Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]

2022-11-09 12:12:34 -05:00 · 2011-03-28 18:09:50 -07:00 · 2011-03-28 18:09:50 -07:00 · e2b07ee000
commit e2b07ee000
parent aea1477362
3 changed files with 69 additions and 14 deletions
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@ -1,5 +1,42 @@
 *Rails 3.1.0 (unreleased)*

+* Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]
+
+    class PostsController < ApplicationController
+      USER_NAME, PASSWORD = "dhh", "secret"
+
+      before_filter :authenticate, :except => [ :index ]
+
+      def index
+        render :text => "Everyone can see me!"
+      end
+
+      def edit
+        render :text => "I'm only accessible if you know the password"
+      end
+
+      private
+        def authenticate
+          authenticate_or_request_with_http_basic do |user_name, password|
+            user_name == USER_NAME && password == PASSWORD
+          end
+        end
+    end
+
+  ..can now be written as
+
+    class PostsController < ApplicationController
+      http_basic_authenticate_with :name => "dhh", "secret", :except => :index
+
+      def index
+        render :text => "Everyone can see me!"
+      end
+
+      def edit
+        render :text => "I'm only accessible if you know the password"
+      end
+    end
+
 * Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. [DHH and Prem Sichanugrist]

 * Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash [DHH]
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@ -8,9 +8,7 @@ module ActionController
    # === Simple \Basic example
    #
    #   class PostsController < ApplicationController
-    #     USER_NAME, PASSWORD = "dhh", "secret"
-    #
-    #     before_filter :authenticate, :except => [ :index ]
+    #     http_basic_authenticate_with :name => "dhh", "secret", :except => :index
    #
    #     def index
    #       render :text => "Everyone can see me!"
@ -19,15 +17,7 @@ module ActionController
    #     def edit
    #       render :text => "I'm only accessible if you know the password"
    #     end
-    #
-    #     private
-    #       def authenticate
-    #         authenticate_or_request_with_http_basic do |user_name, password|
-    #           user_name == USER_NAME && password == PASSWORD
    #  end
-    #       end
-    #   end
-    #
    #
    # === Advanced \Basic example
    #
@ -115,6 +105,20 @@ module ActionController
      extend self

      module ControllerMethods
+        extend ActiveSupport::Concern
+        
+        module ClassMethods
+          def http_basic_authenticate_with(options = {})
+            before_filter(options.except(:name, :password, :realm)) do
+              authenticate_or_request_with_http_basic(options[:realm] || "Application") do
+                authenticate_or_request_with_http_basic do |name, password|
+                  name == options[:name] && password == options[:password]
+                end
+              end
+            end
+          end
+        end
+        
        def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
          authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
        end
@ -378,7 +382,6 @@ module ActionController
    #
    #   RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
    module Token
-
      extend self

      module ControllerMethods
@ -458,6 +461,5 @@ module ActionController
        controller.__send__ :render, :text => "HTTP Token: Access denied.\n", :status => :unauthorized
      end
    end
-
  end
 end
--- a/actionpack/test/controller/http_basic_authentication_test.rb
+++ b/actionpack/test/controller/http_basic_authentication_test.rb
@ -6,6 +6,8 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
    before_filter :authenticate_with_request, :only => :display
    before_filter :authenticate_long_credentials, :only => :show

+    http_basic_authenticate_with :name => "David", :password => "Goliath", :only => :search
+
    def index
      render :text => "Hello Secret"
    end
@ -18,6 +20,10 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
      render :text => 'Only for loooooong credentials'
    end
    
+    def search
+      render :text => 'All inline'
+    end
+
    private

    def authenticate
@ -105,6 +111,16 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
    assert_equal 'Definitely Maybe', @response.body
  end
  
+  test "authenticate with class method" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('David', 'Goliath')
+    get :search
+    assert_response :success
+
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('David', 'WRONG!')
+    get :search
+    assert_response :unauthorized
+  end
+
  private

  def encode_credentials(username, password)