merb-auth-core 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,27 +1,27 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe "Authentication callbacks" do
4
-
4
+
5
5
  before(:each) do
6
6
  Merb::Authentication.after_callbacks.clear
7
7
  clear_strategies!
8
8
  Viking.captures.clear
9
-
10
- # A basic user model that has some simple methods
11
- # to set and aknowlege that it's been called
9
+
10
+ # A basic user model that has some simple methods
11
+ # to set and aknowlege that it's been called
12
12
  class AUser
13
13
  attr_accessor :active, :name
14
-
14
+
15
15
  def initialize(params)
16
16
  params.each do |k,v|
17
17
  instance_variable_set("@#{k}", v)
18
18
  end
19
19
  end
20
-
20
+
21
21
  def acknowledge(value)
22
22
  Viking.capture(value)
23
23
  end
24
-
24
+
25
25
  def acknowledge!(value = "default acknowledge")
26
26
  throw(:acknowledged, value)
27
27
  end
@@ -32,24 +32,24 @@ describe "Authentication callbacks" do
32
32
  end
33
33
  end
34
34
  end
35
-
35
+
36
36
  # Create a strategy to test the after stuff
37
37
  class MyStrategy < Merb::Authentication::Strategy
38
38
  def run!
39
39
  AUser.new(request.params[:user] || {}) unless request.params[:no_user]
40
40
  end
41
41
  end
42
-
42
+
43
43
  @request = fake_request
44
44
  @params = @request.params
45
45
  @auth = Merb::Authentication.new(@request.session)
46
46
  end
47
-
47
+
48
48
  after(:all) do
49
49
  clear_strategies!
50
50
  Merb::Authentication.after_callbacks.clear
51
51
  end
52
-
52
+
53
53
  it "should allow you to setup a callback as a block" do
54
54
  Merb::Authentication.after_authentication{ |user, request, params| user.acknowledge!("w00t threw it") }
55
55
  result = catch(:acknowledged) do
@@ -57,7 +57,7 @@ describe "Authentication callbacks" do
57
57
  end
58
58
  result.should == "w00t threw it"
59
59
  end
60
-
60
+
61
61
  it "should allow you to setup a callback as a method" do
62
62
  Merb::Authentication.after_authentication(:acknowledge!)
63
63
  result = catch(:acknowledged) do
@@ -65,7 +65,7 @@ describe "Authentication callbacks" do
65
65
  end
66
66
  result.should == "default acknowledge"
67
67
  end
68
-
68
+
69
69
  it "should allow many callbacks to be setup and executed" do
70
70
  Merb::Authentication.after_authentication{|u,r,p| u.acknowledge("first"); u}
71
71
  Merb::Authentication.after_authentication{|u,r,p| u.acknowledge("second"); u}
@@ -81,14 +81,14 @@ describe "Authentication callbacks" do
81
81
  end.should raise_error(Merb::Controller::Unauthenticated)
82
82
  Viking.captures.should == ["first"]
83
83
  end
84
-
84
+
85
85
  it "should raise an Unauthenticated if a callback returns nil" do
86
86
  Merb::Authentication.after_authentication{|u,r,p| nil }
87
87
  lambda do
88
88
  @request.session.authenticate!(@request,@params)
89
89
  end.should raise_error(Merb::Controller::Unauthenticated)
90
90
  end
91
-
91
+
92
92
  it "should not try to process the callbacks when no user is found" do
93
93
  Merb::Authentication.after_authentication{|u,r,p| u.acknowledge("first"); u}
94
94
  Merb::Authentication.after_authentication{|u,r,p| u.acknowledge("second"); u}
@@ -98,5 +98,5 @@ describe "Authentication callbacks" do
98
98
  end.should raise_error(Merb::Controller::Unauthenticated)
99
99
  Viking.captures.should be_empty
100
100
  end
101
-
101
+
102
102
  end
@@ -1,22 +1,22 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe "Merb::Authentication.customizations" do
4
-
