Hi all.
What I want to do:
use HTTP Basic Authentication (stop screaming!) and then redirect to a
welcome page.
What I am trying to do:
Use a before filter which will authenticate and then redirect to the
welcome page.
How I am failing (It''s a little ugly, but please bear with me -
I''m
trying to understand how this works):
class ApplicationController < ActionController::Base
helper :all
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
user = User.first(:conditions => [''username like ? and
password
like ?'', username, password])
redirect_to root_path and return unless user.nil?
user
end
end
end
How it is failing:
It tells me there''s a render and a redirect.
Can anyone suggest something here? Am I just .. Thinking about it the
wrong way?
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Aldric Giacomoni wrote:> Hi all. > What I want to do: > use HTTP Basic Authentication (stop screaming!) and then redirect to a > welcome page.Is this an exercise for learning? If it''s not then why would you even consider solving this already solved problem. http://github.com/binarylogic/authlogic -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Robert Walker wrote:> Aldric Giacomoni wrote: >> Hi all. >> What I want to do: >> use HTTP Basic Authentication (stop screaming!) and then redirect to a >> welcome page. > > Is this an exercise for learning? If it''s not then why would you even > consider solving this already solved problem. > > http://github.com/binarylogic/authlogicYes.. Yes it is. I''d love to be using authlogic. :) -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Hi,
You might want to check out this railscast tutorial
(http://railscasts.com/episodes/82-http-basic-authentication).
The authenticate_or_request_with_http_basic method is expecting the
block to return true or false and will send an auth required status if
false. It should be ok to return the user object (ie the line after the
redirect_to ...) as this should equate to true or false. I''m not sure
what value it will return in the line ''redirect_to root_path and return
unless user.nil?''. There is also the problem that this before filter
will endlessly redirect users to root_path, unless you''ve told it to
not
authenticate the root_path controller''s index action, which may be a
security issue. You may want to set a session var on a successful
authentication and then add an early out at the beginning if the session
var is set, so the authentication and redirect_to is only done once.
Then there''s other issues like only storing passwords in hashed form
using a salt value etc. Maybe something like the following untested
code.
def authenticate
return unless session[:user_id].nil?
authenticate_or_request_with_http_basic do |username, password|
user = User.first(:conditions => [''username like ? and password
like
?'', username, password])
if user
session[:user_id] = user.id
redirect_to root_path
true
else
false
end
end
end
I hope this helps. I look forward to hearing how you go.
PS. There is nothing wrong with basic authentication if you''ve enabled
SSL.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Brendan Brewster wrote:> Hi, > > > def authenticate > return unless session[:user_id].nil? > authenticate_or_request_with_http_basic do |username, password| > user = User.first(:conditions => [''username like ? and password like > ?'', username, password]) > if user > session[:user_id] = user.id > redirect_to root_path > true > else > false > end > end > end >Hi Brendan, I had indeed seen that railscasts episode. It helped, but didn''t say anything about the redirection. As far as your suggested code, it was exactly what the doctor ordered! Thanks for your help. I understand this a little better now. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.