http Basic authentication for Ruby on Rails

This is an example of http basic authentication on a Rails 7 app and an example of using ChatGPT-4 in a normal workflow. In the past I would have used Google to search this up. Now I go straight for ChatGPT.

This was the prompt for Open AI aka ChatGPT-4
Can you show me how to password protect one page in a ruby on rails 7 app?

Screenshot asking ChatGPT to show me how to password protect one page in a ruby on rails 7 app

Sure, I can guide you on how to password protect a single page in a Ruby on Rails 7 application. One simple way to achieve this is by using HTTP Basic Authentication.

  1. Controller
    Add this to the controller that manages the page you want to protect.
class YourController < ApplicationController
  http_basic_authenticate_with name: "foo", password: "bar", only: [:your_protected_action]

  def your_protected_action
    # Your action code here
  end
end

Replace “foo” and “bar” with the username and password you want to use.

Replace your_protected_action with the name of the action corresponding to the page you want to protect.

  1. Testing
    When you access the page in the browser, it will now prompt you for a username and password.

While this method works, it has some limitations. The username and password are hardcoded into the controller, and the password is not stored securely. If you want more security, you should look into proper user authentication libraries, such as Devise or Authlogic.

Keep in mind that HTTP Basic Authentication transmits credentials in an unencrypted form. To avoid this, use HTTPS to encrypt the entire HTTP communication.

Please note that you should be careful when deploying these changes, as you might lock yourself out of your page if you forget your password. It is best to test these changes thoroughly in a development environment before applying them to a live site.


Here is an example of use:

class ApplicationController < ActionController::Base

  unless Rails.env.development? || Rails.env.test?
    http_basic_authenticate_with name: ENV['HTTP_BASIC_AUTH_NAME'], password: ENV['HTTP_BASIC_AUTH_PASSWORD']
  end

end

We can add that to the envelope easy in the Heroku dashboard.


If you want to set the HTTP_BASIC_AUTH_NAME and HTTP_BASIC_AUTH_PASSWORD environment variables locally, you have a few options, depending on your development setup:

Option 1: Using a .env file

One common approach is to use a .env file at the root of your project. You can set environment variables in this file, which will be loaded when you run your app.

The contents of your .env file might look like this:

HTTP_BASIC_AUTH_NAME=myusername
HTTP_BASIC_AUTH_PASSWORD=mypassword

Note: Be sure to add .env to your .gitignore file to prevent committing your sensitive information to version control.

Showing code and instructions on a .env file and saving environment variables

Ok, but how do I log out of that locally?

ChatGPT:
If by “log out” you mean remove these environment variables, you can use the unset command in your terminal:

unset HTTP_BASIC_AUTH_NAME
unset HTTP_BASIC_AUTH_PASSWORD

This will remove these environment variables from the current terminal session.

Really, locally I can just alter the .env file quick.