I would suggest taking a look at Ryan Bates screencast about restful
authentication (http://railscasts.com/episodes/67), write a simple
application or two using restful authentication, and then walk through the
code to see how it all works. IIRC, it has support for doing just what you
asked.
--wpd
On Fri, Jan 9, 2009 at 5:23 PM, Jables <brun3...@uidaho.edu> wrote:
>
> Hey,
> I need some advice on something. I have a fairly large and complex
> website (uberpwner.com) and all authentication I do is done by before
> filters. Basically before_filter :login_required.
> login_required does basic authentication and then redirects to the
> root_path. Here is the essentials from the login system code (which
> is mostly taken from the beast forum):
>
> def login_required
> login_by_token unless logged_in?
> login_by_basic_auth unless logged_in?
> respond_to do |format|
> format.html { redirect_to login_path }
> format.js { render(:update) { |p| p.redirect_to
> login_path } }
> format.xml do
> headers["WWW-Authenticate"] = %(Basic realm="Beast")
> render :text => "HTTP Basic: Access denied.\n", :status
> => :unauthorized
> end
> end unless logged_in? && authorized?
> end
>
> def login_by_token
> self.current_user = User.find_by_id_and_login_key(*cookies
> [:login_token].split(";")) if cookies[:login_token] and not logged_in?
> end
>
> @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION
> Authorization)
> def login_by_basic_auth
> auth_key = @@http_auth_headers.detect { |h| request.env.has_key?
> (h) }
> auth_data = request.env[auth_key].to_s.split unless
> auth_key.blank?
> self.current_user = User.authenticate *Base64.decode64(auth_data
> [1]).split(':')[0..1] if auth_data && auth_data[0] == 'Basic'
> end
>
> Now here is what I want: when a user clicks a page that requires
> authentication they should be redirected to the login page, then on
> successful login to the page they are going to. If they are trying to
> submit something to the site they should be redirected to login, then
> their submission should go through on successful login.
>
> Any advice on how to achieve this would be very appreciated!
> JB
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
