merb-auth-more 0.9.10 → 0.9.11

Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile CHANGED
@@ -58,7 +58,7 @@ task :gemspec do
58
58
  end
59
59
 
60
60
  desc "Run all specs"
61
- Spec::Rake::SpecTask.new("specs") do |t|
61
+ Spec::Rake::SpecTask.new("spec") do |t|
62
62
  t.spec_opts = ["--format", "specdoc", "--colour"]
63
63
  t.spec_files = Dir["spec/**/*_spec.rb"].sort
64
64
  t.rcov = false
@@ -25,12 +25,12 @@ module Merb::AuthenticatedHelper
25
25
  #
26
26
  # set the ignore url via an :ignore option in the opts hash.
27
27
  def redirect_back_or(default_url, opts = {})
28
- if session.authentication.return_to_url && ![opts[:ignore]].flatten.include?(session.authentication.return_to_url)
29
- redirect session.authentication.return_to_url, opts
28
+ if !session[:return_to].blank? && ![opts[:ignore]].flatten.include?(session[:return_to].first)
29
+ redirect session[:return_to].first, opts
30
+ session[:return_to] = nil
30
31
  else
31
32
  redirect default_url, opts
32
33
  end
33
- session.authentication.return_to_url = nil
34
34
  "Redirecting to <a href='#{default_url}'>#{default_url}</a>"
35
35
  end
36
36
 
@@ -49,23 +49,30 @@ module Merb::Authentication::Mixins
49
49
 
50
50
  private
51
51
  def _set_return_to
52
- session.authentication.return_to_url ||= request.uri unless request.exceptions.blank?
52
+ unless request.exceptions.blank?
53
+ session[:return_to] ||= []
54
+ session[:return_to] << request.uri
55
+ session[:return_to]
56
+ end
53
57
  end
54
58
 
55
59
  end # RedirectBack
56
60
  end # Merb::Authentication::Mixins
57
61
 
58
62
  # Adds required methods to the Authentication object for redirection
59
- class Merb::Authentication
60
-
61
- def return_to_url
62
- @return_to_url ||= session[:return_to]
63
- end
64
-
65
- def return_to_url=(return_url)
66
- @return_to_url = session[:return_to] = return_url
67
- end
63
+ Merb::BootLoader.after_app_loads do
64
+ Merb::Authentication.maintain_session_keys << :return_to
68
65
  end
66
+ # class Merb::Authentication
67
+ #
68
+ # def return_to_url
69
+ # @return_to_url ||= session[:return_to]
70
+ # end
71
+ #
72
+ # def return_to_url=(return_url)
73
+ # @return_to_url = session[:return_to] = return_url
74
+ # end
75
+ # end
69
76
 
70
77
  # Mixin the RedirectBack mixin before the after_app_loads block (i.e. make sure there is an exceptions controller)
71
78
  Merb::Authentication.customize_default do
@@ -4,80 +4,94 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "..", ".." ,"lib", "
4
4
  describe "redirect_back" do
5
5
 
6
6
  before(:all) do
7
+ Merb::Config[:exception_details] = true
7
8
  clear_strategies!
9
+ Merb::Router.reset!
10
+ Merb::Router.prepare do
11
+ match("/login", :method => :get).to(:controller => "exceptions", :action => "unauthenticated").name(:login)
12
+ match("/login", :method => :put).to(:controller => "sessions", :action => "update")
13
+ match("/go_back").to(:controller => "my_controller")
14
+ match("/").to(:controller => "my_controller")
15
+ match("/logout", :method => :delete).to(:controller => "sessions", :action => "destroy")
16
+ end
8
17
 
9
18
  class Merb::Authentication
10
19
  def store_user(user); user; end
11
20
  def fetch_user(session_info); session_info; end
12
21
  end
13
22
 
14
- class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
23
+ # class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
24
+ class MyStrategy < Merb::Authentication::Strategy
25
+ def run!
26
+ params[:pass_auth] = false if params[:pass_auth] == "false"
27
+ params[:pass_auth]
28
+ end
29
+ end
15
30
 
16
31
  class Application < Merb::Controller; end
17
32
 
18
33
  class Exceptions < Merb::Controller
19
34
  include Merb::Authentication::Mixins::RedirectBack
35
+
20
36
  def unauthenticated; end
37
+
38
+ end
39
+
40
+ class Sessions < Merb::Controller
41
+ before :ensure_authenticated
42
+ def update
43
+ redirect_back_or "/", :ignore => [url(:login)]
44
+ end
45
+
46
+ def destroy
47
+ session.abandon!
48
+ end
21
49
  end
22
50
 
