scottmotte-merb_auth_slice_multisite 0.8.3 → 0.8.4

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
 :major: 0
 :minor: 8
-:patch: 3
+:patch: 4

data/config/init.rb

@@ -38,6 +38,7 @@ Merb::BootLoader.before_app_loads do
   class User
     include DataMapper::Resource
     include Merb::Authentication::Mixins::UserBelongsToSite
+    include Merb::Authentication::Mixins::AuthenticatedUser
  
     property :id,    Serial
     property :email, String

data/lib/merb-auth-remember-me/strategies/remember_me.rb

@@ -1,12 +1,55 @@
-module Merb::Authentication::Strategies
-  class RememberMeStrategy < Merb::Authentication::Strategy
-    def run!
-      if cookies[:auth_token]
-        user = Merb::Authentication.user_class.first(
-          :conditions => [ "remember_token = ?", cookies[:auth_token] ]
-        )
-      end  
-      user && user.remembered? ? user : nil
-    end # run!
-  end # RememberMeStrategy
-end # Merb::Authentication::Strategies
+class RememberMe < Merb::Authentication::Strategy
+  def run!
+    login_from_cookie
+  end
+
+  def current_user
+    @current_user
+  end
+  
+  def current_user=(new_user)
+    @current_user = new_user
+  end
+  
+  # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+  # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
+  def login_from_cookie
+    current_user = cookies[:auth_token] && Merb::Authentication.user_class.first(:conditions => ["remember_token = ?", cookies[:auth_token]])
+    if current_user && current_user.remember_token?
+      handle_remember_cookie! false # freshen cookie token (keeping date)
+      current_user
+    end
+  end
+  
+  #
+  # Remember_me Tokens
+  #
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  # Cookies shouldn't be allowed to persist past their freshness date,
+  # and they should be changed at each login
+
+  def valid_remember_cookie?
+    return nil unless current_user
+    (current_user.remember_token?) && 
+      (cookies[:auth_token] == current_user.remember_token)
+  end
+  
+  # Refresh the cookie auth token if it exists, create it otherwise
+  def handle_remember_cookie! new_cookie_flag
+    return unless current_user
+    case
+    when valid_remember_cookie? then current_user.refresh_token # keeping same expiry date
+    when new_cookie_flag        then current_user.remember_me 
+    else                             current_user.forget_me
+    end
+    send_remember_cookie!
+  end
+  
+  def send_remember_cookie!
+    cookies.set_cookie(:auth_token, current_user.remember_token, :expires => current_user.remember_token_expires_at.to_time)
+  end
+
+
+end

data/lib/merb_auth_slice_multisite.rb

@@ -54,13 +54,9 @@ if defined?(Merb::Plugins)
         Merb::Authentication.after_authentication do |user,request,params|
           if params[:remember_me] == "1" 
             user.remember_me
-            request.cookies.set_cookie(
-              :auth_token, 
-              user.remember_token, 
-              :expires => user.remember_token_expires_at.to_time
-            )
+            request.cookies.set_cookie(:auth_token, user.remember_token, :expires => user.remember_token_expires_at.to_time)
           end
-          user 
+          user
         end # Merb::Authentication.after_authentication
       end
     end

data/spec/mixins/authenticated_user_spec.rb

@@ -0,0 +1,33 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe "Authenticated user" do
+
+  before :all do
+    @user = User.new(valid_user_attributes)
+    @user.remember_token_expires_at.should be_nil
+    @user.remember_token.should be_nil
+  end
+
+  it "should add the 'remember_token_expires_at' property to the user model" do
+    @user.should respond_to(:remember_token_expires_at)
+    @user.should respond_to(:remember_token_expires_at=)
+  end
+
+  it "should add the 'remember_token' property to the user model" do
+    @user.should respond_to(:remember_token)
+    @user.should respond_to(:remember_token=)
+  end
+
+  it "should save token and expires_at" do
+    @user.remember_me
+    @user.remember_token_expires_at.should_not be_nil
+    @user.remember_token.should_not be_nil
+  end
+
+  it "should save expires_at as 2 weeks later" do
+    @user.remember_me
+    @user.remember_token_expires_at.should eql((Time.now+2.weeks).to_datetime)
+  end
+
+end
+

data/spec/spec_helper.rb

@@ -98,4 +98,4 @@ def valid_user_attributes(options = {})
      :email => 'fred@example.com',
      :site_id => 1
    }.merge(options)
- end
+end

data/spec/strategies/remember_me_spec.rb

@@ -0,0 +1,62 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe "Remember me strategy" do
+  def do_valid_login
+    put("/login", {:remember_me => "1", :pass_auth => true})
+  end
+  
+  def do_valid_login_without_remember_me
+    put("/login", {:pass_auth => true})
+  end
+  
+  def do_invalid_login
+    put("/login", { :pass_auth => false})
+  end
+  
+  def do_home_with_auth_token
+    get("/", { :pass_auth => true} ) do |controller|
+      controller.request.cookies[:auth_token] = "auth_token_string"
+    end
+  end
+
+  before :each do
+    @user = mock(Merb::Authentication.user_class, :remember_me => true)
+    User.stub!(:first).and_return(@user)
+    @user.stub!(:remember_token?).and_return(true)
+    @user.stub!(:remember_token).and_return(Time.now + 1.week)
+    @user.stub!(:remember_token_expires_at).and_return(Time.now)
+    @user.stub!(:forget_me).and_return(true)
+  end
+
+  it "should save remember_token and remember_token_expires_at if remember_me == '1'" do
+    Merb::Authentication.user_class.should_receive(:first).and_return(@user)
+    @user.should_receive(:remember_me)
+    @user.remember_token.should_not be_nil
+    @user.remember_token_expires_at.should_not be_nil
+    do_valid_login.should redirect_to('/')
+  end
+
+  it "should not remember me unless remember_me == '1'" do 
+    Merb::Authentication.user_class.should_receive(:first).and_return(true)
+    @user.should_not_receive(:remember_me)
+    do_valid_login_without_remember_me.should redirect_to('/')
+  end
+
+  it "should log in automatically if auth_token exists" do
+    Merb::Authentication.user_class.should_receive(:first).and_return(@user)
+    do_home_with_auth_token.should be_successful
+  end
+
+  it "should raise unauthenticated if auth_token doesn't exist" do
+    lambda do
+      do_invalid_login
+    end.should raise_error(Merb::Controller::Unauthenticated, "Could not log in")
+  end
+  
+  it "should clear auth_token after loging out" do
+    delete('/logout') do |controller|
+      controller.cookies.should_receive(:delete).with(:auth_token)
+    end
+  end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: scottmotte-merb_auth_slice_multisite
 version: !ruby/object:Gem::Version 
-  version: 0.8.3
+  version: 0.8.4
 platform: ruby
 authors: 
 - scottmotte
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-05-04 00:00:00 -07:00
+date: 2009-05-09 00:00:00 -07:00
 default_executable: 
 dependencies: []
 
@@ -47,10 +47,13 @@ files:
 - spec/mailers
 - spec/mailers/send_password_mailer_spec.rb
 - spec/mixins
+- spec/mixins/authenticated_user_spec.rb
 - spec/mixins/user_belongs_to_site_spec.rb
 - spec/models
 - spec/models/site_spec.rb
 - spec/spec_helper.rb
+- spec/strategies
+- spec/strategies/remember_me_spec.rb
 - app/controllers
 - app/controllers/application.rb
 - app/controllers/exceptions.rb