Hi all.
What I want to do:
use HTTP Basic Authentication (stop screaming!) and then redirect to a
welcome page.
What I am trying to do:
Use a before filter which will authenticate and then redirect to the
welcome page.
How I am failing (It’s a little ugly, but please bear with me - I’m
trying to understand how this works):
class ApplicationController < ActionController::Base
helper :all
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
user = User.first(:conditions => [‘username like ? and password
like ?’, username, password])
redirect_to root_path and return unless user.nil?
user
end
end
end
How it is failing:
It tells me there’s a render and a redirect.
Can anyone suggest something here? Am I just … Thinking about it the
wrong way?
Aldric G. wrote:
Hi all.
What I want to do:
use HTTP Basic Authentication (stop screaming!) and then redirect to a
welcome page.
Is this an exercise for learning? If it’s not then why would you even
consider solving this already solved problem.
Robert W. wrote:
Aldric G. wrote:
Hi all.
What I want to do:
use HTTP Basic Authentication (stop screaming!) and then redirect to a
welcome page.
Is this an exercise for learning? If it’s not then why would you even
consider solving this already solved problem.
GitHub - binarylogic/authlogic: A simple ruby authentication solution.
Yes… Yes it is. I’d love to be using authlogic. 
Hi,
You might want to check out this railscast tutorial
(#82 HTTP Basic Authentication - RailsCasts).
The authenticate_or_request_with_http_basic method is expecting the
block to return true or false and will send an auth required status if
false. It should be ok to return the user object (ie the line after the
redirect_to …) as this should equate to true or false. I’m not sure
what value it will return in the line ‘redirect_to root_path and return
unless user.nil?’. There is also the problem that this before filter
will endlessly redirect users to root_path, unless you’ve told it to not
authenticate the root_path controller’s index action, which may be a
security issue. You may want to set a session var on a successful
authentication and then add an early out at the beginning if the session
var is set, so the authentication and redirect_to is only done once.
Then there’s other issues like only storing passwords in hashed form
using a salt value etc. Maybe something like the following untested
code.
def authenticate
return unless session[:user_id].nil?
authenticate_or_request_with_http_basic do |username, password|
user = User.first(:conditions => [‘username like ? and password like
?’, username, password])
if user
session[:user_id] = user.id
redirect_to root_path
true
else
false
end
end
end
I hope this helps. I look forward to hearing how you go.
PS. There is nothing wrong with basic authentication if you’ve enabled
SSL.
Brendan Brewster wrote:
Hi,
def authenticate
return unless session[:user_id].nil?
authenticate_or_request_with_http_basic do |username, password|
user = User.first(:conditions => [‘username like ? and password like
?’, username, password])
if user
session[:user_id] = user.id
redirect_to root_path
true
else
false
end
end
end
Hi Brendan, I had indeed seen that railscasts episode. It helped, but
didn’t say anything about the redirection.
As far as your suggested code, it was exactly what the doctor ordered!
Thanks for your help. I understand this a little better now.