I’ve run into a strange problem with HTTP Basic authentication. I’ve
observed this behavior on my dev box (connecting directly to mongrel)
and on an Apache+Passenger setup on my deployment machine.
I’m doing the standard thing according to the semi-holy trinity of
http_authentication.rb on github, Railscast #82, and
every-blog-tutorial-on-the-net: in my controller I have:
class CongsController < ApplicationController
before_filter :authenticate, :only => [:edit, :delete, :update]
…
private
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == ‘fred’ && password == ‘sekr3t’
end
end
end
Sure enough, attempts to edit, update, or delete bring up the HTTP
basic dialog in the browser, and I have to enter a name and password.
If I enter them correctly, it passes me through properly.
The problem it also lets me through no matter WHAT I enter, right or
wrong.
This is what I see this in the Rails log file:
Processing CongsController#edit (for 127.0.0.1 at 2009-01-17 23:25:27)
[GET]
Parameters: {“id”=>“1276”}
SQL (0.1ms) SET SQL_AUTO_IS_NULL=0
Filter chain halted as [:authenticate] rendered_or_redirected.
Completed in 0ms (View: 0, DB: 0) | 401 Unauthorized
[http://localhost/congs/1276/edit]
Processing CongsController#edit (for 127.0.0.1 at 2009-01-17 23:25:30)
[GET]
Parameters: {“id”=>“1276”}
SQL (0.1ms) SET SQL_AUTO_IS_NULL=0
Cong Columns (4.6ms) SHOW FIELDS FROM congs
Cong Load (15.0ms) SELECT * FROM congs
WHERE (congs
.id
=
1276)
Rendering congs/edit
Completed in 36ms (View: 7, DB: 20) | 200 OK
[http://localhost/congs/1276/edit]
I can make it simpler yet: I can use this #authenticate method, and
it still lets me through:
def authenticate
return false;
end
My project’s script/about says this:
Mac:~/src/rails/coc(master)> script/about
About your application’s environment
Ruby version 1.8.6 (i686-darwin8.8.2)
RubyGems version 1.3.1
Rails version 2.2.2
Active Record version 2.2.2
Action Pack version 2.2.2
Active Resource version 2.2.2
Action Mailer version 2.2.2
Active Support version 2.2.2
Application root /Users/rew/src/rails/coc
Environment development
Database adapter mysql
Database schema version 20090114205156
This is a VERY simple app; no tricky stuff going on, just a basic CRUD
thing with a couple of models. I have no idea what is going on here.
Anybody know what I’m doing wrong here? Ideas or suggestions?
–
Ryan W. ||| http://www.erebor.com ||| [email protected]
“The web goes ever, ever on, down from the site where it began…”