lib/warden/version.rb @@ -6,4 +6,6 @@ I'm going to try and keep a list of all the contributors to this project. If I' * Daniel Neighman (hassox) * Mick Staugaard (staugaard) - +* José Valim (josevalim) +* Carlo Santoniodasilva (carlosantoniodasilva) +* Justin Smestad (jsmestad) README.textile @@ -1,25 +1,17 @@ require 'rubygems' -require 'rack' require 'spec/rake/spectask' - -GEM = "warden" -GEM_VERSION = "0.2.1" -AUTHORS = ["Daniel Neighman"] -EMAIL = "has.sox@gmail.com" -HOMEPAGE = "http://github.com/hassox/warden" -SUMMARY = "Rack middleware that provides authentication for rack applications" +require File.join(File.dirname(__FILE__), "lib", "warden", "version") begin require 'jeweler' Jeweler::Tasks.new do |gem| - gem.name = GEM - gem.summary = SUMMARY - gem.email = EMAIL - gem.homepage = HOMEPAGE - gem.authors = AUTHORS + gem.name = "warden" + gem.version = Warden::VERSION + gem.summary = "Rack middleware that provides authentication for rack applications" + gem.email = "has.sox@gmail.com" + gem.homepage = "http://github.com/hassox/warden" + gem.authors = ["Daniel Neighman"] gem.rubyforge_project = "warden" - # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings - gem.add_dependency "rack", ">= 1.0.0" end rescue LoadError Rakefile @@ -1 +1 @@ -0.4.0 +0.5.1 VERSION @@ -4,39 +4,39 @@ module Warden class Base # :api: public attr_accessor :user, :message - + #:api: private attr_accessor :result, :custom_response - + # Setup for redirection # :api: private attr_reader :_status - + # Accessor for the rack env - # :api: public + # :api: public attr_reader :env, :scope include ::Warden::Mixins::Common - + # :api: private def initialize(env, scope=nil, config={}) # :nodoc: @scope, @config = scope, config @env, @_status, @headers = env, nil, {} @halted = false end - - # The method that is called from above. This method calls the underlying authetniate! method + + # The method that is called from above. This method calls the underlying authenticate! method # :api: private def _run! # :nodoc: result = authenticate! self end - - # Acts as a guarding method for the strategy. + + # Acts as a guarding method for the strategy. # If #valid? responds false, the strategy will not be executed # Overwrite with your own logic # :api: overwritable def valid?; true; end - + # Provides access to the headers hash for setting custom headers # :api: public def headers(header = {}) @@ -44,33 +44,33 @@ module Warden @headers.merge! header @headers end - + # Access to the errors object. # :api: public def errors @env['warden.errors'] end - + # Cause the processing of the strategies to stop and cascade no further # :api: public def halt! @halted = true end - + # Checks to see if a strategy was halted # :api: public def halted? !!@halted end - + # A simple method to return from authenticate! if you want to ignore this strategy # :api: public def pass; end - + # Whenever you want to provide a user object as "authenticated" use the +success!+ method. - # This will halt the strategy, and set the user in the approprieate scope. + # This will halt the strategy, and set the user in the approprieate scope. # It is the "login" method - # + # # Parameters: # user - The user object to login. This object can be anything you have setup to serialize in and out of the session # @@ -80,7 +80,7 @@ module Warden @user = user @result = :success end - + # This causes the strategy to fail. It does not throw an :warden symbol to drop the request out to the failure application # You must throw an :warden symbol somewhere in the application to enforce this # :api: public @@ -89,13 +89,13 @@ module Warden @message = message @result = :failure end - + # Causes the authentication to redirect. An :warden symbol must be thrown to actually execute this redirect # # Parameters: # url <String> - The string representing the URL to be redirected to # pararms <Hash> - Any parameters to encode into the URL - # opts <Hash> - Any options to recirect with. + # opts <Hash> - Any options to recirect with. # available options: permanent => (true || false) # # :api: public @@ -105,22 +105,22 @@ module Warden headers["Location"] = url headers["Location"] << "?" << Rack::Utils.build_query(params) unless params.empty? headers["Content-Type"] = opts[:content_type] || 'text/plain' - + @message = opts[:message].nil? ? "You are being redirected to #{headers["Location"]}" : opts[:message] - + @result = :redirect headers["Location"] end - + # Return a custom rack array. You must throw an :warden symbol to activate this # :api: public def custom!