diff options
author | Pierre Chapuis <catwell@archlinux.us> | 2010-12-13 09:03:15 -0600 |
---|---|---|
committer | Joshua Peek <josh@joshpeek.com> | 2010-12-13 09:03:15 -0600 |
commit | f80df3903f6b4e97051560382e0481a4754e4218 (patch) | |
tree | 6b7ea57cec40bdbdc16b6c1f67ff4f8232efc0dd | |
parent | 9ad83ca55dad90b87a4484cd1003fd3527fd1727 (diff) | |
download | rack-f80df3903f6b4e97051560382e0481a4754e4218.tar.gz |
Fix Rack::Auth::Digest query string bug
Signed-off-by: Joshua Peek <josh@joshpeek.com>
-rw-r--r-- | lib/rack/auth/abstract/request.rb | 6 | ||||
-rw-r--r-- | lib/rack/auth/digest/request.rb | 2 | ||||
-rw-r--r-- | test/spec_auth_digest.rb | 20 |
3 files changed, 26 insertions, 2 deletions
diff --git a/lib/rack/auth/abstract/request.rb b/lib/rack/auth/abstract/request.rb index 1d9ccec6..9e15c720 100644 --- a/lib/rack/auth/abstract/request.rb +++ b/lib/rack/auth/abstract/request.rb @@ -1,3 +1,5 @@ +require 'rack/request' + module Rack module Auth class AbstractRequest @@ -6,6 +8,10 @@ module Rack @env = env end + def request + @request ||= Request.new(@env) + end + def provided? !authorization_key.nil? end diff --git a/lib/rack/auth/digest/request.rb b/lib/rack/auth/digest/request.rb index a8aa3bf9..373897d5 100644 --- a/lib/rack/auth/digest/request.rb +++ b/lib/rack/auth/digest/request.rb @@ -16,7 +16,7 @@ module Rack end def correct_uri? - (@env['SCRIPT_NAME'].to_s + @env['PATH_INFO'].to_s) == uri + request.fullpath == uri end def nonce diff --git a/test/spec_auth_digest.rb b/test/spec_auth_digest.rb index 75b61b15..c68642aa 100644 --- a/test/spec_auth_digest.rb +++ b/test/spec_auth_digest.rb @@ -8,7 +8,8 @@ describe Rack::Auth::Digest::MD5 do def unprotected_app lambda do |env| - [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ] + friend = Rack::Utils.parse_query(env["QUERY_STRING"])["friend"] + [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}#{friend ? " and #{friend}" : ''}"] ] end end @@ -201,6 +202,23 @@ describe Rack::Auth::Digest::MD5 do end end + should 'return application output when used with a query string and path as uri' do + @request = Rack::MockRequest.new(partially_protected_app) + request_with_digest_auth 'GET', '/protected?friend=Mike', 'Alice', 'correct-password' do |response| + response.status.should.equal 200 + response.body.to_s.should.equal 'Hi Alice and Mike' + end + end + + should 'return application output when used with a query string and fullpath as uri' do + @request = Rack::MockRequest.new(partially_protected_app) + qs_uri = '/protected?friend=Mike' + request_with_digest_auth 'GET', qs_uri, 'Alice', 'correct-password', 'uri' => qs_uri do |response| + response.status.should.equal 200 + response.body.to_s.should.equal 'Hi Alice and Mike' + end + end + should 'return application output if correct credentials given for POST' do request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response| response.status.should.equal 200 |