-
Notifications
You must be signed in to change notification settings - Fork 5.5k
How To: Use HTTP Auth Basic with Devise
Erik P. Hansen edited this page Feb 19, 2023
·
8 revisions
NOTE: HTTP Basic authentication is implemented by Devise so the only code required is a call to authenticate_user! in your controller (which will authenticate both login form users and http basic auth users). See https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication for instructions.
The following is a sample for a Api Controller that will allow http basic and run it through your existing devise configuration.
class Api::ApiController < ApplicationController
before_filter :check_auth
def check_auth
authenticate_or_request_with_http_basic do |username,password|
resource = User.find_by_email(username)
if resource.valid_password?(password)
sign_in :user, resource
end
end
end
end
If you're not using session store and you want to authenticate with HTTP Basic in your tests, try something like this:
def sign_in_basic(user)
request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user.email, "password")
end
This assumes that the user's password has been set to "password"
. If you're using fixtures, you can do this with
one:
email: '[email protected]'
encrypted_password: <%= Devise::Encryptor.digest(User, 'password') %>