In Ruby on Rails, what does authenticate_with_http_basic do?

Question

Restful Authentication uses authenticate_with_http_basic, but a search on the net can find many pages with no description. On the official http://api.rubyonrails.org/, it can also be found, except again there is no description, no comment, no spec.

What does it do? it seems to be able to use a login_name and password from an HTTP request and then they can be compared to the login_name and encrypted_password in the users table... but is that the case, why aren't there even a 1-line description?

Answer 1

This method allows you to implement basic http authentication (the kind where a little dialog box pops up asking for a username and password). It's generally a great way to limit access to a development site or admin area. For example:

class AdminController < ApplicationController
  before_filter :authenticate

  def authenticate
    authenticate_or_request_with_http_basic('Administration') do |username, password|
      username == 'admin' && password == 'password'
    end
  end
end

This function will either make a request for the basic http authentication username and password, or after it has been entered, it will actually check if the authentication was correct. In other words this function will either call authenticate_with_http_basic or it will call request_http_basic_authentication. You can read more about it and see more examples here. You'll generally call authenticate_or_request_with_http_basic instead of calling authenticate_with_http_basic or request_http_basic_authentication, since the former function will all the appropriate of the latter functions.

P.S: authenticate_with_http_basic does not use POST variables, it uses header information to get the username and password (request.env['HTTP_AUTHORIZATION']). You can view more information about the authorization function here.