Skip to content
This repository has been archived by the owner on Mar 22, 2021. It is now read-only.

Commit

Permalink
Merge pull request #37 from nsarno/fix-auth-header-parsing
Browse files Browse the repository at this point in the history
Fix auth header parsing
  • Loading branch information
nsarno committed Jan 28, 2016
2 parents d3e2cdc + a670271 commit 03090f8
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 4 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).

## [1.4.2] - 2016-01-29
### Fixed
- Allow use of any or no prefix in authorization header.
This fixes an unwanted breaking change introduced in `1.4.0` forcing the use
of the `Bearer` prefix.

## [1.4.1] - 2016-01-08
### Fixed
- Use lambda for audience verification
Expand Down
4 changes: 1 addition & 3 deletions lib/knock/authenticable.rb
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
module Knock::Authenticable
def current_user
@current_user ||= begin
token = params[:token] ||
request.headers['Authorization'].match(/^Bearer (.*)$/)[1]

token = params[:token] || request.headers['Authorization'].split.last
Knock::AuthToken.new(token: token).current_user
rescue
nil
Expand Down
2 changes: 1 addition & 1 deletion lib/knock/version.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
module Knock
VERSION = "1.4.1"
VERSION = "1.4.2"
end
16 changes: 16 additions & 0 deletions test/dummy/test/controllers/protected_resources_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,20 @@ def authenticate token: @token
assert_response :success
assert @controller.current_user.id == @user.id
end

test "accepts any prefix in the authorization header" do
@request.env['HTTP_AUTHORIZATION'] = "Other #{@token}"

get :index

assert_response :success
end

test "accepts authorization header without prefix" do
@request.env['HTTP_AUTHORIZATION'] = "#{@token}"

get :index

assert_response :success
end
end

0 comments on commit 03090f8

Please sign in to comment.