Hi all,
I’ve got a problem with HTTP Digest Authentication after upgrading
Rails to 2.3.2.
It seems that it is broken for PUT and DELETE requests method.
Here is what I did:
- Generate new rails app in rails 2.3.2
- Added sample scaffold model Post name:string
- Added simple HTTP Digest Authentication filter to application
controller:
|----------------code----------------- |
USERS = { ‘lifo’ => ‘world’, ‘pretty’ => ‘please’, ‘a’ => ‘b’}
before_filter :digest_authenticate
def digest_authenticate
authenticate_or_request_with_http_digest do |login|
USERS[login]
end
end
|---------------- code -----------------|
It works fine for index, new, create and show action, but for destroy
(DELETE) and update(PUT) htaccess popup apears and don’t allow to
update or delete( of course for I put correct login/password data :))
Have you got also problem with this ?
I’ve reviewed action_pack source code and it seems that in lines:
http://github.com/rails/rails/blob/18eb80ccc7e932f9a6c00462ceaeea648631b120/actionpack/lib/action_controller/http_authentication.rb(197,198)
expected = expected_response(request.env[‘REQUEST_METHOD’], request.env
[‘REQUEST_URI’], credentials, password, password_is_ha1)
expected == credentials[:response]
there are different values generated for PUT and DELETE request
method.
Regards
Grzesiek F.