Permalink
Browse files

No need to append ?unauthenticated=true in URLs anymore since Flash w…

…as moved to a middleware in Rails 3.
  • Loading branch information...
1 parent 0f7b311 commit 23e608e27bff9659dd874c5a753667623a223072 @josevalim josevalim committed Apr 3, 2010
View
@@ -15,9 +15,8 @@
* Compatibility with Datamapper and Mongoid.
* Make config.devise available on config/application.rb.
* TokenAuthenticatable now works with HTTP Basic Auth.
- * Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or
- none. Setting those values to :none means that you want to handle lock and unlocking by
- yourself.
+ * Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself.
+ * No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3.
* bug fix
* Do not allow unlockable strategies based on time to access a controller.
@@ -4,9 +4,6 @@ class Devise::SessionsController < ApplicationController
# GET /resource/sign_in
def new
- Devise::FLASH_MESSAGES.each do |message|
- set_now_flash_message :alert, message if params[message] == "true"
- end unless flash[:notice]
clean_up_passwords(build_resource)
render_with_scope :new
end
@@ -67,7 +67,7 @@ def sign_out(resource_or_scope)
#
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
- session.delete(:"#{scope}.return_to")
+ session.delete(:"#{scope}_return_to")
end
# The default url to be used after signing in. This is used by all Devise
@@ -90,15 +90,9 @@ def require_no_authentication
#
# Please refer to README or en.yml locale file to check what messages are
# available.
- def set_flash_message(key, kind, now=false)
- flash_hash = now ? flash.now : flash
- flash_hash[key] = I18n.t(:"#{resource_name}.#{kind}", :resource_name => resource_name,
- :scope => [:devise, controller_name.to_sym], :default => kind)
- end
-
- # Shortcut to set flash.now message. Same rules applied from set_flash_message
- def set_now_flash_message(key, kind)
- set_flash_message(key, kind, true)
+ def set_flash_message(key, kind)
+ flash[key] = I18n.t(:"#{resource_name}.#{kind}", :resource_name => resource_name,
+ :scope => [:devise, controller_name.to_sym], :default => kind)
end
def clean_up_passwords(object)
View
@@ -10,6 +10,8 @@ class FailureApp < ActionController::Metal
include ActionController::UrlFor
include ActionController::Redirecting
+ delegate :flash, :to => :request
+
def self.call(env)
action(:respond).call(env)
end
@@ -20,58 +22,53 @@ def self.default_url_options(*args)
def respond
if http_auth?
- self.status = 401
- self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect})
- self.content_type = request.format.to_s
- self.response_body = http_auth_body
- elsif action = warden_options[:recall]
- default_message :invalid
- env["PATH_INFO"] = attempted_path
- params.merge!(query_string_params)
- self.response = recall_controller.action(action).call(env)
+ http_auth
+ elsif warden_options[:recall]
+ recall
else
- scope = warden_options[:scope]
- store_location!(scope)
- redirect_to send(:"new_#{scope}_session_path", query_string_params)
+ redirect
end
end
- protected
-
- def message
- @message ||= warden.message || warden_options[:message] || default_message
+ def http_auth
+ self.status = 401
+ self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect})
+ self.content_type = request.format.to_s
+ self.response_body = http_auth_body
end
- def default_message(message=nil)
- @default_message = message if message
- @default_message ||= :unauthenticated
+ def recall
+ env["PATH_INFO"] = attempted_path
+ flash.now[:alert] = i18n_message(:invalid)
+ self.response = recall_controller.action(warden_options[:recall]).call(env)
end
- def http_auth?
- request.authorization
+ def redirect
+ store_location!
+ flash[:alert] = i18n_message unless flash[:notice]
+ redirect_to send(:"new_#{scope}_session_path")
end
- def http_auth_body
- body = if message.is_a?(Symbol)
- I18n.t "devise.sessions.#{message}", :default => message.to_s
+ protected
+
+ def i18n_message(default = nil)
+ message = warden.message || warden_options[:message] || default || :unauthenticated
+
+ if message.is_a?(Symbol)
+ I18n.t(:"#{scope}.#{message}", :resource_name => scope,
+ :scope => [:devise, :sessions], :default => [message, message.to_s])
else
message.to_s
end
+ end
- method = :"to_#{request.format.to_sym}"
- {}.respond_to?(method) ? { :error => body }.send(method) : body
+ def http_auth?
+ request.authorization
end
- # Build the proper query string based on the given message.
