don't assume the http authorization header will be nil, since some configurations will pass it through as an empty string

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6718 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2022-11-09 12:12:34 -05:00 · 2007-05-11 16:30:57 +00:00 · 2007-05-11 16:30:57 +00:00 · 19ed709b09
commit 19ed709b09
parent 08736788c9
1 changed files with 4 additions and 4 deletions
--- a/actionpack/lib/action_controller/http_authentication.rb
+++ b/actionpack/lib/action_controller/http_authentication.rb
@ -86,10 +86,10 @@ module ActionController
      end

      def authenticate(controller, &login_procedure)
-        if authorization(controller.request)
-          login_procedure.call(*user_name_and_password(controller.request))
-        else
+        if authorization(controller.request).blank?
          false
+        else
+          login_procedure.call(*user_name_and_password(controller.request))
        end
      end

@ -118,4 +118,4 @@ module ActionController
      end
    end
  end
-end
+end