monban 0.0.14 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -0
- data/Gemfile.lock +1 -1
- data/NEWS.rdoc +65 -0
- data/README.md +2 -3
- data/lib/monban/configuration.rb +7 -1
- data/lib/monban/constraints/signed_out.rb +10 -0
- data/lib/monban/field_map.rb +5 -1
- data/lib/monban/strategies/password_strategy.rb +3 -1
- data/lib/monban/test/controller_helpers.rb +2 -0
- data/lib/monban/version.rb +1 -1
- data/lib/monban/warden_setup.rb +2 -1
- data/lib/monban.rb +3 -3
- data/monban.gemspec +1 -0
- data/spec/features/user/user_tries_to_access_constrained_routes_spec.rb +18 -0
- data/spec/features/visitor/visitor_tries_to_access_constrained_routes_spec.rb +14 -0
- data/spec/monban/controller_helpers_spec.rb +1 -0
- data/spec/monban/test_helpers_spec.rb +1 -0
- data/spec/monban_spec.rb +14 -0
- data/spec/rails_app/app/controllers/constrained_to_users_controller.rb +5 -0
- data/spec/rails_app/app/controllers/constrained_to_visitors_controller.rb +5 -0
- data/spec/rails_app/config/routes.rb +11 -0
- data/spec/spec_helper.rb +13 -8
- metadata +14 -3
- data/CHANGELOG.rdoc +0 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de0ec82d19c70154d42f8f7190037d760b4646f6
|
4
|
+
data.tar.gz: f48908fd2c9779d41abdc43ec9a275861c2b200a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 358aab452b6adc7615911edcde97bbaba49cf55ebd3c5d485be15ab723fc76c6a94dc89901a7718be1d3732ea3f60805cd83f5bd29d70928d81015cc8f2f5884
|
7
|
+
data.tar.gz: bff158beadb5e27a3d4c1f32a37c138ac92ab358f3341139c175da0382644421c53ae57c9542f87a7de1c24e7c12dd07dea12544928fe503b47e98dc7023370d
|
data/.travis.yml
ADDED
data/Gemfile.lock
CHANGED
data/NEWS.rdoc
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
== 0.0.15
|
2
|
+
* Delegate user_class correctly so that config returns class
|
3
|
+
* Fixed issue authenticate session not allowing for multiple fields
|
4
|
+
* Do not hardcode User class
|
5
|
+
* Add signed out routing constraint
|
6
|
+
* Backfill NEWS.md
|
7
|
+
|
8
|
+
== 0.0.14
|
9
|
+
* Encryption of empty string is empty string.
|
10
|
+
* Remove last trace of generators.
|
11
|
+
|
12
|
+
== 0.0.13
|
13
|
+
* Monban requires Rails 4+.
|
14
|
+
* Move generators to the monban-generators gem.
|
15
|
+
|
16
|
+
== 0.0.12
|
17
|
+
* Ensure forms can't be tampered with by providing no username.
|
18
|
+
* Prevent hashing of empty string passwords.
|
19
|
+
* Memoize the configuration.
|
20
|
+
|
21
|
+
== 0.0.11
|
22
|
+
* Add `Monban::Backdoor` for easier tests.
|
23
|
+
|
24
|
+
== 0.0.10
|
25
|
+
* Add Monban::Test::ControllerHelpers for controller specs.
|
26
|
+
* Depend on the bcrypt gem, not the bcrypt-ruby gem.
|
27
|
+
|
28
|
+
== 0.0.9
|
29
|
+
* Make user creation method configurable.
|
30
|
+
* Redirect to SessionsController#new, ignoring namespace.
|
31
|
+
* Add `Monban.config.creation_method`.
|
32
|
+
|
33
|
+
== 0.0.8
|
34
|
+
* Now configurable via `Monban.configure`:
|
35
|
+
* sign in service
|
36
|
+
* sign up service
|
37
|
+
* authentication service
|
38
|
+
* user_token_store_field
|
39
|
+
* user_token_field
|
40
|
+
* Add PasswordReset service.
|
41
|
+
* Rename controller_helpers to services.
|
42
|
+
* Allos blocks to be passed into sign_in and sign_up.
|
43
|
+
* Fix error on trying to respond with HTTP 401.
|
44
|
+
* Monban does not generate a User model for you.
|
45
|
+
* Add `Monban.test_mode!` and `Monban.test_reset!`.
|
46
|
+
* Add a lot of tests.
|
47
|
+
|
48
|
+
== 0.0.7
|
49
|
+
* Check for Rails 4 or the strong_parameters gem, not just the strong_parameters gem
|
50
|
+
|
51
|
+
== 0.0.6
|
52
|
+
* [FIX] require_login should use controller and action for routing.
|
53
|
+
|
54
|
+
== 0.0.5
|
55
|
+
* [FIX] Scaffolded SessionsController should have respond_to.
|
56
|
+
* [FIX] SignUp should get the value instead of slicing.
|
57
|
+
|
58
|
+
== 0.0.4
|
59
|
+
* Cleaned up generated controllers.
|
60
|
+
* Use find_by_id instead of find so invalid sessions don't cause apps to crash.
|
61
|
+
* Hashes passed in are no longer mutated via delete.
|
62
|
+
|
63
|
+
== 0.0.3
|
64
|
+
|
65
|
+
* Fixed bug where password wasn't deleted from session params which would cause lookup to fail.
|
data/README.md
CHANGED
@@ -22,7 +22,6 @@ Monban doesn't do the following:
|
|
22
22
|
- Doesn't force you to use engine based controllers or views
|
23
23
|
- Doesn't require you to make changes to your user model
|
24
24
|
|
25
|
-
|
26
25
|
## Installation
|
27
26
|
|
28
27
|
Monban was designed to work with Rails > 4.0. Add this line to your Gemfile:
|
@@ -41,11 +40,11 @@ If you'd like a good starting point for building an app using Monban, it is sugg
|
|
41
40
|
|
42
41
|
## Usage
|
43
42
|
|
44
|
-
Monban does currently have some out
|
43
|
+
Monban does currently have some out-of-the-box expectations, but you can
|
45
44
|
configure and change any of these:
|
46
45
|
|
47
46
|
- By default the model should be called `User`
|
48
|
-
- Monban expects your user model to respond to create
|
47
|
+
- Monban expects your user model to respond to `create`, `id`, and `find_by`
|
49
48
|
- You should have an `email` and `password_digest` column on your `User`
|
50
49
|
- Passwords will be handled with BCrypt
|
51
50
|
|
data/lib/monban/configuration.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
module Monban
|
2
2
|
class Configuration
|
3
3
|
|
4
|
-
attr_accessor :
|
4
|
+
attr_accessor :user_token_field, :user_token_store_field
|
5
5
|
attr_accessor :encryption_method, :token_comparison, :user_lookup_field
|
6
6
|
attr_accessor :sign_in_notice
|
7
7
|
attr_accessor :sign_in_service, :sign_up_service, :sign_out_service
|
@@ -9,6 +9,8 @@ module Monban
|
|
9
9
|
attr_accessor :failure_app
|
10
10
|
attr_accessor :creation_method, :find_method
|
11
11
|
|
12
|
+
attr_writer :user_class
|
13
|
+
|
12
14
|
def initialize
|
13
15
|
setup_class_defaults
|
14
16
|
setup_token_encryption
|
@@ -41,6 +43,10 @@ module Monban
|
|
41
43
|
end
|
42
44
|
end
|
43
45
|
|
46
|
+
def user_class
|
47
|
+
@user_class.constantize
|
48
|
+
end
|
49
|
+
|
44
50
|
private
|
45
51
|
|
46
52
|
def setup_token_encryption
|
data/lib/monban/field_map.rb
CHANGED
@@ -16,7 +16,11 @@ module Monban
|
|
16
16
|
private
|
17
17
|
|
18
18
|
def params_with_symbolized_keys
|
19
|
-
@params.inject(
|
19
|
+
@params.inject(default_fields){|hash,(key,value)| hash.merge(key.to_sym => value) }
|
20
|
+
end
|
21
|
+
|
22
|
+
def default_fields
|
23
|
+
{ Monban.config.user_lookup_field => nil }
|
20
24
|
end
|
21
25
|
|
22
26
|
def params_from_field_map
|
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'warden'
|
2
|
+
|
1
3
|
module Monban
|
2
4
|
module Strategies
|
3
5
|
class PasswordStrategy < ::Warden::Strategies::Base
|
@@ -6,7 +8,7 @@ module Monban
|
|
6
8
|
end
|
7
9
|
|
8
10
|
def authenticate!
|
9
|
-
user =
|
11
|
+
user = Monban.user_class.find_by(email: params[:email])
|
10
12
|
auth = Authentication.new(user, params[:password])
|
11
13
|
auth.authenticated? ? success!(user) : fail!("Could not log in")
|
12
14
|
end
|
data/lib/monban/version.rb
CHANGED
data/lib/monban/warden_setup.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'warden'
|
1
2
|
require "monban/strategies/password_strategy"
|
2
3
|
|
3
4
|
Warden::Manager.serialize_into_session do |user|
|
@@ -5,7 +6,7 @@ Warden::Manager.serialize_into_session do |user|
|
|
5
6
|
end
|
6
7
|
|
7
8
|
Warden::Manager.serialize_from_session do |id|
|
8
|
-
|
9
|
+
Monban.user_class.find_by(id: id)
|
9
10
|
end
|
10
11
|
|
11
12
|
Warden::Strategies.add(:password_strategy, Monban::Strategies::PasswordStrategy)
|
data/lib/monban.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'warden'
|
1
2
|
require "monban/version"
|
2
3
|
require "monban/configuration"
|
3
4
|
require "monban/services"
|
@@ -32,13 +33,12 @@ module Monban
|
|
32
33
|
end
|
33
34
|
|
34
35
|
def self.user_class
|
35
|
-
config.user_class
|
36
|
+
config.user_class
|
36
37
|
end
|
37
38
|
|
38
39
|
def self.lookup(params, field_map)
|
39
40
|
fields = FieldMap.new(params, field_map).to_fields
|
40
|
-
|
41
|
-
self.config.find_method.call(default_fields.merge(fields))
|
41
|
+
self.config.find_method.call(fields)
|
42
42
|
end
|
43
43
|
|
44
44
|
def self.test_mode!
|
data/monban.gemspec
CHANGED
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
feature 'User tries to access constrained routes' do
|
4
|
+
scenario 'they can access a route constrained to users' do
|
5
|
+
sign_in User.new
|
6
|
+
|
7
|
+
visit constrained_to_users_path
|
8
|
+
expect(page.status_code).to eq(200)
|
9
|
+
end
|
10
|
+
|
11
|
+
scenario 'they cannot access a route constrained to visitors' do
|
12
|
+
sign_in User.new
|
13
|
+
|
14
|
+
expect {
|
15
|
+
visit constrained_to_visitors_path
|
16
|
+
}.to raise_error ActionController::RoutingError
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
feature 'Visitor tries to access constrained routes' do
|
4
|
+
scenario 'they can access a route constrained to visitors' do
|
5
|
+
visit constrained_to_visitors_path
|
6
|
+
expect(page.status_code).to eq(200)
|
7
|
+
end
|
8
|
+
|
9
|
+
scenario 'they cannot access a route constrained to users' do
|
10
|
+
expect {
|
11
|
+
visit constrained_to_users_path
|
12
|
+
}.to raise_error ActionController::RoutingError
|
13
|
+
end
|
14
|
+
end
|
data/spec/monban_spec.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'warden'
|
2
3
|
|
3
4
|
describe 'Monban' do
|
4
5
|
it "stores the warden config" do
|
@@ -10,4 +11,17 @@ describe 'Monban' do
|
|
10
11
|
expect(Monban.encrypt_token('password')).to eql('password')
|
11
12
|
expect(Monban.compare_token('password', 'password')).to be_true
|
12
13
|
end
|
14
|
+
|
15
|
+
it "allows lookup with a field_map" do
|
16
|
+
allow(Monban::FieldMap).to receive(:new).and_return(fake_field_map)
|
17
|
+
with_monban_config(find_method: -> (conditions) { true }) do
|
18
|
+
expect(-> { Monban.lookup({}, {}) }).not_to raise_exception
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def fake_field_map
|
23
|
+
double(Monban::FieldMap).tap do |field_map|
|
24
|
+
allow(field_map).to receive(:to_fields).and_return(["foo=1 OR bar=1"])
|
25
|
+
end
|
26
|
+
end
|
13
27
|
end
|
@@ -1,4 +1,15 @@
|
|
1
|
+
require 'monban/constraints/signed_in'
|
2
|
+
require 'monban/constraints/signed_out'
|
3
|
+
|
1
4
|
RailsApp::Application.routes.draw do
|
5
|
+
constraints Monban::Constraints::SignedIn.new do
|
6
|
+
resource :constrained_to_users, only: [:show]
|
7
|
+
end
|
8
|
+
|
9
|
+
constraints Monban::Constraints::SignedOut.new do
|
10
|
+
resource :constrained_to_visitors, only: [:show]
|
11
|
+
end
|
12
|
+
|
2
13
|
resources :posts, only: [:index]
|
3
14
|
resources :users, only: [:create]
|
4
15
|
resource :failure, only: [:show]
|
data/spec/spec_helper.rb
CHANGED
@@ -3,24 +3,29 @@ $LOAD_PATH.unshift File.dirname(__FILE__)
|
|
3
3
|
|
4
4
|
require 'rails_app/config/environment'
|
5
5
|
require 'rspec/rails'
|
6
|
+
require 'warden'
|
6
7
|
require 'monban'
|
7
8
|
require 'capybara'
|
8
9
|
|
9
10
|
RSpec.configure do |config|
|
10
11
|
config.include Warden::Test::Helpers
|
12
|
+
config.include Monban::Test::Helpers, type: :feature
|
11
13
|
config.order = "random"
|
12
14
|
end
|
13
15
|
|
14
16
|
def with_monban_config(hash, &block)
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
17
|
+
begin
|
18
|
+
old_config = {}
|
19
|
+
hash.each do |key, value|
|
20
|
+
old_config[key] = Monban.config.send(key)
|
21
|
+
Monban.config.send(:"#{key}=", value)
|
22
|
+
end
|
20
23
|
|
21
|
-
|
24
|
+
yield
|
25
|
+
ensure
|
22
26
|
|
23
|
-
|
24
|
-
|
27
|
+
old_config.each do |key, value|
|
28
|
+
Monban.config.send(:"#{key}=", old_config[key])
|
29
|
+
end
|
25
30
|
end
|
26
31
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: monban
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.15
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- halogenandtoast
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-
|
12
|
+
date: 2014-06-12 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -145,16 +145,18 @@ extensions: []
|
|
145
145
|
extra_rdoc_files: []
|
146
146
|
files:
|
147
147
|
- ".gitignore"
|
148
|
-
-
|
148
|
+
- ".travis.yml"
|
149
149
|
- Gemfile
|
150
150
|
- Gemfile.lock
|
151
151
|
- LICENSE.txt
|
152
|
+
- NEWS.rdoc
|
152
153
|
- README.md
|
153
154
|
- Rakefile
|
154
155
|
- lib/monban.rb
|
155
156
|
- lib/monban/back_door.rb
|
156
157
|
- lib/monban/configuration.rb
|
157
158
|
- lib/monban/constraints/signed_in.rb
|
159
|
+
- lib/monban/constraints/signed_out.rb
|
158
160
|
- lib/monban/controller_helpers.rb
|
159
161
|
- lib/monban/field_map.rb
|
160
162
|
- lib/monban/railtie.rb
|
@@ -170,10 +172,12 @@ files:
|
|
170
172
|
- lib/monban/version.rb
|
171
173
|
- lib/monban/warden_setup.rb
|
172
174
|
- monban.gemspec
|
175
|
+
- spec/features/user/user_tries_to_access_constrained_routes_spec.rb
|
173
176
|
- spec/features/visitor/visitor_fails_to_sign_up_spec.rb
|
174
177
|
- spec/features/visitor/visitor_is_unauthorized_spec.rb
|
175
178
|
- spec/features/visitor/visitor_signs_in_via_invalid_form_spec.rb
|
176
179
|
- spec/features/visitor/visitor_signs_up_spec.rb
|
180
|
+
- spec/features/visitor/visitor_tries_to_access_constrained_routes_spec.rb
|
177
181
|
- spec/features/visitor/visitor_uses_remember_token_spec.rb
|
178
182
|
- spec/monban/controller_helpers_spec.rb
|
179
183
|
- spec/monban/field_map_spec.rb
|
@@ -190,6 +194,8 @@ files:
|
|
190
194
|
- spec/rails_app/app/assets/javascripts/application.js
|
191
195
|
- spec/rails_app/app/assets/stylesheets/application.css
|
192
196
|
- spec/rails_app/app/controllers/application_controller.rb
|
197
|
+
- spec/rails_app/app/controllers/constrained_to_users_controller.rb
|
198
|
+
- spec/rails_app/app/controllers/constrained_to_visitors_controller.rb
|
193
199
|
- spec/rails_app/app/controllers/failures_controller.rb
|
194
200
|
- spec/rails_app/app/controllers/invalid_sessions_controller.rb
|
195
201
|
- spec/rails_app/app/controllers/posts_controller.rb
|
@@ -246,10 +252,12 @@ signing_key:
|
|
246
252
|
specification_version: 4
|
247
253
|
summary: Making rails authentication as simple as possible
|
248
254
|
test_files:
|
255
|
+
- spec/features/user/user_tries_to_access_constrained_routes_spec.rb
|
249
256
|
- spec/features/visitor/visitor_fails_to_sign_up_spec.rb
|
250
257
|
- spec/features/visitor/visitor_is_unauthorized_spec.rb
|
251
258
|
- spec/features/visitor/visitor_signs_in_via_invalid_form_spec.rb
|
252
259
|
- spec/features/visitor/visitor_signs_up_spec.rb
|
260
|
+
- spec/features/visitor/visitor_tries_to_access_constrained_routes_spec.rb
|
253
261
|
- spec/features/visitor/visitor_uses_remember_token_spec.rb
|
254
262
|
- spec/monban/controller_helpers_spec.rb
|
255
263
|
- spec/monban/field_map_spec.rb
|
@@ -266,6 +274,8 @@ test_files:
|
|
266
274
|
- spec/rails_app/app/assets/javascripts/application.js
|
267
275
|
- spec/rails_app/app/assets/stylesheets/application.css
|
268
276
|
- spec/rails_app/app/controllers/application_controller.rb
|
277
|
+
- spec/rails_app/app/controllers/constrained_to_users_controller.rb
|
278
|
+
- spec/rails_app/app/controllers/constrained_to_visitors_controller.rb
|
269
279
|
- spec/rails_app/app/controllers/failures_controller.rb
|
270
280
|
- spec/rails_app/app/controllers/invalid_sessions_controller.rb
|
271
281
|
- spec/rails_app/app/controllers/posts_controller.rb
|
@@ -298,3 +308,4 @@ test_files:
|
|
298
308
|
- spec/rails_app/public/favicon.ico
|
299
309
|
- spec/rails_app/script/rails
|
300
310
|
- spec/spec_helper.rb
|
311
|
+
has_rdoc:
|
data/CHANGELOG.rdoc
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
== 0.0.6
|
2
|
-
* [FIX] require_login should use controller and action for routing.
|
3
|
-
|
4
|
-
== 0.0.5
|
5
|
-
* [FIX] Scaffolded SessionsController should have respond_to.
|
6
|
-
* [FIX] SignUp should get the value instead of slicing.
|
7
|
-
|
8
|
-
== 0.0.4
|
9
|
-
* Cleaned up generated controllers.
|
10
|
-
* Use find_by_id instead of find so invalid sessions don't cause apps to crash.
|
11
|
-
* Hashes passed in are no longer mutated via delete.
|
12
|
-
|
13
|
-
== 0.0.3
|
14
|
-
|
15
|
-
* Fixed bug where password wasn't deleted from session params which would cause lookup to fail.
|