merb-auth-core 0.9.10 → 0.9.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/Rakefile
CHANGED
@@ -69,8 +69,20 @@ module Merb
|
|
69
69
|
def authenticate!(request, params, *rest)
|
70
70
|
opts = rest.last.kind_of?(Hash) ? rest.pop : {}
|
71
71
|
rest = rest.flatten
|
72
|
-
|
73
|
-
|
72
|
+
|
73
|
+
strategies = if rest.empty?
|
74
|
+
if request.session[:authentication_strategies]
|
75
|
+
request.session[:authentication_strategies]
|
76
|
+
else
|
77
|
+
Merb::Authentication.default_strategy_order
|
78
|
+
end
|
79
|
+
else
|
80
|
+
request.session[:authentication_strategies] ||= []
|
81
|
+
request.session[:authentication_strategies] << rest
|
82
|
+
request.session[:authentication_strategies].flatten!.uniq!
|
83
|
+
request.session[:authentication_strategies]
|
84
|
+
end
|
85
|
+
|
74
86
|
msg = opts[:message] || error_message
|
75
87
|
user = nil
|
76
88
|
# This one should find the first one that matches. It should not run antother
|
@@ -87,19 +99,13 @@ module Merb
|
|
87
99
|
user
|
88
100
|
end
|
89
101
|
end
|
102
|
+
|
90
103
|
# Check after callbacks to make sure the user is still cool
|
91
|
-
|
92
|
-
user = case cb
|
93
|
-
when Proc
|
94
|
-
cb.call(user, request, params)
|
95
|
-
when Symbol, String
|
96
|
-
user.send(cb)
|
97
|
-
end
|
98
|
-
break unless user
|
99
|
-
end if user
|
104
|
+
user = run_after_authentication_callbacks(user, request, params) if user
|
100
105
|
|
101
106
|
# Finally, Raise an error if there is no user found, or set it in the session if there is.
|
102
107
|
raise Merb::Controller::Unauthenticated, msg unless user
|
108
|
+
session[:authentication_strategies] = nil # clear the session of Failed Strategies if login is successful
|
103
109
|
self.user = user
|
104
110
|
end
|
105
111
|
|
@@ -142,11 +148,12 @@ module Merb
|
|
142
148
|
# Keeps track of strategies by class or string
|
143
149
|
# When loading from string, strategies are loaded withing the Merb::Authentication::Strategies namespace
|
144
150
|
# When loaded by class, the class is stored directly
|
151
|
+
# @private
|
145
152
|
def self.lookup_strategy
|
146
153
|
@strategy_lookup || reset_strategy_lookup!
|
147
154
|
end
|
148
155
|
|
149
|
-
# Restets the strategy lookup. Useful in
|
156
|
+
# Restets the strategy lookup. Useful in specs
|
150
157
|
def self.reset_strategy_lookup!
|
151
158
|
@strategy_lookup = Mash.new do |h,k|
|
152
159
|
case k
|
@@ -158,5 +165,26 @@ module Merb
|
|
158
165
|
end
|
159
166
|
end
|
160
167
|
|
168
|
+
# Maintains a list of keys to maintain when needing to keep some state
|
169
|
+
# in the face of session.abandon! You need to maintain this state yourself
|
170
|
+
# @public
|
171
|
+
def self.maintain_session_keys
|
172
|
+
@maintain_session_keys ||= [:authentication_strategies]
|
173
|
+
end
|
174
|
+
|
175
|
+
private
|
176
|
+
def run_after_authentication_callbacks(user, request, params)
|
177
|
+
Merb::Authentication.after_callbacks.each do |cb|
|
178
|
+
user = case cb
|
179
|
+
when Proc
|
180
|
+
cb.call(user, request, params)
|
181
|
+
when Symbol, String
|
182
|
+
user.send(cb)
|
183
|
+
end
|
184
|
+
break unless user
|
185
|
+
end
|
186
|
+
user
|
187
|
+
end
|
188
|
+
|
161
189
|
end # Merb::Authentication
|
162
190
|
end # Merb
|
@@ -0,0 +1,90 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "..", 'spec_helper.rb')
|
2
|
+
|
3
|
+
describe "Failed Login" do
|
4
|
+
|
5
|
+
before(:all) do
|
6
|
+
Merb::Config[:exception_details] = true
|
7
|
+
reset_exceptions!
