authengine 0.0.2

data/spec/dummy/public/javascripts/rails.js

@@ -0,0 +1,191 @@
+(function() {
+  // Technique from Juriy Zaytsev
+  // http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
+  function isEventSupported(eventName) {
+    var el = document.createElement('div');
+    eventName = 'on' + eventName;
+    var isSupported = (eventName in el);
+    if (!isSupported) {
+      el.setAttribute(eventName, 'return;');
+      isSupported = typeof el[eventName] == 'function';
+    }
+    el = null;
+    return isSupported;
+  }
+
+  function isForm(element) {
+    return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
+  }
+
+  function isInput(element) {
+    if (Object.isElement(element)) {
+      var name = element.nodeName.toUpperCase()
+      return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
+    }
+    else return false
+  }
+
+  var submitBubbles = isEventSupported('submit'),
+      changeBubbles = isEventSupported('change')
+
+  if (!submitBubbles || !changeBubbles) {
+    // augment the Event.Handler class to observe custom events when needed
+    Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
+      function(init, element, eventName, selector, callback) {
+        init(element, eventName, selector, callback)
+        // is the handler being attached to an element that doesn't support this event?
+        if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
+             (!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
+          // "submit" => "emulated:submit"
+          this.eventName = 'emulated:' + this.eventName
+        }
+      }
+    )
+  }
+
+  if (!submitBubbles) {
+    // discover forms on the page by observing focus events which always bubble
+    document.on('focusin', 'form', function(focusEvent, form) {
+      // special handler for the real "submit" event (one-time operation)
+      if (!form.retrieve('emulated:submit')) {
+        form.on('submit', function(submitEvent) {
+          var emulated = form.fire('emulated:submit', submitEvent, true)
+          // if custom event received preventDefault, cancel the real one too
+          if (emulated.returnValue === false) submitEvent.preventDefault()
+        })
+        form.store('emulated:submit', true)
+      }
+    })
+  }
+
+  if (!changeBubbles) {
+    // discover form inputs on the page
+    document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
+      // special handler for real "change" events
+      if (!input.retrieve('emulated:change')) {
+        input.on('change', function(changeEvent) {
+          input.fire('emulated:change', changeEvent, true)
+        })
+        input.store('emulated:change', true)
+      }
+    })
+  }
+
+  function handleRemote(element) {
+    var method, url, params;
+
+    var event = element.fire("ajax:before");
+    if (event.stopped) return false;
+
+    if (element.tagName.toLowerCase() === 'form') {
+      method = element.readAttribute('method') || 'post';
+      url    = element.readAttribute('action');
+      params = element.serialize();
+    } else {
+      method = element.readAttribute('data-method') || 'get';
+      url    = element.readAttribute('href');
+      params = {};
+    }
+
+    new Ajax.Request(url, {
+      method: method,
+      parameters: params,
+      evalScripts: true,
+
+      onComplete:    function(request) { element.fire("ajax:complete", request); },
+      onSuccess:     function(request) { element.fire("ajax:success",  request); },
+      onFailure:     function(request) { element.fire("ajax:failure",  request); }
+    });
+
+    element.fire("ajax:after");
+  }
+
+  function handleMethod(element) {
+    var method = element.readAttribute('data-method'),
+        url = element.readAttribute('href'),
+        csrf_param = $$('meta[name=csrf-param]')[0],
+        csrf_token = $$('meta[name=csrf-token]')[0];
+
+    var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
+    element.parentNode.insert(form);
+
+    if (method !== 'post') {
+      var field = new Element('input', { type: 'hidden', name: '_method', value: method });
+      form.insert(field);
+    }
+
+    if (csrf_param) {
+      var param = csrf_param.readAttribute('content'),
+          token = csrf_token.readAttribute('content'),
+          field = new Element('input', { type: 'hidden', name: param, value: token });
+      form.insert(field);
+    }
+
+    form.submit();
+  }
+
+
+  document.on("click", "*[data-confirm]", function(event, element) {
+    var message = element.readAttribute('data-confirm');
+    if (!confirm(message)) event.stop();
+  });
+
+  document.on("click", "a[data-remote]", function(event, element) {
+    if (event.stopped) return;
+    handleRemote(element);
+    event.stop();
+  });
+
+  document.on("click", "a[data-method]", function(event, element) {
+    if (event.stopped) return;
+    handleMethod(element);
+    event.stop();
+  });
+
+  document.on("submit", function(event) {
+    var element = event.findElement(),
+        message = element.readAttribute('data-confirm');
+    if (message && !confirm(message)) {
+      event.stop();
+      return false;
+    }
+
+    var inputs = element.select("input[type=submit][data-disable-with]");
+    inputs.each(function(input) {
+      input.disabled = true;
+      input.writeAttribute('data-original-value', input.value);
+      input.value = input.readAttribute('data-disable-with');
+    });
+
+    var element = event.findElement("form[data-remote]");
+    if (element) {
+      handleRemote(element);
+      event.stop();
+    }
+  });
+
+  document.on("ajax:after", "form", function(event, element) {
+    var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
+    inputs.each(function(input) {
+      input.value = input.readAttribute('data-original-value');
+      input.removeAttribute('data-original-value');
+      input.disabled = false;
+    });
+  });
+
+  Ajax.Responders.register({
+    onCreate: function(request) {
+      var csrf_meta_tag = $$('meta[name=csrf-token]')[0];
+
+      if (csrf_meta_tag) {
+        var header = 'X-CSRF-Token',
+            token = csrf_meta_tag.readAttribute('content');
+
+        if (!request.options.requestHeaders) {
+          request.options.requestHeaders = {};
+        }
+        request.options.requestHeaders[header] = token;
+      }
+    }
+  });
+})();

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/dummy/spec/javascripts/helpers/SpecHelper.js

@@ -0,0 +1,9 @@
+beforeEach(function() {
+  this.addMatchers({
+    toBePlaying: function(expectedSong) {
+      var player = this.actual;
+      return player.currentlyPlayingSong === expectedSong
+          && player.isPlaying;
+    }
+  })
+});

data/spec/dummy/spec/javascripts/jasmine_examples/PlayerSpec.js

@@ -0,0 +1,58 @@
+describe("Player", function() {
+  var player;
+  var song;
+
+  beforeEach(function() {
+    player = new Player();
+    song = new Song();
+  });
+
+  it("should be able to play a Song", function() {
+    player.play(song);
+    expect(player.currentlyPlayingSong).toEqual(song);
+
+    //demonstrates use of custom matcher
+    expect(player).toBePlaying(song);
+  });
+
+  describe("when song has been paused", function() {
+    beforeEach(function() {
+      player.play(song);
+      player.pause();
+    });
+
+    it("should indicate that the song is currently paused", function() {
+      expect(player.isPlaying).toBeFalsy();
+
+      // demonstrates use of 'not' with a custom matcher
+      expect(player).not.toBePlaying(song);
+    });
+
+    it("should be possible to resume", function() {
+      player.resume();
+      expect(player.isPlaying).toBeTruthy();
+      expect(player.currentlyPlayingSong).toEqual(song);
+    });
+  });
+
+  // demonstrates use of spies to intercept and test method calls
+  it("tells the current song if the user has made it a favorite", function() {
+    spyOn(song, 'persistFavoriteStatus');
+
+    player.play(song);
+    player.makeFavorite();
+
+    expect(song.persistFavoriteStatus).toHaveBeenCalledWith(true);
+  });
+
+  //demonstrates use of expected exceptions
+  describe("#resume", function() {
+    it("should throw an exception if song is already playing", function() {
+      player.play(song);
+
+      expect(function() {
+        player.resume();
+      }).toThrow("song is already playing");
+    });
+  });
+});

data/spec/dummy/spec/javascripts/support/jasmine.yml

@@ -0,0 +1,76 @@
+# src_files
+#
+# Return an array of filepaths relative to src_dir to include before jasmine specs.
+# Default: []
+#
+# EXAMPLE:
+#
+# src_files:
+#   - lib/source1.js
+#   - lib/source2.js
+#   - dist/**/*.js
+#
+src_files:
+  - assets/application.js
+
+# stylesheets
+#
+# Return an array of stylesheet filepaths relative to src_dir to include before jasmine specs.
+# Default: []
+#
+# EXAMPLE:
+#
+# stylesheets:
+#   - css/style.css
+#   - stylesheets/*.css
+#
+stylesheets:
+  - stylesheets/**/*.css
+
+# helpers
+#
+# Return an array of filepaths relative to spec_dir to include before jasmine specs.
+# Default: ["helpers/**/*.js"]
+#
+# EXAMPLE:
+#
+# helpers:
+#   - helpers/**/*.js
+#
+helpers:
+  - helpers/**/*.js
+
+# spec_files
+#
+# Return an array of filepaths relative to spec_dir to include.
+# Default: ["**/*[sS]pec.js"]
+#
+# EXAMPLE:
+#
+# spec_files:
+#   - **/*[sS]pec.js
+#
+spec_files:
+  - '**/*[sS]pec.js'
+
+# src_dir
+#
+# Source directory path. Your src_files must be returned relative to this path. Will use root if left blank.
+# Default: project root
+#
+# EXAMPLE:
+#
+# src_dir: public
+#
+src_dir:
+
+# spec_dir
+#
+# Spec directory path. Your spec_files must be returned relative to this path.
+# Default: spec/javascripts
+#
+# EXAMPLE:
+#
+# spec_dir: spec/javascripts
+#
+spec_dir: spec/javascripts

data/spec/generators/authengine_generator_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+# just a placeholder
+describe "authengine spec generator" do
+  before(:all) do
+    #@ag = AuthengineGenerator.new
+  end
+
+  it "should do something" do
+    #@ag.copy_initializer_file.should be_true
+  end
+end

data/spec/integration/navigation_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe "Navigation" do
+  include Capybara::DSL
+  
+  it "should be a valid app" do
+    ::Rails.application.should be_a(Dummy::Application)
+  end
+end

data/spec/javascripts/spec.css

@@ -0,0 +1,3 @@
+/*
+*= require application
+*/

data/spec/javascripts/spec.js.coffee

@@ -0,0 +1,2 @@
+#= require application
+#= require_tree .

data/spec/models/action_role_spec.rb

@@ -0,0 +1,59 @@
+require File.expand_path("../../spec_helper", __FILE__)
+
+
+describe 'permits_access_for class method' do
+  before(:each) do
+    @role        = Role.create(:name => 'chief')
+    @controller  = Controller.create(:controller_name => 'traveller')
+    @action      = Action.create(:action_name => 'travel', :controller_id => @controller.id)
+    @user        = FactoryGirl.create(:user, :login => 'just_me')
+    @user_role   = UserRole.create(:role_id => @role.id, :user_id => @user.id)
+    @action_role = ActionRole.create(:action_id => @action.id, :role_id => @role.id)
+  end
+
+  it "action is permitted for user's role" do
+    ActionRole.permits_access_for(@controller.controller_name, @action.action_name, @user.roles(true).map(&:id)).should == true
+  end
+
+  it "action is not permitted for user's role" do
+    ActionRole.permits_access_for(@controller.controller_name, 'some_action', @user.roles(true).map(&:id)).should == false
+  end
+
+  it "different user tries to access the action" do
+    @user = FactoryGirl.create(:user, :login => 'another_person')
+    ActionRole.permits_access_for(@controller.controller_name, @action.action_name, @user.roles.map(&:id)).should == false
+  end
+
+  it "user has a role that does not permit access to the requested action" do
+    UserRole.delete_all
+    @user_role  = UserRole.create(:role_id => 555, :user_id => @user.id)
+    ActionRole.permits_access_for(@controller.controller_name, @action.action_name, @user.user_roles.map(&:role_id)).should == false
+  end
+
+  it "user's role does not permit access to the requested action" do
+    ActionRole.delete_all
+    @action_role = ActionRole.create(:action_id => @action.id, :role_id => 555)
+    ActionRole.permits_access_for(@controller.controller_name, @action.action_name, @user.roles(true).map(&:id)).should == false
+  end
+end
+
+describe "permits_access_for class method" do
+  before(:each) do
+    @role         = Role.create(:name => 'chief')
+    @another_role = Role.create(:name => 'minion')
+    @controller   = Controller.create(:controller_name => 'traveller')
+    @action       = Action.create(:action_name => 'travel', :controller_id => @controller.id)
+    @user         = FactoryGirl.create(:user, :login => 'just_me')
+    @action_role  = ActionRole.create(:action_id => @action.id, :role_id => @role.id)
+  end
+
+  it "should permit when one of the passed-in roles has an action_role that links to the passed in controller/action" do
+    role_ids = [@role.id]
+    ActionRole.permits_access_for(@controller.controller_name, @action.action_name, role_ids).should == true
+  end
+
+  it "should not permit when none of the passed-in roles has an action role for the passed-in controller/action" do
+    role_ids = [@another_role.id]
+    ActionRole.permits_access_for(@controller.controller_name, @action.action_name, role_ids).should == false
+  end
+end

data/spec/models/authenticated_system_spec.rb

@@ -0,0 +1,109 @@
+require Authengine::Engine.root.join('app', 'models', 'authenticated_system').to_s
+require Authengine::Engine.root.join('app', 'models', 'authorized_system').to_s
+require 'flexmock'
+SITE_URL = "same_domain.com"
+
+RSpec.configure do |config|
+  config.mock_with :flexmock
+end
+
+
+class Foobar
+  attr_accessor :flash
+
+  def initialize
+    @flash = {}
+  end
+
+  def extension; end
+
+  def headers
+    {}
+  end
+
+
+  def render(something); end
+
+  include AuthenticatedSystem
+  include AuthorizedSystem
+end
+
+describe "AuthenticatedSystem redirection when permission is denied" do
+
+  it "redirects to the login page when user came from another site" do
+    ext = flexmock('extension')
+    ext.should_receive(:html).once.and_yield
+    ext.should_receive(:xml).once.and_yield
+    flexmock(Foobar).new_instances do |f|
+      f.should_receive(:respond_to).once.and_yield(ext)
+      f.should_receive(:session).and_return({:refer_to => nil})
+      env = flexmock("env",
+                     :env => {"HTTP_REFERER" => "http://same_domain.com/some_page"},
+                     :fullpath => "http://same_domain.com/some_page")
+      f.should_receive(:request).and_return(env)
+      f.should_receive(:root_path).and_return("root_path")
+      f.should_receive(:domain_name).and_return("http://same_domain.com/some_page")
+      f.should_receive("redirect_to").once.with("root_path")
+    end
+
+    Foobar.new.send('permission_denied')
+  end
+
+  it "redirects to the login page if the http referer is not present" do
+    ext = flexmock('extension')
+    ext.should_receive(:html).once.and_yield
+    ext.should_receive(:xml).once.and_yield
+    flexmock(Foobar).new_instances do |f|
+      f.should_receive(:respond_to).once.and_yield(ext)
+      f.should_receive(:session).and_return({:refer_to => nil})
+      env = flexmock("env",
+                     :env => {"HTTP_REFERER" => nil},
+                     :fullpath => "http://same_domain.com/some_page")
+      f.should_receive(:request).and_return(env)
+      f.should_receive(:root_path).and_return("root_path")
+      f.should_receive(:domain_name).and_return("http://same_domain.com/some_page")
+      f.should_receive("redirect_to").once.with("root_path")
+    end
+
+    Foobar.new.send('permission_denied')
+  end
+
+  context "when user came from this site" do
+    it "redirects to the previous page if it's not the same as the requested page" do
+      ext = flexmock('extension')
+      ext.should_receive(:html).once.and_yield
+      ext.should_receive(:xml).once.and_yield
+      flexmock(Foobar).new_instances do |f|
+        f.should_receive(:respond_to).once.and_yield(ext)
+        f.should_receive(:session).and_return({:refer_to => nil})
+        env = flexmock("env",
+                       :env => {"HTTP_REFERER" => "http://same_domain.com/different_page"},
+                       :fullpath => "http://same_domain.com/some_page")
+        f.should_receive(:request).and_return(env)
+        f.should_receive(:root_path).and_return("root_path")
+        f.should_receive(:domain_name).and_return("http://same_domain.com/some_page")
+        f.should_receive("redirect_to").once.with("http://same_domain.com/different_page")
+      end
+
+      Foobar.new.send('permission_denied')
+    end
+
+    it "redirects to the login page if the previous page is the same as the requested page" do
+      ext = flexmock('extension')
+      ext.should_receive(:html).once.and_yield
+      ext.should_receive(:xml).once.and_yield
+      flexmock(Foobar).new_instances do |f|
+        f.should_receive(:respond_to).once.and_yield(ext)
+        f.should_receive(:session).and_return({:refer_to => nil})
+        env = flexmock("env",
+                       :env => {"HTTP_REFERER" => "http://same_domain.com/some_page"},
+                       :fullpath => "http://same_domain.com/some_page")
+        f.should_receive(:request).and_return(env)
+        f.should_receive(:root_path).and_return("root_path")
+        f.should_receive("redirect_to").once.with("root_path")
+      end
+
+      Foobar.new.send('permission_denied')
+    end
+  end
+end