merb-auth-more 0.9.10 → 0.9.11

data/Rakefile

@@ -58,7 +58,7 @@ task :gemspec do
 end
 
 desc "Run all specs"
-Spec::Rake::SpecTask.new("specs") do |t|
+Spec::Rake::SpecTask.new("spec") do |t|
   t.spec_opts = ["--format", "specdoc", "--colour"]
   t.spec_files = Dir["spec/**/*_spec.rb"].sort
   t.rcov = false

data/lib/merb-auth-more/mixins/redirect_back.rb

@@ -25,12 +25,12 @@ module Merb::AuthenticatedHelper
   #
   # set the ignore url via an :ignore option in the opts hash.
   def redirect_back_or(default_url, opts = {})
-    if session.authentication.return_to_url && ![opts[:ignore]].flatten.include?(session.authentication.return_to_url)
-      redirect session.authentication.return_to_url, opts
+    if !session[:return_to].blank? && ![opts[:ignore]].flatten.include?(session[:return_to].first)
+      redirect session[:return_to].first, opts
+      session[:return_to] = nil
     else
       redirect default_url, opts
     end
-    session.authentication.return_to_url = nil
     "Redirecting to <a href='#{default_url}'>#{default_url}</a>"
   end
   
@@ -49,23 +49,30 @@ module Merb::Authentication::Mixins
     
     private   
     def _set_return_to
-      session.authentication.return_to_url ||= request.uri unless request.exceptions.blank?
+      unless request.exceptions.blank?
+        session[:return_to] ||= []
+        session[:return_to] << request.uri
+        session[:return_to]
+      end
     end
 
   end # RedirectBack
 end # Merb::Authentication::Mixins
 
 # Adds required methods to  the Authentication object for redirection
-class Merb::Authentication
-
-  def return_to_url
-    @return_to_url ||= session[:return_to]
-  end
-  
-  def return_to_url=(return_url)
-    @return_to_url = session[:return_to] = return_url
-  end
+Merb::BootLoader.after_app_loads do
+  Merb::Authentication.maintain_session_keys << :return_to
 end
+# class Merb::Authentication
+# 
+#   def return_to_url
+#     @return_to_url ||= session[:return_to]
+#   end
+#   
+#   def return_to_url=(return_url)
+#     @return_to_url = session[:return_to] = return_url
+#   end
+# end
 
 # Mixin the RedirectBack mixin before the after_app_loads block (i.e. make sure there is an exceptions controller)
 Merb::Authentication.customize_default do

data/spec/mixins/redirect_back_spec.rb

@@ -4,80 +4,94 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "..", ".." ,"lib", "
 describe "redirect_back" do
   
   before(:all) do
+    Merb::Config[:exception_details] = true
     clear_strategies!
+    Merb::Router.reset!
+    Merb::Router.prepare do
+      match("/login", :method => :get).to(:controller => "exceptions", :action => "unauthenticated").name(:login)
+      match("/login", :method => :put).to(:controller => "sessions", :action => "update")
+      match("/go_back").to(:controller => "my_controller")
+      match("/").to(:controller => "my_controller")
+      match("/logout", :method => :delete).to(:controller => "sessions", :action => "destroy")
+    end
     
     class Merb::Authentication
       def store_user(user); user; end
       def fetch_user(session_info); session_info; end
     end
     
-    class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
+    # class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
+    class MyStrategy < Merb::Authentication::Strategy
+      def run!
+        params[:pass_auth] = false if params[:pass_auth] == "false"
+        params[:pass_auth]
+      end
+    end
     
     class Application < Merb::Controller; end
     
     class Exceptions < Merb::Controller
       include Merb::Authentication::Mixins::RedirectBack
+      
       def unauthenticated; end
+
+    end
+    
+    class Sessions < Merb::Controller
+      before :ensure_authenticated
+      def update
+        redirect_back_or "/", :ignore => [url(:login)]
+      end
+      
+      def destroy
+        session.abandon!
+      end      
     end
 
     class MyController < Application
       before :ensure_authenticated
-      def index; "HERE!" end
+      def index
+        "IN MY CONTROLLER"
+      end
     end
+
   end 
   
