Rails源代码分析(26):ActionController::HttpAuthentication::Basic::ControllerMethods
1 使用这个Module提供了一个简单的方法进行基于HTTP的验证,个人感觉没有太大的帮助,反而增加了复杂度,不如自己实现简单:class PostsController USER_NAME, PASSWORD = "dhh", "secret" before_filter :authenticate, :except => [ :index ]
·
1 使用
2 实现
这个Module提供了一个简单的方法进行基于HTTP的验证,个人感觉没有太大的帮助,反而增加了复杂度,不如自己实现简单:
- class PostsController < ApplicationController
- USER_NAME, PASSWORD = "dhh", "secret"
- before_filter :authenticate, :except => [ :index ]
- def index
- render :text => "Everyone can see me!"
- end
- def edit
- render :text => "I'm only accessible if you know the password"
- end
- private
- def authenticate
- authenticate_or_request_with_http_basic do |user_name, password|
- user_name == USER_NAME && password == PASSWORD
- end
- end
- end
- class ApplicationController < ActionController::Base
- before_filter :set_account, :authenticate
- protected
- def set_account
- @account = Account.find_by_url_name(request.subdomains.first)
- end
- def authenticate
- case request.format
- when Mime::XML, Mime::ATOM
- if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) }
- @current_user = user
- else
- request_http_basic_authentication #执行验证失败
- end
- else
- if session_authenticated?
- @current_user = @account.users.find(session[:authenticated][:user_id])
- else
- redirect_to(login_url) and return false
- end
- end
- end
- end
- # In your integration tests, you can do something like this:
- #
- def test_access_granted_from_xml
- get(
- "/notes/1.xml", nil,
- :authorization => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
- )
- assert_equal 200, status
- end
- # On shared hosts, Apache sometimes doesn't pass authentication headers to
- # FCGI instances. If your environment matches this description and you cannot
- # authenticate, try this rule in your Apache setup:
- #
- # RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
- module Basic
- extend self
- module ControllerMethods
- # HTTP验证方法 验证失败后将执行后半段函数
- def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
- authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
- end
- # 验证主方法
- def authenticate_with_http_basic(&login_procedure)
- HttpAuthentication::Basic.authenticate(self, &login_procedure)
- end
- # 验证失败
- def request_http_basic_authentication(realm = "Application")
- HttpAuthentication::Basic.authentication_request(self, realm)
- end
- end
- def authenticate(controller, &login_procedure)
- unless authorization(controller.request).blank?
- login_procedure.call(*user_name_and_password(controller.request))
- end
- end
- def user_name_and_password(request) # 从request中获取username,password
- decode_credentials(request).split(/:/, 2)
- end
- def authorization(request) # 验证request是否设置并且返回验证字符串
- request.env['HTTP_AUTHORIZATION'] ||
- request.env['X-HTTP_AUTHORIZATION'] ||
- request.env['X_HTTP_AUTHORIZATION'] ||
- request.env['REDIRECT_X_HTTP_AUTHORIZATION']
- end
- # 下面两个方法是加密和解码过程
- def decode_credentials(request)
- ActiveSupport::Base64.decode64(authorization(request).split.last || '')
- end
- def encode_credentials(user_name, password)
- "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}"
- end
- def authentication_request(controller, realm)
- controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
- controller.send! :render, :text => "HTTP Basic: Access denied./n", :status => :unauthorized
- end
- end
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
0
0- 0
已为社区贡献6条内容
所有评论(0)