merb-auth-core 0.9.9

data/lib/merb-auth-core/errors.rb

@@ -0,0 +1,66 @@
+module Merb
+  class Authentication
+  
+    def errors
+      @errors ||= Errors.new
+    end
+
+    # Lifted from DataMapper's dm-validations plugin :)
+    # @author Guy van den Berg
+    # @since  DM 0.9
+    class Errors
+
+      include Enumerable
+
+      # Clear existing authentication errors.
+      def clear!
+        errors.clear
+      end
+
+      # Add a authentication error. Use the field_name :general if the errors does
+      # not apply to a specific field of the Resource.
+      #
+      # @param <Symbol> field_name the name of the field that caused the error
+      # @param <String> message    the message to add
+      def add(field_name, message)
+        (errors[field_name] ||= []) << message
+      end
+
+      # Collect all errors into a single list.
+      def full_messages
+        errors.inject([]) do |list,pair|
+          list += pair.last
+        end
+      end
+
+      # Return authentication errors for a particular field_name.
+      #
+      # @param <Symbol> field_name the name of the field you want an error for
+      def on(field_name)
+        errors_for_field = errors[field_name]
+        errors_for_field.blank? ? nil : errors_for_field
+      end
+
+      def each
+        errors.map.each do |k,v|
+          next if v.blank?
+          yield(v)
+        end
+      end
+
+      def empty?
+        entries.empty?
+      end
+
+      def method_missing(meth, *args, &block)
+        errors.send(meth, *args, &block)
+      end
+
+      private
+      def errors
+        @errors ||= {}
+      end
+
+    end # class Errors
+  end # Authentication
+end #  Merb

data/lib/merb-auth-core/merbtasks.rb

@@ -0,0 +1,6 @@
+namespace :"merb-auth_core" do
+  # desc "Do something for merb-auth-core"
+  # task :default do
+  #   puts "merb-auth-core doesn't do anything"
+  # end
+end

data/lib/merb-auth-core/responses.rb

@@ -0,0 +1,36 @@
+module Merb
+  # These are not intended to be used directly
+  class Authentication
+    attr_accessor :body
+    
+    def redirected?
+      !!headers["Location"]
+    end
+    
+    def headers
+      @headers ||= {}
+    end
+  
+    def status
+      @status ||= 200
+    end
+    
+    def status=(sts)
+      @status = sts
+    end
+  
+    def halted?
+      !!@halt
+    end
+    
+    def headers=(headers)
+      raise ArgumentError, "Need to supply a hash to headers.  Got #{headers.class}" unless headers.kind_of?(Hash)
+      @headers = headers
+    end
+    
+    def halt!
+      @halt = true
+    end
+  
+  end # Merb::Authentication
+end # Merb

data/lib/merb-auth-core/router_helper.rb

@@ -0,0 +1,25 @@
+Merb::Router.extensions do
+  
+  def authenticate(*strategies, &block)
+    p = Proc.new do |request, params|
+      if request.session.authenticated?
+        params
+      else
+        if strategies.blank?
+          result = request.session.authenticate!(request, params)
+        else
+          result = request.session.authenticate!(request, params, *strategies)
+        end
+      
+        if request.session.authentication.halted?
+          auth = request.session.authentication
+          [auth.status, auth.headers, auth.body]
+        else
+          params
+        end
+      end
+    end
+    defer(p, &block)
+  end
+  
+end

