_procedure)
+ credentials = decode_credentials_header(request)
+ valid_nonce = validate_nonce(request, credentials[:nonce])
- if valid_nonce && realm == credentials[:realm] && opaque(controller.request.session.session_id) == credentials[:opaque]
+ if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque]
password = password_procedure.call(credentials[:username])
- expected = expected_response(controller.request.env['REQUEST_METHOD'], controller.request.url, credentials, password)
+ expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password)
expected == credentials[:response]
end
end

0 comments on commit b3bc4fa

Please sign in to comment.