# File lib/action_controller/metal/http_authentication.rb, line 178
      def validate_digest_response(request, realm, &password_procedure)
        secret_key  = secret_token(request)
        credentials = decode_credentials_header(request)
        valid_nonce = validate_nonce(secret_key, request, credentials[:nonce])

        if valid_nonce && realm == credentials[:realm] && opaque(secret_key) == credentials[:opaque]
          password = password_procedure.call(credentials[:username])
          return false unless password

          method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
          uri    = credentials[:uri][0,1] == '/' ? request.fullpath : request.url

         [true, false].any? do |password_is_ha1|
           expected = expected_response(method, uri, credentials, password, password_is_ha1)
           expected == credentials[:response]
         end
        end
      end