Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Conditional HTTP Basic Authentication

Tags:

ruby-on-rails

basic-authentication

I want to implement HTTP basic authentication on my staging server, but only for those outside the local network. I have a Rails 3.1 app. In application.rb, I have the following:

class ApplicationController << ActionController::Base
  http_basic_authenticate_with :realm => "Staging", :name => "user", :password => "password" if :need_authentication?

private

  def need_authentication?
    Rails.env == "staging" && request.remote_addr !~ /^192.168.0.\d{1,3}$/
  end

end

Here's the rub: even when the need_authentication? method explicitly returns false, the app still asks me to authenticate, as if it's completely ignoring the if clause at the end.

So, is there any way to only require authentication under certain conditions?

like image 605
partydrone Avatar asked Nov 01 '11 21:11

partydrone

People also ask

How do I set basic authentication in HTTP?

For HTTP basic authentication, each request must include an authentication header, with a base-64 encoded value. Where siteName is the company name you use to log in to Eloqua, and username and password are your Eloqua username and password.

How does HTTP basic authentication work?

HTTP basic authentication is a simple challenge and response mechanism with which a server can request authentication information (a user ID and password) from a client. The client passes the authentication information to the server in an Authorization header. The authentication information is in base-64 encoding.

What is HTTP basic authentication and how it works in rest?

Users of the REST API can authenticate by providing their user ID and password within an HTTP header. To use this method of authentication with HTTP methods, such as POST, PATCH, and DELETE, the ibm-mq-rest-csrf-token HTTP header must also be provided, as well as a user ID and password.

2 Answers

In Rails 4, the :if condition works. For example,

class ApplicationController < ApplicationController::Base
  http_basic_authenticate_with name: "user", password: "password" if Rails.env == 'staging'
end

or if you want a helper method to set the condition,

class ApplicationController < ApplicationController::Base
  http_basic_authenticate_with name: "user", password: "password", if: :need_authentication?

  private
  def need_authentication?
    Rails.env == 'staging'
  end
end
like image 159
Dingle Avatar answered Sep 29 '22 02:09

Dingle

This is what worked:

class ApplicationController < ActionController::Base
  before_filter :authenticate_if_staging

private

  def authenticate_if_staging
    if Rails.env == 'staging' && request.remote_addr !~ /^192.168.0.\d{1,3}$/
      authenticate_or_request_with_http_basic 'Staging' do |name, password|
        name == 'username' && password == 'secret'
      end
    end
  end
end

'Staging' is the name of the realm. This is not required, but can be used for clarification.

like image 31
partydrone Avatar answered Sep 29 '22 01:09

partydrone
Sign in to Comment

Related questions

in rails, What is the value returned in for a checkbox?
Rails link_to ruby variable in onclick javascript
Can my /public directory be a symlink with rails 3 + passenger 3 + nginx 0.8?
How to make Rails add line numbers / time stamps to log messages?
Release date for Ruby on Rails 3.1 [closed]
Rails Accessing an Uploaded File and Saving it to PaperClip
ActionView::TemplateError (Missing template) In ruby on rails
Best Practice for Detecting Rails Version for Plugin Compatibility?
Why there is no "heroku bundle update"?
How do I convert <%= link_to "Upgrade", :settings, :class => "button" %> to a block in Rails 3?
Rails timestamps: updated_on / created_on versus created_at / updated_at
Post to Facebook Fan Page Wall from Rails
Devise: Suddenly cannot log in anymore
wrong number of arguments (1 for 0) when trying to destroy instance
How to db:seed my acts-as-taggable-on tags?
Cucumber is very slow when running tests [Tested on two different Fedora machines]
How to set Rails Cache log level separately?
How to set a multidimentional array in session with rails
How do I stop delayed_job if I'm running it with the -m "monitor" option?
devise confirmable not working in newest version

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!