thr3ads.net - Rails - Custom error message for authenticate_or_request_with_http

If this information is useful, please help other people find it:
Share via:

Matthew Hillsborough

2010-Jun-03 14:18 UTC

Custom error message for authenticate_or_request_with_http_basic

Hello,

I''m using basic http authentication in my rails app with the following
code:

    class ApplicationController < ActionController::Base
      helper :all # include all helpers, all the time
      before_filter :authenticate

    private
      def authenticate
        authenticate_or_request_with_http_basic do |username,
password|
          if username.nil? || password.nil?
            render :inline => %(xml.instruct! :xml, :version =>
"1.0", :encoding => "UTF-8"
                                xml.errors do
                                  xml.error(''Could not authenticate
you.'')
                                end), :type => :builder, :status =>
401
          end
        end
      end
    end

The problem is, if you do a curl http://127.0.0.1:3000/foo/1.xml
without providing the -u username:password flag, you get a dead beat
response like this:


    HTTP/1.1 401 Unauthorized
    Cache-Control: no-cache
    WWW-Authenticate: Basic realm="Foo"
    X-Runtime: 1
    Content-Type: text/html; charset=utf-8
    Content-Length: 27
    Server: WEBrick/1.3.1 (Ruby/1.9.1/2010-01-10)
    Date: Thu, 03 Jun 2010 03:09:18 GMT
    Connection: Keep-Alive

    HTTP Basic: Access denied.

Is it possible at all to render the inline XML I have above in the
event a username and password is not provided by the user to give a
more meaningful error message to the user? I want the error message
for lack of credentials to be the same with incorrect credentials.
Obviously an HTTP 401 is attached for both cases as well.

Thanks,

Matthew

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Ivan Nastyukhin

2010-Jun-03 14:23 UTC

head link

Re: Custom error message for authenticate_or_request_with_http_basic

class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :auth
  
  
  protected
    def auth
      authenticate_or_request_with_http_basic do |id, password|
           authentificated  = id == LOGIN && password == PASSWORD
           unless  authentificated
	     bla-bla-bla
           end
           authentificated
      end
    end
end

simplify this)

Ivan Nastyukhin
dieinzige-BUHhN+a2lJ4@public.gmane.org






On Jun 3, 2010, at 6:18 PM, Matthew Hillsborough wrote:
> Hello,
> 
> I''m using basic http authentication in my rails app with the
following
> code:
> 
>    class ApplicationController < ActionController::Base
>      helper :all # include all helpers, all the time
>      before_filter :authenticate
> 
>    private
>      def authenticate
>        authenticate_or_request_with_http_basic do |username,
> password|
>          if username.nil? || password.nil?
>            render :inline => %(xml.instruct! :xml, :version =>
> "1.0", :encoding => "UTF-8"
>                                xml.errors do
>                                  xml.error(''Could not authenticate
> you.'')
>                                end), :type => :builder, :status =>
> 401
>          end
>        end
>      end
>    end
> 
> The problem is, if you do a curl http://127.0.0.1:3000/foo/1.xml
> without providing the -u username:password flag, you get a dead beat
> response like this:
> 
> 
>    HTTP/1.1 401 Unauthorized
>    Cache-Control: no-cache
>    WWW-Authenticate: Basic realm="Foo"
>    X-Runtime: 1
>    Content-Type: text/html; charset=utf-8
>    Content-Length: 27
>    Server: WEBrick/1.3.1 (Ruby/1.9.1/2010-01-10)
>    Date: Thu, 03 Jun 2010 03:09:18 GMT
>    Connection: Keep-Alive
> 
>    HTTP Basic: Access denied.
> 
> Is it possible at all to render the inline XML I have above in the
> event a username and password is not provided by the user to give a
> more meaningful error message to the user? I want the error message
> for lack of credentials to be the same with incorrect credentials.
> Obviously an HTTP 401 is attached for both cases as well.
> 
> Thanks,
> 
> Matthew
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Rails - Jun 2010 - Custom error message for authenticate_or_request_with_http_basic

Custom error message for authenticate_or_request_with_http_basic

Re: Custom error message for authenticate_or_request_with_http_basic