What Is a Very Simple Authentication Scheme for Sinatra/Rack

What is a very simple authentication scheme for Sinatra/Rack

Here is a very simple authentication scheme for Sinatra.

I’ll explain how it works below.

class App < Sinatra::Base
  set :sessions => true

  register do
    def auth (type)
      condition do
        redirect "/login" unless send("is_#{type}?")
      end
    end
  end

  helpers do
    def is_user?
      @user != nil
    end
  end

  before do
    @user = User.get(session[:user_id])
  end

  get "/" do
    "Hello, anonymous."
  end

  get "/protected", :auth => :user do
    "Hello, #{@user.name}."
  end

  post "/login" do
    session[:user_id] = User.authenticate(params).id
  end

  get "/logout" do
    session[:user_id] = nil
  end
end

For any route you want to protect, add the :auth => :user condition to it, as in the /protected example above. That will call the auth method, which adds a condition to the route via condition.

The condition calls the is_user? method, which has been defined as a helper. The method should return true or false depending on whether the session contains a valid account id. (Calling helpers dynamically like this makes it simple to add other types of users with different privileges.)

Finally, the before handler sets up a @user instance variable for every request for things like displaying the user’s name at the top of each page. You can also use the is_user? helper in your views to determine if the user is logged in.

when specifice page in url, sinatra not enforcing authentication

probably the static files are served before your routes. Don't put those .htm files into the public folder and everything will work out nicely.

Philip

Rack.session cookie not being deleted even after /logout code runs in Sinatra

session.clear will remove the session vars. You'll still see a session in chrome because it is set by Rack::Session::Cookie middleware after your action has run, but that is just a blank session.

Sinatra HTTP Basic Authentication get user and keep to use inside routes

If HTTP Authentication is enforced, the user's name is available in the request object, for instance:

use Rack::Auth::Basic,"Protected Area" do |username, password|
  User.validate username, password
end

get '/' do
  user = request.env["REMOTE_USER"]
  "Hello, #{user}"
end

Please note that the HTTP authentication scheme can be awkward to use, you might want to consider using sessions instead.


Related Topics

Activerecord::Recordnotfound in Articlescontroller#Show Couldn't Find Article Without an Id

Ruby - Permutation Between Elements of an Array

How to Prevent My Users to Read My Ruby Code

How to Access Ruby Method Inside Module and Inside a Class from Another .Rb File

How to Set Text Area Properties Inside Controller Page Using Ror

Rails How to Use Associated Model with the Admin Namespace

Rails App Has Trouble with Inter-Model Saving

API Post with Array Using Http Gem (Or Restclient)

Ruby Project Help. Can't Get Saved Instances from Array

Running Rake Task from Within War File

How to Install Version Specified Ruby Using Apt

When Joining Table, Rails Anyway Makes Additional Request When Accessing Fields from Joined Table

How to Give a Date a Background Color with Axlsx

Receving the Undefined Method 'Generators' Error

Chef: Undefined Node Attribute or Method '<<' on 'Node' When Trying to Add

Rspec - How to Test Activerecord::Recordnotfound

Ruby Devise, Sessionscontroller.Create, JSON - Getting Nameerror: Undefined 'Build_Resource'

Rails Generate Scaffold Error


Leave a reply



Submit