data/lib/merb-auth-core/session_mixin.rb

@@ -0,0 +1,57 @@
+module Merb
+  module Session
+  
+    def self.included(base)
+      base.send(:include, InstanceMethods)
+      base.send(:extend,  ClassMethods)
+    end
+  
+    module ClassMethods    
+    end # ClassMethods
+  
+    module InstanceMethods
+    
+      # Access to the authentication object directly.  Particularly useful
+      # for accessing the errors.
+      # 
+      # === Example
+      #
+      #    <%= error_messages_for session.authentication %>
+      # 
+      def authentication
+        @authentication ||= Merb::Authentication.new(self)
+      end
+    
+      # Check to see if the current session is authenticated
+      # @return true if authenticated.  false otherwise
+      def authenticated?
+        authentication.authenticated?
+      end
+    
+      # Authenticates the session via the authentication object. 
+      #
+      # See Merb::Authentication#authenticate for usage
+      def authenticate!(request, params, *rest)
+        authentication.authenticate!(request, params, *rest)
+      end
+    
+      # Provides access to the currently authenticated user.
+      def user
+        authentication.user
+      end
+    
+      # set the currently authenticated user manually
+      # Merb::Authentication#store_user should know how to store the object into the session
+      def user=(the_user)
+        authentication.user = the_user
+      end
+    
+      # Remove the user from the session and clear all data.
+      def abandon!
+        authentication.abandon!
+      end
+    
+    end # InstanceMethods
+  
+  end # Session
+end # Merb

