padrino-auth 0.0.12

data/lib/padrino-auth/version.rb

@@ -0,0 +1,5 @@
+module Padrino
+  module Auth
+    def self.version; '0.0.12'; end
+  end
+end

data/padrino-auth.gemspec

@@ -0,0 +1,29 @@
+#!/usr/bin/env gem build
+# encoding: utf-8
+
+require File.expand_path("../lib/padrino-auth/version.rb", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name = "padrino-auth"
+  s.rubyforge_project = "padrino-auth"
+  s.authors = ["Igor Bochkariov"]
+  s.email = "ujifgc@gmail.com"
+  s.summary = "Authentication and authorization modules for Padrino"
+  s.homepage = "https://github.com/ujifgc/padrino-auth"
+  s.description = "Lean authorization and authentication modules for Padrino framework"
+  s.required_rubygems_version = ">= 1.3.6"
+  s.version = Padrino::Auth.version
+  s.date = Time.now.strftime("%Y-%m-%d")
+  s.license = "MIT"
+
+  s.files         = `git ls-files`.split("\n")
+  s.require_paths = ["lib"]
+  s.rdoc_options  = ["--charset=UTF-8"]
+
+  s.add_development_dependency('rake', '~> 10')
+  s.add_development_dependency('rack', '~> 1')
+  s.add_development_dependency('rack-test', '~> 0', '>= 0.5')
+  s.add_development_dependency('slim', '~> 2')
+  s.add_development_dependency('padrino-helpers', '~> 0.12')
+  s.add_development_dependency('padrino-core', '~> 0.12')
+end

data/test/helper.rb

@@ -0,0 +1,68 @@
+ENV['RACK_ENV'] = 'test'
+
+require 'minitest/autorun'
+require 'rack/test'
+require 'rack'
+require 'padrino-core'
+require 'padrino-auth'
+
+# Helper methods for testing Padrino::Access
+class MiniTest::Spec
+  include Rack::Test::Methods
+
+  def mock_app(base=Padrino::Application, &block)
+    @app = Sinatra.new(base, &block)
+  end
+
+  def app
+    Rack::Lint.new(@app)
+  end
+
+  def status; last_response.status; end
+  def body; last_response.body; end
+  alias response last_response
+
+  def set_access(*args)
+    @app.set_access(*args)
+  end
+
+  def allow(subject = nil, path = '/')
+    @app.fake_session[:visitor] = nil
+    get "/login/#{subject.id}" if subject
+    get path
+    assert_equal 200, status, caller.first.to_s
+  end
+
+  def deny(subject = nil, path = '/')
+    @app.fake_session[:visitor] = nil
+    get "/login/#{subject.id}" if subject
+    get path
+    assert_equal 403, status, caller.first.to_s
+  end
+end
+
+module Character
+  extend self
+
+  def authenticate(credentials)
+    case
+    when credentials[:email] && credentials[:password]
+      target = all.find{ |resource| resource.id.to_s == credentials[:email] }
+      target.name.gsub(/[^A-Z]/,'') == credentials[:password] ? target : nil
+    when credentials.has_key?(:id)
+      all.find{ |resource| resource.id == credentials[:id] }
+    else
+      false
+    end
+  end
+
+  def all
+    @all = [
+      OpenStruct.new(:id => :bender,   :name => 'Bender Bending Rodriguez', :role => :robots  ),
+      OpenStruct.new(:id => :leela,    :name => 'Turanga Leela',            :role => :mutants ),
+      OpenStruct.new(:id => :fry,      :name => 'Philip J. Fry',            :role => :humans  ),
+      OpenStruct.new(:id => :ami,      :name => 'Amy Wong',                 :role => :humans  ),
+      OpenStruct.new(:id => :zoidberg, :name => 'Dr. John A. Zoidberg',     :role => :lobsters),
+    ]
+  end
+end

data/test/test_padrino_access.rb

@@ -0,0 +1,124 @@
+require File.expand_path('../helper', __FILE__)
+
+describe "Padrino::Access" do
+  before do
+    mock_app do
+      set :credentials_reader, :visitor
+      register Padrino::Access
+      set_access :*, :allow => :login
+      set :users, Character.all
+      get(:login, :with => :id) do
+        user = settings.users.find{ |user| user.id.to_s == params[:id] }
+        self.send(:"#{settings.credentials_reader}=", user)
+      end
+      get(:index){ 'foo' }
+      get(:bend){ 'bend' }
+      get(:drink){ 'bend' }
+      get(:subject){ self.send(settings.credentials_reader).inspect }
+      get(:stop_partying){ 'stop partying' }
+      controller :surface do
+        get(:live) { 'live on the surface' }
+      end
+      controller :sewers do
+        get(:live) { 'live in the sewers' }
+        get(:visit) { 'visit the sewers' }
+      end
+      set :fake_session, {}
+      helpers do
+        def visitor
+          settings.fake_session[:visitor]
+        end
+        def visitor=(user)
+          settings.fake_session[:visitor] = user
+        end
+      end
+    end
+    Character.all.each do |user|
+      instance_variable_set :"@#{user.id}", user
+    end
+  end
+
+  it 'should register with authorization module' do
+    assert @app.respond_to? :set_access
+    assert_kind_of Padrino::Permissions, @app.permissions
+  end
+
+  it 'should properly detect access subject' do
+    set_access :*
+    get '/login/ami'
+    get '/subject'
+    assert_equal @ami.inspect, body
+  end
+
+  it 'should reset access properly' do
+    set_access :*
+    allow
+    @app.reset_access!
+    deny
+  end
+
+  it 'should set group access' do
+    # only humans should be allowed on TV
+    set_access :humans
+    allow @fry
+    deny @bender
+  end
+
+  it 'should set individual access' do
+    # only Fry should be allowed to romance Leela
+    set_access @fry
+    allow @fry
+    deny @ami
+  end
+
+  it 'should set mixed individual and group access' do
+    # only humans and Leela should be allowed on the surface
+    set_access :humans
+    set_access @leela
+    allow @fry
+    allow @leela
+  end
+
+  it 'should set action-specific access' do
+    # bender should be allowed to bend, and he's denied to stop partying
+    set_access @bender, :allow => :bend
+    set_access @fry, :allow => :stop_partying
+    allow @bender, '/bend'
+    deny @bender, '/stop_partying'
+    allow @fry, '/stop_partying'
+    deny @fry, '/bend'
+  end
+
+  it 'should set multiple action' do
+    # bender should be allowed to bend and drink
+    set_access @bender, :allow => [:drink, :bend]
+    allow @bender, '/drink'
+    allow @bender, '/bend'
+  end
+
+  it 'should set object-specific access' do
+    # only humans and Leela should be allowed to live on the surface
+    # only mutants should be allowed to live in the sewers though humans can visit
+    set_access :humans, :allow => :live, :with => :surface
+    set_access :mutants, :allow => :live, :with => :sewers
+    set_access @leela, :allow => :live, :with => :surface
+    set_access :humans, :allow => :visit, :with => :sewers
+    allow @fry, '/surface/live'
+    deny @fry, '/sewers/live'
+    allow @fry, '/sewers/visit'
+    allow @leela, '/surface/live'
+    allow @leela, '/sewers/live'
+  end
+
+  it 'should detect object when setting access from controller' do
+    # only humans and lobsters should have binocular vision
+    @app.controller :binocular do
+      set_access :humans, :lobsters
+      get(:vision) { 'binocular vision' }
+    end
+    deny @fry, '/'
+    allow @fry, '/binocular/vision'
+    allow @zoidberg, '/binocular/vision'
+    deny @leela, '/binocular/vision'
+  end
+end

data/test/test_padrino_auth.rb

@@ -0,0 +1,38 @@
+require File.expand_path('../helper', __FILE__)
+
+Account = Character
+
+describe "Padrino::Auth" do
+  before do
+    mock_app do
+      enable :sessions
+      register Padrino::Login
+      register Padrino::Access
+      get(:robot_area){ 'robot_area' }
+      set_access :robots, :allow => :robot_area
+    end
+  end
+
+  it 'should login and access play nicely together' do
+    get '/robot_area'
+    assert_equal 302, status
+
+    post '/login', :email => :bender, :password => 'BBR'
+    get '/robot_area'
+    assert_equal 200, status
+
+    post '/login', :email => :leela, :password => 'TL'
+    get '/robot_area'
+    assert_equal 403, status
+  end
+
+  it 'should fail if the order is wrong' do
+    whine = capture_io do
+      mock_app do
+        register Padrino::Access
+        register Padrino::Login
+      end
+    end
+    assert_match /must be registered before/, whine.to_s
+  end
+end

data/test/test_padrino_login.rb

@@ -0,0 +1,81 @@
+require File.expand_path('../helper', __FILE__)
+require 'padrino-helpers'
+
+describe "Padrino::Access" do
+  before do
+    mock_app do
+      set :credentials_accessor, :visitor
+      set :login_model, :character
+      register Padrino::Rendering
+      enable :sessions
+      register Padrino::Login
+      get(:index){ 'index' }
+      get(:restricted){ 'secret' }
+      helpers Padrino::Helpers::AssetTagHelpers
+      helpers Padrino::Helpers::OutputHelpers
+      helpers Padrino::Helpers::TagHelpers
+      helpers Padrino::Helpers::FormHelpers
+      helpers do
+        def authorized?
+          return !['/restricted'].include?(request.env['PATH_INFO']) unless visitor
+          case 
+          when visitor.id == :bender
+            true
+          else
+            false            
+          end
+        end
+      end
+    end
+    Character.all.each do |user|
+      instance_variable_set :"@#{user.id}", user
+    end
+  end
+
+  it 'should pass unrestricted area' do
+    get '/'
+    assert_equal 200, status
+  end
+
+  it 'should be redirected from restricted area to login page' do
+    get '/restricted'
+    assert_equal 302, status
+    get response.location
+    assert_equal 200, status
+    assert_match /<form .*<input .*/, body
+  end
+
+  it 'should not be able to authenticate with wrong password' do
+    post '/login', :email => :bender, :password => '123'
+    assert_equal 200, status
+    assert_match 'Wrong password', body
+  end
+
+  it 'should be able to authenticate with email and password' do
+    post '/login', :email => :bender, :password => 'BBR'
+    assert_equal 302, status
+  end
+
+  it 'should be redirected back' do
+    get '/restricted'
+    post response.location, :email => :bender, :password => 'BBR'
+    assert_match /\/restricted$/, response.location
+  end
+
+  it 'should be redirected to root if no location was saved' do
+    post '/login', :email => :bender, :password => 'BBR'
+    assert_match /\/$/, response.location
+  end
+
+  it 'should be allowed in restricted area after logging in' do
+    post '/login', :email => :bender, :password => 'BBR'
+    get '/restricted'
+    assert_equal 'secret', body
+  end
+
+  it 'should not be allowed in restricted area after logging in an account lacking privileges' do
+    post '/login', :email => :leela, :password => 'TL'
+    get '/restricted'
+    assert_equal 403, status
+  end
+end

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: padrino-auth
+version: !ruby/object:Gem::Version
+  version: 0.0.12
+platform: ruby
+authors:
+- Igor Bochkariov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: slim
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: padrino-helpers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+- !ruby/object:Gem::Dependency
+  name: padrino-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+description: Lean authorization and authentication modules for Padrino framework
+email: ujifgc@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- EXAMPLES.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/padrino-auth.rb
+- lib/padrino-auth/access.rb
+- lib/padrino-auth/login.rb
+- lib/padrino-auth/login/controller.rb
+- lib/padrino-auth/login/layouts/layout.slim
+- lib/padrino-auth/login/new.slim
+- lib/padrino-auth/permissions.rb
+- lib/padrino-auth/version.rb
+- padrino-auth.gemspec
+- test/helper.rb
+- test/test_padrino_access.rb
+- test/test_padrino_auth.rb
+- test/test_padrino_login.rb
+homepage: https://github.com/ujifgc/padrino-auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--charset=UTF-8"
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: padrino-auth
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Authentication and authorization modules for Padrino
+test_files: []
+has_rdoc: