Forum: Ruby on Rails HTTP Digest Authentication PUT DELETE problem. Bug ?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
greq (Guest)
on 2009-03-20 01:15
(Received via mailing list)
Hi all,

I've got a problem with HTTP Digest Authentication after upgrading
Rails to 2.3.2.
It seems that it is broken for PUT and DELETE requests method.
Here is what I did:
1. Generate new rails app in rails 2.3.2
2. Added sample scaffold model Post name:string
3. Added simple HTTP Digest Authentication filter to application
controller:

|----------------code----------------- |
  USERS = { 'lifo' => 'world', 'pretty' => 'please', 'a' => 'b'}

  before_filter :digest_authenticate

  def digest_authenticate
    authenticate_or_request_with_http_digest do |login|
      USERS[login]
    end
  end
|---------------- code -----------------|


It works fine for index, new, create and show action, but for destroy
(DELETE) and update(PUT) htaccess popup apears and don't allow to
update or delete( of course for I put correct login/password data :))

Have you got also problem with this ?
I've reviewed action_pack source code and it seems that in lines:
http://github.com/rails/rails/blob/18eb80ccc7e932f...)

expected = expected_response(request.env['REQUEST_METHOD'], request.env
['REQUEST_URI'], credentials, password, password_is_ha1)
 expected == credentials[:response]

there are different values generated for PUT and DELETE request
method.

Regards

Grzesiek F.
Scott A. (Guest)
on 2009-03-27 23:03
(Received via mailing list)
I've run into the same problem. GET and POST work find, but PUT and
DELETE repeatedly asks for login information and never succeeds.
Steve M. (Guest)
on 2009-04-15 19:22
(Received via mailing list)
This is a bug in Rails 2.3.2. I've created a Lighthouse ticket for it
(#2490) and created a patch that fixes it. It will probably help get
the fix into a release if others acknowledge the problem and can
verify my patch fixes it for them.

https://rails.lighthouseapp.com/projects/8994-ruby...
This topic is locked and can not be replied to.