1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]

This commit is contained in:
David Heinemeier Hansson 2011-03-28 18:09:50 -07:00
parent aea1477362
commit e2b07ee000
3 changed files with 69 additions and 14 deletions

View file

@ -1,5 +1,42 @@
*Rails 3.1.0 (unreleased)*
* Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]
class PostsController < ApplicationController
USER_NAME, PASSWORD = "dhh", "secret"
before_filter :authenticate, :except => [ :index ]
def index
render :text => "Everyone can see me!"
end
def edit
render :text => "I'm only accessible if you know the password"
end
private
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == USER_NAME && password == PASSWORD
end
end
end
..can now be written as
class PostsController < ApplicationController
http_basic_authenticate_with :name => "dhh", "secret", :except => :index
def index
render :text => "Everyone can see me!"
end
def edit
render :text => "I'm only accessible if you know the password"
end
end
* Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. [DHH and Prem Sichanugrist]
* Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash [DHH]

View file

@ -8,9 +8,7 @@ module ActionController
# === Simple \Basic example
#
# class PostsController < ApplicationController
# USER_NAME, PASSWORD = "dhh", "secret"
#
# before_filter :authenticate, :except => [ :index ]
# http_basic_authenticate_with :name => "dhh", "secret", :except => :index
#
# def index
# render :text => "Everyone can see me!"
@ -19,15 +17,7 @@ module ActionController
# def edit
# render :text => "I'm only accessible if you know the password"
# end
#
# private
# def authenticate
# authenticate_or_request_with_http_basic do |user_name, password|
# user_name == USER_NAME && password == PASSWORD
# end
# end
# end
#
# end
#
# === Advanced \Basic example
#
@ -115,6 +105,20 @@ module ActionController
extend self
module ControllerMethods
extend ActiveSupport::Concern
module ClassMethods
def http_basic_authenticate_with(options = {})
before_filter(options.except(:name, :password, :realm)) do
authenticate_or_request_with_http_basic(options[:realm] || "Application") do
authenticate_or_request_with_http_basic do |name, password|
name == options[:name] && password == options[:password]
end
end
end
end
end
def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
end
@ -378,7 +382,6 @@ module ActionController
#
# RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
module Token
extend self
module ControllerMethods
@ -458,6 +461,5 @@ module ActionController
controller.__send__ :render, :text => "HTTP Token: Access denied.\n", :status => :unauthorized
end
end
end
end

View file

@ -6,6 +6,8 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
before_filter :authenticate_with_request, :only => :display
before_filter :authenticate_long_credentials, :only => :show
http_basic_authenticate_with :name => "David", :password => "Goliath", :only => :search
def index
render :text => "Hello Secret"
end
@ -18,6 +20,10 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
render :text => 'Only for loooooong credentials'
end
def search
render :text => 'All inline'
end
private
def authenticate
@ -105,6 +111,16 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
assert_equal 'Definitely Maybe', @response.body
end
test "authenticate with class method" do
@request.env['HTTP_AUTHORIZATION'] = encode_credentials('David', 'Goliath')
get :search
assert_response :success
@request.env['HTTP_AUTHORIZATION'] = encode_credentials('David', 'WRONG!')
get :search
assert_response :unauthorized
end
private
def encode_credentials(username, password)