data/lib/merb-auth-core/strategy.rb

@@ -0,0 +1,206 @@
+module Merb
+  class Authentication
+    cattr_reader   :strategies, :default_strategy_order, :registered_strategies
+    @@strategies, @@default_strategy_order, @@registered_strategies = [], [], {}
+  
+    # Use this to set the default order of strategies 
+    # if you need to in your application.  You don't need to use all avaiable strategies
+    # in this array, but you may not include a strategy that has not yet been defined.
+    # 
+    # @params [Merb::Authentiation::Strategy,Merb::Authentication::Strategy]
+    # 
+    # @public
+    def self.default_strategy_order=(*order)
+      order = order.flatten
+      bad = order.select{|s| !s.ancestors.include?(Strategy)}
+      raise ArgumentError, "#{bad.join(",")} do not inherit from Merb::Authentication::Strategy" unless bad.empty?
+      @@default_strategy_order = order
+    end
+  
+    # Allows for the registration of strategies.
+    # @params <Symbol, String>
+    #   +label+ The label is the label to identify this strategy
+    #   +path+  The path to the file containing the strategy.  This must be an absolute path!
+    # 
+    # Registering a strategy does not add it to the list of strategies to use
+    # it simply makes it available through the Merb::Authentication.activate method
+    # 
+    # This is for plugin writers to make a strategy availalbe but this should not
+    # stop you from declaring your own strategies
+    # 
+    # @plugin
+    def self.register(label, path)
+      self.registered_strategies[label] = path
+    end
+
+    # Activates a registered strategy by it's label.
+    # Intended for use with plugin authors.  There is little
+    # need to register your own strategies.  Just declare them
+    # and they will be active.
+    def self.activate!(label)
+      path = self.registered_strategies[label]
+      raise "The #{label} Strategy is not registered" unless path
+      require path
+    end
+  
+    # The Merb::Authentication::Strategy is where all the action happens in the merb-auth framework.
+    # Inherit from this class to setup your own strategy.  The strategy will automatically
+    # be placed in the default_strategy_order array, and will be included in the strategy runs.
+    #
+    # The strategy you implment should have a YourStrategy#run! method defined that returns
+    #   1. A user object if authenticated
+    #   2. nil if no authenticated user was found.
+    #
+    # === Example
+    #
+    #    class MyStrategy < Merb::Authentication::Strategy
+    #      def run!
+    #        u = User.get(params[:login])
+    #        u if u.authentic?(params[:password])
+    #      end
+    #    end
+    #
+    #
+    class Strategy
+      attr_accessor :request
+      attr_writer   :body
+    
+      class << self
+        def inherited(klass)
+          Merb::Authentication.strategies << klass
+          Merb::Authentication.default_strategy_order << klass
+        end
+    
+        # Use this to declare the strategy should run before another strategy
+        def before(strategy)
+          order =  Merb::Authentication.default_strategy_order
+          order.delete(self)
+          index = order.index(strategy)
+          order.insert(index,self)
+        end
+    
+        # Use this to declare the strategy should run after another strategy
+        def after(strategy)
+          order = Merb::Authentication.default_strategy_order
+          order.delete(self)
+          index = order.index(strategy)
+          index == order.size ? order << self : order.insert(index + 1, self)
+        end
+      
+        # Mark a strategy as abstract.  This means that a strategy will not
+        # ever be run as part of the authentication.  Instead this 
+        # will be available to inherit from as a way to share code.
+        # 
+        # You could for example setup a strategy to check for a particular kind of login
+        # and then have a subclass for each class type of user in your system.
+        # i.e. Customer / Staff, Student / Staff etc
+        def abstract!
+          @abstract = true
+        end
+    
+        # Asks is this strategy abstract. i.e. can it be run as part of the authentication
+        def abstract?
+          !!@abstract
+        end
+    
+      end # End class << self
+    
+      def initialize(request, params)
+        @request = request
+        @params  = params
+      end
+    
+      # An alias to the request.params hash
+      # Only rely on this hash to find any router params you are looking for.
+      # If looking for paramteres use request.params
+      def params
+        @params
+      end
+    
+      # An alials to the request.cookies hash
+      def cookies
+        request.cookies
+      end
+    
+      # An alias to the request.session hash
+      def session
+        request.session
+      end
+    
+      # Redirects causes the strategy to signal a redirect
+      # to the provided url.
+      # 
+      # ====Parameters
+      # url<String>:: The url to redirect to
+      # options<Hash>:: An options hash with the following keys:
+      #   +:permanent+ Set this to true to make the redirect permanent
+      #   +:status+ Set this to an integer for the status to return
+      def redirect!(url, opts = {})
+        self.headers["Location"] = url
+        self.status = opts[:permanent] ? 301 : 302
+        self.status = opts[:status] if opts[:status]
+        self.body   = opts[:message] || "<div>You are being redirected to <a href='#{url}'>#{url}</a></div>"
+        halt!
+        return true
+      end
+    
+      # Returns ture if the strategy redirected
+      def redirected?
+        !!headers["Location"]
+      end
+      
+      # Provides a place to put the status of the response
+      attr_accessor :status
+    
+      # Provides a place to put headers
+      def headers
+        @headers ||={}
+      end
+      
+      # Mark this strategy as complete for this request.  Will cause that no other
+      # strategies will be executed.  
+      def halt!
+        @halt = true
+      end
+      
+      # Checks to see if this strategy has been halted
+      def halted?
+        !!@halt
+      end
+      
+      
+      # Allows you to provide a body of content to return when halting
+      def body
+        @body || ""
+      end
+    
+      # This is the method that is called as the test for authentication and is where
+      # you put your code.
+      # 
+      # You must overwrite this method in your strategy
+      #
+      # @api overwritable
+      def run!
+        raise NotImplemented
+      end
+    
+      # Overwrite this method to scope a strategy to a particular user type
+      # you can use this with inheritance for example to try the same strategy
+      # on different user types
+      #
+      # By default, Merb::Authentication.user_class is used.  This method allows for 
+      # particular strategies to deal with a different type of user class.
+      #
+      # For example.  If Merb::Authentication.user_class is Customer
+      # and you have a PasswordStrategy, you can subclass the PasswordStrategy
+      # and change this method to return Staff.  Giving you a PasswordStrategy strategy
+      # for first Customer(s) and then Staff.  
+      #
+      # @api overwritable
+      def user_class
+        Merb::Authentication.user_class
+      end
+      
+    end # Strategy
+  end # Merb::Authentication
+end # Merb

data/lib/merb-auth-core.rb

@@ -0,0 +1,26 @@
+# make sure we're running inside Merb
+
+require 'extlib'
+
+require 'merb-auth-core/authentication'
+require 'merb-auth-core/strategy'
+require 'merb-auth-core/session_mixin'
+require 'merb-auth-core/errors'
+require 'merb-auth-core/responses'
+require 'merb-auth-core/authenticated_helper'
+require 'merb-auth-core/customizations'
+require 'merb-auth-core/bootloader'
+require 'merb-auth-core/router_helper'
+
+Merb::BootLoader.before_app_loads do
+  # require code that must be loaded before the application 
+  Merb::Controller.send(:include, Merb::AuthenticatedHelper)
+end
+
+Merb::BootLoader.after_app_loads do
+  # code that can be required after the application loads
+end
+
+Merb::Plugins.add_rakefiles "merb-auth-core/merbtasks"
+
+Merb.push_path(:lib_authentication, Merb.root / "merb" / "merb-auth")

