method

authenticate_or_request_with_http_digest

Ruby on Rails latest stable (v4.2.7) - 2 notes - Class: ActionController::HttpAuthentication::Digest::ControllerMethods

authenticate_or_request_with_http_digest(realm = "Application", &password_procedure) public

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

Show source

# File actionpack/lib/action_controller/metal/http_authentication.rb, line 178
        def authenticate_or_request_with_http_digest(realm = "Application", &password_procedure)
          authenticate_with_http_digest(realm, &password_procedure) || request_http_digest_authentication(realm)
        end

June 4, 2009 - (v2.3.2)

1 thank

Security hole in 2.3.2

This method has a security hole in Rails 2.3.2. See http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest for explanation.

Rails 2.3.3 should fix the problem.

April 15, 2009 - (>= v2.3.2)

0 thanks

Testing HTTP Digest authentication

Testing HTTP Digest authentication is a bit tricky. I wrote a post describing how to accomplish it.

http://lightyearsoftware.com/blog/2009/04/testing-http-digest-authentication-in-rails/

Note also that Digest auth is broken for REST actions using PUT or DELETE. There is an open Lighthouse ticket for this, #2490:

rails.lighthouseapp.com/projects/8994/tickets/2490-http-digest-auth-uses-wrong-request-method-for-put-delete

authenticate_or_request_with_http_digest

Related methods

No documentation

Security hole in 2.3.2

Testing HTTP Digest authentication

Flowdock - Team Inbox With Chat