Password protecting pages simply with rails - what should I do?

Asked 16/5, 2012 at 18:24 Answered 4/7, 2023 at 22:50

Solved ruby-on-rails ruby-on-rails-3 passwords password-protection

I'm now on level 7 of Hartl's rails tutorial book and I'm starting to think about my application in deployment. It's an app that allows about 12 social workers to communicate collaboratively and privately. Thus, I need to password protect it.

However, it also needs to be easy to use, very easy to use. A few of these people haven't used a computer before, and having logging on and sign-up processes would put them off completely.

Thus I want to create a landing page, where they have to type a password in (the same password for everybody), then it redirects to the 'discussion pages.' My first idea was to use some obfuscated javascript such that upon typing in the password, it redirects them to the discussion pages, but this doesn't sound very secure.

Can anyone recommend me a better way to do this in rails? Ideally they would only have to type it in once, and then it would authenticate them for all the pages automatically (by setting a cookie?) and anyone trying to access a page directly would be redirected to the authentication page.

Cheers in advance

Hypercorrect answered 16/5, 2012 at 18:24 Comment(3)

Have a go on this gem github.com/plataformatec/devise it will help you in authentication, session and all your requirements. – Pipage 16/5, 2012 at 18:28

If you are building your first Rails application, we recommend you to not use Devise. Devise requires a good understanding of the Rails Framework. Sounds like using a sledgehammer to crack a nut. It's a whole new MVC – Hypercorrect 16/5, 2012 at 18:30

We didn't face any issues while using devise, its your wish. – Pipage 16/5, 2012 at 18:33

A very simple authentication option is available to you in this situation. I would suggest you watch the Ruby on Railscast episode 270. I think it just maybe what you are looking for.

Probable answered 16/5, 2012 at 20:0 Comment(0)

If you want really simple, you can use authenticate_or_request_with_http_basic

It's not a replacement for a real authentication system, e.g. Devise or AuthLogic however.

Tirado answered 16/5, 2012 at 18:30 Comment(0)

I started to use the lockup gem for this purpose: https://github.com/gblakeman/lockup

It is super easy to setup and almost every user accessing the site should be able to use it.

Vitia answered 9/5, 2019 at 14:34 Comment(1)

I second the use of the lockup gem... Super clean way to protect a site that's under development! – Giraffe 21/11, 2023 at 8:33

I wanted to check the right employee was editing their profile.

I have the models Employer, Employee, Employee Invitations.

The employer would send an employee invitation out (name, email, employee_number) to an employee which would create the employee and update the same fields.

Fire an email to the employee with a link to edit_employee inside.

Employee would click on the link taking them to a form for the employee_number_check.

If they submit the correct employee number then it would refresh the page and display the contents after this if statement.

<% if @employee.employee_number == @employee.employee_number_check %> 

Hidden Content

<% end %>

Humiliating answered 4/7, 2023 at 22:50 Comment(1)

Adding the definitions of the models in code might make your answer more useful. – Microhenry 8/7, 2023 at 7:8

Recommended topics

Hot tags