merb-auth/merb-auth-core/lib/merb-auth-core/responses.rb @@ -6,7 +6,7 @@ require 'merb-auth-core/authentication' require 'merb-auth-core/strategy' require 'merb-auth-core/session_mixin' require 'merb-auth-core/errors' -require 'merb-auth-core/redirection' +require 'merb-auth-core/responses' require 'merb-auth-core/authenticated_helper' require 'merb-auth-core/customizations' require 'merb-auth-core/bootloader' merb-auth/merb-auth-core/lib/merb-auth-core.rb @@ -31,9 +31,9 @@ module Merb def ensure_authenticated(*strategies) session.authenticate!(request, *strategies) unless session.user auth = session.authentication - if auth.redirected? - redirect auth.redirect_url - self.status = auth.redirect_status + if auth.halted? + self.headers.merge!(auth.headers) + self.status = auth.status throw :halt end session.user merb-auth/merb-auth-core/lib/merb-auth-core/authenticated_helper.rb @@ -77,15 +77,17 @@ module Merb unless s.abstract? strategy = s.new(request) user = strategy.run! - if strategy.redirected? - redirect!(strategy.redirect_url, strategy.redirect_options) + if strategy.halted? + self.headers = strategy.headers + self.status = strategy.status + halt! return end user end end raise Merb::Controller::Unauthenticated, msg unless user - session.user = user + self.user = user end # "Logs Out" a user from the session. Also clears out all session data merb-auth/merb-auth-core/lib/merb-auth-core/authentication.rb @@ -132,25 +132,35 @@ module Merb # +:permanent+ Set this to true to make the redirect permanent # +:status+ Set this to an integer for the status to return def redirect!(url, opts = {}) - @redirect_url = url - @redirect_opts = opts + self.headers["Location"] = url + self.status = opts[:permanent] ? 301 : 302 + self.status = opts[:status] if opts[:status] + halt! return true end # Returns ture if the strategy redirected def redirected? - !!@redirect_url + !!headers["Location"] end + + # Provides a place to put the status of the response + attr_accessor :status - # Returns the redirect_url if it's ben set - def redirect_url - @redirect_url + # Provides a place to put headers + def headers + @headers ||={} end - - # Returns the redirect options set in the strategy - # or a blank hash - def redirect_options - @redirect_opts ||= {} + + # Mark this strategy as complete for this request. Will cause that no other + # strategies will be executed. + def halt! + @halt = true + end + + # Checks to see if this strategy has been halted + def halted? + !!@halt end # This is the method that is called as the test for authentication and is where merb-auth/merb-auth-core/lib/merb-auth-core/strategy.rb @@ -7,11 +7,23 @@ describe "Merb::AuthenticationHelper" do end before(:each) do + clear_strategies! @controller = ControllerMock.new(fake_request) @request = @controller.request @session = @controller.session - @controller.stub!(:session).and_return(@session) - @session.stub!(:user).and_return("WINNA") + @session.user = "WINNA" + Viking.captures.clear + + class Kone < Merb::Authentication::Strategy + def run! + puts params.inspect + Viking.capture(self.class) + params[self.class.name] + end + end + + class Ktwo < Kone; end + end it "should not raise and Unauthenticated error" do @@ -37,19 +49,10 @@ describe "Merb::AuthenticationHelper" do it "should accept and execute the provided strategies" do # This allows using a before filter with specific arguments # before :ensure_authenticated, :with => [Authenticaiton::OAuth, Merb::Authentication::BasicAuth] - M1 = mock("m1") - M2 = mock("m2") - M1.stub!(:new).and_return(M1) - M2.stub!