RSpec
Ruby on Rails
Rubyauthenticate_or_request_with_http_digest
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8 (0)
- 3.0.0 (0)
- 3.0.9 (0)
- 3.1.0 (0)
- 3.2.1 (0)
- 3.2.8 (0)
- 3.2.13 (0)
- 4.0.2 (0)
- 4.1.8 (0)
- 4.2.1 (0)
- 4.2.7 (0)
- 4.2.9 (0)
- 5.0.0.1 (0)
- 5.1.7 (0)
- 5.2.3 (0)
- 6.0.0 (0)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (38)
- What's this?
= private
= protected
authenticate_or_request_with_http_digest(realm = "Application", message = nil, &password_procedure)
public
Authenticate using an HTTP Digest, or otherwise render an HTTP header requesting the client to send a Digest.
See ActionController::HttpAuthentication::Digest for example usage.
tarvaina -
June 4, 2009
Security hole in 2.3.2
This method has a security hole in Rails 2.3.2. See http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest for explanation.
Rails 2.3.3 should fix the problem.
sjmadsen -
April 15, 2009
Testing HTTP Digest authentication
Testing HTTP Digest authentication is a bit tricky. I wrote a post describing how to accomplish it.
http://lightyearsoftware.com/blog/2009/04/testing-http-digest-authentication-in-rails/
Note also that Digest auth is broken for REST actions using PUT or DELETE. There is an open Lighthouse ticket for this, #2490:
rails.lighthouseapp.com/projects/8994/tickets/2490-http-digest-auth-uses-wrong-request-method-for-put-delete
