Dirkjan Bussink
0523532a3c
Always use OpenSSL constants for Digest operations
...
As also previously discussed in
https://github.com/rails/rails/pull/40770#issuecomment-748347066 , this
moves the usage of Digest constants to always use the OpenSSL version of
those Digest implementations.
2021-06-30 13:57:54 +02:00
Ryuta Kamizono
c81af6ae72
Enable Layout/EmptyLinesAroundAccessModifier
cop
...
We sometimes say "✂️ newline after `private`" in a code review (e.g.
https://github.com/rails/rails/pull/18546#discussion_r23188776 ,
https://github.com/rails/rails/pull/34832#discussion_r244847195 ).
Now `Layout/EmptyLinesAroundAccessModifier` cop have new enforced style
`EnforcedStyle: only_before` (https://github.com/rubocop-hq/rubocop/pull/7059 ).
That cop and enforced style will reduce the our code review cost.
2019-06-13 12:00:45 +09:00
Rafael Mendonça França
1a6a3e06ed
Remove secret_token rack env and cookie upgrade code
...
Now that secret_token was removed all this code is now dead.
2019-01-17 16:08:34 -05:00
Dillon Welch
d108288c2f
Turn on performance based cops
...
Use attr_reader/attr_writer instead of methods
method is 12% slower
Use flat_map over map.flatten(1)
flatten is 66% slower
Use hash[]= instead of hash.merge! with single arguments
merge! is 166% slower
See https://github.com/rails/rails/pull/32337 for more conversation
2018-07-23 15:37:06 -07:00
Daniel Colson
a1ac18671a
Replace assert !
with assert_not
...
This autocorrects the violations after adding a custom cop in
3305c78dcd.
2018-04-19 08:11:33 -04:00
utilum
6f6fe69ea8
We should call methods with .method_name
not ::method_name
.
...
Found several instances.
Follow up on 63d530c5e68a8cf53603744789f53ccbc7ac1a0e
2018-02-22 00:54:40 +01:00
Kir Shatrov
dfcc766163
Use frozen string literal in actionpack/
2017-07-29 14:02:40 +03:00
Matthew Draper
87b3e226d6
Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"
...
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
2017-07-02 02:15:17 +09:30
Kir Shatrov
cfade1ec7e
Enforce frozen string in Rubocop
2017-07-01 02:11:03 +03:00
Rafael Mendonça França
fe1f4b2ad5
Add more rubocop rules about whitespaces
2016-10-29 01:17:49 -02:00
Rafael Mendonça França
55f9b8129a
Add three new rubocop rules
...
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
2016-08-16 04:30:11 -03:00
Xavier Noria
80e66cc4d9
normalizes indentation and whitespace across the project
2016-08-06 20:16:27 +02:00
Xavier Noria
5b6eb1d58b
modernizes hash syntax in actionpack
2016-08-06 19:35:13 +02:00
Xavier Noria
35b3de8021
applies new string literal convention in actionpack/test
...
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
2016-08-06 18:54:50 +02:00
Prem Sichanugrist
8cb8ce98d9
Stop using deprecated render :text
in test
...
This will silence deprecation warnings.
Most of the test can be changed from `render :text` to render `:plain`
or `render :body` right away. However, there are some tests that needed
to be fixed by hand as they actually assert the default Content-Type
returned from `render :body`.
2015-07-17 22:27:33 -04:00
Guo Xiang Tan
ca83436d1b
Remove assigns
and assert_template
.
2015-05-30 14:13:57 +08:00
Lauro Caetano
b1b9a0aeca
Typos. return -> returns. [ci skip]
2013-12-03 13:31:36 -02:00
Trevor Turk
2edf657a64
Remove comments about removing LegacyKeyGenerator in 4.1
2013-04-03 08:28:37 -05:00
Trevor Turk
7c7a427344
Rename DummyKeyGenerator -> LegacyKeyGenerator
2013-04-02 18:41:57 -05:00
Brad Dunbar
95332abe09
Digest auth should not 500 when given a basic header.
2013-03-18 14:50:47 -04:00
Francesco Rodriguez
a53a7bea80
update documentation and code to use _action callbacks
2012-12-07 14:46:06 -05:00
Santiago Pastorino
c2a7956eb7
Move ensure_secret_secure to DummyKeyGenerator
2012-11-03 14:57:54 -02:00
Santiago Pastorino
5d23925f84
Use derived keys everywhere, http_authentication was missing it
2012-11-03 14:57:54 -02:00
Arthur Smith
b3e2abc4b1
Fix for digest authentication bug - issue #2301 in rails/rails
2012-08-02 15:24:08 -04:00
kennyj
131083b819
Should use an argument in http_digest_authentication_test.rb
2012-03-17 20:23:28 +09:00
Piotr Sarnacki
3131a93797
Fix http digest authentication with trailing '/' or '?' ( fixes #4038 and #3228 )
2011-12-21 00:02:58 +01:00
Jarrod Carlson
53c1ae99f5
Added failing test to demonstrate digest authentication failure
2011-12-20 18:03:49 +01:00
José Valim
6690d66292
Rename config.cookie_secret to config.secret_token and pass it as configuration in request.env. This is another step forward removing global configuration.
2010-04-05 12:00:24 +02:00
Carlhuda
e311622e7b
Deprecated ActionController::Base.session_options= and ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.
2010-03-04 16:05:52 -08:00
Carlhuda
5e0a05b8cb
Tweak the semantic of various URL related methods of ActionDispatch::Request
2010-03-03 21:23:34 -08:00
Carlhuda
bf9913f8f4
Move session_store and session_options to the AC configuration object
2010-03-03 15:49:52 -08:00
José Valim
32bde66aa6
Make http digest work with different server/browser combinations
...
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
2009-08-09 15:53:52 +01:00
nate
f68cc639f5
A test to show that http_authentication needs to fail authentication if the password procedure returns nil. Also includes a fix to validate_digest_response to fail validation if the password procedure returns nil.
...
Signed-off-by: Michael Koziarski <michael@koziarski.com>
2009-06-09 19:47:53 +12:00
Pratik Naik
1a52b246eb
Add HTTP Authentication to the new base
2009-05-22 00:29:47 +02:00
Pratik Naik
195fadbfd3
Ensure HTTP Digest auth uses appropriate HTTP method [ #2490 state:resolved] [Steve Madsen]
2009-05-18 16:59:37 +02:00
Joshua Peek
0494909679
Inherit TestSession from Session::AbstractStore and add indifferent access to Session::AbstractStore.
2009-04-26 14:33:57 -05:00
Donald Parish
be7b64b35a
Support MD5 passwords for Digest auth and use session_options[:secret] in nonce [ #2209 state:resolved]
...
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
2009-03-12 13:24:54 +00:00
Donald Parish
86d8f92282
Fixed http digest authentication to use credentials URI passed from client. [ #1848 state:resolved]
...
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
2009-02-16 20:20:23 +01:00
Gregg Kellogg
306cc2b920
Implement HTTP Digest authentication. [ #1230 state:resolved] [Gregg Kellogg, Pratik Naik]
...
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
2009-01-29 16:01:59 +00:00
Pratik Naik
c99ef814b0
Revert "HTTP Digest authentication [ #1230 state:resolved]"
...
This reverts commit 45dee3842d68359a189fe7c0729359bd5a905ea4.
Reasons :
1. The code is not working in it's current state
2. Should not be using exceptions for flow control
2009-01-13 16:13:42 +00:00
Joshua Peek
45dee3842d
HTTP Digest authentication [ #1230 state:resolved]
2008-12-28 15:13:16 -06:00