Htpasswd Plugin

maiha : May 28th, 2006

There are many authorization tools in Rails such as login_generator and LoginEngine and AAA and so on. Although those tools are very useful, we sometimes need light and easy authorization for some reasons just like using htpasswd/htdigest on Apache until we'll get SSL cert. This plugin allows controllers to use HTTP Basic and Digest access authentications like this. ## Usage ### Basic Access Authentication 

class AdminController < ApplicationController
  htpasswd :user=>"maiha", :pass=>"berryz"
  htpasswd :user=>"maiha", :pass=>"7Et1Y7tCawx32", :type=>:crypted
  htpasswd :user=>"maiha", :pass=>"berryz", :realm=>"Member Only"
  htpasswd :file=>"/usr/local/apache/passwd/.htpasswd"
end
### Digest Access Authentication 

class AdminController < ApplicationController
  htdigest :user=>"maiha", :pass=>"berryz"
  htdigest :user=>"maiha", :pass=>"812b1d067e9ce1e44f09215339e3cd69", :type=>:crypted
  htdigest :file=>"/usr/local/apache/passwd/.htdigest"
end
### Multiple Access Authentications 

class AdminController < ApplicationController
  htpasswd :user=>"maiha", :pass=>"berryz"
  htdigest :user=>"airi" , :pass=>"cute"
end
Although user 'maiha' is authorized by Basic auth, user 'airi' is authorized by Digest auth in this case. And this controller returns Digest one as a 401 response because it is strongest auth-scheme in above schemes. ## Install 

ruby script/plugin install http://wota.jp/svn/rails/plugins/branches/stable/htpasswd
## Restrictions * 'realm' value should not contain any commas and semicolons.
Posted by maiha Filed in rails

8 Responses to “Htpasswd Plugin”

  1. Tim Lucas Says:
    May 28th, 2006 at 04:38 PM Thanks maiha! I can throw out my unreleased SimpleAuthorisation plugin and use yours instead.
  2. Julik Says:
    June 2nd, 2006 at 12:24 AM geez I almost got started on such a plugin.
  3. Juca Says:
    June 23rd, 2006 at 05:49 AM By the way, this doesn't works with rails 1.1... I'm about to send a patch on this
  4. Bob Says:
    March 22nd, 2007 at 03:23 PM

    Was playing around with this. Pretty good work.. But I wanted to use “htpasswd :user=>”maiha”, :pass=>”berryz” inside of a method.. eg:

    class MyController < ApplicationController def test
    htdigest(:user=> @user_name, :pass=> @password, :realm => @realm)
    end

    end

    I cannot seem to do this. I need to do this because the username is specified in the url (http://…../userName. Please help!

  5. JohnT Says:
    April 24th, 2007 at 04:58 PM

    Is there an easy way to come up with crypted passwords? Thanks.

  6. Paul Hepworth Says:
    May 28th, 2007 at 01:54 PM

    How will this work with integration tests? I would think that the tests will not be able to run for protected controllers. True?

  7. Paul Hepworth Says:
    May 29th, 2007 at 12:07 AM

    RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]

  8. Paul Hepworth Says:
    May 29th, 2007 at 12:10 AM

    (Sorry about the last comment) I was having an issue where this plug-in wasn’t working once I deployed my app and I found that it was because the default rewrite rule in the public/.htaccess was stripping off the auth headers. To fix this, replace the line with the following: 

    RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]

Sorry, comments are closed for this article.