This is my first question posted here, I hope this goes well.
I'm trying to work out a simple authentication system for my first
Rails site using authenticate_or_request_with_http_basic. Here is the
code I am using right now:
def authenticate
authenticate_or_request_with_http_basic do |name, pass|
name == 'foo' && pass == 'bar'
end
end
It works when it is like that, but I would like to be able to expand
it out from there (obviously) in order to use the stored usernames and
passwords of my users for them to log in. Nothing too serious, but I'm
stuck trying to go from here.
My User table has fields named 'username' and 'password' and I'm
looking for some direction on how to incorporate those two fields into
the above method so that I will have the users use that.
This is my first question posted here, I hope this goes well.
I'm trying to work out a simple authentication system for my first
Rails site using authenticate_or_request_with_http_basic. Here is the
code I am using right now:
def authenticate
authenticate_or_request_with_http_basic do |name, pass|
name == 'foo' && pass == 'bar'
end
end
Setting to one side the question of whether to roll your own
authentication thing or use someone else's, what you want here is to
see whether or not a use exists with the supplied combination of name
and password. This boils down to just find :first, :conditions =>
["username = ? AND password = ?", name, pass] and seeing whether you
get back nil (no matching record) or something else.
For extra happiness bung this in the User model (eg in a method called
authenticate), and look at dynamic finders
(User.find_by_username_and_password(name, pass)).
And if you don’t roll your own, I recommend authenticated_system or restful_authentication, the latter of which is just a restful version of the former.
After going through the tutorial, Bobnation, you'll have understood
most of the issues of an authenticated login system AND the RESTful
way of doing things in Rails 2.0. Hardly a waste of time
Thanks to everyone for the help and discussion. I'm going to sit on
this for a little bit and see what I can come up with. Thanks again!
And if you don't roll your own, I recommend authenticated_system or
restful_authentication, the latter of which is just a restful version of the
former.
I saw a link to a restful_authentication tutorial from the ruby forums
in this thread and thought I'd add my own tutorial in case you find it
helpful. I won't try and tell you mine's better, just different, and
I've always found that learning something in more than one way helps me
really get a grasp of the subject.
The tutorial has more commentary/explanatory text than most. It's
written for the Linux command line and has instructions for keeping
track of things in subversion along the way, though it would be easy
enough to just skip those steps.
Thanks, your tutorial looks really interesting so I might peruse it to
try and pick things form it that I might need. Right now I think I'm
in the middle of knowing a little Rails but not enough to really get
going ... so the frustrating stage. I'm hoping I'll get through this
and then get to the fun part.
