Testing my login page, when I POST the wrong password I should expect
a 401 Unauthorized http status code back. Here is the session#create
controller method where I use :status => :unauthorized (using
sproutcore, so I''m returning JSON):
def create
user = User.authenticate(params[:email], params[:password])
if user.nil?
puts("debug: user did not authenticate")
respond_to do |format|
format.json do
render(:json => {:status => :unauthorized}) ##### return 401
######
end
end
else
puts("user: #{user}")
sign_in(user)
respond_to do |format|
format.json do
render(:json => {:content => json_for_user(user), :location
=> user_path(user)})
end
end
end
end
here''s what the WEBrick console is showing me:
Started POST "/sessions" for 127.0.0.1 at 2011-05-07 23:28:36 -0400
Processing by SessionsController#create as JSON
Parameters: {"email"=>"a@b.com",
"password"=>"[FILTERED]"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE
"users"."email" = ''a@b.com'' LIMIT 1
Completed 200 OK in 29ms (Views: 1.7ms | ActiveRecord: 0.4ms)
here is what Sproutcore is getting back:
~ PROXY: POST 200 /sessions -> http://localhost:3000/sessions
content-type: application/json; charset=utf-8
etag: "0bfdc0989b2b4dfb5706ab29694db1cc"
cache-control: max-age=0, private, must-revalidate
x-ua-compatible: IE=Edge
x-runtime: 0.049420
server: WEBrick/1.3.1 (Ruby/1.9.2/2011-02-18)
date: Sun, 08 May 2011 03:28:36 GMT
content-length: 25
set-cookie:
_mercury_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZWEzNjk0YTA0NDQyYjZhYTE5MjJlOWRkMDU2NWEyMmM%3D--d117484163dcb37bcc5928c2edd4d0a9ad4bcda2;
path=/; HttpOnly
Why isn''t rails sending back a 401? Am I doing something wrong?
Michael
Why would the web server
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On 8 May 2011, at 04:51, Michael Hanna <taomailings-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Testing my login page, when I POST the wrong password I should expect > a 401 Unauthorized http status code back. Here is the session#create > controller method where I use :status => :unauthorized (using > sproutcore, so I''m returning JSON): >What your code is actually doing is producing a 200 response, whose body is {status: "unauthorised"}. The http status to return goes at the top level, eg render :status => :unauthorized, ... (you can use the head method if you don''t want to provide a body, eg head :unauthorized ) Fred> def create > user = User.authenticate(params[:email], params[:password]) > if user.nil? > puts("debug: user did not authenticate") > > respond_to do |format| > format.json do > render(:json => {:status => :unauthorized}) ##### return 401 ###### > end > end > > else > puts("user: #{user}") > sign_in(user) > respond_to do |format| > format.json do > render(:json => {:content => json_for_user(user), :location > => user_path(user)}) > end > end > end > end > > here''s what the WEBrick console is showing me: > > Started POST "/sessions" for 127.0.0.1 at 2011-05-07 23:28:36 -0400 > Processing by SessionsController#create as JSON > Parameters: {"email"=>"a@b.com", "password"=>"[FILTERED]"} > User Load (0.4ms) SELECT "users".* FROM "users" WHERE > "users"."email" = ''a@b.com'' LIMIT 1 > Completed 200 OK in 29ms (Views: 1.7ms | ActiveRecord: 0.4ms) > > here is what Sproutcore is getting back: > > ~ PROXY: POST 200 /sessions -> http://localhost:3000/sessions > content-type: application/json; charset=utf-8 > etag: "0bfdc0989b2b4dfb5706ab29694db1cc" > cache-control: max-age=0, private, must-revalidate > x-ua-compatible: IE=Edge > x-runtime: 0.049420 > server: WEBrick/1.3.1 (Ruby/1.9.2/2011-02-18) > date: Sun, 08 May 2011 03:28:36 GMT > content-length: 25 > set-cookie: _mercury_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZWEzNjk0YTA0NDQyYjZhYTE5MjJlOWRkMDU2NWEyMmM%3D--d117484163dcb37bcc5928c2edd4d0a9ad4bcda2; > path=/; HttpOnly > > Why isn''t rails sending back a 401? Am I doing something wrong? > > Michael > > Why would the web server > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thanks, this helped. For future reference, the code I wrote that
worked is:
format.json {head(:unauthorized)}
Michael
On May 8, 5:11 am, Frederick Cheung
<frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> On 8 May 2011, at
04:51,MichaelHanna<taomaili...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> > Testing my login page, when I POST the wrong password I should expect
> > a 401 Unauthorized http status code back. Here is the session#create
> > controller method where I use :status => :unauthorized (using
> > sproutcore, so I''m returning JSON):
>
> What your code is actually doing is producing a 200 response, whose body is
{status: "unauthorised"}.
>
> The http status to return goes at the top level, eg render :status =>
:unauthorized, ... (you can use the head method if you don''t want to
provide a body, eg head :unauthorized )
>
> Fred
>
>
>
> > def create
> > user = User.authenticate(params[:email], params[:password])
> > if user.nil?
> > puts("debug: user did not authenticate")
>
> > respond_to do |format|
> > format.json do
> > render(:json => {:status => :unauthorized}) #####
return 401 ######
> > end
> > end
>
> > else
> > puts("user: #{user}")
> > sign_in(user)
> > respond_to do |format|
> > format.json do
> > render(:json => {:content => json_for_user(user),
:location
> > => user_path(user)})
> > end
> > end
> > end
> > end
>
> > here''s what the WEBrick console is showing me:
>
> > Started POST "/sessions" for 127.0.0.1 at 2011-05-07
23:28:36 -0400
> > Processing by SessionsController#create as JSON
> > Parameters: {"email"=>"a...@b.com",
"password"=>"[FILTERED]"}
> > User Load (0.4ms) SELECT "users".* FROM "users"
WHERE
> > "users"."email" = ''...@b.com''
LIMIT 1
> > Completed 200 OK in 29ms (Views: 1.7ms | ActiveRecord: 0.4ms)
>
> > here is what Sproutcore is getting back:
>
> > ~ PROXY: POST 200 /sessions ->http://localhost:3000/sessions
> > content-type: application/json; charset=utf-8
> > etag: "0bfdc0989b2b4dfb5706ab29694db1cc"
> > cache-control: max-age=0, private, must-revalidate
> > x-ua-compatible: IE=Edge
> > x-runtime: 0.049420
> > server: WEBrick/1.3.1 (Ruby/1.9.2/2011-02-18)
> > date: Sun, 08 May 2011 03:28:36 GMT
> > content-length: 25
> > set-cookie:
_mercury_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZWEzNjk0YTA0NDQyYjZhYTE5Mj
JlOWRkMDU2NWEyMmM%3D--d117484163dcb37bcc5928c2edd4d0a9ad4bcda2;
> > path=/; HttpOnly
>
> > Why isn''t rails sending back a 401? Am I doing something
wrong?
>
> >Michael
>
> > Why would the web server
>
> > --
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.