module HttpBasicAuthentication::Patches::ApplicationControllerPatch

This module patches the default authentication system by using HTTP Basic Authorization headers fields to login users or create them if necessary.

Public Instance Methods

try_to_autologin_with_http_basic() click to toggle source

We hijack the autologin method as this the HTTP Basic authorization is a kind of auto login system which created users on the fly.

# File lib/http_basic_authentication/patches/application_controller_patch.rb, line 15
def try_to_autologin_with_http_basic
  if http_authorization?
    authenticate_with_http_basic do |username, _password|
      logger.info "Successful authentication for '#{username}'" \
        "from #{request.remote_ip} at #{Time.now.utc}"
      self.logged_user = User.find_by_login(username) ||
        create_http_authorization_user(username)
    end
  else
    try_to_autologin_without_http_basic
  end
end

Private Instance Methods

create_http_authorization_user(username) click to toggle source
# File lib/http_basic_authentication/patches/application_controller_patch.rb, line 34
def create_http_authorization_user(username)
  email = "#{username}#{email_suffix}"
  user = User.new(mail: email, firstname: username, lastname: username)
  user.login = username
  user.tap(&:save!)
end
email_suffix() click to toggle source
# File lib/http_basic_authentication/patches/application_controller_patch.rb, line 41
def email_suffix
  Setting.plugin_http_basic_authentication["email_suffix"]
end
http_authorization?() click to toggle source
# File lib/http_basic_authentication/patches/application_controller_patch.rb, line 30
def http_authorization?
  request.authorization.present?
end