authpwn_rails 0.10.11 → 0.10.12
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +4 -4
- data/Gemfile.lock +45 -42
- data/VERSION +1 -1
- data/authpwn_rails.gemspec +17 -14
- data/lib/authpwn_rails/current_user.rb +19 -0
- data/lib/authpwn_rails/http_basic.rb +63 -0
- data/lib/authpwn_rails/session.rb +7 -10
- data/lib/authpwn_rails/test_extensions.rb +32 -0
- data/lib/authpwn_rails.rb +2 -0
- data/test/helpers/routes.rb +3 -0
- data/test/http_basic_controller_test.rb +99 -0
- metadata +14 -11
data/Gemfile
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
source :rubygems
|
2
2
|
|
3
3
|
gem 'fbgraph_rails', '>= 0.2.2'
|
4
|
-
gem 'rails', '>= 3.2.
|
4
|
+
gem 'rails', '>= 3.2.6'
|
5
5
|
|
6
6
|
group :development do
|
7
|
-
gem 'bundler', '>= 1.1.
|
7
|
+
gem 'bundler', '>= 1.1.4'
|
8
8
|
gem 'flexmock', '>= 0.9.0'
|
9
|
-
gem 'jeweler', '>= 1.8.
|
9
|
+
gem 'jeweler', '>= 1.8.4'
|
10
10
|
gem 'rcov', '>= 0', :platform => :mri_18
|
11
11
|
gem 'simplecov', '>= 0', :platform => :mri_19
|
12
12
|
gem 'mysql2', '>= 0.3.11'
|
13
|
-
gem 'pg', '>= 0.
|
13
|
+
gem 'pg', '>= 0.14.0'
|
14
14
|
gem 'sqlite3', '>= 1.3.6'
|
15
15
|
end
|
data/Gemfile.lock
CHANGED
@@ -1,37 +1,37 @@
|
|
1
1
|
GEM
|
2
2
|
remote: http://rubygems.org/
|
3
3
|
specs:
|
4
|
-
actionmailer (3.2.
|
5
|
-
actionpack (= 3.2.
|
4
|
+
actionmailer (3.2.6)
|
5
|
+
actionpack (= 3.2.6)
|
6
6
|
mail (~> 2.4.4)
|
7
|
-
actionpack (3.2.
|
8
|
-
activemodel (= 3.2.
|
9
|
-
activesupport (= 3.2.
|
7
|
+
actionpack (3.2.6)
|
8
|
+
activemodel (= 3.2.6)
|
9
|
+
activesupport (= 3.2.6)
|
10
10
|
builder (~> 3.0.0)
|
11
11
|
erubis (~> 2.7.0)
|
12
12
|
journey (~> 1.0.1)
|
13
13
|
rack (~> 1.4.0)
|
14
14
|
rack-cache (~> 1.2)
|
15
15
|
rack-test (~> 0.6.1)
|
16
|
-
sprockets (~> 2.1.
|
17
|
-
activemodel (3.2.
|
18
|
-
activesupport (= 3.2.
|
16
|
+
sprockets (~> 2.1.3)
|
17
|
+
activemodel (3.2.6)
|
18
|
+
activesupport (= 3.2.6)
|
19
19
|
builder (~> 3.0.0)
|
20
|
-
activerecord (3.2.
|
21
|
-
activemodel (= 3.2.
|
22
|
-
activesupport (= 3.2.
|
20
|
+
activerecord (3.2.6)
|
21
|
+
activemodel (= 3.2.6)
|
22
|
+
activesupport (= 3.2.6)
|
23
23
|
arel (~> 3.0.2)
|
24
24
|
tzinfo (~> 0.3.29)
|
25
|
-
activeresource (3.2.
|
26
|
-
activemodel (= 3.2.
|
27
|
-
activesupport (= 3.2.
|
28
|
-
activesupport (3.2.
