Rails - Mar 2009 - very simple authenticatation

Could someone help me with this. It *really* only needs to be this
simple. I don''t need user models or plugins etc.

I think it''s clear what I''d like (either admin or slt to
authenticate), but it''s obviously flawed and lets any username
password combination in!

  def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      name == "admin" || "slt" && password ==
"admin" || "slt"
    end
  end

I''ve also tried:

  def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      (name == "admin" && password == "admin") ||
(name == "slt" &&
password == "slt")
    end
  end

Thanks.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      name == "admin" || "slt" and password ==
"admin" || "slt"
    end
  end

Im pretty sure that should work. "and" is evaluated after && .
They''re
now equivalent - its a ruby thing.

If it still doesnt work:

  def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      (name == "admin" || "slt") and (password ==
"admin" || "slt")
    end
  end


I hope I understood your question correctly. :P
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

"Not" equivalent. Not "now".

I don''t understand how I manage to make those typos. It''s not
like I
forgot a letter or something - I actually use another word in place. 
Strange xD

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks for the suggestion.

I get the same problem. *Any* username or password is allowed.

So I can enter ''foo'' and no password and it let''s me
in.

Odd.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

johnsonmlw wrote:
[...]
> I get the same problem. *Any* username or password is allowed.
> 
> So I can enter ''foo'' and no password and it
let''s me in.
> 
> Odd.
Not odd at all.  The problem is that == binds tighter than ||, so that

user == ''admin'' || ''slt''

is equivalent to


(user == ''admin'') || ''slt''

This will return true if user is ''admin'', or
''slt'' in any other case.
It will never return false.

Best,
--
Marnen Laibow-Koser
http://www.marnen.org
marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

The logic is wrong. Try this:

def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      credentials = {''admin'' => ''admin'',
''slt'' => ''slt''}
      credentials[name] == pasword
    end
end

On your previous examples, your method was returning ''the last thing
evaluated'' (a Ruby thing), and in your case, that happened to be
''slt''. ''slt'', as a string, is not false,
which is why your method was
letting users in regardless of credentials.

Hardcoded credentials in any app are a terrible idea though...

On Mar 19, 5:07 pm, johnsonmlw
<johnson...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Thanks for the suggestion.
>
> I get the same problem. *Any* username or password is allowed.
>
> So I can enter ''foo'' and no password and it
let''s me in.
>
> Odd.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

johnsonmlw wrote:
> Thanks for the suggestion.
> 
> I get the same problem. *Any* username or password is allowed.
> 
> So I can enter ''foo'' and no password and it
let''s me in.
> 
> Odd.
So basically..:

  def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      true
    end
  end

?

I dont see how this can be useful to anyone though.. But that might just 
be me. lol
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      ["admin", "slt"].include?(name) and
["admin",
"slt"].include?(password)
    end
  end

Or the other way to interpret what you just said. Makes more sense :P
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---