method

validate_nonce

v4.1.8 - Show latest stable - Class: ActionController::HttpAuthentication::Digest

validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)

public

Might want a shorter timeout depending on whether the request is a PATCH, PUT, or POST, and if client is browser or web service. Can be much shorter if the Stale directive is implemented. This would allow a user to use new nonce without prompting user again for their username and password.

# File actionpack/lib/action_controller/metal/http_authentication.rb, line 313
      def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)
        return false if value.nil?
        t = ::Base64.decode64(value).split(":").first.to_i
        nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
      end

validate_nonce

Related methods