Skip to content

fix(parsing): ignore quoted payment schemes#11

Open
EfeDurmaz16 wants to merge 1 commit into
stripe:mainfrom
EfeDurmaz16:fix/challenge-list-quoted-payment
Open

fix(parsing): ignore quoted payment schemes#11
EfeDurmaz16 wants to merge 1 commit into
stripe:mainfrom
EfeDurmaz16:fix/challenge-list-quoted-payment

Conversation

@EfeDurmaz16
Copy link
Copy Markdown

@EfeDurmaz16 EfeDurmaz16 commented May 16, 2026

Summary

  • parse merged WWW-Authenticate values by scanning auth schemes outside quoted strings
  • avoid splitting Payment challenges when a quoted parameter contains text such as Payment realm
  • stop the final Payment challenge before a following non-Payment scheme such as Bearer
  • add regression coverage for quoted Payment text and trailing non-Payment schemes

Why

MPP clients may receive merged WWW-Authenticate headers with multiple auth schemes. The parser should only treat Payment as an auth scheme at real scheme boundaries, not inside quoted challenge parameters. This keeps challenge selection stable for interop scenarios where proxies or servers merge authentication headers.

Verification

  • mise exec ruby@3.3 -- ruby -c lib/mpp/challenge.rb
  • mise exec ruby@3.3 -- ruby -c test/mpp/test_parsing.rb
  • mise exec ruby@3.3 -- bundle exec ruby -Ilib -Itest test/mpp/test_parsing.rb
  • mise exec ruby@3.3 -- bundle exec standardrb lib/mpp/challenge.rb test/mpp/test_parsing.rb
  • mise exec ruby@3.3 -- bundle exec rake test
  • git diff --check

@EfeDurmaz16
fix(parsing): ignore quoted payment schemes
bf340eb 
Signed-off-by: EfeDurmaz16 <efebarandurmaz05@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@EfeDurmaz16