Rails 2.0: HTTP Basic Authentication

lock.pngHTTP Basic authentication support comes bundled with Rails 2.0, alleviating the need for external plugins we used with Rails 1.x. Here’s how you can use (and test) this new Rails 2.0 feature.Controller Code

before_filter :authenticatedef authenticate

authenticate_or_request_with_http_basic do |username, password|

true # replace with your own custom logic



Functional Test

def setup

@controller = AdminController.new
@request = ActionController::TestRequest.new

@response = ActionController::TestResponse.new



def test_basic_authentication_success

get :index
assert_response :success


def set_basic_authentication

@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::b64encode("some_username:some_password")


For Rails 2.0 internal implementation details, see http_authentication.rb.

5 thoughts on “Rails 2.0: HTTP Basic Authentication”

  1. Thanks for this – just what I was Googling for.

    BTW, I found that Base64::b64encode printed the encoded string as a side effect, which made my rake test output rather noisy.

    Using Base64::encode64 instead solved that for me.

  2. Any way around leaving the password in the test? I’d like to avoid leaving the cleartext password in my test. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *