diff options
author | Azul <azul@leap.se> | 2014-07-08 10:28:50 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-07-14 10:49:39 +0200 |
commit | b79a97235b5474e4775c07be1fb7c6208a29f5b4 (patch) | |
tree | 9aa5eeae2567b5ecaccd38d18e4622d8a5916c5d /app/controllers | |
parent | cf71d4ef08d88ee85763b258b2738fc26e3ed3eb (diff) |
SessionsController#unauthenticated for 401s
Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated.
I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message.
Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method.
We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand.
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/sessions_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 8919a4d..4818191 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -16,6 +16,14 @@ class SessionsController < ApplicationController end # + # Warden will catch all 401s and run this instead: + # + def unauthenticated + render json: {error: t(:not_authorized_login)}, + status: :unauthorized + end + + # # this is a bad hack, but user_url(user) is not available # also, this doesn't work because the redirect happens as a PUT. no idea why. # |