secret
Last active

Basic auth login

  • Download Gist
application_controller.rb
Ruby
1 2 3 4 5 6 7 8 9 10
class ApplicationController < ActionController::Base
protect_from_forgery
 
before_filter :authenticate!
 
private
def authenticate!
warden.authenticate!
end
end
config_initializers_warden.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Rails.application.config.middleware.use Warden::Manager do |config|
config.failure_app = LoginController.action(:new)
config.default_scope = :user
config.scope_defaults :user, :strategies => [:basic_password], :store => false
end
 
Warden::Manager.serialize_into_session{|u| puts "PUTTING INTO SESSION #{u}"; u }
Warden::Manager.serialize_from_session{|u| puts "PULLING FROM SESSION #{u}"; u }
 
Warden::Strategies.add(:basic_password) do
include ActionController::HttpAuthentication::Basic
 
def authenticate!
challenge = env['warden.challenge_without_credentials']
 
if request.authorization.present?
username, password = user_name_and_password(request)
if password == 'sekrit'
success!(username)
else
fail!("Could not login")
end
else
if challenge
response = Rack::Response.new("HTTP Basic: Access denied.\n", 401, "WWW-Authenticate" => %(Basic realm="My Realm"))
custom! response.finish
else
fail!
end
end
end
 
end
login_controller.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
class LoginController < ApplicationController
 
skip_before_filter :authenticate!, :except => [:create]
 
def new
render :status => 401
end
 
def create
render :json => {:location => "/"}
end
 
def destroy
warden.custom_failure!
warden.logout
render :new, :status => 401
end
 
private
def authenticate!
request.env['warden.challenge_without_credentials'] = true
warden.authenticate!
end
end
login_new_html.erb
HTML+ERB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
<section id='login'>
<header><h1>Login</h1></header>
<form method='post' action='/login' class='login'>
<div class='input string'>
<label for='username'>Username</label>
<input type='text' name='username' id='username'>
</div>
<div class='input string password'>
<label for='password'>Password</label>
<input type='password' name='username' id='password'>
</div>
<div class='input submit button'>
<input type='submit'>
</div>
</form>
 
<a href='/logout'>Logout</a>
 
</section>
 
<script>
 
$(function(){
$('form.login').submit(function(e){
e.preventDefault();
form = $(e.target);
username = $('#username').val();
password = $('#password').val();
 
$.ajax(form.attr('action'), {
'username': username,
'password': password,
type: 'POST',
global: false,
statusCode: {
200: function(data){
window.location.href = data.location;
},
401: function(xhr){
alert("Could not login");
$('#password').val('');
}
}
 
})
return false;
});
});
 
</script>
routes.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12
BasicTest::Application.routes.draw do
# The priority is based upon order of creation:
# first created -> highest priority.
 
post "/login" => "login#create", :as => :login
get "/login" => "login#new"
delete "/logout" => "login#destroy", :as => :logout
get "/logout" => "login#destroy", :as => :logout
 
resource :foo
root :to => "welcome#index"
end

This is loggin in with basic auth yo

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.