merb-auth-core 0.9.10 → 0.9.11

data/Rakefile

@@ -58,7 +58,7 @@ task :gemspec do
 end
 
 desc "Run all specs"
-Spec::Rake::SpecTask.new("specs") do |t|
+Spec::Rake::SpecTask.new("spec") do |t|
   t.spec_opts = ["--format", "specdoc", "--colour"]
   t.spec_files = Dir["spec/**/*_spec.rb"].sort
   t.rcov = false

data/lib/merb-auth-core/authentication.rb

@@ -69,8 +69,20 @@ module Merb
     def authenticate!(request, params, *rest)
       opts = rest.last.kind_of?(Hash) ? rest.pop : {}
       rest = rest.flatten
-      strategies = rest.empty? ? Merb::Authentication.default_strategy_order : rest
-
+      
+      strategies = if rest.empty?
+        if request.session[:authentication_strategies] 
+          request.session[:authentication_strategies]
+        else
+          Merb::Authentication.default_strategy_order
+        end
+      else
+        request.session[:authentication_strategies] ||= []
+        request.session[:authentication_strategies] << rest
+        request.session[:authentication_strategies].flatten!.uniq!
+        request.session[:authentication_strategies]
+      end
+    
       msg = opts[:message] || error_message
       user = nil    
       # This one should find the first one that matches.  It should not run antother
@@ -87,19 +99,13 @@ module Merb
           user
         end
       end
+      
       # Check after callbacks to make sure the user is still cool
-      Merb::Authentication.after_callbacks.each do |cb|
-        user = case cb
-        when Proc
-          cb.call(user, request, params)
-        when Symbol, String
-          user.send(cb)
-        end
-        break unless user
-      end if user
+      user = run_after_authentication_callbacks(user, request, params) if user
       
       # Finally, Raise an error if there is no user found, or set it in the session if there is.
       raise Merb::Controller::Unauthenticated, msg unless user
+      session[:authentication_strategies] = nil # clear the session of Failed Strategies if login is successful      
       self.user = user
     end
   
@@ -142,11 +148,12 @@ module Merb
     # Keeps track of strategies by class or string
     # When loading from string, strategies are loaded withing the Merb::Authentication::Strategies namespace
     # When loaded by class, the class is stored directly
+    # @private
     def self.lookup_strategy
       @strategy_lookup || reset_strategy_lookup!
     end
     
-    # Restets the strategy lookup.  Useful in specsd
+    # Restets the strategy lookup.  Useful in specs
     def self.reset_strategy_lookup!
       @strategy_lookup = Mash.new do |h,k| 
         case k
@@ -158,5 +165,26 @@ module Merb
       end
     end
     
+    # Maintains a list of keys to maintain when needing to keep some state 
+    # in the face of session.abandon! You need to maintain this state yourself
+    # @public
+    def self.maintain_session_keys
+      @maintain_session_keys ||= [:authentication_strategies]
+    end
+    
+    private
+    def run_after_authentication_callbacks(user, request, params)
+      Merb::Authentication.after_callbacks.each do |cb|
+        user = case cb
+        when Proc
+          cb.call(user, request, params)
+        when Symbol, String
+          user.send(cb)
+        end
+        break unless user
+      end
+      user
+    end
+    
   end # Merb::Authentication
 end # Merb

data/spec/helpers/authentication_helper_spec.rb

@@ -16,7 +16,6 @@ describe "Merb::AuthenticationHelper" do
     
     class Kone < Merb::Authentication::Strategy
       def run!
-        puts params.inspect
         Viking.capture(self.class)
         params[self.class.name]
       end

data/spec/merb-auth-core/callbacks_spec.rb

@@ -43,7 +43,6 @@ describe "Authentication callbacks" do
     @request  = fake_request
     @params   = @request.params
     @auth     = Merb::Authentication.new(@request.session)
-    puts Merb::Authentication.strategies.inspect
   end
   
   after(:all) do

data/spec/merb-auth-core/failed_login_spec.rb

@@ -0,0 +1,90 @@
+require File.join(File.dirname(__FILE__), "..", 'spec_helper.rb')
+
+describe "Failed Login" do
+  
+  before(:all) do
+    Merb::Config[:exception_details] = true
+    reset_exceptions!
+    class Exceptions < Merb::Controller
+      def unauthenticated
+        "Unauthenticated"
+      end
+    end
+  end
+  
+  after(:all) do
+    reset_exceptions!
+    class Exceptions < Merb::Controller
+      def unauthenticated
+        "Unauthenticated"
+      end
+    end
+    
+    Viking.captures.clear
+  end
+  
+  def reset_exceptions!
+    Object.class_eval do
+      remove_const(:Exceptions) if defined?(Exceptions)
+    end
+  end
+  
+  before(:each) do
+    clear_strategies!
+    Viking.captures.clear
+    Merb::Router.reset!
+    Merb::Router.prepare do
+      match("/").to(:controller => "a_controller")
+      match("/login", :method => :put).to(:controller => "sessions", :action => :update)
+    end
+    
+    class LOne < Merb::Authentication::Strategy
+      def run!
+        Viking.capture self.class
+        params[self.class.name.snake_case.gsub("::", "_")]
+      end
+    end
+    
+    class LTwo < LOne; end
+    
+    class LThree < LOne; end
+    
+    class AController < Merb::Controller
+      before :ensure_authenticated, :with => [LThree]
+      def index
+        "INDEX OF AController"
+      end
+    end
+    
+    class Sessions < Merb::Controller
+      before :ensure_authenticated
+      def update
+        "In the login action"
+      end
+    end
+  end  
+  
+  it "should fail login and then not try the default login on the second attempt but should try the original" do
+    r1 = request("/")
+    r1.status.should == 401
+    Viking.captures.should == ["LThree"]
+    Viking.captures.clear
+    r2 = request("/login", :method => "put", :params => {"l_three" => true})
+    r2.status.should == 200
+    Viking.captures.should == ["LThree"]
+  end
+  
+  it "should not be able to fail many times and still work" do
+    3.times do 
+      r1 = request("/")
+      r1.status.should == 401
+      Viking.captures.should == ["LThree"]
+      Viking.captures.clear
+    end
+    r2 = request("/login", :method => "put", :params => {"l_three" => true})
+    r2.status.should == 200
+    Viking.captures.should == ["LThree"]
+  end
+  
+  
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: merb-auth-core
 version: !ruby/object:Gem::Version 
-  version: 0.9.10
+  version: 0.9.11
 platform: ruby
 authors: 
 - Adam French, Daniel Neighman
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-10-21 00:00:00 -07:00
+date: 2008-10-29 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 0.9.10
+        version: 0.9.11
     version: 
 - !ruby/object:Gem::Dependency 
   name: extlib
@@ -68,6 +68,7 @@ files:
 - spec/merb-auth-core/callbacks_spec.rb
 - spec/merb-auth-core/customizations_spec.rb
 - spec/merb-auth-core/errors_spec.rb
+- spec/merb-auth-core/failed_login_spec.rb
 - spec/merb-auth-core/merb-auth-core_spec.rb
 - spec/merb-auth-core/router_helper_spec.rb
 - spec/merb-auth-core/strategy_spec.rb