hassox-warden 0.2.1

data/lib/warden/manager.rb

@@ -0,0 +1,134 @@
+module Warden
+  # The middleware for Rack Authentication
+  # The middlware requires that there is a session upstream
+  # The middleware injects an authentication object into 
+  # the rack environment hash
+  class Manager
+    attr_accessor :config, :failure_app  
+    
+    # initialize the middleware.
+    # Provide a :failure_app in the options to setup an application to run when there is a failure
+    # The manager is yielded when initialized with a block.  This is useful when declaring it in Rack::Builder
+    # :api: public 
+    def initialize(app, config = {})
+      @app = app
+      @config = config
+      yield self if block_given?
+      
+      # should ensure there is a failure application defined.
+      @failure_app = config[:failure_app] if config[:failure_app]
+      raise "No Failure App provided" unless @failure_app
+      self
+    end 
+    
+    # Set the default strategies to use.
+    # :api: public
+    def default_strategies(*strategies)
+      if strategies.empty?
+        @config[:default_strategies]
+      else
+        @config[:default_strategies] = strategies.flatten
+      end
+    end
+    
+    # :api: private
+    def call(env) # :nodoc:
+      # if this is downstream from another warden instance, don't do anything.
+      return @app.call(env) unless env['warden'].nil? 
+      
+      env['warden'] = Proxy.new(env, @config)
+      result = catch(:warden) do
+        @app.call(env)
+      end
+
+      result ||= {}
+      case result
+      when Array
+        if result.first != 401
+          return result
+        else
+          call_failure_app(env)
+        end
+      when Hash
+        if (result[:action] ||= :unauthenticated) == :unauthenticated
+          process_unauthenticated(result,env)
+        end # case result
+      end
+    end
+    
+    class << self   
+        
+      
+      # Does the work of storing the user in the session
+      # :api: private
+      def _store_user(user, session, scope = :default) # :nodoc: 
+        return nil if user.nil?
+        session["warden.user.#{scope}.key"] = serialize_into_session.call(user)
+      end
+      
+      # Does the work of fetching the user from the session
+      # :api: private
+      def _fetch_user(session, scope = :default) # :nodoc:
+        key = session["warden.user.#{scope}.key"]
+        return nil if key.nil?
+        serialize_from_session.call(key)
+      end
+      
+      # Prepares the user to serialize into the session.
+      # Any object that can be serialized into the session in some way can be used as a "user" object
+      # Generally however complex object should not be stored in the session.  
+      # If possible store only a "key" of the user object that will allow you to reconstitute it.
+      #
+      # Example:
+      #   Warden::Manager.serialize_into_session{ |user| user.id }
+      #
+      # :api: public
+      def serialize_into_session(&block)
+        @serialize_into_session = block if block_given?
+        @serialize_into_session ||= lambda{|user| user}
+      end
+      
+      # Reconstitues the user from the session.
+      # Use the results of user_session_key to reconstitue the user from the session on requests after the initial login
+      # 
+      # Example:
+      #   Warden::Manager.serialize_from_session{ |id| User.get(id) }
+      #
+      # :api: public
+      def serialize_from_session(&blk)
+        @serialize_from_session = blk if block_given?
+        @serialize_from_session ||= lambda{|key| key}
+      end                      
+    end
+    
+    private
+    # When a request is unauthentiated, here's where the processing occurs.  
+    # It looks at the result of the proxy to see if it's been executed and what action to take.
+    # :api: private
+    def process_unauthenticated(result, env)
+      case env['warden'].result
+      when :failure
+        call_failure_app(env, result)
+      when :redirect
+        [env['warden']._status, env['warden'].headers, [env['warden'].message || "You are being redirected to #{env['warden'].headers['Location']}"]]
+      when :custom
+        env['warden'].custom_response
+      when nil
+        call_failure_app(env, result)
+      end # case env['warden'].result
+    end
+    
+    # Calls the failure app.
+    # The before_failure hooks are run on each failure
+    # :api: private
+    def call_failure_app(env, opts = {})
+      env["PATH_INFO"] = "/#{opts[:action]}"
+      env["warden.options"] = opts
+      
+      # Call the before failure callbacks
+      Warden::Manager._before_failure.each{|hook| hook.call(env,opts)}
+      
+      @failure_app.call(env).to_a
+    end # call_failure_app
+  end
+end # Warden

