Has anyone started or discussed adding in HTTP Basic/Digest Authentication support to Rails (or the LoginGenerator)? I am writing a WebService which needs to support authentication and I''d rather use HTTP authentication headers instead of rolling my own. Josh
On Thursday 24 March 2005 01:38 pm, Josh Knowles wrote:> Has anyone started or discussed adding in HTTP Basic/Digest > Authentication support to Rails (or the LoginGenerator)? I am writing > a WebService which needs to support authentication and I''d rather use > HTTP authentication headers instead of rolling my own.We are running a couple of different local applications with Rails, and I set all of them up to authenticate via Apache''s mod_auth_ldap (in my Apache .conf files). After the user authenticates, @params.env["REMOTE_USER"] contains his/her username. Beyond that, I''m not sure how to further integrate this into Rails.
I would like to set up users/groups/roles such that a given user has permission to execute a given method etc. Would need to bring it down to the Rails level since it isn''t just a global allow/deny. On Thu, 24 Mar 2005 17:47:22 -0500, Caleb Tennis <caleb-PfRr3eUzJn1Wk0Htik3J/w@public.gmane.org> wrote:> On Thursday 24 March 2005 01:38 pm, Josh Knowles wrote: > > Has anyone started or discussed adding in HTTP Basic/Digest > > Authentication support to Rails (or the LoginGenerator)? I am writing > > a WebService which needs to support authentication and I''d rather use > > HTTP authentication headers instead of rolling my own. > > We are running a couple of different local applications with Rails, and I set > all of them up to authenticate via Apache''s mod_auth_ldap (in my Apache .conf > files). After the user authenticates, @params.env["REMOTE_USER"] contains > his/her username. > > Beyond that, I''m not sure how to further integrate this into Rails. > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Take a look at... http://wiki.rubyonrails.com/rails/show/ACLController Arnold Josh Knowles wrote:>I would like to set up users/groups/roles such that a given user has >permission to execute a given method etc. Would need to bring it down >to the Rails level since it isn''t just a global allow/deny. > > >On Thu, 24 Mar 2005 17:47:22 -0500, Caleb Tennis <caleb-PfRr3eUzJn1Wk0Htik3J/w@public.gmane.org> wrote: > > >>On Thursday 24 March 2005 01:38 pm, Josh Knowles wrote: >> >> >>>Has anyone started or discussed adding in HTTP Basic/Digest >>>Authentication support to Rails (or the LoginGenerator)? I am writing >>>a WebService which needs to support authentication and I''d rather use >>>HTTP authentication headers instead of rolling my own. >>> >>> >>We are running a couple of different local applications with Rails, and I set >>all of them up to authenticate via Apache''s mod_auth_ldap (in my Apache .conf >>files). After the user authenticates, @params.env["REMOTE_USER"] contains >>his/her username. >> >>Beyond that, I''m not sure how to further integrate this into Rails. >>_______________________________________________ >>Rails mailing list >>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >>http://lists.rubyonrails.org/mailman/listinfo/rails >> >> >> >_______________________________________________ >Rails mailing list >Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >http://lists.rubyonrails.org/mailman/listinfo/rails > > >
I have not used rails yet but this is how I do http basic auth with
fastcgi 0.8.5 and Apache2. I don''t think you can do http auth in cgi
mode because apache will not pass the Authorization header.
# In httpd.conf add the following to pass the Authorization header:
FastCGIConfig -pass-header Authorization
# In the file called by apache:
FCGI.each do |req|
# do stuff with req
end
# Auth file
require ''base64''
if req.env.has_key?(''Authorization'')
type, auth = req.env[''Authorization''].split(''
'')
user_name, password = Base64.decode64(auth).split('':'')
# do your login test
end
# here are the headers needed to prompt for basic auth:
WWW-Authenticate: Basic realm="Secure"
Status: 401 Unauthorized
Hope this helps. Sorry it is not rails-specific.
Dan
Josh Knowles wrote:
>I would like to set up users/groups/roles such that a given user has
>permission to execute a given method etc. Would need to bring it down
>to the Rails level since it isn''t just a global allow/deny.
>
>
>On Thu, 24 Mar 2005 17:47:22 -0500, Caleb Tennis
<caleb-PfRr3eUzJn1Wk0Htik3J/w@public.gmane.org> wrote:
>
>>On Thursday 24 March 2005 01:38 pm, Josh Knowles wrote:
>>
>>>Has anyone started or discussed adding in HTTP Basic/Digest
>>>Authentication support to Rails (or the LoginGenerator)? I am
writing
>>>a WebService which needs to support authentication and I''d
rather use
>>>HTTP authentication headers instead of rolling my own.
>>>
>>We are running a couple of different local applications with Rails, and
I set
>>all of them up to authenticate via Apache''s mod_auth_ldap (in
my Apache .conf
>>files). After the user authenticates,
@params.env["REMOTE_USER"] contains
>>his/her username.
