Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Allow token authentication header with text value. #14213

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
6 participants
Contributor

tylerhunt commented Feb 26, 2014

The field content is allowed to be *TEXT, and does not have to contain
key value pairs. Update the test to account for this.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 for the
relevant section of the specification.

Allow token authentication header with text value.
The field content is allowed to be *TEXT, and does not have to contain
key value pairs. Update the test to account for this.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 for the
relevant section of the specification.

@robin850 robin850 added the actionpack label Feb 26, 2014

@repinel repinel commented on the diff Jun 8, 2015

...ack/test/controller/http_token_authentication_test.rb
@@ -79,12 +79,12 @@ def authenticate_long_credentials
end
end
- test "authentication request with badly formatted header" do
- @request.env['HTTP_AUTHORIZATION'] = "Token foobar"
+ test "authentication request with text" do
@repinel

repinel Jun 8, 2015

Contributor

You should probably have this as a new test.

@arthurnn

arthurnn Jun 16, 2015

Member

Right, is there any reason that you didnt create a new test, and instead it is changing an existent one?

@tylerhunt

tylerhunt Jul 31, 2015

Contributor

My impression was that the existing test was testing for a badly formatted header to fail authentication, when in reality the "badly formatted header" in question is actually valid according to the spec, so the existing (invalid) test was removed, and a new one was added to ensure authorization headers without key/value pairs are acceptable.

Contributor

mjhoy commented Apr 19, 2017

Is this fixed due to #19094 ?

Owner

rafaelfranca commented Apr 20, 2017

Right! Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment