[Rails] Re: Authenticate, THEN redirect

Hi,

You might want to check out this railscast tutorial
(http://railscasts.com/episodes/82-http-basic-authentication).

The authenticate_or_request_with_http_basic method is expecting the
block to return true or false and will send an auth required status if
false. It should be ok to return the user object (ie the line after the
redirect_to ...) as this should equate to true or false. I'm not sure
what value it will return in the line 'redirect_to root_path and return
unless user.nil?'. There is also the problem that this before filter
will endlessly redirect users to root_path, unless you've told it to not
authenticate the root_path controller's index action, which may be a
security issue. You may want to set a session var on a successful
authentication and then add an early out at the beginning if the session
var is set, so the authentication and redirect_to is only done once.
Then there's other issues like only storing passwords in hashed form
using a salt value etc. Maybe something like the following untested
code.

def authenticate
return unless session[:user_id].nil?
authenticate_or_request_with_http_basic do |username, password|
user = User.first(:conditions => ['username like ? and password like
?', username, password])
if user
session[:user_id] = user.id
redirect_to root_path
true
else
false
end
end
end

I hope this helps. I look forward to hearing how you go.

PS. There is nothing wrong with basic authentication if you've enabled
SSL.
--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.