I have a Rails app that shows catalogs of images. The images are generated by a CGI that requires REMOTE_USER to be set. This is accomplished by protecting the CGI folder with Basic Auth. I can see how to implement Basic Auth in Rails, and this looks like it will then allow Rails to reference the images (as long as my authenticated Rails user matches a realm user). The problem is, I''d like the option of emailing direct links to some images, so that the recipient can click on a url to view a single image (this can be inside a Rails template). In this case, I don''t want the user to be challenged - some component of the url can be decoded to determine who the user is. Is there any way to "silently" set the authentication credentials, or set the REMOTE_USER on the fly so the CGI sees it and executes? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 2/8/07, Brian Ablaza <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > I have a Rails app that shows catalogs of images. The images are > generated by a CGI that requires REMOTE_USER to be set. This is > accomplished by protecting the CGI folder with Basic Auth. > > I can see how to implement Basic Auth in Rails, and this looks like it > will then allow Rails to reference the images (as long as my > authenticated Rails user matches a realm user). The problem is, I''d like > the option of emailing direct links to some images, so that the > recipient can click on a url to view a single image (this can be inside > a Rails template). In this case, I don''t want the user to be challenged > - some component of the url can be decoded to determine who the user is. > > Is there any way to "silently" set the authentication credentials, or > set the REMOTE_USER on the fly so the CGI sees it and executes?Yes, to preset basic authentication you can do this as part of the url like so http://user:password-eH01erlM755ZAIG4hdpdiNBPR1lH4CV8@public.gmane.org/foo/bar The user and password will be used for basic authentication. This is part of the http spec, so it is supported by all major browsers. So you can email out links with the authentication in it and they should work as if they had authenticated manually. You can also use these as links bookmarks (of course they are not securely stored since anyone can click on them to use). Blessings, Jeff -- Jeff Barczewski, MasterView core team Inspired Horizons Ruby on Rails Training and Consultancy Next Ruby on Rails plus JRuby workshop Feb 22-24 St. Louis, MO http://inspiredhorizons.com/training/rails/index.html Limited seating, register now! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Brian Ablaza wrote:> Is there any way to "silently" set the authentication credentials, or > set the REMOTE_USER on the fly so the CGI sees it and executes?Write a controller that uses send_file in response to one of these special URLs. Put a key in the URL that you retire after some time limit, such as 24 hours. Then remove the login requirements for that controller. -- Phlip http://www.greencheese.us/ZeekLand <-- NOT a blog!!! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---