method

authenticate_or_request_with_http_digest

rails latest stable - Class: ActionController::HttpAuthentication::Digest::ControllerMethods

authenticate_or_request_with_http_digest(realm = "Application", message = nil, &password_procedure)

public

Authenticate using an HTTP Digest, or otherwise render an HTTP header requesting the client to send a Digest.

See ActionController::HttpAuthentication::Digest for example usage.

# File actionpack/lib/action_controller/metal/http_authentication.rb, line 193
        def authenticate_or_request_with_http_digest(realm = "Application", message = nil, &password_procedure)
          authenticate_with_http_digest(realm, &password_procedure) || request_http_digest_authentication(realm, message)
        end

2Notes

Security hole in 2.3.2

tarvaina · Jun 4, 20091 thank

This method has a security hole in Rails 2.3.2. See http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest for explanation.

Rails 2.3.3 should fix the problem.

Testing HTTP Digest authentication

sjmadsen · Apr 15, 2009

Testing HTTP Digest authentication is a bit tricky. I wrote a post describing how to accomplish it.

http://lightyearsoftware.com/blog/2009/04/testing-http-digest-authentication-in-rails/

Note also that Digest auth is broken for REST actions using PUT or DELETE. There is an open Lighthouse ticket for this, #2490:

https://rails.lighthouseapp.com/projects/8994/tickets/2490-http-digest-auth-uses-wrong-request-method-for-put-delete

authenticate_or_request_with_http_digest

2Notes

Security hole in 2.3.2

Testing HTTP Digest authentication

Related methods