Fixed http digest authentication to use credentials URI passed from client. [#1848 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
This commit is contained in:
Donald Parish 2009-02-16 20:19:54 +01:00 committed by Pratik Naik
parent 238a6bb62d
commit 86d8f92282
2 changed files with 11 additions and 2 deletions

View File

@ -183,7 +183,7 @@ module ActionController
if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque]
password = password_procedure.call(credentials[:username])
expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password)
expected = expected_response(request.env['REQUEST_METHOD'], credentials[:uri], credentials, password)
expected == credentials[:response]
end
end

View File

@ -107,6 +107,15 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
assert_equal 'Definitely Maybe', @response.body
end
test "authentication request with relative URI" do
@request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "/", :username => 'pretty', :password => 'please')
get :display
assert_response :success
assert assigns(:logged_in)
assert_equal 'Definitely Maybe', @response.body
end
private
def encode_credentials(options)
@ -120,7 +129,7 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
credentials = decode_credentials(@response.headers['WWW-Authenticate'])
credentials.merge!(options)
credentials.merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
credentials.reverse_merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password)
end