simple_auth 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. data/.rspec +1 -1
  2. data/Gemfile.lock +32 -32
  3. data/README.markdown +1 -1
  4. data/lib/simple_auth/action_controller.rb +3 -1
  5. data/lib/simple_auth/config.rb +16 -3
  6. data/lib/simple_auth/session.rb +38 -11
  7. data/lib/simple_auth/version.rb +3 -3
  8. data/spec/controllers/redirect_logged_user_spec.rb +4 -4
  9. data/spec/controllers/require_logged_user_spec.rb +26 -7
  10. data/spec/simple_auth/config_spec.rb +11 -0
  11. data/spec/simple_auth/session_spec.rb +54 -21
  12. data/templates/initializer.rb +11 -0
  13. metadata +3 -3
data/.rspec CHANGED
@@ -1 +1 @@
1
- --color --format documentation
1
+ --color --format documentation --debug
data/Gemfile.lock CHANGED
@@ -1,43 +1,43 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- simple_auth (1.1.0)
4
+ simple_auth (1.3.0)
5
5
  rails (~> 3.0.0)
6
6
 
7
7
  GEM
8
8
  remote: http://rubygems.org/
9
9
  specs:
10
10
  abstract (1.0.0)
11
- actionmailer (3.0.3)
12
- actionpack (= 3.0.3)
13
- mail (~> 2.2.9)
14
- actionpack (3.0.3)
15
- activemodel (= 3.0.3)
16
- activesupport (= 3.0.3)
11
+ actionmailer (3.0.5)
12
+ actionpack (= 3.0.5)
13
+ mail (~> 2.2.15)
14
+ actionpack (3.0.5)
15
+ activemodel (= 3.0.5)
16
+ activesupport (= 3.0.5)
17
17
  builder (~> 2.1.2)
18
18
  erubis (~> 2.6.6)
19
19
  i18n (~> 0.4)
20
20
  rack (~> 1.2.1)
21
21
  rack-mount (~> 0.6.13)
22
- rack-test (~> 0.5.6)
22
+ rack-test (~> 0.5.7)
23
23
  tzinfo (~> 0.3.23)
24
- activemodel (3.0.3)
25
- activesupport (= 3.0.3)
24
+ activemodel (3.0.5)
25
+ activesupport (= 3.0.5)
26
26
  builder (~> 2.1.2)
27
27
  i18n (~> 0.4)
28
- activerecord (3.0.3)
29
- activemodel (= 3.0.3)
30
- activesupport (= 3.0.3)
28
+ activerecord (3.0.5)
29
+ activemodel (= 3.0.5)
30
+ activesupport (= 3.0.5)
31
31
  arel (~> 2.0.2)
32
32
  tzinfo (~> 0.3.23)
33
- activeresource (3.0.3)
34
- activemodel (= 3.0.3)
35
- activesupport (= 3.0.3)
36
- activesupport (3.0.3)
33
+ activeresource (3.0.5)
34
+ activemodel (= 3.0.5)
35
+ activesupport (= 3.0.5)
36
+ activesupport (3.0.5)
37
37
  archive-tar-minitar (0.5.2)
38
- arel (2.0.8)
39
- bson (1.2.0)
40
- bson_ext (1.2.0)
38
+ arel (2.0.9)
39
+ bson (1.2.4)
40
+ bson_ext (1.2.4)
41
41
  builder (2.1.2)
42
42
  columnize (0.3.2)
43
43
  diff-lcs (1.1.2)
@@ -54,8 +54,8 @@ GEM
54
54
  mime-types (~> 1.16)
55
55
  treetop (~> 1.4.8)
56
56
  mime-types (1.16)
57
- mongo (1.2.0)
58
- bson (>= 1.2.0)
57
+ mongo (1.2.2)
58
+ bson (>= 1.2.2)
59
59
  mongo_mapper (0.8.6)
60
60
  activesupport (>= 2.3.4)
61
61
  jnunemaker-validatable (~> 1.8.4)
@@ -68,17 +68,17 @@ GEM
68
68
  rack (>= 1.0.0)
69
69
  rack-test (0.5.7)
70
70
  rack (>= 1.0)
71
- rails (3.0.3)
72
- actionmailer (= 3.0.3)
73
- actionpack (= 3.0.3)
74
- activerecord (= 3.0.3)
75
- activeresource (= 3.0.3)
76
- activesupport (= 3.0.3)
71
+ rails (3.0.5)
72
+ actionmailer (= 3.0.5)
73
+ actionpack (= 3.0.5)
74
+ activerecord (= 3.0.5)
75
+ activeresource (= 3.0.5)
76
+ activesupport (= 3.0.5)
77
77
  bundler (~> 1.0)
78
- railties (= 3.0.3)
79
- railties (3.0.3)
80
- actionpack (= 3.0.3)
81
- activesupport (= 3.0.3)
78
+ railties (= 3.0.5)
79
+ railties (3.0.5)
80
+ actionpack (= 3.0.5)
81
+ activesupport (= 3.0.5)
82
82
  rake (>= 0.8.7)
83
83
  thor (~> 0.14.4)
84
84
  rake (0.8.7)
data/README.markdown CHANGED
@@ -175,7 +175,7 @@ Dirty, but it works. Here's the ticket for this issue: [Issue #1290](https://rai
175
175
  To-Do
176
176
  -----
177
177
 
