Doing a Http Basic Authentication in Rails

Doing a Http basic authentication in rails

Write the below code, in the controller which you want to restrict using http basic authentication

class ApplicationController < ActionController::Base
  http_basic_authenticate_with :name => "user", :password => "password" 
end

Making a request with open-uri would look like this:

require 'open-uri'

open("http://www.your-website.net/", 
  http_basic_authentication: ["user", "password"])

Rails http basic authentication for more than one user?

Figured out the answer. Just pass an array of USERS { .. etc } to a def end block and call it as needed.

def authenticate
  authenticate_or_request_with_http_digest do |username|
    USERS[username]
  end
end

How to change HTTP Basic Authentication form?

Unfortunately, you cannot change the name of the fields. HTTP Basic Auth is part of the HTTP specification and therefore the functionality is hardcoded into the browsers.

Setting the http header with basic authentication keys

I think it is what you are looking for:

 class SecretController < ApplicationController
   http_basic_authenticate_with :name => "frodo", :password => "thering"
   def index
     ...
   end
 end

You can also pass an exception for any particular action:

 http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index

There is also a RailsCasts about it.

EDIT - if your version of rails is prior to 3.1, you can create your own method:

class ApplicationController < ActionController::Base
USER, PASSWORD = 'dhh', 'secret'

before_filter :authentication_check, :except => :index

...

 private
  def authentication_check
   authenticate_or_request_with_http_basic do |user, password|
    user == USER && password == PASSWORD
   end
  end
end

Rails: How to add HTTP AUTH at custom action


class MyController < ApplicationController
  http_basic_authenticate_with name: "dhh", password: "secret", only: [:custom]

  def custom
    #I NEED HTTP AUTH ONLY HERE
  end
end

You can also call the auth directly in the action:

class MyController < ApplicationController
  def custom
    authenticate_or_request_with_http_basic do |username, password|
      username == "dhh" && password == "secret"
    end

    ...
  end
end

Here are the docs for more advanced usage: https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html

HTTP basic authentication over Devise

I found a way of doing this-->

http://username:password@test.com/users/list.json?

Rails HTTP Basic check for authenticated?

Use a session parameter accessible through a method defined in your ApplicationController.

class ApplicationController < BaseController

...

  def authorize
    session[:authorized] = true
  end

  def http_basic_authenticated?
    session[:authorized]
  end

  def end_session
    session[:authorized] = nil
  end

end

P.S. I'm not a security expert, so I can't comment on the suitability of using this in a production environment.

Ruby on Rails HTTP Basic Authentication

You can use the session hash which store data during your session( http://www.tutorialspoint.com/ruby-on-rails/rails-session-cookies.htm) I will recomend using the following tutorial with Http Basic Auth for generating the form: railscasts.com/episodes/21-super-simple-authentication

heres some code you could use

application_controller

  helper_method :admin?
  def authenticate
    authenticate_or_request_with_http_basic do |user_name, password|
      session[:user] = "admin" if user_name == 'admin' && password == 'password' 
    end
  end

private

  def admin?
    session[:user] == "admin"
  end

Is there any way to encrypt the Http basic authentication password in rails?

You probably want to use environment-variables for this :)
There's a gem (Like for everything basically): https://github.com/bkeepers/dotenv

In your .env file you'd have the following:

AUTHENTICATION_USERNAME="foo"
AUTHENTICATION_PASSWORD="bar"

Where as in your controller you write it like so:

http_basic_authenticate_with name: ENV['AUTHENTICATION_USERNAME'], password: ENV['AUTHENTICATION_PASSWORD'], except: [:new, :show, :edit, :create]

This way your code is completely separated from the actual information.
Make sure to not add the .env-file to your git-repository by adding this to your gitignore:

.env

So what this does is it'll load these variables you set up in .env into your existing environment variables. This way somebody needs to actually log into your server and get access to that particular file in order to get the username/password. And this should be more secure than having the username/password in plain text inside your controller ;)


Related Topics

Rails Form Validation Conditional Bypass

Reading and Updating Yaml File by Ruby Code

Force Browser to Download File Instead of Opening It

Ruby - Digest::Digest Is Deprecated; Use Digest

Ruby Regex Error: Incompatible Encoding Regexp Match (Ascii-8Bit Regexp with Utf-8 String)

301 Moved Permanently After S3 Uploading

What Does &: Mean in Ruby, Is It a Block Mixed with a Symbol

Trouble Yielding Inside a Block/Lambda

What's the Difference Between Rspec's Subject and Let? When Should They Be Used or Not

Trouble Comparing Time with Rspec

How to Ftp in Ruby Without First Saving the Text File

Loaderror Running Mongrel with Rails3 and Ruby 1.9.2

Order Products by Association Count

Use of Caret Symbol (^) in Ruby

Setter Method (Assignment) with Multiple Arguments

Error: Failed to Build Gem Native Extension (Ruby Extconf.Rb): MAC Osx

How Is a Local Variable Created Even When If Condition Evaluates to False in Ruby

Is There a 'Pipe' Equivalent in Ruby


Leave a reply



Submit