«
»

Super Simple Authentication Plugin and Generator

I hereby proudly announce my Super Simple Authentication plugin and generator.

All right, what does it do? Sometimes you need to protect your actions and controllers, but you don’t want to go about installing restful_authentication or anything like that. Adding a simple password for certain actions would suffice. So, I wrote a little plugin that can generate some code for you that allows you to easily protect your app with a simple password.

To get started, you must first install the plugin in your rails application:

script/plugin install http://svn.ariejan.net/plugins/super_simple_authentication

When the plugin is installed, you may generate your SSA controller. This controller verifies your password and makes sure you stay authenticated for the duration of your visit.

script/generate super_simple_authentication sessions

Your password is located in config/super_simple_authentication.yml. Change it.

In the SessionsController, you’ll find an include statement. Move this include to your application controller:

include SuperSimpleAuthenticationSystem

The generator automatically added routes to your config/routes.rb file. If you want easy access to login and logout functionality, add these two lines to your config/routes.rb file as well:

map.login  '/login',  :controller => 'sessions', :action => 'new'
map.logout '/logout', :controller => 'sessions', :action => 'destroy', :method => :delete

You can now protect you actions and controllers with a before_filter:

# Protect all actions in the controller
before_filter :authorization_required
 
# Protect all actions, except :index and :recent
before_filter :authorization_required, :except => [:index, :recent]
 
# Protect only :destroy
before_filter :authorization_required, :only => :destroy

In your views, you can check if you are authorized or not with authorized? E.g.

<% if authorized? %>
    # ... do secret admin stuff
<% end %>

Please visit http://trac.ariejan.net to report bugs. Ariejan.net will keep you updated on new major version. Please subscribe to the RSS Feed.

I hope you enjoy this plugin. Please post a comment if you use it in your project, or if you just like it. Bugs, feature requests and support requests should go into Trac

  • Twitter
  • Digg
  • del.icio.us
  • DZone
  • Reddit
  • email

Tags:

This entry was posted on Friday, August 24th, 2007 at 01:37 and is filed under Features, General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

11 Responses to “Super Simple Authentication Plugin and Generator”

  1. meekish says:
    29 August, 2007 at 07:03

    Used it. Thought it was great. Thanks!

  2. GSIY … Ruby-Rails Portal says:
    5 September, 2007 at 01:55

    [...] does work pretty well for low-profile sites. I’d appreciate it if you could check it out: [link] Groups, RubyOnRails Home | | Login|Feed © 2007 GSIY … Ruby-Rails [...]

  3. John says:
    23 November, 2007 at 12:03

    can’t report to the trac site, so it ends up here:
    when I used your Super Simple Authentication plugin,
    the session could not get saved..
    I received the following error:
    “SessionController: missing default helper path sessions_helper”

  4. Wiljo says:
    4 December, 2007 at 19:50

    Nice and easy!

    How about replacing reset_session in sessions/destroy with session[:password] = nil?

    Wiljo

  5. cybelxyz says:
    12 December, 2007 at 08:50

    what’s this mean?

    D:\rails\DeliveryShape>ruby script/generate super_simple_authentication sessions
    Couldn’t find ’super_simple_authentication’ generator

  6. Ariejan de Vroom says:
    12 December, 2007 at 08:56

    @cybelxyz: It means you don’t have the plugin installed correctly.

  7. clouder says:
    28 December, 2007 at 19:49

    This works great. I’m using it on Rails 1.2.3. One thing I did not like though is that when I visited a restricted area it prompted me for password. My personal preference for the app I’m making was for it to just silently redirect to index or something (I don’t like giving anyone more information than they might need). Anyone else who needs to do this, go into yourapp/lib/super_simple_authentication.rb and under the access_denies method just change the redirect_to call to whatever you’d like better. Thanks for this very easy and effective plugin :D

  8. jon says:
    8 January, 2008 at 14:33

    Great, and simple, little plugin.
    My only comment, would be a method to store the password in a hashed (and salted) form. But I guess one could argue that if you have the hash, you’ll eventually have the password anyways.

    Either way, simple, and to the point.

  9. Dominic says:
    24 May, 2008 at 20:35

    There is a problem with your svn url. Or do you recommend to install your plugin via github.

  10. Ariejan de Vroom says:
    26 May, 2008 at 23:43

    @Dominic: Yes, please use github:

    cd vendor/plugins
git clone git://github.com/ariejan/super-simple-authentication.git

    That should be all. If you have any issues or patches, feel free to send ‘em in :)

  11. ujjwal kumar says:
    7 January, 2009 at 09:18

    thanx a lot.. it worked for me.. initially, it was difficult to install the plugin, but everything ended well.. thanx for writing such an easy to use plugin!!

    its better than authenticate_or_request_with_http_basic as it has features like login/logout and doesn’t require any Rewrite Rules in .htaccess :)

Leave a Reply