merb-auth-core 0.9.10 → 0.9.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/Rakefile CHANGED
@@ -58,7 +58,7 @@ task :gemspec do
58
58
  end
59
59
 
60
60
  desc "Run all specs"
61
- Spec::Rake::SpecTask.new("specs") do |t|
61
+ Spec::Rake::SpecTask.new("spec") do |t|
62
62
  t.spec_opts = ["--format", "specdoc", "--colour"]
63
63
  t.spec_files = Dir["spec/**/*_spec.rb"].sort
64
64
  t.rcov = false
@@ -69,8 +69,20 @@ module Merb
69
69
  def authenticate!(request, params, *rest)
70
70
  opts = rest.last.kind_of?(Hash) ? rest.pop : {}
71
71
  rest = rest.flatten
72
- strategies = rest.empty? ? Merb::Authentication.default_strategy_order : rest
73
-
72
+
73
+ strategies = if rest.empty?
74
+ if request.session[:authentication_strategies]
75
+ request.session[:authentication_strategies]
76
+ else
77
+ Merb::Authentication.default_strategy_order
78
+ end
79
+ else
80
+ request.session[:authentication_strategies] ||= []
81
+ request.session[:authentication_strategies] << rest
82
+ request.session[:authentication_strategies].flatten!.uniq!
83
+ request.session[:authentication_strategies]
84
+ end
85
+
74
86
  msg = opts[:message] || error_message
75
87
  user = nil
76
88
  # This one should find the first one that matches. It should not run antother
@@ -87,19 +99,13 @@ module Merb
87
99
  user
88
100
  end
89
101
  end
102
+
90
103
  # Check after callbacks to make sure the user is still cool
91
- Merb::Authentication.after_callbacks.each do |cb|
92
- user = case cb
93
- when Proc
94
- cb.call(user, request, params)
95
- when Symbol, String
96
- user.send(cb)
97
- end
98
- break unless user
99
- end if user
104
+ user = run_after_authentication_callbacks(user, request, params) if user
100
105
 
101
106
  # Finally, Raise an error if there is no user found, or set it in the session if there is.
102
107
  raise Merb::Controller::Unauthenticated, msg unless user
108
+ session[:authentication_strategies] = nil # clear the session of Failed Strategies if login is successful
103
109
  self.user = user
104
110
  end
105
111
 
@@ -142,11 +148,12 @@ module Merb
142
148
  # Keeps track of strategies by class or string
143
149
  # When loading from string, strategies are loaded withing the Merb::Authentication::Strategies namespace
144
150
  # When loaded by class, the class is stored directly
151
+ # @private
145
152
  def self.lookup_strategy
146
153
  @strategy_lookup || reset_strategy_lookup!
147
154
  end
148
155
 
149
- # Restets the strategy lookup. Useful in specsd
156
+ # Restets the strategy lookup. Useful in specs
150
157
  def self.reset_strategy_lookup!
151
158
  @strategy_lookup = Mash.new do |h,k|
152
159
  case k
@@ -158,5 +165,26 @@ module Merb
158
165
  end
159
166
  end
160
167
 
168
+ # Maintains a list of keys to maintain when needing to keep some state
169
+ # in the face of session.abandon! You need to maintain this state yourself
170
+ # @public
171
+ def self.maintain_session_keys
172
+ @maintain_session_keys ||= [:authentication_strategies]
173
+ end
174
+
175
+ private
176
+ def run_after_authentication_callbacks(user, request, params)
177
+ Merb::Authentication.after_callbacks.each do |cb|
178
+ user = case cb
179
+ when Proc
180
+ cb.call(user, request, params)
181
+ when Symbol, String
182
+ user.send(cb)
183
+ end
184
+ break unless user
185
+ end
186
+ user
187
+ end
188
+
161
189
  end # Merb::Authentication
162
190
  end # Merb
@@ -16,7 +16,6 @@ describe "Merb::AuthenticationHelper" do
16
16
 
17
17
  class Kone < Merb::Authentication::Strategy
18
18
  def run!
19
- puts params.inspect
20
19
  Viking.capture(self.class)
21
20
  params[self.class.name]
22
21
  end
@@ -43,7 +43,6 @@ describe "Authentication callbacks" do
43
43
  @request = fake_request
44
44
  @params = @request.params
45
45
  @auth = Merb::Authentication.new(@request.session)
46
- puts Merb::Authentication.strategies.inspect
47
46
  end
48
47
 
49
48
  after(:all) do
@@ -0,0 +1,90 @@
1
+ require File.join(File.dirname(__FILE__), "..", 'spec_helper.rb')
2
+
3
+ describe "Failed Login" do
4
+
5
+ before(:all) do
6
+ Merb::Config[:exception_details] = true
7
+ reset_exceptions!
8
+ class Exceptions < Merb::Controller
9
+ def unauthenticated
10
+ "Unauthenticated"
11
+ end
12
+ end
13
+ end
14
+
15
+ after(:all) do
16
+ reset_exceptions!
17
+ class Exceptions < Merb::Controller
18
+ def unauthenticated
19
+ "Unauthenticated"
20
+ end
21
+ end
22
+
23
+ Viking.captures.clear
24
+ end
25
+
26
+ def reset_exceptions!
27
+ Object.class_eval do
28
+ remove_const(:Exceptions) if defined?(Exceptions)
29
+ end
30
+ end
31
+
32
+ before(:each) do
33
+ clear_strategies!
34
+ Viking.captures.clear
35
+ Merb::Router.reset!
36
+ Merb::Router.prepare do
37
+ match("/").to(:controller => "a_controller")
38
+ match("/login", :method => :put).to(:controller => "sessions", :action => :update)
39
+ end
40
+
41
+ class LOne < Merb::Authentication::Strategy
42
+ def run!
43
+ Viking.capture self.class
44
+ params[self.class.name.snake_case.gsub("::", "_")]
45
+ end
46
+ end
47
+
48
+ class LTwo < LOne; end
49
+
50
+ class LThree < LOne; end
51
+
52
+ class AController < Merb::Controller
53
+ before :ensure_authenticated, :with => [LThree]
54
+ def index
55
+ "INDEX OF AController"
56
+ end
57
+ end
58
+
59
+ class Sessions < Merb::Controller
60
+ before :ensure_authenticated
61
+ def update
62
+ "In the login action"
63
+ end
64
+ end
65
+ end
66
+
67
+ it "should fail login and then not try the default login on the second attempt but should try the original" do
68
+ r1 = request("/")
69
+ r1.status.should == 401
70
+ Viking.captures.should == ["LThree"]
71
+ Viking.captures.clear
72
+ r2 = request("/login", :method => "put", :params => {"l_three" => true})
73
+ r2.status.should == 200
74
+ Viking.captures.should == ["LThree"]
75
+ end
76
+
77
+ it "should not be able to fail many times and still work" do
78
+ 3.times do
79
+ r1 = request("/")
80
+ r1.status.should == 401
81
+ Viking.captures.should == ["LThree"]
82
+ Viking.captures.clear
83
+ end
84
+ r2 = request("/login", :method => "put", :params => {"l_three" => true})
85
+ r2.status.should == 200
86
+ Viking.captures.should == ["LThree"]
87
+ end
88
+
89
+
90
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: merb-auth-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.10
4
+ version: 0.9.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam French, Daniel Neighman
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-10-21 00:00:00 -07:00
12
+ date: 2008-10-29 00:00:00 -07:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ~>
22
22
  - !ruby/object:Gem::Version
23
- version: 0.9.10
23
+ version: 0.9.11
24
24
  version:
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: extlib
@@ -68,6 +68,7 @@ files:
68
68
  - spec/merb-auth-core/callbacks_spec.rb
69
69
  - spec/merb-auth-core/customizations_spec.rb
70
70
  - spec/merb-auth-core/errors_spec.rb
71
+ - spec/merb-auth-core/failed_login_spec.rb
71
72
  - spec/merb-auth-core/merb-auth-core_spec.rb
72
73
  - spec/merb-auth-core/router_helper_spec.rb
73
74
  - spec/merb-auth-core/strategy_spec.rb