search

rubycas / rubycas-client

Ruby client for Yale's Central Authentication Service protocol -- an open source enterprise single sign on system for web applications.
http://code.google.com/p/rubycas-client/
Other
332 stars 217 forks source link

Unauthorized filter fails with format of class Mime:Type #41

Closed hlascelles closed 12 years ago

hlascelles commented 12 years ago

Making a JSON request, the client filter attempts to handle an unauthorised user by returning a redirect for HTML, and an error code for JSON.

The key line is ~221 in filter.rb

format = controller.request.format.to_sym

In our setup (Rails 3.2), the format object is a mime type class, its to_s is 'json', but its to_sym is nil

controller.request.format.class # => "Mime::Type". 
controller.request.format.to_sym #=> nil
controller.request.format.to_s #=> json

Thus, all unauth'd JSON requests fail to get the correct code, and try to consume a login page (after following a 302).

This might well be a bug in a particular version of ActionPack, but defensively, this fixes it

if controller.request.format.to_sym.nil?
  controller.request.format = controller.request.format.to_s
end

Harry

soupmatt commented 12 years ago

For Rails 3.2, please use the rubycas-client-rails project and see if that fixes the issue.