What is a very simple authentication scheme for Sinatra/Rack
Here is a very simple authentication scheme for Sinatra.
I’ll explain how it works below.
class App < Sinatra::Base
set :sessions => true
register do
def auth (type)
condition do
redirect "/login" unless send("is_#{type}?")
end
end
end
helpers do
def is_user?
@user != nil
end
end
before do
@user = User.get(session[:user_id])
end
get "/" do
"Hello, anonymous."
end
get "/protected", :auth => :user do
"Hello, #{@user.name}."
end
post "/login" do
session[:user_id] = User.authenticate(params).id
end
get "/logout" do
session[:user_id] = nil
end
end
For any route you want to protect, add the :auth => :user
condition to it, as in the /protected
example above. That will call the auth
method, which adds a condition to the route via condition
.
The condition calls the is_user?
method, which has been defined as a helper. The method should return true or false depending on whether the session contains a valid account id. (Calling helpers dynamically like this makes it simple to add other types of users with different privileges.)
Finally, the before
handler sets up a @user
instance variable for every request for things like displaying the user’s name at the top of each page. You can also use the is_user?
helper in your views to determine if the user is logged in.
when specifice page in url, sinatra not enforcing authentication
probably the static files are served before your routes. Don't put those .htm files into the public folder and everything will work out nicely.
Philip
Rack.session cookie not being deleted even after /logout code runs in Sinatra
session.clear
will remove the session vars. You'll still see a session in chrome because it is set by Rack::Session::Cookie middleware after your action has run, but that is just a blank session.
Sinatra HTTP Basic Authentication get user and keep to use inside routes
If HTTP Authentication is enforced, the user's name is available in the request object, for instance:
use Rack::Auth::Basic,"Protected Area" do |username, password|
User.validate username, password
end
get '/' do
user = request.env["REMOTE_USER"]
"Hello, #{user}"
end
Please note that the HTTP authentication scheme can be awkward to use, you might want to consider using sessions instead.
Related Topics
Activerecord::Recordnotfound in Articlescontroller#Show Couldn't Find Article Without an Id
Ruby - Permutation Between Elements of an Array
How to Prevent My Users to Read My Ruby Code
How to Access Ruby Method Inside Module and Inside a Class from Another .Rb File
How to Set Text Area Properties Inside Controller Page Using Ror
Rails How to Use Associated Model with the Admin Namespace
Rails App Has Trouble with Inter-Model Saving
API Post with Array Using Http Gem (Or Restclient)
Ruby Project Help. Can't Get Saved Instances from Array
Running Rake Task from Within War File
How to Install Version Specified Ruby Using Apt
When Joining Table, Rails Anyway Makes Additional Request When Accessing Fields from Joined Table
How to Give a Date a Background Color with Axlsx
Receving the Undefined Method 'Generators' Error
Chef: Undefined Node Attribute or Method '<<' on 'Node' When Trying to Add
Rspec - How to Test Activerecord::Recordnotfound
Ruby Devise, Sessionscontroller.Create, JSON - Getting Nameerror: Undefined 'Build_Resource'