How to Set Up Simple Http Authentication for a Ruby on Rails App on Heroku

  • Home
  • Languages
  • Ruby
  • How to Set Up Simple Http Authentication for a Ruby on Rails App on Heroku

Is there a way to set up simple http authentication for a Ruby on Rails app on heroku?

Absolutely. The simplest solution is to just put something in your application controller that uses Rails's built in basic auth support (see here: http://railscasts.com/episodes/82-http-basic-authentication) and just wrap it in a conditional for your Rails.env. Note that on Heroku, by default the RAILS_ENV is set to production, but you can change this for your non-production apps using heroku config (http://docs.heroku.com/config-vars).

You could also consider installing some roadblock-style Rack middleware, but I'd just go with the above.

HTTP basic auth for Rack::Static app on Heroku

use Rack::Static, 
  :urls => ["/stylesheets", "/images", "/javascripts"],
  :root => "public"

#SOLUTION:
use Rack::Auth::Basic, "Restricted Area" do |username, password|
  [username, password] == ['admin', 'admin']
end

run lambda { |env|
  [
    200, 
    {
      'Content-Type'  => 'text/html', 
      'Cache-Control' => 'public, max-age=86400' 
    },
    File.open('public/index.html', File::RDONLY)
  ]
}

Doing a Http basic authentication in rails

Write the below code, in the controller which you want to restrict using http basic authentication

class ApplicationController < ActionController::Base
  http_basic_authenticate_with :name => "user", :password => "password" 
end

Making a request with open-uri would look like this:

require 'open-uri'

open("http://www.your-website.net/", 
  http_basic_authentication: ["user", "password"])

How can I keep my Heroku application private?

My cheap solution has been implementing a before_filter to request an HTTP authentication before every action is executed.

This solution works well along other authentication layers – Devise or others.

USERS = { "user" => "secret" }

before_filter :authenticate

def authenticate
  authenticate_or_request_with_http_digest("Application") do |name|
    USERS[name]
  end
end

Whenever other peers land at yourdomain.heroku.com, they are asked for HTTP authentication, later for other authentication if in place.

How do you configure a Heroku Rack/Rails app to authenticate the client certificate of an incoming request?

In short, you can't, since we don't have control of the http layer (thin or the routing mesh) in the stack.

An alternative is to authenticate one's requests simply using a custom request header.


Related Topics

Heroku and Rails: Gem Load Error with Postgres, However It Is Specified in Gemfile

Why Does Ruby /[[:Punct:]]/ Miss Some Punctuation Characters

Rails - Whenever Gem - Dynamic Values

How to Set Http_Referer When Testing in Rails

Base64 Photo and Paperclip -Rails

Is There Goto Statement in Ruby

Why Do I Get a Bcrypt-Ruby Gem Install Error

Can You Eval Code in the Context of a Caller in Ruby

Rails on Windows - Install Issue

How to Dynamically Alter Inheritance in Ruby

Add "# Coding: Utf-8" to All Files

Portable Ruby on Rails Environment

Variable Scope and Order of Parsing VS. Operations: Assignment in an "If"

How to Iterate Activerecord Attributes, Including Attr_Accessor Methods

How to Capture Values in Command Line and Add to Recipe

Rails with Ruby-Debugger Throw 'Symbol Not Found: _Ruby_Current_Thread (Loaderror)'

Get the Value of an Instance Variable Given Its Name

Create_Or_Update Method in Rails


Leave a reply



Submit