Simple_admin met a Pieman November 7, 2008Posted by dougmcinnes in Code, Plugins & Gems, Rails, Rake, Ruby.
Tags: admin, crypt, HTTP auth, los angeles times, password, yaml
Simple_admin is a Ruby on Rails plugin I created at the Los Angeles Times that morphed into a collabrative effort between Dewey, Reid and myself as it traveled between projects and functionality was added. I’ve just released it to our latimes github account: http://github.com/latimes/simple_admin/tree/master
The basic premise is to give a simple way of managing login usernames and passwords without a database. The data is stored in a YAML file in the application with the passwords encrypted by String’s crypt() method.
To add users to the file there’s an included rake task: admin:add_user. The username and password are passed as parameters:
rake admin:add_user username=mrwalrus password=mahbukkit
Rake will append the user to the login.yaml file or create a new one. The default location for this file is config/admin/login.yml but can be overridden by setting the LOGIN_FILE environment variable in your application. If you set the LOGIN_FILE differently in your different rails environment files you can have different usernames and passwords for development and production.
There’s also a rake task for adding multiple users at the same time from a text file list, giving them all random passwords.
To get the plugin to actually use Basic HTTP authentication to ask for usernames and passwords add this to your application controller:
include SimpleAdmin before_filter :check_basic_http_credentials
Like all filters you can add conditions:
before_filter :check_basic_http_credentials, :only => :login
When including SimpleAdmin in your controller you also get access to the authenticate(username, password) method which can be used for custom login pages. For example:
def login if authenticate(params[:username], params[:password]) session[:admin] = true redirect_to main_page end end
Also included in the plugin is some code for marking different servers as “admin” servers and a way for a rails application to check to see if he’s an admin or not and change its behavior. We used this on one application running on multiple boxes so we could turn off page caching on the admin-marked boxes so the administration WYSIWYG pages wouldn’t be cached and sent to non-admin users (that would be a big oops).