simple_auth 1.2.0 → 1.3.0

data/.rspec

@@ -1 +1 @@
---color --format documentation
+--color --format documentation --debug

data/Gemfile.lock

@@ -1,43 +1,43 @@
 PATH
   remote: .
   specs:
-    simple_auth (1.1.0)
+    simple_auth (1.3.0)
       rails (~> 3.0.0)
 
 GEM
   remote: http://rubygems.org/
   specs:
     abstract (1.0.0)
-    actionmailer (3.0.3)
-      actionpack (= 3.0.3)
-      mail (~> 2.2.9)
-    actionpack (3.0.3)
-      activemodel (= 3.0.3)
-      activesupport (= 3.0.3)
+    actionmailer (3.0.5)
+      actionpack (= 3.0.5)
+      mail (~> 2.2.15)
+    actionpack (3.0.5)
+      activemodel (= 3.0.5)
+      activesupport (= 3.0.5)
       builder (~> 2.1.2)
       erubis (~> 2.6.6)
       i18n (~> 0.4)
       rack (~> 1.2.1)
       rack-mount (~> 0.6.13)
-      rack-test (~> 0.5.6)
+      rack-test (~> 0.5.7)
       tzinfo (~> 0.3.23)
-    activemodel (3.0.3)
-      activesupport (= 3.0.3)
+    activemodel (3.0.5)
+      activesupport (= 3.0.5)
       builder (~> 2.1.2)
       i18n (~> 0.4)
-    activerecord (3.0.3)
-      activemodel (= 3.0.3)
-      activesupport (= 3.0.3)
+    activerecord (3.0.5)
+      activemodel (= 3.0.5)
+      activesupport (= 3.0.5)
       arel (~> 2.0.2)
       tzinfo (~> 0.3.23)
-    activeresource (3.0.3)
-      activemodel (= 3.0.3)
-      activesupport (= 3.0.3)
-    activesupport (3.0.3)
+    activeresource (3.0.5)
+      activemodel (= 3.0.5)
+      activesupport (= 3.0.5)
+    activesupport (3.0.5)
     archive-tar-minitar (0.5.2)
-    arel (2.0.8)
-    bson (1.2.0)
-    bson_ext (1.2.0)
+    arel (2.0.9)
+    bson (1.2.4)
+    bson_ext (1.2.4)
     builder (2.1.2)
     columnize (0.3.2)
     diff-lcs (1.1.2)
@@ -54,8 +54,8 @@ GEM
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     mime-types (1.16)
-    mongo (1.2.0)
-      bson (>= 1.2.0)
+    mongo (1.2.2)
+      bson (>= 1.2.2)
     mongo_mapper (0.8.6)
       activesupport (>= 2.3.4)
       jnunemaker-validatable (~> 1.8.4)
@@ -68,17 +68,17 @@ GEM
       rack (>= 1.0.0)
     rack-test (0.5.7)
       rack (>= 1.0)
-    rails (3.0.3)
-      actionmailer (= 3.0.3)
-      actionpack (= 3.0.3)
-      activerecord (= 3.0.3)
-      activeresource (= 3.0.3)
-      activesupport (= 3.0.3)
+    rails (3.0.5)
+      actionmailer (= 3.0.5)
+      actionpack (= 3.0.5)
+      activerecord (= 3.0.5)
+      activeresource (= 3.0.5)
+      activesupport (= 3.0.5)
       bundler (~> 1.0)
-      railties (= 3.0.3)
-    railties (3.0.3)
-      actionpack (= 3.0.3)
-      activesupport (= 3.0.3)
+      railties (= 3.0.5)
+    railties (3.0.5)
+      actionpack (= 3.0.5)
+      activesupport (= 3.0.5)
       rake (>= 0.8.7)
       thor (~> 0.14.4)
     rake (0.8.7)

data/README.markdown

@@ -175,7 +175,7 @@ Dirty, but it works. Here's the ticket for this issue: [Issue #1290](https://rai
 To-Do
 -----
 
-* Write README
+* Support BasicAuth authentication
 
 Maintainer
 ----------

data/lib/simple_auth/action_controller.rb

@@ -10,7 +10,7 @@ module SimpleAuth
     module InstanceMethods
       private
       def return_to(url = nil, &block)
-        url = session.fetch("return_to", url)
+        url = session.fetch(:return_to, url)
         url = instance_eval(&block) if block_given?
         url
       end
@@ -66,6 +66,8 @@ module SimpleAuth
               end
 
               session[:return_to] = return_to if request.get?
+
+              SimpleAuth::Session.destroy!
               redirect_to simple_auth_url_for(:login_url, controller, options[:to]), :alert => t("simple_auth.sessions.need_to_be_logged")
             end
           end

data/lib/simple_auth/config.rb

@@ -5,6 +5,17 @@ module SimpleAuth
   end
 
   class Config
+    # Automatically remove all session values that start with your model name.
+    #
+    # When an existing session is destroyed or a new session is created,
+    # SimpleAuth will remove the record id stored as <tt>#{SimpleAuth::Config.model}</tt>.
+    #
+    # Additionally, you can enable this option to remove any other key composed by
+    # <tt>#{SimpleAuth::Config.model}_*</tt>.
+    #
+    cattr_accessor :wipeout_session
+    @@wipeout_session = false
+
     # Generate the password hash. The specified block should expected
     # the plain password and the password hash as block parameters.
     cattr_accessor :crypter
@@ -40,9 +51,11 @@ module SimpleAuth
     cattr_accessor :logged_url
     @@logged_url = proc { dashboard_path }
 
-    # Reset session before saving the user session
-    cattr_accessor :reset_session
-    @@reset_session = false
+    def self.reset_session(*args) # :nodoc:
+      Kernel.warn "The SimpleAuth::Config.reset_session accessor was disabled and will be removed in future versions."
+    end
+
+    class << self; alias reset_session= reset_session; end
 
     def self.model_class
       model.to_s.classify.constantize

data/lib/simple_auth/session.rb

@@ -7,7 +7,7 @@ module SimpleAuth
     attr_accessor :record
     attr_accessor :errors
 
-    class Errors
+    class Errors # :nodoc:all
       attr_accessor :errors
 
       def add_to_base(message)
@@ -35,10 +35,32 @@ module SimpleAuth
       end
     end
 
+    def self.session_key
+      "#{SimpleAuth::Config.model.to_s}_id".to_sym
+    end
+
+    def self.record_id
+      controller && controller.session[session_key]
+    end
+
+    def self.backup(&block)
+      backup = controller.session.to_hash.reject do |name, value|
+        rejected = [:session_id, session_key].include?(name.to_sym) || SimpleAuth::Config.wipeout_session && name.to_s =~ /^#{SimpleAuth::Config.model}_/
+        controller.session.delete(name) if rejected
+        rejected
+      end
+
+      yield
+
+      backup.each do |name, value|
+        controller.session[name.to_sym] = value
+      end
+    end
+
     def self.find
+      return unless controller && record_id
       session = new
-      return unless session.controller && session.controller.session[:record_id]
-      session.record = session.model.find_by_id(session.controller.session[:record_id])
+      session.record = session.model.find_by_id(record_id)
 
       if session.record
         session
@@ -59,11 +81,18 @@ module SimpleAuth
       end
     end
 
+    def self.controller
+      SimpleAuth::Config.controller
+    end
+
     def self.destroy!
-      controller = SimpleAuth::Config.controller
-      controller.session[:record_id] = nil
+      [:session_id, session_key].each {|name| controller.session.delete(name) }
+
       controller.instance_variable_set("@current_user", nil)
       controller.instance_variable_set("@current_session", nil)
+
+      backup { controller.reset_session }
+
       true
     end
 
@@ -98,7 +127,7 @@ module SimpleAuth
         true
       else
         errors.add_to_base I18n.translate("simple_auth.sessions.invalid_credentials")
-        controller.session[:record_id] = nil
+        self.class.destroy!
         false
       end
     end
@@ -108,12 +137,10 @@ module SimpleAuth
     end
 
     def save
-      if valid?
-        controller.send(:reset_session) if SimpleAuth::Config.reset_session
-        controller.session[:record_id] = record.id
-      end
+      self.class.destroy!
 
-      controller.session[:record_id] != nil
+      controller.session[self.class.session_key] = record.id if valid?
+      controller.session[self.class.session_key] != nil
     end
 
     def save!

data/lib/simple_auth/version.rb

@@ -1,8 +1,8 @@
 module SimpleAuth
   module Version
-    MAJOR = "1"
-    MINOR = "2"
-    PATCH = "0"
+    MAJOR = 1
+    MINOR = 3
+    PATCH = 0
     STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
   end
 end

data/spec/controllers/redirect_logged_user_spec.rb

@@ -21,7 +21,7 @@ describe ApplicationController do
       end
 
       it "should redirect logged users" do
-        session[:record_id] = user.id
+        session[:user_id] = user.id
         get :index
 
         response.code.should match(/302/)
@@ -39,7 +39,7 @@ describe ApplicationController do
       end
 
       it "should redirect logged users" do
-        session[:record_id] = user.id
+        session[:user_id] = user.id
         get :index
 
         response.code.should match(/302/)
@@ -58,7 +58,7 @@ describe ApplicationController do
 
       it "should redirect logged users" do
         SimpleAuth::Config.logged_url = proc { dashboard_path }
-        session[:record_id] = user.id
+        session[:user_id] = user.id
         get :index
 
         response.code.should match(/302/)
@@ -76,7 +76,7 @@ describe ApplicationController do
       end
 
       it "should render page" do
-        session[:record_id] = nil
+        session[:user_id] = nil
         get :index
 
         response.code.should match(/200/)

data/spec/controllers/require_logged_user_spec.rb

@@ -10,6 +10,10 @@ describe ApplicationController do
     )
   }
 
+  before do
+    session[:user_id] = {}
+  end
+
   context "redirecting to requested page" do
     controller do
       require_logged_user :to => "/login"
@@ -19,6 +23,24 @@ describe ApplicationController do
       end
     end
 
+    it "should keep other session data" do
+      session[:skip_intro] = true
+      get :index
+      session[:skip_intro].should be_true
+    end
+
+    it "should remove record id from session" do
+      session[:user_id] = 0
+      get :index
+      session.should_not have_key(:user)
+    end
+
+    it "should remove session id from session" do
+      session[:session_id] = "xSQR"
+      get :index
+      session.should_not have_key(:session_id)
+    end
+
     it "should return the request url" do
       get :index, :some => "param"
       controller.send(:return_to, "/dashboard").should == "/stub_resources?some=param"
@@ -39,7 +61,7 @@ describe ApplicationController do
     end
 
     it "should redirect when user is not authorized on controller level" do
-      session[:record_id] = user.id
+      session[:user_id] = user.id
       @controller.should_receive(:authorized?).and_return(false)
 
       get :index
@@ -47,7 +69,7 @@ describe ApplicationController do
     end
 
     it "should redirect when session is not valid" do
-      session[:record_id] = "invalid"
+      session[:user_id] = "invalid"
 
       get :index
       response.should redirect_to("/login")
@@ -109,12 +131,9 @@ describe ApplicationController do
       end
     end
 
-    before do
-      session[:record_id] = user.id
-      get :index
-    end
-
     it "should render page" do
+      session[:user_id] = user.id
+      get :index
       response.body.should == "Rendered"
     end
   end

data/spec/simple_auth/config_spec.rb

@@ -26,4 +26,15 @@ describe SimpleAuth::Config do
   specify "salt should return a 64-char long salt" do
     SimpleAuth::Config.salt.call(nil).size.should == 64
   end
+
+  specify "wipeout session should be disabled" do
+    SimpleAuth::Config.wipeout_session.should be_false
+  end
+
+  specify "deprecated reset_session accessor" do
+    Kernel.should_receive(:warn).twice
+
+    SimpleAuth::Config.reset_session = true
+    SimpleAuth::Config.reset_session
+  end
 end

data/spec/simple_auth/session_spec.rb

@@ -13,7 +13,7 @@ describe SimpleAuth::Session do
 
     @session = Hash.new
     @controller = ActionController::Base.new
-    @controller.stub :session => @session
+    @controller.stub :session => @session, :reset_session => nil
 
     SimpleAuth::Config.controller = @controller
     @user_session = SimpleAuth::Session.new(:credential => "johndoe", :password => "test")
@@ -27,6 +27,15 @@ describe SimpleAuth::Session do
     }.to_not raise_error
   end
 
+  it "should return session key" do
+    SimpleAuth::Session.session_key == :user_id
+  end
+
+  it "should return record id" do
+    @session[:user_id] = 42
+    SimpleAuth::Session.record_id == 42
+  end
+
   context "with valid credentials" do
     before do
       @user_session.save!
@@ -56,31 +65,32 @@ describe SimpleAuth::Session do
       @user_session.record.should == @user
     end
 
-    it "should set record_id on session" do
-      @session[:record_id].should == @user.id
-    end
-
     it "should be saved" do
       @user_session.save.should be_true
     end
 
+    it "should reset session before saving" do
+      @session[:session_id] = "xWA1"
+      @user_session.save
+      @session.should_not have_key(:session_id)
+    end
+
     it "should automatically save session when calling create!" do
       @user_session = SimpleAuth::Session.create!(:credential => "johndoe", :password => "test")
       @user_session.should be_valid
       @user_session.record.should == @user
-      @session[:record_id].should == @user.id
-    end
-
-    it "should reset session" do
-      SimpleAuth::Config.reset_session = true
-      SimpleAuth::Config.controller.should_receive(:reset_session)
-      @user_session.save
+      @session[:user_id].should == @user.id
     end
 
     it "should destroy session" do
       @user_session.destroy.should be_true
       @user_session.record.should be_nil
-      @session[:record_id].should be_nil
+      @session.should_not have_key(:user)
+    end
+
+    it "should initialize record session" do
+      @user_session.save
+      @session[:user_id].should == @user.id
     end
   end
 
@@ -91,15 +101,15 @@ describe SimpleAuth::Session do
     end
 
     it "should unset previous record id when is not valid" do
-      @session[:record_id] = 1
+      @session[:user_id] = 1
       @user_session.should_not be_valid
-      @session[:record_id].should be_nil
+      @session.should_not have_key(:user)
     end
 
     it "should unset previous record id when is not saved" do
-      @session[:record_id] = 1
+      @session[:user_id] = 1
       @user_session.save.should be_false
-      @session[:record_id].should be_nil
+      @session.should_not have_key(:user)
     end
 
     it "should be new record" do
@@ -137,8 +147,8 @@ describe SimpleAuth::Session do
       @user_session.should_not be_valid
     end
 
-    it "should unset record_id from session" do
-      @session[:record_id].should be_nil
+    it "should unset record store from session" do
+      @session.should_not have_key(:user)
     end
 
     it "should not be saved" do
@@ -157,14 +167,37 @@ describe SimpleAuth::Session do
   context "when destroying session" do
     before do
       @user_session.save!
+    end
+
+    it "should remove record session" do
+      @user_session.destroy
+      @session.should_not have_key(:user_id)
+    end
+
+    it "should keep keys composed by user_*" do
+      SimpleAuth::Config.wipeout_session = false
+
+      @session[:user_friends_count] = 42
       @user_session.destroy
+
+      @session[:user_friends_count].should == 42
     end
 
-    it "should unset record_id from session" do
-      @session[:record_id].should be_nil
+    it "should wipe out keys composed by user_*" do
+      SimpleAuth::Config.wipeout_session = true
+
+      @session[:user_friends_count] = 100
+      @session[:user_preferred_number] = 42
+
+      @user_session.destroy
+
+      @session.should_not have_key(:user_friends_count)
+      @session.should_not have_key(:user_preferred_number)
     end
 
     it "should unset current_user instance variable" do
+      @user_session.destroy
+
       SimpleAuth::Config.controller.send(:current_user).should be_nil
       SimpleAuth::Config.controller.instance_variable_get("@current_user").should be_nil
       SimpleAuth::Config.controller.instance_variable_get("@current_session").should be_nil

data/templates/initializer.rb

@@ -17,4 +17,15 @@ SimpleAuth.setup do |config|
   # Logged users will be redirect to this url
   # when +redirect_logged_user+ helper is used.
   config.logged_url = proc { root_path }
+
+  # Automatically remove all session values that start with your model name.
+  #
+  # When an existing session is destroyed or a new session is created,
+  # SimpleAuth will remove the record id stored as <tt>#{SimpleAuth::Config.model}</tt>.
+  #
+  # Additionally, you can enable this option to remove any other key composed by
+  # <tt>#{SimpleAuth::Config.model}_*</tt>.
+  #
+  cattr_accessor :wipeout_session
+  @@wipeout_session = false
 end

metadata

@@ -2,7 +2,7 @@
 name: simple_auth
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors: 
 - Nando Vieira
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-08 00:00:00 -02:00
+date: 2011-03-16 00:00:00 -03:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.5.0
+rubygems_version: 1.6.0
 signing_key: 
 specification_version: 3
 summary: A simple authentication system for Rails apps