- def query_string_params
- case message
- when Symbol
- { message => "true" }
- when String
- { :message => message }
- else
- {}
- end
+ def http_auth_body
+ method = :"to_#{request.format.to_sym}"
+ {}.respond_to?(method) ? { :error => i18n_message }.send(method) : i18n_message
end
def recall_controller
@@ -86,6 +83,10 @@ def warden_options
env['warden.options']
end
+ def scope
+ @scope ||= warden_options[:scope]
+ end
+
def attempted_path
warden_options[:attempted_path]
end
@@ -94,8 +95,8 @@ def attempted_path
# scoped session provided by warden here, since the user is not authenticated
# yet, but we still need to store the uri based on scope, so different scopes
# would never use the same uri to redirect.
- def store_location!(scope)
- session[:"#{scope}.return_to"] = attempted_path if request && request.get?
+ def store_location!
+ session[:"#{scope}_return_to"] = attempted_path if request && request.get?
end
end
end
@@ -121,20 +121,20 @@ def setup
test 'stored location for returns the location for a given scope' do
assert_nil @controller.stored_location_for(:user)
- @controller.session[:"user.return_to"] = "/foo.bar"
+ @controller.session[:"user_return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'stored location for accepts a resource as argument' do
assert_nil @controller.stored_location_for(:user)
- @controller.session[:"user.return_to"] = "/foo.bar"
+ @controller.session[:"user_return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'stored location cleans information after reading' do
- @controller.session[:"user.return_to"] = "/foo.bar"
+ @controller.session[:"user_return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
- assert_nil @controller.session[:"user.return_to"]
+ assert_nil @controller.session[:"user_return_to"]
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
@@ -152,7 +152,7 @@ def setup
test 'sign in and redirect uses the stored location' do
user = User.new
- @controller.session[:"user.return_to"] = "/foo.bar"
+ @controller.session[:"user_return_to"] = "/foo.bar"
@mock_warden.expects(:user).with(:user).returns(nil)
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.expects(:redirect_to).with("/foo.bar")
View
@@ -16,7 +16,9 @@ def call_failure(env_params={})
'rack.input' => "",
'warden' => OpenStruct.new(:message => nil)
}.merge!(env_params)
- Devise::FailureApp.call(env).to_a
+
+ @response = Devise::FailureApp.call(env).to_a
+ @request = ActionDispatch::Request.new(env)
end
def call_failure_with_http(env_params={})
@@ -26,49 +28,55 @@ def call_failure_with_http(env_params={})
context 'When redirecting' do
test 'return 302 status' do
- assert_equal 302, call_failure.first
+ call_failure
+ assert_equal 302, @response.first
end
test 'return to the default redirect location' do
- assert_equal 'http://test.host/users/sign_in?unauthenticated=true', call_failure.second['Location']
+ call_failure
+ assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+ assert_equal 'http://test.host/users/sign_in', @response.second['Location']
end
test 'uses the proxy failure message as symbol' do
- warden = OpenStruct.new(:message => :test)
- location = call_failure('warden' => warden).second['Location']
- assert_equal 'http://test.host/users/sign_in?test=true', location
+ call_failure('warden' => OpenStruct.new(:message => :test))
+ assert_equal 'test', @request.flash[:alert]
+ assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
end
test 'uses the proxy failure message as string' do
- warden = OpenStruct.new(:message => 'Hello world')
- location = call_failure('warden' => warden).second['Location']
- assert_equal 'http://test.host/users/sign_in?message=Hello+world', location
+ call_failure('warden' => OpenStruct.new(:message => 'Hello world'))
+ assert_equal 'Hello world', @request.flash[:alert]
+ assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
end
test 'set content type to default text/html' do
- assert_equal 'text/html; charset=utf-8', call_failure.second['Content-Type']
+ call_failure
+ assert_equal 'text/html; charset=utf-8', @response.second['Content-Type']
end
test 'setup a default message' do
- assert_match /You are being/, call_failure.last.body
- assert_match /redirected/, call_failure.last.body
- assert_match /\?unauthenticated=true/, call_failure.last.body
+ call_failure
+ assert_match /You are being/, @response.last.body
+ assert_match /redirected/, @response.last.body
+ assert_match /users\/sign_in/, @response.last.body
end
end
context 'For HTTP request' do
test 'return 401 status' do
- assert_equal 401, call_failure_with_http.first
+ call_failure_with_http
+ assert_equal 401, @response.first
end
test 'return WWW-authenticate headers' do
- assert_equal 'Basic realm="Application"', call_failure_with_http.second["WWW-Authenticate"]
+ call_failure_with_http
+ assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
end
test 'uses the proxy failure message as response body' do
- warden = OpenStruct.new(:message => :invalid)
- response = call_failure_with_http('warden' => warden).third
- assert_equal 'Invalid email or password.', response.body
+ call_failure_with_http('warden' => OpenStruct.new(:message => :invalid))
+ assert_equal 'Invalid email or password.', @response.third.body
end
end
@@ -79,9 +87,9 @@ def call_failure_with_http(env_params={})
"warden.options" => { :recall => "new", :attempted_path => "/users/sign_in" },
"warden" => stub_everything
}
- response = call_failure(env).third
- assert response.body.include?('<h2>Sign in</h2>')
- assert response.body.include?('Invalid email or password.')
