Yay! Only public projects are shown by default - you need to login to…

… see the others. Added a login link (that only triggers HTTP auth) [integrity#11 state:resolved]

lib/integrity/ui/web.rb

@@ -4,6 +4,8 @@
 set :public, Integrity.root / "lib/integrity/ui/web/public"
 set :views,  Integrity.root / "lib/integrity/ui/web/views"
 
+enable :sessions
+
 include Integrity
 
 configure do
@@ -15,11 +17,24 @@
   show :not_found, :title => "lost, are we?"
 end
 
+before do
+  # The browser only sends http auth data for requests that are explicitly
+  # required to do so. This way we get the real values of +#logged_in?+ and
+  # +#current_user+
+  login_required if session[:user]
+end
+
 get "/" do
-  @projects = Project.all
+  @projects = Project.all(logged_in? ? {} : { :public => true })
   show :home, :title => "projects"
 end
 
+get "/login" do
+  login_required
+  session[:user] = current_user
+  redirect "/"
+end
+
 get "/new" do
   login_required
 
@@ -39,6 +54,7 @@
 end
 
 get "/:project" do
+  login_required unless current_project.public?
   show :project, :title => ["projects", current_project.permalink]
 end
 
@@ -73,6 +89,8 @@
 end
 
 get '/:project/builds/:build' do
+  login_required unless current_project.public?
+
   @build = current_project.builds.first(:commit_identifier => params[:build])
   raise Sinatra::NotFound unless @build
   show :build, :title => 'Some build'
@@ -101,6 +119,11 @@ def authorize(user, password)
       Integrity.config[:admin_password] == password
   end
 
+  def unauthorized!(realm=authorization_realm)
+    header 'WWW-Authenticate' => %(Basic realm="#{realm}")
+    throw :halt, [401, show(:unauthorized, :title => "incorrect credentials")]
+  end
+
   def current_project
     @project ||= Project.first(:permalink => params[:project]) or raise Sinatra::NotFound
   end

lib/integrity/ui/web/views/integrity.sass

@@ -271,4 +271,4 @@ a
   :font-size .8em
   :width 50em !important
   :color #666
-  :text-align center
+  :text-align right

lib/integrity/ui/web/views/layout.haml

@@ -14,3 +14,10 @@
         checked with
         %a{ :href => "http://integrityapp.com", :title => "The fun continuous integration server" } integrity
     #content= yield
+    #footer
+      - if logged_in?
+        &== Oh, hello #{current_user}
+      - else
+        Hey there!
+        %a{ :href => "/login" } Log In
+        if you have a user

lib/integrity/ui/web/views/unauthorized.haml

@@ -0,0 +1,38 @@
+.error
+  %h1 
+    So... you don't know the password? Hmm... You can
+    %a{ :href => "/login" } try again
+    or 
+    = succeed "." do
+      %a{ :href => "/", :rel => "home" } go back
+
+  %dl
+    %dt Er... So... I'm trying to login without a password...
+    %dd 
+      Hey pal, sorry, but I can't let in no one that isn't
+      = succeed "." do
+        %strong on the list
+      I could lose my job you know? You'll have to come up with 
+      a valid password :-(
+
+    %dt What can I do?
+    %dd
+      This just means that you can't access some part of this Integrity 
+      server, but that shouldn't let you out of some of the 
+      %a{ :href => "/" } awesome projects
+      hosted here. If this was just a misunderstanding and you
+      %strong do
+      have a password, then
+      = succeed "." do
+        %a{ :href => "/login" } click here to try again
+
+    %dt
+      So what the hell is
+      = succeed "?" do
+        %strong Integrity
+    %dd
+      Integrity is your friendly
+      %a{ :href => "http://en.wikipedia.org/wiki/Continuous_integration" } Continuous Integration
+      server. If you want to know more about us, check our website at
+      = succeed "." do
+        %a{ :href => "http://integrityapp.com" } integrityapp.com

spec/ui/web_spec.rb

@@ -43,8 +43,7 @@ def mock_build(messages={})
   end
 
   def provide_valid_credentials!
-    credential = stub("totally insecure, but testable", :== => true)
-    Integrity.stub!(:config).and_return(:admin_username => credential, :admin_password => credential)
+    Integrity.stub!(:config).and_return(:admin_username => "user", :admin_password => "pass", :hash_admin_password => false)
     auth = stub("auth", :provided? => true, :basic? => true, :username => "user", :credentials => ["user", "pass"])
     Rack::Auth::Basic::Request.stub!(:new).and_return(auth)
   end
@@ -95,11 +94,17 @@ def provide_valid_credentials!
         status.should == 200
       end
 
-      it "should load the projects from the db" do
-        Project.should_receive(:all).and_return([@project_1, @project_2])
+      it "should load the public projects from the db" do
+        Project.should_receive(:all).with(:public => true).and_return([@project_1, @project_2])
         get_it "/"
       end
 
+      it "should load *all* the projects from the db *if the user has authenticated*" do
+        Project.should_receive(:all).with({}).and_return([@project_1, @project_2])
+        provide_valid_credentials!
+        get_it "/", :env => { "REMOTE_USER" => "username" }
+      end
+
       it "should show a list of the projects" do
         get_it "/"
         body.should have_tag("ul#projects") do |projects|
@@ -114,6 +119,25 @@ def provide_valid_credentials!
     end
   end
 
+  describe "GET /login" do
+    it "should require authentication" do
+      get_it "/login"
+      status.should == 401
+    end
+
+    it "should redirect to '/' on successful auth" do
+      provide_valid_credentials!
+      get_it "/login"
+      location.should == "/"
+    end
+
+    it "should store the username on the session" do
+      pending "how do I test the session?!"
+      provide_valid_credentials!
+      get_it "/login"
+    end
+  end
+
   describe "GET /new" do
     it "should render successfully" do
       provide_valid_credentials!