Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #202 from malclocke/master

Allow use of authenticate_or_request_with_http_basic
  • Loading branch information...
commit 0297e1c005c626c1e37bcc1de5f347476c838ed0 2 parents 47ce54d + 1cfe7ef
@binarylogic authored
View
45 lib/authlogic/session/http_auth.rb
@@ -28,6 +28,41 @@ def allow_http_basic_auth(value = nil)
rw_config(:allow_http_basic_auth, value, true)
end
alias_method :allow_http_basic_auth=, :allow_http_basic_auth
+
+ # Whether or not to request HTTP authentication
+ #
+ # If set to true and no HTTP authentication credentials are sent with
+ # the request, the Rails controller method
+ # authenticate_or_request_with_http_basic will be used and a '401
+ # Authorization Required' header will be sent with the response. In
+ # most cases, this will cause the classic HTTP authentication popup to
+ # appear in the users browser.
+ #
+ # If set to false, the Rails controller method
+ # authenticate_with_http_basic is used and no 401 header is sent.
+ #
+ # Note: This parameter has no effect unless allow_http_basic_auth is
+ # true
+ #
+ # * <tt>Default:</tt> false
+ # * <tt>Accepts:</tt> Boolean
+ def request_http_basic_auth(value = nil)
+ rw_config(:request_http_basic_auth, value, false)
+ end
+ alias_method :request_http_basic_auth=, :request_http_basic_auth
+
+ # HTTP authentication realm
+ #
+ # Sets the HTTP authentication realm.
+ #
+ # Note: This option has no effect unless request_http_basic_auth is true
+ #
+ # * <tt>Default:</tt> 'Application'
+ # * <tt>Accepts:</tt> String
+ def http_basic_auth_realm(value = nil)
+ rw_config(:http_basic_auth_realm, value, 'Application')
+ end
+ alias_method :http_basic_auth_realm=, :http_basic_auth_realm
end
# Instance methods for the HTTP basic auth feature of authlogic.
@@ -38,13 +73,19 @@ def persist_by_http_auth?
end
def persist_by_http_auth
- controller.authenticate_with_http_basic do |login, password|
+ login_proc = Proc.new do |login, password|
if !login.blank? && !password.blank?
send("#{login_field}=", login)
send("#{password_field}=", password)
return valid?
end
end
+
+ if self.class.request_http_basic_auth
+ controller.authenticate_or_request_with_http_basic(self.class.http_basic_auth_realm, &login_proc)
+ else
+ controller.authenticate_with_http_basic(&login_proc)
+ end
false
end
@@ -55,4 +96,4 @@ def allow_http_basic_auth?
end
end
end
-end
+end
View
14 lib/authlogic/test_case/mock_controller.rb
@@ -3,7 +3,7 @@ module TestCase
# Basically acts like a controller but doesn't do anything. Authlogic can interact with this, do it's thing and then you
# can look at the controller object to see if anything changed.
class MockController < ControllerAdapters::AbstractAdapter
- attr_accessor :http_user, :http_password
+ attr_accessor :http_user, :http_password, :realm
attr_writer :request_content_type
def initialize
@@ -13,6 +13,12 @@ def authenticate_with_http_basic(&block)
yield http_user, http_password
end
+ def authenticate_or_request_with_http_basic(realm = 'DefaultRealm', &block)
+ self.realm = realm
+ @http_auth_requested = true
+ yield http_user, http_password
+ end
+
def cookies
@cookies ||= MockCookieJar.new
end
@@ -40,6 +46,10 @@ def request_content_type
def session
@session ||= {}
end
+
+ def http_auth_requested?
+ @http_auth_requested ||= false
+ end
end
end
-end
+end
View
32 test/session_test/http_auth_test.rb
@@ -10,19 +10,47 @@ def test_allow_http_basic_auth
UserSession.allow_http_basic_auth true
assert_equal true, UserSession.allow_http_basic_auth
end
+
+ def test_request_http_basic_auth
+ UserSession.request_http_basic_auth = true
+ assert_equal true, UserSession.request_http_basic_auth
+
+ UserSession.request_http_basic_auth = false
+ assert_equal false, UserSession.request_http_basic_auth
+ end
+
+ def test_http_basic_auth_realm
+ assert_equal 'Application', UserSession.http_basic_auth_realm
+
+ UserSession.http_basic_auth_realm = 'TestRealm'
+ assert_equal 'TestRealm', UserSession.http_basic_auth_realm
+ end
end
class InstanceMethodsTest < ActiveSupport::TestCase
def test_persist_persist_by_http_auth
ben = users(:ben)
- http_basic_auth_for { assert !UserSession.find }
+ http_basic_auth_for do
+ assert !UserSession.find
+ end
+ http_basic_auth_for(ben) do
+ assert session = UserSession.find
+ assert_equal ben, session.record
+ assert_equal ben.login, session.login
+ assert_equal "benrocks", session.send(:protected_password)
+ assert !controller.http_auth_requested?
+ end
+ UserSession.request_http_basic_auth = true
+ UserSession.http_basic_auth_realm = 'PersistTestRealm'
http_basic_auth_for(ben) do
assert session = UserSession.find
assert_equal ben, session.record
assert_equal ben.login, session.login
assert_equal "benrocks", session.send(:protected_password)
+ assert_equal 'PersistTestRealm', controller.realm
+ assert controller.http_auth_requested?
end
end
end
end
-end
+end
View
2  test/test_helper.rb
@@ -127,7 +127,7 @@ def http_basic_auth_for(user = nil, &block)
controller.http_password = password_for(user)
end
yield
- controller.http_user = controller.http_password = nil
+ controller.http_user = controller.http_password = controller.realm = nil
end
def set_cookie_for(user, id = nil)
Please sign in to comment.
Something went wrong with that request. Please try again.