(:new).and_return(M2) - M1.should_receive(:abstract?).and_return(false) - M2.should_receive(:abstract?).and_return(false) - M1.should_receive(:run!).ordered.and_return(false) - M2.should_receive(:run!).ordered.and_return("WINNA") - M1.should_receive(:redirected?).and_return false - M2.should_receive(:redirected?).and_return false controller = ControllerMock.new(fake_request) - controller.session.should_receive(:user).and_return(nil, "WINNA") - controller.send(:ensure_authenticated, [M1, M2]) + controller.request.params["Ktwo"] = true + controller.send(:ensure_authenticated, Kone, Ktwo) + Viking.captures.should == %w( Kone Ktwo ) end describe "redirection" do merb-auth/merb-auth-core/spec/helpers/authentication_helper_spec.rb @@ -159,62 +159,49 @@ describe "Merb::Authentication Session" do before(:each) do class Sone < Merb::Authentication::Strategy def run! + Viking.capture(Sone) + params[:pass_1] end end class Stwo < Merb::Authentication::Strategy def run! + Viking.capture(Stwo) + params[:pass_2] end end class Sthree < Merb::Authentication::Strategy def run! - "WINNA" + Viking.capture(Sthree) + params[:pass_3] end end class Sfour < Merb::Authentication::Strategy abstract! def run! - "BAD" + "BAD MAN" end end Sfour.should_not_receive(:run!) @request = Users.new(fake_request) @auth = Merb::Authentication.new(@request.session) - Merb::Authentication.stub!(:new).and_return(@auth) + Viking.captures.clear end it "should execute the strategies in the default order" do - s1 = mock("s1") - s2 = mock("s2") - Sone.should_receive(:new).with(@request).and_return(s1) - Stwo.should_receive(:new).with(@request).and_return(s2) - s1.should_receive(:run!).ordered.and_return(nil) - s2.should_receive(:run!).ordered.and_return("WIN") - s1.should_receive(:redirected?).and_return false - s2.should_receive(:redirected?).and_return false + @request.params[:pass_3] = true @auth.authenticate!(@request) + Viking.captures.should == %w( Sone Stwo Sthree ) end it "should run the strategeis until if finds a non nil non false" do - s1 = mock("s1") - s2 = mock("s2") - s3 = mock("s3") - Sone.should_receive(:new).with(@request).and_return(s1) - Stwo.should_receive(:new).with(@request).and_return(s2) - Sthree.should_receive(:new).with(@request).and_return(s3) - s1.should_receive(:run!).ordered.and_return(nil) - s2.should_receive(:run!).ordered.and_return(false) - s3.should_receive(:run!).ordered.and_return("WIN") - [s1,s2,s3].each{|s| s.should_receive(:redirected?).and_return(false)} + @request.params[:pass_2] = true @auth.authenticate!(@request) + Viking.captures.should == %w( Sone Stwo ) end it "should raise an Unauthenticated exception if no 'user' is found" do - s3 = mock("s3") - Sthree.stub!(:new).and_return(s3) - s3.should_receive(:run!).and_return(nil) - s3.should_receive(:redirected?).and_return(false) lambda do @auth.authenticate!(@request) end.should raise_error(Merb::Controller::Unauthenticated) @@ -222,32 +209,21 @@ describe "Merb::Authentication Session" do it "should store the user into the session if one is found" do @auth.should_receive(:user=).with("WINNA") + @request.params[:pass_1] = "WINNA" @auth.authenticate!(@request) end it "should use the Authentiation#error_message as the error message" do @auth.should_receive(:error_message).and_return("BAD BAD BAD") - s3 = mock("s3", :null_object => true) - s3.stub!(:run!).and_return(false) - s3.stub!(:redirected?).and_return(false) - Sthree.stub!(:new).and_return(s3) lambda do @auth.authenticate!(@request) end.should raise_error(Merb::Controller::Unauthenticated, "BAD BAD BAD") end it "should execute the strategies as passed into the authenticate! method" do - m1 = mock("strategy 1") - m2 = mock("strategy 2") - m1.stub!(:abstract?).and_return(false) - m2.stub!(:abstract?).and_return(false) - m1.should_receive(:new).and_return(m1) - m2.should_receive(:new).and_return(m2) - m2.should_receive(:run!).ordered - m1.should_receive(:run!).ordered.and_return("WINNA") - m1.stub!(:redirected?).and_return(false) - m2.stub!(:redirected?).and_return(false) - @auth.authenticate!(@request, m2, m1) + @request.params[:pass_1] = true + @auth.authenticate!