authpwn_rails 0.5.6 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/authpwn_rails.gemspec +3 -2
- data/lib/authpwn_rails/generators/session_generator.rb +2 -0
- data/lib/authpwn_rails/generators/templates/session/forbidden.html.erb +20 -0
- data/lib/authpwn_rails/generators/templates/session/new.html.erb +11 -0
- data/lib/authpwn_rails/session.rb +24 -3
- data/test/cookie_controller_test.rb +20 -0
- data/test/helpers/routes.rb +3 -1
- data/test/session_controller_api_test.rb +27 -1
- metadata +4 -3
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.6.0
|
data/authpwn_rails.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{authpwn_rails}
|
8
|
-
s.version = "0.
|
8
|
+
s.version = "0.6.0"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Victor Costan"]
|
12
|
-
s.date = %q{2010-11-
|
12
|
+
s.date = %q{2010-11-25}
|
13
13
|
s.description = %q{Works with Facebook.}
|
14
14
|
s.email = %q{victor@costan.us}
|
15
15
|
s.extra_rdoc_files = [
|
@@ -34,6 +34,7 @@ Gem::Specification.new do |s|
|
|
34
34
|
"lib/authpwn_rails/generators/templates/002_create_facebook_tokens.rb",
|
35
35
|
"lib/authpwn_rails/generators/templates/facebook_token.rb",
|
36
36
|
"lib/authpwn_rails/generators/templates/facebook_tokens.yml",
|
37
|
+
"lib/authpwn_rails/generators/templates/session/forbidden.html.erb",
|
37
38
|
"lib/authpwn_rails/generators/templates/session/home.html.erb",
|
38
39
|
"lib/authpwn_rails/generators/templates/session/new.html.erb",
|
39
40
|
"lib/authpwn_rails/generators/templates/session/welcome.html.erb",
|
@@ -8,6 +8,8 @@ class SessionGenerator < Rails::Generators::Base
|
|
8
8
|
def create_session
|
9
9
|
copy_file 'session_controller.rb',
|
10
10
|
File.join('app', 'controllers', 'session_controller.rb')
|
11
|
+
copy_file File.join('session', 'forbidden.html.erb'),
|
12
|
+
File.join('app', 'views', 'session', 'forbidden.html.erb')
|
11
13
|
copy_file File.join('session', 'home.html.erb'),
|
12
14
|
File.join('app', 'views', 'session', 'home.html.erb')
|
13
15
|
copy_file File.join('session', 'new.html.erb'),
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<p>
|
2
|
+
This view gets displayed when the user tries to access something forbidden.
|
3
|
+
</p>
|
4
|
+
|
5
|
+
<% if current_user %>
|
6
|
+
<p>
|
7
|
+
You should inform the user that they are logged in as
|
8
|
+
<%= current_user.email %> and suggest them to
|
9
|
+
<%= link_to 'Log out', session_path, :method => :destroy %> and log in as a
|
10
|
+
different user.
|
11
|
+
</p>
|
12
|
+
<% else %>
|
13
|
+
<p>
|
14
|
+
The user will only see this if JavaScript is disabled. Ask them to
|
15
|
+
<%= link_to 'Log in', new_session_path %>.
|
16
|
+
</p>
|
17
|
+
<script type="text/javascript">
|
18
|
+
window.location = "<%= new_session_path %>";
|
19
|
+
</script>
|
20
|
+
<% end %>
|
@@ -4,6 +4,13 @@
|
|
4
4
|
<p class="notice"><%= flash[:notice] %></p>
|
5
5
|
<% end %>
|
6
6
|
|
7
|
+
<% if @redirect_url %>
|
8
|
+
<p>
|
9
|
+
We need you to log in before we can show you the page that you are trying to
|
10
|
+
view.
|
11
|
+
</p>
|
12
|
+
<% end %>
|
13
|
+
|
7
14
|
<%= form_for User.new, :url => session_path do |f| %>
|
8
15
|
<div class="field">
|
9
16
|
<%= f.label :email, 'Email Address' %><br />
|
@@ -17,5 +24,9 @@
|
|
17
24
|
|
18
25
|
<div class="actions">
|
19
26
|
<%= f.submit 'Log in' %>
|
27
|
+
|
28
|
+
<% if @redirect_url %>
|
29
|
+
<%= hidden_field_tag :redirect_url, @redirect_url %>
|
30
|
+
<% end %>
|
20
31
|
</div>
|
21
32
|
<% end %>
|
@@ -54,7 +54,24 @@ module ControllerInstanceMethods
|
|
54
54
|
user = user_param && User.find_by_param(user_param)
|
55
55
|
self.current_user = user if user
|
56
56
|
end
|
57
|
-
private :authenticate_using_session
|
57
|
+
private :authenticate_using_session
|
58
|
+
|
59
|
+
# Inform the user that their request is forbidden.
|
60
|
+
#
|
61
|
+
# If a user is logged on, this renders the session/forbidden view with a HTTP
|
62
|
+
# 403 code.
|
63
|
+
#
|
64
|
+
# If no user is logged in, the user is redirected to session/new, and the
|
65
|
+
# current request's URL is saved in flash[:auth_redirect_url].
|
66
|
+
def bounce_user(redirect_url = request.url)
|
67
|
+
@redirect_url = redirect_url
|
68
|
+
if current_user
|
69
|
+
render 'session/forbidden', :status => :forbidden
|
70
|
+
else
|
71
|
+
flash[:auth_redirect_url] = redirect_url
|
72
|
+
render 'session/forbidden', :status => :forbidden
|
73
|
+
end
|
74
|
+
end
|
58
75
|
end
|
59
76
|
|
60
77
|
# Included in controllers that call authenticates_using_session.
|
@@ -62,6 +79,7 @@ module SessionControllerInstanceMethods
|
|
62
79
|
# GET /session/new
|
63
80
|
def new
|
64
81
|
@user = User.new
|
82
|
+
@redirect_url = flash[:auth_redirect_url]
|
65
83
|
redirect_to session_url if current_user
|
66
84
|
end
|
67
85
|
|
@@ -80,15 +98,18 @@ module SessionControllerInstanceMethods
|
|
80
98
|
# POST /session
|
81
99
|
def create
|
82
100
|
@user = User.new params[:user]
|
101
|
+
@redirect_url = params[:redirect_url] || session_url
|
83
102
|
self.current_user =
|
84
103
|
User.find_by_email_and_password @user.email, @user.password
|
85
104
|
|
86
105
|
respond_to do |format|
|
87
106
|
if current_user
|
88
|
-
format.html { redirect_to
|
107
|
+
format.html { redirect_to @redirect_url }
|
89
108
|
else
|
90
109
|
format.html do
|
91
|
-
redirect_to new_session_url, :
|
110
|
+
redirect_to new_session_url, :flash => {
|
111
|
+
:notice => 'Invalid e-mail or password',
|
112
|
+
:auth_redirect_url => @redirect_url }
|
92
113
|
end
|
93
114
|
end
|
94
115
|
end
|
@@ -11,6 +11,10 @@ class CookieController < ApplicationController
|
|
11
11
|
render :text => "No user"
|
12
12
|
end
|
13
13
|
end
|
14
|
+
|
15
|
+
def bouncer
|
16
|
+
bounce_user
|
17
|
+
end
|
14
18
|
end
|
15
19
|
|
16
20
|
class CookieControllerTest < ActionController::TestCase
|
@@ -38,4 +42,20 @@ class CookieControllerTest < ActionController::TestCase
|
|
38
42
|
assert_response :success
|
39
43
|
assert_nil assigns(:current_user)
|
40
44
|
end
|
45
|
+
|
46
|
+
test "valid user_id bounced" do
|
47
|
+
set_session_current_user @user
|
48
|
+
get :bouncer
|
49
|
+
assert_response :forbidden
|
50
|
+
assert_template 'session/forbidden'
|
51
|
+
end
|
52
|
+
|
53
|
+
test "no user_id bounced" do
|
54
|
+
get :bouncer
|
55
|
+
assert_response :forbidden
|
56
|
+
assert_template 'session/forbidden'
|
57
|
+
assert_equal bouncer_cookie_url, flash[:auth_redirect_url]
|
58
|
+
|
59
|
+
assert_select 'script', %r/.*window.location.*#{new_session_path}.*/
|
60
|
+
end
|
41
61
|
end
|
data/test/helpers/routes.rb
CHANGED
@@ -3,7 +3,9 @@ class ActionController::TestCase
|
|
3
3
|
def setup_routes
|
4
4
|
@routes = ActionController::Routing::RouteSet.new
|
5
5
|
@routes.draw do
|
6
|
-
resource :cookie, :controller => 'cookie'
|
6
|
+
resource :cookie, :controller => 'cookie' do
|
7
|
+
collection { get :bouncer }
|
8
|
+
end
|
7
9
|
resource :facebook, :controller => 'facebook'
