I want to introduce Basic authentication and provide the minimum required security. I have introduced it twice in the past as a practice of Basic authentication, and at that time it was smooth, so I wanted to introduce it this time as well. However, when I actually installed it, although it worked normally in the local environment and I could log in, it was played even with the correct user name and password in the production environment.
First, to check the current situation, I checked again how it would be displayed on git push heroku master.
% git push heroku master
Everything up-to-date
Since everything is up to date, I hypothesized that I had committed on github or executed a command such as git push heroku master before setting the environment variables. After making an empty commit, I thought I needed to do git push heroku master again, so I ran it.
% git commit --allow-empty -m "Commit name"
% git push heroku master
The description in private described in application_controller.rb did not match the name of the environment variable provided on heroku.
app/controllers/application_controller.rb
def basic_auth
authenticate_or_request_with_http_basic do |username, password|
username == ENV["BASIC_AUTH_USER"] && password == ENV["BASIC_AUTH_PASSWORD"]
end
end
% heroku config
===App name Config Vars
BASIC_AUTH_PASSWORD: *****
BASIC_AUTH_USERNAME: *****
You can change it to the same name so that both environment variables are linked. In this case, if you unify it to USERNAME or USER and upload it to Heroku, you can log in normally.
Recommended Posts