HTTP Basic
authentication¶ ↑
Simple Basic
example¶ ↑
class PostsController < ApplicationController http_basic_authenticate_with name: "dhh", password: "secret", except: :index def index render plain: "Everyone can see me!" end def edit render plain: "I'm only accessible if you know the password" end end
Advanced Basic
example¶ ↑
Here is a more advanced Basic
example where only Atom feeds and the XML API
are protected by HTTP authentication. The regular HTML interface is protected by a session approach:
class ApplicationController < ActionController::Base before_action :set_account, :authenticate private def set_account @account = Account.find_by(url_name: request.subdomains.first) end def authenticate case request.format when Mime[:xml], Mime[:atom] if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) } @current_user = user else request_http_basic_authentication end else if session_authenticated? @current_user = @account.users.find(session[:authenticated][:user_id]) else redirect_to(login_url) and return false end end end end
In your integration tests, you can do something like this:
def test_access_granted_from_xml authorization = ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password) get "/notes/1.xml", headers: { 'HTTP_AUTHORIZATION' => authorization } assert_equal 200, status end
Namespace
Methods
- A
- D
- E
- H
- U
Instance Public methods
auth_param(request) Link
auth_scheme(request) Link
authenticate(request, &login_procedure) Link
authentication_request(controller, realm, message) Link
# File actionpack/lib/action_controller/metal/http_authentication.rb, line 138 def authentication_request(controller, realm, message) message ||= "HTTP Basic: Access denied.\n" controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.tr('"', "")}") controller.status = 401 controller.response_body = message end