Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Changes for Rails 3.2 and Clearance 0.16 #1

Open
wants to merge 5 commits into from

4 participants

@jgarth

Hey karmi,

I took the liberty to make some changes to get this much appreciated middleware to work with Rails 3.2 and the newest clearance gem. I removed the current_user override, as it is no longer necessary and made the middleware use clearance_session.sign_in instead of manipulating env directly. Also, the targeting_api? call will take any HTTP Accept-header into consideration, so unauthorized API calls made with just this header will still return 401 instead of redirecting to a sign in page.

I've also taken the liberty to update the FactoryGirl syntax used in tests and made sure the tests pass again.

If you're satisfied with the changes, feel free to pull them in.

@jwarchol

Really hoping this pull gets accepted soon :+1:

@jhny

@jgarth Is this code still relevant for the 1.0.0-rc version of clearance?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 6, 2012
  1. @jgarth

    Removed current_user override. Uses clearance_session.sign_in instead…

    jgarth authored
    … of manipulating env directly.
  2. @jgarth
Commits on Jun 11, 2012
  1. @jgarth
Commits on Jul 10, 2012
  1. @jtreitz
  2. @jgarth

    Merge pull request #1 from jtreitz/patch-1

    jgarth authored
    Bypass authorization if no credentials were given
This page is out of date. Refresh to see the latest.
View
2  Gemfile
@@ -12,6 +12,6 @@ group :test do
gem "shoulda"
gem "factory_girl"
gem "capybara", ">= 0.4.0"
- gem "rails", "~> 3.0.7"
+ gem "rails", "~> 3.2.5"
gem "sqlite3-ruby", :require => "sqlite3"
end
View
4 clearance_http_auth.gemspec
@@ -23,10 +23,10 @@ Gem::Specification.new do |s|
s.required_rubygems_version = ">= 1.3.6"
- s.add_dependency "clearance", "> 0.11"
+ s.add_dependency "clearance", "> 0.16"
s.add_dependency "rack", "> 1.2"
- s.add_development_dependency "bundler", "~> 1.0.0"
+ s.add_development_dependency "bundler", "~> 1.1.0"
s.description = <<-DESC
Simple, instant HTTP Basic Authentication for applications using Clearance.
View
2  lib/clearance_http_auth.rb
@@ -1,6 +1,5 @@
require 'clearance_http_auth/configuration'
require 'clearance_http_auth/middleware'
-require 'clearance_http_auth/current_user_override'
require 'clearance_http_auth/engine'
module Clearance
@@ -14,7 +13,6 @@ module Clearance
#
module HttpAuth
def self.included(controller)
- controller.send :include, CurrentUserOverride
controller.use Middleware
end
end
View
20 lib/clearance_http_auth/current_user_override.rb
@@ -1,20 +0,0 @@
-module Clearance
- module HttpAuth
-
- # This module redefines default Clearance's +current_user+
- # helper method functionality to look first in +env+
- # passed from the middleware stack.
- #
- module CurrentUserOverride
-
- # Returns user authenticated from HTTP Auth or cookie
- #
- # @return [User, nil]
- def current_user
- (env['clearance.current_user'] rescue nil) || (@_current_user ||= user_from_cookie)
- end
- end
-
- end
-
-end
View
16 lib/clearance_http_auth/middleware.rb
@@ -16,9 +16,9 @@ def initialize(app)
# if the incoming request is targeting the API.
#
def call(env)
- if targeting_api?(env)
+ if targeting_api?(env) and env['HTTP_AUTHORIZATION']
@app = Rack::Auth::Basic.new(@app) do |username, password|
- env['clearance.current_user'] = ::User.authenticate(username, password)
+ env[:clearance].sign_in ::User.authenticate(username, password)
end
end
@app.call(env)
@@ -27,9 +27,15 @@ def call(env)
private
def targeting_api?(env)
- return false unless env['action_dispatch.request.path_parameters']
- format = env['action_dispatch.request.path_parameters'][:format]
- format && Configuration.api_formats.include?(format)
+ if env['action_dispatch.request.path_parameters']
+ format = env['action_dispatch.request.path_parameters'][:format]
+ return true if format && Configuration.api_formats.include?(format)
+ end
+
+ # Some API clients will only set an Accept: header, so we can try to match
+ # defined formats within this header.
+ format_regexp = Regexp.union(Configuration.api_formats.collect{|format| "application/#{format}"})
+ return true if !!(env['HTTP_ACCEPT'] =~ format_regexp)
end
end
View
22 test/dummy/test/factories/clearance.rb
@@ -1,12 +1,14 @@
-Factory.sequence :email do |n|
- "user#{n}@example.com"
-end
+FactoryGirl.define do
+ sequence :email do
+ "user#{n}@example.com"
+ end
-Factory.define :user do |user|
- user.email { Factory.next :email }
- user.password { "password" }
-end
+ factory :user do
+ email { Factory.next :email }
+ password { "password" }
+ end
-Factory.define :email_confirmed_user, :parent => :user do |user|
- user.email_confirmed { true }
-end
+ factory :email_confirmed_user, :parent => :user do
+ email_confirmed { true }
+ end
+end
View
7 test/integration/api_test.rb
@@ -10,7 +10,7 @@ def app
end
def setup
- Factory.create(:email_confirmed_user,
+ FactoryGirl.create(:email_confirmed_user,
:email => 'test@example.com',
:password => 'password')
end
@@ -57,6 +57,11 @@ def setup
assert_match /Sign in/, last_response.body
end
+ should "invoke HTTP authorization when detecting a configured API format in Accept header" do
+ header "Accept", "application/json"
+ get '/entrances'
+ assert_equal 401, last_response.status
+ end
end
end
View
2  test/integration/navigation_test.rb
@@ -4,7 +4,7 @@
class NavigationTest < ActiveSupport::IntegrationCase
setup do
- Factory.create(:email_confirmed_user,
+ FactoryGirl.create(:email_confirmed_user,
:email => 'test@example.com',
:password => 'password')
end
View
2  test/support/integration_case.rb
@@ -1,5 +1,5 @@
# Define a bare test case to use with Capybara
class ActiveSupport::IntegrationCase < ActiveSupport::TestCase
- include Capybara
+ include Capybara::DSL
include Rails.application.routes.url_helpers
end
Something went wrong with that request. Please try again.