Hi all,
I''ve got a problem with HTTP Digest Authentication after upgrading
Rails to 2.3.2.
It seems that it is broken for PUT and DELETE requests method.
Here is what I did:
1. Generate new rails app in rails 2.3.2
2. Added sample scaffold model Post name:string
3. Added simple HTTP Digest Authentication filter to application
controller:
|----------------code----------------- |
USERS = { ''lifo'' => ''world'',
''pretty'' => ''please'',
''a'' => ''b''}
before_filter :digest_authenticate
def digest_authenticate
authenticate_or_request_with_http_digest do |login|
USERS[login]
end
end
|---------------- code -----------------|
It works fine for index, new, create and show action, but for destroy
(DELETE) and update(PUT) htaccess popup apears and don''t allow to
update or delete( of course for I put correct login/password data :))
Have you got also problem with this ?
I''ve reviewed action_pack source code and it seems that in lines:
http://github.com/rails/rails/blob/18eb80ccc7e932f9a6c00462ceaeea648631b120/actionpack/lib/action_controller/http_authentication.rb(197,198)
expected = expected_response(request.env[''REQUEST_METHOD''],
request.env
[''REQUEST_URI''], credentials, password, password_is_ha1)
expected == credentials[:response]
there are different values generated for PUT and DELETE request
method.
Regards
Grzesiek F.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Scott Ahten
2009-Mar-27 20:51 UTC
Re: HTTP Digest Authentication PUT DELETE problem. Bug ?
I''ve run into the same problem. GET and POST work find, but PUT and DELETE repeatedly asks for login information and never succeeds. On Mar 19, 6:47 pm, greq <gdo...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi all, > > I''ve got a problem with HTTP Digest Authentication after upgrading > Rails to 2.3.2. > It seems that it is broken for PUT and DELETE requests method.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Steve Madsen
2009-Apr-15 13:24 UTC
Re: HTTP Digest Authentication PUT DELETE problem. Bug ?
This is a bug in Rails 2.3.2. I''ve created a Lighthouse ticket for it (#2490) and created a patch that fixes it. It will probably help get the fix into a release if others acknowledge the problem and can verify my patch fixes it for them. https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/2490-http-digest-auth-uses-wrong-request-method-for-put-delete#ticket-2490-1 On Mar 27, 4:51 pm, Scott Ahten <lightandshado...-ee4meeAH724@public.gmane.org> wrote:> I''ve run into the same problem. GET and POST work find, but PUT and > DELETE repeatedly asks for login information and never succeeds. > > On Mar 19, 6:47 pm, greq <gdo...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > Hi all, > > > I''ve got a problem with HTTP Digest Authentication after upgrading > > Rails to 2.3.2. > > It seems that it is broken for PUT and DELETE requests method.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---