Strange Problem?
0 views
Skip to first unread message
Hardy
Apr 7, 2008, 9:08:17 AM4/7/08
to rubyamf
Have a before_filter and authentication method defined in my
application.rb (below). For some reason, even if @auth is false, it's
not rendering the FaultObject and allowing the request to move forward
successfully. Am I doing something silly here?
# Filters added to this controller apply to all controllers in the
application.
# Likewise, all the methods added will be available for all
controllers.
class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time
before_filter :authenticate, :except => [:login]
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery
# Use the RAMF credentials to authenticate for requested actions
def authenticate
login = credentials[:username]
password = credentials[:password]
@auth = Account.check_credentials(login,password)
puts "Finished auth, user is #{login}, pass is #{password}, @auth
is #{@auth}"
respond_to do |format|
if !@auth
format.amf { render :amf => FaultObject.new("Unable to log
in, invalid username or password") }
end
end
end
end
application.rb (below). For some reason, even if @auth is false, it's
not rendering the FaultObject and allowing the request to move forward
successfully. Am I doing something silly here?
# Filters added to this controller apply to all controllers in the
application.
# Likewise, all the methods added will be available for all
controllers.
class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time
before_filter :authenticate, :except => [:login]
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery
# Use the RAMF credentials to authenticate for requested actions
def authenticate
login = credentials[:username]
password = credentials[:password]
@auth = Account.check_credentials(login,password)
puts "Finished auth, user is #{login}, pass is #{password}, @auth
is #{@auth}"
respond_to do |format|
if !@auth
format.amf { render :amf => FaultObject.new("Unable to log
in, invalid username or password") }
end
end
end
end
Hardy
Apr 7, 2008, 10:12:08 AM4/7/08
to rubyamf
I guess I should state that I'm running rails 2.0.1, sorry about
that. I've made some changes to clean up, but still having the same
problem, when auth is false, it's not rendering the FaultObject and
it's continuing on to the called action.
# Filters added to this controller apply to all controllers in the
application.
# Likewise, all the methods added will be available for all
controllers.
class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time
before_filter :authenticate, :except => [:login]
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery
# Use the RAMF credentials to authenticate for requested actions
def authenticate
login = credentials[:username]
password = credentials[:password]
auth = Account.check_credentials(login,password)
puts "Finished auth, user is #{login}, pass is #{password}, auth
is #{auth}"
if auth
puts "GOOD AUTH"
return true
else
puts "INVALID AUTH"
render :amf => FaultObject.new("Unable to verify authentication
credentials!")
return false
end
end
end
Here's the development.log output (with user/pass being nil):
Finished auth, user is , pass is , auth is false
INVALID AUTH
Processing RubyamfController#gateway (for 127.0.0.1 at 2008-04-07
09:10:50) [POST]
Session ID:
BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
%0ASGFzaHsABjoKQHVzZWR7AA%3D
%3D--2ebdc92239fb92fe50e05da4c16e9a095dbab8f1
Parameters: {"action"=>"gateway", "controller"=>"rubyamf"}
Processing FrequenciesController#index (for 127.0.0.1 at 2008-04-07
09:10:50) [POST]
Session ID:
BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
%0ASGFzaHsABjoKQHVzZWR7AA%3D
%3D--2ebdc92239fb92fe50e05da4c16e9a095dbab8f1
Parameters: {"action"=>"index", "controller"=>"frequencies"}
Account Columns (0.003192) SHOW FIELDS FROM `accounts`
Account Load (0.005874) SELECT * FROM `accounts` WHERE
(`accounts`.`login` IS NULL) LIMIT 1
Frequency Load (0.000768) SELECT * FROM `frequencies`
Completed in 0.07301 (13 reqs/sec) | DB: 0.00000 (0%) | [http://
localhostfrequencies/index]
Frequency Columns (0.034334) SHOW FIELDS FROM `frequencies`
Sending data
Completed in 0.11758 (8 reqs/sec) | Rendering: 0.00005 (0%) | DB:
0.03433 (29%) | 200 OK [http://localhostfrequencies/index]
Thanks again for any info!
H
that. I've made some changes to clean up, but still having the same
problem, when auth is false, it's not rendering the FaultObject and
it's continuing on to the called action.
# Filters added to this controller apply to all controllers in the
application.
