Comments on: HTTP Basic Authentication using restful_authentication with Rails 1.2

by: Paul

Sun, 24 Feb 2008 02:46:42 +0000

Thank you for posting this! I had a similar problem with restful_authentication on rails2.0. I was using curl for a .json URL and it worked ok (presumably because the basic auth was part of the command line and was being provided with the first request — not waiting for a 401). However, using a browser it would fail with a 406 because the browser wasn’t getting a 401 to present a pop-up authentication box. Adding these lines to authenticated_system.rb got it to work:

format.json do
request_http_basic_authentication ‘Web Password’
end

Thanks again!

by: Ben

Thu, 31 Jan 2008 18:22:05 +0000

It’s been a while since I wrote this but if I remember correctly, this is the issue with login_required. The method uses ||= to set self.current_user. This is usually idiomatic ruby but the problem in this case is self.current_user == :false. The symbol :false will always evaluate to true. Try this out in irb :false && true. That will return true since :false evaluates as true. Does that help clarify the bug I found?

I looked at the most recent version of the plugin and it looks like this code has been refactored. I haven’t looked at it in detail to determine if the problem still exists.

by: rick

Thu, 31 Jan 2008 07:10:11 +0000

Hey, I’m not sure what login_required has to do with your issue. logged_in? checks to see if current_user == :false or if it is a valid logged in user. The 406 comes from the #access_denied method which needs to be updated to handle js requests. Instead of ‘format.xml’, I should use format.any to intercept every other format. In fact, it just came up trying to build an iphone interface to an app I’m working on. Doh.