The logic is wrong. Try this:
def authenticateAdmin
authenticate_or_request_with_http_basic do |name, password|
credentials = {'admin' => 'admin', 'slt' => 'slt'}
credentials[name] == pasword
end
end
On your previous examples, your method was returning 'the last thing
evaluated' (a Ruby thing), and in your case, that happened to be
'slt'. 'slt', as a string, is not false, which is why your method was
letting users in regardless of credentials.
Hardcoded credentials in any app are a terrible idea though...
On Mar 19, 5:07 pm, johnsonmlw <[email protected]> wrote:
> Thanks for the suggestion.
>
> I get the same problem. *Any* username or password is allowed.
>
> So I can enter 'foo' and no password and it let's me in.
>
> Odd.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
