当前位置：文江博客话题详情

Rails：访问用于 HTTP 基本身份验证的用户名/密码？

发布于 2024-08-24 09:40:37 字数 520 浏览 6 评论 0原文

我正在构建一个基本的 API，在正确发送用户的登录名和密码后可以检索用户信息。

现在我正在使用这样的东西：

http://foo:[email ;protected]/api/user.xml

所以，我需要做的是访问请求中发送的用户/密码（foo 和 bar< /code>），但我不确定如何在 Rails 控制器中访问该信息。

然后，我会通过快速 User.find 检查这些变量，然后将它们设置为 authenticate_or_request_with_http_basic 的用户名和密码变量。

我可能以完全错误的方式看待这个问题，但这就是我现在的处境。 :)

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

帅气称霸 2024-08-31 09:40:37

关于如何从请求中获取凭据的问题的答案是这样的：

user, pass = ActionController::HttpAuthentication::Basic::user_name_and_password(request)

但是，authenticate_or_request_with_http_basic 是执行基本身份验证所需的全部内容：

class BlahController < ApplicationController
  before_filter :authenticate

  protected

  def authenticate
    authenticate_or_request_with_http_basic do |username, password|
      # you probably want to guard against a wrong username, and encrypt the
      # password but this is the idea.
      User.find_by_name(username).password == password
    end
  end
end

如果未提供凭据，authenticate_or_request_with_http_basic 将返回 401 状态，这将弹出用户名/密码对话框一个浏览器。如果给出了详细信息，那么这些详细信息将被传递到提供的块。如果块返回 true，则请求将通过。否则，请求处理将中止，并向客户端返回 403 状态。

您还可以查看 Railscast 82（上面的代码来自）：
http://railscasts.com/episodes/82-http-basic-authentication

The answer to your question of how to get the credentials from the request is this:

user, pass = ActionController::HttpAuthentication::Basic::user_name_and_password(request)

However authenticate_or_request_with_http_basic is all you need to do basic auth:

class BlahController < ApplicationController
  before_filter :authenticate

  protected

  def authenticate
    authenticate_or_request_with_http_basic do |username, password|
      # you probably want to guard against a wrong username, and encrypt the
      # password but this is the idea.
      User.find_by_name(username).password == password
    end
  end
end

authenticate_or_request_with_http_basic will return a 401 status if credentials are not supplied, which will pop up the username/password dialog in a browser. If details are given then those are passed to the block provided. If the block returns true the request goes through. Otherwise the request processing is aborted and a 403 status is returned to the client.

You can also check out Railscast 82 (thats were the code above is from):
http://railscasts.com/episodes/82-http-basic-authentication

回复收藏 0 原文

青春有你 2024-08-31 09:40:37

Rails 插件 Authlogic 开箱即用地支持此功能（以及更多功能）。您可以查找它的源代码，或者简单地将其集成到您现有的应用程序中。

编辑：
在深入挖掘 Authlogic 的源代码后，我发现这个文件，它使用以下代码来获取用户名和密码：

  def authenticate_with_http_basic(&block)
    @auth = Rack::Auth::Basic::Request.new(controller.request.env)
    if @auth.provided? and @auth.basic?
      block.call(*@auth.credentials)
    else
      false
    end
  end

我会进一步了解这一切的去向，但我必须上床睡觉了。希望我能有所帮助。

The rails plugin Authlogic supports this functionality (as well as much more) out of the box. You could root around in the source for it, or simply integrate it into your existing application.

Edit:
After digging around the source code for Authlogic, I found this file which uses the following piece of code to grab the username and password:

  def authenticate_with_http_basic(&block)
    @auth = Rack::Auth::Basic::Request.new(controller.request.env)
    if @auth.provided? and @auth.basic?
      block.call(*@auth.credentials)
    else
      false
    end
  end

I'd look a bit further into where it all goes, but I've got to get to bed. Hope I was of some help.

回复收藏 0 原文

~没有更多了~