RubyGems - lockdown - Versions diffs - 0.9.1 → 0.9.2 - Mend

lockdown 0.9.1 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/lib/lockdown.rb +1 -1
data/lib/lockdown/frameworks/rails.rb +32 -1
data/lib/lockdown/frameworks/rails/controller.rb +95 -118
data/lib/lockdown/session.rb +4 -0
data/rails_generators/lockdown/templates/lib/lockdown/README +2 -2
data/spec/lockdown/frameworks/rails/controller_spec.rb +1 -1
metadata +2 -2

data/lib/lockdown.rb CHANGED Viewed

@@ -3,7 +3,7 @@ require File.join(File.dirname(__FILE__), "lockdown", "helper")
 module Lockdown
   extend Lockdown::Helper
-  VERSION = '0.9.1'
+  VERSION = '0.9.2'
   # Returns the version string for the library.
   def self.version

data/lib/lockdown/frameworks/rails.rb CHANGED Viewed

@@ -16,12 +16,28 @@ module Lockdown
         def mixin
           Lockdown.controller_parent.class_eval do
-            include Lockdown::Frameworks::Rails::Controller::Lock
             include Lockdown::Session
+            include Lockdown::Frameworks::Rails::Controller::Lock
           end
+          Lockdown.controller_parent.helper_method :authorized?
+          Lockdown.controller_parent.before_filter do |c|
+            c.set_current_user
+            c.configure_lockdown
+            c.check_request_authorization
+          end
+          Lockdown.controller_parent.filter_parameter_logging :password,
+            :password_confirmation
+          Lockdown.controller_parent.rescue_from SecurityError,
+            :with => proc{|e| access_denied(e)}
           Lockdown.view_helper.class_eval do
             include Lockdown::Frameworks::Rails::View
           end
           Lockdown::System.class_eval do
             extend Lockdown::Frameworks::Rails::System
           end
@@ -68,6 +84,21 @@ module Lockdown
           maybe_load_framework_controller_parent
+          ApplicationController.helper_method :authorized?
+          ApplicationController.before_filter do |c|
+            c.set_current_user
+            c.configure_lockdown
+            c.check_request_authorization
+          end
+          ApplicationController.filter_parameter_logging :password,
+            :password_confirmation
+          ApplicationController.rescue_from SecurityError,
+            :with => proc{|e| access_denied(e)}
           Dir.chdir("#{Lockdown.project_root}/app/controllers") do
             Dir["**/*.rb"].sort.each do |c|
               next if c == "application.rb"

