authpwn_rails 0.7.1 → 0.7.2

data/VERSION

@@ -1 +1 @@
-0.7.1
+0.7.2

data/authpwn_rails.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{authpwn_rails}
-  s.version = "0.7.1"
+  s.version = "0.7.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = %q{2011-03-04}
+  s.date = %q{2011-03-06}
   s.description = %q{Works with Facebook.}
   s.email = %q{victor@costan.us}
   s.extra_rdoc_files = [
@@ -59,7 +59,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = %q{http://github.com/pwnall/authpwn_rails}
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.5.3}
+  s.rubygems_version = %q{1.6.0}
   s.summary = %q{User authentication for Rails 3 applications.}
   s.test_files = [
     "test/cookie_controller_test.rb",

data/lib/authpwn_rails/session.rb

@@ -64,12 +64,22 @@ module ControllerInstanceMethods
   # If no user is logged in, the user is redirected to session/new, and the
   # current request's URL is saved in flash[:auth_redirect_url].
   def bounce_user(redirect_url = request.url)
-    @redirect_url = redirect_url
-    if current_user
-      render 'session/forbidden', :status => :forbidden
-    else
-      flash[:auth_redirect_url] = redirect_url
-      render 'session/forbidden', :status => :forbidden
+    # NOTE: this is tested in CookieControllerTest
+    respond_to do |format|
+      format.html do
+        @redirect_url = redirect_url
+        if current_user
+          render 'session/forbidden', :status => :forbidden
+        else
+          flash[:auth_redirect_url] = redirect_url
+          render 'session/forbidden', :status => :forbidden
+        end
+      end
+      format.json do
+        message = current_user ? "You're not allowed to access that" :
+                                 'Please sign in'
+        render :json => { :error => message }
+      end
     end
   end
 end

data/test/cookie_controller_test.rb

@@ -49,6 +49,14 @@ class CookieControllerTest < ActionController::TestCase
     assert_response :forbidden
     assert_template 'session/forbidden'
   end
+
+  test "valid user_id bounced in json" do
+    set_session_current_user @user
+    get :bouncer, :format => 'json'
+    assert_response :ok
+    data = ActiveSupport::JSON.decode response.body
+    assert_match(/not allowed/i, data['error'])
+  end
   
   test "no user_id bounced" do
     get :bouncer
@@ -58,4 +66,11 @@ class CookieControllerTest < ActionController::TestCase
     
     assert_select 'script', %r/.*window.location.*#{new_session_path}.*/
   end
+
+  test "no user_id bounced in json" do
+    get :bouncer, :format => 'json'
+    assert_response :ok
+    data = ActiveSupport::JSON.decode response.body
+    assert_match(/sign in/i, data['error'])
+  end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: authpwn_rails
 version: !ruby/object:Gem::Version 
-  hash: 1
+  hash: 7
   prerelease: 
   segments: 
   - 0
   - 7
-  - 1
-  version: 0.7.1
+  - 2
+  version: 0.7.2
 platform: ruby
 authors: 
 - Victor Costan
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-04 00:00:00 -05:00
+date: 2011-03-06 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.5.3
+rubygems_version: 1.6.0
 signing_key: 
 specification_version: 3
 summary: User authentication for Rails 3 applications.