(response) halt! @custom_response = response @result = :custom - end - + end + end # Base end # Strategies end # Warden lib/warden/authentication/strategy_base.rb @@ -16,12 +16,18 @@ module Warden @config = config yield self if block_given? - # should ensure there is a failure application defined. + # Should ensure there is a failure application defined. @failure_app = config[:failure_app] if config[:failure_app] raise "No Failure App provided" unless @failure_app self end + # Do not raise an error if a missing strategy is given by default. + # :api: plugin + def silence_missing_strategies! + @config[:silence_missing_strategies] = true + end + # Set the default strategies to use. # :api: public def default_strategies(*strategies) @@ -51,19 +57,17 @@ module Warden call_failure_app(env, :original_response => result) end when Hash - if (result[:action] ||= :unauthenticated) == :unauthenticated - process_unauthenticated(result,env) - end # case result + result[:action] ||= :unauthenticated + process_unauthenticated(result, env) end end class << self - # Does the work of storing the user in the session # :api: private def _store_user(user, session, scope = :default) # :nodoc: - return nil if user.nil? + return nil unless user session["warden.user.#{scope}.key"] = serialize_into_session.call(user) end @@ -71,7 +75,7 @@ module Warden # :api: private def _fetch_user(session, scope = :default) # :nodoc: key = session["warden.user.#{scope}.key"] - return nil if key.nil? + return nil unless key serialize_from_session.call(key) end @@ -107,16 +111,16 @@ module Warden # It looks at the result of the proxy to see if it's been executed and what action to take. # :api: private def process_unauthenticated(result, env) - case env['warden'].result - when :failure - call_failure_app(env, result) - when :redirect - [env['warden']._status, env['warden'].headers, [env['warden'].message || "You are being redirected to #{env['warden'].headers['Location']}"]] - when :custom - env['warden'].custom_response - when nil - call_failure_app(env, result) - end # case env['warden'].result + action = result[:result] || env['warden'].result + + case action + when :redirect + [env['warden']._status, env['warden'].headers, [env['warden'].message || "You are being redirected to #{env['warden'].headers['Location']}"]] + when :custom + env['warden'].custom_response + else + call_failure_app(env, result) + end end # Calls the failure app. lib/warden/manager.rb @@ -36,9 +36,17 @@ module Warden # env['warden'].authenticated?(:admin) # :api: public def authenticated?(scope = :default) - !raw_session["warden.user.#{scope}.key"].nil? + result = !raw_session["warden.user.#{scope}.key"].nil? || !!user(scope) + yield if block_given? && result + result end # authenticated? + def unauthenticated?(scope = :default) + result = !authenticated?(scope) + yield if block_given? && result + result + end + # Run the authentiation strategies for the given strategies. # If there is already a user logged in for a given scope, the strategies are not run # This does not halt the flow of control and is a passive attempt to authenticate only @@ -73,11 +81,11 @@ module Warden # # Parameters: # user - An object that has been setup to serialize into and out of the session. - # opts - An options hash. Use the :scope option to set the scope of the user + # opts - An options hash. Use the :scope option to set the scope of the user, set the :store option to false to skip serializing into the session. # :api: public def set_user(user, opts = {}) scope = (opts[:scope] ||= :default) - Warden::Manager._store_user(user, raw_session, scope) # Get the user into the session + Warden::Manager._store_user(user, raw_session, scope) unless opts[:store] == false# Get the user into the session # Run the after hooks for setting the user Warden::Manager._after_set_user.each{|hook| hook.call(user, self, opts)} @@ -184,16 +192,25 @@ module Warden opts = opts_from_args(args) # Look for an existing user in the session for this scope + # If there was no user in the session. See if we can get one from the request return scope, opts if the_user = user(scope) - # If there was no user in the session. See if we can get one from the request strategies = args.empty? ? @strategies : args - raise "No Strategies Found" if strategies.empty? || !