Fix for digest authentication bug - issue #2301 in rails/rails

2022-11-09 12:12:34 -05:00 · 2011-07-28 10:06:45 -04:00 · 2011-07-28 10:06:45 -04:00 · b3e2abc4b1
commit b3e2abc4b1
parent d87524773d
2 changed files with 5 additions and 4 deletions
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@ -194,7 +194,7 @@ module ActionController
          return false unless password

          method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
-          uri    = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url
+          uri    = credentials[:uri]

          [true, false].any? do |trailing_question_mark|
            [true, false].any? do |password_is_ha1|
--- a/actionpack/test/controller/http_digest_authentication_test.rb
+++ b/actionpack/test/controller/http_digest_authentication_test.rb
@ -139,11 +139,12 @@ class HttpDigestAuthenticationTest < ActionController::TestCase

  test "authentication request with request-uri that doesn't match credentials digest-uri" do
    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
-    @request.env['ORIGINAL_FULLPATH'] = "/http_digest_authentication_test/dummy_digest/altered/uri"
+    @request.env['PATH_INFO'] = "/proxied/uri"
    get :display

-    assert_response :unauthorized
-    assert_equal "Authentication Failed", @response.body
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
  end

  test "authentication request with absolute request uri (as in webrick)" do