I want to add HTTP Basic Authentication to a some of my routes in my routes.rb file.
I got the idea from http://asciicasts.com/episodes/271-resque
routes.rb
Coderbits::Application.routes.draw do
resources :snippets
root :to => "snippets#new"
authenticate :admin do
mount Resque::Server, :at => "/resque"
end
end
config/initializers/resque_auth.rb
Resque::Server.use(Rack::Auth::Basic) do |user, password|
password == "secret"
end
If I just want to protect routes that are in my rails app, what should I put in the initializer file?
My work around for right now is to add a before filter in my application controller using if the request is not for a controller that I've whitelisted:
authenticate_or_request_with_http_basic do |user, password|
user == ENV["ADMIN_USER"] && password == ENV["ADMIN_PASS"]
end
I just put
http_basic_authenticate_with :name => "admin", :password => "secret"
inside my controller
Related
In a rails 3 project with devise, how puts the login page /users/sign_in in the root path.
my application is placed in
URL like: http://host/my_app
I am using devise for authentication
when i call the URL, the URL should automatically redirect to
http://host/my_app/users/sign_in
but
my application is forwarding to
http://host/users/sign_in
how to redirect the devise authentication to http://host/my_app/users/sign_in?
Thanks in advance
The devise docs talk about how to update the sign-in and sign-out routes. You should be able to prepend my_app using the same procedure documented.
you can skip default routes, check it out here
# config/routes.rb
devise_for :users, :skip => [:sessions]
as :user do
get 'my_app/users/sign_in' => 'devise/sessions#new', :as => :new_user_session
post 'my_app/users/sign_in' => 'devise/sessions#create', :as => :user_session
delete 'my_app/users/signout' => 'devise/sessions#destroy', :as => :destroy_user_session
end
I want people to be able to both subscribe and login to my application via SSL. My original route, which was not SSL, was this:
resource :login, controller: "sessions" do
collection do
get 'new'
get 'create'
end
end
Worked great, but was unencrypted. Then I tried this:
scope :protocol => 'https://', :constraints => { :protocol => 'https://' } do
resource :login, controller: "sessions" do
collection do
get 'new'
get 'create'
end
end
end
Now Rails me:
No route matches [GET] "/login"
when I navigate to https://myapp.dev/login
Please note I am using Pow in development mode.
hmm, I was thinking it would just be
scope :constraints => { :protocol => "https" } do
resource :login, controller: "sessions" do
collection do
get 'new'
get 'create'
end
end
end
and you could put more resource entries under there as needed
Why don't you leave the route as is and add in your production.rb file:
config.force_ssl = true
This way you will have all the traffic routed via SSL, not only the login controller, which is a good practise to protect your user session cookies.
I want to add OpenID authentication in my web. To do that I have follow several tutorials and used several plugins and gems and finally I manage to do something with devise_openid_authenticatable gem. I also have normal login/password authentication, Facebook authentication and Twitter authentication. Those three work perfectly.
Now I'm trying to override Devise's Session Controller , but when I do it, the normal login/password stops working. The error I get is:
ActiveRecord::RecordNotFound in Sessions#create
Couldn't find User without an ID
The rest of the authentication forms work OK, even the sign up works perfect. It's only the login/password authentication method...
I use Rails 3.0.1, Ruby 1.8.9 and Devise 1.4.9
routes.rb
MAWeb::Application.routes.draw do
[...]
devise_for :admins
devise_for :users, :controllers => {:registrations => 'registrations', :sessions => 'sessions'}
match '/users/openid' => 'users#openid_sign_in'
match 'openid/sign_in' => 'openid#sign_in', :as => :openid_sign_in
get 'openid/create'
match '/auth/:provider/callback' => 'authentications#create'
match '/auth/failure' => 'authentications#failure'
resources :subscription_contact_datas
resources :subscription_preferences do
collection do
post :create_with_params
end
member do
get 'delete_tag'
end
get 'fill_event_id', :on => :member
end
resources :event_states
resources :subscription_profiles do
collection do
put :update_profiles
end
end
resources :event_criteria_options
resources :subscriptions do
collection do
get :options_for_event_criteria
end
end
resources :event_criterias
resources :categories
resources :user_infos do
member do
get 'edit'
end
end
resources :events
resources :users do
member do
get 'showUserActivity'
end
end
resources :admins
resources :subscriptions_from_poi
root :to => "home#index"
namespace :user do
root :to => "users#index"
end
namespace :admin do
root :to => "admins#index"
end
*registrations controller's override works perfectly
EDIT: Added the most of the routes. The ones I omited are not important in my opinion.
I've followed the Devise wiki to switch the login route from /users/sign_in to /login. My routes file looks like this:
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
devise_scope :user do
get '/login' , :to => 'devise/sessions#new' , :as => :login
delete '/logout', :to => 'devise/sessions#destroy', :as => :logout
end
and my user model has this
class User < ActiveRecord::Base
devise :omniauthable, :database_authenticatable
end
I have a common scenario where a user is logged out, tries to access a restricted page, and then redirected to log himself in.
However, when that user is redirected, devise sends them to /users/sign_in path instead of /login.
The only way I could make the redirection to the /login url work is by adding this to the top of my routes.rb:
match "/users/sign_in" => redirect('/login')
which adds a redirect to my application, which in turn messes up tests - whenever I do something like this:
current_url.should == login_path
I get an error saying the expected path was "/login" and the actual was "/users/sign_in".
Did I miss something here - what's an elegant way to work around it? thanks.
side note
I only use :omniauthable to authenticate, but I added :database_authenticatable to devise configuration to force it to go to a dedicated login page.
Otherwise, devise always directs to the root path, so it would seem. If you know of a better way to do that, please - chime in.
I'm struggling with getting devise to redirect to a user's profile page after signin. My routes file looks like this:
get "profiles/index"
get "users/index"
get "users/show"
authenticated :user do
root :to => 'home#index'
end
root :to => "home#index"
devise_for :users
resources :users
scope ":username", :as => "user" do
match '/', :to => 'profiles#index'
end
I would like it to redirect to /myusername which the user's profile page. Thanks for your guys' help.
If you want to change the sign in redirect you can override the after_sign_in_path_for method by adding a new SessionsController as so:
class SessionsController < Devise::SessionsController
#after_sign_in_path_for is called by devise
def after_sign_in_path_for(user)
"/users/#{user.username}" #adjust the returned path as needed
end
end
As Ashikata mentioned you need to change the devise routing to the following if you're changing the session controller.
devise_for :users, :controllers => { :sessions => 'sessions' }
Alternatively, adding that modified after_sign_in_path_for method to your application controller should do the trick.