Introduce Rails/Basic authentication on Heroku.

at first

I wanted to introduce Basic authentication in a production environment. I've done AWS but never Heroku, so I'd like to mention what I did this time.

What is Basic authentication?

Basic authentication is one of the simple ways to restrict access to websites. Basic authentication is one of the functions that comes with the Web server, and you can easily restrict access by just writing a few lines in the file. Basic認証 Basic authentication is one of the authentication methods that can restrict access to a specific area of ​​a website, that is, pages and files. With basic authentication, when you try to access an authenticated website, an authentication dialog like the one in the image above will appear, prompting you to enter your user name (ID) and password.

Features of Basic authentication

·merit

(1) Access can be restricted on a directory-by-directory basis

② After authentication is completed, it is valid until the browser is closed.

③ The browser remembers the login information

·Demerit

① Security vulnerability

② Crawler cannot access

③ Cannot set across servers

④ You cannot save login information on your smartphone

Basic setting method (deploy on Heroku.)

Added code to application_controller.rb to perform Basic authentication on all controllers. Rails provides the following methods for basic authentication. 「authenticate_or_request_with_http_basic」 This is a method that makes it easy to implement Basic authentication in Rails.

app/controllers/application_controller.rb


class ApplicationController < ActionController::Base
  before_action :basic_auth, if: :production?

  private

  def production?   #← Distinguish between production environment and local.
    Rails.env.production?
  end

  def basic_auth
    authenticate_or_request_with_http_basic do |username, password|
      username == ENV['BASIC_AUTH_USER'] && password == ENV['BASIC_AUTH_PASSWORD']
    end
  end

end

Add USER and PAASSWORD to the environment variables.

Terminal.


% vim ~/.bash_profile
  
#Press "i" to go to insert mode
#Add the USER and PASSWORD set by yourself as follows.

export BASIC_AUTH_USER='USER'
export BASIC_AUTH_PASSWORD='PASSWORD'

#Press the esc key and:Press wq to save

% sudo vim /etc/environment
Password:  #← Password for your PC

#Press "i" to go to insert mode
#Add the USER and PASSWORD set by yourself as follows.

BASIC_AUTH_USER='USER'
BASIC_AUTH_PASSWORD='PASSWORD'

#Press the esc key and:Press wq to save

#Check if it is reflected on Heroku with heroku config.

% heroku config                             
===App name Config Vars
BASIC_AUTH_USER:          'USER'
BASIC_AUTH_PASSWORD:      'PASSWORD'

username == ENV ['BASIC_AUTH_USER'] && password == ENV ['BASIC_AUTH_PASSWORD'] is an environment variable because if you commit up to Github without making it an environment variable, you can see the password at a glance.

Deployment operation check

I was able to set up Basic authentication using the above method.

Recommended Posts

Introduce Rails/Basic authentication on Heroku.
I can't log in on Heroku when I introduce Basic authentication.
Introducing Basic Authentication on Heroku [Spring Framework]
Introducing Bugsnag on Heroku
Yay! I'm on Heroku!
Use Corretto 11 on Heroku
Error resolution on Heroku
How to deploy on heroku
How to introduce Basic authentication
Use PG Backups on Heroku
Run puppeteer-core on Heroku (Docker edition)
Deploy a war file on Heroku
Deploy Flask's Docker image on Heroku
DB error on deploying with Heroku
Deploy Rails on Docker to heroku
Deploy your Rails app on Heroku