merb-auth-core 0.9.10 → 0.9.11

Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile CHANGED
@@ -58,7 +58,7 @@ task :gemspec do
58
58
  end
59
59
 
60
60
  desc "Run all specs"
61
- Spec::Rake::SpecTask.new("specs") do |t|
61
+ Spec::Rake::SpecTask.new("spec") do |t|
62
62
  t.spec_opts = ["--format", "specdoc", "--colour"]
63
63
  t.spec_files = Dir["spec/**/*_spec.rb"].sort
64
64
  t.rcov = false
@@ -69,8 +69,20 @@ module Merb
69
69
  def authenticate!(request, params, *rest)
70
70
  opts = rest.last.kind_of?(Hash) ? rest.pop : {}
71
71
  rest = rest.flatten
72
- strategies = rest.empty? ? Merb::Authentication.default_strategy_order : rest
73
-
72
+
73
+ strategies = if rest.empty?
74
+ if request.session[:authentication_strategies]
75
+ request.session[:authentication_strategies]
76
+ else
77
+ Merb::Authentication.default_strategy_order
78
+ end
79
+ else
80
+ request.session[:authentication_strategies] ||= []
81
+ request.session[:authentication_strategies] << rest
82
+ request.session[:authentication_strategies].flatten!.uniq!
83
+ request.session[:authentication_strategies]
84
+ end
85
+
74
86
  msg = opts[:message] || error_message
75
87
  user = nil
76
88
  # This one should find the first one that matches. It should not run antother
@@ -87,19 +99,13 @@ module Merb
87
99
  user
88
100
  end
89
101
  end
102
+
90
103
  # Check after callbacks to make sure the user is still cool
91
- Merb::Authentication.after_callbacks.each do |cb|
92
- user = case cb
93
- when Proc
94
- cb.call(user, request, params)
95
- when Symbol, String
96
- user.send(cb)
97
- end
98
- break unless user
99
- end if user
104
+ user = run_after_authentication_callbacks(user, request, params) if user
100
105
 
101
106
  # Finally, Raise an error if there is no user found, or set it in the session if there is.
102
107
  raise Merb::Controller::Unauthenticated, msg unless user
108
+ session[:authentication_strategies] = nil # clear the session of Failed Strategies if login is successful
103
109
  self.user = user
104
110
  end
105
111
 
@@ -142,11 +148,12 @@ module Merb
142
148
  # Keeps track of strategies by class or string
143
149
  # When loading from string, strategies are loaded withing the Merb::Authentication::Strategies namespace
144
150
  # When loaded by class, the class is stored directly
151
+ # @private
145
152
  def self.lookup_strategy
146
153
  @strategy_lookup || reset_strategy_lookup!
147
154
  end
148
155
 
149
- # Restets the strategy lookup. Useful in specsd
156
+ # Restets the strategy lookup. Useful in specs
150
157
  def self.reset_strategy_lookup!
151
158
  @strategy_lookup = Mash.new do |h,k|
152
159
  case k
@@ -158,5 +165,26 @@ module Merb
158
165
  end
159
166
  end
160
167
 
168
+ # Maintains a list of keys to maintain when needing to keep some state
169
+ # in the face of session.abandon! You need to maintain this state yourself
170
+ # @public
171
+ def self.maintain_session_keys
172
+ @maintain_session_keys ||= [:authentication_strategies]
173
+ end
174
+
175
+ private
176
+ def run_after_authentication_callbacks(user, request, params)
177
+ Merb::Authentication.after_callbacks.each do |cb|
178
+ user = case cb
179
+ when Proc
180
+ cb.call(user, request, params)
181
+ when Symbol, String
182
+ user.send(cb)
183
+ end
184
+ break unless user
185
+ end
186
+ user
187
+ end
188
+
161
189
  end # Merb::Authentication
162
190
  end # Merb
@@ -16,7 +16,6 @@ describe "Merb::AuthenticationHelper" do
16
16
 
17
17
  class Kone < Merb::Authentication::Strategy
18
18
  def run!
19
- puts params.inspect
20
19
  Viking.capture(self.class)
21
20
  params[self.class.name]
22
21
  end
@@ -43,7 +43,6 @@ describe "Authentication callbacks" do
43
43
  @request = fake_request
44
44
  @params = @request.params
45
45
  @auth = Merb::Authentication.new(@request.session)
46
- puts Merb::Authentication.strategies.inspect
47
46
  end
48
47
 
49
48
  after(:all) do
@@ -0,0 +1,90 @@
1
+ require File.join(File.dirname(__FILE__), "..", 'spec_helper.rb')
2
+
3
+ describe "Failed Login" do
4
+
5
+ before(:all) do
6
+ Merb::Config[:exception_details] = true
7
+ reset_exceptions!
8
+ class Exceptions < Merb::Controller
9
+ def unauthenticated
10
+ "Unauthenticated"
11
+ end
12
+ end
13
+ end
14
+
15
+ after(:all) do
16
+ reset_exceptions!
17
+ class Exceptions < Merb::Controller
18
+ def unauthenticated
19
+ "Unauthenticated"
20
+ end
21
+ end
22
+
23
+ Viking.captures.clear
24
+ end
25
+
26
+ def reset_exceptions!
27
+ Object.class_eval do
28
+ remove_const(:Exceptions) if defined?(Exceptions)
29
+ end
30
+ end
31
+
32
+ before(:each) do
33
+ clear_strategies!
34
+ Viking.captures.clear
35
+ Merb::Router.reset!
36
+ Merb::Router.prepare do
37
+ match("/").to(:controller => "a_controller")
38
+ match("/login", :method => :put).to(:controller => "sessions", :action => :update)
39
+ end
40
+
41
+ class LOne < Merb::Authentication::Strategy
42
+ def run!
43
+ Viking.capture self.class
44
+ params[self.class.name.snake_case.gsub("::", "_")]
45
+ end
46
+ end
47
+
48
+ class LTwo < LOne; end
49
+
50
+ class LThree < LOne; end
51
+
52
+ class AController < Merb::Controller
53
+ before :ensure_authenticated, :with => [LThree]
54
+ def index
55
+ "INDEX OF AController"
56
+ end
57
+ end
58
+
59
+ class Sessions < Merb::Controller
60
+ before :ensure_authenticated
61
+ def update
62
+ "In the login action"
63
+ end
64
+ end
65
+ end
66
+
67
+ it "should fail login and then not try the default login on the second attempt but should try the original" do
68
+ r1 = request("/")
69
+ r1.status.should == 401
70
+ Viking.captures.should == ["LThree"]
71
+ Viking.captures.clear
72
+ r2 = request("/login", :method => "put", :params => {"l_three" => true})
73
+ r2.status.should == 200
74
+ Viking.captures.should == ["LThree"]
75
+ end
76
+
77
+ it "should not be able to fail many times and still work" do
78
+ 3.times do
79
+ r1 = request("/")
80
+ r1.status.should == 401
81
+ Viking.captures.should == ["LThree"]
82
+ Viking.captures.clear
83
+ end
84
+ r2 = request("/login", :method => "put", :params => {"l_three" => true})
85
+ r2.status.should == 200
86
+ Viking.captures.should == ["LThree"]
87
+ end
88
+
89
+
90
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: merb-auth-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.10
4
+ version: 0.9.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam French, Daniel Neighman
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-10-21 00:00:00 -07:00
12
+ date: 2008-10-29 00:00:00 -07:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ~>
22
22
  - !ruby/object:Gem::Version
23
- version: 0.9.10
23
+ version: 0.9.11
24
24
  version:
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: extlib
@@ -68,6 +68,7 @@ files:
68
68
  - spec/merb-auth-core/callbacks_spec.rb
69
69
  - spec/merb-auth-core/customizations_spec.rb
70
70
  - spec/merb-auth-core/errors_spec.rb
71
+ - spec/merb-auth-core/failed_login_spec.rb
71
72
  - spec/merb-auth-core/merb-auth-core_spec.rb
72
73
  - spec/merb-auth-core/router_helper_spec.rb
73
74
  - spec/merb-auth-core/strategy_spec.rb