(@request, Stwo, Sone) + Viking.captures.should == ["Stwo", "Sone"] end end @@ -298,22 +274,21 @@ describe "Merb::Authentication Session" do it "should answer redirected true if the strategy did redirect" do @request.params[:url] = "/some/url" @a.authenticate! @request - @a.should be_redirected + @a.halted? end - it "should provide access to the redirect_url" do + it "should provide access to the Headers" do @request.params[:url] = "/some/url" @a.authenticate! @request - @a.should be_redirected - @a.redirect_url.should == "/some/url" + @a.headers.should == {"Location" => "/some/url"} end - it "should provide access to the redirect_options" do + it "should provide access to the status" do @request.params[:url] = "/some/url" @request.params[:status] = 401 @a.authenticate! @request - @a.should be_redirected - @a.redirect_options.should == {:status => 401} + @a.should be_halted + @a.status.should == 401 end it "should stop processing the strategies if one redirects" do @@ -321,9 +296,11 @@ describe "Merb::Authentication Session" do lambda do @a.authenticate! @request, MyStrategy, FailStrategy end.should_not raise_error(Merb::Controller::NotFound) - @a.should be_redirected + @a.should be_halted @request.params[:should_not_be_here].should be_nil end end + + end \ No newline at end of file merb-auth/merb-auth-core/spec/merb-auth-core/authentication_spec.rb @@ -195,27 +195,33 @@ describe "Merb::Authentication::Strategy" do it "allow for a redirect!" do @s.redirect!("/somewhere") - @s.redirect_url.should == "/somewhere" + @s.headers["Location"].should == "/somewhere" end - it "should set redirect_options as an empty hash" do - @s.redirect!("/somewhere") - @s.redirect_options.should == {} + it "should provide access to setting the headers" do + @s.headers["Location"] = "/a/url" + @s.headers["Location"].should == "/a/url" + end + + it "should allow access to the setting header" do + @s.status = 403 + @s.status.should == 403 end - it "should return nil for the redirect_url if it is not redirected" do + it "should return nil for the Location if it is not redirected" do @s.should_not be_redirected - @s.redirect_url.should be_nil + @s.headers["Location"].should be_nil end it "should pass through the options to the redirect options" do @s.redirect!("/somewhere", :status => 401) - @s.redirect_options.should == {:status => 401} + @s.headers["Location"].should == "/somewhere" + @s.status.should == 401 end it "should set a redirect with a permanent true" do @s.redirect!("/somewhere", :permanent => true) - @s.redirect_options.should == {:permanent => true} + @s.status.should == 301 end it "should be redirected?" do @@ -224,6 +230,17 @@ describe "Merb::Authentication::Strategy" do @s.should be_redirected end + it "should set the strategy to halted" do + @s.redirect!("/somewhere") + @s.should be_halted + end + + it "should halt a strategy" do + @s.should_not be_halted + @s.halt! + @s.should be_halted + end + end describe "register strategies" do merb-auth/merb-auth-core/spec/merb-auth-core/strategy_spec.rb @@ -80,3 +80,14 @@ class Merb::Authentication end Merb::Authentication.user_class = User + +class Viking + def self.captures + @captures ||= [] + end + + def self.capture(klass) + @captures ||= [] + @captures << klass.name + end +end merb-auth/merb-auth-core/spec/spec_helper.rb merb-auth/merb-auth-core/lib/merb-auth-core/redirection.rb 6c8c60d4798fc75f3429a81bb32b637bfafaf19d Daniel Neighman has.sox@gmail.com http://github.com/wycats/merb-more/commit/c098537a2179f4bbcad4305fd71fee0fde0d0fd9 c098537a2179f4bbcad4305fd71fee0fde0d0fd9 2008-10-10T04:16:37-07:00 2008-10-10T04:16:37-07:00 Adds capacity to set headers and status in the strategies. throw(:halt should not be used in strategies :) Win! b40326ebf54c253e9fb39ff5289dfc707bd940d7 Daniel Neighman has.sox@gmail.com