myexperiment-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[myexperiment-hackers] [3078] trunk: Trying to download a protected work

From: noreply
Subject: [myexperiment-hackers] [3078] trunk: Trying to download a protected workflow with an XML client will now render an XML response
Date: Tue, 7 Aug 2012 09:26:11 +0000 (UTC)
Revision
3078
Author
fbacall
Date
2012-08-07 09:26:10 +0000 (Tue, 07 Aug 2012)

Log Message

Trying to download a protected workflow with an XML client will now render an XML response

Modified Paths

Diff

Modified: trunk/app/controllers/application_controller.rb (3077 => 3078)


--- trunk/app/controllers/application_controller.rb	2012-08-06 14:43:21 UTC (rev 3077)
+++ trunk/app/controllers/application_controller.rb	2012-08-07 09:26:10 UTC (rev 3078)
@@ -19,6 +19,7 @@
 
   include AuthenticatedSystem
   before_filter :login_from_cookie
+  before_filter :login_from_basic_auth
   before_filter :oauth_required
   before_filter :check_for_sleeper
   before_filter :check_external_site_request

Modified: trunk/app/controllers/workflows_controller.rb (3077 => 3078)


--- trunk/app/controllers/workflows_controller.rb	2012-08-06 14:43:21 UTC (rev 3077)
+++ trunk/app/controllers/workflows_controller.rb	2012-08-07 09:26:10 UTC (rev 3078)
@@ -744,7 +744,7 @@
         logger.debug("@viewing_version_number = address@hidden")
         logger.debug("@workflow.image != nil = address@hidden != nil}")
       else
-        error("Workflow not found (id not authorized)", "is invalid (not authorized)")
+        error("Workflow not found (id not authorized)", "is invalid (not authorized)", nil, 401)
         return false
       end
     rescue ActiveRecord::RecordNotFound
@@ -889,12 +889,16 @@
     end
   end
 
-  def error(notice, message, attr=:id)
+  def error(notice, message, attr=:id, status=nil)
     flash[:error] = notice
     (err = Workflow.new.errors).add(attr, message)
     
     respond_to do |format|
       format.html { redirect_to workflows_url }
+      format.xml do
+        headers["WWW-Authenticate"] = %(Basic realm="Web Password") if status == 401
+        render :text => notice, :status => status
+      end
     end
   end

Modified: trunk/lib/authenticated_system.rb (3077 => 3078)


--- trunk/lib/authenticated_system.rb	2012-08-06 14:43:21 UTC (rev 3077)
+++ trunk/lib/authenticated_system.rb	2012-08-07 09:26:10 UTC (rev 3078)
@@ -128,6 +128,15 @@
       end
     end
 
+    # Allows single requests to be authenticated using HTTP basic authentication
+    # (Used by Taverna, and possibly other REST clients when attempting to remotely open a private workflow)
+    def login_from_basic_auth
+      return if logged_in?
+      unless (credentials = get_auth_data).first.nil?
+        self.current_user = User.authenticate(credentials[0], credentials[1])
+      end
+    end
+
   private
     @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
     # gets BASIC auth info
reply via email to
[Prev in Thread] Current Thread [Next in Thread]