Method: ActionController::HttpAuthentication::Digest#validate_nonce
- Defined in:
- lib/action_controller/metal/http_authentication.rb
#validate_nonce(secret_key, request, value, seconds_to_timeout = 5 * 60) ⇒ Object
Might want a shorter timeout depending on whether the request is a PATCH, PUT, or POST, and if the client is a browser or web service. Can be much shorter if the Stale directive is implemented. This would allow a user to use new nonce without prompting the user again for their username and password.
341 342 343 344 345 |
# File 'lib/action_controller/metal/http_authentication.rb', line 341 def validate_nonce(secret_key, request, value, seconds_to_timeout = 5 * 60) return false if value.nil? t = ::Base64.decode64(value).split(":").first.to_i nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout end |