data/spec/helpers/authentication_helper_spec.rb

@@ -0,0 +1,111 @@
+require File.join(File.dirname(__FILE__), "..", 'spec_helper.rb')
+
+describe "Merb::AuthenticationHelper" do
+  
+  class ControllerMock < Merb::Controller
+    before :ensure_authenticated
+  end
+  
+  before(:each) do
+    clear_strategies!
+    @controller = ControllerMock.new(fake_request)
+    @request = @controller.request
+    @session = @controller.session
+    @session.user = "WINNA"
+    Viking.captures.clear
+    
+    class Kone < Merb::Authentication::Strategy
+      def run!
+        puts params.inspect
+        Viking.capture(self.class)
+        params[self.class.name]
+      end
+    end
+    
+    class Ktwo < Kone; end
+    
+  end
+  
+  it "should not raise and Unauthenticated error" do
+    lambda do
+      @controller.send(:ensure_authenticated)
+    end.should_not raise_error(Merb::Controller::Unauthenticated)
+  end
+  
+  it "should raise an Unauthenticated error" do
+    @controller = ControllerMock.new(Merb::Request.new({}))
+    lambda do
+      @controller.send(:ensure_authenticated)
+    end.should raise_error(Merb::Controller::Unauthenticated)
+  end
+  
+  it "should run the authentication when testing if it is authenticated" do
+    @controller = ControllerMock.new(fake_request)
+    @controller.session.should_receive(:user).and_return(nil, "WINNA")
+    @controller.session.authentication.should_receive(:authenticate!).and_return("WINNA")
+    @controller.send(:ensure_authenticated)
+  end
+  
+  it "should accept and execute the provided strategies" do
+    # This allows using a before filter with specific arguments
+    # before :ensure_authenticated, :with => [Authenticaiton::OAuth, Merb::Authentication::BasicAuth]
+    controller = ControllerMock.new(fake_request)
+    controller.request.params["Ktwo"] = true
+    controller.send(:ensure_authenticated, Kone, Ktwo)
+    Viking.captures.should == %w( Kone Ktwo )
+  end
+  
+  describe "redirection" do
+    
+    before(:all) do
+      class FooController < Merb::Controller
+        before :ensure_authenticated
+        
+        def index; "FooController#index" end
+      end
+    end
+    
+    before(:each) do
+      class MyStrategy < Merb::Authentication::Strategy
+        def run!
+          if params[:url]
+            opts = {}
+            opts[:permanent] = true if params[:permanent]
+            opts[:status] = params[:status].to_i if params[:status]
+            !opts.empty? ? redirect!(params[:url], opts) : redirect!(params[:url])
+          elsif params[:fail]
+            nil
+          else
+            "WINNA"
+          end
+        end
+      end # MyStrategy
+      
+      Merb::Router.reset!
+      Merb::Router.prepare{ match("/").to(:controller => "foo_controller")}
+    end
+    
+    it "should redirect the controller to a Location if the strategy redirects" do
+      controller = get "/", :url => "/some/url"      
+      controller.headers["Location"].should == "/some/url"
+    end
+    
+    it "should use a 302 redirection by default" do
+      c = get "/", :url => "/some/url"
+      c.status.should == 302
+    end
+    
+    it "should use a 301 when marked as permanent" do
+      c = get "/", :url => "/some/url", :permanent => "true"
+      c.status.should == 301
+    end
+    
+    it "should use a custom status" do
+      c = get "/", :url => "/some/url", :status => 401
+      c.status.should == 401
+    end
+    
+    
+  end
+  
+end

data/spec/merb-auth-core/activation_fixture.rb

@@ -0,0 +1,2 @@
+class TheActivationTest
+end