ActiveAdmin: How to setup HTTP basic authentication?

Question

I want to set basic authentication for ActiveAdmin, which internal devise solution doesn't apply to my case. For that I would like to be able to add middleware to the ActiveAdmin Engine before this is bundled into my app. What I managed to do was:

ActiveAdmin::Engine.configure do |config|
  config.middleware.use Rack::Auth::Basic do |username, password|
    username == 'admin' && password == 'root'
  end  
end

But apparently this doesn't make it work, since my active admin routes are still unprotected. How can I effectively do this? And no, I don't want to protect my whole site with basic authentication.

Answer 1

Here's a few ideas:

# app/controllers/application_controller.rb

class ApplicationController < ActionController::Base

  # ...
  http_basic_authenticate_with :name => "frodo", :password => "thering", :if => :admin_controller?

  def admin_controller?
    self.class < ActiveAdmin::BaseController
  end

Or, the monkeypatching version

# config/initializers/active_admin.rb

# somewhere outside the setup block

class ActiveAdmin::BaseController
  http_basic_authenticate_with :name => "frodo", :password => "thering"
end

If you only want to protect specific resources, you can use the controller block:

# app/admin/users.rb

ActiveAdmin.register Users do
  controller do
    http_basic_authenticate_with :name => "frodo", :password => "thering"
  end

  # ...
end

I was hoping that I would be able to extend the controller in this way in config/initializers/active_admin.rb in the setup block, but this didn't work for me:

# app/admin/users.rb

ActiveAdmin.setup do |config|
  config.controller do
    http_basic_authenticate_with :name => "frodo", :password => "thering"
  end

  # ...
end

You might try it though, as it could be an ActiveAdmin version thing (I could have sworn that I saw that documented somewhere...)

Good luck, I hope this helps.

UPDATE: A couple more options:

I hadn't realized before that :before_filter in activeadmin config takes a block.

# config/initializers/active_admin.rb

ActiveAdmin.setup do |config|
  # ...
  config.before_filter do
    authenticate_or_request_with_http_basic("Whatever") do |name, password|
      name == "frodo" && password == "thering"
    end
  end
end

And... just one more idea. It sounds like you are not keen on adding anything to application_controller, but this version is not conditional like the first above:

# app/controllers/application_controller.rb

class ApplicationController < ActionController::Base

  def authenticate_admin
    authenticate_or_request_with_http_basic("Whatever") do |name, password|
      name == "frodo" && password == "thering"
    end
  end
end



# config/initializers/active_admin.rb

ActiveAdmin.setup do |config|
  # ...
  config.authentication_method = :authenticate_admin
end