|
8
10
|
# NOTE: this route should be kept in sync with the session template.
|
9
11
|
resource :session, :controller => 'session'
|
@@ -46,7 +46,17 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
46
46
|
assert_select 'input#user_password'
|
47
47
|
assert_select 'input[type=submit]'
|
48
48
|
end
|
49
|
-
end
|
49
|
+
end
|
50
|
+
|
51
|
+
test "new renders redirect_url when present in flash" do
|
52
|
+
url = 'http://authpwn.redirect.url'
|
53
|
+
get :new, {}, {}, { :auth_redirect_url => url }
|
54
|
+
assert_template :new
|
55
|
+
assert_equal url, assigns(:redirect_url), 'redirect_url should be set'
|
56
|
+
assert_select 'form' do
|
57
|
+
assert_select "input[name=redirect_url][value=#{url}]"
|
58
|
+
end
|
59
|
+
end
|
50
60
|
|
51
61
|
test "create logs in with good account details" do
|
52
62
|
post :create, :user => { :email => @user.email, :password => 'password' }
|
@@ -55,6 +65,13 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
55
65
|
assert_equal @user, session_current_user, 'session'
|
56
66
|
end
|
57
67
|
|
68
|
+
test "create redirects properly with good account details" do
|
69
|
+
url = 'http://authpwn.redirect.url'
|
70
|
+
post :create, :user => { :email => @user.email, :password => 'password' },
|
71
|
+
:redirect_url => url
|
72
|
+
assert_redirected_to url
|
73
|
+
end
|
74
|
+
|
58
75
|
test "create does not log in with bad password" do
|
59
76
|
post :create, :user => { :email => @user.email, :password => 'fail' }
|
60
77
|
assert_redirected_to new_session_url
|
@@ -63,6 +80,15 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
63
80
|
assert_not_nil flash[:notice]
|
64
81
|
end
|
65
82
|
|
83
|
+
test "create maintains redirect_url for bad logins" do
|
84
|
+
url = 'http://authpwn.redirect.url'
|
85
|
+
post :create, :user => { :email => @user.email, :password => 'fail' },
|
86
|
+
:redirect_url => url
|
87
|
+
assert_redirected_to new_session_url
|
88
|
+
assert_not_nil flash[:notice]
|
89
|
+
assert_equal url, flash[:auth_redirect_url]
|
90
|
+
end
|
91
|
+
|
66
92
|
test "create does not log in with bad e-mail" do
|
67
93
|
post :create, :user => { :email => 'nobody@gmail.com', :password => 'no' }
|
68
94
|
assert_redirected_to new_session_url
|
metadata
CHANGED
@@ -5,9 +5,9 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
- 5
|
9
8
|
- 6
|
10
|
-
|
9
|
+
- 0
|
10
|
+
version: 0.6.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Victor Costan
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-11-
|
18
|
+
date: 2010-11-25 00:00:00 -05:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -93,6 +93,7 @@ files:
|
|
93
93
|
- lib/authpwn_rails/generators/templates/002_create_facebook_tokens.rb
|
94
94
|
- lib/authpwn_rails/generators/templates/facebook_token.rb
|
95
95
|
- lib/authpwn_rails/generators/templates/facebook_tokens.yml
|
96
|
+
- lib/authpwn_rails/generators/templates/session/forbidden.html.erb
|
96
97
|
- lib/authpwn_rails/generators/templates/session/home.html.erb
|
97
98
|
- lib/authpwn_rails/generators/templates/session/new.html.erb
|
98
99
|
- lib/authpwn_rails/generators/templates/session/welcome.html.erb
|