0

During the course of attempting to implement token authentication in Rails, I ran into this behavior:

class AppController < ActionController::Base
    before_filter :restrict_access

    def restrict_access
      authenticate_or_request_with_http_token do |token, options|
        false
      end
    end

This will deny all requests, as expected.

However, if I change "false" to "return false", it accepts all requests.

def restrict_access
  authenticate_or_request_with_http_token do |token, options|
    return false
  end
end

How is that possible?

Improve this question

1 Answer 1

Reset to default
2

In order to deny the request, before_filter has to call redirect or render.

Now this is how this method looks like:

# File actionpack/lib/action_controller/metal/http_authentication.rb, line 389
def authenticate_or_request_with_http_token(realm = "Application", &login_procedure)
  authenticate_with_http_token(&login_procedure) || request_http_token_authentication(realm)
end

and what return false does here, is breaking out prematurely from the method (not just the block) before request_http_token_authentication being able to run, and that's the method which actually renders 403 page as shown here: http://apidock.com/rails/ActionController/HttpAuthentication/Token/authentication_request.

So you end up having something like this:

return(false) || request_http_token_authentication(realm)

instead of this:

false || request_http_token_authentication(realm)

That's why you shouldn't use return statements in blocks.

See more here: Using 'return' in a Ruby block

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

"That's why you shouldn't use return statements in blocks"- Exactly- I'm an idiot. Great answer, thanks.
return statements in blocks are fine, just you need to understand how to use them! There's more detail to be had here Returning from a Ruby proc: beware of where you land

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.