开发者

Rails: Basic Authentication with Authlogic

开发者 https://www.devze.com 2022-12-20 23:32 出处:网络
I\'m using Authlogic and I would like to implement Basic HTTP Authentication in my controller so I could define 开发者_StackOverflow社区which action requires authentication.

I'm using Authlogic and I would like to implement Basic HTTP Authentication in my controller so I could define 开发者_StackOverflow社区which action requires authentication.

I know how to do Basic HTTP Authentication authenticate_or_request_with_http_basic an before_filter, but I would like to here from other how to implement it with Authlogic plugin.

class ItemsController < ApplicationController  
  before_filter :authenticate , :only => [:index, :create]
  ...
end


I've had success with the following:

Define a filter method in application_controller.rb

def require_http_auth_user
  authenticate_or_request_with_http_basic do |username, password|
    if user = User.find_by_login(username) 
      user.valid_password?(password)
    else
      false
    end
  end
end

Then in your controller you can do the following:

  before_filter : require_http_auth_user

You can then use:

http://username:password@yoursite.com (i.e. http basic authentication)

Hope this helps.


Here is a great screencast that explains, step-by-step, how to use authlogic in your rails project.

Once authlogic is set up, define the following useful authentication-related helper methods in your Application Controller.

def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session = UserSession.find
end

def current_user
  return @current_user if defined?(@current_user)
  @current_user = current_user_session && current_user_session.record
end

def require_user
  unless current_user
    store_location
    flash[:notice] = "You must be logged in to access this page"
    redirect_to new_user_session_url
    return false
  end
end

def require_no_user
  if current_user
    store_location
    flash[:notice] = "You must be logged out to access this page"
    redirect_to root_url
    return false
  end
end

Once those methods are defined, you can specify actions that require the user to be logged in:

before_filter :require_user, :only => [:new, :edit]
0

精彩评论

暂无评论...
验证码 换一张
取 消