Testing my login page, when I POST the wrong password I should expect a 401 Unauthorized http status code back. Here is the session#create controller method where I use :status => :unauthorized (using sproutcore, so I'm returning JSON):
def create user = User.authenticate(params[:email], params[:password]) if user.nil? puts("debug: user did not authenticate")
respond_to do |format| format.json do render(:json => {:status => :unauthorized}) ##### return 401 ###### end end
else puts("user: #{user}") sign_in(user) respond_to do |format| format.json do render(:json => {:content => json_for_user(user), :location => user_path(user)}) end end end end
here's what the WEBrick console is showing me:
Started POST "/sessions" for 127.0.0.1 at 2011-05-07 23:28:36 -0400 Processing by SessionsController#create as JSON Parameters: {"email"=>"a@b.com", "password"=>"[FILTERED]"} User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."email" = 'a@b.com' LIMIT 1 Completed 200 OK in 29ms (Views: 1.7ms | ActiveRecord: 0.4ms)
here is what Sproutcore is getting back:
~ PROXY: POST 200 /sessions -> http://localhost:3000/sessions content-type: application/json; charset=utf-8 etag: "0bfdc0989b2b4dfb5706ab29694db1cc" cache-control: max-age=0, private, must-revalidate x-ua-compatible: IE=Edge x-runtime: 0.049420 server: WEBrick/1.3.1 (Ruby/1.9.2/2011-02-18) date: Sun, 08 May 2011 03:28:36 GMT content-length: 25 set-cookie: _mercury_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZWEzNjk0YTA0NDQyYjZhYTE5MjJlOWRkMDU2NWEyMmM%3D--d117484163dcb37bcc5928c2edd4d0a9ad4bcda2; path=/; HttpOnly
Why isn't rails sending back a 401? Am I doing something wrong?
Michael
Why would the web server