lockdown 0.9.1 → 0.9.2

data/lib/lockdown.rb

@@ -3,7 +3,7 @@ require File.join(File.dirname(__FILE__), "lockdown", "helper")
 module Lockdown
   extend Lockdown::Helper
 
-  VERSION = '0.9.1'
+  VERSION = '0.9.2'
 
   # Returns the version string for the library.
   def self.version

data/lib/lockdown/frameworks/rails.rb

@@ -16,12 +16,28 @@ module Lockdown
 
         def mixin
           Lockdown.controller_parent.class_eval do
-            include Lockdown::Frameworks::Rails::Controller::Lock
             include Lockdown::Session
+            include Lockdown::Frameworks::Rails::Controller::Lock
           end
+
+          Lockdown.controller_parent.helper_method :authorized?
+
+          Lockdown.controller_parent.before_filter do |c|
+            c.set_current_user
+            c.configure_lockdown
+            c.check_request_authorization
+          end
+
+          Lockdown.controller_parent.filter_parameter_logging :password, 
+            :password_confirmation
+      
+          Lockdown.controller_parent.rescue_from SecurityError, 
+            :with => proc{|e| access_denied(e)}
+
           Lockdown.view_helper.class_eval do
             include Lockdown::Frameworks::Rails::View
           end
+
           Lockdown::System.class_eval do 
             extend Lockdown::Frameworks::Rails::System
           end
@@ -68,6 +84,21 @@ module Lockdown
          
           maybe_load_framework_controller_parent
 
+          ApplicationController.helper_method :authorized?
+
+          ApplicationController.before_filter do |c|
+            c.set_current_user
+            c.configure_lockdown
+            c.check_request_authorization
+          end
+
+          ApplicationController.filter_parameter_logging :password, 
+            :password_confirmation
+      
+          ApplicationController.rescue_from SecurityError, 
+            :with => proc{|e| access_denied(e)}
+
+
           Dir.chdir("#{Lockdown.project_root}/app/controllers") do
             Dir["**/*.rb"].sort.each do |c|
               next if c == "application.rb"

data/lib/lockdown/frameworks/rails/controller.rb

@@ -17,151 +17,128 @@ module Lockdown
 
         # Locking methods
         module Lock
-          def self.included(base)
-            base.class_eval do
-              include Lockdown::Frameworks::Rails::Controller::Lock::InstanceMethods
-
-              helper_method :authorized?
-            end
-
-            base.before_filter do |c|
-              c.set_current_user
-              c.configure_lockdown
-              c.check_request_authorization
-            end
-
-
-            base.filter_parameter_logging :password, :password_confirmation
-      
-            base.rescue_from SecurityError, :with => proc{|e| access_denied(e)}
+          def configure_lockdown
+            check_session_expiry
+            store_location
           end
 
-          module InstanceMethods
-
-            def configure_lockdown
-              check_session_expiry
-              store_location
+          def set_current_user
+            login_from_basic_auth? unless logged_in?
+            if logged_in?
+              Thread.current[:who_did_it] = Lockdown::System.
+                call(self, :who_did_it)
             end
+          end
 
-            def set_current_user
-              login_from_basic_auth? unless logged_in?
-              if logged_in?
-                Thread.current[:who_did_it] = Lockdown::System.
-                  call(self, :who_did_it)
-              end
-            end
-
-            def check_request_authorization
-              unless authorized?(path_from_hash(params))
-                raise SecurityError, "Authorization failed for params #{params.inspect}"
-              end
+          def check_request_authorization
+            unless authorized?(path_from_hash(params))
+              raise SecurityError, "Authorization failed for params #{params.inspect}"
             end
+          end
+  
+          def path_allowed?(url)
+            session[:access_rights] ||= Lockdown::System.public_access
+            session[:access_rights].include?(url)
+          end
     
-            def path_allowed?(url)
-              session[:access_rights] ||= Lockdown::System.public_access
-              session[:access_rights].include?(url)
+          def check_session_expiry
+            if session[:expiry_time] && session[:expiry_time] < Time.now
+              nil_lockdown_values
+              Lockdown::System.call(self, :session_timeout_method)
             end
-      
-            def check_session_expiry
-              if session[:expiry_time] && session[:expiry_time] < Time.now
-                nil_lockdown_values
-                Lockdown::System.call(self, :session_timeout_method)
-              end
-              session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
-            end
-            
-            def store_location
-              if (request.method == :get) && (session[:thispage] != sent_from_uri)
-                session[:prevpage] = session[:thispage] || ''
-                session[:thispage] = sent_from_uri
-              end
-            end
-
-            def sent_from_uri
-              request.request_uri
+            session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
+          end
+          
+          def store_location
+            if (request.method == :get) && (session[:thispage] != sent_from_uri)
+              session[:prevpage] = session[:thispage] || ''
+              session[:thispage] = sent_from_uri
             end
-        
-            def authorized?(url, method = nil)
-              return false unless url
+          end
 
-              return true if current_user_is_admin?
+          def sent_from_uri
+            request.request_uri
+          end
+      
+          def authorized?(url, method = nil)
+            return false unless url
 
-              method ||= request.method
+            return true if current_user_is_admin?
 
