Only triggers http in failure app if devise.authentication_method is :http.

2010-04-06 13:40:39 +02:00 · 2010-04-06 13:40:39 +02:00 · 9d1a52978c
parent 0d3c6b9d99
commit 9d1a52978c
3 changed files with 15 additions and 6 deletions
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@ -63,7 +63,7 @@ module Devise
    end

    def http_auth?
-      request.authorization
+      env["devise.authentication_method"] == :http && request.authorization
    end

    def http_auth_body
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@ -28,13 +28,14 @@ module Devise

      # Check if this is strategy is valid for http authentication.
      def valid_for_http_auth?
-        http_authenticatable? && request.authorization && with_authentication_hash(http_auth_hash)
+        http_authenticatable? && request.authorization &&
+          with_authentication_hash(http_auth_hash) && (env["devise.authentication_method"] = :http)
      end

      # Check if this is strategy is valid for params authentication.
      def valid_for_params_auth?
-        params_authenticatable? && valid_request? &&
-          valid_params? && with_authentication_hash(params_auth_hash)
+        params_authenticatable? && valid_request? && valid_params? &&
+          with_authentication_hash(params_auth_hash) && (env["devise.authentication_method"] = :params)
      end

      # Check if the model accepts this strategy as http authenticatable.
--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@ -22,8 +22,11 @@ class FailureTest < ActiveSupport::TestCase
  end

  def call_failure_with_http(env_params={})
-    env = { "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("foo:bar")}" }
-    call_failure(env_params.merge!(env))
+    env = {
+      "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("foo:bar")}",
+      "devise.authentication_method" => :http
+    }
+    call_failure(env.merge!(env_params))
  end

  context 'When redirecting' do
@ -69,6 +72,11 @@ class FailureTest < ActiveSupport::TestCase
      assert_equal 401, @response.first
    end

+    test 'does trigger http authentication if devise.authentication_method is not :http' do
+      call_failure_with_http("devise.authentication_method" => :params)
+      assert_equal 302, @response.first
+    end
+
    test 'return WWW-authenticate headers' do
      call_failure_with_http
      assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]