How To: Use HTTP Auth Basic with Devise

NOTE: HTTP Basic authentication is implemented by Devise so the only code required is a call to authenticate_user! in your controller (which will authenticate both login form users and http basic auth users). See https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication for instructions.

The following is a sample for a Api Controller that will allow http basic and run it through your existing devise configuration.

class Api::ApiController < ApplicationController

  before_filter :check_auth


  def check_auth
    authenticate_or_request_with_http_basic do |username,password|
      resource = User.find_by_email(username)
      if resource.valid_password?(password)
        sign_in :user, resource
      end
    end
  end

end

Testing

If you're not using session store and you want to authenticate with HTTP Basic in your tests, try something like this:

def sign_in_basic(user)
  request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user.email, "password")
end

This assumes that the user's password has been set to "password". If you're using fixtures, you can do this with

one:
  email: 'some@user.com'
  encrypted_password: <%= Devise::Encryptor.digest(User, 'password') %>

Getting Started

Uh oh!

How To: Use HTTP Auth Basic with Devise

Testing

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!