RSpec
Ruby on Rails
Ruby
v7.0.0 -
Show latest stable
-
0 notes
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3 (0)
- 2.1.0 (-1)
- 2.2.1 (0)
- 2.3.8 (32)
- 3.0.0 (0)
- 3.0.9 (-13)
- 3.1.0 (3)
- 3.2.1 (0)
- 3.2.8 (0)
- 3.2.13 (0)
- 4.0.2 (-38)
- 4.1.8 (0)
- 4.2.1 (0)
- 4.2.7 (0)
- 4.2.9 (0)
- 5.0.0.1 (0)
- 5.1.7 (0)
- 5.2.3 (0)
- 6.0.0 (1)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (-1)
- 7.1.3.2 (0)
- 7.1.3.4 (0)
- 7.2.3 (2)
- 8.0.0 (0)
- 8.1.1 (0)
- What's this?
-
authenticate
-
authentication_request
-
authorization
(<= v2.3.8)
-
auth_param
-
auth_scheme
-
decode_credentials
-
encode_credentials
-
has_basic_credentials?
-
user_name_and_password
-
ControllerMethods
= private
= protected
HTTP Basic authentication.
Simple Basic example
class PostsController < ApplicationController http_basic_authenticate_with name: "dhh", password: "secret", except: :index def index render plain: "Everyone can see me!" end def edit render plain: "I'm only accessible if you know the password" end end
Advanced Basic example
Here is a more advanced Basic example where only Atom feeds and the XML API are protected by HTTP authentication. The regular HTML interface is protected by a session approach:
class ApplicationController < ActionController::Base before_action :set_account, :authenticate private def set_account @account = Account.find_by(url_name: request.subdomains.first) end def authenticate case request.format when Mime[:xml], Mime[:atom] if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) } @current_user = user else request_http_basic_authentication end else if session_authenticated? @current_user = @account.users.find(session[:authenticated][:user_id]) else redirect_to(login_url) and return false end end end end
In your integration tests, you can do something like this:
def test_access_granted_from_xml authorization = ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password) get "/notes/1.xml", headers: { 'HTTP_AUTHORIZATION' => authorization } assert_equal 200, status end