data/lib/warden/mixins/common.rb

@@ -0,0 +1,25 @@
+module Warden
+  module Mixins
+    module Common
+      
+      # Convinience method to access the session
+      # :api: public
+      def session
+        @env['rack.session']
+      end # session
+      
+      # Convenience method to access the rack request
+      # :api: public
+      def request
+        @request ||= Rack::Request.new(@env)
+      end # request
+      
+      # Convenience method to access the rack request params
+      # :api: public
+      def params
+        request.params
+      end # params
+      
+    end # Common
+  end # Mixins
+end # Warden

data/lib/warden/proxy.rb

@@ -0,0 +1,200 @@
+module Warden
+  class UserNotSet < RuntimeError; end
+
+  class Proxy
+    # :api: private
+    attr_accessor :winning_strategy
+    
+    # An accessor to the rack env hash
+    # :api: public
+    attr_reader :env
+    
+    extend ::Forwardable
+    include ::Warden::Mixins::Common
+    alias_method :_session, :session
+          
+    # :api: private
+    def_delegators :winning_strategy, :headers, :message, :_status, :custom_response
+
+    def initialize(env, config = {}) # :nodoc:
+      @env = env
+      @config = config
+      @strategies = @config.fetch(:default_strategies, [])
+      @users = {}
+      errors # setup the error object in the session
+    end
+
+    # Check to see if there is an authenticated user for the given scope.
+    # When scope is not specified, :default is assumed.
+    # 
+    # Parameters: 
+    #   args - a list of symbols (labels) that name the strategies to attempt
+    #   opts - an options hash that contains the :scope of the user to check
+    #
+    # Example: 
+    #   env['warden'].authenticated?(:password, :scope => :admin)
+    # :api: public
+    def authenticated?(*args)
+      scope = scope_from_args(args)
+      _perform_authentication(*args)
+      !user(scope).nil?
+    end # authenticated?
+    
+    # Run the authentiation strategies for the given strategies.  
+    # If there is already a user logged in for a given scope, the strategies are not run
+    # This does not halt the flow of control and is a passive attempt to authenticate only
+    # When scope is not specified, :default is assumed.
+    # 
+    # Parameters: 
+    #   args - a list of symbols (labels) that name the strategies to attempt
+    #   opts - an options hash that contains the :scope of the user to check
+    #
+    # Example:
+    #   env['auth'].authenticate(:password, :basic, :scope => :sudo)
+    # :api: public
+    def authenticate(*args)
+      scope = scope_from_args(args)
+      _perform_authentication(*args)
+      user(scope)
+    end
+    
+    # The same as +authenticate+ except on failure it will throw an :warden symbol causing the request to be halted
+    # and rendered through the +failure_app+
+    # 
+    # Example 
+    #   env['warden'].authenticate!(:password, :scope => :publisher) # throws if it cannot authenticate
+    #
+    # :api: public
+    def authenticate!(*args)
+      opts = opts_from_args(args)
+      scope = scope_from_args(args)
+      _perform_authentication(*args)
+      throw(:warden, opts.merge(:action => :unauthenticated)) if !user(scope)
+      user(scope)
+    end
+    
+    # Manually set the user into the session and auth proxy
+    # 
+    # Parameters:
+    #   user - An object that has been setup to serialize into and out of the session.
+    #   opts - An options hash.  Use the :scope option to set the scope of the user
+    # :api: public
+    def set_user(user, opts = {})
+      scope = (opts[:scope] ||= :default)
+      Warden::Manager._store_user(user, _session, scope) # Get the user into the session
+      
+      # Run the after hooks for setting the user
+      Warden::Manager._after_set_user.each{|hook| hook.call(user, self, opts)}
+      
+      @users[scope] = user # Store the user in the proxy user object
+    end
+    
+    # Provides acccess to the user object in a given scope for a request.
+    # will be nil if not logged in
+    # 
+    # Example:
+    #   # without scope (default user)
+    #   env['warden'].user
+    #
+    #   # with scope 
+    #   env['warden'].user(:admin)
+    #
+    # :api: public
+    def user(scope = :default)
+      @users[scope]
+    end
+    
+    # Provides a scoped session data for authenticated users.
+    # Warden manages clearing out this data when a user logs out
+    #
+    # Example
+    #  # default scope
+    #  env['warden'].data[:foo] = "bar"
+    #
+    #  # :sudo scope
+    #  env['warden'].data(:sudo)[:foo] = "bar"
+    #
+    # :api: public
+    def session(scope = :default)
+      raise NotAuthenticated, "#{scope.inspect} user is not logged in" unless authenticated?(:scope => scope)
+      _session["warden.user.#{scope}.session"] ||= {}
+    end
+    
+    # Provides logout functionality. 
+    # The logout also manages any authenticated data storage and clears it when a user logs out.
+    #
+    # Parameters:
+    #   scopes - a list of scopes to logout
+    #
+    # Example:
+    #  # Logout everyone and clear the session
+    #  env['warden'].logout
+    #
+    #  # Logout the default user but leave the rest of the session alone
+    #  env['warden'].logout(:default)
+    #
+    #  # Logout the :publisher and :admin user
+    #  env['warden'].logout(:publisher, :admin)
+    # 
+    # :api: public
+    def logout(*scopes)
+      if scopes.empty?
+        _session.clear
+      else
+        scopes.each do |s|
+          _session["warden.user.#{s}.key"] = nil
+          _session["warden.user.#{s}.session"] = nil
+        end
+      end
+    end
+    
+    # proxy methods through to the winning strategy
+    # :api: private
+    def result # :nodoc: 
+       winning_strategy.nil? ? nil : winning_strategy.result
+    end
+    
+    private 
+    # :api: private
+    def _perform_authentication(*args)
+      scope = scope_from_args(args)
+      opts = opts_from_args(args)
+      # Look for an existing user in the session for this scope
+      if @users[scope] || set_user(Warden::Manager._fetch_user(_session, scope), :scope => scope)
+        return @users[scope]
+      end
+      
+      # If there was no user in the session.  See if we can get one from the request
+      strategies = args.empty? ? @strategies : args
+      raise "No Strategies Found" if strategies.empty? || !(strategies - Warden::Strategies._strategies.keys).empty?
+      strategies.each do |s|
+        strategy = Warden::Strategies[s].new(@env, @conf)
+        self.winning_strategy = strategy
+        next unless strategy.valid?
+        strategy._run!
+        break if strategy.halted?
+      end
+      
+      
+      if winning_strategy && winning_strategy.user
+        set_user(winning_strategy.user, opts)
+      
+        # Run the after_authentication hooks
+        Warden::Manager._after_authentication.each{|hook| hook.call(winning_strategy.user, self, opts)}
+      end
+      
+      winning_strategy
+    end
+    
+    # :api: private
+    def scope_from_args(args)
+      Hash === args.last ? args.last.fetch(:scope, :default) : :default
+    end
+    
+    # :api: private
+    def opts_from_args(args)
+      Hash === args.last ? args.pop : {}
+    end
+
+  end # Proxy
+end # Warden

data/spec/helpers/request_helper.rb

@@ -0,0 +1,51 @@
+module Warden::Spec
+  module Helpers
+    
+    FAILURE_APP = lambda{|e|[401, {"Content-Type" => "text/plain"}, ["You Fail!"]] }
+    
+    def env_with_params(path = "/", params = {})
+      method = params.fetch(:method, "GET")
+      Rack::MockRequest.env_for(path, :input => Rack::Utils.build_query(params),
+                                     'HTTP_VERSION' => '1.1',
+                                     'REQUEST_METHOD' => "#{method}")
+    end
+    
+    def setup_rack(app = nil, opts = {}, &block)
+      app ||= block if block_given?
+      # opts[:default_strategies] ||= [:password]
+      # opts[:failure_app] ||= failure_app
+      Rack::Builder.new do 
+        use Warden::Spec::Helpers::Session
+        use Warden::Manager, opts do |manager|
+          manager.failure_app = Warden::Spec::Helpers::FAILURE_APP
+          manager.default_strategies :password        
+        end
+        run app
+      end
+    end
+    
+    def valid_response
+      [200,{'Content-Type' => 'text/plain'},'OK']
+    end
+    
+    def failure_app
+      Warden::Spec::Helpers::FAILURE_APP
+    end
+    
+    def success_app
+      lambda{|e| [200, {"Content-Type" => "text/plain"}, ["You Win"]]}
+    end
+    
+    class Session
+      attr_accessor :app
+      def initialize(app,configs = {})
+        @app = app
+      end
+      
+      def call(e)
+        e['rack.session'] ||= {}      
+        @app.call(e)
+      end
+    end # session
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+$TESTING=true
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')
+require 'rubygems'
+require 'rack'
+require 'warden'
+
+Dir[File.join(File.dirname(__FILE__), "warden", "strategies", "**/*.rb")].each do |f|
+  require f
+end
+Dir[File.join(File.dirname(__FILE__), "helpers", "**/*.rb")].each do |f|
+  require f
+end
+
+Spec::Runner.configure do |config|
+  config.include(Warden::Spec::Helpers)
+end

data/spec/warden/authenticated_data_store_spec.rb

@@ -0,0 +1,111 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe "authenticated data store" do
+  
+  before(:each) do
+    @env = env_with_params
+    @env['rack.session'] = {
+        "warden.user.foo.key"      => "foo user", 
+        "warden.user.default.key"  => "default user", 
+        :foo => "bar"
+    }
+  end
+  
+  it "should store data for the default scope" do
+    app = lambda do |e|
+      e['warden'].should be_authenticated(:pass)
+      e['warden'].should be_authenticated(:pass, :scope => :foo)
+      
+      # Store the data for :deafult
+      e['warden'].session[:key] = "value"
+      valid_response
+    end
+    setup_rack(app).call(@env)
+    @env['rack.session']['warden.user.default.session'].should == {:key => "value"}
+    @env['rack.session']['warden.user.foo.session'].should be_nil
+  end
+  
+  it "should store data for the foo user" do
+    app = lambda do |e|
+      e['warden'].session(:foo)[:key] = "value"
+      valid_response
+    end
+    setup_rack(app).call(@env)
+    @env['rack.session']['warden.user.foo.session'].should == {:key => "value"}
+  end
+  
+  it "should store the data seperately" do
+    app = lambda do |e|
+      e['warden'].session[:key] = "value"
+      e['warden'].session(:foo)[:key] = "another value"
+      valid_response
+    end
+    setup_rack(app).call(@env)
+    @env['rack.session']['warden.user.default.session'].should == {:key => "value"}
+    @env['rack.session']['warden.user.foo.session'    ].should == {:key => "another value"}
+  end
+  
+  it "should clear the foo scoped data when foo logs out" do
+    app = lambda do |e|
+      e['warden'].session[:key] = "value"
+      e['warden'].session(:foo)[:key] = "another value"
+      e['warden'].logout(:foo)
+      valid_response
+    end
+    setup_rack(app).call(@env)
+    @env['rack.session']['warden.user.default.session'].should == {:key => "value"}
+    @env['rack.session']['warden.user.foo.session'    ].should be_nil
+  end
+  
+  it "should clear out the default data when :default logs out" do
+    app = lambda do |e|
+      e['warden'].session[:key] = "value"
+      e['warden'].session(:foo)[:key] = "another value"
+      e['warden'].logout(:default)
+      valid_response
+    end
+    setup_rack(app).call(@env)
+    @env['rack.session']['warden.user.default.session'].should be_nil
+    @env['rack.session']['warden.user.foo.session'    ].should == {:key => "another value"}
+  end
+  
+  it "should clear out all data when a general logout is performed" do
+    app = lambda do |e|
+      e['warden'].session[:key] = "value"
+      e['warden'].session(:foo)[:key] = "another value"
+      e['warden'].logout
+      valid_response
+    end
+    setup_rack(app).call(@env)
+    @env['rack.session']['warden.user.default.session'].should be_nil
+    @env['rack.session']['warden.user.foo.session'    ].should be_nil
+  end
+  
+  it "should logout multuiple personas at once" do
+    @env['rack.session']['warden.user.bar.key'] = "bar user"
+    
+    app = lambda do |e|
+      e['warden'].session[:key] = "value"
+      e['warden'].session(:foo)[:key] = "another value"
+      e['warden'].session(:bar)[:key] = "yet another"
+      e['warden'].logout(:bar, :default)
+      valid_response
+    end
+    setup_rack(app).call(@env)
+    @env['rack.session']['warden.user.default.session'].should be_nil
+    @env['rack.session']['warden.user.foo.session'    ].should == {:key => "another value"}
+    @env['rack.session']['warden.user.bar.session'    ].should be_nil
+  end
+  
+  it "should not store data for a user who is not logged in" do
+    @env['rack.session']
+    app = lambda do |e|
+      e['warden'].session(:not_here)[:key] = "value"
+      valid_response
+    end
+    
+    lambda do
+      setup_rack(app).call(@env)
+    end.should raise_error(Warden::NotAuthenticated)
+  end
+end