WEBrick sending wrong http status code?

Testing my login page, when I POST the wrong password I should expect
a 401 Unauthorized http status code back. Here is the session#create
controller method where I use :status => :unauthorized (using
sproutcore, so I’m returning JSON):

def create
user = User.authenticate(params[:email], params[:password])
if user.nil?
puts(“debug: user did not authenticate”)

  respond_to do |format|
    format.json do
      render(:json => {:status => :unauthorized}) ##### return 401 
    end
  end

else
  puts("user: #{user}")
  sign_in(user)
  respond_to do |format|
    format.json do
      render(:json => {:content => json_for_user(user), :location

=> user_path(user)})
end
end
end
end

here’s what the WEBrick console is showing me:

Started POST “/sessions” for 127.0.0.1 at 2011-05-07 23:28:36 -0400
Processing by SessionsController#create as JSON
Parameters: {“email”=>“[email protected]”, “password”=>"[FILTERED]"}
User Load (0.4ms) SELECT “users”.* FROM “users” WHERE
“users”.“email” = ‘[email protected]’ LIMIT 1
Completed 200 OK in 29ms (Views: 1.7ms | ActiveRecord: 0.4ms)

here is what Sproutcore is getting back:

~ PROXY: POST 200 /sessions -> http://localhost:3000/sessions
content-type: application/json; charset=utf-8
etag: “0bfdc0989b2b4dfb5706ab29694db1cc”
cache-control: max-age=0, private, must-revalidate
x-ua-compatible: IE=Edge
x-runtime: 0.049420
server: WEBrick/1.3.1 (Ruby/1.9.2/2011-02-18)
date: Sun, 08 May 2011 03:28:36 GMT
content-length: 25
set-cookie:
_mercury_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZWEzNjk0YTA0NDQyYjZhYTE5MjJlOWRkMDU2NWEyMmM%3D–d117484163dcb37bcc5928c2edd4d0a9ad4bcda2;
path=/; HttpOnly

Why isn’t rails sending back a 401? Am I doing something wrong?

Michael

Why would the web server

On 8 May 2011, at 04:51, Michael H. [email protected] wrote:

Testing my login page, when I POST the wrong password I should expect
a 401 Unauthorized http status code back. Here is the session#create
controller method where I use :status => :unauthorized (using
sproutcore, so I’m returning JSON):

What your code is actually doing is producing a 200 response, whose body
is {status: “unauthorised”}.

The http status to return goes at the top level, eg render :status =>
:unauthorized, … (you can use the head method if you don’t want to
provide a body, eg head :unauthorized )

Fred

Thanks, this helped. For future reference, the code I wrote that
worked is:

format.json {head(:unauthorized)}

Michael

On May 8, 5:11am, Frederick C. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs