taverna-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stian Soiland-Reyes <st...@apache.org>
Subject Re: Taverna Player Portal User login Authentication
Date Fri, 02 Sep 2016 13:02:36 GMT
On 2 September 2016 at 13:17, Sagar <kumarsagar15795@gmail.com> wrote:

> I am integrating taverna player portal in taverna mobile.
> I am getting error on user login to taverna player portal
>
> I can log in it by using this code by replacing email and password to your
> email and password
>
> curl -X POST -H "Accept: application/json" -H "Cache-Control: no-cache" -H
> "Content-Type: application/x-www-form-urlencoded" -d 'user[email]=*email*
> &user[password]=*password*&user[remember_me]=0&commit=Sign in' "
> http://139.59.28.12:3000/users/sign_in"
>
> i am getting
> {"status":"406","error":"Not Acceptable"}
> for correct credential
>
>
> I am getting
> {
>   "error": "Invalid email or password."
> }
> for incorrect credential
>
> if I remove Accept header then I am getting  200 Status Code for both the
> correct and incorrect credential.
>
> So how can I distinguish between correct and incorrect credential?


The simple answer is to include that Accept header and then check for
HTTP/1.1 401 Unauthorized :)

It should be quite easy to do that using HTTPClient.


I think you can also use basic authentication instead of submitting
the form, as the error includes:

WWW-Authenticate: Basic realm="Application"

However it seems using /users/sign_in you still HAVE to do an empty
POST (as GET has no JSON representation), e.g.

curl -v -H "Accept: application/json" -X POST -d "" --anyauth --user
fred:s3cret http://139.59.28.12:3000/users/sign_in




I think the proper answer is that the HTTP status response to the
browser (Accept: text/html or no Accept at all) is technically wrong
(it's not 200 OK) - but probably on purpose by Rails, because you
don't want a 401 basic authenticatoin login dialog popping up when you
have a nice HTML form.

I could not find any of the code doing /user/sign_in in
https://github.com/myGrid/taverna-player-portal/tree/master/app/controllers
or https://github.com/myGrid/taverna-player/tree/master/app/controllers/taverna_player
- perhaps Rob or Finn knows how this is handled?


-- 
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons
http://orcid.org/0000-0001-9842-9718

Mime
View raw message