mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* lib/webrick/httpauth/digestauth.rb (_authenticate):
Literal texts in HTTP ABNF is case-insensitive (RFC2616 2.1), and a ample implementation in RFC2617 also ignores the case of algorithms. So now this ignores those cases. [ruby-dev:43965] [Feature #4936] * lib/webrick/httpauth/digestauth.rb (initialize): Because of above, opera_hack is useless and removed. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
fed26e916b
commit
8fb2058d82
3 changed files with 98 additions and 5 deletions
|
|
@ -83,7 +83,6 @@ module WEBrick
|
|||
@nonce_expire_period = @config[:NonceExpirePeriod]
|
||||
@nonce_expire_delta = @config[:NonceExpireDelta]
|
||||
@internet_explorer_hack = @config[:InternetExplorerHack]
|
||||
@opera_hack = @config[:OperaHack]
|
||||
|
||||
case @algorithm
|
||||
when 'MD5','MD5-sess'
|
||||
|
|
@ -175,8 +174,7 @@ module WEBrick
|
|||
end
|
||||
|
||||
auth_req['algorithm'] ||= 'MD5'
|
||||
if auth_req['algorithm'] != @algorithm &&
|
||||
(@opera_hack && auth_req['algorithm'] != @algorithm.upcase)
|
||||
if auth_req['algorithm'].upcase != @algorithm.upcase
|
||||
error('%s: algorithm unmatch. "%s" for "%s"',
|
||||
auth_req['username'], auth_req['algorithm'], @algorithm)
|
||||
return false
|
||||
|
|
@ -212,8 +210,7 @@ module WEBrick
|
|||
nonce_is_invalid = true
|
||||
end
|
||||
|
||||
if /-sess$/ =~ auth_req['algorithm'] ||
|
||||
(@opera_hack && /-SESS$/ =~ auth_req['algorithm'])
|
||||
if /-sess$/i =~ auth_req['algorithm']
|
||||
ha1 = hexdigest(password, auth_req['nonce'], auth_req['cnonce'])
|
||||
else
|
||||
ha1 = password
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue