rack-cerberus 0.3.1 → 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: afcdada63ffd1a684458910d59b89d15fa216886
+  data.tar.gz: d412afa1080dfcc3fe423ed035c359c5caaff232
+SHA512:
+  metadata.gz: 76d1daf65b65cfc21b741b33e9874d69a4f259c464d92906897fb80cddf9d491358288e5820317843ef64b9567335f5dc7ee11a7ccaf584cb09524e90f8368c7
+  data.tar.gz: ede819c5610004dca634ec0e4e2a5fe035feef2b9e55ae667b16fd5039b4cb4d792f33734b749122f3a2714fa435deb5c65e10173c588496c347ff0dc0b2b905

data/.gitignore

@@ -1,2 +1,7 @@
-pkg
+.DS_STORE
+*.swp
+*.sass-cache
+pkg/
+Gemfile.lock
+.bundle/
 

data/.rspec

@@ -0,0 +1,4 @@
+--color
+--require 'rack/test'
+--require spec_helper
+

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+gemspec
+gem 'rspec'
+gem 'rack-test'
+

data/{MIT_LICENCE → MIT_LICENSE}

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2011 Mickael Riga
+Copyright (c) 2010-2015 Mickael Riga
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -16,4 +16,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.

data/README.md

@@ -1,93 +1,107 @@
->"For over a thousand generations the Jedi Knights were the guardians of peace and justice in the Old Republic. Before the dark times, before the Empire." -- Obi-Wan Kenoby
+Rack::Cerberus
+==============
 
-Cerberus
-========
-
-Cerberus is a Rack middleware for form-based authentication. Its purpose is only 
-to offer a nicer (or more actual) replacement for Basic HTTP authentication.
+`Rack::Cerberus` is a Rack middleware for form-based authentication. 
+It works roughly like Basic HTTP authentication except that you can use
+options in order to style the authentication page.
 
 Install with:
 
-    # sudo gem install rack-cerberus
+```
+# sudo gem install rack-cerberus
+```
+
+Or in your `Gemfile`:
+
+```
+gem 'rack-cerberus'
+```
 
 You can use it almost the same way you use `Rack::Auth::Basic`:
 
-    require 'cerberus'
-    use Rack::Session::Cookie, :secret => 'change_me'
-    use Cerberus do |login, pass|
-      pass=='secret'
-    end
+```
+require 'rack/cerberus'
+use Rack::Session::Cookie, secret: 'change_me'
+use Rack::Cerberus do |login, pass|
+  pass=='secret'
+end
+```
 	
-Like in that example, make sure you have a session, because Cerberus use it for
-persistent login.
+Like in that example, make sure you have a session, because 
+`Rack::Cerberus` uses it for persistent login, and make sure it is encrypted.
 	
+Options
+-------
+
 There is an optional hash you can add for customisation it. Options are:
 
 - `:company_name`
-- `:fg_color` (foreground color)
-- `:bg_color` (background color)
+- `:bg_color` (Background color)
+- `:fg_color` (Actually the color of the box color)
 - `:text_color`
-- `:icon_url` (for a company logo or any icon)
-- `:css_location`
+- `:icon_url` (For a company logo or any icon)
+- `:css_location` (Path to a CSS file for a complete reskin)
+- `:session_key` (Where login name is kept. Default is `cerberus_user`)
 
 Which is used that way:
 
-    use Cerberus, {:company_name => 'Nintendo'} do |login, pass|
-      pass=='secret'
-    end
+```
+use Rack::Cerberus, {company_name: 'Nintendo'} do |login, pass|
+  pass=='secret'
+end
+```
 	
-The purpose of Cerberus is to be basic, which is why there are enough options to have
-a page fairly customized with colors and logo (`:icon_url`). The logo can even replace
-the company name if you leave `:company_name` blank. But should you be fussy, this is possible
+The purpose of `Rack::Cerberus` is to be basic, which is why there are 
+enough options to have a page fairly customized with colors and 
+logo (`:icon_url`). The logo can even replace the company name if 
+you leave `:company_name` blank. But should you be fussy, this is possible
 to have more control using an external CSS file with the option `:css_location`.
 
-Just like `Rack::Auth::Basic`, Cerberus yields login and pass, and delegate authentication
-to the block you send it which should return a boolean.
+Authentication
+--------------
 
-If you want to see a concrete example, go into the Cerberus directory and run:
-
-    # rackup example.ru
-	
-It's gonna start the example at http://localhost:9292
+Just like `Rack::Auth::Basic`, `Rack::Cerberus` yields login and pass, 
+and delegate authentication to the block you send it which should 
+return `true` or `false`.
 
 You can also use the 3rd argument which is the request object:
 
-use Cerberus, {:company_name => 'Nintendo'} do |login, pass, req|
+```
+use Rack::Cerberus, {company_name: 'Nintendo'} do |login, pass, req|
   pass=='secret' && req.xhr?
 end
+```
 
-This is more if you use it as a gateway for an API or something and you want to check other values.
-Like the referer or another parameter.
-But bear in mind that `cerberus_login` and `cerberus_pass` are still mandatory.
+This is useful if you want to check other details of the request.
+Like the referer or another parameter. But bear in mind that `cerberus_login` 
+and `cerberus_pass` are still mandatory.
+
+Example
+-------
+
+If you want to see a concrete example, go into the `example/` directory and run:
+
+```
+# rackup
+```
+	
+It's gonna start the example at `http://localhost:9292`
 
 Logout
 ------
 
-Any request to `/logout` on the path where the middleware is mounted will log you out.
-In other words, if you put the middleware at `/admin`, query `/admin/logout` to be
-logged out. Pretty simple.
+Any request to `/logout` on the path where the middleware is mounted 
+will log you out. In other words, if you put the middleware at `/admin`, 
+query `/admin/logout` to be logged out. Pretty simple.
 
 Help
 ----
 
-If you want to help me, don't hesitate to fork that project on Github or send patches.
-
-Changelog
----------
-
-	0.0.1 Changed Everything somehow
-	0.1.0 Make it possible to authenticate through GET request (for restful APIs)
-	0.1.1 Documentation improvement
-	0.1.2 Raise message when using without session
-	0.1.3 Don't go to page /logout when signing in after a logout (redirect to / instead)
-	0.1.4 Fix /logout redirect so that it works with mapping
-	0.1.5 Fix CSS and Javascript for IE (Yes I'm too kind)
-	0.1.6 Send an Array instead of a string to Rack so that it works on Ruby 1.9
-	0.2.0 External CSS file + `:text_color` option + keep details after login failure
-	0.3.0 Now sends request as a 3rd argument to the block
-	0.3.1 Escape HTML in fields now that they are kept
+If you want to help me, don't hesitate to fork that project on Github 
+or send patches.
 
 Copyright
 ---------
 
-(c) 2010-2011 Mickael Riga - see MIT_LICENCE for details 
+(c) 2010-2015 Mickael Riga - see MIT_LICENSE for details 
+

data/example/config.ru

@@ -0,0 +1,35 @@
+require_relative '../lib/rack/cerberus'
+
+use Rack::Session::Cookie, secret: 'change_me'
+
+map '/' do
+  run lambda {|env|
+    body = <<-EOB.strip
+    <html>
+      <head>
+        <title>Rack::Cerberus</title>
+      </head>
+      <body>This page is public, so you can see it. But what happens if you want to see a <a href='/secret'>Secret Page</a>? Nevertheless, I can give you access:<br /><br />
+        Login: <b>mario</b><br />Pass: <b>bros</b>
+      </body>
+    </html>
+    EOB
+    [200, {'Content-Type' => 'text/html'}, [body]]
+  }
+end
+
+map '/secret' do
+  use Rack::Cerberus, {
+    company_name: 'Nintendo', 
+    fg_color: 'red', 
+  } do |login,pass|
+    [login,pass]==['mario','bros']
+  end
+  run lambda {|env|
+    [
+      200, {'Content-Type' => 'text/plain'}, 
+      ['Welcome back Mario. Your Credit Card number is: 9292']
+    ]
+  }
+end
+

data/lib/rack/cerberus.rb

@@ -0,0 +1,133 @@
+require 'rack/utils'
+
+module Rack
+
+  class Cerberus
+    
+    VERSION = '1.0.0'
+
+    class NoSessionError < RuntimeError; end
+    
+    def initialize(app, options={}, &block)
+      @app = app
+      defaults = { 
+        company_name: 'Cerberus', 
+        bg_color: '#999', 
+        fg_color: '#CCC', 
+        text_color: '#FFF', 
+        icon_url: nil,
+        session_key: 'cerberus_user'
+      }
+      @options = defaults.merge(options)
+      @options[:icon] = @options[:icon_url].nil? ? '' : "<img src='#{@options[:icon_url]}' /><br />"
+      @options[:css] = @options[:css_location].nil? ? '' : "<link href='#{@options[:css_location]}' rel='stylesheet' type='text/css'>"
+      @block = block
+    end
+    
+    def call(env)
+      dup._call(env)
+    end
+    
+    def _call(env)
+      raise(NoSessionError, 'Cerberus cannot work without Session') if env['rack.session'].nil?
+      req = Rack::Request.new(env)
+      login = req['cerberus_login']
+      pass = req['cerberus_pass']
+      err = req.post? ? "<p class='err'>Wrong login or password</p>" : ''
+      if ((env['rack.session'][@options[:session_key]]!=nil && env['PATH_INFO']!='/logout') || (login && pass && @block.call(login, pass, req)))
+        env['rack.session'][@options[:session_key]] ||= login
+        if env['PATH_INFO']=='/logout'
+          res = Rack::Response.new(env)
+          res.redirect(env['SCRIPT_NAME']=='' ? '/' : env['SCRIPT_NAME'])
+          res.finish
+        else
+          @app.call(env)
+        end
+      else
+        env['rack.session'].delete(@options[:session_key])
+        [
+          401, {'Content-Type' => 'text/html'}, 
+          [AUTH_PAGE % @options.merge({
+            error: err, submit_path: env['REQUEST_URI'],
+            login: Rack::Utils.escape_html(login), 
+            pass: Rack::Utils.escape_html(pass)
+          })]
+        ]
+      end
+    end
+    
+    AUTH_PAGE = <<-PAGE
+    <!DOCTYPE html>
+    <html><head>
+      <title>%{company_name} Authentication</title>
+      <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+      <style type='text/css'>
+      * {
+        -moz-box-sizing: border-box;
+        -ms-box-sizing: border-box;
+        box-sizing: border-box;
+      }
+      body { background-color: %{bg_color}; font-family: sans-serif; text-align: center; margin: 0px; }
+      h1, p { color: %{text_color}; }
+      .err {
+        padding: 1em;
+        border-radius: 3px;
+        -moz-border-radius: 3px;
+        -webkit-border-radius: 3px;
+        color: white;
+        background-color: red;
+      }
+      div { 
+        text-align: left;
+        width: 500px;
+        margin: 0px auto;
+        padding: 2em;
+        -webkit-border-bottom-left-radius: 3px;
+        -moz-border-radius-bottomleft: 3px;
+        border-bottom-left-radius: 3px;
+        -webkit-border-bottom-right-radius: 3px;
+        -moz-border-radius-bottomright: 3px;
+        border-bottom-right-radius: 3px;
+        -moz-box-shadow: 0px 0px 5px #333;
+        -webkit-box-shadow: 0px 0px 5px #555;
+        box-shadow: 0px 0px 5px #555;
+        background-color: %{fg_color}; }
+      input[type=text], input[type=password] { 
+        display: block; width: 100%%; padding: 0.5em; 
+        border: 0px; font-size: 1.25em; 
+      }
+      </style>
+      %{css}
+    </head><body>
+    <div>
+      <h1>%{company_name}</h1>
+      %{icon}
+      %{error}
+      <p>Please Sign In</p>
+      <form action="%{submit_path}" method="post" accept-charset="utf-8">	
+        <input type="text" name="cerberus_login" value="%{login}" id='login' title='Login' placeholder='Login'><br />
+        <input type="password" name="cerberus_pass" value="%{pass}" id='pass' title='Password' placeholder='Password'>
+        <p><input type="submit" value="SIGN IN &rarr;"></p>
+      </form>
+      <script type="text/javascript" charset="utf-8">
+        var login = document.getElementById('login');
+        var pass = document.getElementById('pass');
+        var focus = function() {
+          if (this.value==this.id) this.value = '';
+        }
+        var blur = function() {
+          if (this.value=='') this.value = this.id;
+        }	
+        login.onfocus = focus;
+        pass.onfocus = focus;
+        login.onblur = blur;
+        pass.onblur = blur;
+      </script>
+    </div>
+    </body></html>
+    PAGE
+    
+  end
+
+end
+

data/{cerberus.gemspec → rack_cerberus.gemspec}

@@ -1,13 +1,22 @@
+require_relative './lib/rack/cerberus'
+
 Gem::Specification.new do |s| 
+
   s.name = 'rack-cerberus'
-  s.version = "0.3.1"
-  s.platform = Gem::Platform::RUBY
+  s.version = Rack::Cerberus::VERSION
   s.summary = "A Rack middleware for form-based authentication"
-  s.description = "A Rack middleware for form-based authentication. Aim is a compromise between fonctionality, beauty and customization."
+  s.description = "A Rack middleware for form-based authentication. It works roughly like Basic HTTP Authentication except that the authentication page can be styled with the middleware options."
+  s.licenses = ['MIT']
+
   s.files = `git ls-files`.split("\n").sort
-  s.test_files = ['spec.rb']
-  s.require_path = '.'
+  s.require_path = './lib'
+  s.add_dependency('rack')
+  s.test_files = s.files.select { |p| p =~ /^spec\/.*_spec.rb/ }
+  s.platform = Gem::Platform::RUBY
+
   s.author = "Mickael Riga"
   s.email = "mig@mypeplum.com"
   s.homepage = "http://github.com/mig-hub/cerberus"
-end
+
+end
+

data/spec/rack_cerberus_spec.rb

@@ -0,0 +1,133 @@
+require 'rack/cerberus'
+
+RSpec.describe Rack::Cerberus do
+  
+  let(:secret_app) {
+    lambda {|env| 
+      [200, {'Content-Type'=>'text/plain'}, env['rack.session'].inspect] 
+    }
+  }
+
+  let(:cerberus_app) {
+    Rack::Cerberus.new(secret_app, cerberus_options) do |login,pass| 
+      [login,pass]==['mario@nintendo.com','bros']
+    end
+  }
+
+  let(:app) {
+    Rack::URLMap.new({
+      mount_path => Rack::Session::Cookie.new(cerberus_app, {secret: '42'})
+    })
+  }
+
+  let(:cerberus_options) { {} }
+  let(:mount_path) { '/' }
+  
+  before :each do
+    clear_cookies
+  end
+
+  context 'No session is set' do
+    let(:app) { cerberus_app }
+    it 'Raises' do
+      expect{ get('/') }.to raise_error(Rack::Cerberus::NoSessionError)
+    end
+  end
+  
+  context 'Not logged in' do
+    it 'Stops requests' do
+      get '/'
+      expect(last_response.status).to eq 401
+      body = last_response.body
+      expect(body.class).to eq String
+      expect(body).to match(/name="cerberus_login" value=""/)
+      expect(body).to match(/name="cerberus_pass" value=""/)
+    end
+  end
+  
+  describe 'Logging in' do
+
+    context 'Login details are incorrect' do
+      it 'Stops requests' do
+        post('/', {'cerberus_login' => 'fake_login', 'cerberus_pass' => 'fake_pass'})
+        expect(last_response.status).to eq 401
+        expect(last_response.body).to match(/Wrong login or password/)
+      end
+      it 'Keeps what was entered in the fields' do
+        post('/', {'cerberus_login' => 'fake_login', 'cerberus_pass' => 'fake_pass'})
+        expect(last_response.body).to match(/name="cerberus_login" value="fake_login"/)
+        expect(last_response.body).to match(/name="cerberus_pass" value="fake_pass"/)
+      end
+      it 'Escapes HTML on submitted info' do
+        expect(Rack::Utils).to receive(:escape_html).with('<script>bad</script>').twice
+        post('/', {'cerberus_login' => '<script>bad</script>', 'cerberus_pass' => '<script>bad</script>'})
+      end
+    end
+
+    context 'Login details are correct' do
+      it 'Gives access' do
+        get('/', {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
+        expect(last_response.status).to eq 200
+      end
+    end
+
+  end
+  
+  describe 'Already logged in' do
+  
+    it 'Uses session for persistent login' do
+      get('/', {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
+      get('/')
+      expect(last_response.status).to eq 200
+      expect(last_response.body).to include('"cerberus_user"=>"mario@nintendo.com"}')
+    end
+
+  end
+  
+  describe 'Logout' do
+
+    let(:mount_path) { '/admin' }
+
+    it 'Happens via /logout path' do
+      get('/admin/', {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
+      expect(last_response.status).to eq 200
+      get('/admin/logout')
+      expect(last_response.status).to eq 401
+    end
+
+    it 'Never redirects to the logout path' do
+      get('/admin/logout', {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
+      expect(last_response.status).to eq 302
+      expect(last_response['Location']).to eq '/admin'
+    end
+
+  end
+  
+  describe 'Options' do
+
+    it 'Does not link CSS by default' do
+      get('/')
+      expect(last_response.body).not_to match(/<link/)
+    end
+
+    context 'CSS option is used' do
+      let(:cerberus_options) { {:css_location=>'/main.css'} }
+      it 'Links the CSS file' do
+        get('/')
+        expect(last_response.body).to match(/<link/)
+      end
+    end
+
+    context 'Session key is different' do
+      let(:cerberus_options) { {session_key: 'different_user'} }
+      it 'Uses the session key of the options' do
+        get('/', {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
+        get('/')
+        expect(last_response.status).to eq 200
+        expect(last_response.body).to include('"different_user"=>"mario@nintendo.com"}')
+      end
+    end
+
+  end
+  
+end

data/spec/spec_helper.rb

@@ -0,0 +1,24 @@
+ENV['RACK_ENV'] = 'test'
+
+RSpec.configure do |config|
+
+  config.include Rack::Test::Methods
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+  config.disable_monkey_patching!
+  config.warnings = true
+  if config.files_to_run.one?
+    config.default_formatter = 'doc'
+  end
+  config.profile_examples = 10
+  config.order = :random
+  Kernel.srand config.seed
+
+end
+

metadata

@@ -1,74 +1,70 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rack-cerberus
-version: !ruby/object:Gem::Version 
-  hash: 17
-  prerelease: 
-  segments: 
-  - 0
-  - 3
-  - 1
-  version: 0.3.1
+version: !ruby/object:Gem::Version
+  version: 1.0.0
 platform: ruby
-authors: 
+authors:
 - Mickael Riga
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-11-21 00:00:00 +00:00
-default_executable: 
-dependencies: []
-
-description: A Rack middleware for form-based authentication. Aim is a compromise between fonctionality, beauty and customization.
+date: 2015-06-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Rack middleware for form-based authentication. It works roughly like
+  Basic HTTP Authentication except that the authentication page can be styled with
+  the middleware options.
 email: mig@mypeplum.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - .gitignore
-- MIT_LICENCE
+- .rspec
+- Gemfile
+- MIT_LICENSE
 - README.md
-- cerberus.gemspec
-- cerberus.rb
-- example.css
-- example.ru
-- spec.rb
-has_rdoc: true
+- example/config.ru
+- lib/rack/cerberus.rb
+- rack_cerberus.gemspec
+- spec/rack_cerberus_spec.rb
+- spec/spec_helper.rb
 homepage: http://github.com/mig-hub/cerberus
-licenses: []
-
+licenses:
+- MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
-- .
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+require_paths:
+- ./lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.4.2
+rubygems_version: 2.0.14
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A Rack middleware for form-based authentication
-test_files: 
-- spec.rb
+test_files:
+- spec/rack_cerberus_spec.rb

data/cerberus.rb

@@ -1,121 +0,0 @@
-class Cerberus
-  
-  class NoSessionError < RuntimeError; end
-  
-  AUTH_PAGE = <<-PAGE
-  <!DOCTYPE html>
-  <html><head>
-    <title>%s Authentication</title>
-    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
-    <style type='text/css'>
-    body { background-color: %s; font-family: sans-serif; text-align: center; margin: 0px; }
-    h1, p { color: %s; }
-    .err {
-      padding: 5px;
-      border-radius: 5px;
-      -moz-border-radius: 5px;
-      -webkit-border-radius: 5px;
-      color: white;
-      background-color: red;
-    }
-    div { 
-      text-align: left;
-      width: 400px;
-      margin: 0px auto;
-      padding: 10px;
-      -webkit-border-bottom-left-radius: 10px;
-      -moz-border-radius-bottomleft: 10px;
-      border-bottom-left-radius: 10px;
-      -webkit-border-bottom-right-radius: 10px;
-      -moz-border-radius-bottomright: 10px;
-      border-bottom-right-radius: 10px;
-      -moz-box-shadow: 0px 0px 5px #333;
-      -webkit-box-shadow: 0px 0px 5px #333;
-      box-shadow: 0px 0px 5px #333;
-      background-color: %s; }
-    input[type=text], input[type=password] { width: 392px; padding: 4px; border: 0px; font-size: 20px; }
-    </style>
-    %s
-  </head><body>
-  <div>
-    <h1>%s</h1>
-    %s
-    %s
-    <p>Please Sign In</p>
-    <form action="%s" method="post" accept-charset="utf-8">	
-    	<input type="text" name="cerberus_login" value="%s" id='login'><br />
-    	<input type="password" name="cerberus_pass" value="%s" id='pass'>
-    	<p><input type="submit" value="SIGN IN &rarr;"></p>
-    </form>
-    <script type="text/javascript" charset="utf-8">
-    	var login = document.getElementById('login');
-    	var pass = document.getElementById('pass');
-    	var focus = function() {
-    		if (this.value==this.id) this.value = '';
-    	}
-    	var blur = function() {
-    		if (this.value=='') this.value = this.id;
-    	}	
-    	login.onfocus = focus;
-    	pass.onfocus = focus;
-    	login.onblur = blur;
-    	pass.onblur = blur;
-    </script>
-  </div>
-  </body></html>
-PAGE
-  
-  def initialize(app, options={}, &block)
-    @app = app
-    defaults = { 
-      :company_name => 'Cerberus', 
-      :bg_color => '#999', 
-      :fg_color => '#CCC', 
-      :text_color => '#FFF', 
-      :icon_url => nil
-    }
-    @options = defaults.merge(options)
-    @block = block
-  end
-  
-  def call(env)
-    dup._call(env)
-  end
-  
-  def _call(env)
-    raise(NoSessionError, 'Cerberus cannot work without Session') if env['rack.session'].nil?
-    req = Rack::Request.new(env)
-    login = req['cerberus_login']
-    pass = req['cerberus_pass']
-    err = req.post? ? "<p class='err'>Wrong login or password</p>" : ''
-    if ((env['rack.session']['cerberus_user']!=nil && env['PATH_INFO']!='/logout') || (login && pass && @block.call(login, pass, req)))
-      env['rack.session']['cerberus_user'] ||= login
-      if env['PATH_INFO']=='/logout'
-        res = Rack::Response.new(env)
-        res.redirect(env['SCRIPT_NAME']=='' ? '/' : env['SCRIPT_NAME'])
-        res.finish
-      else
-        @app.call(env)
-      end
-    else
-      env['rack.session'].delete('cerberus_user')
-      icon = @options[:icon_url].nil? ? '' : "<img src='#{@options[:icon_url]}' /><br />"
-      css = @options[:css_location].nil? ? '' : "<link href='#{@options[:css_location]}' rel='stylesheet' type='text/css'>"
-      [
-        401, {'Content-Type' => 'text/html'}, 
-        [AUTH_PAGE % [
-          @options[:company_name], @options[:bg_color], @options[:text_color], @options[:fg_color], css, @options[:company_name], 
-          icon, err, env['REQUEST_URI'], html_escape(req['cerberus_login']||'login'), html_escape(req['cerberus_pass']||'pass')
-        ]]
-      ]
-    end
-  end
-  
-  private
-  
-  # Stolen from ERB
-  def html_escape(s)
-    s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
-  end
-  
-end

data/example.css

@@ -1 +0,0 @@
-body { background-color: #CCC; }

data/example.ru

@@ -1,35 +0,0 @@
-require ::File.dirname(__FILE__) + '/cerberus'
-use Rack::Session::Cookie, :secret => 'change_me'
-F = ::File
-
-map '/' do
-  run lambda {|env|
-    body = <<-EOB.strip
-    <html>
-      <head>
-        <title>Cerberus</title>
-      </head>
-      <body>This page is public, so you can see it. But what happens if you want to see a <a href='/secret'>Secret Page</a>? Nevertheless, I can give you access:<br /><br />
-        Login: <b>mario</b><br />Pass: <b>bros</b>
-      </body>
-    </html>
-    EOB
-    [200, {'Content-Type' => 'text/html'}, [body]]
-  }
-end
-
-map '/secret' do
-  use Cerberus, {:company_name => 'Nintendo', :fg_color => 'red', :css_location => '/css'} do |login,pass|
-    [login,pass]==['mario','bros']
-  end
-  run lambda {|env|
-    [200, {'Content-Type' => 'text/plain'}, ['Welcome back Mario. Your Credit Card number is: 9292']]
-  }
-end
-
-map '/css' do
-  run lambda {|env|
-    path = F.expand_path('./example.css')
-    [200, {'Content-Type' => 'text/css', "Last-Modified"  => F.mtime(path).httpdate, "Content-Length" => F.size?(path).to_s}, [F.read(path)]]
-  }
-end

data/spec.rb

@@ -1,84 +0,0 @@
-require 'rubygems'
-require 'bacon'
-require 'rack'
-
-require ::File.dirname(__FILE__) + '/cerberus'
-
-Bacon.summary_on_exit
-
-describe 'cerberus' do
-  
-  secret_app = lambda {|env| [200, {'Content-Type'=>'text/plain'}, env['rack.session'].inspect] }
-  app = Rack::Session::Cookie.new(Cerberus.new(secret_app, {}) {|login,pass| [login,pass]==['mario@nintendo.com','bros']})
-  req = Rack::MockRequest.new(app)
-  app_with_css = Rack::Session::Cookie.new(Cerberus.new(secret_app, {:css_location=>'/main.css'}) {|login,pass| [login,pass]==['mario','bros']})
-  req_with_css = Rack::MockRequest.new(app_with_css)
-  cookie = ''
-  
-  should 'Raise if there is no session' do
-    no_session_app = Cerberus.new(secret_app, {}) {|login,pass| [login,pass]==['mario','bros']}
-    no_session_req = Rack::MockRequest.new(no_session_app)
-    lambda { no_session_req.get('/') }.should.raise(Cerberus::NoSessionError).message.should=='Cerberus cannot work without Session'
-  end
-  
-  should 'Stop request if you are not already logged in' do
-    res = req.get('/')
-    res.status.should==401
-    res.body.class==String
-    res.body.should.match(/name="cerberus_login" value="login"/)
-    res.body.should.match(/name="cerberus_pass" value="pass"/)
-  end
-  
-  should 'Stop request if you send wrong details and keep query values' do
-    res = req.post('/', :params => {'cerberus_login' => 'fake_login', 'cerberus_pass' => 'fake_pass'})
-    res.status.should==401
-    res.body.should.match(/name="cerberus_login" value="fake_login"/)
-    res.body.should.match(/name="cerberus_pass" value="fake_pass"/)
-  end
-  
-  should 'Escape HTML on submitted info' do
-    res = req.post('/', :params => {'cerberus_login' => '<script>bad</script>', 'cerberus_pass' => '<script>bad</script>'})
-    res.status.should==401
-    res.body.should.match(/name="cerberus_login" value="&lt;script&gt;bad&lt;\/script&gt;"/)
-    res.body.should.match(/name="cerberus_pass" value="&lt;script&gt;bad&lt;\/script&gt;"/)
-  end
-  
-  should 'Give access with the appropriate login and pass' do
-    res = req.get('/', :params => {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
-    cookie = res["Set-Cookie"]
-    res.status.should==200
-  end
-  
-  should 'Use session for persistent login' do
-    res = req.get('/', "HTTP_COOKIE" => cookie)
-    res.status.should==200
-    res.body.should=='{"cerberus_user"=>"mario@nintendo.com"}'
-    cookie = res["Set-Cookie"]
-    req.get('/', "HTTP_COOKIE" => cookie).status.should==200
-  end
-  
-  should 'Logout via /logout path' do
-    res = req.get('/logout', "HTTP_COOKIE" => cookie)
-    res.status.should==401
-    cookie = res["Set-Cookie"]
-    res = req.get('/', "HTTP_COOKIE" => cookie)
-    res.status.should==401
-  end
-  
-  should 'Not send not_found when logging after a logout (because the path is /logout)' do
-    res = req.get('/logout', :params => {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
-    res.status.should==302
-    res['Location'].should=='/'
-    
-    req = Rack::MockRequest.new(Rack::URLMap.new({'/backend' => app}))
-    res = req.get('/backend/logout', :params => {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
-    res.status.should==302
-    res['Location'].should=='/backend'
-  end
-  
-  should 'Use an external css file only if requested' do
-    req.get('/').body.should.not.match(/<link/)
-    req_with_css.get('/').body.should.match(/<link/)
-  end
-  
-end