very simple authenticatation

Could someone help me with this. It *really* only needs to be this
simple. I don't need user models or plugins etc.

I think it's clear what I'd like (either admin or slt to
authenticate), but it's obviously flawed and lets any username
password combination in!

  def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      name == "admin" || "slt" && password == "admin" || "slt"
    end
  end

I've also tried:

  def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      (name == "admin" && password == "admin") || (name == "slt" &&
password == "slt")
    end
  end

Thanks.

"Not" equivalent. Not "now".

I don't understand how I manage to make those typos. It's not like I
forgot a letter or something - I actually use another word in place.
Strange xD

Thanks for the suggestion.

I get the same problem. *Any* username or password is allowed.

So I can enter 'foo' and no password and it let's me in.

Odd.

The logic is wrong. Try this:

def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      credentials = {'admin' => 'admin', 'slt' => 'slt'}
      credentials[name] == pasword
    end
end

On your previous examples, your method was returning 'the last thing
evaluated' (a Ruby thing), and in your case, that happened to be
'slt'. 'slt', as a string, is not false, which is why your method was
letting users in regardless of credentials.

Hardcoded credentials in any app are a terrible idea though...

johnsonmlw wrote:

Thanks for the suggestion.

I get the same problem. *Any* username or password is allowed.

So I can enter 'foo' and no password and it let's me in.

Odd.

So basically..:

  def authenticateAdmin
    authenticate_or_request_with_http_basic do |name, password|
      true
    end
  end

?

I dont see how this can be useful to anyone though.. But that might just
be me. lol