What's wrong with this picture: I want to add more than one login to my app - really simple http auth...this is working locally but only lets me log in as user1/pass1 once I've uploaded it to Heroku...If I try user2/pass2 it wont let me log in.
Any ideas?
class ApplicationController < ActionController::Base
helper :all
protect_from_forgery
USER_NAME, PASSWORD = "user1", "pass1"
USER_NAME2, PASSWORD2 = "user2", "pass2"
before_filter :authenticate
private
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
(user_name == USER_NAME && password == PASSWORD) || (user_name == USER_NAME2 && password == PASSWORD2)
end
end
end
Thanks!
I have tried with the same code that you have. I made a heroku app and made same constants like you have made. But did't face any problem for using either of the password. Can you provide more detail about you app ?
Related
I would like to reset session whenever user agent and/or user ip changes. Project uses Rails with Devise for authentication, CanCanCan for authorisation.
My approach is:
class ApplicationController < ActionController::Base
before_action :authorize_ip
def authorize_ip
if warden.authenticated?
warden.session['ip'] ||= request.ip
warden.session['user_agent'] ||= request.user_agent
warden.logout if warden.session['ip'] != 'request.ip' &&
warden.session['user_agent'] != request.user_agent
end
end
end
From my understanding, it should set warden.session['ip'] and user_agent once and then for following requests whenever request['ip'] or user_agent changes, session should be dropped and User should be logged out. However, when tested with different browsers, warden.session['user_agent'] changes according to what browser I use. I suppose I'm misunderstanding something. Also, if there is a better approach to this problem, please share.
Thanks!
I've solved the issue by adding this to initializers/devise.rb
Warden::Manager.after_authentication do |_user, auth, _opts|
auth.raw_session['warden.user.ip'] = auth.request.ip
auth.raw_session['warden.user.user_agent'] = auth.request.user_agent
end
and this to application controller:
class ApplicationController < ActionController::Base
before_action :authorize_ip_user_agent
protected
def authorize_ip_user_agent
return true unless session['warden.user.ip']
warden.logout if session['warden.user.ip'] != request.ip &&
session['warden.user.user_agent'] != request.user_agent
end
end
have been trying to solve this for 6 hours now. Hope someone can nail this. I have one codebase running multiple apps on heroku. Some apps already have their own domain. I am already using the host to set locale for each app which is working fine. See below. But authenticating (hide non-ready apps from public) per host doesn't work.
Setting the locale in application controller - working nicely:
before_filter :extract_locale_from_domain
def extract_locale_from_domain
domain = request.host
if domain == 'www.domain.hu'
I18n.locale = :'hu'
elsif domain == 'www.domain.com'
I18n.locale = :'en-US'
else
I18n.locale = :'en-US'
end
end
Now my home page is 'static_pages#home' so first I thought I put the method in the static_pages_controller but that didn't work so I even tried in the application_controller. Even tried to set default URLs per environment (in application_controller) but no luck with that neither (more here). Oh yes, and I tried to restrict per environment with no luck. So I tried several versions this is the one in application_controller (giving nomethod error):
before_filter :authenticate
def authenticate
domain = request.host
if domain == 'www.domain.hu'
http_basic_authenticate_with name: "stuff", password: "boda"
elsif domain == 'www.domain.com'
http_basic_authenticate_with name: "stuff", password: "boda"
else
end
end
This gives the error:
NoMethodError (undefined method `http_basic_authenticate_with' for #
< StaticPagesController:0x000000090d8de8 >):
app/controllers/application_controller.rb:49:in `authenticate'
TIA!
This is what worked:
In applicaiton controller:
before_filter :authenticate
....
protected
def authenticate
domain = request.host
if domain == 'www.domain.hu'
authenticate_or_request_with_http_basic do |username, password| username == 'stuff' && password == 'boda'
end
elsif domain == 'www.domain.com'
authenticate_or_request_with_http_basic do |username, password| username == 'stuff' && password == 'boda'
end
end
end
NoMethodError (undefined method `http_basic_authenticate_with' for #
< StaticPagesController:0x000000090d8de8 >)
This means it can't find the http_basic_authenticate_with method on the StaticPagesController instance.
Try including ActionController::HttpAuthentication::Basic and ActionController::HttpAuthentication::Basic::ControllerMethods modules in your controller and then try to use the http_basic_authenticate_with method again.
I want to protect my admins controller with a password. I added this:
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "user" && password == "pass!"
end
end
Into admins_controller.rb but when I visit any admins route like /admins or /admins/sign_in or admins/sign_up, no dialog shows up for the user to input the credentials.
I used this before for protecting the whole page by placing it at application_controller.rb; exactly the same way I use it now, and it worked fine before.
Any clue what might be wrong? (p.s. I use devise)
Try this:
protected
def authenticate
authenticate_or_request_with_http_basic_with name: "user", password: "pass!"
end
I want to create password protected model. For example Post on the blog. I want to store this password in the database. And if user wants to see password protected post he needs to write this password. If there is no password in database everyone can see this post, each post can have its own pass. How can I create something like this in RoR? I
I only have found basic HTTP auth:
before_filter :authenticate
#protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "foo" && password == "bar"
end
end
but probably there is better solution for this? Do you have any ideas?
Something like this ?
def show
#post = Post.find(...)
if params[:post][:password].nil?
# Show a form with a password asked
elsif params[:post][:password] == #post.password
# Show post
else
flash[:error] = "Bad password"
# Render password form
end
end
When a user tries to connect via this method and it fails. How do I redirect_to? Thanks in Advance.
class ApplicationController < ActionController::Base
protect_from_forgery
USER_NAME, PASSWORD = "admin", "admin"
helper_method :authenticate
private
def authenticate
begin
authenticate_or_request_with_http_basic do |user_name, password|
user_name == USER_NAME && password == PASSWORD
end
rescue
"HTTP Basic: Access denied"
else
redirect_to root_path
end
end
end
Rails - authenticate_or_request_with_http_basic custom "access denied" message
In the past, we've made authenticate a before_filter which will just perform the authenticate_or_request_with_http_basic, and then have our redirects/renders happen in their respective actions.
I just re-read your question & code sample. What exactly are you looking to have happen? A redirect on fail of the authentication?
Edit: I've never done this, but it seems like trying to follow the docs might be your best bet, in particular, the "more advanced basic example."
I ultimately don't know enough about the inner workings of basic auth, but it strikes me as it could also boil down to an Apache/(insert your awesome web server here) configuration. Someone will definitely correct me on that if I'm wrong.