kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Check basic auth credentials contains a colon

Browse source
This commit is contained in:
mpestov 2021-09-12 17:01:03 +03:00 committed by m.pestov
parent 01fd264d00
commit 22e6cb2576
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_controller/metal/http_authentication.rb
View file

@ -103,7 +103,7 @@ module ActionController
end
def has_basic_credentials?(request)
request.authorization.present? && (auth_scheme(request).downcase == "basic")
request.authorization.present? && (auth_scheme(request).downcase == "basic") && user_name_and_password(request).length == 2
end
def user_name_and_password(request)

5
actionpack/test/controller/http_basic_authentication_test.rb
View file

@ -112,6 +112,11 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
assert_no_match(/\n/, result)
end
test "has_basic_credentials? should fail with credentials without colon" do
@request.env["HTTP_AUTHORIZATION"] = "Basic #{::Base64.encode64("David Goliath")}"
assert_not ActionController::HttpAuthentication::Basic.has_basic_credentials?(@request)
end
test "successful authentication with uppercase authorization scheme" do
@request.env["HTTP_AUTHORIZATION"] = "BASIC #{::Base64.encode64("lifo:world")}"
get :index