Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

using htaccess password protection on rails?

Tags:

I want the /admin route on my rails app to be protected by using .htaccess password files - is this possible?

like image 872
V_H Avatar asked May 09 '10 23:05

V_H


1 Answers

Rails has a built-in helper for this, you could place this in your application controller:

protected   def authenticate     authenticate_or_request_with_http_basic do |username, password|       username == "admin" && password == "test"     end   end 

Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):

before_filter :authenticate 

This method works on Nginx as well as Apache, which is an added bonus. It doesn't, however, work if you have full page caching enabled - as the visitor never hits the Rails stack; it won't kick in.

Edit Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:

/app/controllers/admin/admin_controller.rb

class Admin::AdminController < ApplicationController   before_filter :authenticate   protected     def authenticate       authenticate_or_request_with_http_basic do |username, password|       username == "admin" && password == "test"     end   end end 

Then have all your controllers extend the admin controller, eg:

class Admin::ThingsController < Admin::AdminController 

My routes are setup like so:

map.namespace :admin do |admin|     admin.resources :things end 

Hope that helps.

like image 169
robotmay Avatar answered Nov 15 '22 12:11

robotmay