Browse files

Split Clearance::{Authentication,Authorization}

There has been confusion about the `authorize` method residing in the
`Authentication` module:

* The `authorize` method performs authorization - it denies access to
  unauthenticated users.
* It is assumed that controllers would override `authorize` for
  controllers that require specific authentication.
* It's sort of strange that `Clearance::Authentication` contains a bunch
  of authorization logic.

So, we:

* Split `Clearance::Controller` into `Clearance::Authentication` and
  `Clearance::Authorization`, both of which get mixed into
  `Clearance::Controller`.
* Mix `Clearance::Controller` into `ApplicationController` in the install
  generator.

Read more:

#268
#257
  • Loading branch information...
1 parent 831e3ac commit 91a984ca04f1738449bc8c734de2dfc52a50ec2d @croaky croaky committed Feb 23, 2013
View
2 Gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
- clearance (1.0.0.rc4)
+ clearance (1.0.0.rc5)
bcrypt-ruby
email_validator
rails (>= 3.0)
View
6 README.md
@@ -36,8 +36,8 @@ Make sure the development database exists. Then, run the generator:
The generator:
-* inserts Clearance::User into your User model
-* inserts Clearance::Authentication into your ApplicationController
+* inserts `Clearance::User` into your `User` model
+* inserts `Clearance::Controller` into your `ApplicationController`
* creates a migration that either creates a users table or adds only missing
columns
@@ -328,7 +328,7 @@ For example, in `spec/support/clearance.rb` or `test/test_helper.rb`:
require 'clearance/testing'
-This will make `Clearance::Authentication` methods work in your controllers
+This will make `Clearance::Controller` methods work in your controllers
during functional tests and provide access to helper methods like:
sign_in
View
2 gemfiles/3.0.20.gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: /Users/croaky/dev/clearance
specs:
- clearance (1.0.0.rc4)
+ clearance (1.0.0.rc5)
bcrypt-ruby
email_validator
rails (>= 3.0)
View
2 gemfiles/3.1.11.gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: /Users/croaky/dev/clearance
specs:
- clearance (1.0.0.rc4)
+ clearance (1.0.0.rc5)
bcrypt-ruby
email_validator
rails (>= 3.0)
View
2 gemfiles/3.2.12.gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: /Users/croaky/dev/clearance
specs:
- clearance (1.0.0.rc4)
+ clearance (1.0.0.rc5)
bcrypt-ruby
email_validator
rails (>= 3.0)
View
2 lib/clearance.rb
@@ -2,7 +2,7 @@
require 'clearance/session'
require 'clearance/rack_session'
require 'clearance/back_door'
-require 'clearance/authentication'
+require 'clearance/controller'
require 'clearance/user'
require 'clearance/engine'
require 'clearance/password_strategies'
View
61 lib/clearance/authentication.rb
@@ -4,8 +4,14 @@ module Authentication
included do
helper_method :current_user, :signed_in?, :signed_out?
- hide_action :authorize, :current_user, :current_user=, :deny_access,
- :sign_in, :sign_out, :signed_in?, :signed_out?
+ hide_action(
+ :current_user,
+ :current_user=,
+ :sign_in,
+ :sign_out,
+ :signed_in?,
+ :signed_out?
+ )
end
def authenticate(params)
@@ -14,12 +20,6 @@ def authenticate(params)
)
end
- def authorize
- unless signed_in?
- deny_access
- end
- end
-
def current_user
clearance_session.current_user
end
@@ -28,20 +28,6 @@ def current_user=(user)
clearance_session.sign_in user
end
- def deny_access(flash_message = nil)
- store_location
-
- if flash_message
- flash[:notice] = flash_message
- end
-
- if signed_in?
- redirect_to url_after_denied_access_when_signed_in
- else
- redirect_to url_after_denied_access_when_signed_out
- end
- end
-
def sign_in(user)
clearance_session.sign_in user
end
@@ -67,39 +53,8 @@ def handle_unverified_request
protected
- def clear_return_to
- session[:return_to] = nil
- end
-
def clearance_session
request.env[:clearance]
end
-
- def store_location
- if request.get?
- session[:return_to] = request.fullpath
- end
- end
-
- def redirect_back_or(default)
- redirect_to(return_to || default)
- clear_return_to
- end
-
- def redirect_to_root
- redirect_to('/')
- end
-
- def return_to
- session[:return_to] || params[:return_to]
- end
-
- def url_after_denied_access_when_signed_in
- '/'
- end
-
- def url_after_denied_access_when_signed_out
- sign_in_url
- end
end
end
View
62 lib/clearance/authorization.rb
@@ -0,0 +1,62 @@
+module Clearance
+ module Authorization
+ extend ActiveSupport::Concern
+
+ included do
+ hide_action :authorize, :deny_access
+ end
+
+ def authorize
+ unless signed_in?
+ deny_access
+ end
+ end
+
+ def deny_access(flash_message = nil)
+ store_location
+
+ if flash_message
+ flash[:notice] = flash_message
+ end
+
+ if signed_in?
+ redirect_to url_after_denied_access_when_signed_in
+ else
+ redirect_to url_after_denied_access_when_signed_out
+ end
+ end
+
+ protected
+
+ def clear_return_to
+ session[:return_to] = nil
+ end
+
+ def store_location
+ if request.get?
+ session[:return_to] = request.fullpath
+ end
+ end
+
+ def redirect_back_or(default)
+ redirect_to(return_to || default)
+ clear_return_to
+ end
+
+ def redirect_to_root
+ redirect_to('/')
+ end
+
+ def return_to
+ session[:return_to] || params[:return_to]
+ end
+
+ def url_after_denied_access_when_signed_in
+ '/'
+ end
+
+ def url_after_denied_access_when_signed_out
+ sign_in_url
+ end
+ end
+end
View
2 lib/clearance/back_door.rb
@@ -34,7 +34,7 @@ def sign_in_through_the_back_door(env)
user_id = params['as']
if user_id.present?
- user = ::User.find(user_id)
+ user = Clearance.configuration.user_model.find(user_id)
env[:clearance].sign_in(user)
end
end
View
11 lib/clearance/controller.rb
@@ -0,0 +1,11 @@
+require 'clearance/authentication'
+require 'clearance/authorization'
+
+module Clearance
+ module Controller
+ extend ActiveSupport::Concern
+
+ include Clearance::Authentication
+ include Clearance::Authorization
+ end
+end
View
2 lib/clearance/testing/app/controllers/application_controller.rb
@@ -1,5 +1,5 @@
class ApplicationController < ActionController::Base
- include Clearance::Authentication
+ include Clearance::Controller
def show
render :text => '', :layout => 'application'
View
6 lib/clearance/user.rb
@@ -11,8 +11,10 @@ module User
include Validations
include Callbacks
- include (Clearance.configuration.password_strategy ||
- Clearance::PasswordStrategies::BCrypt)
+ include(
+ Clearance.configuration.password_strategy ||
+ Clearance::PasswordStrategies::BCrypt
+ )
end
module ClassMethods
View
2 lib/generators/clearance/install/install_generator.rb
@@ -15,7 +15,7 @@ def inject_clearance_into_application_controller
inject_into(
ApplicationController,
'app/controllers/application_controller.rb',
- 'include Clearance::Authentication'
+ 'include Clearance::Controller'
)
end
View
3 spec/controllers/denies_controller_spec.rb
@@ -1,7 +1,8 @@
require 'spec_helper'
class DeniesController < ActionController::Base
- include Clearance::Authentication
+ include Clearance::Controller
+
before_filter :authorize, :only => :show
def new
View
2 spec/controllers/flashes_controller_spec.rb
@@ -1,7 +1,7 @@
require 'spec_helper'
class FlashesController < ActionController::Base
- include Clearance::Authentication
+ include Clearance::Controller
def set_flash
flash[:notice] = params[:message]
View
3 spec/controllers/forgeries_controller_spec.rb
@@ -1,7 +1,8 @@
require 'spec_helper'
class ForgeriesController < ActionController::Base
- include Clearance::Authentication
+ include Clearance::Controller
+
protect_from_forgery
before_filter :authorize
View
1 spec/models/bcrypt_migration_from_sha1_spec.rb
@@ -30,7 +30,6 @@
it 'sets the pasword on the subject' do
subject.password.should be_present
end
-
end
describe '#authenticated?' do
View
20 spec/models/user_spec.rb
@@ -33,33 +33,28 @@
end
it 'is authenticated with correct email and password' do
- (Clearance.configuration.user_model.authenticate(@user.email, @password)).
- should be
+ User.authenticate(@user.email, @password).should eq(@user)
@user.should be_authenticated(@password)
end
it 'is authenticated with correct uppercased email and correct password' do
- (Clearance.configuration.user_model.authenticate(@user.email.upcase, @password)).
- should be
+ User.authenticate(@user.email.upcase, @password).should eq(@user)
@user.should be_authenticated(@password)
end
it 'is authenticated with incorrect credentials' do
- (Clearance.configuration.user_model.authenticate(@user.email, 'bad_password')).
- should_not be
+ User.authenticate(@user.email, 'bad_password').should be_nil
@user.should_not be_authenticated('bad password')
end
it 'is retrieved via a case-insensitive search' do
- (Clearance.configuration.user_model.find_by_normalized_email(@user.email.upcase)).
- should be
- @user
+ User.find_by_normalized_email(@user.email.upcase).should eq(@user)
end
end
describe 'when resetting authentication with reset_remember_token!' do
before do
- @user = create(:user)
+ @user = create(:user)
@user.remember_token = 'old-token'
@user.reset_remember_token!
end
@@ -145,6 +140,7 @@
describe 'a user with an optional email' do
before do
@user = User.new
+
class << @user
def email_optional?
true
@@ -185,9 +181,7 @@ def password_optional?
let(:email) { 'Jo hn.Do e @exa mp le.c om' }
it 'downcases the address and strips spaces' do
- (Clearance.configuration.user_model.normalize_email(email)).
- should be
- 'john.doe@example.com'
+ User.normalize_email(email).should eq 'john.doe@example.com'
end
end
View
2 spec/support/clearance.rb
@@ -4,7 +4,7 @@
end
class ApplicationController < ActionController::Base
- include Clearance::Authentication
+ include Clearance::Controller
end
class User < ActiveRecord::Base

0 comments on commit 91a984c

Please sign in to comment.