authpwn_rails 0.7.4 → 0.7.5

data/VERSION

@@ -1 +1 @@
-0.7.4
+0.7.5

data/authpwn_rails.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{authpwn_rails}
-  s.version = "0.7.4"
+  s.version = "0.7.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = %q{2011-03-14}
+  s.date = %q{2011-03-17}
   s.description = %q{Works with Facebook.}
   s.email = %q{victor@costan.us}
   s.extra_rdoc_files = [
@@ -59,7 +59,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = %q{http://github.com/pwnall/authpwn_rails}
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.5.3}
+  s.rubygems_version = %q{1.6.0}
   s.summary = %q{User authentication for Rails 3 applications.}
   s.test_files = [
     "test/cookie_controller_test.rb",

data/lib/authpwn_rails/session.rb

@@ -84,7 +84,7 @@ module ControllerInstanceMethods
   end
 end
 
-# Included in controllers that call authenticates_using_session.
+# Included in controllers that call authpwn_session_controller.
 module SessionControllerInstanceMethods
   # GET /session/new
   def new
@@ -110,7 +110,9 @@ module SessionControllerInstanceMethods
         respond_to do |format|
           format.html { render :action => :home }
           format.json do
-            render :json => { :user => @user.serializable_hash,
+            user_data = @user.as_json
+            user_data = user_data['user'] if @user.class.include_root_in_json
+            render :json => { :user => user_data,
                               :csrf => form_authenticity_token }
           end
         end
@@ -129,7 +131,9 @@ module SessionControllerInstanceMethods
       if current_user
         format.html { redirect_to @redirect_url }
         format.json do
-          render :json => { :user => current_user.serializable_hash,
+          user_data = @user.as_json
+          user_data = user_data['user'] if @user.class.include_root_in_json
+          render :json => { :user => user_data,
                             :csrf => form_authenticity_token }
         end
       else

data/lib/authpwn_rails/user_model.rb

@@ -111,6 +111,12 @@ module ModelInstanceMethods
   def to_param
     email
   end  
+  
+  # Do not expose password and ActiveRecord IDs in JSON representation.
+  def as_json(options = {})
+    options ||= {}
+    super(options.merge(:except => [:password_salt, :password_hash, :id]))
+  end
 end  # module AuthpwnRails::UserModel::ModelInstanceMethods
 
 ActiveRecord::Base.send :include, ModelMixin

data/test/user_test.rb

@@ -81,6 +81,14 @@ class UserTest < ActiveSupport::TestCase
     assert_equal nil, User.find_by_param(nil)
   end
   
+  test 'to_json does not show implementation details' do
+    json_data = ActiveSupport::JSON.decode users(:john).to_json
+    assert_operator json_data, :has_key?, 'user'
+    assert_nil json_data['user']['password_hash']
+    assert_nil json_data['user']['password_salt']
+    assert_nil json_data['user']['id']
+  end
+  
   test 'find_by_email_and_password' do
     assert_equal users(:john),
         User.find_by_email_and_password('john@gmail.com', 'password')

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: authpwn_rails
 version: !ruby/object:Gem::Version 
-  hash: 11
+  hash: 9
   prerelease: 
   segments: 
   - 0
   - 7
-  - 4
-  version: 0.7.4
+  - 5
+  version: 0.7.5
 platform: ruby
 authors: 
 - Victor Costan
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-14 00:00:00 -04:00
+date: 2011-03-17 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.5.3
+rubygems_version: 1.6.0
 signing_key: 
 specification_version: 3
 summary: User authentication for Rails 3 applications.