77
Check basic auth credentials before authenticate by mpestov · Pull Request #4320...
source link: https://github.com/rails/rails/pull/43209
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Summary
If you send a request to a controller protected by basic authentication with wrong credentials (without the colon) you will get the error: NoMethodError: undefined method 'bytesize' for nil:NilClass.
For example:
class UsersController < ApplicationController
http_basic_authenticate_with name: "king", password: "secret"
def index
render plain: "Something"
end
endcredentials=$(echo -n king secret | base64) curl 'http://localhost:3000/users' -H "Authorization: Basic $credentials"
Stacktrace:
NoMethodError: undefined method `bytesize' for nil:NilClass
from activesupport (6.1.4.1) lib/active_support/security_utils.rb:34:in `secure_compare'
from actionpack (6.1.4.1) lib/action_controller/metal/http_authentication.rb:82:in `block in http_basic_authenticate_or_request_with'
from actionpack (6.1.4.1) lib/action_controller/metal/http_authentication.rb:101:in `authenticate'
from actionpack (6.1.4.1) lib/action_controller/metal/http_authentication.rb:91:in `authenticate_with_http_basic'
from actionpack (6.1.4.1) lib/action_controller/metal/http_authentication.rb:87:in `authenticate_or_request_with_http_basic'
from actionpack (6.1.4.1) lib/action_controller/metal/http_authentication.rb:78:in `http_basic_authenticate_or_request_with'
from actionpack (6.1.4.1) lib/action_controller/metal/http_authentication.rb:73:in `block in http_basic_authenticate_with'
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK