Comments (13)
joescharf
commented on May 24, 2024
Yes I have had this problem too, HTTP auth will work in this situation if you create a session by logging in through the web application, but when the session times out due to logout_on_timeout, it prevents further HTTP auth. Haven't had time yet to diagnose the issue.
from authlogic.
skippy
commented on May 24, 2024
I ran into this issue with a single_access_token...
in lib/sessions/timeout.rb, you need to replace:
before_persisting :reset_stale_state
after_persisting :enforce_timeout
with
before_persisting :reset_stale_state, :unless => :single_access?
after_persisting :enforce_timeout, :unless => :single_access?
I was going to open another issue for this... but I bet this will also fix this basic http auth issue
from authlogic.
stouset
commented on May 24, 2024
I ran into this as well with single access tokens. Going to try skippy's patch.
from authlogic.
joescharf
commented on May 24, 2024
I tried that patch and it didn't work - I though I had added that response to that thread, but apparently it isn't here. Let me know how it goes for you though...
from authlogic.
stouset
commented on May 24, 2024
The patch worked for me, for the most part. I extracted it into a separate file so that the file can be included and fix Authlogic in situ.
from authlogic.
skippy
commented on May 24, 2024
fantastic! Thanks Stouset for sharing that.
from authlogic.
jayuen
commented on May 24, 2024
I have the exact same issue as quantipay. I am trying to use HTTP basic authentication for a user that is logging in for the first time (i.e. last_request_at is nil) or logging in after a stale session (i.e. last_request_at > timeout interval).
After poking around the code, it seems that in lib/authlogic/session/persistence.rb, the persisting? method invokes the after_persisting callback method. Part of the callback chain is the enforce_timeout method in lib/authlogic/session/timeout.rb which nils out the record. This affects subsequent after_persisting callbacks (e.g. in magic_columns.rb and session.rb) and once control is back in the persisting? method, there is no record to save. This seems odd but I'm not sure what should be the proper way to workaround/resolve this. Any help would be appreciated.
Jason
from authlogic.
jayuen
commented on May 24, 2024
I also wanted to add that I was only experiencing this issue when Authlogic::CryptoProviders::BCrypt.cost was greater than or equal to 4. Found that really odd...
from authlogic.
pwim
commented on May 24, 2024
Unfortunately this bug is still around. I enhanced stouset's gist to fix the issue for HTTP basic: http://gist.github.com/520483
from authlogic.
ivalkeen
commented on May 24, 2024
It seems, there is a typo in pwim's patch. Here is fixed version: http://gist.github.com/582684
from authlogic.
pwim
commented on May 24, 2024
Indeed there was a bug, thanks for the patch of my patch.
from authlogic.
goldmaneye
commented on May 24, 2024
This patch works like a charm, but I'm curious as to why the fix hasn't been made in Authlogic itself yet.
from authlogic.
jaredbeck
commented on May 24, 2024
Closing after five years with no activity. If this is still a problem in the latest version (currently 3.5.0), please let us know and we'll be happy to re-open the issue.
from authlogic.
Related Issues (20)
- Resetting passwords on Authlogic > 5 with default config allows blank passwords HOT 4
- act_like_restful_authentication for v5 HOT 2
- Hashing ascii values vs bytes with SHA512 HOT 3
- Support for SameSite: "None" cookies HOT 1
- No changelog for 6.1.0 HOT 4
- Ruby 2.7 warnings HOT 2
- Inconsistent credentials cookie behaviour HOT 6
- Password#password_changed? returns true when transitioning crypto providers HOT 4
- Raise an error if database connection is not established before using acts_as_authentic
- Thread Safety HOT 1
- Ruby 2.7 warnings even in 6.1.0 (but not in master) HOT 2
- There isn't Git tag for v5.2.0. HOT 1
- Rubydoc for Authlogic is broken HOT 1
- When logging out from inside an iframe the `user_credentials` cookie doesn't get deleted in chromium based browsers. HOT 1
- Upgrade dependencies to accept Rails 7 HOT 10
- Eliminating a deprecation warning in Rails 7.0 HOT 3
- Wrong error message when valid email format of not existing user and fake password provided HOT 1
- NameError - wrong constant name Object.const_get(camel_cased_word) HOT 1
- Reference documentation (rubydoc) is broken
- NameError: `@' is not allowed as an instance variable name HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authlogic.