instance method `validate_nonce`

Ruby on Rails 4.0.13

Since v2.3.18

Available in: v2.3.18 v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Compare with:

validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)

Might want a shorter timeout depending on whether the request is a PATCH, PUT, or POST, and if client is browser or web service. Can be much shorter if the Stale directive is implemented. This would allow a user to use new nonce without prompting user again for their username and password.

Parameters

secret_key req
request req
value req
seconds_to_timeout opt = 5*60

Source

# File actionpack/lib/action_controller/metal/http_authentication.rb, line 301
      def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)
        return false if value.nil?
        t = ::Base64.decode64(value).split(":").first.to_i
        nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
      end

Defined in actionpack/lib/action_controller/metal/http_authentication.rb line 301 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActionController::HttpAuthentication::Digest

Signature

Parameters