Hi All, I would love to hear your thoughts on this. I am using the htpasswd plugin located here: http://wota.jp/svn/rails/plugins/branches/stable/htpasswd/ To validate access against a .htpasswd file. The plugin is working great but currently if you fail to get the PW correct and generate a 401 (Unauthorized) the user is presented with a completely blank page. My goal is to at least redirect them to the home page or present a message saying their login attempts have failed. Here is what i have tried: #application.rb rescue_from Htpasswd::UnknownUserAccount, :with => :http_status_code def http_status_code redirect_to "http://someplace.com" end ^---- The above does nothing and does NOT catch anything. I have tried with Htpasswd::Error, and ActiveResource::UnauthorizedAccess -- nothing. I have also tried a before filter with a method in application.rb calling htpasswd but i get an error saying the htpasswd method does not exist. Any input or even a starting place where i can begin researching would be great . THANK YOU! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
If anyone has a suggestion for a starting point on where I can begin trying to figure this out i''d really appreciate hearing it. thanks Mm Zz wrote:> Hi All, > > I would love to hear your thoughts on this. > > I am using the htpasswd plugin located here: > http://wota.jp/svn/rails/plugins/branches/stable/htpasswd/ > > To validate access against a .htpasswd file. The plugin is working > great but currently if you fail to get the PW correct and generate a 401 > (Unauthorized) the user is presented with a completely blank page. > > My goal is to at least redirect them to the home page or present a > message saying their login attempts have failed. > > Here is what i have tried: > #application.rb > rescue_from Htpasswd::UnknownUserAccount, :with => :http_status_code > > def http_status_code > redirect_to "http://someplace.com" > end > > ^---- The above does nothing and does NOT catch anything. I have tried > with Htpasswd::Error, and ActiveResource::UnauthorizedAccess -- > nothing.> I have also tried a before filter with a method in application.rb > calling htpasswd but i get an error saying the htpasswd method does not > exist. >-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
In ./lib/htpasswd/auths/base.rb I found two exceptions that are raised for an invalid account and password: Htpasswd::UnknownUserAccount and Htpasswd::IncorrectPassword. Try rescuing the latter. See if that does the trick. On Thursday 16 October 2008 19:24:03 Mm Zz wrote:> If anyone has a suggestion for a starting point on where I can begin > trying to figure this out i''d really appreciate hearing it. > > thanks > > Mm Zz wrote: > > Hi All, > > > > I would love to hear your thoughts on this. > > > > I am using the htpasswd plugin located here: > > http://wota.jp/svn/rails/plugins/branches/stable/htpasswd/ > > > > To validate access against a .htpasswd file. The plugin is working > > great but currently if you fail to get the PW correct and generate a 401 > > (Unauthorized) the user is presented with a completely blank page. > > > > My goal is to at least redirect them to the home page or present a > > message saying their login attempts have failed. > > > > Here is what i have tried: > > #application.rb > > rescue_from Htpasswd::UnknownUserAccount, :with => :http_status_code > > > > def http_status_code > > redirect_to "http://someplace.com" > > end > > > > ^---- The above does nothing and does NOT catch anything. I have tried > > with Htpasswd::Error, and ActiveResource::UnauthorizedAccess -- > > nothing. > > > > I have also tried a before filter with a method in application.rb > > calling htpasswd but i get an error saying the htpasswd method does not > > exist.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Sorry for replying twice... caught this after I sent the first one. All of your error classes are in ./lib/htpasswd/class_methods.rb: class Error < StandardError; end class HeaderNotFound < Error; end class UnknownSchemeError < Error; end class NotAuthorizedError < Error; end class ConfigurationError < Error; end class UnknownAccessControl < ConfigurationError; end class AuthSchemesNotDefined < ConfigurationError; end class IncorrectPassword < NotAuthorizedError; end class UnknownUserAccount < NotAuthorizedError; end There''s your two classes at the bottom. I would suggest rescuing Htpasswd::NotAuthorizedError, so that you catch both incorrect passwords and unknown accounts. That would be a more secure way to go, so you don''t inadvertently reveal which user accounts are valid. On Thursday 16 October 2008 19:24:03 Mm Zz wrote:> If anyone has a suggestion for a starting point on where I can begin > trying to figure this out i''d really appreciate hearing it. > > thanks > > Mm Zz wrote: > > Hi All, > > > > I would love to hear your thoughts on this. > > > > I am using the htpasswd plugin located here: > > http://wota.jp/svn/rails/plugins/branches/stable/htpasswd/ > > > > To validate access against a .htpasswd file. The plugin is working > > great but currently if you fail to get the PW correct and generate a 401 > > (Unauthorized) the user is presented with a completely blank page. > > > > My goal is to at least redirect them to the home page or present a > > message saying their login attempts have failed. > > > > Here is what i have tried: > > #application.rb > > rescue_from Htpasswd::UnknownUserAccount, :with => :http_status_code > > > > def http_status_code > > redirect_to "http://someplace.com" > > end > > > > ^---- The above does nothing and does NOT catch anything. I have tried > > with Htpasswd::Error, and ActiveResource::UnauthorizedAccess -- > > nothing. > > > > I have also tried a before filter with a method in application.rb > > calling htpasswd but i get an error saying the htpasswd method does not > > exist.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I see the following starting on line 70 of http://wota.jp/svn/rails/plugins/branches/stable/htpasswd/lib/htpasswd/class_methods.rb : rescue Htpasswd::Error => error logger.debug "Htpasswd error(%s): %s" % [error.class, error.message] Since i do notice this debug statement is printed in my dev log, is it safe to say the error is rescued before my "rescue_from" is triggered? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
any takers on help with this? :) thank you -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Mm Zz wrote:> any takers on help with this? :) > > thank youHere is the solution thanks to an Awesome gent in #rubyonrails.... Since http://wota.jp/svn/rails/plugins/branches/stable/htpasswd/lib/htpasswd/class_methods.rb is rescuing Htpasswd::Error => error around line 70, i overrode the htpasswd_authorize method by doing the following: - Created lib/hacks/htpasswd_hack.rb - Dropped the following into that file: module Htpasswd protected def htpasswd_authorize logger.debug "Htpasswd is enabled with %s" % htpasswd_options.inspect username = Auths.scheme(self).authorize(htpasswd_acls) logger.debug "Htpasswd authorize user ''%s''" % username @htpasswd_authorized_username = username return true rescue Htpasswd::Error => error logger.debug "Htpasswd error(%s): %s" % [error.class, error.message] strongest_auth = htpasswd_options[:schemes].map{|scheme| Auths[scheme]}.sort.last or raise AuthSchemesNotDefined response.headers[''WWW-Authenticate''] = strongest_auth.new(htpasswd_options).server_header logger.debug "Htpasswd sending authenticate header: ''%s''"% response.headers[''WWW-Authenticate''] #render :nothing => true, :status => 401 # DO SOMETHING FANCY WITH THE 401 HERE render :action => "show_home_page", :layout=> false , :status => 401 return false end end - In application.rb added this on line 1: require ''lib/hacks/htpasswd_hack'' And finally i ended all that by dancing a jig. THANKS to Patrick for responding to my help request. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---