4
+
5
5
  before(:each) do
6
6
  Merb::Authentication.default_customizations.clear
7
7
  end
8
-
8
+
9
9
  it "should allow addition to the customizations" do
10
10
  Merb::Authentication.customize_default { "ONE" }
11
11
  Merb::Authentication.default_customizations.first.call.should == "ONE"
12
12
  end
13
-
13
+
14
14
  it "should allow multiple additions to the customizations" do
15
15
  Merb::Authentication.customize_default {"ONE"}
16
16
  Merb::Authentication.customize_default {"TWO"}
17
-
17
+
18
18
  Merb::Authentication.default_customizations.first.call.should == "ONE"
19
19
  Merb::Authentication.default_customizations.last.call.should == "TWO"
20
20
  end
21
-
21
+
22
22
  end
@@ -1,31 +1,31 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Merb::Authentication::Errors do
4
-
4
+
5
5
  before(:each) do
6
6
  @errors = Merb::Authentication::Errors.new
7
7
  end
8
-
8
+
9
9
  it "should report that it is empty on first creation" do
10
10
  @errors.empty?.should == true
11
11
  end
12
-
12
+
13
13
  it "should continue to report that it is empty even after being checked" do
14
14
  @errors.on(:foo)
15
15
  @errors.empty?.should == true
16
16
  end
17
-
17
+
18
18
  it "should add an error" do
19
19
  @errors.add(:login, "Login or password incorrect")
20
20
  @errors[:login].should == ["Login or password incorrect"]
21
21
  end
22
-
22
+
23
23
  it "should allow many errors to be added to the same field" do
24
24
  @errors.add(:login, "bad 1")
25
25
  @errors.add(:login, "bad 2")
26
26
  @errors.on(:login).should == ["bad 1", "bad 2"]
27
27
  end
28
-
28
+
29
29
  it "should give the full messages for an error" do
30
30
  @errors.add(:login, "login wrong")
31
31
  @errors.add(:password, "password wrong")
@@ -33,16 +33,16 @@ describe Merb::Authentication::Errors do
33
33
  @errors.full_messages.should include(msg)
34
34
  end
35
35
  end
36
-
36
+
37
37
  it "should return the error for a specific field / label" do
38
38
  @errors.add(:login, "wrong")
39
39
  @errors.on(:login).should == ["wrong"]
40
40
  end
41
-
41
+
42
42
  it "should return nil for a specific field if it's not been set" do
43
43
  @errors.on(:not_there).should be_nil
44
44
  end
45
-
45
+
46
46
  it "should provide an errors instance method on the Authenticaiton instance" do
47
47
  a = Merb::Authentication.new(Merb::CookieSession.generate)
48
48
  a.errors.should be_a_kind_of(Merb::Authentication::Errors)
@@ -1,7 +1,7 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe "Failed Login" do
4
-
4
+
5
5
  before(:all) do
6
6
  Merb::Config[:exception_details] = true
7
7
  reset_exceptions!
@@ -11,7 +11,7 @@ describe "Failed Login" do
11
11
  end
12
12
  end
13
13
  end
14
-
14
+
15
15
  after(:all) do
16
16
  reset_exceptions!
17
17
  class Exceptions < Merb::Controller
@@ -19,16 +19,16 @@ describe "Failed Login" do
19
19
  "Unauthenticated"
20
20
  end
21
21
  end
22
-
22
+
23
23
  Viking.captures.clear
24
24
  end
25
-
25
+
26
26
  def reset_exceptions!
27
27
  Object.class_eval do
28
28
  remove_const(:Exceptions) if defined?(Exceptions)
29
29
  end
30
30
  end
31
-
31
+
32
32
  before(:each) do
33
33
  clear_strategies!
34
34
  Viking.captures.clear
@@ -37,33 +37,33 @@ describe "Failed Login" do
37
37
  match("/").to(:controller => "a_controller")
38
38
  match("/login", :method => :put).to(:controller => "sessions", :action => :update)
39
39
  end
40
-
40
+
41
41
  class LOne < Merb::Authentication::Strategy
42
42
  def run!
