Ticket #9747: assume_authentication_headers_are_latin1_when_not_utf8.diff
| File assume_authentication_headers_are_latin1_when_not_utf8.diff, 1.8 kB (added by manfred, 1 year ago) |
|---|
-
actionpack/test/controller/http_authentication_test.rb
old new 36 36 assert authenticate(@controller, &login) 37 37 end 38 38 39 def test_authorization_with_non_ascii_characters 40 login = Proc.new { |user_name, password| user_name == "Manfrëd" && password == "sëcret"} 41 42 set_headers ActionController::HttpAuthentication::Basic.encode_credentials("Manfrëd", "sëcret") 43 assert authenticate(@controller, &login) 44 set_headers ActionController::HttpAuthentication::Basic.encode_credentials("Manfr\353d", "s\353cret") 45 assert authenticate(@controller, &login) 46 end 47 39 48 def test_failing_authentication 40 49 set_headers 41 50 assert !authenticate(@controller) { |user_name, password| user_name == "dhh" && password == "incorrect" } -
actionpack/lib/action_controller/http_authentication.rb
old new 110 110 request.env['X_HTTP_AUTHORIZATION'] || 111 111 request.env['REDIRECT_X_HTTP_AUTHORIZATION'] 112 112 end 113 113 114 114 def decode_credentials(request) 115 Base64.decode64(authorization(request).split.last || '') 115 credentials = Base64.decode64(authorization(request).split.last || '') 116 # If the credentials aren't UTF-8 assume they're ISO 8859-1 117 credentials.is_utf8? ? credentials : credentials.unpack('C*').pack('U*') 116 118 end 117 119 118 120 def encode_credentials(user_name, password)
