This project is archived and is in readonly mode.
HTTP Digest authentication raise an exception if the client fails to include a nonce
Reported by Adam Milligan | July 28th, 2009 @ 11:51 PM
The HTTP Digest authentication will raise an exception, and return a 500, if the client fails to include a nonce key/value in the Authorization header value. Rather than raise an exception it should simply return 401.
This also happens if the client specifies Basic authentication credentials. Again, it should return 401 rather than 500.
The fix is a single line check. Tests included.
Comments and changes to this ticket
-
Michael Koziarski July 29th, 2009 @ 02:48 AM
- Assigned user set to “Michael Koziarski”
- Milestone set to “2.3.4”
-
Jeremy Kemper September 11th, 2009 @ 11:04 PM
- Milestone changed from “2.3.4” to “2.3.6”
[milestone:id#50064 bulk edit command]
-
CancelProfileIsBroken September 25th, 2009 @ 01:01 PM
- Tag changed from “actionpack, digest, http_authentication, patch, tested” to “actionpack, bugmash, digest, http_authentication, patch, tested”
- Milestone cleared.
- Assigned user cleared.
-
Repository October 21st, 2009 @ 08:06 PM
- State changed from “new” to “resolved”
(from [fdf356d74b9054d44f23356051dd3a85ee9a83b3]) Fixed HTTP digest to properly return 401 when the Authorization header has no nonce specified, or the Authorization header specifies Basic auth [#2968 state:resolved] http://github.com/rails/rails/commit/fdf356d74b9054d44f23356051dd3a...
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Adam Milligan
Michael Koziarski
Attachments
Referenced by
-
2968
HTTP Digest authentication raise an exception if the client fails to include a nonce
(from [fdf356d74b9054d44f23356051dd3a85ee9a83b3])
Fixed H...