resque-web Authentication

It'd be good to support some kind of pluggable authentication. I'd ideally like to reuse the authentication from the app we're mounting Resque Web inside of. Perhaps we can provide an API with a proc/block to authenticate a user that returns true/false if they're allowed?

Oct 18 '13 17:10 tarcieri

The rails routing constraint technique is ok but I'd like some sort of hook instead, so I could redirect and show and error message instead of just not creating the route and showing a 404. Any idea what you would want this API to look like @tarcieri? Perhaps just add a before_filter to ResqueWeb::ApplicationController that checks if an authentication block is defined.

I'd like to do something like this in an initializer:

ResqueWeb.authentication do
  if current_user.admin?
    true
  else
    flash[:error] = 'Access Denied.'
    redirect '/'
  end
end

Jan 30 '14 23:01 mcfiredrill

#authenticate ?

Jan 30 '14 23:01 tarcieri

+1 one from the box doesn't work((

Apr 01 '16 21:04 liku

+1 same issue here

May 04 '16 17:05 liku

I have this in my routes.rb, which keeps the '/jobs' route there, but it does different things.

My permission is 'job_control', but you can probably work out how it works

  #
  # The following Routes MUST be the last ones in the file, in this order,
  # to protect the Background Job interface
  #
  # Web Rule A
  authenticated :user, -> user { user.has_role? 'job_control' } do
    mount ResqueWeb::Engine => "/jobs"
  end
  # Web Rule B
  authenticated :user, -> user { !user.has_role? 'job_control' } do
    get '/jobs', to: redirect('/')
    get '/jobs/*uri', to: redirect('/')
  end
  # Web Rule C
  unauthenticated :user do
    get '/jobs', to: redirect('/')
    get '/jobs/*uri', to: redirect('/')
  end

Oct 24 '17 18:10 msimkins