-              url_parts = URI::split(url.strip)
+            method ||= request.method
 
-              url = url_parts[5]
+            url_parts = URI::split(url.strip)
 
-              return true if path_allowed?(url)
+            url = url_parts[5]
 
-              begin
-                hash = ActionController::Routing::Routes.recognize_path(url, :method => method)
-                return path_allowed?(path_from_hash(hash)) if hash
-              rescue Exception
-                # continue on
-              end
+            return true if path_allowed?(url)
 
-              # Passing in different domain
-              return remote_url?(url_parts[2])
+            begin
+              hash = ActionController::Routing::Routes.recognize_path(url, :method => method)
+              return path_allowed?(path_from_hash(hash)) if hash
+            rescue Exception
+              # continue on
             end
-      
-            def access_denied(e)
 
-              RAILS_DEFAULT_LOGGER.info "Access denied: #{e}"
+            # Passing in different domain
+            return remote_url?(url_parts[2])
+          end
+    
+          def access_denied(e)
+
+            RAILS_DEFAULT_LOGGER.info "Access denied: #{e}"
 
-              if Lockdown::System.fetch(:logout_on_access_violation)
-                reset_session
+            if Lockdown::System.fetch(:logout_on_access_violation)
+              reset_session
+            end
+            respond_to do |format|
+              format.html do
+                store_location
+                redirect_to Lockdown::System.fetch(:access_denied_path)
+                return
               end
-              respond_to do |format|
-                format.html do
-                  store_location
-                  redirect_to Lockdown::System.fetch(:access_denied_path)
-                  return
-                end
-                format.xml do
-                  headers["Status"] = "Unauthorized"
-                  headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-                  render :text => e.message, :status => "401 Unauthorized"
-                  return
-                end
+              format.xml do
+                headers["Status"] = "Unauthorized"
+                headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+                render :text => e.message, :status => "401 Unauthorized"
+                return
               end
             end
+          end
 
-            def path_from_hash(hash)
-              hash[:controller].to_s + "/" + hash[:action].to_s
-            end
+          def path_from_hash(hash)
+            hash[:controller].to_s + "/" + hash[:action].to_s
+          end
 
-            def remote_url?(domain = nil)
-              return false if domain.nil? || domain.strip.length == 0
-              request.host.downcase != domain.downcase
-            end
+          def remote_url?(domain = nil)
+            return false if domain.nil? || domain.strip.length == 0
+            request.host.downcase != domain.downcase
+          end
 
-            def redirect_back_or_default(default)
-              if session[:prevpage].nil? || session[:prevpage].blank?
-                redirect_to(default) 
-              else
-                redirect_to(session[:prevpage])
-              end
-            end
-    
-            # Called from current_user.  Now, attempt to login by
-            # basic authentication information.
-            def login_from_basic_auth?
-              username, passwd = get_auth_data
-              if username && passwd
-                set_session_user ::User.authenticate(username, passwd)
-              end
+          def redirect_back_or_default(default)
+            if session[:prevpage].nil? || session[:prevpage].blank?
+              redirect_to(default) 
+            else
+              redirect_to(session[:prevpage])
             end
+          end
   
-            @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-            # gets BASIC auth info
-            def get_auth_data
-              auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-              auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-              return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+          # Called from current_user.  Now, attempt to login by
+          # basic authentication information.
+          def login_from_basic_auth?
+            username, passwd = get_auth_data
+            if username && passwd
+              set_session_user ::User.authenticate(username, passwd)
             end
- 
-          end # InstanceMethods
+          end
+
+          @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+          # gets BASIC auth info
+          def get_auth_data
+            auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+            auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+            return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+          end
         end # Lock
       end # Controller
     end # Rails

data/lib/lockdown/session.rb

@@ -12,6 +12,10 @@ module Lockdown
       end
     end
 
+    def logged_in?
+      current_user_id.to_i > 0
+    end
+
     def current_user_id
       session[:current_user_id]
     end

data/rails_generators/lockdown/templates/lib/lockdown/README

@@ -3,8 +3,6 @@
 #
 #*** MUST define a current_user method that will return the current user object
 #
-#*** MUST define a logged_in? method that will return true if a user is logged in
-#
 #*** MUST add call to add_lockdown_session_values to your login method
 #
 #   # This method uses the current_user method.
@@ -21,6 +19,8 @@
 #
 # current_user_id: returns the id of the current_user
 #
+# logged_in? : returns true if current_user_id > 0
+#
 # current_user_is_admin?: returns true if user is assigned 
 # administrator rights.
 #

data/spec/lockdown/frameworks/rails/controller_spec.rb

@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
 
 class TestAController
   extend Lockdown::Frameworks::Rails::Controller
-  include Lockdown::Frameworks::Rails::Controller::Lock::InstanceMethods
+  include Lockdown::Frameworks::Rails::Controller::Lock
 end
 
 describe Lockdown::Frameworks::Rails::Controller do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: lockdown
 version: !ruby/object:Gem::Version 
-  version: 0.9.1
+  version: 0.9.2
 platform: ruby
 authors: 
 - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-03-22 00:00:00 -04:00
+date: 2009-03-25 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency