Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Fix for digest authentication bug - issue #2301 in rails/rails #7240

Merged
merged 2 commits into from

4 participants

@steveklabnik
Collaborator

This is a rebase of #2323. Tests pass.

Fixes #2301.

@schneems
Collaborator

:+1:

@arthurpsmith

Hey, I have to try that:
:+1:

@arthurpsmith

Thanks again @steveklabnik - so what happens next?

@rafaelfranca rafaelfranca commented on the diff
...ck/test/controller/http_digest_authentication_test.rb
@@ -139,11 +139,12 @@ def authenticate_with_request
test "authentication request with request-uri that doesn't match credentials digest-uri" do
@rafaelfranca Owner

The test description doesn't match with the content.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@rafaelfranca
Owner

Now you have to explain why this change.

Before we had a failure case test. Now a success. Why this change?

@arthurpsmith

Rafael - read Issue #2301 - the old failure test case was the problem. It should have allowed it. I modified the test case to be more explicit that proxy URL rewriting is allowed by the Digest Auth Spec.

@rafaelfranca
Owner

Great!. @steveklabnik could you add a changelog entry?

@steveklabnik
Collaborator

I added it and pushed. Not appearing here quite yet, I'm sure it'll just be a second. EDIT: There it is.

@rafaelfranca rafaelfranca merged commit 6e52376 into rails:master
@rafaelfranca
Owner

Done. Thanks.

@arthurpsmith

Oh my, it's in after all this time. Thanks all!

@steveklabnik
Collaborator

:D :heart:

@schneems
Collaborator

Good work! Dreams can come true :sparkles: don't forget to close #2301

@rafaelfranca
Owner

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
2  actionpack/CHANGELOG.md
@@ -1,5 +1,7 @@
## Rails 4.0.0 (unreleased) ##
+* Fixed issue with where Digest authentication would not work behind a proxy. *Arthur Smith*
+
* Added ActionController::Live. Mix it in to your controller and you can
stream data to the client live. For example:
View
2  actionpack/lib/action_controller/metal/http_authentication.rb
@@ -194,7 +194,7 @@ def validate_digest_response(request, realm, &password_procedure)
return false unless password
method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
- uri = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url
+ uri = credentials[:uri]
[true, false].any? do |trailing_question_mark|
[true, false].any? do |password_is_ha1|
View
7 actionpack/test/controller/http_digest_authentication_test.rb
@@ -139,11 +139,12 @@ def authenticate_with_request
test "authentication request with request-uri that doesn't match credentials digest-uri" do
@rafaelfranca Owner

The test description doesn't match with the content.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
- @request.env['ORIGINAL_FULLPATH'] = "/http_digest_authentication_test/dummy_digest/altered/uri"
+ @request.env['PATH_INFO'] = "/proxied/uri"
get :display
- assert_response :unauthorized
- assert_equal "Authentication Failed", @response.body
+ assert_response :success
+ assert assigns(:logged_in)
+ assert_equal 'Definitely Maybe', @response.body
end
test "authentication request with absolute request uri (as in webrick)" do
Something went wrong with that request. Please try again.