Forum: Ruby on Rails HTTP Digest Authentication PUT DELETE problem. Bug ?

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
9b7cda5596bbc239384c8e397ec91448?d=identicon&s=25 greq (Guest)
on 2009-03-20 00:15
(Received via mailing list)
Hi all,

I've got a problem with HTTP Digest Authentication after upgrading
Rails to 2.3.2.
It seems that it is broken for PUT and DELETE requests method.
Here is what I did:
1. Generate new rails app in rails 2.3.2
2. Added sample scaffold model Post name:string
3. Added simple HTTP Digest Authentication filter to application

|----------------code----------------- |
  USERS = { 'lifo' => 'world', 'pretty' => 'please', 'a' => 'b'}

  before_filter :digest_authenticate

  def digest_authenticate
    authenticate_or_request_with_http_digest do |login|
|---------------- code -----------------|

It works fine for index, new, create and show action, but for destroy
(DELETE) and update(PUT) htaccess popup apears and don't allow to
update or delete( of course for I put correct login/password data :))

Have you got also problem with this ?
I've reviewed action_pack source code and it seems that in lines:

expected = expected_response(request.env['REQUEST_METHOD'], request.env
['REQUEST_URI'], credentials, password, password_is_ha1)
 expected == credentials[:response]

there are different values generated for PUT and DELETE request


Grzesiek F.
710c52dafd5afa3dd281486afdfba6e5?d=identicon&s=25 Scott Ahten (Guest)
on 2009-03-27 22:03
(Received via mailing list)
I've run into the same problem. GET and POST work find, but PUT and
DELETE repeatedly asks for login information and never succeeds.
8310e904c77e569a2261c6578609b10a?d=identicon&s=25 Steve Madsen (Guest)
on 2009-04-15 17:22
(Received via mailing list)
This is a bug in Rails 2.3.2. I've created a Lighthouse ticket for it
(#2490) and created a patch that fixes it. It will probably help get
the fix into a release if others acknowledge the problem and can
verify my patch fixes it for them.
This topic is locked and can not be replied to.