Base64 encoding of HTTP basic auth credentials should omit newlines (do not enforce a 76 character line limit)
According to RFC 2617 (http://www.ietf.org/rfc/rfc2617.txt), the 76 character line limit normally enforced by Base64 encoding should not apply to the encoding of HTTP basic authentication credentials.
This commit is contained in:
parent
f9f2a98189
commit
61b0fce828
@ -105,7 +105,7 @@ For example:
|
|||||||
end
|
end
|
||||||
|
|
||||||
def basic_auth(user, pass)
|
def basic_auth(user, pass)
|
||||||
encoded_login = ["#{user}:#{pass}"].pack("m*")
|
encoded_login = ["#{user}:#{pass}"].pack("m*").gsub(/\n/, '')
|
||||||
header('HTTP_AUTHORIZATION', "Basic #{encoded_login}")
|
header('HTTP_AUTHORIZATION', "Basic #{encoded_login}")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ describe "Basic Auth HTTP headers" do
|
|||||||
end
|
end
|
||||||
|
|
||||||
it "should be present in visit" do
|
it "should be present in visit" do
|
||||||
webrat_session.should_receive(:get).with("/", {}, {'HTTP_AUTHORIZATION' => "Basic dXNlcjpzZWNyZXQ=\n"})
|
webrat_session.should_receive(:get).with("/", {}, {'HTTP_AUTHORIZATION' => "Basic dXNlcjpzZWNyZXQ="})
|
||||||
visit("/")
|
visit("/")
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -18,7 +18,18 @@ describe "Basic Auth HTTP headers" do
|
|||||||
</form>
|
</form>
|
||||||
</html>
|
</html>
|
||||||
HTML
|
HTML
|
||||||
webrat_session.should_receive(:post).with("/form1", {}, {'HTTP_AUTHORIZATION' => "Basic dXNlcjpzZWNyZXQ=\n"})
|
webrat_session.should_receive(:post).with("/form1", {}, {'HTTP_AUTHORIZATION' => "Basic dXNlcjpzZWNyZXQ="})
|
||||||
click_button
|
click_button
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "with long username and password combination" do
|
||||||
|
before do
|
||||||
|
basic_auth('user', 'secret1234567890123456789012345678901234567890123456789012345678901234567890')
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should be present, without new lines, in visit" do
|
||||||
|
webrat_session.should_receive(:get).with("/", {}, {'HTTP_AUTHORIZATION' => "Basic dXNlcjpzZWNyZXQxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkw"})
|
||||||
|
visit("/")
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user