CODEWITHSUNDEEP
ruby-on-railsactiveadminrack-middleware
ChuckE
ChuckE

Reputation: 5688

ActiveAdmin: How to setup HTTP basic authentication?

I want to set basic authentication for ActiveAdmin, which internal devise solution doesn't apply to my case. For that I would like to be able to add middleware to the ActiveAdmin Engine before this is bundled into my app. What I managed to do was:

ActiveAdmin::Engine.configure do |config|
  config.middleware.use Rack::Auth::Basic do |username, password|
    username == 'admin' && password == 'root'
  end  
end

But apparently this doesn't make it work, since my active admin routes are still unprotected. How can I effectively do this? And no, I don't want to protect my whole site with basic authentication.

Upvotes: 8

Views: 5572

Answers (3)

Amiel Martin
Amiel Martin

Reputation: 4824

Here's a few ideas:

# app/controllers/application_controller.rb

class ApplicationController < ActionController::Base

  # ...
  http_basic_authenticate_with :name => "frodo", :password => "thering", :if => :admin_controller?

  def admin_controller?
    self.class < ActiveAdmin::BaseController
  end

Or, the monkeypatching version

# config/initializers/active_admin.rb

# somewhere outside the setup block

class ActiveAdmin::BaseController
  http_basic_authenticate_with :name => "frodo", :password => "thering"
end

If you only want to protect specific resources, you can use the controller block:

# app/admin/users.rb

ActiveAdmin.register Users do
  controller do
    http_basic_authenticate_with :name => "frodo", :password => "thering"
  end

  # ...
end

I was hoping that I would be able to extend the controller in this way in config/initializers/active_admin.rb in the setup block, but this didn't work for me:

# app/admin/users.rb

ActiveAdmin.setup do |config|
  config.controller do
    http_basic_authenticate_with :name => "frodo", :password => "thering"
  end

  # ...
end

You might try it though, as it could be an ActiveAdmin version thing (I could have sworn that I saw that documented somewhere...)

Good luck, I hope this helps.

UPDATE: A couple more options:

I hadn't realized before that :before_filter in activeadmin config takes a block.

# config/initializers/active_admin.rb

ActiveAdmin.setup do |config|
  # ...
  config.before_filter do
    authenticate_or_request_with_http_basic("Whatever") do |name, password|
      name == "frodo" && password == "thering"
    end
  end
end

And... just one more idea. It sounds like you are not keen on adding anything to application_controller, but this version is not conditional like the first above:

# app/controllers/application_controller.rb

class ApplicationController < ActionController::Base

  def authenticate_admin
    authenticate_or_request_with_http_basic("Whatever") do |name, password|
      name == "frodo" && password == "thering"
    end
  end
end



# config/initializers/active_admin.rb

ActiveAdmin.setup do |config|
  # ...
  config.authentication_method = :authenticate_admin
end

Upvotes: 22

RailsZilla.com
RailsZilla.com

Reputation: 143

just another solution for you would be:

  # app/controllers/application_controller.rb
  protected
  def authenticate
    authenticate_or_request_with_http_basic do |username, password|
      username == "admin" && password == "superpassword"
    end
  end

# config/initializers/active_admin.rb
config.before_filter :authenticate

the big plus for this solution ist, that you can call

before_filter :authenticate

in every area you want to protet.

Upvotes: -1

RailsZilla.com
RailsZilla.com

Reputation: 143

If you just want to protect the admin area of ActiveAdmin, then you should try this:

# app/admin/dashboard.rb
controller do
  http_basic_authenticate_with :name => "mega-admin", :password => "supersecret"
end

that works like a charm ;-)

have fun

Upvotes: -1

Related Questions