1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Included the HttpAuthentication plugin as part of core (ActionController::HttpAuthentication::Basic) [DHH]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6699 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
David Heinemeier Hansson 2007-05-08 05:48:18 +00:00
parent 5a9dc1231c
commit 20eb59ad8a
4 changed files with 167 additions and 0 deletions

View file

@ -1,5 +1,7 @@
*SVN*
* Included the HttpAuthentication plugin as part of core (ActionController::HttpAuthentication::Basic) [DHH]
* Modernize documentation for form helpers. [jeremymcanally]
* Add brief introduction to REST to the resources documentation. [fearoffish]

View file

@ -53,6 +53,7 @@ require 'action_controller/caching'
require 'action_controller/verification'
require 'action_controller/streaming'
require 'action_controller/session_management'
require 'action_controller/http_authentication'
require 'action_controller/components'
require 'action_controller/record_identifier'
require 'action_controller/macros/auto_complete'
@ -76,6 +77,7 @@ ActionController::Base.class_eval do
include ActionController::Verification
include ActionController::Streaming
include ActionController::SessionManagement
include ActionController::HttpAuthentication::Basic::ControllerMethods
include ActionController::Components
include ActionController::RecordIdentifier
include ActionController::Macros::AutoComplete

View file

@ -0,0 +1,121 @@
require 'base64'
module ActionController
module HttpAuthentication
# Makes it dead easy to do HTTP Basic authentication.
#
# Simple Basic example:
#
# class PostsController < ApplicationController
# USER_NAME, PASSWORD = "dhh", "secret"
#
# before_filter :authenticate, :except => [ :index ]
#
# def index
# render :text => "Everyone can see me!"
# end
#
# def edit
# render :text => "I'm only accessible if you know the password"
# end
#
# private
# def authenticate
# authenticate_or_request_with_http_basic do |user_name, password|
# user_name == USER_NAME && password == PASSWORD
# end
# end
# end
#
#
# Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication,
# the regular HTML interface is protected by a session approach:
#
# class ApplicationController < ActionController::Base
# before_filter :set_account, :authenticate
#
# protected
# def set_account
# @account = Account.find_by_url_name(request.subdomains.first)
# end
#
# def authenticate
# case request.format
# when Mime::XML, Mime::ATOM
# if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) }
# @current_user = user
# else
# request_http_basic_authentication
# end
# else
# if session_authenticated?
# @current_user = @account.users.find(session[:authenticated][:user_id])
# else
# redirect_to(login_url) and return false
# end
# end
# end
# end
#
#
# In your integration tests, you can do something like this:
#
# def test_access_granted_from_xml
# get(
# "/notes/1.xml", nil,
# :authorization => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
# )
#
# assert_equal 200, status
# end
module Basic
extend self
module ControllerMethods
def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
end
def authenticate_with_http_basic(&login_procedure)
HttpAuthentication::Basic.authenticate(self, &login_procedure)
end
def request_http_basic_authentication(realm = "Application")
HttpAuthentication::Basic.authentication_request(self, realm)
end
end
def authenticate(controller, &login_procedure)
if authorization(controller.request)
login_procedure.call(*user_name_and_password(controller.request))
else
false
end
end
def user_name_and_password(request)
decode_credentials(request).split(/:/, 2)
end
def authorization(request)
request.env['HTTP_AUTHORIZATION'] ||
request.env['X-HTTP_AUTHORIZATION'] ||
request.env['X_HTTP_AUTHORIZATION']
end
def decode_credentials(request)
Base64.decode64(authorization(request).split.last)
end
def encode_credentials(user_name, password)
"Basic #{Base64.encode64("#{user_name}:#{password}")}"
end
def authentication_request(controller, realm)
controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
controller.render :text => "HTTP Basic: Access denied.\n", :status => :unauthorized
return false
end
end
end
end

View file

@ -0,0 +1,42 @@
require File.dirname(__FILE__) + '/../abstract_unit'
class HttpBasicAuthenticationTest < Test::Unit::TestCase
include ActionController::HttpAuthentication::Basic
def setup
@controller = Class.new do
attr_accessor :headers, :renders
def initialize
@headers, @renders = {}, []
end
def request
Class.new do
def env
{ 'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials("dhh", "secret") }
end
end.new
end
def render(options)
self.renders << options
end
end.new
end
def test_successful_authentication
assert authenticate(@controller) { |user_name, password| user_name == "dhh" && password == "secret" }
end
def test_failing_authentication
assert !authenticate(@controller) { |user_name, password| user_name == "dhh" && password == "secret!!" }
end
def test_authentication_request
authentication_request(@controller, "Megaglobalapp")
assert_equal 'Basic realm="Megaglobalapp"', @controller.headers["WWW-Authenticate"]
assert_equal :unauthorized, @controller.renders.first[:status]
end
end