问题
I have a Ruby class that basically authenticates a user to an LDAP directory as follows. The DirectoryUser class is using the net/ldap gem to do this. When called the class returns either a 'true' if the user is authenticated or 'false' if not.
>>DirectoryUser.authenticate('user', 'password')
#True
I want to use this mechanism to protect my routes in a basic Sinatra application for multiple users.
- Is there a recommended way to do this that follows best practise?
- Could somebody show how this could be achieved?
I was thinking of just setting a variable and checking the status of the variable before allowing access to the route. However, I can't help thinking there are some security implications that I could be missing here!
回答1:
It's in the Sinatra FAQ.
Basically you need to create a helper method that will throw an exception if the user is not authenticated.
回答2:
Since you're already using the LDAP library to authenticate, the best practice would be to use something like Warden for authorization. We've gotten good use out of this app using multiple authentication methods (basic auth, twitter auth, LDAP auth).
来源:https://stackoverflow.com/questions/15821200/ruby-sinatra-protecting-routes-with-authentication