23
51
  class MyController < Application
24
52
  before :ensure_authenticated
25
- def index; "HERE!" end
53
+ def index
54
+ "IN MY CONTROLLER"
55
+ end
26
56
  end
57
+
27
58
  end
28
59
 
60
+ def login
61
+ request("/login", :method => "put", :params => {:pass_auth => true})
62
+ end
63
+
29
64
  it "should set the return_to in the session when sent to the exceptions controller from a failed login" do
30
- controller = dispatch_to(Exceptions, :unauthenticated, {}, {:user => "winna", :request_uri => "go_back"}) do |c|
31
- c.request.exceptions = [Merb::Controller::Unauthenticated.new]
32
- end
33
- controller.session.authentication.return_to_url.should == "go_back"
65
+ r = request("/go_back")
66
+ r.status.should == Merb::Controller::Unauthenticated.status
67
+ r2 = login
68
+ r2.should redirect_to("/go_back")
34
69
  end
35
70
 
36
71
  it "should not set the return_to in the session when deliberately going to unauthenticated" do
37
- controller = dispatch_to(Exceptions, :unauthenticated, {}, {:user => "winna", :request_uri => "don't_go_back"}) do |c|
38
- c.request.exceptions = []
39
- end
40
- controller.session.authentication.return_to_url.should be_nil
72
+ r = login
73
+ r.should redirect_to("/")
41
74
  end
42
75
 
43
- it "should not set the return_to when loggin into a controller directly" do
44
- controller = dispatch_to(MyController, :index, {}, :user => "winna", :request_uri => "NOOO")
45
- controller.session.authentication.return_to_url.should be_nil
76
+ it "should still redirect to the original even if it's failed many times" do
77
+ request("/go_back")
78
+ request("/login", :method => "put", :params => {:pass_auth => false})
79
+ request("/login", :method => "put", :params => {:pass_auth => false})
80
+ request("/login", :method => "put", :params => {:pass_auth => false})
81
+ r = login
82
+ r.should redirect_to("/go_back")
46
83
  end
47
-
48
- describe "redirect_back helper" do
49
-
50
- before(:each) do
51
- @with_redirect = dispatch_to(Exceptions, :unauthenticated, {}, :user => "WINNA", :request_uri => "request_uri") do |c|
52
- c.request.exceptions = [Merb::Controller::Unauthenticated.new]
53
- end
54
- @no_redirect = dispatch_to(MyController, :index, {}, :user => "winna", :request_uri => "NOOO")
55
- end
56
-
57
- it "should provide the url stored in the session" do
58
- @with_redirect.session.authentication.return_to_url.should == "request_uri"
59
- @with_redirect.redirect_back_or("/some/path")
60
- @with_redirect.headers["Location"].should == "request_uri"
61
- end
62
-
63
- it "should provide the url passed in by default when there is no return_to" do
64
- @no_redirect.session.authentication.return_to_url.should be_nil
65
- @no_redirect.redirect_back_or("/some/path")
66
- @no_redirect.headers["Location"].should == "/some/path"
67
- end
68
-
69
- it "should wipe out the return_to in the session after the redirect" do
70
- @with_redirect.session.authentication.return_to_url.should == "request_uri"
71
- @with_redirect.redirect_back_or("somewhere")
72
- @with_redirect.headers["Location"].should == "request_uri"
73
- @with_redirect.session.authentication.return_to_url.should be_nil
74
- end
75
-
76
- it "should ignore a return_to if it's the same as the ignore url" do
77
- @with_redirect.redirect_back_or("somewhere", :ignore => "request_uri")
78
- @with_redirect.headers["Location"].should == "somewhere"
79
- end
80
-
84
+
85
+ it "should not redirect back to a previous redirect back after being logged out" do
86
+ request("/go_back")
87
+ request("/login", :method => "put", :params => {:pass_auth => false})
88
+ request("/login", :method => "put", :params => {:pass_auth => false})
89
+ request("/login", :method => "put", :params => {:pass_auth => false})
90
+ r = login
91
+ r.should redirect_to("/go_back")
92
+ request("/logout", :method => "delete")
93
+ r = login
94
+ r.should redirect_to("/")
81
95
  end
82
96
 
83
97
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: merb-auth-more
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.10
4
+ version: 0.9.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Neighman
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-10-21 00:00:00 -07:00
12
+ date: 2008-10-29 00:00:00 -07:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
- version: 0.9.10
23
+ version: 0.9.11
24
24
  version:
25
25
  description: Additional resources for use with the merb-auth-core authentication framework.
26
26
  email: has.sox@gmail.com