merb-auth-more 0.9.10 → 0.9.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +1 -1
- data/lib/merb-auth-more/mixins/redirect_back.rb +20 -13
- data/spec/mixins/redirect_back_spec.rb +61 -47
- metadata +3 -3
data/Rakefile
CHANGED
@@ -25,12 +25,12 @@ module Merb::AuthenticatedHelper
|
|
25
25
|
#
|
26
26
|
# set the ignore url via an :ignore option in the opts hash.
|
27
27
|
def redirect_back_or(default_url, opts = {})
|
28
|
-
if session.
|
29
|
-
redirect session.
|
28
|
+
if !session[:return_to].blank? && ![opts[:ignore]].flatten.include?(session[:return_to].first)
|
29
|
+
redirect session[:return_to].first, opts
|
30
|
+
session[:return_to] = nil
|
30
31
|
else
|
31
32
|
redirect default_url, opts
|
32
33
|
end
|
33
|
-
session.authentication.return_to_url = nil
|
34
34
|
"Redirecting to <a href='#{default_url}'>#{default_url}</a>"
|
35
35
|
end
|
36
36
|
|
@@ -49,23 +49,30 @@ module Merb::Authentication::Mixins
|
|
49
49
|
|
50
50
|
private
|
51
51
|
def _set_return_to
|
52
|
-
|
52
|
+
unless request.exceptions.blank?
|
53
|
+
session[:return_to] ||= []
|
54
|
+
session[:return_to] << request.uri
|
55
|
+
session[:return_to]
|
56
|
+
end
|
53
57
|
end
|
54
58
|
|
55
59
|
end # RedirectBack
|
56
60
|
end # Merb::Authentication::Mixins
|
57
61
|
|
58
62
|
# Adds required methods to the Authentication object for redirection
|
59
|
-
|
60
|
-
|
61
|
-
def return_to_url
|
62
|
-
@return_to_url ||= session[:return_to]
|
63
|
-
end
|
64
|
-
|
65
|
-
def return_to_url=(return_url)
|
66
|
-
@return_to_url = session[:return_to] = return_url
|
67
|
-
end
|
63
|
+
Merb::BootLoader.after_app_loads do
|
64
|
+
Merb::Authentication.maintain_session_keys << :return_to
|
68
65
|
end
|
66
|
+
# class Merb::Authentication
|
67
|
+
#
|
68
|
+
# def return_to_url
|
69
|
+
# @return_to_url ||= session[:return_to]
|
70
|
+
# end
|
71
|
+
#
|
72
|
+
# def return_to_url=(return_url)
|
73
|
+
# @return_to_url = session[:return_to] = return_url
|
74
|
+
# end
|
75
|
+
# end
|
69
76
|
|
70
77
|
# Mixin the RedirectBack mixin before the after_app_loads block (i.e. make sure there is an exceptions controller)
|
71
78
|
Merb::Authentication.customize_default do
|
@@ -4,80 +4,94 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "..", ".." ,"lib", "
|
|
4
4
|
describe "redirect_back" do
|
5
5
|
|
6
6
|
before(:all) do
|
7
|
+
Merb::Config[:exception_details] = true
|
7
8
|
clear_strategies!
|
9
|
+
Merb::Router.reset!
|
10
|
+
Merb::Router.prepare do
|
11
|
+
match("/login", :method => :get).to(:controller => "exceptions", :action => "unauthenticated").name(:login)
|
12
|
+
match("/login", :method => :put).to(:controller => "sessions", :action => "update")
|
13
|
+
match("/go_back").to(:controller => "my_controller")
|
14
|
+
match("/").to(:controller => "my_controller")
|
15
|
+
match("/logout", :method => :delete).to(:controller => "sessions", :action => "destroy")
|
16
|
+
end
|
8
17
|
|
9
18
|
class Merb::Authentication
|
10
19
|
def store_user(user); user; end
|
11
20
|
def fetch_user(session_info); session_info; end
|
12
21
|
end
|
13
22
|
|
14
|
-
class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
|
23
|
+
# class MyStrategy < Merb::Authentication::Strategy; def run!; request.env["USER"]; end; end
|
24
|
+
class MyStrategy < Merb::Authentication::Strategy
|
25
|
+
def run!
|
26
|
+
params[:pass_auth] = false if params[:pass_auth] == "false"
|
27
|
+
params[:pass_auth]
|
28
|
+
end
|
29
|
+
end
|
15
30
|
|
16
31
|
class Application < Merb::Controller; end
|
17
32
|
|
18
33
|
class Exceptions < Merb::Controller
|
19
34
|
include Merb::Authentication::Mixins::RedirectBack
|
35
|
+
|
20
36
|
def unauthenticated; end
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
class Sessions < Merb::Controller
|
41
|
+
before :ensure_authenticated
|
42
|
+
def update
|
43
|
+
redirect_back_or "/", :ignore => [url(:login)]
|
44
|
+
end
|
45
|
+
|
46
|
+
def destroy
|
47
|
+
session.abandon!
|
48
|
+
end
|
21
49
|
end
|
22
50
|
|
23
51
|
class MyController < Application
|
24
52
|
before :ensure_authenticated
|
25
|
-
def index
|
53
|
+
def index
|
54
|
+
"IN MY CONTROLLER"
|
55
|
+
end
|
26
56
|
end
|
57
|
+
|
27
58
|
end
|
28
59
|
|
60
|
+
def login
|
61
|
+
request("/login", :method => "put", :params => {:pass_auth => true})
|
62
|
+
end
|
63
|
+
|
29
64
|
it "should set the return_to in the session when sent to the exceptions controller from a failed login" do
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
65
|
+
r = request("/go_back")
|
66
|
+
r.status.should == Merb::Controller::Unauthenticated.status
|
67
|
+
r2 = login
|
68
|
+
r2.should redirect_to("/go_back")
|
34
69
|
end
|
35
70
|
|
36
71
|
it "should not set the return_to in the session when deliberately going to unauthenticated" do
|
37
|
-
|
38
|
-
|
39
|
-
end
|
40
|
-
controller.session.authentication.return_to_url.should be_nil
|
72
|
+
r = login
|
73
|
+
r.should redirect_to("/")
|
41
74
|
end
|
42
75
|
|
43
|
-
it "should
|
44
|
-
|
45
|
-
|
76
|
+
it "should still redirect to the original even if it's failed many times" do
|
77
|
+
request("/go_back")
|
78
|
+
request("/login", :method => "put", :params => {:pass_auth => false})
|
79
|
+
request("/login", :method => "put", :params => {:pass_auth => false})
|
80
|
+
request("/login", :method => "put", :params => {:pass_auth => false})
|
81
|
+
r = login
|
82
|
+
r.should redirect_to("/go_back")
|
46
83
|
end
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
@with_redirect.session.authentication.return_to_url.should == "request_uri"
|
59
|
-
@with_redirect.redirect_back_or("/some/path")
|
60
|
-
@with_redirect.headers["Location"].should == "request_uri"
|
61
|
-
end
|
62
|
-
|
63
|
-
it "should provide the url passed in by default when there is no return_to" do
|
64
|
-
@no_redirect.session.authentication.return_to_url.should be_nil
|
65
|
-
@no_redirect.redirect_back_or("/some/path")
|
66
|
-
@no_redirect.headers["Location"].should == "/some/path"
|
67
|
-
end
|
68
|
-
|
69
|
-
it "should wipe out the return_to in the session after the redirect" do
|
70
|
-
@with_redirect.session.authentication.return_to_url.should == "request_uri"
|
71
|
-
@with_redirect.redirect_back_or("somewhere")
|
72
|
-
@with_redirect.headers["Location"].should == "request_uri"
|
73
|
-
@with_redirect.session.authentication.return_to_url.should be_nil
|
74
|
-
end
|
75
|
-
|
76
|
-
it "should ignore a return_to if it's the same as the ignore url" do
|
77
|
-
@with_redirect.redirect_back_or("somewhere", :ignore => "request_uri")
|
78
|
-
@with_redirect.headers["Location"].should == "somewhere"
|
79
|
-
end
|
80
|
-
|
84
|
+
|
85
|
+
it "should not redirect back to a previous redirect back after being logged out" do
|
86
|
+
request("/go_back")
|
87
|
+
request("/login", :method => "put", :params => {:pass_auth => false})
|
88
|
+
request("/login", :method => "put", :params => {:pass_auth => false})
|
89
|
+
request("/login", :method => "put", :params => {:pass_auth => false})
|
90
|
+
r = login
|
91
|
+
r.should redirect_to("/go_back")
|
92
|
+
request("/logout", :method => "delete")
|
93
|
+
r = login
|
94
|
+
r.should redirect_to("/")
|
81
95
|
end
|
82
96
|
|
83
97
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: merb-auth-more
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Neighman
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-10-
|
12
|
+
date: 2008-10-29 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -20,7 +20,7 @@ dependencies:
|
|
20
20
|
requirements:
|
21
21
|
- - ">="
|
22
22
|
- !ruby/object:Gem::Version
|
23
|
-
version: 0.9.
|
23
|
+
version: 0.9.11
|
24
24
|
version:
|
25
25
|
description: Additional resources for use with the merb-auth-core authentication framework.
|
26
26
|
email: has.sox@gmail.com
|