data/lib/lockdown/frameworks/rails/controller.rb CHANGED Viewed

@@ -17,151 +17,128 @@ module Lockdown
         # Locking methods
         module Lock
-          def self.included(base)
-            base.class_eval do
-              include Lockdown::Frameworks::Rails::Controller::Lock::InstanceMethods
-              helper_method :authorized?
-            end
-            base.before_filter do |c|
-              c.set_current_user
-              c.configure_lockdown
-              c.check_request_authorization
-            end
-            base.filter_parameter_logging :password, :password_confirmation
-            base.rescue_from SecurityError, :with => proc{|e| access_denied(e)}
+          def configure_lockdown
+            check_session_expiry
+            store_location
           end
-          module InstanceMethods
-            def configure_lockdown
-              check_session_expiry
-              store_location
+          def set_current_user
+            login_from_basic_auth? unless logged_in?
+            if logged_in?
+              Thread.current[:who_did_it] = Lockdown::System.
+                call(self, :who_did_it)
             end
+          end
-            def set_current_user
-              login_from_basic_auth? unless logged_in?
-              if logged_in?
-                Thread.current[:who_did_it] = Lockdown::System.
-                  call(self, :who_did_it)
-              end
-            end
-            def check_request_authorization
-              unless authorized?(path_from_hash(params))
-                raise SecurityError, "Authorization failed for params #{params.inspect}"
-              end
+          def check_request_authorization
+            unless authorized?(path_from_hash(params))
+              raise SecurityError, "Authorization failed for params #{params.inspect}"
             end
+          end
+          def path_allowed?(url)
+            session[:access_rights] ||= Lockdown::System.public_access
+            session[:access_rights].include?(url)
+          end
-            def path_allowed?(url)
-              session[:access_rights] ||= Lockdown::System.public_access
-              session[:access_rights].include?(url)
+          def check_session_expiry
+            if session[:expiry_time] && session[:expiry_time] < Time.now
+              nil_lockdown_values
+              Lockdown::System.call(self, :session_timeout_method)
             end
-            def check_session_expiry
-              if session[:expiry_time] && session[:expiry_time] < Time.now
-                nil_lockdown_values
-                Lockdown::System.call(self, :session_timeout_method)
-              end
-              session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
-            end
-            def store_location
-              if (request.method == :get) && (session[:thispage] != sent_from_uri)
-                session[:prevpage] = session[:thispage] || ''
-                session[:thispage] = sent_from_uri
-              end
-            end
-            def sent_from_uri
-              request.request_uri
+            session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
+          end
+          def store_location
+            if (request.method == :get) && (session[:thispage] != sent_from_uri)
+              session[:prevpage] = session[:thispage] || ''
+              session[:thispage] = sent_from_uri
             end
-            def authorized?(url, method = nil)
-              return false unless url
+          end
-              return true if current_user_is_admin?
+          def sent_from_uri
+            request.request_uri
+          end
+          def authorized?(url, method = nil)
+            return false unless url
-              method ||= request.method
+            return true if current_user_is_admin?
-              url_parts = URI::split(url.strip)
+            method ||= request.method
-              url = url_parts[5]
+            url_parts = URI::split(url.strip)
-              return true if path_allowed?(url)
+            url = url_parts[5]
-              begin
-                hash = ActionController::Routing::Routes.recognize_path(url, :method => method)
-                return path_allowed?(path_from_hash(hash)) if hash
-              rescue Exception
-                # continue on
-              end
+            return true if path_allowed?(url)
-              # Passing in different domain
-              return remote_url?(url_parts[2])
+            begin
+              hash = ActionController::Routing::Routes.recognize_path(url, :method => method)
+              return path_allowed?(path_from_hash(hash)) if hash
+            rescue Exception
+              # continue on
             end
-            def access_denied(e)
-              RAILS_DEFAULT_LOGGER.info "Access denied: #{e}"
+            # Passing in different domain
+            return remote_url?(url_parts[2])
+          end
+          def access_denied(e)
+            RAILS_DEFAULT_LOGGER.info "Access denied: #{e}"
-              if Lockdown::System.fetch(:logout_on_access_violation)
-                reset_session
+            if Lockdown::System.fetch(:logout_on_access_violation)
+              reset_session
+            end
+            respond_to do |format|
+              format.html do
+                store_location
+                redirect_to Lockdown::System.fetch(:access_denied_path)
+                return
               end
-              respond_to do |format|
-                format.html do
-                  store_location
-                  redirect_to Lockdown::System.fetch(:access_denied_path)
-                  return
-                end
-                format.xml do
-                  headers["Status"] = "Unauthorized"
-                  headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-                  render :text => e.message, :status => "401 Unauthorized"
-                  return
-                end
+              format.xml do
+                headers["Status"] = "Unauthorized"
+                headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+                render :text => e.message, :status => "401 Unauthorized"
+                return
               end
             end
+          end
-            def path_from_hash(hash)
-              hash[:controller].to_s + "/" + hash[:action].to_s
-            end
+          def path_from_hash(hash)
+            hash[:controller].to_s + "/" + hash[:action].to_s
+          end
-            def remote_url?(domain = nil)
-              return false if domain.nil? || domain.strip.length == 0
-              request.host.downcase != domain.downcase
-            end
+          def remote_url?(domain = nil)
+            return false if domain.nil? || domain.strip.length == 0
+            request.host.downcase != domain.downcase
+          end
-            def redirect_back_or_default(default)
-              if session[:prevpage].nil? || session[:prevpage].blank?
-                redirect_to(default)
-              else
-                redirect_to(session[:prevpage])
-              end
-            end
-            # Called from current_user.  Now, attempt to login by
-            # basic authentication information.
-            def login_from_basic_auth?
-              username, passwd = get_auth_data
-              if username && passwd
-                set_session_user ::User.authenticate(username, passwd)
-              end
+          def redirect_back_or_default(default)
+            if session[:prevpage].nil? || session[:prevpage].blank?
+              redirect_to(default)
+            else
+              redirect_to(session[:prevpage])
             end
+          end
-            @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-            # gets BASIC auth info
-            def get_auth_data
-              auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-              auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-              return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+          # Called from current_user.  Now, attempt to login by
+          # basic authentication information.
+          def login_from_basic_auth?
+            username, passwd = get_auth_data
+            if username && passwd
+              set_session_user ::User.authenticate(username, passwd)
             end
-          end # InstanceMethods
+          end
+          @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+          # gets BASIC auth info
+          def get_auth_data
+            auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+            auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+            return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+          end
         end # Lock
       end # Controller
     end # Rails

data/lib/lockdown/session.rb CHANGED Viewed

@@ -12,6 +12,10 @@ module Lockdown
       end
     end
+    def logged_in?
+      current_user_id.to_i > 0
+    end
     def current_user_id
       session[:current_user_id]
     end

data/rails_generators/lockdown/templates/lib/lockdown/README CHANGED Viewed

@@ -3,8 +3,6 @@
 #
 #*** MUST define a current_user method that will return the current user object
 #
-#*** MUST define a logged_in? method that will return true if a user is logged in
-#
 #*** MUST add call to add_lockdown_session_values to your login method
 #
 #   # This method uses the current_user method.
@@ -21,6 +19,8 @@
 #
 # current_user_id: returns the id of the current_user
 #
+# logged_in? : returns true if current_user_id > 0
+#
 # current_user_is_admin?: returns true if user is assigned
 # administrator rights.
 #

data/spec/lockdown/frameworks/rails/controller_spec.rb CHANGED Viewed

@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
 class TestAController
   extend Lockdown::Frameworks::Rails::Controller
-  include Lockdown::Frameworks::Rails::Controller::Lock::InstanceMethods
+  include Lockdown::Frameworks::Rails::Controller::Lock
 end
 describe Lockdown::Frameworks::Rails::Controller do

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lockdown
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.9.2
 platform: ruby
 authors:
 - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-03-22 00:00:00 -04:00
+date: 2009-03-25 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency