hassox-warden 0.2.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Daniel Neighman
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.textile

@@ -0,0 +1 @@
+Please see the "Warden Wiki":http://wiki.github.com/hassox/warden for overview documentation.

data/Rakefile

@@ -0,0 +1,57 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+require 'rubygems/specification'
+require 'date'
+require 'spec/rake/spectask'
+
+GEM = "warden"
+GEM_VERSION = "0.2.1"
+AUTHOR = "Daniel Neighman"
+EMAIL = "has.sox@gmail.com"
+HOMEPAGE = "http://github.com/hassox/warden"
+SUMMARY = "Rack middleware that provides authentication for rack applications"
+
+spec = Gem::Specification.new do |s|
+  s.name = GEM
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README.textile", "LICENSE", 'TODO.textile']
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  
+  # Uncomment this to add a dependency
+  # s.add_dependency "foo"
+  
+  s.require_path = 'lib'
+  s.autorequire = GEM
+  s.files = %w(LICENSE README.textile Rakefile TODO.textile) + Dir.glob("{lib,spec}/**/*")
+end
+
+task :default => :spec
+
+desc "Run specs"
+Spec::Rake::SpecTask.new do |t|
+  t.spec_files = FileList['spec/**/*_spec.rb']
+  t.spec_opts = %w(-fs --color)
+end
+
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the gem locally"
+task :install => [:package] do
+  sh %{sudo gem install pkg/#{GEM}-#{GEM_VERSION}}
+end
+
+desc "create a gemspec file"
+task :make_spec do
+  File.open("#{GEM}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end

data/TODO.textile

@@ -0,0 +1,2 @@
+* Allow a spec / test mode where a _spec_authenticate! method is called on a strategy instead if present
+* Implement back urls

data/lib/warden.rb

@@ -0,0 +1,14 @@
+require 'forwardable'
+$:.unshift File.join(File.dirname(__FILE__))
+require 'warden/mixins/common'
+require 'warden/proxy'
+require 'warden/manager'
+require 'warden/errors'
+require 'warden/authentication/hooks'
+require 'warden/authentication/strategy_base'
+require 'warden/authentication/strategies'
+
+
+module Warden
+  class NotAuthenticated < StandardError; end
+end

data/lib/warden/authentication/hooks.rb

@@ -0,0 +1,125 @@
+module Warden
+  class Manager
+    
+    class << self
+      # A callback hook set to run every time after a user is set.
+      # This will happen the first time the user is either authenticated, accessed or manually set
+      # during a request.  You can supply as many hooks as you like, and they will be run in order of decleration
+      # 
+      # Parameters: 
+      # <block> A block where you can set arbitrary logic to run every time a user is set
+      #   Block Parameters: |user, auth, opts|
+      #     user - The user object that is being set
+      #     auth - The raw authentication proxy object.  
+      #     opts - any options passed into the set_user call includeing :scope
+      # 
+      # Example:
+      #   Warden::Manager.after_set_user do |user,auth,opts|
+      #     scope = opts[:scope]
+      #     if auth.session["#{scope}.last_access"].to_i > (Time.now - 5.minutes)
+      #       auth.logout(scope)
+      #       throw(:warden, :scope => scope, :reason => "Times Up")
+      #     end
+      #     auth.session["#{scope}.last_access"] = Time.now
+      #   end
+      #
+      # :api: public
+      def after_set_user(&block)
+        raise BlockNotGiven unless block_given?
+        _after_set_user << block
+      end
+      
+      # Provides access to the array of after_set_user blocks to run
+      # :api: private
+      def _after_set_user # :nodoc:
+        @_after_set_user ||= []
+      end
+      
+      # A callback hook set to run after the first authentiation of a session.  
+      # This will only happenwhen the session is first authenticated
+      # 
+      # Parameters:
+      # <block> A block to contain logic for the callback
+      #   Block Parameters: |user, auth, opts|
+      #     user - The user object that is being set
+      #     auth - The raw authentication proxy object.  
+      #     opts - any options passed into the authenticate call includeing :scope
+      # 
+      # Example:
+      #
+      #   Warden::Manager.after_authentication do |user, auth, opts|
+      #     throw(:warden, opts) unless user.active?
+      #   end
+      #
+      # :api: public
+      def after_authentication(&block)
+        raise BlockNotGiven unless block_given?
+        _after_authentication << block
+      end
+      
+      # Provides access to the array of after_authentication blocks
+      # :api: private
+      def _after_authentication
+        @_after_authentication ||= []
+      end
+      
+      # A callback that runs just prior to the failur application being called.  
+      # This callback occurs after PATH_INFO has been modified for the failure (default /unauthenticated)
+      # In this callback you can mutate the environment as required by the failure application
+      # If a Rails controller were used for the failure_app for example, you would need to set request[:params][:action] = :unauthenticated
+      # 
+      # Parameters:
+      # <block> A block to contain logic for the callback
+      #   Block Parameters: |user, auth, opts|
+      #     env - The rack env hash
+      #     opts - any options passed into the authenticate call includeing :scope
+      #
+      # Example:
+      #   Warden::Manager.before_failure do |env, opts|
+      #     params = Rack::Request.new(env).params
+      #     params[:action] = :unauthenticated
+      #     params[:warden_failure] = opts
+      #   end
+      # 
+      # :api: public
+      def before_failure(&block)
+        _before_failure << block
+      end
+      
+      # Provides access to the callback array for before_failure
+      # :api: private
+      def _before_failure
+        @_before_failure ||= []
+      end
+      
+      # A callback that runs just after to the failur application being called.  
+      # This callback is primarily included for Rails 2.3 since Rails 2.3 controllers are not pure Rack Applications
+      # Return whatever you want to be returned for the actual rack response array
+      # 
+      # Parameters:
+      # <block> A block to contain logic for the callback
+      #   Block Parameters: |user, auth, opts|
+      #     result - The result of the rack application
+      #     opts - any options passed into the authenticate call includeing :scope
+      #
+      # Example:
+      #   # Rails 2.3 after_failure
+      #   Warden::Manager.after_failure do |result|
+      #    result.to_a
+      #   end
+      # 
+      # :api: public
+      def after_failure(&block)
+        _after_failure << block
+      end
+      
+      # Provides access to the callback array for after_failure
+      # :api: private
+      def _after_failure
+        @_after_failure ||= []
+      end
+      
+    end
+    
+  end # Manager
+end # Warden

data/lib/warden/authentication/strategies.rb

@@ -0,0 +1,58 @@
+module Warden
+  module Strategies
+    class << self
+      
+      # Adds a strategy to the grab-bag of strategies available to use.
+      # A strategy is a place where you can put logic related to authentication.
+      # A strategy inherits from Warden::Strategies::Base.  The _add_ method provides a clean way
+      # to declare your strategies.  
+      # You _must_ declare an @authenticate!@ method.
+      # You _may_ provide a @valid?@ method.
+      # The valid method should return true or false depending on if the strategy is a valid one for the request.
+      # 
+      # Parameters: 
+      #   <label: Symbol> The label is the name given to a strategy.  Use the label to refer to the strategy when authenticating
+      #   <strategy: Class|nil> The optional stragtegy argument if set _must_ be a class that inherits from Warden::Strategies::Base and _must_
+      #                         implement an @authenticate!@ method
+      #   <block> The block acts as a convinient way to declare your strategy.  Inside is the class definition of a strategy.
+      #
+      # Examples:
+      #
+      #   Block Declared Strategy:
+      #    Warden::Strategies.add(:foo) do
+      #      def authenticate!
+      #        # authentication logic
+      #      end
+      #    end
+      #
+      #    Class Declared Strategy:
+      #      Warden::Strategies.add(:foo, MyStrategy)
+      #
+      # :api: public
+      def add(label, strategy = nil, &blk)
+        strategy = strategy.nil? ? Class.new(Warden::Strategies::Base, &blk) : strategy
+        raise NoMethodError, "authenticate! is not declared in the #{label} strategy" if !strategy.method_defined?(:authenticate!)
+        raise "#{label.inspect} is Not a Warden::Strategy::Base" if !strategy.ancestors.include?(Warden::Strategies::Base)
+        _strategies[label] = strategy
+      end
+      
+      # Provides access to declared strategies by label
+      # :api: public
+      def [](label)
+        _strategies[label]
+      end
+      
+      # Clears all declared middleware.
+      # :api: public
+      def clear!
+        @strategies = {}
+      end
+
+      # :api: private
+      def _strategies
+        @strategies ||= {}
+      end
+    end # << self
+    
+  end # Strategies
+end # Warden