+  def login
+    request("/login", :method => "put", :params => {:pass_auth => true})
+  end
+  
   it "should set the return_to in the session when sent to the exceptions controller from a failed login" do
-    controller = dispatch_to(Exceptions, :unauthenticated, {}, {:user => "winna", :request_uri => "go_back"}) do |c|
-      c.request.exceptions =  [Merb::Controller::Unauthenticated.new]
-    end
-    controller.session.authentication.return_to_url.should == "go_back"
+    r = request("/go_back") 
+    r.status.should == Merb::Controller::Unauthenticated.status
+    r2 = login
+    r2.should redirect_to("/go_back")
   end
   
   it  "should not set the return_to in the session when deliberately going to unauthenticated" do
-    controller = dispatch_to(Exceptions, :unauthenticated, {}, {:user => "winna", :request_uri => "don't_go_back"}) do |c|
-      c.request.exceptions = []
-    end
-    controller.session.authentication.return_to_url.should be_nil
+    r = login
+    r.should redirect_to("/")
   end
   
-  it "should not set the return_to when loggin into a controller directly" do 
-    controller = dispatch_to(MyController, :index, {}, :user => "winna", :request_uri => "NOOO")
-    controller.session.authentication.return_to_url.should be_nil
+  it "should still redirect to the original even if it's failed many times" do
+    request("/go_back")
+    request("/login", :method => "put", :params => {:pass_auth => false})
+    request("/login", :method => "put", :params => {:pass_auth => false})
+    request("/login", :method => "put", :params => {:pass_auth => false})
+    r = login
+    r.should redirect_to("/go_back")
   end
-  
-  describe "redirect_back helper" do
-    
-    before(:each) do
-      @with_redirect = dispatch_to(Exceptions, :unauthenticated, {}, :user => "WINNA", :request_uri => "request_uri") do |c|
-        c.request.exceptions = [Merb::Controller::Unauthenticated.new]
-      end
-      @no_redirect = dispatch_to(MyController, :index, {}, :user => "winna", :request_uri => "NOOO")
-    end
-    
-    it "should provide the url stored in the session" do
-      @with_redirect.session.authentication.return_to_url.should == "request_uri"
-      @with_redirect.redirect_back_or("/some/path")
-      @with_redirect.headers["Location"].should == "request_uri"
-    end
-    
-    it "should provide the url passed in by default when there is no return_to" do
-      @no_redirect.session.authentication.return_to_url.should be_nil
-      @no_redirect.redirect_back_or("/some/path")
-      @no_redirect.headers["Location"].should ==  "/some/path"
-    end
-    
-    it "should wipe out the return_to in the session after the redirect" do
-      @with_redirect.session.authentication.return_to_url.should == "request_uri"
-      @with_redirect.redirect_back_or("somewhere")
-      @with_redirect.headers["Location"].should == "request_uri"
-      @with_redirect.session.authentication.return_to_url.should be_nil
-    end
-    
-    it "should ignore a return_to if it's the same as the ignore url" do
-      @with_redirect.redirect_back_or("somewhere", :ignore => "request_uri")
-      @with_redirect.headers["Location"].should == "somewhere"
-    end
-     
+
+  it "should not redirect back to a previous redirect back after being logged out" do
+    request("/go_back")
+    request("/login", :method => "put", :params => {:pass_auth => false})
+    request("/login", :method => "put", :params => {:pass_auth => false})
+    request("/login", :method => "put", :params => {:pass_auth => false})
+    r = login
+    r.should redirect_to("/go_back")
+    request("/logout", :method => "delete")
+    r = login
+    r.should redirect_to("/")
   end
   
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: merb-auth-more
 version: !ruby/object:Gem::Version 
-  version: 0.9.10
+  version: 0.9.11
 platform: ruby
 authors: 
 - Daniel Neighman
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-10-21 00:00:00 -07:00
+date: 2008-10-29 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.9.10
+        version: 0.9.11
     version: 
 description: Additional resources for use with the merb-auth-core authentication framework.
 email: has.sox@gmail.com