mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]
This commit is contained in:
parent
aea1477362
commit
e2b07ee000
3 changed files with 69 additions and 14 deletions
|
@ -1,5 +1,42 @@
|
|||
*Rails 3.1.0 (unreleased)*
|
||||
|
||||
* Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]
|
||||
|
||||
class PostsController < ApplicationController
|
||||
USER_NAME, PASSWORD = "dhh", "secret"
|
||||
|
||||
before_filter :authenticate, :except => [ :index ]
|
||||
|
||||
def index
|
||||
render :text => "Everyone can see me!"
|
||||
end
|
||||
|
||||
def edit
|
||||
render :text => "I'm only accessible if you know the password"
|
||||
end
|
||||
|
||||
private
|
||||
def authenticate
|
||||
authenticate_or_request_with_http_basic do |user_name, password|
|
||||
user_name == USER_NAME && password == PASSWORD
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
..can now be written as
|
||||
|
||||
class PostsController < ApplicationController
|
||||
http_basic_authenticate_with :name => "dhh", "secret", :except => :index
|
||||
|
||||
def index
|
||||
render :text => "Everyone can see me!"
|
||||
end
|
||||
|
||||
def edit
|
||||
render :text => "I'm only accessible if you know the password"
|
||||
end
|
||||
end
|
||||
|
||||
* Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. [DHH and Prem Sichanugrist]
|
||||
|
||||
* Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash [DHH]
|
||||
|
|
|
@ -8,9 +8,7 @@ module ActionController
|
|||
# === Simple \Basic example
|
||||
#
|
||||
# class PostsController < ApplicationController
|
||||
# USER_NAME, PASSWORD = "dhh", "secret"
|
||||
#
|
||||
# before_filter :authenticate, :except => [ :index ]
|
||||
# http_basic_authenticate_with :name => "dhh", "secret", :except => :index
|
||||
#
|
||||
# def index
|
||||
# render :text => "Everyone can see me!"
|
||||
|
@ -19,15 +17,7 @@ module ActionController
|
|||
# def edit
|
||||
# render :text => "I'm only accessible if you know the password"
|
||||
# end
|
||||
#
|
||||
# private
|
||||
# def authenticate
|
||||
# authenticate_or_request_with_http_basic do |user_name, password|
|
||||
# user_name == USER_NAME && password == PASSWORD
|
||||
# end
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# end
|
||||
#
|
||||
# === Advanced \Basic example
|
||||
#
|
||||
|
@ -115,6 +105,20 @@ module ActionController
|
|||
extend self
|
||||
|
||||
module ControllerMethods
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
module ClassMethods
|
||||
def http_basic_authenticate_with(options = {})
|
||||
before_filter(options.except(:name, :password, :realm)) do
|
||||
authenticate_or_request_with_http_basic(options[:realm] || "Application") do
|
||||
authenticate_or_request_with_http_basic do |name, password|
|
||||
name == options[:name] && password == options[:password]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
|
||||
authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
|
||||
end
|
||||
|
@ -378,7 +382,6 @@ module ActionController
|
|||
#
|
||||
# RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
|
||||
module Token
|
||||
|
||||
extend self
|
||||
|
||||
module ControllerMethods
|
||||
|
@ -458,6 +461,5 @@ module ActionController
|
|||
controller.__send__ :render, :text => "HTTP Token: Access denied.\n", :status => :unauthorized
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,6 +6,8 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
|
|||
before_filter :authenticate_with_request, :only => :display
|
||||
before_filter :authenticate_long_credentials, :only => :show
|
||||
|
||||
http_basic_authenticate_with :name => "David", :password => "Goliath", :only => :search
|
||||
|
||||
def index
|
||||
render :text => "Hello Secret"
|
||||
end
|
||||
|
@ -18,6 +20,10 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
|
|||
render :text => 'Only for loooooong credentials'
|
||||
end
|
||||
|
||||
def search
|
||||
render :text => 'All inline'
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def authenticate
|
||||
|
@ -105,6 +111,16 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
|
|||
assert_equal 'Definitely Maybe', @response.body
|
||||
end
|
||||
|
||||
test "authenticate with class method" do
|
||||
@request.env['HTTP_AUTHORIZATION'] = encode_credentials('David', 'Goliath')
|
||||
get :search
|
||||
assert_response :success
|
||||
|
||||
@request.env['HTTP_AUTHORIZATION'] = encode_credentials('David', 'WRONG!')
|
||||
get :search
|
||||
assert_response :unauthorized
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def encode_credentials(username, password)
|
||||
|
|
Loading…
Reference in a new issue