From 8fb2058d825f1e795153255ea99ecc4aa70ed414 Mon Sep 17 00:00:00 2001 From: naruse Date: Tue, 5 Jul 2011 05:06:05 +0000 Subject: * lib/webrick/httpauth/digestauth.rb (_authenticate): Literal texts in HTTP ABNF is case-insensitive (RFC2616 2.1), and a ample implementation in RFC2617 also ignores the case of algorithms. So now this ignores those cases. [ruby-dev:43965] [Feature #4936] * lib/webrick/httpauth/digestauth.rb (initialize): Because of above, opera_hack is useless and removed. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/webrick/httpauth/digestauth.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb index 8f7f32f82b..4e47fe163f 100644 --- a/lib/webrick/httpauth/digestauth.rb +++ b/lib/webrick/httpauth/digestauth.rb @@ -83,7 +83,6 @@ module WEBrick @nonce_expire_period = @config[:NonceExpirePeriod] @nonce_expire_delta = @config[:NonceExpireDelta] @internet_explorer_hack = @config[:InternetExplorerHack] - @opera_hack = @config[:OperaHack] case @algorithm when 'MD5','MD5-sess' @@ -175,8 +174,7 @@ module WEBrick end auth_req['algorithm'] ||= 'MD5' - if auth_req['algorithm'] != @algorithm && - (@opera_hack && auth_req['algorithm'] != @algorithm.upcase) + if auth_req['algorithm'].upcase != @algorithm.upcase error('%s: algorithm unmatch. "%s" for "%s"', auth_req['username'], auth_req['algorithm'], @algorithm) return false @@ -212,8 +210,7 @@ module WEBrick nonce_is_invalid = true end - if /-sess$/ =~ auth_req['algorithm'] || - (@opera_hack && /-SESS$/ =~ auth_req['algorithm']) + if /-sess$/i =~ auth_req['algorithm'] ha1 = hexdigest(password, auth_req['nonce'], auth_req['cnonce']) else ha1 = password -- cgit v1.2.3