merb-auth-more 0.9.10 → 0.9.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/Rakefile CHANGED
@@ -58,7 +58,7 @@ task :gemspec do
58
58
  end
59
59
 
60
60
  desc "Run all specs"
61
- Spec::Rake::SpecTask.new("specs") do |t|
61
+ Spec::Rake::SpecTask.new("spec") do |t|
62
62
  t.spec_opts = ["--format", "specdoc", "--colour"]
63
63
  t.spec_files = Dir["spec/**/*_spec.rb"].sort
64
64
  t.rcov = false
@@ -25,12 +25,12 @@ module Merb::AuthenticatedHelper
25
25
  #
26
26
  # set the ignore url via an :ignore option in the opts hash.
27
27
  def redirect_back_or(default_url, opts = {})
28
- if session.authentication.return_to_url && ![opts[:ignore]].flatten.include?(session.authentication.return_to_url)
29
- redirect session.authentication.return_to_url, opts
28
+ if !session[:return_to].blank? && ![opts[:ignore]].flatten.include?(session[:return_to].first)
29
+ redirect session[:return_to].first, opts
30
+ session[:return_to] = nil
30
31
  else
31
32
  redirect default_url, opts
32
33
  end
33
- session.authentication.return_to_url = nil
34
34
  "Redirecting to <a href='#{default_url}'>#{default_url}</a>"
35
35
  end
36
36
 
@@ -49,23 +49,30 @@ module Merb::Authentication::Mixins
49
49
 
50
50
  private
51
51
  def _set_return_to
52
- session.authentication.return_to_url ||= request.uri unless request.exceptions.blank?
52
+ unless request.exceptions.blank?
53
+ session[:return_to] ||= []
54
+ session[:return_to] << request.uri
55
+ session[:return_to]
56
+ end
53
57
  end
54
58
 
55
59
  end # RedirectBack
56
60
  end # Merb::Authentication::Mixins
57
61
 
58
62
  # Adds required methods to the Authentication object for redirection
59
- class Merb::Authentication
60
-
61
- def return_to_url
62
- @return_to_url ||= session[:return_to]
63
- end
64
-
65
- def return_to_url=(return_url)
66
- @return_to_url = session[:return_to] = return_url
67
- end
63
+ Merb::BootLoader.after_app_loads do
64
+ Merb::Authentication.maintain_session_keys << :return_to
68
65
  end
66
+ # class Merb::Authentication
67
+ #
68
+ # def return_to_url
69
+ # @return_to_url ||= session[:return_to]
70
+ # end
71
+ #
72
+ # def return_to_url=(return_url)
73
+ # @return_to_url = session[:return_to] = return_url
74
+ # end
75
+ # end
69
76
 
70
77
  # Mixin the RedirectBack mixin before the after_app_loads block (i.e. make sure there is an exceptions controller)
71
78
  Merb::Authentication.customize_default do
@@ -4,80 +4,94 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "..", ".." ,"lib", "
4
4
  describe "redirect_back" do
5
5
 
6
6
  before(:all) do
7
+ Merb::Config[:exception_details] = true
7
8
  clear_strategies!
9
+ Merb::Router.reset!
10
+ Merb::Router.prepare do
11
+ match("/login", :method => :get).to(:controller => "exceptions", :action => "unauthenticated").name(:login)
12
+ match("/login", :method => :put).to(:controller => "sessions", :action => "update")
13
+ match("/go_back").to(:controller => "my_controller")
14
+ match("/").to(:controller => "my_controller")
15
+ match("/logout", :method => :delete).to(:controller => "sessions", :action => "destroy")
16
+ end
8
17
 
9
18
  class Merb::Authentication
10
19
  def store_user(user); user; end
11
20
  def fetch_user(session_info); session_info; end
12
21
  end
13
22
 
14
- class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
23
+ # class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
24
+ class MyStrategy < Merb::Authentication::Strategy
25
+ def run!
26
+ params[:pass_auth] = false if params[:pass_auth] == "false"
27
+ params[:pass_auth]
28
+ end
29
+ end
15
30
 
16
31
  class Application < Merb::Controller; end
17
32
 
18
33
  class Exceptions < Merb::Controller
19
34
  include Merb::Authentication::Mixins::RedirectBack
35
+
20
36
  def unauthenticated; end
37
+
38
+ end
39
+
40
+ class Sessions < Merb::Controller
41
+ before :ensure_authenticated
42
+ def update
43
+ redirect_back_or "/", :ignore => [url(:login)]
44
+ end
45
+
46
+ def destroy
47
+ session.abandon!
48
+ end
21
49
  end
22
50
 
23
51
  class MyController < Application
24
52
  before :ensure_authenticated
25
- def index; "HERE!" end
53
+ def index
54
+ "IN MY CONTROLLER"
55
+ end
26
56
  end
57
+
27
58
  end
28
59
 
60
+ def login
61
+ request("/login", :method => "put", :params => {:pass_auth => true})
62
+ end
63
+
29
64
  it "should set the return_to in the session when sent to the exceptions controller from a failed login" do
30
- controller = dispatch_to(Exceptions, :unauthenticated, {}, {:user => "winna", :request_uri => "go_back"}) do |c|
31
- c.request.exceptions = [Merb::Controller::Unauthenticated.new]
32
- end
33
- controller.session.authentication.return_to_url.should == "go_back"
65
+ r = request("/go_back")
66
+ r.status.should == Merb::Controller::Unauthenticated.status
67
+ r2 = login
68
+ r2.should redirect_to("/go_back")
34
69
  end
35
70
 
36
71
  it "should not set the return_to in the session when deliberately going to unauthenticated" do
37
- controller = dispatch_to(Exceptions, :unauthenticated, {}, {:user => "winna", :request_uri => "don't_go_back"}) do |c|
38
- c.request.exceptions = []
39
- end
40
- controller.session.authentication.return_to_url.should be_nil
72
+ r = login
73
+ r.should redirect_to("/")
41
74
  end
42
75
 
43
- it "should not set the return_to when loggin into a controller directly" do
44
- controller = dispatch_to(MyController, :index, {}, :user => "winna", :request_uri => "NOOO")
45
- controller.session.authentication.return_to_url.should be_nil
76
+ it "should still redirect to the original even if it's failed many times" do
77
+ request("/go_back")
78
+ request("/login", :method => "put", :params => {:pass_auth => false})
79
+ request("/login", :method => "put", :params => {:pass_auth => false})
80
+ request("/login", :method => "put", :params => {:pass_auth => false})
81
+ r = login
82
+ r.should redirect_to("/go_back")
46
83
  end
47
-
48
- describe "redirect_back helper" do
49
-
50
- before(:each) do
51
- @with_redirect = dispatch_to(Exceptions, :unauthenticated, {}, :user => "WINNA", :request_uri => "request_uri") do |c|
52
- c.request.exceptions = [Merb::Controller::Unauthenticated.new]
53
- end
54
- @no_redirect = dispatch_to(MyController, :index, {}, :user => "winna", :request_uri => "NOOO")
55
- end
56
-
57
- it "should provide the url stored in the session" do
58
- @with_redirect.session.authentication.return_to_url.should == "request_uri"
59
- @with_redirect.redirect_back_or("/some/path")
60
- @with_redirect.headers["Location"].should == "request_uri"
61
- end
62
-
63
- it "should provide the url passed in by default when there is no return_to" do
64
- @no_redirect.session.authentication.return_to_url.should be_nil
65
- @no_redirect.redirect_back_or("/some/path")
66
- @no_redirect.headers["Location"].should == "/some/path"
67
- end
68
-
69
- it "should wipe out the return_to in the session after the redirect" do
70
- @with_redirect.session.authentication.return_to_url.should == "request_uri"
71
- @with_redirect.redirect_back_or("somewhere")
72
- @with_redirect.headers["Location"].should == "request_uri"
73
- @with_redirect.session.authentication.return_to_url.should be_nil
74
- end
75
-
76
- it "should ignore a return_to if it's the same as the ignore url" do
77
- @with_redirect.redirect_back_or("somewhere", :ignore => "request_uri")
78
- @with_redirect.headers["Location"].should == "somewhere"
79
- end
80
-
84
+
85
+ it "should not redirect back to a previous redirect back after being logged out" do
86
+ request("/go_back")
87
+ request("/login", :method => "put", :params => {:pass_auth => false})
88
+ request("/login", :method => "put", :params => {:pass_auth => false})
89
+ request("/login", :method => "put", :params => {:pass_auth => false})
90
+ r = login
91
+ r.should redirect_to("/go_back")
92
+ request("/logout", :method => "delete")
93
+ r = login
94
+ r.should redirect_to("/")
81
95
  end
82
96
 
83
97
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: merb-auth-more
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.10
4
+ version: 0.9.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Neighman
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-10-21 00:00:00 -07:00
12
+ date: 2008-10-29 00:00:00 -07:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
- version: 0.9.10
23
+ version: 0.9.11
24
24
  version:
25
25
  description: Additional resources for use with the merb-auth-core authentication framework.
26
26
  email: has.sox@gmail.com