Testing my login page, when I POST the wrong password I should expect
a 401 Unauthorized http status code back. Here is the session#create
controller method where I use :status => :unauthorized (using
sproutcore, so I'm returning JSON):
def create
user = User.authenticate(params[:email], params[:password])
if user.nil?
puts("debug: user did not authenticate")
respond_to do |format|
format.json do
render(:json => {:status => :unauthorized}) ##### return 401 ######
end
end
else
puts("user: #{user}")
sign_in(user)
respond_to do |format|
format.json do
render(:json => {:content => json_for_user(user), :location
=> user_path(user)})
end
end
end
end
here's what the WEBrick console is showing me:
Started POST "/sessions" for 127.0.0.1 at 2011-05-07 23:28:36 -0400
Processing by SessionsController#create as JSON
Parameters: {"email"=>"a@b.com", "password"=>"[FILTERED]"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE
"users"."email" = 'a@b.com' LIMIT 1
Completed 200 OK in 29ms (Views: 1.7ms | ActiveRecord: 0.4ms)
here is what Sproutcore is getting back:
~ PROXY: POST 200 /sessions -> http://localhost:3000/sessions
content-type: application/json; charset=utf-8
etag: "0bfdc0989b2b4dfb5706ab29694db1cc"
cache-control: max-age=0, private, must-revalidate
x-ua-compatible: IE=Edge
x-runtime: 0.049420
server: WEBrick/1.3.1 (Ruby/1.9.2/2011-02-18)
date: Sun, 08 May 2011 03:28:36 GMT
content-length: 25
set-cookie: _mercury_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZWEzNjk0YTA0NDQyYjZhYTE5MjJlOWRkMDU2NWEyMmM%3D--d117484163dcb37bcc5928c2edd4d0a9ad4bcda2;
path=/; HttpOnly
Why isn't rails sending back a 401? Am I doing something wrong?
Michael
Why would the web server
