Menu
I want to implement HTTP basic authentication on my staging server, but only for those outside the local network. I have a Rails 3.1 app. In application.rb, I have the following:
class ApplicationController << ActionController::Base
http_basic_authenticate_with :realm => "Staging", :name => "user", :password => "password" if :need_authentication?
private
def need_authentication?
Rails.env == "staging" && request.remote_addr !~ /^192.168.0.\d{1,3}$/
end
end
Here's the rub: even when the need_authentication? method explicitly returns false, the app still asks me to authenticate, as if it's completely ignoring the if clause at the end.
So, is there any way to only require authentication under certain conditions?
605
For HTTP basic authentication, each request must include an authentication header, with a base-64 encoded value. Where siteName is the company name you use to log in to Eloqua, and username and password are your Eloqua username and password.
HTTP basic authentication is a simple challenge and response mechanism with which a server can request authentication information (a user ID and password) from a client. The client passes the authentication information to the server in an Authorization header. The authentication information is in base-64 encoding.
Users of the REST API can authenticate by providing their user ID and password within an HTTP header. To use this method of authentication with HTTP methods, such as POST, PATCH, and DELETE, the ibm-mq-rest-csrf-token HTTP header must also be provided, as well as a user ID and password.
In Rails 4, the :if condition works. For example,
class ApplicationController < ApplicationController::Base
http_basic_authenticate_with name: "user", password: "password" if Rails.env == 'staging'
end
or if you want a helper method to set the condition,
class ApplicationController < ApplicationController::Base
http_basic_authenticate_with name: "user", password: "password", if: :need_authentication?
private
def need_authentication?
Rails.env == 'staging'
end
end
This is what worked:
class ApplicationController < ActionController::Base
before_filter :authenticate_if_staging
private
def authenticate_if_staging
if Rails.env == 'staging' && request.remote_addr !~ /^192.168.0.\d{1,3}$/
authenticate_or_request_with_http_basic 'Staging' do |name, password|
name == 'username' && password == 'secret'
end
end
end
end
'Staging' is the name of the realm. This is not required, but can be used for clarification.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With