Skip to content

Loading…

Strategies for a single request #12

Closed
wants to merge 1 commit into from

2 participants

@sirlantis

I found it odd that Devise's Token TokenAuthenticatable granted a permanent login - I expected it that it would authorize a single request only, not performing a permanent login. When I tried to create my own strategy I noticed that Warden had a set_user(user, :store => false) method, but there was no way to set the :store option from within a strategy.

I added a store? method to the base strategy (default: true) which you can let return false when implementing your own strategy to prevent saving to the session. Providing a :store option to set_user will always take precedence over store?.

@hassox
Owner

Applied :D Thanks

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 9, 2010
  1. @sirlantis
Showing with 32 additions and 0 deletions.
  1. +1 −0 lib/warden/proxy.rb
  2. +6 −0 lib/warden/strategies/base.rb
  3. +12 −0 spec/helpers/strategies/single.rb
  4. +13 −0 spec/warden/proxy_spec.rb
View
1 lib/warden/proxy.rb
@@ -264,6 +264,7 @@ def _perform_authentication(*args)
_run_strategies_for(scope, args)
if winning_strategy && winning_strategy.user
+ opts[:store] = opts.fetch(:store, winning_strategy.store?)
set_user(winning_strategy.user, opts.merge!(:event => :authentication))
end
View
6 lib/warden/strategies/base.rb
@@ -98,6 +98,12 @@ def halted?
!!@halted
end
+ # Checks to see if a strategy should result in a permanent login
+ # :api: public
+ def store?
+ true
+ end
+
# A simple method to return from authenticate! if you want to ignore this strategy
# :api: public
def pass; end
View
12 spec/helpers/strategies/single.rb
@@ -0,0 +1,12 @@
+# encoding: utf-8
+Warden::Strategies.add(:single) do
+ def authenticate!
+ request.env['warden.spec.strategies'] ||= []
+ request.env['warden.spec.strategies'] << :single
+ success!("Valid User")
+ end
+
+ def store?
+ false
+ end
+end
View
13 spec/warden/proxy_spec.rb
@@ -269,6 +269,19 @@
setup_rack(app).call(env)
end
+ it "should not store user if strategy isn't meant for permanent login" do
+ env = env_with_params("/")
+ session = Warden::SessionSerializer.new(env)
+ app = lambda do |env|
+ env['warden'].authenticate(:single)
+ env['warden'].should be_authenticated
+ env['warden'].user.should == "Valid User"
+ session.should_not be_stored(:default)
+ valid_response
+ end
+ setup_rack(app).call(env)
+ end
+
end
describe "set user" do
Something went wrong with that request. Please try again.