This project is archived and is in readonly mode.

#4735 ✓stale
Ben Marini

[PATCH] Fix parsing bug in http token authentication module

Reported by Ben Marini | May 31st, 2010 @ 08:23 AM

ActionController::HttpAuthentication::Token#token_and_options incorrectly parses the the Authentication header.

Given a header like this:

Authentication: Token token="vF9dft4qmT",signature="wOJIO9A2W5mFwDgiDvZbTSMK/PY="

#token_and_options will remove the equals from within the signature value and return this:

[ "vF9dft4qmT", { "signature" => "wOJIO9A2W5mFwDgiDvZbTSMK/PY" } ]

I've attached a failing test case that applies to master.

Perhaps we can make use of the parsing code from Rack::Auth::Digest::Params, I believe it will parse this correctly.

Comments and changes to this ticket

  • Ben Marini

    Ben Marini May 31st, 2010 @ 05:16 PM

    • Tag changed from token authentication, bug, rails3 to token authentication, bug, patch, rails3
    • Title changed from “Bug in ActionController::HttpAuthentication::Token#token_and_options” to “[PATCH] Fix parsing bug in http token authentication module”

    Ok, the fix was way easier than I first realized :) Here's a patch that applies to master to fix the bug.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:52 PM

    • State changed from “new” to “open”

    This issue has been automatically marked as stale because it has not been commented on for at least three months.

    The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

    Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:52 PM

    • State changed from “open” to “stale”

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket