I want to protect my admins controller with a password. I added this:
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "user" && password == "pass!"
end
end
Into admins_controller.rb but when I visit any admins route like /admins or /admins/sign_in or admins/sign_up, no dialog shows up for the user to input the credentials.
I used this before for protecting the whole page by placing it at application_controller.rb; exactly the same way I use it now, and it worked fine before.
Any clue what might be wrong? (p.s. I use devise)
Try this:
protected
def authenticate
authenticate_or_request_with_http_basic_with name: "user", password: "pass!"
end
Related
I have rails app with:
Admin table with Devise authentication
User table with email and name without authentication (but session to remember them)
User can browse anywhere but now on certain pages I would like to enhance it and add authentication - allow user to create password and only with password it will be accessible but I am quite lost what is the best way to do it with the current setting?
I allow users to add their details like name and email and I am creating a cookie to remember them without any authentication or password:
UsersController
def create
user = User.find_or_create_by(email: params[:user][:email])
cookies.permanent.signed[:user_id] = user.id
session[:user_id] = user.id # for users/edit temporary
render json: user
end
Let's say I have this following method in User:
before_filter :authenticate_user!, only: :your_order
def your_order
end
If User will visit this page and didn't set up password before, how can I prompt him to create one and how can I require for him to login after with Devise? I am thinking of more solutions but none of them are perfect.
As per the specifications given the below mentioned criteria might help you.
def your_order #before_filter
if user.password.present?
# authenticate using valid_password? method of devise
else
#redirect user to say set_password
end
end
def set_password
#set the user password in this method and after successful completion redirect to login page where before filter your_order will be called
end
What's wrong with this picture: I want to add more than one login to my app - really simple http auth...this is working locally but only lets me log in as user1/pass1 once I've uploaded it to Heroku...If I try user2/pass2 it wont let me log in.
Any ideas?
class ApplicationController < ActionController::Base
helper :all
protect_from_forgery
USER_NAME, PASSWORD = "user1", "pass1"
USER_NAME2, PASSWORD2 = "user2", "pass2"
before_filter :authenticate
private
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
(user_name == USER_NAME && password == PASSWORD) || (user_name == USER_NAME2 && password == PASSWORD2)
end
end
end
Thanks!
I have tried with the same code that you have. I made a heroku app and made same constants like you have made. But did't face any problem for using either of the password. Can you provide more detail about you app ?
I want to create password protected model. For example Post on the blog. I want to store this password in the database. And if user wants to see password protected post he needs to write this password. If there is no password in database everyone can see this post, each post can have its own pass. How can I create something like this in RoR? I
I only have found basic HTTP auth:
before_filter :authenticate
#protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "foo" && password == "bar"
end
end
but probably there is better solution for this? Do you have any ideas?
Something like this ?
def show
#post = Post.find(...)
if params[:post][:password].nil?
# Show a form with a password asked
elsif params[:post][:password] == #post.password
# Show post
else
flash[:error] = "Bad password"
# Render password form
end
end
I want a subdomain like... admin.example.com
but I want it to require a user and password. Like... the kind that uses teh browser's interface, rather than a database backed authentication system.
what are some good methods of doing this?
It's fairly simple:
# products_controller.rb
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "foo" && password == "bar"
end
end
See: http://railscasts.com/episodes/82-http-basic-authentication
Write a small rack application. Both checking if its the correct subdomain and enforcing basic auth can be done easily.
I want the /admin route on my rails app to be protected by using .htaccess password files - is this possible?
Rails has a built-in helper for this, you could place this in your application controller:
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):
before_filter :authenticate
This method works on Nginx as well as Apache, which is an added bonus. It doesn't, however, work if you have full page caching enabled - as the visitor never hits the Rails stack; it won't kick in.
Edit
Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:
/app/controllers/admin/admin_controller.rb
class Admin::AdminController < ApplicationController
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
end
Then have all your controllers extend the admin controller, eg:
class Admin::ThingsController < Admin::AdminController
My routes are setup like so:
map.namespace :admin do |admin|
admin.resources :things
end
Hope that helps.