Heroku powered private restricted beta

views:

231

answers:

+1 Q:

Heroku powered private restricted beta

I'd like to run an app in a restricted private beta on heroku.

We're changing the app regularly and haven't done a security audit.

To stop anyone exploiting stuff, we'd like to lock down the whole site, so you need a password to access anything.

Ideally similar to using .htaccess and .htpasswd files to lock an entire site on an Apache server.

Is there a simple one shot way to do this for a heroku hosted app?

+1 A:

.htaccess and .htpasswd basically tells Apache to authenticate the user using a Basic Auth system. You can do the same with a pure-Rack layer.

See http://rack.rubyforge.org/doc/Rack/Auth/Basic.html

Because you are using Heroku, I assume you are deploying a Rack-compatible application (either a Rack, Rails or Sinatra app).

Simone Carletti 2010-06-11 16:04:17

+2 A:

Just use authenticate_or_request_with_http_basic in a before_filter in your ApplicationController.

See this Railscasts episode for instructions: http://railscasts.com/episodes/82-http-basic-authentication

plindberg 2010-06-11 17:36:53

tried it, but wouldn't play nice with devise. seemed to generate an infinite redirect loop

Ben Sand 2010-07-05 08:07:13

Ah! Just add `warden.custom_failure! if performed?` at the end of your filter method (as in https://gist.github.com/dc7906d07174c8514551)

plindberg 2010-07-08 19:56:01

I've tried this method with the `warden.custom_failure! if performed?`, and it works, but it causes another problem. When you try to login as a user (using devise), it says "wrong username and password", probably because it's trying to use the u/p I used for the HTTP Basic authentication. Any ideas?

Idris 2010-09-02 21:59:11

ansaurus

tags:

views:

answers:

Heroku powered private restricted beta

related questions