Hi,

You might want to check out this railscast tutorial 
(http://railscasts.com/episodes/82-http-basic-authentication).

The authenticate_or_request_with_http_basic method is expecting the 
block to return true or false and will send an auth required status if 
false. It should be ok to return the user object (ie the line after the 
redirect_to ...) as this should equate to true or false. I'm not sure 
what value it will return in the line 'redirect_to root_path and return 
unless user.nil?'. There is also the problem that this before filter 
will endlessly redirect users to root_path, unless you've told it to not 
authenticate the root_path controller's index action, which may be a 
security issue. You may want to set a session var on a successful 
authentication and then add an early out at the beginning if the session 
var is set, so the authentication and redirect_to is only done once. 
Then there's other issues like only storing passwords in hashed form 
using a salt value etc. Maybe something like the following untested 
code.

def authenticate
  return unless session[:user_id].nil?
  authenticate_or_request_with_http_basic do |username, password|
    user = User.first(:conditions => ['username like ? and password like 
?', username, password])
    if user
      session[:user_id] = user.id
      redirect_to root_path
      true
    else
      false
    end
  end
end

I hope this helps. I look forward to hearing how you go.

PS. There is nothing wrong with basic authentication if you've enabled 
SSL.
-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reply via email to