To validate access against a .htpasswd file. The plugin is working
great but currently if you fail to get the PW correct and generate a 401
(Unauthorized) the user is presented with a completely blank page.
My goal is to at least redirect them to the home page or present a
message saying their login attempts have failed.
Here is what i have tried: #application.rb
rescue_from Htpasswd::UnknownUserAccount, :with => :http_status_code
To validate access against a .htpasswd file. The plugin is working
great but currently if you fail to get the PW correct and generate a 401
(Unauthorized) the user is presented with a completely blank page.
My goal is to at least redirect them to the home page or present a
message saying their login attempts have failed.
Here is what i have tried: #application.rb
rescue_from Htpasswd::UnknownUserAccount, :with => :http_status_code
In ./lib/htpasswd/auths/base.rb I found two exceptions that are raised
for an
invalid account and password: Htpasswd::UnknownUserAccount and
Htpasswd::IncorrectPassword.
Try rescuing the latter. See if that does the trick.
Sorry for replying twice… caught this after I sent the first one.
All of your error classes are in ./lib/htpasswd/class_methods.rb:
class Error < StandardError; end
class HeaderNotFound < Error; end
class UnknownSchemeError < Error; end
class NotAuthorizedError < Error; end
class ConfigurationError < Error; end
class UnknownAccessControl < ConfigurationError; end
class AuthSchemesNotDefined < ConfigurationError; end
class IncorrectPassword < NotAuthorizedError; end
class UnknownUserAccount < NotAuthorizedError; end
There’s your two classes at the bottom. I would suggest rescuing
Htpasswd::NotAuthorizedError, so that you catch both incorrect passwords
and
unknown accounts. That would be a more secure way to go, so you don’t
inadvertently reveal which user accounts are valid.