Super Simple Authentication Plugin and Generator
24 August 2007
I hereby proudly announce my Super Simple Authentication plugin and generator.
All right, what does it do? Sometimes you need to protect your actions and controllers, but you don’t want to go about installing restful_authentication or anything like that. Adding a simple password for certain actions would suffice. So, I wrote a little plugin that can generate some code for you that allows you to easily protect your app with a simple password.
To get started, you must first install the plugin in your rails application:
script/plugin install http://svn.ariejan.net/plugins/super_simple_authentication
When the plugin is installed, you may generate your SSA controller. This controller verifies your password and makes sure you stay authenticated for the duration of your visit.
script/generate super_simple_authentication sessions
Your password is located in config/super_simple_authentication.yml. Change it.
In the SessionsController, you’ll find an include statement. Move this include to your application controller:
The generator automatically added routes to your config/routes.rb file. If you want easy access to login and logout functionality, add these two lines to your config/routes.rb file as well:
map.login '/login', :controller => 'sessions', :action => 'new' map.logout '/logout', :controller => 'sessions', :action => 'destroy', :method => :delete
You can now protect you actions and controllers with a before_filter:
# Protect all actions in the controller before_filter :authorization_required # Protect all actions, except :index and :recent before_filter :authorization_required, :except => [:index, :recent] # Protect only :destroy before_filter :authorization_required, :only => :destroy
In your views, you can check if you are authorized or not with authorized? E.g.
<% if authorized? %> <!-- do secret admin stuff --> <% end %>
I hope you enjoy this plugin. Please post a comment if you use it in your project, or if you just like it. Bugs, feature requests and support requests should go into Trac