Putzing around with Merb and it's authentication plugins (merb-auth-core, merb-auth-more, merb-auth-slice-password) trying to get BasicAuth working for a web app. While setup of the HTML form authentication was easy the BasicAuth didn't appear to work, it would continue to display the form requesting credentials! WTF.
config/router.rb
authenticate( ['Basic::BasicAuth'] ) do match( '/api', :path => /\.xml$/ ) do | m | setup_resources( m ) end end
Hours of digging through Merb and its authentication, it turns out that the BasicAuth strategy only asks for credentials if you already gave it credentials. If you want to use BasicAuth with any web browser this is not work able. You can quickly patch the strategy to get the desired behaviour.
merb-auth-more-1.0.7.1/lib/merb-auth-more/strategies/basic/basic_auth.rb
def run! if basic_authentication? basic_authentication do | login, password | user = user_class.authenticate(login, password) unless user request_basic_auth! end user end else request_basic_auth! end end
While this feels like a bit of a hack you could always fork the strategy and add it in your own code base.
Cheers and happy hacking.