|
8
|
+
class Exceptions < Merb::Controller
|
9
|
+
def unauthenticated
|
10
|
+
"Unauthenticated"
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
after(:all) do
|
16
|
+
reset_exceptions!
|
17
|
+
class Exceptions < Merb::Controller
|
18
|
+
def unauthenticated
|
19
|
+
"Unauthenticated"
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
Viking.captures.clear
|
24
|
+
end
|
25
|
+
|
26
|
+
def reset_exceptions!
|
27
|
+
Object.class_eval do
|
28
|
+
remove_const(:Exceptions) if defined?(Exceptions)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
before(:each) do
|
33
|
+
clear_strategies!
|
34
|
+
Viking.captures.clear
|
35
|
+
Merb::Router.reset!
|
36
|
+
Merb::Router.prepare do
|
37
|
+
match("/").to(:controller => "a_controller")
|
38
|
+
match("/login", :method => :put).to(:controller => "sessions", :action => :update)
|
39
|
+
end
|
40
|
+
|
41
|
+
class LOne < Merb::Authentication::Strategy
|
42
|
+
def run!
|
43
|
+
Viking.capture self.class
|
44
|
+
params[self.class.name.snake_case.gsub("::", "_")]
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
class LTwo < LOne; end
|
49
|
+
|
50
|
+
class LThree < LOne; end
|
51
|
+
|
52
|
+
class AController < Merb::Controller
|
53
|
+
before :ensure_authenticated, :with => [LThree]
|
54
|
+
def index
|
55
|
+
"INDEX OF AController"
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
class Sessions < Merb::Controller
|
60
|
+
before :ensure_authenticated
|
61
|
+
def update
|
62
|
+
"In the login action"
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
it "should fail login and then not try the default login on the second attempt but should try the original" do
|
68
|
+
r1 = request("/")
|
69
|
+
r1.status.should == 401
|
70
|
+
Viking.captures.should == ["LThree"]
|
71
|
+
Viking.captures.clear
|
72
|
+
r2 = request("/login", :method => "put", :params => {"l_three" => true})
|
73
|
+
r2.status.should == 200
|
74
|
+
Viking.captures.should == ["LThree"]
|
75
|
+
end
|
76
|
+
|
77
|
+
it "should not be able to fail many times and still work" do
|
78
|
+
3.times do
|
79
|
+
r1 = request("/")
|
80
|
+
r1.status.should == 401
|
81
|
+
Viking.captures.should == ["LThree"]
|
82
|
+
Viking.captures.clear
|
83
|
+
end
|
84
|
+
r2 = request("/login", :method => "put", :params => {"l_three" => true})
|
85
|
+
r2.status.should == 200
|
86
|
+
Viking.captures.should == ["LThree"]
|
87
|
+
end
|
88
|
+
|
89
|
+
|
90
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: merb-auth-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam French, Daniel Neighman
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-10-
|
12
|
+
date: 2008-10-29 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -20,7 +20,7 @@ dependencies:
|
|
20
20
|
requirements:
|
21
21
|
- - ~>
|
22
22
|
- !ruby/object:Gem::Version
|
23
|
-
version: 0.9.
|
23
|
+
version: 0.9.11
|
24
24
|
version:
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: extlib
|
@@ -68,6 +68,7 @@ files:
|
|
68
68
|
- spec/merb-auth-core/callbacks_spec.rb
|
69
69
|
- spec/merb-auth-core/customizations_spec.rb
|
70
70
|
- spec/merb-auth-core/errors_spec.rb
|
71
|
+
- spec/merb-auth-core/failed_login_spec.rb
|
71
72
|
- spec/merb-auth-core/merb-auth-core_spec.rb
|
72
73
|
- spec/merb-auth-core/router_helper_spec.rb
|
73
74
|
- spec/merb-auth-core/strategy_spec.rb
|