How To: Use HTTP Auth Basic with Devise
Clone this wiki locally
NOTE: HTTP Basic authentication is implemented by Devise so the only code required is a call to authenticate_user! in your controller (which will authenticate both login form users and http basic auth users). See https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication for instructions.
The following is a sample for a Api Controller that will allow http basic and run it through your existing devise configuration.
class Api::ApiController < ApplicationController before_filter :check_auth def check_auth authenticate_or_request_with_http_basic do |username,password| resource = User.find_by_email(username) if resource.valid_password?(password) sign_in :user, resource end end end end
If you're not using session store and you want to authenticate with HTTP Basic in your tests, try something like this:
def sign_in_basic(user) request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user.password, "password") end
This assumes that the user's password has been set to
"password". If you're using fixtures, you can do this with
one: email: 'email@example.com' encrypted_password: <%= Devise.bcrypt(User, 'password') %>