How to create a separate Devise authentication for certain areas?












1















My app has a controller whose actions need to be cut off from authenticated users behind a special password.



One way to imagine it: regular users go about their business. Once in a while, an admin needs to enter his/her password to let the regular users access an area.



I have Devise authentication set up the normal way in my app, so all my users are authenticated.



How can I now set up a separate password so all calls to a controller result in a request for a special separate password?






ruby-on-rails devise ruby-on-rails-5







share|improve this question























  • Hi, I'm curious to know if my solution has worked for you.

    – Abhilash Reddy
    Nov 29 '18 at 3:33
















1















My app has a controller whose actions need to be cut off from authenticated users behind a special password.



One way to imagine it: regular users go about their business. Once in a while, an admin needs to enter his/her password to let the regular users access an area.



I have Devise authentication set up the normal way in my app, so all my users are authenticated.



How can I now set up a separate password so all calls to a controller result in a request for a special separate password?






ruby-on-rails devise ruby-on-rails-5







share|improve this question























  • Hi, I'm curious to know if my solution has worked for you.

    – Abhilash Reddy
    Nov 29 '18 at 3:33














1












1








1








My app has a controller whose actions need to be cut off from authenticated users behind a special password.



One way to imagine it: regular users go about their business. Once in a while, an admin needs to enter his/her password to let the regular users access an area.



I have Devise authentication set up the normal way in my app, so all my users are authenticated.



How can I now set up a separate password so all calls to a controller result in a request for a special separate password?






ruby-on-rails devise ruby-on-rails-5







share|improve this question














My app has a controller whose actions need to be cut off from authenticated users behind a special password.



One way to imagine it: regular users go about their business. Once in a while, an admin needs to enter his/her password to let the regular users access an area.



I have Devise authentication set up the normal way in my app, so all my users are authenticated.



How can I now set up a separate password so all calls to a controller result in a request for a special separate password?






ruby-on-rails devise ruby-on-rails-5




ruby-on-rails devise ruby-on-rails-5






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 22 '18 at 2:00









sscirrussscirrus

27.7k40114206




27.7k40114206













  • Hi, I'm curious to know if my solution has worked for you.

    – Abhilash Reddy
    Nov 29 '18 at 3:33



















  • Hi, I'm curious to know if my solution has worked for you.

    – Abhilash Reddy
    Nov 29 '18 at 3:33

















Hi, I'm curious to know if my solution has worked for you.

– Abhilash Reddy
Nov 29 '18 at 3:33





Hi, I'm curious to know if my solution has worked for you.

– Abhilash Reddy
Nov 29 '18 at 3:33












1 Answer
1






active

oldest

votes


















1















One way to do it is introducing a simple authentication from scratch on top of Devise's authentication
using the bcrypt library .




You will need a new field in your users table to store the special password digest. So, create a new migration file and the below code to it:



def change

  add_column :users, :special_password, :digest

end


Add Bcrypt gem to your Gemfile:



gem 'bcrypt', '~> 3.1', '>= 3.1.12'


To your user model add the below line:



has_secure_special_password


Now in your special password authentication controller, use the below code to authenticate current_user with the special_password



if current_user.authenticate(params[:user][:special_password])

  session[:special_user_id] = current_user.id

end


Now in whichever controller actions you want to authenticate the user with the special password, Create a before_action filter and try to find the user by session[:special_user_id] and if user not found you may ask them to enter the special_password






share|improve this answer

























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53422890%2fhow-to-create-a-separate-devise-authentication-for-certain-areas%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1















    One way to do it is introducing a simple authentication from scratch on top of Devise's authentication
    using the bcrypt library .




    You will need a new field in your users table to store the special password digest. So, create a new migration file and the below code to it:



    def change
    
  add_column :users, :special_password, :digest
    
end


    Add Bcrypt gem to your Gemfile:



    gem 'bcrypt', '~> 3.1', '>= 3.1.12'


    To your user model add the below line:



    has_secure_special_password


    Now in your special password authentication controller, use the below code to authenticate current_user with the special_password



    if current_user.authenticate(params[:user][:special_password])
    
  session[:special_user_id] = current_user.id
    
end


    Now in whichever controller actions you want to authenticate the user with the special password, Create a before_action filter and try to find the user by session[:special_user_id] and if user not found you may ask them to enter the special_password






    share|improve this answer






























      1















      One way to do it is introducing a simple authentication from scratch on top of Devise's authentication
      using the bcrypt library .




      You will need a new field in your users table to store the special password digest. So, create a new migration file and the below code to it:



      def change
      
  add_column :users, :special_password, :digest
      
end


      Add Bcrypt gem to your Gemfile:



      gem 'bcrypt', '~> 3.1', '>= 3.1.12'


      To your user model add the below line:



      has_secure_special_password


      Now in your special password authentication controller, use the below code to authenticate current_user with the special_password



      if current_user.authenticate(params[:user][:special_password])
      
  session[:special_user_id] = current_user.id
      
end


      Now in whichever controller actions you want to authenticate the user with the special password, Create a before_action filter and try to find the user by session[:special_user_id] and if user not found you may ask them to enter the special_password






      share|improve this answer




























        1












        1








        1








        One way to do it is introducing a simple authentication from scratch on top of Devise's authentication
        using the bcrypt library .




        You will need a new field in your users table to store the special password digest. So, create a new migration file and the below code to it:



        def change
        
  add_column :users, :special_password, :digest
        
end


        Add Bcrypt gem to your Gemfile:



        gem 'bcrypt', '~> 3.1', '>= 3.1.12'


        To your user model add the below line:



        has_secure_special_password


        Now in your special password authentication controller, use the below code to authenticate current_user with the special_password



        if current_user.authenticate(params[:user][:special_password])
        
  session[:special_user_id] = current_user.id
        
end


        Now in whichever controller actions you want to authenticate the user with the special password, Create a before_action filter and try to find the user by session[:special_user_id] and if user not found you may ask them to enter the special_password






        share|improve this answer
















        One way to do it is introducing a simple authentication from scratch on top of Devise's authentication
        using the bcrypt library .




        You will need a new field in your users table to store the special password digest. So, create a new migration file and the below code to it:



        def change
        
  add_column :users, :special_password, :digest
        
end


        Add Bcrypt gem to your Gemfile:



        gem 'bcrypt', '~> 3.1', '>= 3.1.12'


        To your user model add the below line:



        has_secure_special_password


        Now in your special password authentication controller, use the below code to authenticate current_user with the special_password



        if current_user.authenticate(params[:user][:special_password])
        
  session[:special_user_id] = current_user.id
        
end


        Now in whichever controller actions you want to authenticate the user with the special password, Create a before_action filter and try to find the user by session[:special_user_id] and if user not found you may ask them to enter the special_password







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 22 '18 at 3:56

























        answered Nov 22 '18 at 3:23









        Abhilash ReddyAbhilash Reddy

        1,1401618




        1,1401618
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53422890%2fhow-to-create-a-separate-devise-authentication-for-certain-areas%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            MongoDB - Not Authorized To Execute Command

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
            Read more

            How to fix TextFormField cause rebuild widget in Flutter

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
            Read more

            in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

            Image
            1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
            Read more