data/lib/warden/authentication/strategy_base.rb

@@ -0,0 +1,124 @@
+module Warden
+  module Strategies
+    class Base
+      # :api: public
+      attr_accessor :user, :message
+      
+      #:api: private
+      attr_accessor :result, :custom_response
+      
+      # Setup for redirection
+      # :api: private
+      attr_reader   :_status
+      
+      # Accessor for the rack env
+      # :api: public 
+      attr_reader   :env
+      include ::Warden::Mixins::Common
+      
+      # :api: private
+      def initialize(env, config = {}) # :nodoc:
+        @config = config
+        @env, @_status, @headers = env, nil, {}
+        @halted = false       
+      end
+      
+      # The method that is called from above.  This method calls the underlying authetniate! method
+      # :api: private
+      def _run! # :nodoc:
+        result = authenticate!
+        self
+      end
+      
+      # Acts as a guarding method for the strategy.  
+      # If #valid? responds false, the strategy will not be executed
+      # Overwrite with your own logic
+      # :api: overwritable
+      def valid?; true; end
+      
+      # Provides access to the headers hash for setting custom headers
+      # :api: public
+      def headers(header = {})
+        @headers ||= {}
+        @headers.merge! header
+        @headers
+      end
+    
+      # Access to the errors object.
+      # :api: public
+      def errors
+        @env['warden.errors']
+      end
+      
+      # Cause the processing of the strategies to stop and cascade no further
+      # :api: public
+      def halt!
+        @halted = true
+      end
+      
+      # Checks to see if a strategy was halted
+      # :api: public
+      def halted?
+        !!@halted
+      end
+      
+      # A simple method to return from authenticate! if you want to ignore this strategy
+      # :api: public
+      def pass; end
+      
+      # Whenever you want to provide a user object as "authenticated" use the +success!+ method.
+      # This will halt the strategy, and set the user in the approprieate scope.  
+      # It is the "login" method
+      # 
+      # Parameters:
+      #   user - The user object to login.  This object can be anything you have setup to serialize in and out of the session
+      #
+      # :api: public
+      def success!(user)
+        halt!
+        @user   = user
+        @result = :success
+      end
+      
+      # This causes the strategy to fail.  It does not throw an :warden symbol to drop the request out to the failure application
+      # You must throw an :warden symbol somewhere in the application to enforce this
+      # :api: public
+      def fail!(message = "Failed to Login")
+        halt!
+        @message = message
+        @result = :failure
+      end
+      
+      # Causes the authentication to redirect.  An :warden symbol must be thrown to actually execute this redirect
+      #
+      # Parameters:
+      #  url <String> - The string representing the URL to be redirected to
+      #  pararms <Hash> - Any parameters to encode into the URL
+      #  opts <Hash> - Any options to recirect with.  
+      #    available options: permanent => (true || false)
+      #
+      # :api: public
+      def redirect!(url, params = {}, opts = {})
+        halt!
+        @_status = opts[:permanent] ? 301 : 302
+        headers["Location"] = url
+        headers["Location"] << "?" << Rack::Utils.build_query(params) unless params.empty?
+          
+        @message = opts[:message].nil? ? "You are being redirected to #{headers["Location"]}" : opts[:message]
+        
+        @result = :redirect
+
+        headers["Location"]
+      end
+      
+      # Return a custom rack array.  You must throw an :warden symbol to activate this
+      # :api: public
+      def custom!(response)
+        halt!
+        @custom_response = response
+        @result = :custom
+      end  
+      
+    end # Base
+  end # Strategies
+end # Warden

data/lib/warden/errors.rb

@@ -0,0 +1,70 @@
+module Warden
+  class Proxy 
+    # :api: public
+    def errors
+      @env['warden.errors'] ||= Errors.new
+    end
+
+    # Lifted from DataMapper's dm-validations plugin :)
+    # @author Guy van den Berg
+    # @since  DM 0.9
+    class Errors
+
+      include Enumerable
+
+      # Clear existing authentication errors.
+      def clear!
+        errors.clear
+      end
+
+      # Add a authentication error. Use the field_name :general if the errors does
+      # not apply to a specific field of the Resource.
+      #
+      # @param <Symbol> field_name the name of the field that caused the error
+      # @param <String> message    the message to add
+      def add(field_name, message)
+        (errors[field_name] ||= []) << message
+      end
+
+      # Collect all errors into a single list.
+      def full_messages
+        errors.inject([]) do |list,pair|
+          list += pair.last
+        end
+      end
+
+      # Return authentication errors for a particular field_name.
+      #
+      # @param <Symbol> field_name the name of the field you want an error for
+      def on(field_name)
+        errors_for_field = errors[field_name]
+        blank?(errors_for_field) ? nil : errors_for_field
+      end
+
+      def each
+        errors.map.each do |k,v|
+          next if blank?(v)
+          yield(v)
+        end
+      end
+
+      def empty?
+        entries.empty?
+      end
+
+      def method_missing(meth, *args, &block)
+        errors.send(meth, *args, &block)
+      end
+
+      private
+      def errors
+        @errors ||= {}
+      end
+      
+      def blank?(thing)
+        thing.nil? || thing == "" || (thing.respond_to?(:empty?) && thing.empty?)
+      end
+
+    end # class Errors
+  end # Proxy
+end # Warden