Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix handling of optional map argument to `authorize`, fixes gh-46

  • Loading branch information...
commit b526dd47c1d51f8fb57ee7572c51fc5a5ba35063 1 parent c481561
@cemerick authored
View
18 src/cemerick/friend.clj
@@ -263,16 +263,22 @@ Equivalent to (complement current-authentication)."}
middleware.
The exception that causes this change in control flow carries a map of
- data describing the authorization failure; you can optionally provide
- an auxillary map that is merged to it as the first form of the body
- of code wrapped by `authorize`.
+ data describing the authorization failure (see `throw-unauthorized`).
+ You can optionally provide an auxillary map that is merged to it as the
+ first form of the body of code wrapped by `authorize`, e.g.:
+
+ (authorize #{::user :some.ns/admin}
+ {:op-name \"descriptive name for secured operation\"}
+
Note that this macro depends upon the *identity* var being bound to the
current user's authentications. This will work fine in e.g. agent sends
and futures and such, but will fall down in places where binding conveyance
- don't apply (e.g. lazy sequences, direct java.lang.Thread usages, etc)."
- [roles & body]
- (let [[unauthorized-info & body] (if (map? (first body)) body (cons nil body))]
+ doesn't apply (e.g. lazy sequences, direct java.lang.Thread usages, etc)."
+ [roles & [authz-failure-map? & body]]
+ (let [[unauthorized-info body] (if (and (seq body) (map? authz-failure-map?))
+ [authz-failure-map? body]
+ [nil (cons authz-failure-map? body)])]
`(let [roles# ~roles]
(if (authorized? roles# *identity*)
(do ~@body)
View
11 test/test_friend/functional.clj
@@ -3,7 +3,8 @@
(:use clojure.test
ring.adapter.jetty
[slingshot.slingshot :only (throw+ try+)]
- [test-friend.mock-app :only (mock-app mock-app-realm users page-bodies)]))
+ [test-friend.mock-app :only (mock-app mock-app-realm users
+ page-bodies missles-fired?)]))
(declare test-port)
@@ -12,6 +13,7 @@
(let [server (ring.adapter.jetty/run-jetty app {:port 0 :join? false})
port (-> server .getConnectors first .getLocalPort)]
(def test-port port) ;; would use with-redefs, but can't test on 1.2
+ (reset! missles-fired? false)
(try
(f)
(finally
@@ -124,10 +126,11 @@
(binding [clj-http.core/*cookie-store* (clj-http.cookies/cookie-store)]
(http/post (url "/login") {:form-params {:username "jane" :password "user_password"}})
(try+
- (http/get (url "/incl-auth-failure-data"))
- (assert false) ; should never get here
+ (http/get (url "/fire-missles"))
+ (is false "should not get here")
(catch [:status 403] resp
- (is (= "403 message thrown with unauthorized stone" (:body resp)))))))
+ (is (= "403 message thrown with unauthorized stone" (:body resp)))))
+ (is (not @missles-fired?))))
(deftest admin-login
(binding [clj-http.core/*cookie-store* (clj-http.cookies/cookie-store)]
View
8 test/test_friend/mock_app.clj
@@ -22,6 +22,8 @@
(def mock-app-realm "mock-app-realm")
+(def missles-fired? (atom false))
+
(defn- json-response
[x]
(-> (json/generate-string x)
@@ -78,9 +80,9 @@
(GET "/admin" request (friend/authorize #{::admin}
(page-bodies (:uri request))))
(GET "/hook-admin" request (admin-hook-authorized-fn request))
- (GET "/incl-auth-failure-data" request (friend/authorize #{::admin}
- {:response-msg "403 message thrown with unauthorized stone"}
- (:uri request)))
+ (GET "/fire-missles" request (friend/authorize #{::admin}
+ {:response-msg "403 message thrown with unauthorized stone"}
+ (reset! missles-fired? "shouldn't happen")))
(GET "/view-openid" request
(str "OpenId authentication? " (-?> request friend/identity friend/current-authentication pr-str)))
Please sign in to comment.
Something went wrong with that request. Please try again.