using htaccess password protection on rails?
Rails has a built-in helper for this, you could place this in your application controller:
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):
before_filter :authenticate
This method works on Nginx as well as Apache, which is an added bonus. It doesn't, however, work if you have full page caching enabled - as the visitor never hits the Rails stack; it won't kick in.
Edit
Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:
/app/controllers/admin/admin_controller.rb
class Admin::AdminController < ApplicationController
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
end
Then have all your controllers extend the admin controller, eg:
class Admin::ThingsController < Admin::AdminController
My routes are setup like so:
map.namespace :admin do |admin|
admin.resources :things
end
Hope that helps.
Mimic .htaccess or some other type of password protecting with webrick
You can restrict access by using Rack based basic auth
or IP white listing
Basic Auth
Add the following to your config/environments/development.rb
config.middleware.use Rack::Auth::Basic, "Beta Access" do |username, password|
'secret' == password
end
IP White Listing
I found two gems for this purpose:
rack-auth-ip
rack-ip-whitelist
I would use rack-auth-ip
as it has been there for some time. Add the following to your config/environments/development.rb
config.middleware.use Rack::Auth::IP, %w( YourIPAddress )
Now, the instance is accessible only if the originating IP is in the white list.
.htaccess: if statement to disable password protection if get parameter is set
<If "%{QUERY_STRING} != /^access_token$/">
The Internal Server Error might be caused by the use of the !=
(not-equal) operator as used with strings instead of the !~
(not-match) operator to compare against the regex. For example, it should read:
<If "%{QUERY_STRING} !~ /^access_token$/">
Although this is naturally successful when the QUERY_STRING
is not exactly access_token
. The access token value is omitted. So, maybe you also need /^access_token=12345$/
.
Can I protect with a .htaccess file some routes with sinatra?
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
<Files "protected.html">
Require valid-user
</Files>
If you want to use Sinatra for Authentication, check out this faq.
Password protecting a rails staging environment
bumping this to help others, like myself as I read this before settling on an similar, but cleaner solution.
# config/environments/staging.rb
MyApp::Application.configure do
config.middleware.insert_after(::Rack::Lock, "::Rack::Auth::Basic", "Staging") do |u, p|
[u, p] == ['username', 'password']
end
#... other config
end
I wrote a short blog post about it.
Rake tests all fail after htaccess implementation
You can change your tests by including the Basic authentication, see this:
def test_should_get_index
@request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("username:password")
get :index
assert_response :success
assert_not_nil assigns(:articles)
end
Source: http://flip.netzbeben.de/2008/06/functional-test-for-http-authentication-in-rails-2/
Related Topics
How to Use Ruby Dbi's 'Select_All' VS 'Execute-Fetch/Each-Finish'
How to Use Ruby's Readlines.Grep for Utf-16 Files
Understanding the Fibonacci Sequence
God VS. Monit for Process Monitoring
Sort Array Returned by Activerecord by Date (Or Any Other Column)
Installing Ruby 1.9.1 on Ubuntu
Ruby - Can't Modify Frozen String (Typeerror)
How to Dump an Http Request from Within Sinatra
Rails: Testing Named Scopes with Rspec
Rspec: How to Test File Operations and File Content
How to Install Ruby on Rails 3 on Osx
In Ruby, What Structures Can a 'Rescue' Statement Be Nested In
What's the Best Way to Deploy a Jruby on Rails Application to Tomcat
How to Save Settings as a Hash in a External File
How to Flatten an Array of Arrays - But Not All the Way Down
Puppet/Facter "Could Not Retrieve Fact Fqdn": How to Fix or Circumvent