How To: Use HTTP Auth Basic with Devise

Chad Ostrowski edited this page Jun 24, 2015 · 6 revisions
Clone this wiki locally

NOTE: HTTP Basic authentication is implemented by Devise so the only code required is a call to authenticate_user! in your controller (which will authenticate both login form users and http basic auth users). See for instructions.

The following is a sample for a Api Controller that will allow http basic and run it through your existing devise configuration.

class Api::ApiController < ApplicationController

  before_filter :check_auth

  def check_auth
    authenticate_or_request_with_http_basic do |username,password|
      resource = User.find_by_email(username)
      if resource.valid_password?(password)
        sign_in :user, resource



If you're not using session store and you want to authenticate with HTTP Basic in your tests, try something like this:

def sign_in_basic(user)
  request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user.password, "password")

This assumes that the user's password has been set to "password". If you're using fixtures, you can do this with

  email: ''
  encrypted_password: <%= Devise.bcrypt(User, 'password') %>