43
43
  Viking.capture self.class
44
44
  params[self.class.name.snake_case.gsub("::", "_")]
45
45
  end
46
46
  end
47
-
47
+
48
48
  class LTwo < LOne; end
49
-
49
+
50
50
  class LThree < LOne; end
51
-
51
+
52
52
  class AController < Merb::Controller
53
53
  before :ensure_authenticated, :with => [LThree]
54
54
  def index
55
55
  "INDEX OF AController"
56
56
  end
57
57
  end
58
-
58
+
59
59
  class Sessions < Merb::Controller
60
60
  before :ensure_authenticated
61
61
  def update
62
62
  "In the login action"
63
63
  end
64
64
  end
65
- end
66
-
65
+ end
66
+
67
67
  it "should fail login and then not try the default login on the second attempt but should try the original" do
68
68
  r1 = request("/")
69
69
  r1.status.should == 401
@@ -73,9 +73,9 @@ describe "Failed Login" do
73
73
  r2.status.should == 200
74
74
  Viking.captures.should == ["LThree"]
75
75
  end
76
-
76
+
77
77
  it "should not be able to fail many times and still work" do
78
- 3.times do
78
+ 3.times do
79
79
  r1 = request("/")
80
80
  r1.status.should == 401
81
81
  Viking.captures.should == ["LThree"]
@@ -85,6 +85,6 @@ describe "Failed Login" do
85
85
  r2.status.should == 200
86
86
  Viking.captures.should == ["LThree"]
87
87
  end
88
-
89
-
88
+
89
+
90
90
  end
@@ -6,7 +6,7 @@ describe "merb-auth-core" do
6
6
  controller.should_receive(:ensure_authenticated)
7
7
  end
8
8
  end
9
-
9
+
10
10
  it "should not ensure_authenticated when skipped" do
11
11
  dispatch_to(Dingbats, :index) do |controller|
12
12
  controller.should_not_receive(:ensure_authenticated)
@@ -6,17 +6,17 @@ describe "router protection" do
6
6
  class Foo < Merb::Controller
7
7
  def index; "INDEX"; end
8
8
  end
9
-
9
+
10
10
  clear_strategies!
11
-
11
+
12
12
  Object.class_eval do
13
13
  remove_const("Mone") if defined?(Mone)
14
14
  remove_const("Mtwo") if defined?(Mtwo)
15
15
  remove_const("Mthree") if defined?(Mthree)
16
16
  end
17
-
17
+
18
18
  Viking.captures.clear
19
-
19
+
20
20
  class Mone < Merb::Authentication::Strategy
21
21
  def run!
22
22
  Viking.capture self.class
@@ -27,7 +27,7 @@ describe "router protection" do
27
27
  end
28
28
  end
29
29
  end
30
-
30
+
31
31
  class Mthree < Mone; end
32
32
  class Mtwo < Mone; end
33
33
 
@@ -35,77 +35,77 @@ describe "router protection" do
35
35
  to(:controller => "foo") do
36
36
  authenticate do
37
37
  match("/single_level_default").register
38
-
38
+
39
39
  authenticate(Mtwo) do
40
40
  match("/nested_specific").register
41
41
  end
42
42
  end
43
-
43
+
44
44
  authenticate(Mtwo, Mone) do
45
45
  match("/single_level_specific").register
46
46
  end
47
47
  end
48
48
  end
49
49
  end
50
-
50
+
51
51
  describe "single level default" do
52
-
52
+
53
53
  it "should allow access to the controller if the strategy passes" do
54
54
  result = request("/single_level_default", :params => {"Mtwo" => true})
55
- result.body.should == "INDEX"
55
+ result.body.should == "INDEX"
56
56
  Viking.captures.should == %w(Mone Mthree Mtwo)
57
57
  end
58
-
58
+
59
59
  it "should fail if no strategies match" do
60
60
  result = request("/single_level_default")
61
61
  result.status.should == Merb::Controller::Unauthenticated.status
62
62
  end
63
-
63
+
64
64
  it "should set return a rack array if the strategy redirects" do
65
65
  result = request("/single_level_default", :params => {"url" => "/some/url"})
66
66
  result.status.should == 302
67
67
  result.body.should_not =="INDEX"
68
68
  end
69
69
  end
70
-
70
+
71
71
  describe "nested_specific" do
72
-
72
+
73
73
  it "should allow access to the controller if the strategy passes" do
74
74
  result = request("/nested_specific", :params => {"Mtwo" => true})
75
- result.body.should == "INDEX"
75
+ result.body.should == "INDEX"
76
76
  Viking.captures.should == %w(Mone Mthree Mtwo)
77
77
  end
78
-
78
+
79
79
  it "should fail if no strategies match" do
80
80
  result = request("/nested_specific")
81
81
  result.status.should == Merb::Controller::Unauthenticated.status
82
82
  end
83
-
83
+
84
84
  it "should set return a rack array if the strategy redirects" do
85
85
  result = request("/nested_specific", :params => {"url" => "/some/url"})
86
86
  result.status.should == 302
87
87
  result.body.should_not =="INDEX"
88
88
  end
89
89
  end
90
-
90
+
91
91
  describe "single_level_specific" do
92
-
92
+
93
93
  it "should allow access to the controller if the strategy passes" do
94
94
  result = request("/single_level_specific", :params => {"Mone" => true})
95
- result.body.should == "INDEX"
95
+ result.body.should == "INDEX"
96
96
  Viking.captures.should == %w(Mtwo Mone)
97
97
  end
98
-
98
+
99
99
  it "should fail if no strategies match" do
100
100
  result = request("/single_level_specific")
101
101
  result.status.should == Merb::Controller::Unauthenticated.status
102
102
  end
103
-
103
+
104
104
  it "should set return a rack array if the strategy redirects" do
105
105
  result = request("/single_level_specific", :params => {"url" => "/some/url"})
106
106
  result.status.should == 302
107
107
  result.body.should_not =="INDEX"
108
108
  end
109
109
  end
110
-
110
+
111
111
  end
@@ -1,25 +1,25 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe "Merb::Authentication::Strategy" do
4
-
4
+
5
5
  before(:all) do
6
6
  clear_strategies!
7
7
  end
8
-
8
+
9
9
  before(:each) do
10
10
  clear_strategies!
11
11
  end
12
-
12
+
13
13
  after(:all) do
14
14
  clear_strategies!
15
15
  end
16
-
16
+
17
17
  describe "adding a strategy" do
18
18
  it "should add a strategy" do
19
19
  class MyStrategy < Merb::Authentication::Strategy; end
20
20
  Merb::Authentication.strategies.should include(MyStrategy)
21
21
  end
22
-
22
+
23
23
  it "should keep track of the strategies" do
24
24
  class Sone < Merb::Authentication::Strategy; end
25
25
  class Stwo < Merb::Authentication::Strategy; end
@@ -27,13 +27,13 @@ describe "Merb::Authentication::Strategy" do
27
27
  Merb::Authentication.default_strategy_order.pop
28
28
  Merb::Authentication.strategies.should include(Sone, Stwo)
29
29
  end
30
-
30
+
31
31
  it "should add multiple strategies in order of decleration" do
32
32
  class Sone < Merb::Authentication::Strategy; end
33
33
  class Stwo < Merb::Authentication::Strategy; end
34
34
  Merb::Authentication.default_strategy_order.should == [Sone, Stwo]
35
35
  end
36
-
36
+
37
37
  it "should allow a strategy to be inserted _before_ another strategy in the default order" do
38
38
  class Sone < Merb::Authentication::Strategy; end
39
39
  class Stwo < Merb::Authentication::Strategy; end
@@ -41,7 +41,7 @@ describe "Merb::Authentication::Strategy" do
41
41
  Merb::Authentication.strategies.should include(AuthIntruder, Stwo, Sone)
42
42
  Merb::Authentication.default_strategy_order.should == [Sone, AuthIntruder, Stwo]
43
43
  end
44
-
44
+
45
45
  it "should allow a strategy to be inserted _after_ another strategy in the default order" do
46
46
  class Sone < Merb::Authentication::Strategy; end
47
47
  class Stwo < Merb::Authentication::Strategy; end
@@ -50,7 +50,7 @@ describe "Merb::Authentication::Strategy" do
50
50
  Merb::Authentication.default_strategy_order.should == [Sone, AuthIntruder, Stwo]
51
51
  end
52
52
  end
53
-
53
+
54
54
  describe "the default order" do
55
55
  it "should allow a user to overwrite the default order" do
56
56
  class Sone < Merb::Authentication::Strategy; end
@@ -58,7 +58,7 @@ describe "Merb::Authentication::Strategy" do
58
58
  Merb::Authentication.default_strategy_order = [Stwo]
59
59
  Merb::Authentication.default_strategy_order.should == [Stwo]
60
60
  end
61
-
61
+
62
62
  it "should get raise an error if any strategy is not an Merb::Authentication::Strategy" do
63
63
  class Sone < Merb::Authentication::Strategy; end
64
64
  class Stwo < Merb::Authentication::Strategy; end
@@ -75,107 +75,107 @@ describe "Merb::Authentication::Strategy" do
75
75
  Sone.new(request, request.params).run!
