Rails 2.0: HTTP Basic Authentication

lock.pngHTTP Basic authentication support comes bundled with Rails 2.0, alleviating the need for external plugins we used with Rails 1.x. Here’s how you can use (and test) this new Rails 2.0 feature.Controller Code

before_filter :authenticatedef authenticate

authenticate_or_request_with_http_basic do |username, password|

true # replace with your own custom logic

end

end

Functional Test

def setup

@controller = AdminController.new
@request = ActionController::TestRequest.new

@response = ActionController::TestResponse.new

set_basic_authentication

end

def test_basic_authentication_success

get :index
assert_response :success

end

def set_basic_authentication

@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::b64encode("some_username:some_password")

end

For Rails 2.0 internal implementation details, see http_authentication.rb.

Comments

5 responses to “Rails 2.0: HTTP Basic Authentication”

  1. ryan Avatar
    ryan

    Where does “Configuration::ADMIN[:username]” come from?

  2. preston.lee Avatar

    Just a placeholder for wherever your admin password comes from. I updated it to read “some_username:some_password”.

  3. Anthony Bailey Avatar

    Thanks for this – just what I was Googling for.

    BTW, I found that Base64::b64encode printed the encoded string as a side effect, which made my rake test output rather noisy.

    Using Base64::encode64 instead solved that for me.

  4. Dustin Avatar

    Any way around leaving the password in the test? I’d like to avoid leaving the cleartext password in my test. Thanks.

  5. preston.lee Avatar

    @Dustin
    You can always put it in a config file that doesn’t get checked into your revision control system.

Leave a Reply

Your email address will not be published. Required fields are marked *