Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

now it's possibe to override session class

  • Loading branch information...
commit 4b6c89bc6bfa6739831829612543532923e1dd21 1 parent 3962f7c
@GBH authored
Showing with 70 additions and 23 deletions.
  1. +3 −0  .travis.yml
  2. +18 −2 README.md
  3. +19 −19 lib/letmein.rb
  4. +30 −2 test/letmein_test.rb
View
3  .travis.yml
@@ -0,0 +1,3 @@
+rvm:
+ - 1.8.7
+ - 1.9.2
View
20 README.md
@@ -14,7 +14,7 @@ If you want to authenticate *User* with database fields *email*, *password_hash*
LetMeIn.configure do |conf|
conf.model = 'Account'
- conf.identifier = 'username'
+ conf.attribute = 'username'
conf.password = 'password_crypt'
conf.salt = 'salty_salt
end
@@ -75,11 +75,27 @@ Yes, you can do that too. Let's assume you also want to authenticate admins that
LetMeIn.configure do |conf|
conf.models = ['User', 'Admin']
- conf.identifier = ['email', 'username']
+ conf.attributes = ['email', 'username']
end
Bam! You're done. Now you have an AdminSession object that will use *username* and *password* to authenticate.
+Overriding Session Authentication
+=================================
+By default user will be logged in if provided email and password match. If you need to add a bit more logic to that you'll need to create your own session object. In the following example we do an additional check to see if user is 'approved' before letting him in.
+
+ class MySession < LetMeIn::Session
+ @model, @attribute = 'User', 'email' # need to know what model we're validating
+
+ def authenticate
+ super # need to authenticate with email/password first
+ if user && user.is_approved?
+ # adding a validation error will prevent login
+ errors.add :base, 'You are not approved yet'
+ end
+ end
+ end
+
Copyright
=========
(c) 2011 Oleg Khabarov, released under the MIT license
View
38 lib/letmein.rb
@@ -53,7 +53,7 @@ class << self
validate :authenticate
def initialize(params = { })
- self.class.model ||= self.class.to_s.gsub('Session', '')
+ self.class.model ||= self.class.to_s.gsub('Session', '') || LetMeIn.config.models.first
self.class.attribute ||= LetMeIn.accessor(:attribute, LetMeIn.config.models.index(self.class.model))
self.login = params[:login] || params[self.class.attribute.to_sym]
self.password = params[:password]
@@ -102,6 +102,24 @@ def to_key
end
end
+ module Model
+ def self.included(base)
+ base.instance_eval do
+ attr_accessor :password
+ before_save :encrypt_password
+
+ define_method :encrypt_password do
+ if password.present?
+ p = LetMeIn.accessor(:password, LetMeIn.config.models.index(self.class.to_s))
+ s = LetMeIn.accessor(:salt, LetMeIn.config.models.index(self.class.to_s))
+ self.send("#{s}=", BCrypt::Engine.generate_salt)
+ self.send("#{p}=", BCrypt::Engine.hash_secret(password, self.send(s)))
+ end
+ end
+ end
+ end
+ end
+
def self.config
@config ||= Config.new
end
@@ -122,22 +140,4 @@ def self.accessor(name, index = 0)
Object.const_set("#{model.to_s.camelize}Session", Class.new(LetMeIn::Session))
end
end
-
- module Model
- def self.included(base)
- base.instance_eval do
- attr_accessor :password
- before_save :encrypt_password
-
- define_method :encrypt_password do
- if password.present?
- p = LetMeIn.accessor(:password, LetMeIn.config.models.index(self.class.to_s))
- s = LetMeIn.accessor(:salt, LetMeIn.config.models.index(self.class.to_s))
- self.send("#{s}=", BCrypt::Engine.generate_salt)
- self.send("#{p}=", BCrypt::Engine.hash_secret(password, self.send(s)))
- end
- end
- end
- end
- end
end
View
32 test/letmein_test.rb
@@ -10,8 +10,19 @@
class User < ActiveRecord::Base ; end
class Admin < ActiveRecord::Base ; end
-class MySession < LetMeIn::Session
- # ...
+class OpenSession < LetMeIn::Session
+ @model, @attribute = 'User', 'email'
+ def authenticate
+ super
+ end
+end
+
+class ClosedSession < LetMeIn::Session
+ @model, @attribute = 'User', 'email'
+ def authenticate
+ super
+ errors.add :base, "You shall not pass #{user.email}"
+ end
end
class LetMeInTest < Test::Unit::TestCase
@@ -181,4 +192,21 @@ def test_session_authentication_on_blank_object
end
assert_equal nil, session.object
end
+
+ def test_custom_open_session
+ user = User.create!(:email => 'test@test.test', :password => 'pass')
+ session = OpenSession.new(:email => 'test@test.test', :password => 'bad_pass')
+ assert session.invalid?
+ assert_equal 'Failed to authenticate', session.errors[:base].first
+ session = OpenSession.new(:email => 'test@test.test', :password => 'pass')
+ assert session.valid?
+ assert_equal user, session.user
+ end
+
+ def test_custom_closed_session
+ user = User.create!(:email => 'test@test.test', :password => 'pass')
+ session = ClosedSession.new(:email => 'test@test.test', :password => 'pass')
+ assert session.invalid?
+ assert_equal 'You shall not pass test@test.test', session.errors[:base].first
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.