(strategies - Warden::Strategies._strategies.keys).empty? + raise "No Strategies Found" if strategies.empty? strategies.each do |s| + unless Warden::Strategies[s] + if args.empty? && @config[:silence_missing_strategies] + next + else + raise "Invalid strategy #{s}" + end + end + strategy = Warden::Strategies[s].new(@env, scope, @conf) self.winning_strategy = strategy next unless strategy.valid? + strategy._run! break if strategy.halted? end lib/warden/proxy.rb @@ -12,13 +12,13 @@ module Warden::Spec def setup_rack(app = nil, opts = {}, &block) app ||= block if block_given? - # opts[:default_strategies] ||= [:password] + opts[:default_strategies] ||= [:password] opts[:failure_app] ||= Warden::Spec::Helpers::FAILURE_APP Rack::Builder.new do use Warden::Spec::Helpers::Session use Warden::Manager, opts do |manager| manager.failure_app = Warden::Spec::Helpers::FAILURE_APP - manager.default_strategies :password + manager.default_strategies *opts[:default_strategies] end run app end @@ -48,4 +48,4 @@ module Warden::Spec end end # session end -end \ No newline at end of file +end spec/helpers/request_helper.rb @@ -49,7 +49,7 @@ describe Warden::Manager do env = env_with_params("/", {}) app = lambda do |env| env['warden'].authenticate(:failz) - throw(:warden, :action => :unauthenticated) + throw(:warden) end result = setup_rack(app, :failure_app => @fail_app).call(env) result.last.should == ["You Fail!"] @@ -65,6 +65,17 @@ describe Warden::Manager do result = setup_rack(app, :failure_app => fail_app).call(env_with_params) result.last.should == ["Failure App"] end + + it "should call failure app if warden is thrown even after successful authentication" do + env = env_with_params("/", {}) + app = lambda do |env| + env['warden'].authenticate(:pass) + throw(:warden) + end + result = setup_rack(app, :failure_app => @fail_app).call(env) + result.first.should == 401 + result.last.should == ["You Fail!"] + end end # failure end spec/warden/manager_spec.rb @@ -81,6 +81,27 @@ describe Warden::Proxy do setup_rack(app).call(env) end + it "should raise error on missing strategies" do + env = env_with_params('/') + app = lambda do |env| + env['warden'].authenticate(:unknown) + end + lambda { + setup_rack(app).call(env) + }.should raise_error(RuntimeError, "Invalid strategy unknown") + end + + it "should not raise error on default missing strategies if silencing" do + env = env_with_params('/') + app = lambda do |env| + env['warden'].authenticate + valid_response + end + lambda { + setup_rack(app, :silence_missing_strategies => true, :default_strategies => :unknown).call(env) + }.should_not raise_error + end + it "should allow me to get access to the user at warden.user." do env = env_with_params("/") app = lambda do |env| @@ -170,6 +191,18 @@ describe Warden::Proxy do end setup_rack(app).call(env) end + + it "should not store the user if the :store option is set to false" do + env = env_with_params("/") + app = lambda do |e| + env['warden'].authenticate(:pass, :store => false) + env['warden'].should be_authenticated + env['warden'].user.should == "Valid User" + env['rack.session']['warden.user.default.key'].should be_nil + valid_response + end + setup_rack(app).call(env) + end end describe "get user" do @@ -345,8 +378,148 @@ describe Warden::Proxy do result.first.should == 401 end - end + describe "authenticated?" do + describe "positive authentication" do + before do + @env['rack.session'] = {'warden.user.default.key' => 'defult_key'} + $captures = [] + end + + it "should return true when authenticated in the session" do + app = lambda do |e| + e['warden'].should be_authenticated + end + result = setup_rack(app).call(@env) + end + + it "should yield to a block when the block is passed and authenticated" do + app = lambda do |e| + e['warden'].authenticated? do + $captures << :in_the_block + end + end + setup_rack(app).call(@env) + $captures.should == [:in_the_block] + end + it "should authenticate for a user in a different scope" do + @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'} + app = lambda do |e| + e['warden'].authenticated?