small medium large xlarge


Diego says:

I’ve duplicated the code a little, I do think that there is a better way of doing this but my solution was to add some extra logic in the authorize method of the Application Controller.

I now looks like the following

def authorize if redirect_to new_user_path unless session[:new_user] return end unless User.find_by_id(session[:user_id]) if request.format == Mime::HTML redirect_to login_url, notice: "Please log in" elsif if user = authenticate_with_http_basic do |u, p| finded_user = User.find_by_name(u) finded_user.authenticate(p) if finded_user end session[:user_id] = elsif render :status => 403, :text => "login failed" and return end end end end I really wanted to redirect to SessionController to do the password check but I couldn’t figure it out how to do it.

Anonymous says:

Taken from – Simple Digest example

In products_controller.rb:

class ProductsController < ApplicationController
  skip_before_filter :authorize, :only => [:who_bought]
  before_filter :authorize_digest, :only => [:who_bought]

In application_controller.rb:

require 'digest/md5'
class ApplicationController < ActionController::Base
  REALM = "SuperSecret" 
  USERS = { "test1" => "1234", #plain text password
            "test2" => Digest::MD5.hexdigest(["test2", REALM, "1234"].join(":")) }  #ha1 digest password


def authorize_digest
  authenticate_or_request_with_http_digest(REALM) do |username|

Then try http://localhost:3000/products/1/who_bought.atom using the credentials test1/1234 or test2/1234.

Page History
  • V11: Cheng Long [almost 3 years ago]
  • V10: Matt Gibson [over 3 years ago]
  • V9: Pierre Sugar [almost 5 years ago]
  • V8: Pierre Sugar [almost 5 years ago]
  • V7: Diego Kurisaki [about 5 years ago]
  • V6: Diego Kurisaki [about 5 years ago]
  • V5: Diego Kurisaki [about 5 years ago]
  • V4: Nick [almost 6 years ago]
  • V3: Nick [almost 6 years ago]
  • V2: Nick [almost 6 years ago]