Merge pull request #43209 from mpestov/check-basic-auth-credentials
Check basic auth credentials before authenticate
This commit is contained in:
commit
20db0845cd
@ -103,7 +103,7 @@ def authenticate(request, &login_procedure)
|
||||
end
|
||||
|
||||
def has_basic_credentials?(request)
|
||||
request.authorization.present? && (auth_scheme(request).downcase == "basic")
|
||||
request.authorization.present? && (auth_scheme(request).downcase == "basic") && user_name_and_password(request).length == 2
|
||||
end
|
||||
|
||||
def user_name_and_password(request)
|
||||
|
@ -112,6 +112,11 @@ def test_encode_credentials_has_no_newline
|
||||
assert_no_match(/\n/, result)
|
||||
end
|
||||
|
||||
test "has_basic_credentials? should fail with credentials without colon" do
|
||||
@request.env["HTTP_AUTHORIZATION"] = "Basic #{::Base64.encode64("David Goliath")}"
|
||||
assert_not ActionController::HttpAuthentication::Basic.has_basic_credentials?(@request)
|
||||
end
|
||||
|
||||
test "successful authentication with uppercase authorization scheme" do
|
||||
@request.env["HTTP_AUTHORIZATION"] = "BASIC #{::Base64.encode64("lifo:world")}"
|
||||
get :index
|
||||
|
Loading…
Reference in New Issue
Block a user