SessionsController#unauthenticated for 401s

Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated. I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message. Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method. We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand.
author: Azul <azul@leap.se> 2014-07-08 10:28:50 +0200
committer: Azul <azul@leap.se> 2014-07-14 10:49:39 +0200
commit: b79a97235b5474e4775c07be1fb7c6208a29f5b4 (patch)
tree: 9aa5eeae2567b5ecaccd38d18e4622d8a5916c5d
parent: cf71d4ef08d88ee85763b258b2738fc26e3ed3eb (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 8919a4d..4818191 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -16,6 +16,14 @@ class SessionsController < ApplicationController
   end
 
   #
+  # Warden will catch all 401s and run this instead:
+  #
+  def unauthenticated
+    render json: {error: t(:not_authorized_login)},
+      status: :unauthorized
+  end
+
+  #
   # this is a bad hack, but user_url(user) is not available
   # also, this doesn't work because the redirect happens as a PUT. no idea why.
   #
author	Azul <azul@leap.se>	2014-07-08 10:28:50 +0200
committer	Azul <azul@leap.se>	2014-07-14 10:49:39 +0200
commit	b79a97235b5474e4775c07be1fb7c6208a29f5b4 (patch)
tree	9aa5eeae2567b5ecaccd38d18e4622d8a5916c5d
parent	cf71d4ef08d88ee85763b258b2738fc26e3ed3eb (diff)