Hi all, I''ve got a problem with HTTP Digest Authentication after upgrading Rails to 2.3.2. It seems that it is broken for PUT and DELETE requests method. Here is what I did: 1. Generate new rails app in rails 2.3.2 2. Added sample scaffold model Post name:string 3. Added simple HTTP Digest Authentication filter to application controller: |----------------code----------------- | USERS = { ''lifo'' => ''world'', ''pretty'' => ''please'', ''a'' => ''b''} before_filter :digest_authenticate def digest_authenticate authenticate_or_request_with_http_digest do |login| USERS[login] end end |---------------- code -----------------| It works fine for index, new, create and show action, but for destroy (DELETE) and update(PUT) htaccess popup apears and don''t allow to update or delete( of course for I put correct login/password data :)) Have you got also problem with this ? I''ve reviewed action_pack source code and it seems that in lines: http://github.com/rails/rails/blob/18eb80ccc7e932f9a6c00462ceaeea648631b120/actionpack/lib/action_controller/http_authentication.rb(197,198) expected = expected_response(request.env[''REQUEST_METHOD''], request.env [''REQUEST_URI''], credentials, password, password_is_ha1) expected == credentials[:response] there are different values generated for PUT and DELETE request method. Regards Grzesiek F. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Scott Ahten
2009-Mar-27 20:51 UTC
Re: HTTP Digest Authentication PUT DELETE problem. Bug ?
I''ve run into the same problem. GET and POST work find, but PUT and DELETE repeatedly asks for login information and never succeeds. On Mar 19, 6:47 pm, greq <gdo...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi all, > > I''ve got a problem with HTTP Digest Authentication after upgrading > Rails to 2.3.2. > It seems that it is broken for PUT and DELETE requests method.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Steve Madsen
2009-Apr-15 13:24 UTC
Re: HTTP Digest Authentication PUT DELETE problem. Bug ?
This is a bug in Rails 2.3.2. I''ve created a Lighthouse ticket for it (#2490) and created a patch that fixes it. It will probably help get the fix into a release if others acknowledge the problem and can verify my patch fixes it for them. https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/2490-http-digest-auth-uses-wrong-request-method-for-put-delete#ticket-2490-1 On Mar 27, 4:51 pm, Scott Ahten <lightandshado...-ee4meeAH724@public.gmane.org> wrote:> I''ve run into the same problem. GET and POST work find, but PUT and > DELETE repeatedly asks for login information and never succeeds. > > On Mar 19, 6:47 pm, greq <gdo...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > Hi all, > > > I''ve got a problem with HTTP Digest Authentication after upgrading > > Rails to 2.3.2. > > It seems that it is broken for PUT and DELETE requests method.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---