authentification failed with file upload
2 views
Skip to first unread message
regis
Nov 28, 2009, 12:04:13 PM11/28/09
to restfulx-framework
hi all
i get 401 Unauthorized error each time i try to attach a file to a
model. I use Rails 2.3.4 and restful authentication plugin with
session database. Is anybody already meet this problem ?
Thanks for help.
Here are the initializers used:
---------------------------------------------------
require 'rack/utils'
class FlashSessionCookieMiddleware
def initialize(app, session_key = '_session_id')
@app = app
@session_key = session_key
@session_token = "_session_id"
end
def call(env)
if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/
params = ::Rack::Utils.parse_query(env['QUERY_STRING'])
env['HTTP_COOKIE'] = [ @session_key, params
[@session_token] ].join('=').freeze unless params[@session_token].nil?
end
@app.call(env)
end
end
class FlexNestedAttributeMiddleware
def initialize(app)
@app = app
end
def call(env)
req = Rack::Request.new(env)
if req && req.path_info =~ /\.fxml$/
if req.put? || req.post? || req.delete?
req.params.each do |key,value|
value.select { |k,v| k =~ /\_attributes$/ }.each do |match|
env['rack.request.form_hash'][key][match[0]] =
ActiveSupport::JSON.decode(match[1])
end
end
end
end
@app.call(env)
end
end
ActionController::Base.allow_forgery_protection = true
ActionController::Base.session = {
:key => "xxxxxxxxxx......",
:secret => "xxxxxxxxxxx......"
}
ActionController::Base.session_store = :active_record_store
ActionController::Dispatcher.middleware.use
FlashSessionCookieMiddleware, ActionController::Base.session_options
[:key]
--------------------------------------------------------
i get 401 Unauthorized error each time i try to attach a file to a
model. I use Rails 2.3.4 and restful authentication plugin with
session database. Is anybody already meet this problem ?
Thanks for help.
Here are the initializers used:
---------------------------------------------------
require 'rack/utils'
class FlashSessionCookieMiddleware
def initialize(app, session_key = '_session_id')
@app = app
@session_key = session_key
@session_token = "_session_id"
end
def call(env)
if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/
params = ::Rack::Utils.parse_query(env['QUERY_STRING'])
env['HTTP_COOKIE'] = [ @session_key, params
[@session_token] ].join('=').freeze unless params[@session_token].nil?
end
@app.call(env)
end
end
class FlexNestedAttributeMiddleware
def initialize(app)
@app = app
end
def call(env)
req = Rack::Request.new(env)
if req && req.path_info =~ /\.fxml$/
if req.put? || req.post? || req.delete?
req.params.each do |key,value|
value.select { |k,v| k =~ /\_attributes$/ }.each do |match|
env['rack.request.form_hash'][key][match[0]] =
ActiveSupport::JSON.decode(match[1])
end
end
end
end
@app.call(env)
end
end
ActionController::Base.allow_forgery_protection = true
ActionController::Base.session = {
:key => "xxxxxxxxxx......",
:secret => "xxxxxxxxxxx......"
}
ActionController::Base.session_store = :active_record_store
ActionController::Dispatcher.middleware.use
FlashSessionCookieMiddleware, ActionController::Base.session_options
[:key]
--------------------------------------------------------
Dima Berastau
Dec 1, 2009, 8:02:11 PM12/1/09
to restfulx-...@googlegroups.com
Hi There,
This is most likely because authentity_token or session_token is not set in Flex. You need to pass both of those from your Rails app to the Flex app using SWF params. This should be typically done for you by the generator but I'd double check and compare against the code in pomodo_on_rails. There's a file-upload example in there performed behind authentication.
Cheers,
Dima
> --
>
> You received this message because you are subscribed to the Google Groups "restfulx-framework" group.
> To post to this group, send email to restfulx-...@googlegroups.com.
> To unsubscribe from this group, send email to restfulx-framew...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/restfulx-framework?hl=en.
>
>
This is most likely because authentity_token or session_token is not set in Flex. You need to pass both of those from your Rails app to the Flex app using SWF params. This should be typically done for you by the generator but I'd double check and compare against the code in pomodo_on_rails. There's a file-upload example in there performed behind authentication.
Cheers,
Dima
>
> You received this message because you are subscribed to the Google Groups "restfulx-framework" group.
> To post to this group, send email to restfulx-...@googlegroups.com.
> To unsubscribe from this group, send email to restfulx-framew...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/restfulx-framework?hl=en.
>
>
regis
Dec 1, 2009, 8:30:27 PM12/1/09
to restfulx-framework
hi dima
Authentity_token or session_token are there, i can see them in both
log or console. I am quite sure it is not a restfulx bug but a rails/
rack bug. I can process any action without any problem except with
attachment. Exploring the problem i was able to detect that when the
session database is empty i can't upload file. The error disappears
when i make other operations and logout/login a few times but i am
unable to precise the source of the problem.
Cheers
Authentity_token or session_token are there, i can see them in both
log or console. I am quite sure it is not a restfulx bug but a rails/
rack bug. I can process any action without any problem except with
attachment. Exploring the problem i was able to detect that when the
session database is empty i can't upload file. The error disappears
when i make other operations and logout/login a few times but i am
unable to precise the source of the problem.
Cheers
Dima Berastau
Dec 1, 2009, 9:15:23 PM12/1/09
to restfulx-...@googlegroups.com
This is sort of a known issue with Flash/Rails (not RestfulX specific per-se, although there's a bunch of code automatically generated for any new RestfulX app so that you don't hit that problem). I suggest playing with pomodo_on_rails code in more detail. If you can do image uploads from there behind authentication then you know something is wrong with your settings/configuration.
The basic problem is this. Flash's File.upload generates a new session id (basically just discards whatever HTTP session was there and creates a new one), which is bizarre to say the least but that's life. In RestfulX the *original* session_id gets appended to generated File upload URL so that the FlashSessionCookieMiddleware (check config/initializers/restfulx.rb for details) can override session_id in the actual HTTP request if a relevant URL parameter is set. The end result of it all is that Rails thinks that session_id is still as it was before Flash File.upload entered the picture.
So in terms of moving parts here, we have:
1. authenticity_token and session_id = must be passed to the Flex app and set to Rx.sessionToken and Rx.authenticytToken respectively. trace Rx.sessionToken and Rx.authenticityToken in your Flex app to be sure
2. FlexSessionCookeMiddleware (make sure that if you changed any of the default names for session cookie in Rails it all adds up). Do some debugging/stepping through here also.
There's nothing else that's involved, so it's got to be either 1 or 2 or both.
Hope this helps,
Dima
The basic problem is this. Flash's File.upload generates a new session id (basically just discards whatever HTTP session was there and creates a new one), which is bizarre to say the least but that's life. In RestfulX the *original* session_id gets appended to generated File upload URL so that the FlashSessionCookieMiddleware (check config/initializers/restfulx.rb for details) can override session_id in the actual HTTP request if a relevant URL parameter is set. The end result of it all is that Rails thinks that session_id is still as it was before Flash File.upload entered the picture.
So in terms of moving parts here, we have:
1. authenticity_token and session_id = must be passed to the Flex app and set to Rx.sessionToken and Rx.authenticytToken respectively. trace Rx.sessionToken and Rx.authenticityToken in your Flex app to be sure
2. FlexSessionCookeMiddleware (make sure that if you changed any of the default names for session cookie in Rails it all adds up). Do some debugging/stepping through here also.
There's nothing else that's involved, so it's got to be either 1 or 2 or both.
Hope this helps,
Dima
Reply all
Reply to author
Forward
0 new messages