Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
99 lines (72 sloc) 2.64 KB

Sinatra SimpleAuth Extension

Extends Sinatra with extension methods and routes for dealing with a simple authorization method. Both Sinatra application styles are supported: "Classic" and "Classy" (modular) style.

Installation

Since this is a fork of the original gem sources it is not released as a gem. You can build the gem yourself:

gem build sinatra-simple-auth.gemspec
gem install sinatra-simple-auth-0.1.1.gem

or you can install it from a local path or even from github through Bundler by adding one of these two lines to your Gemfile:

gem 'sinatra-simple-auth', :path => /path/to/sources
or
gem 'sinatra-simple-auth'. :git => 'git://github.com/uilgenstein/sinatra-simple-auth.git'

Usage for "Classic" style applications

require 'rubygems'
require 'sinatra'
require 'sinatra/simple_auth'

enable :sessions
set    :home, '/secure/' #where user should be redirected after successful authorization

def authorize(login, password)
  # return value will be saved in session[:user_id]
  login if login == 'bob' && password == 'secret
end

get '/login/?' do
  erb :login #page with logon form
end

get '/secure/?' do
  login_required #protected route, requires auth
  erb :secure
end

get '/' do
  if authorized? #helper method
    "Hello, your user id is: #{session[:user_id]}"
  else
    "Not authorized"
  end
end

Usage for "Classy" (modular) style applications

In your config.ru you can mount your proteceted app under a url prefix (e.g. /admin):

require 'rubygems'
require 'sinatra/base'
require 'admin_application
require 'public_application

map '/admin' do
  run AdminApplication
end

map '/' do
  run PublicApplication
end

Your protected application could then look something like this:

require 'sinatra/simple_auth'

class AdminApplication < Sinatra::Base
  register Sinatra::SimpleAuth

  enable :sessions
  set    :home, '/' # relative to url prefix from config.ru. 
                    # this is where user should be redirected after successful authorization

  def authorize(login, password)
    # return value will be saved in session[:user_id]
    login if login == 'bob' && password == 'secret
  end

  before do
    login_required unless request.path_info =~ /^\/login\/?$/
  end

  get '/login/?' do
    erb :login #page with logon form
  end

  get '/' do
    if authorized? #helper method
      "Hello, your user id is: #{session[:user_id]}"
    else
      "Not authorized"
    end
  end
end
Something went wrong with that request. Please try again.