>>
>>Beyond that, I''m not sure how to further integrate this into
Rails.
>>_______________________________________________
>>Rails mailing list
>>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>>http://lists.rubyonrails.org/mailman/listinfo/rails
>>
>>
>_______________________________________________
>Rails mailing list
>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>http://lists.rubyonrails.org/mailman/listinfo/rails
>
Hi all. I''m trying to use rails to put a simple calendar entry form on top of a typo3 database. The typo3 schema represents the date as an int(11) in mysql. I''d like it to be treated as a ruby Date so I can use the view date_select coolness. I''d also like to be able to just create my calendar event object with something like CalendarEvent.new @params[''event'']. In other words, the model should present the date as a Date and hide the fact that it''s some other format in the database. If there''s existing material on such techniques, can you point me to it, I''ll do my homework and report back? Otherwise, can someone explain the "rails way" here? I have only been able to get this to work through changes to the controller (digging out the form params and creating an integer for the date attribute). I''d like to contain the integration in the model. Overriding the accessor methods for the date attribute help me on the reading side, but not on the writing side. The date_select helper puts three params into the create request. If you throw all those into the ActiveRecord, I think it doesn''t know what to do with them, since it doesn''t know that my date is a Date, and not an integer. Is there a way to say "hey, rails! My attribute is a Date. Just go ahead and treat it like one, and I''ll worry about the translation into the schema!" Thanks! -Tim Harrison
The silence is deafening. :) Perhaps sharing my horrid hack solution will
move someone to have mercy and tell me the right way.
class CalendarController < ApplicationController
...<snip>
def create
# Lame way to deal with database integration
@event = CalendarEvent.new
@event.set_from_hash @params[''event'']
# This is how it *should* be done if the model was correct.
# @event = CalendarEvent.new @params[''event'']
if @event.save
redirect_to :action => ''list''
else
render_action ''new''
end
end
...<snip>
end
class CalendarEvent < ActiveRecord::Base
...<snip>
# Turns the integer representation into a date object.
def start_date
iTime = read_attribute("start_date")
if iTime == 0
Date.today
else
aTime = Time.at iTime
Date.civil aTime.year, aTime.month, aTime.day
end
end
def set_start_date (y, m, d)
aTime = Time.local y, m, d
write_attribute "start_date", aTime.to_i
end
# Lame way to deal with translation from date to integer.
def set_from_hash (params)
# Step through each param. If it''s the horrid start date
# thing, then we munge it. Otherwise, we just set the attribute.
params.each_pair {
|key, value|
if key == ''start_date(1i)'' || key ==
''start_date(2i)'' || key =''start_date(3i)''
if key == ''start_date(1i)''
self.set_start_date value,
params[''start_date(2i)''],
params[''start_date(3i)'']
end
else
write_attribute key, value
end
}
end
...<snip>
end
I don''t know if this is the Rails (or Ruby for that matter) way, but I would be inclined to add a calculated property of type date to your model. Call your translation routines via the accessors for the new property. Your views would surface the new calculated model property. The accessors would keep the underlying integer representation synched, and Rails will keep your database synched. On Fri, 25 Mar 2005 11:17:04 -0800, Tim Harrison <typo3-5hEDEYGtluFWk0Htik3J/w@public.gmane.org> wrote:> > Hi all. I''m trying to use rails to put a simple calendar entry form on top > of a typo3 database. The typo3 schema represents the date as an int(11) in > mysql. I''d like it to be treated as a ruby Date so I can use the view > date_select coolness. I''d also like to be able to just create my calendar > event object with something like CalendarEvent.new @params[''event'']. In > other words, the model should present the date as a Date and hide the fact > that it''s some other format in the database. > > If there''s existing material on such techniques, can you point me to it, > I''ll do my homework and report back? Otherwise, can someone explain the > "rails way" here? > > I have only been able to get this to work through changes to the controller > (digging out the form params and creating an integer for the date > attribute). I''d like to contain the integration in the model. Overriding > the accessor methods for the date attribute help me on the reading side, but > not on the writing side. The date_select helper puts three params into the > create request. If you throw all those into the ActiveRecord, I think it > doesn''t know what to do with them, since it doesn''t know that my date is a > Date, and not an integer. Is there a way to say "hey, rails! My attribute > is a Date. Just go ahead and treat it like one, and I''ll worry about the > translation into the schema!" > > Thanks! > -Tim Harrison > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
I believe the aggregations feature in AR allows you to create a "native type" field automagically, converting to and from it when the record is saved or loaded. So if you add a method to Date to read your integer-represented table field you should be all set. http://rails.rubyonrails.com/classes/ActiveRecord/Aggregations/ ClassMethods.html I guess you can do a one-line mapping On 25-mrt-05, at 23:20, Tim Harrison wrote:> > The silence is deafening. :) Perhaps sharing my horrid hack solution > will > move someone to have mercy and tell me the right way. > >-- Julian "Julik" Tarkhanov