HTTP basic auth - Sorcery/sorcery GitHub Wiki

In this tutorial we will build upon the app created at Simple Password Authentication so make sure you understand it.

Let's add the submodule and configuration:

# config/initializers/sorcery.rb
Rails.application.config.sorcery.submodules = [:http_basic_auth, blabla, blablu, ...]

Rails.application.config.sorcery.configure do |config|
  ...
  config.controller_to_realm_map = {"application" => "MySite!"}
end

We've just set a realm. This is the site name the user will see in the modal dialog. Adding it in the hash for ApplicationController makes it the default for all controllers.

Now we'll add a before filter in the area that we want to protect with basic auth:

# some controller...
before_filter :require_login_from_http_basic, :only => [:login_from_http_basic]
   
def login_from_http_basic
  redirect_to users_path, :notice => 'Login from basic auth successful'
end

If this controller uses 'require_login' we'll need to skip it for :login_from_http_basic.

We just need to route the new action we've added to the controller:

resources :users do
  collection do
    get :login_from_http_basic
  end
  ...
end

That's it!