Rails - Dec 2007 - restful_authentication + nested resources => failed to authenticate

To all:

hi,

i used rails 1.2.6 + restful_authentication plugin

  #base_url
  base = ''/v1''

  map.resources :users, :path_prefix => base

  map.resources :users do |users|
    users.resources :orders, :path_prefix =>
''/v1/users/:id''
  end

  map.resource :session

  map.signup ''/signup'', :controller =>
''users'', :action => ''new''
  map.login ''/login'', :controller =>
''session'', :action => ''new''
  map.logout ''/logout'', :controller =>
''session'', :action => ''destroy''

this is my routes.rb

when i first started my webrick, i tried to access localhost:3001/v1/
users/username1/orders
i was prompted for my username password. so it worked.

however when i type in localhost:3001/logout

and when i try localhost:3001/v1/users/username1/orders, it failed to
prompt me.

it showed

You have been logged out.
Listing orders

<data here>

<New order link here>

exposing data when I have already logged out.

May I ask what is wrong here?

Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Forgot to mention that i also installed http_authentication plugin as
well.

On Dec 14, 9:14 pm, Kei Simone
<kimc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> To all:
>
> hi,
>
> i used rails 1.2.6 + restful_authentication plugin
>
>   #base_url
>   base = ''/v1''
>
>   map.resources :users, :path_prefix => base
>
>   map.resources :users do |users|
>     users.resources :orders, :path_prefix =>
''/v1/users/:id''
>   end
>
>   map.resource :session
>
>   map.signup ''/signup'', :controller =>
''users'', :action => ''new''
>   map.login ''/login'', :controller =>
''session'', :action => ''new''
>   map.logout ''/logout'', :controller =>
''session'', :action => ''destroy''
>
> this is my routes.rb
>
> when i first started my webrick, i tried to access localhost:3001/v1/
> users/username1/orders
> i was prompted for my username password. so it worked.
>
> however when i type in localhost:3001/logout
>
> and when i try localhost:3001/v1/users/username1/orders, it failed to
> prompt me.
>
> it showed
>
> You have been logged out.
> Listing orders
>
> <data here>
>
> <New order link here>
>
> exposing data when I have already logged out.
>
> May I ask what is wrong here?
>
> Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Somehow my session is not destroyed.

what have i gone wrong?

inside my application.rb

# Filters
  before_filter :authenticate

  # Sets @authenticated_user if the user provides valid
  # credentials. THis may be used to deny access or customise the view
  def authenticate
    @authenticated_user = nil
    authenticate_with_http_basic do |user, password|

      @authenticated_user = User.authenticate(user, password)
    end

    return true
  end

  #Filter for actions that _require_ authentication. Unless client
authenticated
  # as some user, takes over the request and sends a response code of
401.
  def must_authenticate
    if @authenticated_user && (@user_is_viewing_themselves != false)
      return true
    else
      request_http_basic_authentication
      return false
    end
  end


  # A filter for controllers beneath /users/{login}.
  # Transforms {login} into user ID. Sends a 404 response code
  # if the user does not exist.
  def must_specify_user
    if params[:id]
      @user = User.find_by_permalink(params[:id])
      if_found(@user) {params[:user_id] = @user.id}
      return false unless @user
    end
    # for limiting view to authenticated user
    @user_is_viewing_themselves = (@authenticated_user == @user)
    return true
  end

in my orders_controller i use before_filter :must_authenticate and
before_filter:must_specify_user

On Dec 14, 9:49 pm, Kei Simone
<kimc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Forgot to mention that i also installed http_authentication plugin as
> well.
>
> On Dec 14, 9:14 pm, Kei Simone
<kimc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > To all:
>
> > hi,
>
> > i used rails 1.2.6 + restful_authentication plugin
>
> >   #base_url
> >   base = ''/v1''
>
> >   map.resources :users, :path_prefix => base
>
> >   map.resources :users do |users|
> >     users.resources :orders, :path_prefix =>
''/v1/users/:id''
> >   end
>
> >   map.resource :session
>
> >   map.signup ''/signup'', :controller =>
''users'', :action => ''new''
> >   map.login ''/login'', :controller =>
''session'', :action => ''new''
> >   map.logout ''/logout'', :controller =>
''session'', :action => ''destroy''
>
> > this is my routes.rb
>
> > when i first started my webrick, i tried to access localhost:3001/v1/
> > users/username1/orders
> > i was prompted for my username password. so it worked.
>
> > however when i type in localhost:3001/logout
>
> > and when i try localhost:3001/v1/users/username1/orders, it failed to
> > prompt me.
>
> > it showed
>
> > You have been logged out.
> > Listing orders
>
> > <data here>
>
> > <New order link here>
>
> > exposing data when I have already logged out.
>
> > May I ask what is wrong here?
>
> > Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---