Static Auth

Static authentication && authorization in rails

Installation

Rails3 only Add the following line to your Gemfile:

gem 'static_auth'

Example

models/admin_session.rb

class AdminSession < StaticAuth::Session
  roles :admin, :manager
  password_for :admin, "123456"
  password_for :manager, proc { "123456".reverse }
  set_encryption_method :md5
end

controllers/admin/index_controller.rb

def index
  @session = AdminSession.new(session)
  render :template => @session.authorized? ? "admin/index" : "admin/index/login"
end

def login
  @session = AdminSession.new(session)
  @session.attributes = params[:admin_session]
  @session.save
  if @session.authorized?
    redirect_to admin_path
  else
    render :template => "admin/index/login"
  end
end

def logout
  @session.logout_all
  redirect_to admin_path
end

views/admin/login.html.erb

= form_for @session do |s|
  = s.text_field :role
  = s.text_field :password
  = s.submit "Login"

Setting encryption method

class AdminSession < StaticAuth::Session
  roles :admin, :manager
  password_for :admin, "123456"
  password_for :manager, proc { "123456".reverse }

  # It always receives a string
  encryption_methods[:custom] = proc { |value| MD5::md5(value + "secret salt") }

  set_encryption_method :custom # Default methods: :plain, :md5, :sha1
end

Todo

  1. Salting

  2. BCrypt