(:foo) do + $captures << :in_the_foo_block + end + end + setup_rack(app).call(@env) + $captures.should == [:in_the_foo_block] + end + end + + describe "negative authentication" do + before do + @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'} + $captures = [] + end + it "should return false when authenticated in the session" do + app = lambda do |e| + e['warden'].should_not be_authenticated + end + result = setup_rack(app).call(@env) + end + + it "should not yield to a block when the block is passed and authenticated" do + app = lambda do |e| + e['warden'].authenticated? do + $captures << :in_the_block + end + end + setup_rack(app).call(@env) + $captures.should == [] + end + + it "should not yield for a user in a different scope" do + app = lambda do |e| + e['warden'].authenticated?(:bar) do + $captures << :in_the_bar_block + end + end + setup_rack(app).call(@env) + $captures.should == [] + end + end + end + + + describe "unauthenticated?" do + describe "negative unauthentication" do + before do + @env['rack.session'] = {'warden.user.default.key' => 'defult_key'} + $captures = [] + end + + it "should return false when authenticated in the session" do + app = lambda do |e| + e['warden'].should_not be_unauthenticated + end + result = setup_rack(app).call(@env) + end + + it "should not yield to a block when the block is passed and authenticated" do + app = lambda do |e| + e['warden'].unauthenticated? do + $captures << :in_the_block + end + end + setup_rack(app).call(@env) + $captures.should == [] + end + + it "should not yield to the block for a user in a different scope" do + @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'} + app = lambda do |e| + e['warden'].unauthenticated?(:foo) do + $captures << :in_the_foo_block + end + end + setup_rack(app).call(@env) + $captures.should == [] + end + end + + describe "positive unauthentication" do + before do + @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'} + $captures = [] + end + + it "should return false when unauthenticated in the session" do + app = lambda do |e| + e['warden'].should be_unauthenticated + end + result = setup_rack(app).call(@env) + end + + it "should yield to a block when the block is passed and authenticated" do + app = lambda do |e| + e['warden'].unauthenticated? do + $captures << :in_the_block + end + end + setup_rack(app).call(@env) + $captures.should == [:in_the_block] + end + + it "should yield for a user in a different scope" do + app = lambda do |e| + e['warden'].unauthenticated?(:bar) do + $captures << :in_the_bar_block + end + end + setup_rack(app).call(@env) + $captures.should == [:in_the_bar_block] + end + end + end + end end spec/warden/proxy_spec.rb @@ -1,15 +1,15 @@ # Generated by jeweler -# DO NOT EDIT THIS FILE -# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec` +# DO NOT EDIT THIS FILE DIRECTLY +# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command # -*- encoding: utf-8 -*- Gem::Specification.new do |s| s.name = %q{warden} - s.version = "0.4.0" + s.version = "0.5.1" s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version= s.authors = ["Daniel Neighman"] - s.date = %q{2009-10-12} + s.date = %q{2009-10-24} s.email = %q{has.sox@gmail.com} s.extra_rdoc_files = [ "LICENSE", @@ -17,6 +17,7 @@ Gem::Specification.new do |s| ] s.files = [ ".gitignore", + "History.rdoc", "LICENSE", "README.textile", "Rakefile", @@ -30,6 +31,7 @@ Gem::Specification.new do |s| "lib/warden/manager.rb", "lib/warden/mixins/common.rb", "lib/warden/proxy.rb", + "lib/warden/version.rb", "script/destroy", "script/generate", "spec/helpers/request_helper.rb", @@ -86,3 +88,4 @@ Gem::Specification.new do |s| s.add_dependency(%q<rack>, [">= 1.0.0"]) end end + warden.gemspec 196c8592849d317af980f14a39ab4525b7adf210 da8b539e1ba5d5925d22f6ef8b3cd9e25e252f1e Carlos A. da Silva carlosantoniodasilva@gmail.com http://github.com/carlosantoniodasilva/warden/commit/08cd94bbaa67a8d495c9d417d3bb206f76615f8b 08cd94bbaa67a8d495c9d417d3bb206f76615f8b 2009-10-25T12:31:32-07:00 2009-10-25T12:31:32-07:00 Merge branch 'master' of git://github.com/hassox/warden 1dfa59be7a0b27e077bc5d2e2867363467c0cf6d Carlos A. da Silva carlosantoniodasilva@gmail.com