authpwn_rails 0.5.6 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.5.6
1
+ 0.6.0
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{authpwn_rails}
8
- s.version = "0.5.6"
8
+ s.version = "0.6.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Victor Costan"]
12
- s.date = %q{2010-11-18}
12
+ s.date = %q{2010-11-25}
13
13
  s.description = %q{Works with Facebook.}
14
14
  s.email = %q{victor@costan.us}
15
15
  s.extra_rdoc_files = [
@@ -34,6 +34,7 @@ Gem::Specification.new do |s|
34
34
  "lib/authpwn_rails/generators/templates/002_create_facebook_tokens.rb",
35
35
  "lib/authpwn_rails/generators/templates/facebook_token.rb",
36
36
  "lib/authpwn_rails/generators/templates/facebook_tokens.yml",
37
+ "lib/authpwn_rails/generators/templates/session/forbidden.html.erb",
37
38
  "lib/authpwn_rails/generators/templates/session/home.html.erb",
38
39
  "lib/authpwn_rails/generators/templates/session/new.html.erb",
39
40
  "lib/authpwn_rails/generators/templates/session/welcome.html.erb",
@@ -8,6 +8,8 @@ class SessionGenerator < Rails::Generators::Base
8
8
  def create_session
9
9
  copy_file 'session_controller.rb',
10
10
  File.join('app', 'controllers', 'session_controller.rb')
11
+ copy_file File.join('session', 'forbidden.html.erb'),
12
+ File.join('app', 'views', 'session', 'forbidden.html.erb')
11
13
  copy_file File.join('session', 'home.html.erb'),
12
14
  File.join('app', 'views', 'session', 'home.html.erb')
13
15
  copy_file File.join('session', 'new.html.erb'),
@@ -0,0 +1,20 @@
1
+ <p>
2
+ This view gets displayed when the user tries to access something forbidden.
3
+ </p>
4
+
5
+ <% if current_user %>
6
+ <p>
7
+ You should inform the user that they are logged in as
8
+ <%= current_user.email %> and suggest them to
9
+ <%= link_to 'Log out', session_path, :method => :destroy %> and log in as a
10
+ different user.
11
+ </p>
12
+ <% else %>
13
+ <p>
14
+ The user will only see this if JavaScript is disabled. Ask them to
15
+ <%= link_to 'Log in', new_session_path %>.
16
+ </p>
17
+ <script type="text/javascript">
18
+ window.location = "<%= new_session_path %>";
19
+ </script>
20
+ <% end %>
@@ -4,6 +4,13 @@
4
4
  <p class="notice"><%= flash[:notice] %></p>
5
5
  <% end %>
6
6
 
7
+ <% if @redirect_url %>
8
+ <p>
9
+ We need you to log in before we can show you the page that you are trying to
10
+ view.
11
+ </p>
12
+ <% end %>
13
+
7
14
  <%= form_for User.new, :url => session_path do |f| %>
8
15
  <div class="field">
9
16
  <%= f.label :email, 'Email Address' %><br />
@@ -17,5 +24,9 @@
17
24
 
18
25
  <div class="actions">
19
26
  <%= f.submit 'Log in' %>
27
+
28
+ <% if @redirect_url %>
29
+ <%= hidden_field_tag :redirect_url, @redirect_url %>
30
+ <% end %>
20
31
  </div>
21
32
  <% end %>
@@ -54,7 +54,24 @@ module ControllerInstanceMethods
54
54
  user = user_param && User.find_by_param(user_param)
55
55
  self.current_user = user if user
56
56
  end
57
- private :authenticate_using_session
57
+ private :authenticate_using_session
58
+
59
+ # Inform the user that their request is forbidden.
60
+ #
61
+ # If a user is logged on, this renders the session/forbidden view with a HTTP
62
+ # 403 code.
63
+ #
64
+ # If no user is logged in, the user is redirected to session/new, and the
65
+ # current request's URL is saved in flash[:auth_redirect_url].
66
+ def bounce_user(redirect_url = request.url)
67
+ @redirect_url = redirect_url
68
+ if current_user
69
+ render 'session/forbidden', :status => :forbidden
70
+ else
71
+ flash[:auth_redirect_url] = redirect_url
72
+ render 'session/forbidden', :status => :forbidden
73
+ end
74
+ end
58
75
  end
59
76
 
60
77
  # Included in controllers that call authenticates_using_session.
@@ -62,6 +79,7 @@ module SessionControllerInstanceMethods
62
79
  # GET /session/new
63
80
  def new
64
81
  @user = User.new
82
+ @redirect_url = flash[:auth_redirect_url]
65
83
  redirect_to session_url if current_user
66
84
  end
67
85
 
@@ -80,15 +98,18 @@ module SessionControllerInstanceMethods
80
98
  # POST /session
81
99
  def create
82
100
  @user = User.new params[:user]
101
+ @redirect_url = params[:redirect_url] || session_url
83
102
  self.current_user =
84
103
  User.find_by_email_and_password @user.email, @user.password
85
104
 
86
105
  respond_to do |format|
87
106
  if current_user
88
- format.html { redirect_to session_url }
107
+ format.html { redirect_to @redirect_url }
89
108
  else
90
109
  format.html do
91
- redirect_to new_session_url, :notice => 'Invalid e-mail or password'
110
+ redirect_to new_session_url, :flash => {
111
+ :notice => 'Invalid e-mail or password',
112
+ :auth_redirect_url => @redirect_url }
92
113
  end
93
114
  end
94
115
  end
@@ -11,6 +11,10 @@ class CookieController < ApplicationController
11
11
  render :text => "No user"
12
12
  end
13
13
  end
14
+
15
+ def bouncer
16
+ bounce_user
17
+ end
14
18
  end
15
19
 
16
20
  class CookieControllerTest < ActionController::TestCase
@@ -38,4 +42,20 @@ class CookieControllerTest < ActionController::TestCase
38
42
  assert_response :success
39
43
  assert_nil assigns(:current_user)
40
44
  end
45
+
46
+ test "valid user_id bounced" do
47
+ set_session_current_user @user
48
+ get :bouncer
49
+ assert_response :forbidden
50
+ assert_template 'session/forbidden'
51
+ end
52
+
53
+ test "no user_id bounced" do
54
+ get :bouncer
55
+ assert_response :forbidden
56
+ assert_template 'session/forbidden'
57
+ assert_equal bouncer_cookie_url, flash[:auth_redirect_url]
58
+
59
+ assert_select 'script', %r/.*window.location.*#{new_session_path}.*/
60
+ end
41
61
  end
@@ -3,7 +3,9 @@ class ActionController::TestCase
3
3
  def setup_routes
4
4
  @routes = ActionController::Routing::RouteSet.new
5
5
  @routes.draw do
6
- resource :cookie, :controller => 'cookie'
6
+ resource :cookie, :controller => 'cookie' do
7
+ collection { get :bouncer }
8
+ end
7
9
  resource :facebook, :controller => 'facebook'
8
10
  # NOTE: this route should be kept in sync with the session template.
9
11
  resource :session, :controller => 'session'
@@ -46,7 +46,17 @@ class SessionControllerApiTest < ActionController::TestCase
46
46
  assert_select 'input#user_password'
47
47
  assert_select 'input[type=submit]'
48
48
  end
49
- end
49
+ end
50
+
51
+ test "new renders redirect_url when present in flash" do
52
+ url = 'http://authpwn.redirect.url'
53
+ get :new, {}, {}, { :auth_redirect_url => url }
54
+ assert_template :new
55
+ assert_equal url, assigns(:redirect_url), 'redirect_url should be set'
56
+ assert_select 'form' do
57
+ assert_select "input[name=redirect_url][value=#{url}]"
58
+ end
59
+ end
50
60
 
51
61
  test "create logs in with good account details" do
52
62
  post :create, :user => { :email => @user.email, :password => 'password' }
@@ -55,6 +65,13 @@ class SessionControllerApiTest < ActionController::TestCase
55
65
  assert_equal @user, session_current_user, 'session'
56
66
  end
57
67
 
68
+ test "create redirects properly with good account details" do
69
+ url = 'http://authpwn.redirect.url'
70
+ post :create, :user => { :email => @user.email, :password => 'password' },
71
+ :redirect_url => url
72
+ assert_redirected_to url
73
+ end
74
+
58
75
  test "create does not log in with bad password" do
59
76
  post :create, :user => { :email => @user.email, :password => 'fail' }
60
77
  assert_redirected_to new_session_url
@@ -63,6 +80,15 @@ class SessionControllerApiTest < ActionController::TestCase
63
80
  assert_not_nil flash[:notice]
64
81
  end
65
82
 
83
+ test "create maintains redirect_url for bad logins" do
84
+ url = 'http://authpwn.redirect.url'
85
+ post :create, :user => { :email => @user.email, :password => 'fail' },
86
+ :redirect_url => url
87
+ assert_redirected_to new_session_url
88
+ assert_not_nil flash[:notice]
89
+ assert_equal url, flash[:auth_redirect_url]
90
+ end
91
+
66
92
  test "create does not log in with bad e-mail" do
67
93
  post :create, :user => { :email => 'nobody@gmail.com', :password => 'no' }
68
94
  assert_redirected_to new_session_url
metadata CHANGED
@@ -5,9 +5,9 @@ version: !ruby/object:Gem::Version
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
- - 5
9
8
  - 6
10
- version: 0.5.6
9
+ - 0
10
+ version: 0.6.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Victor Costan
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-11-18 00:00:00 -05:00
18
+ date: 2010-11-25 00:00:00 -05:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -93,6 +93,7 @@ files:
93
93
  - lib/authpwn_rails/generators/templates/002_create_facebook_tokens.rb
94
94
  - lib/authpwn_rails/generators/templates/facebook_token.rb
95
95
  - lib/authpwn_rails/generators/templates/facebook_tokens.yml
96
+ - lib/authpwn_rails/generators/templates/session/forbidden.html.erb
96
97
  - lib/authpwn_rails/generators/templates/session/home.html.erb
97
98
  - lib/authpwn_rails/generators/templates/session/new.html.erb
98
99
  - lib/authpwn_rails/generators/templates/session/welcome.html.erb