Skip to content

Commit

Permalink
Store username and password in the session
Browse files Browse the repository at this point in the history
  • Loading branch information
@foca
foca committed May 23, 2009
1 parent af21909 commit d567a10
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 23 deletions.
71 changes: 49 additions & 22 deletions lib/rack/unbasic.rb
View file
Expand Up @@ -13,14 +13,18 @@ def call(env)

clean_session_data

authorize_with_params

response = @app.call(@env)

case response[0].to_i
when 401; handle_unauthorized || response
when 400; handle_bad_request || response
else response
authorize_from_params || authorize_from_session

@response = @app.call(@env)

case response_status
when 401
unauthorized_response
when 400
bad_request_response
else
store_credentials
@response
end
end

Expand All @@ -34,41 +38,64 @@ def bad_request(location)

private

def handle_unauthorized
return nil if @locations["unauthorized"].nil?
def unauthorized_response
return @response if @locations["unauthorized"].nil?
store_location_and_response_code(401)
[302, {"Location" => @locations["unauthorized"]}, []]
end

def handle_bad_request
return nil if @locations["bad_request"].nil?
def bad_request_response
return @response if @locations["bad_request"].nil?
store_location_and_response_code(400)
[302, {"Location" => @locations["bad_request"]}, []]
end

def store_location_and_response_code(code)
@env["rack.session"]["rack-unbasic.return-to"] = @env["PATH_INFO"]
@env["rack.session"]["rack-unbasic.code"] = code
session["rack-unbasic.return-to"] = @env["PATH_INFO"]
session["rack-unbasic.code"] = code
end

def clean_session_data
unless @env["rack.session"].respond_to?("delete")
unless session.respond_to?("delete")
raise "You need to enable sessions for this middleware to work"
end
@env["rack-unbasic.return-to"] = @env["rack.session"].delete("rack-unbasic.return-to")
@env["rack-unbasic.code"] = @env["rack.session"].delete("rack-unbasic.code")
@env["rack-unbasic.return-to"] = session.delete("rack-unbasic.return-to")
@env["rack-unbasic.code"] = session.delete("rack-unbasic.code")
end

def authorize_from_params
return nil if request.params["username"].nil? || request.params["password"].nil?
send_http_authorization(request.params["username"], request.params["password"])
end

def authorize_with_params
return if request.params["username"].nil? || request.params["password"].nil?
return unless @env["HTTP_AUTHORIZATION"].nil?
def authorize_from_session
return nil if session["rack-unbasic.username"].nil? || session["rack-unbasic.password"].nil?
send_http_authorization(session["rack-unbasic.username"], session["rack-unbasic.password"])
end

login = ["#{request.params["username"]}:#{request.params["password"]}"].pack("m*")
@env["HTTP_AUTHORIZATION"] = "Basic #{login}"
def send_http_authorization(username, password)
return nil unless @env["HTTP_AUTHORIZATION"].nil?
@username, @password = username, password
encoded_login = ["#{username}:#{password}"].pack("m*")
@env["HTTP_AUTHORIZATION"] = "Basic #{encoded_login}"
end

def store_credentials
return if @username.nil? || @password.nil?
session["rack-unbasic.username"] = @username
session["rack-unbasic.password"] = @password
end

def response_status
@response[0].to_i
end

def request
@request ||= Rack::Request.new(@env)
end

def session
@env["rack.session"]
end
end
end
13 changes: 12 additions & 1 deletion test/test_unbasic.rb
View file
Expand Up @@ -77,9 +77,20 @@ def app
context "Passing the credentials as parameters" do
test "should work as if using HTTP Basic" do
get "/foobar", :username => "johndoe", :password => "secret"
assert_equal 200, last_response.status
assert last_response.ok?
assert_equal "Hi there", last_response.body
end

test "should work for subsequent requests" do
get "/foobar", :username => "johndoe", :password => "secret"
assert last_response.ok?

get "/baz"
assert last_response.ok?

get "/quux"
assert last_response.ok?
end
end

context "When unbasic isn't set to handle 401 or 400 responses" do
Expand Down

0 comments on commit d567a10

Please sign in to comment.