Add support for HTTP Basic Authentication

Author: dwilkie

.env

@@ -0,0 +1,2 @@
+RESQUE_WEB_HTTP_BASIC_AUTH_USER=user
+RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD=secret

.gitignore

@@ -23,3 +23,4 @@ test/dummy/log/*.log
 test/dummy/tmp/
 test/dummy/.sass-cache
 *.gem
+vendor/ruby

Gemfile

@@ -7,6 +7,10 @@ gem 'resque', :git => 'https://github.com/resque/resque.git', :branch => "1-x-st
 gem 'sqlite3', :platforms => :ruby
 gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
 
+group :development, :test do
+  gem "dotenv-rails"
+end
+
 group :test do
   gem 'minitest-spec-rails'
   gem 'coveralls', :require => false

Gemfile.lock

@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    resque-web (0.0.2)
+    resque-web (0.0.3)
       coffee-rails
       jquery-rails
       resque
@@ -55,9 +55,9 @@ GEM
     atomic (1.1.13)
     atomic (1.1.13-java)
     builder (3.1.4)
-    coffee-rails (4.0.0)
+    coffee-rails (4.0.1)
       coffee-script (>= 2.2.0)
-      railties (>= 4.0.0.beta, < 5.0)
+      railties (>= 4.0.0, < 5.0)
     coffee-script (2.2.0)
       coffee-script-source
       execjs
@@ -69,6 +69,9 @@ GEM
       rest-client
       simplecov (>= 0.7)
       thor
+    dotenv (0.9.0)
+    dotenv-rails (0.9.0)
+      dotenv (= 0.9.0)
     erubis (2.7.0)
     execjs (2.0.1)
     hike (1.2.3)
@@ -118,9 +121,9 @@ GEM
     ref (1.0.5)
     rest-client (1.6.7)
       mime-types (>= 1.16)
-    sass (3.2.10)
-    sass-rails (4.0.0)
-      railties (>= 4.0.0.beta, < 5.0)
+    sass (3.2.12)
+    sass-rails (4.0.1)
+      railties (>= 4.0.0, < 5.0)
       sass (>= 3.1.10)
       sprockets-rails (~> 2.0.0)
     simplecov (0.7.1)
@@ -175,6 +178,7 @@ PLATFORMS
 DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   coveralls
+  dotenv-rails
   libv8 (= 3.11.8.13)
   minitest-spec-rails
   mocha

README.md

@@ -56,9 +56,8 @@ Another example of a route constraint using the current user when using Devise o
 ```ruby
 # config/routes.rb
 resque_web_constraint = lambda do |request|
-	current_user = request.env['warden'].user
-
-	current_user.present? && current_user.respond_to?(:is_admin?) && current_user.is_admin?
+  current_user = request.env['warden'].user
+  current_user.present? && current_user.respond_to?(:is_admin?) && current_user.is_admin?
 end
 
 constraints resque_web_constraint do
@@ -67,6 +66,10 @@ end
 
 ```
 
+### HTTP Basic Authentication
+
+HTTP Basic Authentication is supported out of the box. Simply set the environment variables `RESQUE_WEB_HTTP_BASIC_AUTH_USER` and `RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD` to turn it on. If you're using Resque with Heroku run `heroku config:set RESQUE_WEB_HTTP_BASIC_AUTH_USER=user RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD=secret` to get ResqueWeb secured.
+
 ## Screenshot
 
 ![Screenshot](http://i.imgur.com/LkNgl.png)

app/controllers/resque_web/application_controller.rb

@@ -1,7 +1,7 @@
 module ResqueWeb
   class ApplicationController < ActionController::Base
     protect_from_forgery
-    before_filter :set_subtabs
+    before_filter :set_subtabs, :authorize
 
     def self.subtabs(*tab_names)
       return defined?(@subtabs) ? @subtabs : [] if tab_names.empty?
@@ -11,5 +11,13 @@ def self.subtabs(*tab_names)
     def set_subtabs(subtabs = self.class.subtabs)
       @subtabs = subtabs
     end
+
+    private
+
+    def authorize
+      if ENV["RESQUE_WEB_HTTP_BASIC_AUTH_USER"] && ENV["RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD"]
+        authenticate_or_request_with_http_basic {|u, p| u == ENV["RESQUE_WEB_HTTP_BASIC_AUTH_USER"] && p == ENV["RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD"] }
+      end
+    end
   end
 end

test/functional/failures_controller_test.rb

@@ -2,43 +2,45 @@
 
 module ResqueWeb
   class FailuresControllerTest < ActionController::TestCase
+    include ControllerTestHelpers
+
     setup do
       @routes = Engine.routes
     end
 
     describe "GET /failures" do
       it "renders the index page" do
-        get :index
+        visit(:index)
         assert_template :index
       end
     end
 
