Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well (closes #6754) [mislaw]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7091 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
a347d461a8
commit
73fba4faf1
|
@ -1,5 +1,7 @@
|
|||
*SVN*
|
||||
|
||||
* Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well #6754 [mislaw]
|
||||
|
||||
* Don't mistakenly interpret the request uri as the query string. #8731 [lifofifo, Jeremy Kemper]
|
||||
|
||||
* Make ActionView#view_paths an attr_accessor for real this time. Also, don't perform an unnecessary #compact on the @view_paths array in #initialize. Closes #8582 [dasil003, julik, rick]
|
||||
|
|
|
@ -68,6 +68,13 @@ module ActionController
|
|||
#
|
||||
# assert_equal 200, status
|
||||
# end
|
||||
#
|
||||
#
|
||||
# On shared hosts, Apache sometimes doesn't pass authentication headers to
|
||||
# FCGI instances. If your environment matches this description and you cannot
|
||||
# authenticate, try this rule in public/.htaccess (replace the plain one):
|
||||
#
|
||||
# RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
|
||||
module Basic
|
||||
extend self
|
||||
|
||||
|
@ -100,11 +107,12 @@ module ActionController
|
|||
def authorization(request)
|
||||
request.env['HTTP_AUTHORIZATION'] ||
|
||||
request.env['X-HTTP_AUTHORIZATION'] ||
|
||||
request.env['X_HTTP_AUTHORIZATION']
|
||||
request.env['X_HTTP_AUTHORIZATION'] ||
|
||||
request.env['REDIRECT_X_HTTP_AUTHORIZATION']
|
||||
end
|
||||
|
||||
def decode_credentials(request)
|
||||
Base64.decode64(authorization(request).split.last)
|
||||
Base64.decode64(authorization(request).split.last || '')
|
||||
end
|
||||
|
||||
def encode_credentials(user_name, password)
|
||||
|
|
|
@ -3,35 +3,42 @@ require File.dirname(__FILE__) + '/../abstract_unit'
|
|||
class HttpBasicAuthenticationTest < Test::Unit::TestCase
|
||||
include ActionController::HttpAuthentication::Basic
|
||||
|
||||
def setup
|
||||
@controller = Class.new do
|
||||
attr_accessor :headers, :renders
|
||||
class DummyController
|
||||
attr_accessor :headers, :renders, :request
|
||||
|
||||
def initialize
|
||||
@headers, @renders = {}, []
|
||||
end
|
||||
|
||||
def request
|
||||
Class.new do
|
||||
def env
|
||||
{ 'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials("dhh", "secret") }
|
||||
end
|
||||
end.new
|
||||
@request = ActionController::TestRequest.new
|
||||
end
|
||||
|
||||
def render(options)
|
||||
self.renders << options
|
||||
end
|
||||
end.new
|
||||
end
|
||||
|
||||
def setup
|
||||
@controller = DummyController.new
|
||||
@credentials = ActionController::HttpAuthentication::Basic.encode_credentials("dhh", "secret")
|
||||
end
|
||||
|
||||
def test_successful_authentication
|
||||
assert authenticate(@controller) { |user_name, password| user_name == "dhh" && password == "secret" }
|
||||
login = Proc.new { |user_name, password| user_name == "dhh" && password == "secret" }
|
||||
set_headers
|
||||
assert authenticate(@controller, &login)
|
||||
|
||||
set_headers ''
|
||||
assert_nothing_raised do
|
||||
assert !authenticate(@controller, &login)
|
||||
end
|
||||
|
||||
set_headers nil
|
||||
set_headers @credentials, 'REDIRECT_X_HTTP_AUTHORIZATION'
|
||||
assert authenticate(@controller, &login)
|
||||
end
|
||||
|
||||
def test_failing_authentication
|
||||
assert !authenticate(@controller) { |user_name, password| user_name == "dhh" && password == "secret!!" }
|
||||
set_headers
|
||||
assert !authenticate(@controller) { |user_name, password| user_name == "dhh" && password == "incorrect" }
|
||||
end
|
||||
|
||||
def test_authentication_request
|
||||
|
@ -39,4 +46,9 @@ class HttpBasicAuthenticationTest < Test::Unit::TestCase
|
|||
assert_equal 'Basic realm="Megaglobalapp"', @controller.headers["WWW-Authenticate"]
|
||||
assert_equal :unauthorized, @controller.renders.first[:status]
|
||||
end
|
||||
|
||||
private
|
||||
def set_headers(value = @credentials, name = 'HTTP_AUTHORIZATION')
|
||||
@controller.request.env[name] = value
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue