From 62813237057d8a242a6a4dafee9244efcf8679e0 Mon Sep 17 00:00:00 2001 From: Garen Torikian Date: Mon, 7 Mar 2016 12:40:32 -0800 Subject: Add failing test demonstrating error --- test/spec_auth_basic.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/spec_auth_basic.rb b/test/spec_auth_basic.rb index 1e19bf66..59b55cb3 100644 --- a/test/spec_auth_basic.rb +++ b/test/spec_auth_basic.rb @@ -75,6 +75,14 @@ describe Rack::Auth::Basic do end end + it 'return 400 Bad Request for a nil authorization header' do + request 'HTTP_AUTHORIZATION' => nil do |response| + response.must_be :client_error? + response.status.must_equal 400 + response.wont_include 'WWW-Authenticate' + end + end + it 'takes realm as optional constructor arg' do app = Rack::Auth::Basic.new(unprotected_app, realm) { true } realm.must_equal app.realm -- cgit v1.2.3-24-ge0c7 From 19dbd8701bd957bed8b0391a593eacea3f913d91 Mon Sep 17 00:00:00 2001 From: Garen Torikian Date: Mon, 7 Mar 2016 12:43:36 -0800 Subject: Change `provided?` to provide validation, too Although `authorization_key` is not `nil`, its value might be. Because of this, a `params` split later on fails with a `NoMethodError`. --- lib/rack/auth/abstract/request.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/rack/auth/abstract/request.rb b/lib/rack/auth/abstract/request.rb index 80d1c272..b738cc98 100644 --- a/lib/rack/auth/abstract/request.rb +++ b/lib/rack/auth/abstract/request.rb @@ -13,7 +13,11 @@ module Rack end def provided? - !authorization_key.nil? + !authorization_key.nil? && valid? + end + + def valid? + !@env[authorization_key].nil? end def parts -- cgit v1.2.3-24-ge0c7 From 390d87a1b48643fcd34cdf7bd045cc60e1f4c1dd Mon Sep 17 00:00:00 2001 From: Garen Torikian Date: Mon, 7 Mar 2016 12:43:46 -0800 Subject: Tweak `nil` `HTTP_AUTHORIZATION` test --- test/spec_auth_basic.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/spec_auth_basic.rb b/test/spec_auth_basic.rb index 59b55cb3..45d28576 100644 --- a/test/spec_auth_basic.rb +++ b/test/spec_auth_basic.rb @@ -75,11 +75,10 @@ describe Rack::Auth::Basic do end end - it 'return 400 Bad Request for a nil authorization header' do + it 'return 401 Bad Request for a nil authorization header' do request 'HTTP_AUTHORIZATION' => nil do |response| response.must_be :client_error? - response.status.must_equal 400 - response.wont_include 'WWW-Authenticate' + response.status.must_equal 401 end end -- cgit v1.2.3-24-ge0c7