Warden vs Rack::Auth::Basic. Doing HTTP-Basic-Auth in Ruby-Framework

Question

I want to create a WebService in Ruby (Sinatra, Padrino, maybe Ramaze... don't know yet...), but I definitely want to secure it...

It will be the backeend for an Iphone-App, so I think SSL-Secured HTTP-Basic-Auth will be fine.

I've been looking around at several authentication Frameworks and came across warden... Seems to be pretty well documented, and devise is build on top of it... So can't be that bad...

But... seemd to me a little bit overkill, for what I need...

Then I found this Code-Snipplet:

  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
      throw(:halt, [401, "Not authorized\n"])
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['admin', 'admin']
  end

Looks if I just don't need more than that atm... Or can any of you guys provide a nice Example of Warden + HTTP-Basic Auth? Or explain me more benefits of using warden?

Thanks in advance!!! :)

Answer 1

Not completey sure what you are trying to achieve here. However we have a Rails app where we use Warden (+ devise) combined with HTTP-Basic-Auth using middleware to hide our staging instance. This is what we put into config/environments/staging.rb:

  config.middleware.insert_after(::Rack::Lock, "::Rack::Auth::Basic", "Not for public eyes") do |u, p|
u == 'admin' && p == 'secret'
  end

This works side by side with our Warden authentication rules.