Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Respond with a status unauthorised (401) with Rails 4

Tags:

ruby

ruby-on-rails

ruby-on-rails-4

Given the following Rails 4.2 controller:

class Api::UsersController < ApplicationController
  def index
    respond_to do |format|
      format.html do
        flash[:error] = 'Access denied'
        redirect_to root_url
      end
      format.json do
        render json: {}, status: :unauthorised
      end
    end
  end
end

When, with RSpec 3, I try to call this index action and expect to have the status 401 I always have the status 200.

The only moment where I got the 401 is to replace the index action content with head 401 but I would like to respond with the error 401 and also build a "nice" body like { error: 401, message: 'Unauthorised' }.

Why is the status: :unauthorised ignored ?

like image 323
ZedTuX Avatar asked Jan 23 '15 22:01

ZedTuX

People also ask

How to fix 401 Unauthorized error Stack Overflow?

@houssembouallagui Get the token from server and store in localStorage. Don't include authorization header for this route. On the server side, allow this route to go through without jwt authorization because at this moment you don't have the token. For all the other routes, follow the answer and the blog.

What causes 401 Unauthorized?

The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a 401 response MUST send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.

2 Answers

Use error code instead of it's name: render json: {}, status: 401

like image 180
Alex Tonkonozhenko Avatar answered Nov 05 '22 21:11

Alex Tonkonozhenko

I had to replace my controller with this following:

class Api::UsersController < ApplicationController
  def index
    respond_to do |format|
      format.html do
        flash[:error] = 'Access denied'
        redirect_to root_url
      end
      format.json do
        self.status = :unauthorized
        self.response_body = { error: 'Access denied' }.to_json
      end
    end
  end
end

Using render is not preventing the called action to be executed. Using head :unauthorized is returning the right status code but with a blank body.

With self.status and self.response_body it's working perfectly.

You can see have a look to the source code my gem where I had this issue here: https://github.com/YourCursus/fortress

like image 39
ZedTuX Avatar answered Nov 05 '22 21:11

ZedTuX
Sign in to Comment

Related questions

Rails: Use livereload with Asset Pipeline
How to read content of remote file in Ruby on Rails?
Override Rails controller routing with capital letters in model name
Rails: Validation in model vs migration [duplicate]
Could Not Find Inverse Association for has_many in Rails 3
ruby on rails link_to an image
Integration of simple_form with bootstrap 3
Rails mountable engine: how should apps set configuration variables?
RESTful websites vs. RESTful APIs - What's the difference and does it matter?
Rails 4 Static Public index.html
How to handle foreign key in FactoryGirl
Where is ruby stored on mac?
Table wider than Bootstrap column container
(Rails) When to use ActiveRecord's .where and .select
Rails engines extending functionality
Rails 3 Form For Custom Action
how can I upload and parse an Excel file in Rails?
Paperclip and Amazon S3 how to do paths?
Carrierwave temp directory set to uploads/tmp folder
ActionController::UnknownFormat with format.js for ajax implementation (Rail 4)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!