Reputation: 45
Making a Rails app only accessible if authenticated?
I'm trying to implement a login screen into my Rails app. This does not give create or search up an account for the user, but rather just checks to see if they know the password.
There is only one password, and only those that know it should have access to the application.
I successfully have the application redirecting users to the login screen if they try to access any page, but how would set the user as authenticated so that I don't continue to redirect them back to login?
Upvotes: 0
Views: 52
Answers (1)
Reputation: 1986
You can record in the session the fact that they have "logged in" (aka knew the password). You can do so by doing something similar to your controller that receives the form:
if params[:password] == ENV['YOUR_GLOBAL_PASSWORD']
session[:authenticated] = true
end
Then add a before_filter to the parts of the app you want to protect:
before_filter :authenticate
def authenticate
unless session[:authenticated]
render head :forbidden
return false
end
end
I would strongly recommend you to just use HTTP Basic Auth.
Upvotes: 1
Related Questions
- Keep users from accessing pages in Rails app if they're not logged in
- Restrict access in Rails app only for users logged in
- Rails controller: authenticating only for certain actions
- Require a user to be logged in (Rails)
- Restrict access to app by ip address OR via password (rails app)
- rails 3 limiting access
- Custom Rails authentication / authorization
- With Rails 3, What's the easiest way to protect an entire site from un-authenticated users?
- Rails Way to Restrict Page Access Without Sessions
- How to restrict public access to a rails app