Doing a Http basic authentication in rails
Write the below code, in the controller which you want to restrict using http basic authentication
class ApplicationController < ActionController::Base
http_basic_authenticate_with :name => "user", :password => "password"
end
Making a request with open-uri would look like this:
require 'open-uri'
open("http://www.your-website.net/",
http_basic_authentication: ["user", "password"])
Rails http basic authentication for more than one user?
Figured out the answer. Just pass an array of USERS { .. etc } to a def end block and call it as needed.
def authenticate
authenticate_or_request_with_http_digest do |username|
USERS[username]
end
end
How to change HTTP Basic Authentication form?
Unfortunately, you cannot change the name of the fields. HTTP Basic Auth is part of the HTTP specification and therefore the functionality is hardcoded into the browsers.
Setting the http header with basic authentication keys
I think it is what you are looking for:
class SecretController < ApplicationController
http_basic_authenticate_with :name => "frodo", :password => "thering"
def index
...
end
end
You can also pass an exception for any particular action
:
http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
There is also a RailsCasts about it.
EDIT - if your version of rails is prior to 3.1, you can create your own method:
class ApplicationController < ActionController::Base
USER, PASSWORD = 'dhh', 'secret'
before_filter :authentication_check, :except => :index
...
private
def authentication_check
authenticate_or_request_with_http_basic do |user, password|
user == USER && password == PASSWORD
end
end
end
Rails: How to add HTTP AUTH at custom action
class MyController < ApplicationController
http_basic_authenticate_with name: "dhh", password: "secret", only: [:custom]
def custom
#I NEED HTTP AUTH ONLY HERE
end
end
You can also call the auth directly in the action:
class MyController < ApplicationController
def custom
authenticate_or_request_with_http_basic do |username, password|
username == "dhh" && password == "secret"
end
...
end
end
Here are the docs for more advanced usage: https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html
HTTP basic authentication over Devise
I found a way of doing this-->
http://username:password@test.com/users/list.json?
Rails HTTP Basic check for authenticated?
Use a session parameter accessible through a method defined in your ApplicationController
.
class ApplicationController < BaseController
...
def authorize
session[:authorized] = true
end
def http_basic_authenticated?
session[:authorized]
end
def end_session
session[:authorized] = nil
end
end
P.S. I'm not a security expert, so I can't comment on the suitability of using this in a production environment.
Ruby on Rails HTTP Basic Authentication
You can use the session hash which store data during your session( http://www.tutorialspoint.com/ruby-on-rails/rails-session-cookies.htm) I will recomend using the following tutorial with Http Basic Auth for generating the form: railscasts.com/episodes/21-super-simple-authentication
heres some code you could use
application_controller
helper_method :admin?
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
session[:user] = "admin" if user_name == 'admin' && password == 'password'
end
end
private
def admin?
session[:user] == "admin"
end
Is there any way to encrypt the Http basic authentication password in rails?
You probably want to use environment-variables for this :)
There's a gem (Like for everything basically): https://github.com/bkeepers/dotenv
In your .env file you'd have the following:
AUTHENTICATION_USERNAME="foo"
AUTHENTICATION_PASSWORD="bar"
Where as in your controller you write it like so:
http_basic_authenticate_with name: ENV['AUTHENTICATION_USERNAME'], password: ENV['AUTHENTICATION_PASSWORD'], except: [:new, :show, :edit, :create]
This way your code is completely separated from the actual information.
Make sure to not add the .env-file to your git-repository by adding this to your gitignore:
.env
So what this does is it'll load these variables you set up in .env
into your existing environment variables. This way somebody needs to actually log into your server and get access to that particular file in order to get the username/password. And this should be more secure than having the username/password in plain text inside your controller ;)
Related Topics
Rails Form Validation Conditional Bypass
Reading and Updating Yaml File by Ruby Code
Force Browser to Download File Instead of Opening It
Ruby - Digest::Digest Is Deprecated; Use Digest
Ruby Regex Error: Incompatible Encoding Regexp Match (Ascii-8Bit Regexp with Utf-8 String)
301 Moved Permanently After S3 Uploading
What Does &: Mean in Ruby, Is It a Block Mixed with a Symbol
Trouble Yielding Inside a Block/Lambda
What's the Difference Between Rspec's Subject and Let? When Should They Be Used or Not
Trouble Comparing Time with Rspec
How to Ftp in Ruby Without First Saving the Text File
Loaderror Running Mongrel with Rails3 and Ruby 1.9.2
Order Products by Association Count
Use of Caret Symbol (^) in Ruby
Setter Method (Assignment) with Multiple Arguments
Error: Failed to Build Gem Native Extension (Ruby Extconf.Rb): MAC Osx
How Is a Local Variable Created Even When If Condition Evaluates to False in Ruby