# Likewise, all the methods added will be available for all
controllers.
class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time
before_filter :authenticate, :except => [:login]
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery
# Use the RAMF credentials to authenticate for requested actions
def authenticate
login = credentials[:username]
password = credentials[:password]
puts "Finished auth, user is #{login}, pass is #{password}, auth
is #{auth}"
if auth
puts "GOOD AUTH"
return true
else
puts "INVALID AUTH"
render :amf => FaultObject.new("Unable to verify authentication
credentials!")
return false
end
end
end
Here's the development.log output (with user/pass being nil):
Finished auth, user is , pass is , auth is false
INVALID AUTH
Processing RubyamfController#gateway (for 127.0.0.1 at 2008-04-07
09:10:50) [POST]
Session ID:
BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
%0ASGFzaHsABjoKQHVzZWR7AA%3D
%3D--2ebdc92239fb92fe50e05da4c16e9a095dbab8f1
Parameters: {"action"=>"gateway", "controller"=>"rubyamf"}
Processing FrequenciesController#index (for 127.0.0.1 at 2008-04-07
09:10:50) [POST]
Session ID:
BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
%0ASGFzaHsABjoKQHVzZWR7AA%3D
%3D--2ebdc92239fb92fe50e05da4c16e9a095dbab8f1
Parameters: {"action"=>"index", "controller"=>"frequencies"}
Account Columns (0.003192) SHOW FIELDS FROM `accounts`
Account Load (0.005874) SELECT * FROM `accounts` WHERE
(`accounts`.`login` IS NULL) LIMIT 1
Frequency Load (0.000768) SELECT * FROM `frequencies`
Completed in 0.07301 (13 reqs/sec) | DB: 0.00000 (0%) | [http://
localhostfrequencies/index]
Frequency Columns (0.034334) SHOW FIELDS FROM `frequencies`
Sending data
Completed in 0.11758 (8 reqs/sec) | Rendering: 0.00005 (0%) | DB:
0.03433 (29%) | 200 OK [http://localhostfrequencies/index]
Thanks again for any info!
H
Hardy
Apr 8, 2008, 1:59:06 PM4/8/08
to rubyamf
Well, figured I'd give it one last shot. I think I've narrowed it
down to something to do with rendering to :amf. If I render text,
xml, etc I get expected results and it doesn't fall through to the
requested action. I've poked around a bit but seem to have hit a
wall.
Any help is greatly appreciated, also, if there's some other piece of
info that would help, please let me know.
Thanks!
H
down to something to do with rendering to :amf. If I render text,
xml, etc I get expected results and it doesn't fall through to the
requested action. I've poked around a bit but seem to have hit a
wall.
Any help is greatly appreciated, also, if there's some other piece of
info that would help, please let me know.
Thanks!
H
Hardy
Apr 9, 2008, 9:09:43 AM4/9/08
to rubyamf
Ok, found it. There was a change to rails 2.0 where returning false
from a filter method would no longer halt the filter chain. There's a
comment here (http://ryandaigle.com/articles/2007/10/22/what-s-new-in-
edge-rails-filters-get-tweaked) where DHH makes the point that it's
unlikely that anyone would want to halt the change without a redirect
or render. True enough. There's also a new ActionController method
called 'head' (http://api.rubyonrails.org/classes/ActionController/
Base.html#M000454) that will halt the chain and return just headers.
Therefore, the following works as my before_filter method (it does
actually return the FaultObject):
# Use the RAMF credentials to authenticate for requested actions
def authenticate
if !Account.check_credentials(credentials[:username],
credentials[:password])
end
end
However, there IS a bug with RAMF somewhere, and I don't even know
where to start looking frankly. One should not have to call the head
method, the render itself should take care of it. However there's
some issue with rendering :amf where it doesn't correctly notify rails
to stop executing the filter chain. As I'd mentioned before,
rendering other types seem to halt the chain correctly. This is
something somebody with more time and expertise than myself might want
to look at.
The page that started my down the correct path is:
http://groups.google.com/group/rails-oceania/browse_thread/thread/00a58f38630a5b77
Hopefully this will help the next person that ends up trying to figure
this one out.
