Skip to content

How To: Use HTTP Auth Basic with Devise

Erik P. Hansen edited this page Feb 19, 2023 · 8 revisions

NOTE: HTTP Basic authentication is implemented by Devise so the only code required is a call to authenticate_user! in your controller (which will authenticate both login form users and http basic auth users). See https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication for instructions.

The following is a sample for a Api Controller that will allow http basic and run it through your existing devise configuration.

class Api::ApiController < ApplicationController

  before_filter :check_auth


  def check_auth
    authenticate_or_request_with_http_basic do |username,password|
      resource = User.find_by_email(username)
      if resource.valid_password?(password)
        sign_in :user, resource
      end
    end
  end

end

Testing

If you're not using session store and you want to authenticate with HTTP Basic in your tests, try something like this:

def sign_in_basic(user)
  request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user.email, "password")
end

This assumes that the user's password has been set to "password". If you're using fixtures, you can do this with

one:
  email: 'some@user.com'
  encrypted_password: <%= Devise::Encryptor.digest(User, 'password') %>
Clone this wiki locally