Rails - Jun 2008 - Restful_authentication, Internet Explorer, and unwanted http basic dialog

I have a fairly bog-standard installation of restful_authentication
and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
an http basic authentication dialog instead of doing what all other
browsers do: go to the login page. Any thoughts why?

I''ve modified the following method of authenticated_system.rb, but
there''s no difference before or after.

Before:

def current_user
   @current_user ||= (login_from_session || login_from_basic_auth ||
login_from_cookie) unless @current_user == false
end

After:

def current_user
    @current_user ||= login_from_session unless @current_user == false
end

Thanks for any help.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I should qualify that: ''before'' you can log in with http basic
authentication, but ''after'' you can''t. My issue is
that I don''t want
to see the http basic authentication dialog at all.

On Jun 27, 2:58 pm, Chris Bartlett
<c.bartl...-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org>
wrote:
> I have a fairly bog-standard installation of restful_authentication
> and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
> an http basic authentication dialog instead of doing what all other
> browsers do: go to the login page. Any thoughts why?
>
> I''ve modified the following method of authenticated_system.rb, but
> there''s no difference before or after.
>
> Before:
>
> def current_user
>    @current_user ||= (login_from_session || login_from_basic_auth ||
> login_from_cookie) unless @current_user == false
> end
>
> After:
>
> def current_user
>     @current_user ||= login_from_session unless @current_user == false
> end
>
> Thanks for any help.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

The issue is in this method of authenticated_system.rb:

    def access_denied
      respond_to do |format|
        format.html do
          store_location
          redirect_to new_session_path
        end
        format.any do
          request_http_basic_authentication ''Web Password''
        end
      end
    end

For some reason Internet Explorer is falling through to format.any -
something''s not quite working with its accept headers, it seems.
Compare:
http://rituonrails.wordpress.com/2006/12/10/strane-behaviour-of-respond_to-in-ie/

On Jun 27, 2:58 pm, Chris Bartlett
<c.bartl...-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org>
wrote:
> I have a fairly bog-standard installation of restful_authentication
> and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
> an http basic authentication dialog instead of doing what all other
> browsers do: go to the login page. Any thoughts why?
>
> I''ve modified the following method of authenticated_system.rb, but
> there''s no difference before or after.
>
> Before:
>
> def current_user
>    @current_user ||= (login_from_session || login_from_basic_auth ||
> login_from_cookie) unless @current_user == false
> end
>
> After:
>
> def current_user
>     @current_user ||= login_from_session unless @current_user == false
> end
>
> Thanks for any help.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Alter access_denied to add this line (right below "def
access_denied"):

request.format ||= :html if request.env[''HTTP_USER_AGENT''] =~
/msie/i

It''s a quick hack but it seems to work fine so far for me.  The  
problem is, as you''ve stated, IE doesn''t seem to send the
right accept
headers (if any) when fetching a URL without an explicit extension in  
the URL.  For instance if you have a /users/4 URL, it will bring up  
the basic authentication dialog, but /users/4.html will correctly  
redirect to new_session_path.

-J.

On Jun 26, 2008, at 11:53 PM, Chris Bartlett wrote:
>
> The issue is in this method of authenticated_system.rb:
>
>    def access_denied
>      respond_to do |format|
>        format.html do
>          store_location
>          redirect_to new_session_path
>        end
>        format.any do
>          request_http_basic_authentication ''Web Password''
>        end
>      end
>    end
>
> For some reason Internet Explorer is falling through to format.any -
> something''s not quite working with its accept headers, it seems.
> Compare:
>
http://rituonrails.wordpress.com/2006/12/10/strane-behaviour-of-respond_to-in-ie/
>
> On Jun 27, 2:58 pm, Chris Bartlett
<c.bartl...-wUU9E3n5/m4qAMOr+u8IRA@public.gmane.org> wrote:
>> I have a fairly bog-standard installation of restful_authentication
>> and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
>> an http basic authentication dialog instead of doing what all other
>> browsers do: go to the login page. Any thoughts why?
>>
>> I''ve modified the following method of authenticated_system.rb,
but
>> there''s no difference before or after.
>>
>> Before:
>>
>> def current_user
>>    @current_user ||= (login_from_session || login_from_basic_auth ||
>> login_from_cookie) unless @current_user == false
>> end
>>
>> After:
>>
>> def current_user
>>     @current_user ||= login_from_session unless @current_user ==  
>> false
>> end
>>
>> Thanks for any help.
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Chris Bartlett wrote:
> I have a fairly bog-standard installation of restful_authentication
> and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
> an http basic authentication dialog instead of doing what all other
> browsers do: go to the login page. Any thoughts why?
> 
> I''ve modified the following method of authenticated_system.rb, but
> there''s no difference before or after.
> 
> Before:
> 
> def current_user
>    @current_user ||= (login_from_session || login_from_basic_auth ||
> login_from_cookie) unless @current_user == false
> end
> 
> After:
> 
> def current_user
>     @current_user ||= login_from_session unless @current_user == false
> end
> 
> Thanks for any help.
I had the same problem. I think that it´s for the Mime Types (I observe 
with the debugger that Firefox and IE have differents priorities using 
images)...

So I coud fix the problem modifiying the access_denied method from the 
lib/AuthenticatedSystem module as follows:

 def access_denied
    respond_to do |format|
      #...particular formats if it´s neccesary
      format.any do
        store_location
        redirect_to new_session_path
      end
    end
  end

I hope this will be useful

Fer
Argentina

-- 
Posted via http://www.ruby-forum.com/.