Type:
Module
Makes it dead easy to do HTTP Basic authentication.
Simple Basic example
1 2 3 4 5 6 7 8 9 10 11 | class PostsController < ApplicationController http_basic_authenticate_with name: "dhh", password: "secret", except: :index def index render plain: "Everyone can see me!" end def edit render plain: "I'm only accessible if you know the password" endend |
Advanced Basic example
Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, the regular HTML interface is protected by a session approach:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | class ApplicationController < ActionController::Base before_action :set_account, :authenticate protected def set_account @account = Account.find_by(url_name: request.subdomains.first) end def authenticate case request.format when Mime::XML, Mime::ATOM if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) } @current_user = user else request_http_basic_authentication end else if session_authenticated? @current_user = @account.users.find(session[:authenticated][:user_id]) else redirect_to(login_url) and return false end end endend |
In your integration tests, you can do something like this:
1 2 3 4 5 6 7 8 | def test_access_granted_from_xml get( "/notes/1.xml", nil, 'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password) ) assert_equal 200, statusend |