From d7516f471a6f03f86e378d54dcebef8ce860ff26 Mon Sep 17 00:00:00 2001 From: kentakag Date: Sun, 31 Jan 2021 00:43:13 +0900 Subject: [PATCH] Fix exception in raw_params method Prevent the raw_params method from throwing an exception if the argument auth is blank. Add tests for the raw_params method Fix typo Fix rubocop offenses --- .../metal/http_authentication.rb | 2 +- .../controller/http_token_authentication_test.rb | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index a9b7eb896c..0bf5cc2e50 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -484,7 +484,7 @@ module ActionController def raw_params(auth) _raw_params = auth.sub(TOKEN_REGEX, "").split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/) - if !_raw_params.first.start_with?(TOKEN_KEY) + if !_raw_params.first&.start_with?(TOKEN_KEY) _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}" end diff --git a/actionpack/test/controller/http_token_authentication_test.rb b/actionpack/test/controller/http_token_authentication_test.rb index 57b78154bc..5940858197 100644 --- a/actionpack/test/controller/http_token_authentication_test.rb +++ b/actionpack/test/controller/http_token_authentication_test.rb @@ -155,7 +155,7 @@ class HttpTokenAuthenticationTest < ActionController::TestCase assert_equal(expected, actual) end - test "token_and_options returns correct token with nounce option" do + test "token_and_options returns correct token with nonce option" do token = "rcHu+HzSFw89Ypyhn/896A=" nonce_hash = { nonce: "123abc" } actual = ActionController::HttpAuthentication::Token.token_and_options(sample_request(token, nonce_hash)) @@ -177,6 +177,20 @@ class HttpTokenAuthenticationTest < ActionController::TestCase assert_equal(expected, actual) end + test "raw_params returns a tuple of key value pair strings when auth does not contain a token key" do + auth = sample_request_without_token_key("rcHu+HzSFw89Ypyhn/896A=").authorization.to_s + actual = ActionController::HttpAuthentication::Token.raw_params(auth) + expected = ["token=rcHu+HzSFw89Ypyhn/896A="] + assert_equal(expected, actual) + end + + test "raw_params returns a tuple of key strings when auth does not contain a token key and value" do + auth = sample_request_without_token_key(nil).authorization.to_s + actual = ActionController::HttpAuthentication::Token.raw_params(auth) + expected = ["token="] + assert_equal(expected, actual) + end + test "token_and_options returns right token when token key is not specified in header" do token = "rcHu+HzSFw89Ypyhn/896A="