Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Authentication support #12

copiousfreetime opened this Issue · 12 comments

4 participants


All operations should have the ability to be authenticated against some system.


Would love to see this added.


As a short term measure, you could restrict access by IP address inside your


There are a couple of ways to add authentication to stickler.

  • use the ip address inside your or rack config as @lantins suggests
  • use http-auth ** first put in a middleware before stickler that implements httpauth ** And then on the normal gem command side of things, you can update your gem server uri to use http auth with a uri like

I don't know if the stickler specific commands will work with that yet, but I'll get some time this month to play around with it and see what it would take.


Last time I tried HTTP-AUTH it didn't work, I was unable to upload new gems.
Downloading worked no problem though.

n.b. that was several months ago.


@lantins good to know, thanks.


@copiousfreetime I can confirm that http auth (nginx in our case) blocks any sort of upload command.

It looks like the fix is that you have to specify the basic auth portion as a header. For example,

require 'base64'

login = Base64.urlsafe_encode64("user:qwerty123")
c ='http://localhost/path')
puts c.request(:method => :get, :headers => {'Authorization' => "Basic #{login}"})

I've just committed c3580d4 and pushed version v2.2.0 to rubygems. Please update and let me know if it all works.

This just updates stickler to be able to use HTTP Basic Auth on the client side. Use --server http://user:password@host:port/ on the commandline or :server: http://user:password@host:port/ in your ~/.gem/stickler file and it should work.

Please reopen this issue if there are any problems.


Make that version 2.2.2 that was released, I had a couple of release issues.


I'm still having an issue. My looks like:

require 'rubygems'
require 'stickler'

users = {'foo' => 'bar'}
use Rack::Auth::Basic, 'Stickler' do |username, password|
  users.key?(username) && users[username] == password

stickler_dir = File.expand_path(File.join(File.dirname( __FILE__ ), "public"))

~/.gem/stickler looks like:


I ran:

∴ stickler mirror rails --gem-version 3.1.3

And get the following output:

Asking to mirror rails-3.1.3 from : ERROR ->

No error message is shown, and there doesn't seem to be anything useful in the thin logs.


Sounds good, I will do my best to duplicated it and see what happens.


I can duplicate your issue @anveo. I'm working on a fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.