kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Eliminate newlines in basic auth. fixes #2882

Browse source
This commit is contained in:
Aaron Patterson 2011-09-06 17:25:20 -07:00
parent 54b7e783ef
commit f6ced69a11
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_controller/metal/http_authentication.rb
View file

@ -145,7 +145,7 @@ module ActionController
end end
def encode_credentials(user_name, password) def encode_credentials(user_name, password)
"Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}" "Basic #{ActiveSupport::Base64.encode64s("#{user_name}:#{password}")}"
end end
def authentication_request(controller, realm) def authentication_request(controller, realm)

8
actionpack/test/controller/http_basic_authentication_test.rb
View file

@ -85,6 +85,14 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
end end
end end
def test_encode_credentials_has_no_newline
username = 'laskjdfhalksdjfhalkjdsfhalksdjfhklsdjhalksdjfhalksdjfhlakdsjfh'
password = 'kjfhueyt9485osdfasdkljfh4lkjhakldjfhalkdsjf'
result = ActionController::HttpAuthentication::Basic.encode_credentials(
username, password)
assert_no_match(/\n/, result)
end
test "authentication request without credential" do test "authentication request without credential" do
get :display get :display