Fix raw params method to not raise an exception

actionpack/lib/action_controller/metal/http_authentication.rb

@@ -484,7 +484,7 @@ def rewrite_param_values(array_params)
       def raw_params(auth)
         _raw_params = auth.sub(TOKEN_REGEX, "").split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
 
-        if !_raw_params.first.start_with?(TOKEN_KEY)
+        if !_raw_params.first&.start_with?(TOKEN_KEY)
           _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}"
         end
 

actionpack/test/controller/http_token_authentication_test.rb

@@ -155,7 +155,7 @@ def authenticate_long_credentials
     assert_equal(expected, actual)
   end
 
-  test "token_and_options returns correct token with nounce option" do
+  test "token_and_options returns correct token with nonce option" do
     token = "rcHu+HzSFw89Ypyhn/896A="
     nonce_hash = { nonce: "123abc" }
     actual = ActionController::HttpAuthentication::Token.token_and_options(sample_request(token, nonce_hash))
@@ -177,6 +177,20 @@ def authenticate_long_credentials
     assert_equal(expected, actual)
   end
 
+  test "raw_params returns a tuple of key value pair strings when auth does not contain a token key" do
+    auth = sample_request_without_token_key("rcHu+HzSFw89Ypyhn/896A=").authorization.to_s
+    actual = ActionController::HttpAuthentication::Token.raw_params(auth)
+    expected = ["token=rcHu+HzSFw89Ypyhn/896A="]
+    assert_equal(expected, actual)
+  end
+
+  test "raw_params returns a tuple of key strings when auth does not contain a token key and value" do
+    auth = sample_request_without_token_key(nil).authorization.to_s
+    actual = ActionController::HttpAuthentication::Token.raw_params(auth)
+    expected = ["token="]
+    assert_equal(expected, actual)
+  end
+
   test "token_and_options returns right token when token key is not specified in header" do
     token = "rcHu+HzSFw89Ypyhn/896A="