authenticate_or_request_with_http_basic
authenticate_or_request_with_http_basic(realm = nil, message = nil, &login_procedure)
public
Easy and effective admin authentication
Great for use within an AdminController (in which all other administrative controllers inherit from AdminController).
class AdminController < ApplicationController before_filter :authenticate def authenticate authenticate_or_request_with_http_basic('Administration') do |username, password| username == 'admin' && password == 'password' end end end
with password md5 encrypted
If you are afraid to let your plain password on the code, you can do this instead:
require 'digest' class AdminController < ApplicationController before_filter :authenticate def authenticate authenticate_or_request_with_http_basic('Administration') do |username, password| md5_of_password = Digest::MD5.hexdigest(password) username == 'admin' && md5_of_password == '5ebe2294ecd0e0f08eab7690d2a6ee69' end end end
where ‘5ebe2294ecd0e0f08eab7690d2a6ee69’ is the md5 of the word ‘secret’.
You can get your own with this free webservice: <br /> http://qi64.appspot.com/md5/secret (replace ‘secret’ with your secret word).
Testing protected controllers
When testing controllers which are protected with #authenticate_or_request_with_http_basic this is how you can supply the credentials for a successful login:
@request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("username:password")
Must be set before the request is sent through #get or whatever method.