Http token parser bug #7312
Http token parser bug #7312
Conversation
|
Please also squash commits into one :-) |
|
Yup, will do, I still have tests to write and code might change when the discussion is over. |
|
Also, don't forget about CHANGELOG entry and proper commit message as stated here: http://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html#updating-the-changelog and here: http://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html#commit-your-changes |
|
Tests showing the bug: Running tests:....................FFFF Finished tests in 0.057636s, 416.4064 tests/s, 815.4626 assertions/s.
24 tests, 47 assertions, 4 failures, 0 errors, 0 skips Tasks: TOP => test => test_action_pack |
|
I've refactored this pull request to add tests showing the bugs in the initial code and re-added the fixes. Here are the tests after the fixes: Running tests:....................... Finished tests in 0.053864s, 427.0013 tests/s, 816.8721 assertions/s. 23 tests, 44 assertions, 0 failures, 0 errors, 0 skips Running tests:....................... Finished tests in 0.048848s, 470.8483 tests/s, 900.7534 assertions/s. 23 tests, 44 assertions, 0 failures, 0 errors, 0 skips |
| end | ||
| end | ||
|
|
||
| def token_params_from(authorization) | ||
| raw = authorization.sub(%r/^Token /, '').split %r/"\s*(?:,|;|\t+)\s*/ |
There was a problem hiding this comment.
4 times in this diff you're using %r/.../ do declare a regular expression. Why not just /.../?
In my code, I only use %r when I don't want to escape forward slashes in my regex, e.g.
url =~ %r{^http://.*$}There was a problem hiding this comment.
Originally there was a complex expression that had escapes. This was a quick way to make it easier to read. My refactor removed the need for he complex expression, but forgot to remove the change in syntax.
On Nov 7, 2012, at 1:35 PM, Benjamin Quorning notifications@github.com wrote:
In actionpack/lib/action_controller/metal/http_authentication.rb:
end end
def token_params_from(authorization)raw = authorization.sub(%r/^Token /, '').split %r/"\s_(?:,|;|\t+)\s_/In my code, I only use %r when I don't want to escape forward slashes in my regex, e.g.
url =~ %r{^http://.*$}
—
Reply to this email directly or view it on GitHub.
| test "authentication request with valid credential" do | ||
| @request.env['HTTP_AUTHORIZATION'] = encode_credentials('"quote" pretty', :algorithm => 'test') | ||
| get :display | ||
| test "token_and_options returns correct token, equal bug" do |
There was a problem hiding this comment.
We shouldn't be referencing the bug here. There's no more bug after the code is done. ;)
|
@krainboltgreene , I'm interested in merging this. Things I need:
I'm also gonna double check with someone else on core, but this all seems good to me, and would solve #8208, #8196, and #7311. |
|
Sure, I'll get it in tonight. |
Adding a test for the equal trun bug Adding a test for the after equal trunc bug Adding a test for the slash bug Adding a test for the slash quote bug Adding a helper method for creating a sample request object with token Writing a method to create params array from raw params Writing a method to rewrite param values in the params Writing a method to get the token params from an authorization value Refactoring the token_and_options method to fix bugs Removing unnessecary test A constant for this shared regex seemed appropriate Wanting to split up this logic Adding small documentation pieces
|
|
If I can get a |
|
This work fixes my issues with handling the "=" character and other characters than what I did in my pull request #8208 |
|
Seems good to me. |
|
Awesome. @krainboltgreene, thank you so much for your contribution. I know we took a long time to take care of this. |
|
But seriously, was worth the wait. |
Fixing a problem detailed in #7311. Not ready to pull until that discussion is resolved.