+ call_failure(env)
+ assert @response.third.body.include?('<h2>Sign in</h2>')
+ assert @response.third.body.include?('Invalid email or password.')
end
end
end
@@ -88,9 +88,9 @@ def visit_user_confirmation_with_token(confirmation_token)
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
- :sessions => { :admin => { :unconfirmed => "Not confirmed user" } }
+ :sessions => { :user => { :unconfirmed => "Not confirmed user" } }
} do
- get new_admin_session_path(:unconfirmed => true)
+ sign_in_as_user(:confirm => false)
assert_contain 'Not confirmed user'
end
end
@@ -50,7 +50,7 @@ class DatabaseAuthenticationSanityTest < ActionController::IntegrationTest
test 'not signed in as admin should not be able to access admins actions' do
get admins_path
- assert_redirected_to new_admin_session_path(:unauthenticated => true)
+ assert_redirected_to new_admin_session_path
assert_not warden.authenticated?(:admin)
end
@@ -60,7 +60,7 @@ class DatabaseAuthenticationSanityTest < ActionController::IntegrationTest
assert_not warden.authenticated?(:admin)
get admins_path
- assert_redirected_to new_admin_session_path(:unauthenticated => true)
+ assert_redirected_to new_admin_session_path
end
test 'signed in as admin should be able to access admin actions' do
@@ -146,7 +146,7 @@ class AuthenticationTest < ActionController::IntegrationTest
test 'redirect from warden shows sign in or sign up message' do
get admins_path
- warden_path = new_admin_session_path(:unauthenticated => true)
+ warden_path = new_admin_session_path
assert_redirected_to warden_path
get warden_path
@@ -157,35 +157,35 @@ class AuthenticationTest < ActionController::IntegrationTest
sign_in_as_user
assert_template 'home/index'
- assert_nil session[:"user.return_to"]
+ assert_nil session[:"user_return_to"]
end
test 'redirect to requested url after sign in' do
get users_path
- assert_redirected_to new_user_session_path(:unauthenticated => true)
- assert_equal users_path, session[:"user.return_to"]
+ assert_redirected_to new_user_session_path
+ assert_equal users_path, session[:"user_return_to"]
follow_redirect!
sign_in_as_user :visit => false
assert_template 'users/index'
- assert_nil session[:"user.return_to"]
+ assert_nil session[:"user_return_to"]
end
test 'redirect to last requested url overwriting the stored return_to option' do
get expire_user_path(create_user)
- assert_redirected_to new_user_session_path(:unauthenticated => true)
- assert_equal expire_user_path(create_user), session[:"user.return_to"]
+ assert_redirected_to new_user_session_path
+ assert_equal expire_user_path(create_user), session[:"user_return_to"]
get users_path
- assert_redirected_to new_user_session_path(:unauthenticated => true)
- assert_equal users_path, session[:"user.return_to"]
+ assert_redirected_to new_user_session_path
+ assert_equal users_path, session[:"user_return_to"]
follow_redirect!
sign_in_as_user :visit => false
assert_template 'users/index'
- assert_nil session[:"user.return_to"]
+ assert_nil session[:"user_return_to"]
end
test 'redirect to configured home path for a given scope after sign in' do
@@ -199,7 +199,7 @@ class AuthenticationTest < ActionController::IntegrationTest
User.destroy_all
get '/users'
- assert_redirected_to '/users/sign_in?unauthenticated=true'
+ assert_redirected_to new_user_session_path
end
test 'allows session to be set by a given scope' do
Oops, something went wrong.

0 comments on commit 23e608e

Please sign in to comment.