Ruby
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
test
README
Rakefile
init.rb

README

Http Authentication
===================

Makes it dead easy to do HTTP Basic authentication.

Simple Basic example:

class PostsController < ApplicationController
  USER_NAME, PASSWORD = "dhh", "secret"
  
  before_filter :authenticate, :except => [ :index ]
  
  def index
    render :text => "Everyone can see me!"
  end
  
  def edit
    render :text => "I'm only accessible if you know the password"
  end
  
  private
    def authenticate
      authenticate_or_request_with_http_basic do |user_name, password| 
        user_name == USER_NAME && password == PASSWORD
      end
    end
end


Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, 
the regular HTML interface is protected by a session approach (NOTE: This example requires Rails Edge as 
it uses Request#format, which is not available in Rails 1.2.0):

class ApplicationController < ActionController::Base
  before_filter :set_account, :authenticate

  protected
    def set_account
      @account = Account.find_by_url_name(request.subdomains.first)
    end
  
    def authenticate
      case request.format
      when Mime::XML, Mime::ATOM
        if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) }
          @current_user = user
        else
          request_http_basic_authentication
        end
      else
        if session_authenticated?
          @current_user = @account.users.find(session[:authenticated][:user_id])
        else
          redirect_to(login_url) and return false
        end
      end
    end
end


In your integration tests, you can do something like this:
  
  def test_access_granted_from_xml
    get(
      "/notes/1.xml", nil, 
      :authorization => HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
    )

    assert_equal 200, status
  end


Todo:

* Implement Digest authentication scheme (be a hero, implement it!)


References:

* HTTP Authentication, RFC 2617: http://www.ietf.org/rfc/rfc2617.txt?number=2617


Copyright (c) 2006 David Heinemeier Hansson, released under the MIT license