     describe "DELETE /failures/:id" do
       it "deletes the failure" do
         Resque::Failure.expects(:remove).with('123')
-        delete :destroy, :id=>123
+        visit(:destroy, {:id => 123}, :method => :delete)
         assert_redirected_to failures_path
       end
     end
 
     describe "DELETE /failures/destroy_all" do
       it "deletes all failures" do
         Resque::Failure.expects(:clear).with('failed')
-        delete :destroy_all
+        visit(:destroy_all, nil, :method => :delete)
         assert_redirected_to failures_path
       end
     end
 
     describe "PUT /failures/:id/retry" do
       it "retries the failure and remove the original message" do
         Resque::Failure.expects(:requeue_and_remove).with('123')
-        put :retry,:id=>123
+        visit(:retry, {:id => 123}, :method => :put)
         assert_redirected_to failures_path
       end
       it "retries should work also in case of pre 2.0 Resque" do
         Resque::Failure.expects(:requeue).with('123')
         Resque::Failure.expects(:remove).with('123')
-        put :retry,:id=>123
+        visit(:retry, {:id => 123}, :method => :put)
         assert_redirected_to failures_path
       end
     end
@@ -49,7 +51,7 @@ class FailuresControllerTest < ActionController::TestCase
         Resque::Failure.stubs(:requeue_and_remove).returns(true)
         Resque::Failure.expects(:requeue_and_remove).with(0)
         Resque::Failure.expects(:requeue_and_remove).with(1)
-        put :retry_all
+        visit(:retry_all, nil, :method => :put)
         assert_redirected_to failures_path
       end
       it "retries all failures should also work case of pre 2.0 Resque" do
@@ -59,15 +61,14 @@ class FailuresControllerTest < ActionController::TestCase
         Resque::Failure.expects(:remove).with(0)
         Resque::Failure.expects(:requeue).with(1)
         Resque::Failure.expects(:remove).with(1)
-        put :retry_all
+        visit(:retry_all, nil, :method => :put)
         assert_redirected_to failures_path
       end
       it "retries all failures using requeue_queue if queue specified" do
         Resque::Failure.expects(:requeue_queue).with('myqueue')
-        put :retry_all,:queue=>"myqueue"
+        visit(:retry_all, {:queue=>"myqueue"}, :method => :put)
         assert_redirected_to failures_path(:queue=>'myqueue')
       end
     end
-
   end
 end

test/functional/overview_controller_test.rb

@@ -1,7 +1,37 @@
 require 'test_helper'
 
-class OverviewControllerTest < ActionController::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+module ResqueWeb
+
+  class OverviewControllerTest < ActionController::TestCase
+    include ControllerTestHelpers
+
+    setup do
+      @routes = Engine.routes
+    end
+
+    describe "GET /" do
+      describe "when HTTP Basic Authentication is enabled" do
+        describe "and the currect username and password are supplied " do
+          it "should grant me access" do
+            visit(:show)
+            assert_response :ok
+          end
+        end
+
+        describe "and the username and password are not supplied" do
+          it "should deny me access" do
+            visit(:show, {}, :auth => false)
+            assert_response :unauthorized
+          end
+        end
+      end
+
+      describe "when HTTP Basic Authentication is disabled" do
+        it "should grant me access" do
+          visit(:show, {}, :auth => :disabled)
+          assert_response :ok
+        end
+      end
+    end
+  end
 end

test/functional/queues_controller_test.rb

@@ -2,16 +2,19 @@
 
 module ResqueWeb
   class QueuesControllerTest < ActionController::TestCase
+    include ControllerTestHelpers
+
     setup do
       @routes = Engine.routes
     end
+
     let(:queue_name) { 'example_queue' }
 
     it "deletes queues" do
       Resque.push(queue_name, :class => 'ExampleJob')
       Resque.queues.include?(queue_name).must_equal true
 
-      delete :destroy, :id => queue_name
+      visit(:destroy, {:id => queue_name}, :method => :delete)
       assert_redirected_to queues_path
 
       Resque.queues.include?(queue_name).wont_equal true

test/support/controller_test_helpers.rb

@@ -0,0 +1,22 @@
+module ControllerTestHelpers
+  def visit(action, params = {}, options = {})
+    method = options.delete(:method) || :get
+
+    user = ENV["RESQUE_WEB_HTTP_BASIC_AUTH_USER"]
+    password = ENV["RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD"]
+
+    if options[:auth] == :disabled
+      ENV["RESQUE_WEB_HTTP_BASIC_AUTH_USER"] = nil
+      ENV["RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD"] = nil
+    else
+      request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(
+        options[:user] || user, options[:password] || password
+      ) unless options[:auth] == false
+    end
+
+    send(method, action, params)
+
+    ENV["RESQUE_WEB_HTTP_BASIC_AUTH_USER"] = user
+    ENV["RESQUE_WEB_HTTP_BASIC_AUTH_PASSWORD"] = password
+  end
+end