76
76
  end.should raise_error(Merb::Authentication::NotImplemented)
77
77
  end
78
-
78
+
79
79
  it "should not raise an implemented error if the run! method is defined on the subclass" do
80
80
  class Sone < Merb::Authentication::Strategy; def run!; end; end
81
81
  lambda do
82
82
  Sone.new("controller").run!
83
83
  end.should_not raise_error(Merb::Authentication::NotImplemented)
84
84
  end
85
-
85
+
86
86
  describe "convinience methods" do
87
-
87
+
88
88
  before(:each) do
89
- class Sone < Merb::Authentication::Strategy; def run!; end; end
89
+ class Sone < Merb::Authentication::Strategy; def run!; end; end
90
90
  @request = fake_request
91
91
  @strategy = Sone.new(@request, {:params => true})
92
92
  end
93
-
93
+
94
94
  it "should provide a params helper that defers to the controller" do
95
95
  @strategy.params.should == {:params => true }
96
96
  end
97
-
97
+
98
98
  it "should provide a cookies helper" do
99
99
  @request.should_receive(:cookies).and_return("COOKIES")
100
100
  @strategy.cookies.should == "COOKIES"
101
101
  end
102
-
102
+
103
103
  end
104
-
104
+
105
105
  describe "#user_class" do
106
-
106
+
107
107
  # This allows you to scope a particular strategy to a particular user class object
108
108
  # By inheriting you can add multiple user types to the authentication process
109
-
109
+
110
110
  before(:each) do
111
111
  class Sone < Merb::Authentication::Strategy; def run!; end; end
112
112
  class Stwo < Sone; end
113
-
113
+
114
114
  class Mone < Merb::Authentication::Strategy
115
115
  def user_class; String; end
116
116
  def run!; end
117
117
  end
118
118
  class Mtwo < Mone; end
119
-
119
+
120
120
  class Pone < Merb::Authentication::Strategy
121
121
  abstract!
122
122
  def user_class; Hash; end
123
123
  def special_method; true end
124
124
  end
125
125
  class Ptwo < Pone; end;
126
-
126
+
127
127
  @request = fake_request
128
128
  end
129
-
129
+
130
130
  it "should allow being set to an abstract strategy" do
131
131
  Pone.abstract?.should be_true
132
132
  end
133
-
133
+
134
134
  it "should not set the child class of an abstract class to be abstract" do
135
135
  Ptwo.abstract?.should be_false
136
136
  end
137
-
137
+
138
138
  it "should implement a user_class helper" do
139
139
  s = Sone.new(@request, @request.params)
140
140
  s.user_class.should == User
141
141
  end
142
-
142
+
143
143
  it "should make it into the strategies collection when subclassed from a subclass" do
144
144
  Merb::Authentication.strategies.should include(Mtwo)
145
145
  end
146
-
146
+
147
147
  it "should make it in the default_strategy_order when subclassed from a subclass" do
148
148
  Merb::Authentication.default_strategy_order.should include(Mtwo)
149
149
  end
150
-
150
+
151
151
  it "should defer to the Merb::Authentication.user_class if not over written" do
152
152
  Merb::Authentication.should_receive(:user_class).and_return(User)
153
153
  s = Sone.new(@request, @request.params)
154
154
  s.user_class
155
155
  end
156
-
156
+
157
157
  it "should inherit the user class from it's parent by default" do
158
158
  Merb::Authentication.should_receive(:user_class).and_return(User)
159
159
  s = Stwo.new(@request, @request.params)
160
160
  s.user_class.should == User
161
161
  end
162
-
162
+
163
163
  it "should inherit the user_class form it's parent when the parent defines a new one" do
164
164
  Merb::Authentication.should_not_receive(:user_class)
165
165
  m = Mtwo.new(@request, @request.params)
166
166
  m.user_class.should == String
167
167
  end
168
-
168
+
169
169
  end
170
-
170
+
171
171
  describe "#redirect!" do
172
-
172
+
173
173
  before(:all) do
174
174
  class FooController < Merb::Controller
175
175
  def index; "FooController#index" end
176
176
  end
177
177
  end
178
-
178
+
179
179
  before(:each) do
180
180
  class MyStrategy < Merb::Authentication::Strategy
181
181
  def run!
