Static authentication && authorization in rails
Rails3 only Add the following line to your Gemfile:
gem 'static_auth'
models/admin_session.rb
class AdminSession < StaticAuth::Session
roles :admin, :manager
password_for :admin, "123456"
password_for :manager, proc { "123456".reverse }
set_encryption_method :md5
end
controllers/admin/index_controller.rb
def index
@session = AdminSession.new(session)
render :template => @session.authorized? ? "admin/index" : "admin/index/login"
end
def login
@session = AdminSession.new(session)
@session.attributes = params[:admin_session]
@session.save
if @session.authorized?
redirect_to admin_path
else
render :template => "admin/index/login"
end
end
def logout
@session.logout_all
redirect_to admin_path
end
views/admin/login.html.erb
= form_for @session do |s|
= s.text_field :role
= s.text_field :password
= s.submit "Login"
class AdminSession < StaticAuth::Session roles :admin, :manager password_for :admin, "123456" password_for :manager, proc { "123456".reverse } # It always receives a string encryption_methods[:custom] = proc { |value| MD5::md5(value + "secret salt") } set_encryption_method :custom # Default methods: :plain, :md5, :sha1 end
-
Salting
-
BCrypt