Fixed http digest authentication to use credentials URI passed from client. [#1848 state:resolved]
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
This commit is contained in:
parent
238a6bb62d
commit
86d8f92282
|
@ -183,7 +183,7 @@ module ActionController
|
|||
|
||||
if valid_nonce && realm == credentials[:realm] && opaque(request.session.session_id) == credentials[:opaque]
|
||||
password = password_procedure.call(credentials[:username])
|
||||
expected = expected_response(request.env['REQUEST_METHOD'], request.url, credentials, password)
|
||||
expected = expected_response(request.env['REQUEST_METHOD'], credentials[:uri], credentials, password)
|
||||
expected == credentials[:response]
|
||||
end
|
||||
end
|
||||
|
|
|
@ -107,6 +107,15 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
|
|||
assert_equal 'Definitely Maybe', @response.body
|
||||
end
|
||||
|
||||
test "authentication request with relative URI" do
|
||||
@request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "/", :username => 'pretty', :password => 'please')
|
||||
get :display
|
||||
|
||||
assert_response :success
|
||||
assert assigns(:logged_in)
|
||||
assert_equal 'Definitely Maybe', @response.body
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def encode_credentials(options)
|
||||
|
@ -120,7 +129,7 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
|
|||
|
||||
credentials = decode_credentials(@response.headers['WWW-Authenticate'])
|
||||
credentials.merge!(options)
|
||||
credentials.merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
|
||||
credentials.reverse_merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
|
||||
ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue