1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* lib/webrick/httpauth/digestauth.rb (_authenticate):

Literal texts in HTTP ABNF is case-insensitive (RFC2616 2.1),
  and a ample implementation in RFC2617 also ignores the case
  of algorithms. So now this ignores those cases.
  [ruby-dev:43965] [Feature #4936]

* lib/webrick/httpauth/digestauth.rb (initialize):
  Because of above, opera_hack is useless and removed.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
naruse 2011-07-05 05:06:05 +00:00
parent fed26e916b
commit 8fb2058d82
3 changed files with 98 additions and 5 deletions

View file

@ -83,7 +83,6 @@ module WEBrick
@nonce_expire_period = @config[:NonceExpirePeriod]
@nonce_expire_delta = @config[:NonceExpireDelta]
@internet_explorer_hack = @config[:InternetExplorerHack]
@opera_hack = @config[:OperaHack]
case @algorithm
when 'MD5','MD5-sess'
@ -175,8 +174,7 @@ module WEBrick
end
auth_req['algorithm'] ||= 'MD5'
if auth_req['algorithm'] != @algorithm &&
(@opera_hack && auth_req['algorithm'] != @algorithm.upcase)
if auth_req['algorithm'].upcase != @algorithm.upcase
error('%s: algorithm unmatch. "%s" for "%s"',
auth_req['username'], auth_req['algorithm'], @algorithm)
return false
@ -212,8 +210,7 @@ module WEBrick
nonce_is_invalid = true
end
if /-sess$/ =~ auth_req['algorithm'] ||
(@opera_hack && /-SESS$/ =~ auth_req['algorithm'])
if /-sess$/i =~ auth_req['algorithm']
ha1 = hexdigest(password, auth_req['nonce'], auth_req['cnonce'])
else
ha1 = password