PasswordRequired
About
Used to password protect sensitive actions. This was inspired by the need to follow the same pattern Github uses when adding a new key to your account. The goal of PasswordRequired is to make this pattern easy and flexible without requiring additional rails libraries.
Usage Example
# In your gemfile
gem 'password_required'
# In your controller
class WidgetsController < ApplicationController
include PasswordRequired::ControllerConcern
password_required for: [:create, :update, :destroy],
with: ->(password) { password == 'roflcopters' },
if: :request_ip_untrusted?
# ...
end
password_required options
-
for:
(Required) An array of methods you want to protect -
with:
(Optional) lambda that receives the password given OR a symbol of a method to call. If either returns a truthy result the action will be allowed. You may optionally define a methodpassword_correct?
that will be used for all password protected actions. -
if:
(Optional) lambda or method name that determines if a request needs to be password protected. Always true by default. Useful if there are some times you do not need to prompt for a password. You optionally define a methodpassword_required?
on the controller that will be called for all password protected actions.
Current Limitations and Issues
- Only POST type actions are supported DELETE, POST, PUT
Only designed and tested with rails 4.1- Works for rails >= 4.0.0
FAQ
Q: "What if I don't like the idea of magical callbacks?"
A: No problem, you'll need to define the following methods in your controller
-
password_correct?
(hint)password_given
is the password from the request -
password_required?
(optional) always true by default
In the controller actions you want to password protect: guard_with_password!
def destroy
guard_with_password!
# ...
end
This project rocks and uses MIT-LICENSE.