H
from a filter method would no longer halt the filter chain. There's a
comment here (http://ryandaigle.com/articles/2007/10/22/what-s-new-in-
edge-rails-filters-get-tweaked) where DHH makes the point that it's
unlikely that anyone would want to halt the change without a redirect
or render. True enough. There's also a new ActionController method
called 'head' (http://api.rubyonrails.org/classes/ActionController/
Base.html#M000454) that will halt the chain and return just headers.
Therefore, the following works as my before_filter method (it does
actually return the FaultObject):
# Use the RAMF credentials to authenticate for requested actions
def authenticate
credentials[:password])
render :amf => FaultObject.new("Unable to verify authentication
credentials!")
head 401
credentials!")
end
end
However, there IS a bug with RAMF somewhere, and I don't even know
where to start looking frankly. One should not have to call the head
method, the render itself should take care of it. However there's
some issue with rendering :amf where it doesn't correctly notify rails
to stop executing the filter chain. As I'd mentioned before,
rendering other types seem to halt the chain correctly. This is
something somebody with more time and expertise than myself might want
to look at.
The page that started my down the correct path is:
http://groups.google.com/group/rails-oceania/browse_thread/thread/00a58f38630a5b77
Hopefully this will help the next person that ends up trying to figure
this one out.
H
Tony Hillerson
May 16, 2008, 2:37:25 PM5/16/08
to rubyamf
We just ran into it on a project I'm on. This definitely is a problem,
and I'm not sure where to start either. I filed a bug here:
http://code.google.com/p/rubyamf/issues/detail?id=63
On Apr 9, 7:09 am, Hardy <hard...@gmail.com> wrote:
> Ok, found it. There was a change to rails 2.0 where returning false
> from a filter method would no longer halt the filter chain. There's a
> comment here (http://ryandaigle.com/articles/2007/10/22/what-s-new-in-
> edge-rails-filters-get-tweaked) where DHH makes the point that it's
> unlikely that anyone would want to halt the change without a redirect
> or render. True enough. There's also a new ActionController method
> called 'head' (http://api.rubyonrails.org/classes/ActionController/
> Base.html#M000454) that will halt the chain and return just headers.
> Therefore, the following works as mybefore_filtermethod (it does
> > > > Have abefore_filterand authentication method defined in my
and I'm not sure where to start either. I filed a bug here:
http://code.google.com/p/rubyamf/issues/detail?id=63
On Apr 9, 7:09 am, Hardy <hard...@gmail.com> wrote:
> Ok, found it. There was a change to rails 2.0 where returning false
> from a filter method would no longer halt the filter chain. There's a
> comment here (http://ryandaigle.com/articles/2007/10/22/what-s-new-in-
> edge-rails-filters-get-tweaked) where DHH makes the point that it's
> unlikely that anyone would want to halt the change without a redirect
> or render. True enough. There's also a new ActionController method
> called 'head' (http://api.rubyonrails.org/classes/ActionController/
> Base.html#M000454) that will halt the chain and return just headers.
> actually return the FaultObject):
>
> # Use the RAMF credentials to authenticate for requested actions
> def authenticate
> if !Account.check_credentials(credentials[:username],
> credentials[:password])
> render :amf => FaultObject.new("Unable to verify authentication
> credentials!")
> head 401
> end
> end
>
> However, there IS a bug with RAMF somewhere, and I don't even know
> where to start looking frankly. One should not have to call the head
> method, the render itself should take care of it. However there's
> some issue with rendering :amf where it doesn't correctly notify rails
> to stop executing the filter chain. As I'd mentioned before,
> rendering other types seem to halt the chain correctly. This is
> something somebody with more time and expertise than myself might want
> to look at.
>
> The page that started my down the correct path is:http://groups.google.com/group/rails-oceania/browse_thread/thread/00a...
>
> # Use the RAMF credentials to authenticate for requested actions
> def authenticate
> if !Account.check_credentials(credentials[:username],
> credentials[:password])
> render :amf => FaultObject.new("Unable to verify authentication
> credentials!")
> head 401
> end
> end
>
> However, there IS a bug with RAMF somewhere, and I don't even know
> where to start looking frankly. One should not have to call the head
> method, the render itself should take care of it. However there's
> some issue with rendering :amf where it doesn't correctly notify rails
> to stop executing the filter chain. As I'd mentioned before,
> rendering other types seem to halt the chain correctly. This is
> something somebody with more time and expertise than myself might want
> to look at.
>
Reply all
Reply to author
Forward
0 new messages