@@ -186,89 +186,89 @@ describe "Merb::Authentication::Strategy" do
186
186
  end
187
187
  end
188
188
  end # MyStrategy
189
-
189
+
190
190
  Merb::Router.reset!
191
191
  Merb::Router.prepare{ match("/").to(:controller => "foo_controller")}
192
192
  @request = fake_request
193
193
  @s = MyStrategy.new(@request, @request.params)
194
194
  end
195
-
195
+
196
196
  it "allow for a redirect!" do
197
197
  @s.redirect!("/somewhere")
198
198
  @s.headers["Location"].should == "/somewhere"
199
199
  end
200
-
200
+
201
201
  it "should provide access to setting the headers" do
202
202
  @s.headers["Location"] = "/a/url"
203
203
  @s.headers["Location"].should == "/a/url"
204
204
  end
205
-
205
+
206
206
  it "should allow access to the setting header" do
207
207
  @s.status = 403
208
208
  @s.status.should == 403
209
209
  end
210
-
210
+
211
211
  it "should return nil for the Location if it is not redirected" do
212
212
  @s.should_not be_redirected
213
213
  @s.headers["Location"].should be_nil
214
214
  end
215
-
215
+
216
216
  it "should pass through the options to the redirect options" do
217
217
  @s.redirect!("/somewhere", :status => 401)
218
218
  @s.headers["Location"].should == "/somewhere"
219
219
  @s.status.should == 401
220
220
  end
221
-
221
+
222
222
  it "should set a redirect with a permanent true" do
223
223
  @s.redirect!("/somewhere", :permanent => true)
224
224
  @s.status.should == 301
225
225
  end
226
-
226
+
227
227
  it "should be redirected?" do
228
228
  @s.should_not be_redirected
229
229
  @s.redirect!("/somewhere")
230
230
  @s.should be_redirected
231
231
  end
232
-
232
+
233
233
  it "should set the strategy to halted" do
234
234
  @s.redirect!("/somewhere")
235
235
  @s.should be_halted
236
236
  end
237
-
237
+
238
238
  it "should halt a strategy" do
239
239
  @s.should_not be_halted
240
240
  @s.halt!
241
241
  @s.should be_halted
242
242
  end
243
-
243
+
244
244
  it "should allow a body to be set" do
245
245
  @s.body = "body"
246
246
  @s.body.should == "body"
247
247
  end
248
-
248
+
249
249
  end
250
-
250
+
251
251
  describe "register strategies" do
252
-
252
+
253
253
  it "should allow for a strategy to be registered" do
254
254
  Merb::Authentication.register(:test_one, "/path/to/strategy")
255
255
  Merb::Authentication.registered_strategies[:test_one].should == "/path/to/strategy"
256
256
  end
257
-
257
+
258
258
  it "should activate a strategy" do
259
259
  Merb::Authentication.register(:test_activation, File.expand_path(File.dirname(__FILE__)) / "activation_fixture")
260
260
  defined?(TheActivationTest).should be_nil
261
261
  Merb::Authentication.activate!(:test_activation)
262
262
  defined?(TheActivationTest).should_not be_nil
263
263
  end
264
-
264
+
265
265
  it "should raise if the strategy is not registered" do
266
266
  lambda do
267
267
  Merb::Authentication.activate!(:not_here)
268
268
  end.should raise_error
269
269
  end
270
-
271
-
270
+
271
+
272
272
  end
273
-
273
+
274
274
  end