Correct a2 encoding within httpdigest helper to use remotely given uri

EDmitry · Oct 11, 2009 · 2398699 · 2398699
1 parent 903c522
commit 2398699
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/lib/ramaze/helper/httpdigest.rb b/lib/ramaze/helper/httpdigest.rb
@@ -76,15 +76,15 @@ def httpdigest(uid, realm, &block)
 
         authorization = Rack::Auth::Digest::Params.parse(auth_raw)
 
-        digest_response, username, nonce, nc, cnonce, qop, opaque =
-          authorization.values_at(*%w[response username nonce nc cnonce qop opaque])
+        digest_response, username, nonce, nc, cnonce, qop, opaque, uri =
+          authorization.values_at(*%w[response username nonce nc cnonce qop opaque uri])
 
         httpdigest_failure_internal(uid, realm) unless nonce == session_nonce and opaque == session_opaque
 
         ha1 = httpdigest_lookup(username, realm, &block)
-        a2 = [request.request_method,request.request_uri]
+        a2 = [request.request_method,uri]
         a2 << Digest::MD5.hexdigest(request.body.read) if qop == "auth-int"
-        ha2 = Digest::MD5.hexdigest( a2.join(':') )
+        ha2 = Digest::MD5.hexdigest(a2.join(':'))
         md5 = Digest::MD5.hexdigest([ha1, nonce, nc, cnonce, qop, ha2].join(':'))
 
         httpdigest_failure_internal(uid, realm) unless digest_response == md5