Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic auth #2764

Closed
4 of 11 tasks
manuelmeurer opened this issue May 11, 2024 · 5 comments
Closed
4 of 11 tasks

Add basic auth #2764

manuelmeurer opened this issue May 11, 2024 · 5 comments
Labels
Stale

Comments

@manuelmeurer
Copy link

manuelmeurer commented May 11, 2024
edited

Describe the bug

I'd like to add basic auth to accessing Avo, but when I try the most straightforward approach, an error occurs.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Add basic auth as detailed in https://blog.arkency.com/common-authentication-for-mounted-rack-apps-in-rails/
authenticated =
  lambda do |app|
    Rack::Builder.new do
      if Rails.env.production?
        use Rack::Auth::Basic do |username, password|
          {
            username => "ADMIN_USERNAME",
            password => "ADMIN_PASSWORD"
          }.map { ActiveSupport::SecurityUtils.secure_compare _1, ENV.fetch(_2) }
           .all?
        end
      end
      run app
    end
  end

Rails.application.routes.draw do
  mount authenticated[Avo::Engine], at: Avo.configuration.root_path
end
  1. Start Rails server
  2. Go to 'localhost:3000/avo'
  3. See error
NameError - undefined local variable or method `avo' for an instance of Avo::HomeController`
in lib/avo/configuration.rb#82

Expected behavior & Actual behavior

No error

Models and resource files

Fresh install of Avo, app only has a few models which I'm sure are not the cause of this error.

System configuration

Avo version: 3.7.4

Rails version: 7.1.3.2

Ruby version: 3.3.1

License type:

  • Community
  • Pro
  • Advanced

Are you using Avo monkey patches, overriding views or view components?

  • Yes. If so, please post code samples.
  • No

Screenshots or screen recordings

Additional context

Impact

  • High impact (It makes my app un-usable.)
  • Medium impact (I'm annoyed, but I'll live.)
  • Low impact (It's really a tiny thing that I could live with.)

Urgency

  • High urgency (I can't continue development without it.)
  • Medium urgency (I found a workaround, but I'd love to have it fixed.)
  • Low urgency (It can wait. I just wanted you to know about it.)
@manuelmeurer
Copy link
Author

I also tried ading basic auth like this, but it doesn't have any effect:

Avo::Engine.config.app_middleware.use Rack::Auth::Basic do |username, password|
  username == "admin" && password == "password"
end

@github-actions GitHub Actions
Copy link
Contributor

This issue has been marked as stale because there was no activity for the past 15 days.

@github-actions github-actions bot added the Stale label May 27, 2024
@adrianthedev
Copy link
Collaborator

I added this article here.

Apologies about the delay.

@manuelmeurer
Copy link
Author

Thanks @adrianthedev, after opening this issue I got it to work with http_basic_authenticate_with in Avo::ResourcesController but I guess using a concern is even cleaner.

@adrianthedev
Copy link
Collaborator

yeah, that will work too!

I'd like to push one more update at some point where all engines (pro, advanced, dynamic_filters, etc.) inherit from Avo::ApplicationController so we have just one point of contact.
Don't worry about it now, nobody's going to find those routes to try to access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
Roadmap
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manuelmeurer @adrianthedev