Modified: trunk/app/controllers/application_controller.rb (3077 => 3078)
--- trunk/app/controllers/application_controller.rb 2012-08-06 14:43:21 UTC (rev 3077)
+++ trunk/app/controllers/application_controller.rb 2012-08-07 09:26:10 UTC (rev 3078)
@@ -19,6 +19,7 @@
include AuthenticatedSystem
before_filter :login_from_cookie
+ before_filter :login_from_basic_auth
before_filter :oauth_required
before_filter :check_for_sleeper
before_filter :check_external_site_request
Modified: trunk/app/controllers/workflows_controller.rb (3077 => 3078)
--- trunk/app/controllers/workflows_controller.rb 2012-08-06 14:43:21 UTC (rev 3077)
+++ trunk/app/controllers/workflows_controller.rb 2012-08-07 09:26:10 UTC (rev 3078)
@@ -744,7 +744,7 @@
logger.debug("@viewing_version_number = address@hidden")
logger.debug("@workflow.image != nil = address@hidden != nil}")
else
- error("Workflow not found (id not authorized)", "is invalid (not authorized)")
+ error("Workflow not found (id not authorized)", "is invalid (not authorized)", nil, 401)
return false
end
rescue ActiveRecord::RecordNotFound
@@ -889,12 +889,16 @@
end
end
- def error(notice, message, attr=:id)
+ def error(notice, message, attr=:id, status=nil)
flash[:error] = notice
(err = Workflow.new.errors).add(attr, message)
respond_to do |format|
format.html { redirect_to workflows_url }
+ format.xml do
+ headers["WWW-Authenticate"] = %(Basic realm="Web Password") if status == 401
+ render :text => notice, :status => status
+ end
end
end
Modified: trunk/lib/authenticated_system.rb (3077 => 3078)
--- trunk/lib/authenticated_system.rb 2012-08-06 14:43:21 UTC (rev 3077)
+++ trunk/lib/authenticated_system.rb 2012-08-07 09:26:10 UTC (rev 3078)
@@ -128,6 +128,15 @@
end
end
+ # Allows single requests to be authenticated using HTTP basic authentication
+ # (Used by Taverna, and possibly other REST clients when attempting to remotely open a private workflow)
+ def login_from_basic_auth
+ return if logged_in?
+ unless (credentials = get_auth_data).first.nil?
+ self.current_user = User.authenticate(credentials[0], credentials[1])
+ end
+ end
+
private
@@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
# gets BASIC auth info