User authentication in Rails is a solved problem but how can we protect individual resources in Rails with a password? It turns out that all we need is not that much code.
Solution 1: HTTP Authentication
HTTP authentication can be implemented with
#authenticate_or_request_with_http_basic. It expects two things:
- The name of an authentication realm.
- A block performing authentication.
Solution 2: Password Input
With HTTP authentication, a single action handled both authorization and download. This solution, though, needs two controller actions: one for displaying the password prompt and one for authorization and download.
has_secure_password is mostly associated with user authentication but it can be used in all situations where password protection is required. The result code is short, easily testable, and doesn’t need third-party dependencies.
Find more here.