Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to password protect certain pages #636

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 11 additions & 6 deletions config/initializers/comfortable_mexican_sofa.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
# Module responsible for public authentication. Similar to the above. You also
# will have access to @cms_site, @cms_layout, @cms_page so you can use them in
# your logic. Default module doesn't do anything.
# config.public_auth = 'ComfyPublicAuthentication'
config.public_auth = "ComfyPublicAuthentication"

# Module responsible for public authorization. It should have #authorize
# method that returns true or false based on params and loaded instance
Expand Down Expand Up @@ -99,11 +99,16 @@
# end

# Uncomment this module and `config.public_auth` above to use custom public authentication
# module ComfyPublicAuthentication
# def authenticate
# return true
# end
# end
module ComfyPublicAuthentication
def authenticate
protected_paths = ["secret"]

return unless protected_paths.any? { |protected_path| params["cms_path"].include?(protected_path) }
authenticate_or_request_with_http_basic do |username, password|
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If using devise we can just update this to something like redirect_to login_path unless current_user

username == Rails.application.secrets.cms_user && password == Rails.application.secrets.cms_password
end
end
end

# Uncomment this module and `config.public_authorization` above to use custom public authorization
# module ComfyPublicAuthorization
Expand Down
35 changes: 35 additions & 0 deletions test/integration/cms_protected_pages_test.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# frozen_string_literal: true

require "test_helper"

class CmsProtectedPagesTest < ActionDispatch::IntegrationTest
setup do
# create a nested protected CMS page under "secret" slug
@secret_parent = Comfy::Cms::Page.create!(
site: Comfy::Cms::Site.first,
layout: Comfy::Cms::Layout.first,
slug: "secret",
label: "Secret Parent"
)

@page = Comfy::Cms::Page.create!(
site: Comfy::Cms::Site.first,
layout: Comfy::Cms::Layout.first,
slug: "protected-page",
label: "Protected Page",
parent: @secret_parent
)
end

test "visting protected page returns unauthorized" do
get comfy_cms_render_page_path(cms_path: "secret/protected-page")

assert_response :unauthorized
end

test "visting protected page with correct credentials returns success" do
get comfy_cms_render_page_path(cms_path: "secret/protected-page"), headers: admin_authorization_headers

assert_response :success
end
end
1 change: 1 addition & 0 deletions test/integration/cms_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ class CmsTest < ActionDispatch::IntegrationTest
assert_response :success
assert_select "h2", "Search the Library"
end

test "ask us page" do
get comfy_cms_render_page_path(cms_path: "ask-us")

Expand Down
Loading