Only triggers http in failure app if devise.authentication_method is :http.
This commit is contained in:
parent
0d3c6b9d99
commit
9d1a52978c
|
@ -63,7 +63,7 @@ module Devise
|
|||
end
|
||||
|
||||
def http_auth?
|
||||
request.authorization
|
||||
env["devise.authentication_method"] == :http && request.authorization
|
||||
end
|
||||
|
||||
def http_auth_body
|
||||
|
|
|
@ -28,13 +28,14 @@ module Devise
|
|||
|
||||
# Check if this is strategy is valid for http authentication.
|
||||
def valid_for_http_auth?
|
||||
http_authenticatable? && request.authorization && with_authentication_hash(http_auth_hash)
|
||||
http_authenticatable? && request.authorization &&
|
||||
with_authentication_hash(http_auth_hash) && (env["devise.authentication_method"] = :http)
|
||||
end
|
||||
|
||||
# Check if this is strategy is valid for params authentication.
|
||||
def valid_for_params_auth?
|
||||
params_authenticatable? && valid_request? &&
|
||||
valid_params? && with_authentication_hash(params_auth_hash)
|
||||
params_authenticatable? && valid_request? && valid_params? &&
|
||||
with_authentication_hash(params_auth_hash) && (env["devise.authentication_method"] = :params)
|
||||
end
|
||||
|
||||
# Check if the model accepts this strategy as http authenticatable.
|
||||
|
|
|
@ -22,8 +22,11 @@ class FailureTest < ActiveSupport::TestCase
|
|||
end
|
||||
|
||||
def call_failure_with_http(env_params={})
|
||||
env = { "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("foo:bar")}" }
|
||||
call_failure(env_params.merge!(env))
|
||||
env = {
|
||||
"HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("foo:bar")}",
|
||||
"devise.authentication_method" => :http
|
||||
}
|
||||
call_failure(env.merge!(env_params))
|
||||
end
|
||||
|
||||
context 'When redirecting' do
|
||||
|
@ -69,6 +72,11 @@ class FailureTest < ActiveSupport::TestCase
|
|||
assert_equal 401, @response.first
|
||||
end
|
||||
|
||||
test 'does trigger http authentication if devise.authentication_method is not :http' do
|
||||
call_failure_with_http("devise.authentication_method" => :params)
|
||||
assert_equal 302, @response.first
|
||||
end
|
||||
|
||||
test 'return WWW-authenticate headers' do
|
||||
call_failure_with_http
|
||||
assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
|
||||
|
|
Loading…
Reference in New Issue