Forum: Ruby on Rails http_authentication

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
42fd3044d783eae27b7f94cf4573504c?d=identicon&s=25 g1 (Guest)
on 2008-10-10 16:47
(Received via mailing list)
Hi All,

Just a question regarding the http_authentication plugin for rails
(for those that have experience with it).

I've written a very simple rails app that allows a user to download a
csv file from a server. The user authenticates using
http_authentication. This works fine on our dev server (which uses
webrick) but won't work on our live server (which uses mongrel).

Below are the http headers received from the servers:

----------------

[Jeff@localhost tmp]$ telnet localhost 3000
...
GET /interoperate/call_records HTTP/1.0

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Connection: close
Date: Thu, 09 Oct 2008 13:26:54 GMT
Content-Type: text/html; charset=utf-8
WWW-Authenticate: Basic realm="Interoperate"
Server: WEBrick/1.3.1 (Ruby/1.8.5/2006-08-25)
Content-Length: 27
Set-Cookie: _session_id=aadb5e802bd52612cf1e50ab76a1f25f; path=/

HTTP Basic: Access denied.

----------------

[Jeff@localhost tmp]$ telnet xxx.com 80
...
GET /interoperate/call_records HTTP/1.0

HTTP/1.1 0
Connection: close
Date: Thu, 09 Oct 2008 13:20:51 GMT
Set-Cookie: _session_id=b7a58bf53f4ec97bee3c667d3d161c76; path=/
WWW-Authenticate: Basic realm="Interoperate"
Status: unauthorized
Cache-Control: no-cache
Server: Mongrel 0.3.13.4
Content-Type: text/html
Content-Length: 27

HTTP Basic: Access denied.

----------------

Essentially the mongrel server seems to send everything it's supposed
to except it sends a 0 http status code instead of a 401. Is there
perhaps a known issue with mongrel that would cause it to send a 0
http status code?

Thanks,
Jeff Davies
4c438a80fc30661ad619ea177cf9cbd0?d=identicon&s=25 Freddy Andersen (Guest)
on 2008-10-10 18:53
(Received via mailing list)
I'm not sure if there is a bug or not BUT looking at your header
information you have Mongrel 0.3.13.4 !? Is that the actual mongrel
you are using? This version is 2+ years old.. If that is the Mongrel
you should upgrade to the latest and test with that first. (1.1.5)

I would also recommend to run mongrel in you development environment
just to see these issues before you push to your production env.
42fd3044d783eae27b7f94cf4573504c?d=identicon&s=25 g1 (Guest)
on 2008-10-14 10:53
(Received via mailing list)
ho hum...

the latest (1.1.5) mongrel displays the 401 on my (local) dev server.
But the same version of mongrel does not display it on the live
server. Must be something to do with the set up on the live server.
I'll have to do some more digging...

Thanks for the help though... it probably is about time we did some
updating of rails / mongrel / ruby / etc
42fd3044d783eae27b7f94cf4573504c?d=identicon&s=25 g1 (Guest)
on 2008-10-14 17:02
(Received via mailing list)
the solutions in the end for me was to edit the http_authentication
plugin as below:

in /vendor/plugins/http_authentication/lib/http_authentication/
basic.rb line 49

controller.render :text => "HTTP Basic: Access denied.\n", :status
=> :unauthorized
becomes
controller.render :text => "HTTP Basic: Access denied.\n", :status =>
401#:unauthorized

I'm still not completely satisfied with my solution and I'll try and
get some feedback from the author but incase you're googling and stuck
for answers maybe that will help...
This topic is locked and can not be replied to.