technoweenie / mephisto fork watch download tarball
public
Fork of halorgium/mephisto
Description: A mirror of the mephisto code-base
Homepage: http://mephistoblog.com/
Clone URL: git://github.com/technoweenie/mephisto.git
Click here to lend your support to: mephisto and make a donation at www.pledgie.com ! 
added basic authentication to overview feed

git-svn-id: http://svn.techno-weenie.net/projects/mephisto/trunk@944 
567b1171-46fb-0310-a4c9-b4bef9110e78
technoweenie (author)
Sat Mar 04 12:28:52 -0800 2006
commit  8ae066fbd2f2c7313e01df683533d7728646ac1b
tree    b07d8ac8e671b8db06dcafa855d54d372b3e4a58
parent  8aea59b93ec3866d0ac63e30e98e63d5bee3ad11
0
app/controllers/admin/base_controller.rb 
...
1
2
3
 
4
5
6
 
...
1
2
 
3
4
5
6
 
0
@@ -1,6 +1,6 @@
0
 class Admin::BaseController < ApplicationController
0
   include AuthenticatedSystem
0
-  before_filter :login_required
0
+  before_filter :login_required, :except => :feed
0
 
0
   def find_templates_and_resources!
0
     @resources, @templates = Attachment.find(:all, :conditions => ['type in (?)', %w(Resource Template LayoutTemplate)], :order => 'filename').partition do |asset|
0
app/controllers/admin/overview_controller.rb 
...
1
2
 
3
4
5
 
...
1
2
3
4
5
6
 
0
@@ -1,5 +1,6 @@
0
 class Admin::OverviewController < Admin::BaseController
0
   before_filter :current_site
0
+  before_filter :basic_auth_required, :only => :feed
0
   
0
   def index
0
     @users = User.find(:all)
0
lib/authenticated_system.rb 
...
105
106
107
 
 
 
 
 
 
 
 
 
 
 
 
108
109
110
111
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
112
113
 
...
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
0
@@ -105,8 +105,40 @@ module AuthenticatedSystem
0
     session[:return_to] = nil
0
   end
0
 
0
+  def basic_auth_required(realm='Web Password', error_message="Could't authenticate you") 
0
+    username, passwd = get_auth_data
0
+    # check if authorized
0
+    # try to get user
0
+    unless session[:user] = User.authenticate(username, passwd) 
0
+      # the user does not exist or the password was wrong
0
+      headers["Status"] = "Unauthorized"
0
+      headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
0
+      render :text => error_message, :status => '401 Unauthorized'
0
+    end 
0
+  end 
0
+
0
   # adds ActionView helper methods
0
   def self.included(base)
0
     base.send :helper_method, :current_user, :logged_in?
0
   end
0
+
0
+  private
0
+  # gets BASIC auth info
0
+  def get_auth_data
0
+    user, pass = '', '' 
0
+    # extract authorisation credentials 
0
+    if request.env.has_key? 'X-HTTP_AUTHORIZATION' 
0
+      # try to get it where mod_rewrite might have put it 
0
+      authdata = request.env['X-HTTP_AUTHORIZATION'].to_s.split 
0
+    elsif request.env.has_key? 'HTTP_AUTHORIZATION' 
0
+      # this is the regular location 
0
+      authdata = request.env['HTTP_AUTHORIZATION'].to_s.split  
0
+    end 
0
+     
0
+    # at the moment we only support basic authentication 
0
+    if authdata and authdata[0] == 'Basic' 
0
+      user, pass = Base64.decode64(authdata[1]).split(':')[0..1] 
0
+    end 
0
+    return [user, pass] 
0
+  end
0
 end
0
\ No newline at end of file
0
test/functional/admin/overview_controller_test.rb 
...
25
26
27
28
 
 
 
 
 
 
 
29
30
31
 
...
25
26
27
 
28
29
30
31
32
33
34
35
36
37
 
0
@@ -25,7 +25,13 @@ class Admin::OverviewControllerTest < Test::Unit::TestCase
0
     assert_response :success
0
   end
0
 
0
-  def test_should_not_explode_on_feed
0
+  def test_should_require_http_auth_on_feed
0
+    get :feed
0
+    assert_response 401
0
+  end
0
+
0
+  def test_should_require_http_auth_on_feed
0
+    @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("quentin:quentin")}"
0
     get :feed
0
     assert_response :success
0
   end

Comments

    No one has commented yet.