Module: ActionController::HttpAuthentication::Basic::ControllerMethods::ClassMethods

Defined in:
lib/action_controller/metal/http_authentication.rb

Instance Method Summary collapse

Instance Method Details

#http_basic_authenticate_with(options = {}) ⇒ Object



69
70
71
72
73
74
75
76
77
78
79
# File 'lib/action_controller/metal/http_authentication.rb', line 69

def http_basic_authenticate_with(options = {})
  before_action(options.except(:name, :password, :realm)) do
    authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
      # This comparison uses & so that it doesn't short circuit and
      # uses `variable_size_secure_compare` so that length information
      # isn't leaked.
      ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) &
        ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])
    end
  end
end