tags:

views:

66

answers:

2
Q: 

ruby on rails 3 question about before_filter

Could someone please explain for me what is happening here?

i feel like the documentation doesnt mention a lot or describe what is happening. it just say use this method like this.

what will happen if username and password are true, what will happen if false etc?

class AdminController < ApplicationController
  USERNAME, PASSWORD = "humbaba", "5baa61e4"

  before_filter :authenticate

  private

  def authenticate
    authenticate_or_request_with_http_basic do |username, password|
      username == USERNAME &&
      Digest::SHA1.hexdigest(password) == PASSWORD
    end
  end
end

thanks

+1  A: 

The before_filter method ensures that the private method authenticate is run before all requests.

authenticate_or_request_with_http_basic pops up the browser's "enter your username and password" box, and passes them into the block, as username and password, in this case.

If the block returns true (if the username and password match), the request proceeds to your more specific code. If the block returns false (the username and password don't match), the request is cut short, and an authentication failure page with the correct HTTP status code is returned. The browser may retry the request a few more times before showing the failure page.

Matchu  2010-07-16 17:05:08
"pops up the browser's "enter your username and password" box". i dont quite understand this. it creates a box that the user type in the info? where and how? and if it return false, which page will be displayed? there is so little info about the details :/
never_had_a_name  2010-07-16 17:10:38
There is a [standard protocol](http://en.wikipedia.org/wiki/Basic_access_authentication) for authentication over HTTP. The browser will pop up its own username and password box above the web page. I'm not sure what content Rails returns for the authentication failure page, but it's probably something very generic. Have you tried running this code yet to see it in action? That's the best way to understand.
Matchu  2010-07-16 17:14:08
[Here's a demo to show you what the login interface will be like.](http://www.pagetutor.com/keeper/http_authentication/index.html)You probably shouldn't use this for public web applications, though, as the average user isn't exactly used to it.
Matchu  2010-07-16 17:15:19
thanks now i understand better. but i entered wrong a lot of times but it kept asking. so it didnt redirect.
never_had_a_name  2010-07-16 17:22:49
@fayer - whether or not it ever shows that page or simply keeps retrying is the browser's choice :)
Matchu  2010-07-16 17:25:00
+1  A: 

There is standard authentication functionality built into every browser called "Basic HTTP Authentication". I'm sure you've seen a generic username/password dialog (styled as part of your operating system) show up on web pages. This is it.

It works as follows:

  • Browser sends GET request for a protected URL
  • Server sends 401 Response which means "Authorization Required"
  • Browser knows what it means and pops up a dialog box to the user with user/pass fields
  • When user submits, browser sends another GET request, but with Authorization header which contains base64 encoded username and password
  • Server checks, and if successful — sends back 200 success response with the content of requested page

In your before_filter you're simply telling Rails to perform all of the above song-and-dance when any controller action is accessed anywhere. Rails handles all the protocol communication described above for you.

In case of denied access, Rails sends back 403 Forbidden response, and browser has built-in way to show that.

To find out more: http://en.wikipedia.org/wiki/Basic_access_authentication

hakunin  2010-07-16 17:32:47
great explanation! thanks!
never_had_a_name  2010-07-16 19:14:19

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.