WWR - Railsplugin: Http Authentication

Http Authentication

Makes it dead easy to do HTTP Basic authentication.

Simple Basic example:

class PostsController < ApplicationController USER_NAME, PASSWORD = “dhh”, “secret” end

before_filter :authenticate, :except => [ :index ]

def index
  render :text => "Everyone can see me!" 
end

def edit
  render :text => "I'm only accessible if you know the password" 
end

private
  def authenticate
    authenticate_or_request_with_http_basic do |user_name, password| 
      user_name  USER_NAME && password  PASSWORD
    end
  end

Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, the regular HTML interface is protected by a session approach (NOTE: This example requires Rails Edge as it uses Request#format, which is not available in Rails 1.2.0):

class ApplicationController < ActionController::Base before_filter :set_account, :authenticate end

protected
  def set_account
    @account = Account.find_by_url_name(request.subdomains.first)
  end

def authenticate
  case request.format
  when Mime::XML, Mime::ATOM
    if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) }
      @current_user = user
    else
      request_http_basic_authentication
    end
  else
    if session_authenticated?
      @current_user = @account.users.find(session:authenticated)
    else
      redirect_to(login_url) and return false
    end
  end
end

In your integration tests, you can do something like this:

def test_access_granted_from_xml
  get(
    "/notes/1.xml", nil, 
    :authorization => HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
  )
end