kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge pull request #21203 from denniss/issue-21199

Browse source 
Authorization scheme should be case insensitive. Fixes #21199
This commit is contained in:
Sean Griffin 2015-08-11 17:25:00 -06:00
commit e69364bc2d
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_controller/metal/http_authentication.rb
View file

@ -94,7 +94,7 @@ module ActionController
end end
def has_basic_credentials?(request) def has_basic_credentials?(request)
request.authorization.present? && (auth_scheme(request) == 'Basic') request.authorization.present? && (auth_scheme(request).downcase == 'basic')
end end
def user_name_and_password(request) def user_name_and_password(request)

8
actionpack/test/controller/http_basic_authentication_test.rb
View file

@ -100,6 +100,14 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
assert_no_match(/\n/, result) assert_no_match(/\n/, result)
end end
test "succesful authentication with uppercase authorization scheme" do
@request.env['HTTP_AUTHORIZATION'] = "BASIC #{::Base64.encode64("lifo:world")}"
get :index
assert_response :success
assert_equal 'Hello Secret', @response.body, 'Authentication failed when authorization scheme BASIC'
end
test "authentication request without credential" do test "authentication request without credential" do
get :display get :display