hassox/application_controller.rb Secret

## application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :authenticate!

  private
  def authenticate!
    warden.authenticate!
  end
end

## config_initializers_warden.rb
Rails.application.config.middleware.use Warden::Manager do |config|
  config.failure_app = LoginController.action(:new)
  config.default_scope = :user
  config.scope_defaults :user, :strategies => [:basic_password], :store => false
end

Warden::Manager.serialize_into_session{|u| puts "PUTTING INTO SESSION #{u}"; u }
Warden::Manager.serialize_from_session{|u| puts "PULLING FROM SESSION #{u}"; u }

Warden::Strategies.add(:basic_password) do
  include ActionController::HttpAuthentication::Basic

  def authenticate!
    challenge = env['warden.challenge_without_credentials']

    if request.authorization.present?
      username, password = user_name_and_password(request)
      if password == 'sekrit'
        success!(username)
      else
        fail!("Could not login")
      end
    else
      if challenge
        response = Rack::Response.new("HTTP Basic: Access denied.\n", 401, "WWW-Authenticate" => %(Basic realm="My Realm"))
        custom! response.finish
      else
        fail!
      end
    end
  end

end


## login_controller.rb
class LoginController < ApplicationController

  skip_before_filter :authenticate!, :except => [:create]

  def new
    render :status => 401
  end

  def create
    render :json => {:location => "/"}
  end

  def destroy
    warden.custom_failure!
    warden.logout
    render :new, :status => 401
  end

private
  def authenticate!
    request.env['warden.challenge_without_credentials'] = true
    warden.authenticate!
  end
end

## login_new_html.erb
<section id='login'>
  <header><h1>Login</h1></header>
  <form method='post' action='/login' class='login'>
    <div class='input string'>
      <label for='username'>Username</label>
      <input type='text' name='username' id='username'>
    </div>
    <div class='input string password'>
      <label for='password'>Password</label>
      <input type='password' name='username' id='password'>
    </div>
    <div class='input submit button'>
      <input type='submit'>
    </div>
  </form>

  <a href='/logout'>Logout</a>

</section>

<script>

  $(function(){
    $('form.login').submit(function(e){
      e.preventDefault();
      form = $(e.target);
      username = $('#username').val();
      password = $('#password').val();

      $.ajax(form.attr('action'), {
        'username': username,
        'password': password,
        type: 'POST',
        global: false,
        statusCode: {
          200: function(data){
            window.location.href = data.location;
          },
          401: function(xhr){
            alert("Could not login");
            $('#password').val('');
          }
        }

      })
      return false;
    });
  });

</script>

## routes.rb
BasicTest::Application.routes.draw do
  # The priority is based upon order of creation:
  # first created -> highest priority.

  post "/login" => "login#create", :as => :login
  get  "/login" => "login#new"
  delete "/logout" => "login#destroy", :as => :logout
  get "/logout" => "login#destroy", :as => :logout

  resource :foo
  root :to => "welcome#index"
end
	class ApplicationController < ActionController::Base
	protect_from_forgery

	before_filter :authenticate!

	private
	def authenticate!
	warden.authenticate!
	end
	end
	Rails.application.config.middleware.use Warden::Manager do \|config\|
	config.failure_app = LoginController.action(:new)
	config.default_scope = :user
	config.scope_defaults :user, :strategies => [:basic_password], :store => false
	end

	Warden::Manager.serialize_into_session{\|u\| puts "PUTTING INTO SESSION #{u}"; u }
	Warden::Manager.serialize_from_session{\|u\| puts "PULLING FROM SESSION #{u}"; u }

	Warden::Strategies.add(:basic_password) do
	include ActionController::HttpAuthentication::Basic

	def authenticate!
	challenge = env['warden.challenge_without_credentials']

	if request.authorization.present?
	username, password = user_name_and_password(request)
	if password == 'sekrit'
	success!(username)
	else
	fail!("Could not login")
	end
	else
	if challenge
	response = Rack::Response.new("HTTP Basic: Access denied.\n", 401, "WWW-Authenticate" => %(Basic realm="My Realm"))
	custom! response.finish
	else
	fail!
	end
	end
	end

	end
	class LoginController < ApplicationController

	skip_before_filter :authenticate!, :except => [:create]

	def new
	render :status => 401
	end

	def create
	render :json => {:location => "/"}
	end

	def destroy
	warden.custom_failure!
	warden.logout
	render :new, :status => 401
	end

	private
	def authenticate!
	request.env['warden.challenge_without_credentials'] = true
	warden.authenticate!
	end
	end
	<section id='login'>
	<header><h1>Login</h1></header>
	<form method='post' action='/login' class='login'>
	<div class='input string'>
	<label for='username'>Username</label>
	<input type='text' name='username' id='username'>
	</div>
	<div class='input string password'>
	<label for='password'>Password</label>
	<input type='password' name='username' id='password'>
	</div>
	<div class='input submit button'>
	<input type='submit'>
	</div>
	</form>

	<a href='/logout'>Logout</a>

	</section>

	<script>

	$(function(){
	$('form.login').submit(function(e){
	e.preventDefault();
	form = $(e.target);
	username = $('#username').val();
	password = $('#password').val();

	$.ajax(form.attr('action'), {
	'username': username,
	'password': password,
	type: 'POST',
	global: false,
	statusCode: {
	200: function(data){
	window.location.href = data.location;
	},
	401: function(xhr){
	alert("Could not login");
	$('#password').val('');
	}
	}

	})
	return false;
	});
	});

	</script>
	BasicTest::Application.routes.draw do
	# The priority is based upon order of creation:
	# first created -> highest priority.

	post "/login" => "login#create", :as => :login
	get "/login" => "login#new"
	delete "/logout" => "login#destroy", :as => :logout
	get "/logout" => "login#destroy", :as => :logout

	resource :foo
	root :to => "welcome#index"
	end