|
25
|
+
activeresource (3.2.6)
|
26
|
+
activemodel (= 3.2.6)
|
27
|
+
activesupport (= 3.2.6)
|
28
|
+
activesupport (3.2.6)
|
29
29
|
i18n (~> 0.6)
|
30
30
|
multi_json (~> 1.0)
|
31
31
|
arel (3.0.2)
|
32
32
|
builder (3.0.0)
|
33
33
|
erubis (2.7.0)
|
34
|
-
faraday (0.8.
|
34
|
+
faraday (0.8.1)
|
35
35
|
multipart-post (~> 1.1)
|
36
36
|
fbgraph (1.10.0)
|
37
37
|
activesupport
|
@@ -53,27 +53,30 @@ GEM
|
|
53
53
|
hike (1.2.1)
|
54
54
|
httpauth (0.1)
|
55
55
|
i18n (0.6.0)
|
56
|
-
jeweler (1.8.
|
56
|
+
jeweler (1.8.4)
|
57
57
|
bundler (~> 1.0)
|
58
58
|
git (>= 1.2.5)
|
59
59
|
rake
|
60
60
|
rdoc
|
61
|
-
journey (1.0.
|
62
|
-
json (1.7.
|
61
|
+
journey (1.0.4)
|
62
|
+
json (1.7.3)
|
63
|
+
jwt (0.1.4)
|
64
|
+
json (>= 1.2.4)
|
63
65
|
mail (2.4.4)
|
64
66
|
i18n (>= 0.4.0)
|
65
67
|
mime-types (~> 1.16)
|
66
68
|
treetop (~> 1.4.8)
|
67
|
-
mime-types (1.
|
68
|
-
multi_json (1.3.
|
69
|
+
mime-types (1.19)
|
70
|
+
multi_json (1.3.6)
|
69
71
|
multipart-post (1.1.5)
|
70
72
|
mysql2 (0.3.11)
|
71
|
-
oauth2 (0.
|
73
|
+
oauth2 (0.8.0)
|
72
74
|
faraday (~> 0.8)
|
73
75
|
httpauth (~> 0.1)
|
76
|
+
jwt (~> 0.1.4)
|
74
77
|
multi_json (~> 1.0)
|
75
|
-
rack (~> 1.
|
76
|
-
pg (0.
|
78
|
+
rack (~> 1.2)
|
79
|
+
pg (0.14.0)
|
77
80
|
polyglot (0.3.3)
|
78
81
|
rack (1.4.1)
|
79
82
|
rack-cache (1.2)
|
@@ -82,29 +85,29 @@ GEM
|
|
82
85
|
rack
|
83
86
|
rack-test (0.6.1)
|
84
87
|
rack (>= 1.0)
|
85
|
-
rails (3.2.
|
86
|
-
actionmailer (= 3.2.
|
87
|
-
actionpack (= 3.2.
|
88
|
-
activerecord (= 3.2.
|
89
|
-
activeresource (= 3.2.
|
90
|
-
activesupport (= 3.2.
|
88
|
+
rails (3.2.6)
|
89
|
+
actionmailer (= 3.2.6)
|
90
|
+
actionpack (= 3.2.6)
|
91
|
+
activerecord (= 3.2.6)
|
92
|
+
activeresource (= 3.2.6)
|
93
|
+
activesupport (= 3.2.6)
|
91
94
|
bundler (~> 1.0)
|
92
|
-
railties (= 3.2.
|
93
|
-
railties (3.2.
|
94
|
-
actionpack (= 3.2.
|
95
|
-
activesupport (= 3.2.
|
95
|
+
railties (= 3.2.6)
|
96
|
+
railties (3.2.6)
|
97
|
+
actionpack (= 3.2.6)
|
98
|
+
activesupport (= 3.2.6)
|
96
99
|
rack-ssl (~> 1.3.2)
|
97
100
|
rake (>= 0.8.7)
|
98
101
|
rdoc (~> 3.4)
|
99
|
-
thor (
|
102
|
+
thor (>= 0.14.6, < 2.0)
|
100
103
|
rake (0.9.2.2)
|
101
104
|
rcov (1.0.0)
|
102
105
|
rdoc (3.12)
|
103
106
|
json (~> 1.4)
|
104
107
|
rest-client (1.6.7)
|
105
108
|
mime-types (>= 1.16)
|
106
|
-
simplecov (0.6.
|
107
|
-
multi_json (~> 1.
|
109
|
+
simplecov (0.6.4)
|
110
|
+
multi_json (~> 1.0)
|
108
111
|
simplecov-html (~> 0.5.3)
|
109
112
|
simplecov-html (0.5.3)
|
110
113
|
sprockets (2.1.3)
|
@@ -112,7 +115,7 @@ GEM
|
|
112
115
|
rack (~> 1.0)
|
113
116
|
tilt (~> 1.1, != 1.3.0)
|
114
117
|
sqlite3 (1.3.6)
|
115
|
-
thor (0.
|
118
|
+
thor (0.15.4)
|
116
119
|
tilt (1.3.3)
|
117
120
|
treetop (1.4.10)
|
118
121
|
polyglot
|
@@ -123,13 +126,13 @@ PLATFORMS
|
|
123
126
|
ruby
|
124
127
|
|
125
128
|
DEPENDENCIES
|
126
|
-
bundler (>= 1.1.
|
129
|
+
bundler (>= 1.1.4)
|
127
130
|
fbgraph_rails (>= 0.2.2)
|
128
131
|
flexmock (>= 0.9.0)
|
129
|
-
jeweler (>= 1.8.
|
132
|
+
jeweler (>= 1.8.4)
|
130
133
|
mysql2 (>= 0.3.11)
|
131
|
-
pg (>= 0.
|
132
|
-
rails (>= 3.2.
|
134
|
+
pg (>= 0.14.0)
|
135
|
+
rails (>= 3.2.6)
|
133
136
|
rcov
|
134
137
|
simplecov
|
135
138
|
sqlite3 (>= 1.3.6)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.10.
|
1
|
+
0.10.12
|
data/authpwn_rails.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "authpwn_rails"
|
8
|
-
s.version = "0.10.
|
8
|
+
s.version = "0.10.12"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Victor Costan"]
|
12
|
-
s.date = "2012-
|
12
|
+
s.date = "2012-07-08"
|
13
13
|
s.description = "Works with Facebook."
|
14
14
|
s.email = "victor@costan.us"
|
15
15
|
s.extra_rdoc_files = [
|
@@ -38,6 +38,7 @@ Gem::Specification.new do |s|
|
|
38
38
|
"legacy/migrate_09_to_010.rb",
|
39
39
|
"lib/authpwn_rails.rb",
|
40
40
|
"lib/authpwn_rails/credential_model.rb",
|
41
|
+
"lib/authpwn_rails/current_user.rb",
|
41
42
|
"lib/authpwn_rails/engine.rb",
|
42
43
|
"lib/authpwn_rails/facebook_session.rb",
|
43
44
|
"lib/authpwn_rails/generators/all_generator.rb",
|
@@ -60,6 +61,7 @@ Gem::Specification.new do |s|
|
|
60
61
|
"lib/authpwn_rails/generators/templates/session_mailer_test.rb",
|
61
62
|
"lib/authpwn_rails/generators/templates/user.rb",
|
62
63
|
"lib/authpwn_rails/generators/templates/users.yml",
|
64
|
+
"lib/authpwn_rails/http_basic.rb",
|
63
65
|
"lib/authpwn_rails/routes.rb",
|
64
66
|
"lib/authpwn_rails/session.rb",
|
65
67
|
"lib/authpwn_rails/session_controller.rb",
|
@@ -90,6 +92,7 @@ Gem::Specification.new do |s|
|
|
90
92
|
"test/helpers/fbgraph.rb",
|
91
93
|
"test/helpers/routes.rb",
|
92
94
|
"test/helpers/view_helpers.rb",
|
95
|
+
"test/http_basic_controller_test.rb",
|
93
96
|
"test/routes_test.rb",
|
94
97
|
"test/session_controller_api_test.rb",
|
95
98
|
"test/session_mailer_api_test.rb",
|
@@ -110,37 +113,37 @@ Gem::Specification.new do |s|
|
|
110
113
|
|
111
114
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
112
115
|
s.add_runtime_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
|
113
|
-
s.add_runtime_dependency(%q<rails>, [">= 3.2.
|
114
|
-
s.add_development_dependency(%q<bundler>, [">= 1.1.
|
116
|
+
s.add_runtime_dependency(%q<rails>, [">= 3.2.6"])
|
117
|
+
s.add_development_dependency(%q<bundler>, [">= 1.1.4"])
|
115
118
|
s.add_development_dependency(%q<flexmock>, [">= 0.9.0"])
|
116
|
-
s.add_development_dependency(%q<jeweler>, [">= 1.8.
|
119
|
+
s.add_development_dependency(%q<jeweler>, [">= 1.8.4"])
|
117
120
|
s.add_development_dependency(%q<rcov>, [">= 0"])
|
118
121
|
s.add_development_dependency(%q<simplecov>, [">= 0"])
|
119
122
|
s.add_development_dependency(%q<mysql2>, [">= 0.3.11"])
|
120
|
-
s.add_development_dependency(%q<pg>, [">= 0.
|
123
|
+
s.add_development_dependency(%q<pg>, [">= 0.14.0"])
|
121
124
|
s.add_development_dependency(%q<sqlite3>, [">= 1.3.6"])
|
122
125
|
else
|
123
126
|
s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
|
124
|
-
s.add_dependency(%q<rails>, [">= 3.2.
|
125
|
-
s.add_dependency(%q<bundler>, [">= 1.1.
|
127
|
+
s.add_dependency(%q<rails>, [">= 3.2.6"])
|
128
|
+
s.add_dependency(%q<bundler>, [">= 1.1.4"])
|
126
129
|
s.add_dependency(%q<flexmock>, [">= 0.9.0"])
|
127
|
-
s.add_dependency(%q<jeweler>, [">= 1.8.
|
130
|
+
s.add_dependency(%q<jeweler>, [">= 1.8.4"])
|
128
131
|
s.add_dependency(%q<rcov>, [">= 0"])
|
129
132
|
s.add_dependency(%q<simplecov>, [">= 0"])
|
130
133
|
s.add_dependency(%q<mysql2>, [">= 0.3.11"])
|
131
|
-
s.add_dependency(%q<pg>, [">= 0.
|
134
|
+
s.add_dependency(%q<pg>, [">= 0.14.0"])
|
132
135
|
s.add_dependency(%q<sqlite3>, [">= 1.3.6"])
|
133
136
|
end
|
134
137
|
else
|
135
138
|
s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
|
136
|
-
s.add_dependency(%q<rails>, [">= 3.2.
|
137
|
-
s.add_dependency(%q<bundler>, [">= 1.1.
|
139
|
+
s.add_dependency(%q<rails>, [">= 3.2.6"])
|
140
|
+
s.add_dependency(%q<bundler>, [">= 1.1.4"])
|
138
141
|
s.add_dependency(%q<flexmock>, [">= 0.9.0"])
|
139
|
-
s.add_dependency(%q<jeweler>, [">= 1.8.
|
142
|
+
s.add_dependency(%q<jeweler>, [">= 1.8.4"])
|
140
143
|
s.add_dependency(%q<rcov>, [">= 0"])
|
141
144
|
s.add_dependency(%q<simplecov>, [">= 0"])
|
142
145
|
s.add_dependency(%q<mysql2>, [">= 0.3.11"])
|
143
|
-
s.add_dependency(%q<pg>, [">= 0.
|
146
|
+
s.add_dependency(%q<pg>, [">= 0.14.0"])
|
144
147
|
s.add_dependency(%q<sqlite3>, [">= 1.3.6"])
|
145
148
|
end
|
146
149
|
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# :nodoc: namespace
|
2
|
+
module Authpwn
|
3
|
+
|
4
|
+
# The unofficial Rails convention for tracking the authenticated user.
|
5
|
+
module CurrentUser
|
6
|
+
attr_reader :current_user
|
7
|
+
|
8
|
+
def current_user=(user)
|
9
|
+
@current_user = user
|
10
|
+
if user
|
11
|
+
session[:user_exuid] = user.to_param
|
12
|
+
else
|
13
|
+
session.delete :user_exuid
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end # module Authpwn::CurrentUser
|
17
|
+
|
18
|
+
end # namespace Authpwn
|
19
|
+
|
@@ -0,0 +1,63 @@
|
|
1
|
+
require 'action_controller'
|
2
|
+
|
3
|
+
# :nodoc: adds authenticates_using_http_basic
|
4
|
+
class ActionController::Base
|
5
|
+
# Keeps track of the currently authenticated user via the session.
|
6
|
+
#
|
7
|
+
# Assumes the existence of a User model. A bare ActiveModel model will do the
|
8
|
+
# trick. Model instances must implement id, and the model class must implement
|
9
|
+
# find_by_id.
|
10
|
+
def self.authenticates_using_http_basic(options = {})
|
11
|
+
include Authpwn::HttpBasicControllerInstanceMethods
|
12
|
+
before_filter :authenticate_using_http_basic, options
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
# :nodoc: namespace
|
17
|
+
module Authpwn
|
18
|
+
|
19
|
+
# Included in controllers that call authenticates_using_http_basic.
|
20
|
+
module HttpBasicControllerInstanceMethods
|
21
|
+
include Authpwn::CurrentUser
|
22
|
+
|
23
|
+
# Filter that implements authenticates_using_http_basic.
|
24
|
+
#
|
25
|
+
# If your ApplicationController contains authenticates_using_http_basic, you
|
26
|
+
# can opt out in individual controllers using skip_before_filter.
|
27
|
+
#
|
28
|
+
# skip_before_filter :authenticate_using_http_filter
|
29
|
+
def authenticate_using_http_basic
|
30
|
+
return if current_user
|
31
|
+
authenticate_with_http_basic do |email, password|
|
32
|
+
auth = Credentials::Password.authenticate_email email, password
|
33
|
+
self.current_user = auth unless auth.kind_of? Symbol
|
34
|
+
end
|
35
|
+
end
|
36
|
+
private :authenticate_using_http_basic
|
37
|
+
|
38
|
+
# Inform the user that their request is forbidden.
|
39
|
+
#
|
40
|
+
# If a user is logged on, this renders the session/forbidden view with a HTTP
|
41
|
+
# 403 code.
|
42
|
+
#
|
43
|
+
# If no user is logged in, a HTTP 403 code is returned, together with an
|
44
|
+
# HTTP Authentication header causing the user-agent (browser) to initiate
|
45
|
+
# http basic authentication.
|
46
|
+
def bounce_to_http_basic()
|
47
|
+
unless current_user
|
48
|
+
request_http_basic_authentication
|
49
|
+
return
|
50
|
+
end
|
51
|
+
|
52
|
+
respond_to do |format|
|
53
|
+
format.html do
|
54
|
+
render 'session/forbidden', :status => :forbidden
|
55
|
+
end
|
56
|
+
format.json do
|
57
|
+
render :json => { :error => "You're not allowed to access that" }
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end # module Authpwn::HttpBasicControllerInstanceMethods
|
62
|
+
|
63
|
+
end # namespace Authpwn
|
@@ -26,17 +26,14 @@ module Authpwn
|
|
26
26
|
|
27
27
|
# Included in controllers that call authenticates_using_session.
|
28
28
|
module ControllerInstanceMethods
|
29
|
-
|
30
|
-
|
31
|
-
def current_user=(user)
|
32
|
-
@current_user = user
|
33
|
-
if user
|
34
|
-
session[:user_exuid] = user.to_param
|
35
|
-
else
|
36
|
-
session.delete :user_exuid
|
37
|
-
end
|
38
|
-
end
|
29
|
+
include Authpwn::CurrentUser
|
39
30
|
|
31
|
+
# Filter that implements authenticates_using_session.
|
32
|
+
#
|
33
|
+
# If your ApplicationController contains authenticates_using_session, you
|
34
|
+
# can opt out in individual controllers using skip_before_filter.
|
35
|
+
#
|
36
|
+
# skip_before_filter :authenticate_using_session
|
40
37
|
def authenticate_using_session
|
41
38
|
return if current_user
|
42
39
|
user_param = session[:user_exuid]
|
@@ -48,6 +48,38 @@ module ControllerTestExtensions
|
|
48
48
|
return nil unless user_param = request.session[:user_exuid]
|
49
49
|
User.find_by_param user_param
|
50
50
|
end
|
51
|
+
|
52
|
+
# Sets the HTTP Authentication header.
|
53
|
+
#
|
54
|
+
# If no password is provided, the user's password is set to "password". This
|
55
|
+
# change is normally reverted at the end of the test, as long as
|
56
|
+
# transactional fixtures are not disabled.
|
57
|
+
#
|
58
|
+
# Tests that need to disable transactional fixures should specify the user's
|
59
|
+
# password.
|
60
|
+
def set_http_basic_user(user, password = nil)
|
61
|
+
unless password
|
62
|
+
password = 'password'
|
63
|
+
credential = Credentials::Password.where(:user_id => user.id).first
|
64
|
+
if credential
|
65
|
+
credential.update_attributes! :password => password
|
66
|
+
else
|
67
|
+
credential = Credentials::Password.new :password => password
|
68
|
+
credential.user_id = user.id
|
69
|
+
credential.save!
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
credential = Credentials::Email.where(:user_id => user.id).first
|
74
|
+
unless credential
|
75
|
+
raise RuntimeError, "Can't specify an user without an e-mail"
|
76
|
+
end
|
77
|
+
email = credential.email
|
78
|
+
|
79
|
+
request.env['HTTP_AUTHORIZATION'] =
|
80
|
+
"Basic #{::Base64.strict_encode64("#{email}:#{password}")}"
|
81
|
+
user
|
82
|
+
end
|
51
83
|
end # module Authpwn::ControllerTestExtensions
|
52
84
|
|
53
85
|
end # namespace Authpwn
|
data/lib/authpwn_rails.rb
CHANGED
@@ -17,7 +17,9 @@ module Authpwn
|
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
|
+
require 'authpwn_rails/current_user.rb'
|
20
21
|
require 'authpwn_rails/facebook_session.rb'
|
22
|
+
require 'authpwn_rails/http_basic.rb'
|
21
23
|
require 'authpwn_rails/routes.rb'
|
22
24
|
require 'authpwn_rails/session.rb'
|
23
25
|
require 'authpwn_rails/test_extensions.rb'
|
data/test/helpers/routes.rb
CHANGED
@@ -6,6 +6,9 @@ class ActionController::TestCase
|
|
6
6
|
resource :cookie, :controller => 'cookie' do
|
7
7
|
collection { get :bouncer }
|
8
8
|
end
|
9
|
+
resource :http_basic, :controller => 'http_basic' do
|
10
|
+
collection { get :bouncer }
|
11
|
+
end
|
9
12
|
resource :facebook, :controller => 'facebook'
|
10
13
|
authpwn_session :controller => 'bare_session',
|
11
14
|
:method_names => 'bare_session'
|
@@ -0,0 +1,99 @@
|
|
1
|
+
require File.expand_path('../test_helper', __FILE__)
|
2
|
+
|
3
|
+
# Mock controller used for testing session handling.
|
4
|
+
class HttpBasicController < ApplicationController
|
5
|
+
authenticates_using_http_basic
|
6
|
+
|
7
|
+
def show
|
8
|
+
if current_user
|
9
|
+
render :text => "User: #{current_user.id}"
|
10
|
+
else
|
11
|
+
render :text => "No user"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def bouncer
|
16
|
+
bounce_to_http_basic
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
class HttpBasicControllerTest < ActionController::TestCase
|
21
|
+
setup do
|
22
|
+
@user = users(:jane)
|
23
|
+
end
|
24
|
+
|
25
|
+
test "no user_id in session cookie or header" do
|
26
|
+
get :show
|
27
|
+
assert_response :success
|
28
|
+
assert_nil assigns(:current_user)
|
29
|
+
assert_equal 'No user', response.body
|
30
|
+
end
|
31
|
+
|
32
|
+
test "valid user_id in session cookie" do
|
33
|
+
set_session_current_user @user
|
34
|
+
get :show
|
35
|
+
assert_response :success
|
36
|
+
assert_nil assigns(:current_user)
|
37
|
+
assert_equal 'No user', response.body
|
38
|
+
end
|
39
|
+
|
40
|
+
test "valid user credentials in header" do
|
41
|
+
set_http_basic_user @user, 'pa55w0rd'
|
42
|
+
get :show
|
43
|
+
assert_equal @user, assigns(:current_user)
|
44
|
+
assert_equal "User: #{ActiveRecord::Fixtures.identify(:jane)}",
|
45
|
+
response.body
|
46
|
+
end
|
47
|
+
|
48
|
+
test "invalid user credentials in header" do
|
49
|
+
set_http_basic_user @user, 'password'
|
50
|
+
get :show
|
51
|
+
assert_nil assigns(:current_user)
|
52
|
+
assert_equal 'No user', response.body
|
53
|
+
end
|
54
|
+
|
55
|
+
test "mocked user credentials in header" do
|
56
|
+
set_http_basic_user @user
|
57
|
+
get :show
|
58
|
+
assert_equal @user, assigns(:current_user)
|
59
|
+
assert_equal "User: #{ActiveRecord::Fixtures.identify(:jane)}",
|
60
|
+
response.body
|
61
|
+
end
|
62
|
+
|
63
|
+
test "invalid user_pid in session" do
|
64
|
+
get :show, {}, :current_user_pid => 'random@user.com'
|
65
|
+
assert_response :success
|
66
|
+
assert_nil assigns(:current_user)
|
67
|
+
end
|
68
|
+
|
69
|
+
test "valid user bounced to http authentication" do
|
70
|
+
set_http_basic_user @user
|
71
|
+
get :bouncer
|
72
|
+
assert_response :forbidden
|
73
|
+
assert_template 'session/forbidden'
|
74
|
+
assert_select 'a[href="/session"][data-method="delete"]', 'Log out'
|
75
|
+
end
|
76
|
+
|
77
|
+
test "valid user bounced in json" do
|
78
|
+
set_http_basic_user @user
|
79
|
+
get :bouncer, :format => 'json'
|
80
|
+
assert_response :ok
|
81
|
+
data = ActiveSupport::JSON.decode response.body
|
82
|
+
assert_match(/not allowed/i, data['error'])
|
83
|
+
end
|
84
|
+
|
85
|
+
test "no user_id bounced to http authentication" do
|
86
|
+
get :bouncer
|
87
|
+
assert_response :unauthorized
|
88
|
+
assert_equal 'Basic realm="Application"',
|
89
|
+
response.headers['WWW-Authenticate']
|
90
|
+
end
|
91
|
+
|
92
|
+
test "no user_id bounced in json" do
|
93
|
+
get :bouncer, :format => 'json'
|
94
|
+
assert_response :unauthorized
|
95
|
+
assert_equal 'Basic realm="Application"',
|
96
|
+
response.headers['WWW-Authenticate']
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authpwn_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.10.
|
4
|
+
version: 0.10.12
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-07-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fbgraph_rails
|
@@ -34,7 +34,7 @@ dependencies:
|
|
34
34
|
requirements:
|
35
35
|
- - ! '>='
|
36
36
|
- !ruby/object:Gem::Version
|
37
|
-
version: 3.2.
|
37
|
+
version: 3.2.6
|
38
38
|
type: :runtime
|
39
39
|
prerelease: false
|
40
40
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -42,7 +42,7 @@ dependencies:
|
|
42
42
|
requirements:
|
43
43
|
- - ! '>='
|
44
44
|
- !ruby/object:Gem::Version
|
45
|
-
version: 3.2.
|
45
|
+
version: 3.2.6
|
46
46
|
- !ruby/object:Gem::Dependency
|
47
47
|
name: bundler
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
@@ -50,7 +50,7 @@ dependencies:
|
|
50
50
|
requirements:
|
51
51
|
- - ! '>='
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version: 1.1.
|
53
|
+
version: 1.1.4
|
54
54
|
type: :development
|
55
55
|
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -58,7 +58,7 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - ! '>='
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 1.1.
|
61
|
+
version: 1.1.4
|
62
62
|
- !ruby/object:Gem::Dependency
|
63
63
|
name: flexmock
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -82,7 +82,7 @@ dependencies:
|
|
82
82
|
requirements:
|
83
83
|
- - ! '>='
|
84
84
|
- !ruby/object:Gem::Version
|
85
|
-
version: 1.8.
|
85
|
+
version: 1.8.4
|
86
86
|
type: :development
|
87
87
|
prerelease: false
|
88
88
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -90,7 +90,7 @@ dependencies:
|
|
90
90
|
requirements:
|
91
91
|
- - ! '>='
|
92
92
|
- !ruby/object:Gem::Version
|
93
|
-
version: 1.8.
|
93
|
+
version: 1.8.4
|
94
94
|
- !ruby/object:Gem::Dependency
|
95
95
|
name: rcov
|
96
96
|
requirement: !ruby/object:Gem::Requirement
|
@@ -146,7 +146,7 @@ dependencies:
|
|
146
146
|
requirements:
|
147
147
|
- - ! '>='
|
148
148
|
- !ruby/object:Gem::Version
|
149
|
-
version: 0.
|
149
|
+
version: 0.14.0
|
150
150
|
type: :development
|
151
151
|
prerelease: false
|
152
152
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -154,7 +154,7 @@ dependencies:
|
|
154
154
|
requirements:
|
155
155
|
- - ! '>='
|
156
156
|
- !ruby/object:Gem::Version
|
157
|
-
version: 0.
|
157
|
+
version: 0.14.0
|
158
158
|
- !ruby/object:Gem::Dependency
|
159
159
|
name: sqlite3
|
160
160
|
requirement: !ruby/object:Gem::Requirement
|
@@ -200,6 +200,7 @@ files:
|
|
200
200
|
- legacy/migrate_09_to_010.rb
|
201
201
|
- lib/authpwn_rails.rb
|
202
202
|
- lib/authpwn_rails/credential_model.rb
|
203
|
+
- lib/authpwn_rails/current_user.rb
|
203
204
|
- lib/authpwn_rails/engine.rb
|
204
205
|
- lib/authpwn_rails/facebook_session.rb
|
205
206
|
- lib/authpwn_rails/generators/all_generator.rb
|
@@ -222,6 +223,7 @@ files:
|
|
222
223
|
- lib/authpwn_rails/generators/templates/session_mailer_test.rb
|
223
224
|
- lib/authpwn_rails/generators/templates/user.rb
|
224
225
|
- lib/authpwn_rails/generators/templates/users.yml
|
226
|
+
- lib/authpwn_rails/http_basic.rb
|
225
227
|
- lib/authpwn_rails/routes.rb
|
226
228
|
- lib/authpwn_rails/session.rb
|
227
229
|
- lib/authpwn_rails/session_controller.rb
|
@@ -252,6 +254,7 @@ files:
|
|
252
254
|
- test/helpers/fbgraph.rb
|
253
255
|
- test/helpers/routes.rb
|
254
256
|
- test/helpers/view_helpers.rb
|
257
|
+
- test/http_basic_controller_test.rb
|
255
258
|
- test/routes_test.rb
|
256
259
|
- test/session_controller_api_test.rb
|
257
260
|
- test/session_mailer_api_test.rb
|
@@ -275,7 +278,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
275
278
|
version: '0'
|
276
279
|
segments:
|
277
280
|
- 0
|
278
|
-
hash:
|
281
|
+
hash: 546732945991405653
|
279
282
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
280
283
|
none: false
|
281
284
|
requirements:
|