module Authpwn::HttpBasicControllerInstanceMethods

Included in controllers that call authenticates_using_http_basic.

Public Instance Methods

bounce_to_http_basic() click to toggle source

Inform the user that their request is forbidden.

If a user is logged on, this renders the session/forbidden view with a HTTP 403 code.

If no user is logged in, a HTTP 403 code is returned, together with an HTTP Authentication header causing the user-agent (browser) to initiate http basic authentication.

# File lib/authpwn_rails/http_basic.rb, line 47
def bounce_to_http_basic()
  unless current_user
    request_http_basic_authentication
    return
  end

  respond_to do |format|
    format.html do
      render 'session/forbidden', layout: false, status: :forbidden
    end
    format.json do
      render json: { error: "You're not allowed to access that" }
    end
  end
end

Private Instance Methods

authenticate_using_http_basic() click to toggle source

The before_action that implements authenticates_using_http_basic.

If your ApplicationController contains authenticates_using_http_basic, you can opt out in individual controllers using skip_before_action.

skip_before_action :authenticate_using_http_basic
# File lib/authpwn_rails/http_basic.rb, line 29
def authenticate_using_http_basic
  return if current_user
  authenticate_with_http_basic do |email, password|
    signin = Session.new email: email, password: password
    auth = User.authenticate_signin signin
    self.current_user = auth unless auth.kind_of? Symbol
  end
end