Method: ActionController::HttpAuthentication::Digest#validate_nonce
- Defined in:
- lib/action_controller/metal/http_authentication.rb
#validate_nonce(secret_key, request, value, seconds_to_timeout = 5*60) ⇒ Object
Might want a shorter timeout depending on whether the request is a PUT or POST, and if client is browser or web service. Can be much shorter if the Stale directive is implemented. This would allow a user to use new nonce without prompting user again for their username and password.
305 306 307 308 |
# File 'lib/action_controller/metal/http_authentication.rb', line 305 def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60) t = ::Base64.decode64(value).split(":").first.to_i nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout end |