178
- * Write README
178
+ * Support BasicAuth authentication
179
179
 
180
180
  Maintainer
181
181
  ----------
data/lib/simple_auth/action_controller.rb CHANGED
@@ -10,7 +10,7 @@ module SimpleAuth
10
10
  module InstanceMethods
11
11
  private
12
12
  def return_to(url = nil, &block)
13
- url = session.fetch("return_to", url)
13
+ url = session.fetch(:return_to, url)
14
14
  url = instance_eval(&block) if block_given?
15
15
  url
16
16
  end
@@ -66,6 +66,8 @@ module SimpleAuth
66
66
  end
67
67
 
68
68
  session[:return_to] = return_to if request.get?
69
+
70
+ SimpleAuth::Session.destroy!
69
71
  redirect_to simple_auth_url_for(:login_url, controller, options[:to]), :alert => t("simple_auth.sessions.need_to_be_logged")
70
72
  end
71
73
  end
data/lib/simple_auth/config.rb CHANGED
@@ -5,6 +5,17 @@ module SimpleAuth
5
5
  end
6
6
 
7
7
  class Config
8
+ # Automatically remove all session values that start with your model name.
9
+ #
10
+ # When an existing session is destroyed or a new session is created,
11
+ # SimpleAuth will remove the record id stored as <tt>#{SimpleAuth::Config.model}</tt>.
12
+ #
13
+ # Additionally, you can enable this option to remove any other key composed by
14
+ # <tt>#{SimpleAuth::Config.model}_*</tt>.
15
+ #
16
+ cattr_accessor :wipeout_session
17
+ @@wipeout_session = false
18
+
8
19
  # Generate the password hash. The specified block should expected
9
20
  # the plain password and the password hash as block parameters.
10
21
  cattr_accessor :crypter
@@ -40,9 +51,11 @@ module SimpleAuth
40
51
  cattr_accessor :logged_url
41
52
  @@logged_url = proc { dashboard_path }
42
53
 
43
- # Reset session before saving the user session
44
- cattr_accessor :reset_session
45
- @@reset_session = false
54
+ def self.reset_session(*args) # :nodoc:
55
+ Kernel.warn "The SimpleAuth::Config.reset_session accessor was disabled and will be removed in future versions."
56
+ end
57
+
58
+ class << self; alias reset_session= reset_session; end
46
59
 
47
60
  def self.model_class
48
61
  model.to_s.classify.constantize
data/lib/simple_auth/session.rb CHANGED
@@ -7,7 +7,7 @@ module SimpleAuth
7
7
  attr_accessor :record
8
8
  attr_accessor :errors
9
9
 
10
- class Errors
10
+ class Errors # :nodoc:all
11
11
  attr_accessor :errors
12
12
 
13
13
  def add_to_base(message)
@@ -35,10 +35,32 @@ module SimpleAuth
35
35
  end
36
36
  end
37
37
 
38
+ def self.session_key
39
+ "#{SimpleAuth::Config.model.to_s}_id".to_sym
40
+ end
41
+
42
+ def self.record_id
43
+ controller && controller.session[session_key]
44
+ end
45
+
46
+ def self.backup(&block)
47
+ backup = controller.session.to_hash.reject do |name, value|
48
+ rejected = [:session_id, session_key].include?(name.to_sym) || SimpleAuth::Config.wipeout_session && name.to_s =~ /^#{SimpleAuth::Config.model}_/
49
+ controller.session.delete(name) if rejected
50
+ rejected
51
+ end
52
+
53
+ yield
54
+
55
+ backup.each do |name, value|
56
+ controller.session[name.to_sym] = value
57
+ end
58
+ end
59
+
38
60
  def self.find
61
+ return unless controller && record_id
39
62
  session = new
40
- return unless session.controller && session.controller.session[:record_id]
41
- session.record = session.model.find_by_id(session.controller.session[:record_id])
63
+ session.record = session.model.find_by_id(record_id)
42
64
 
43
65
  if session.record
44
66
  session
@@ -59,11 +81,18 @@ module SimpleAuth
59
81
  end
60
82
  end
61
83
 
84
+ def self.controller
85
+ SimpleAuth::Config.controller
86
+ end
87
+
62
88
  def self.destroy!
63
- controller = SimpleAuth::Config.controller
64
- controller.session[:record_id] = nil
89
+ [:session_id, session_key].each {|name| controller.session.delete(name) }
90
+
65
91
  controller.instance_variable_set("@current_user", nil)
66
92
  controller.instance_variable_set("@current_session", nil)
93
+
94
+ backup { controller.reset_session }
95
+
67
96
  true
68
97
  end
69
98
 
@@ -98,7 +127,7 @@ module SimpleAuth
98
127
  true
99
128
  else
100
129
  errors.add_to_base I18n.translate("simple_auth.sessions.invalid_credentials")
101
- controller.session[:record_id] = nil
130
+ self.class.destroy!
102
131
  false
103
132
  end
104
133
  end
@@ -108,12 +137,10 @@ module SimpleAuth
108
137
  end
109
138
 
110
139
  def save
111
- if valid?
112
- controller.send(:reset_session) if SimpleAuth::Config.reset_session
113
- controller.session[:record_id] = record.id
114
- end
140
+ self.class.destroy!
115
141
 
116
- controller.session[:record_id] != nil
142
+ controller.session[self.class.session_key] = record.id if valid?
143
+ controller.session[self.class.session_key] != nil
117
144
  end
118
145
 
119
146
  def save!
data/lib/simple_auth/version.rb CHANGED
@@ -1,8 +1,8 @@
1
1
  module SimpleAuth
2
2
  module Version
3
- MAJOR = "1"
4
- MINOR = "2"
5
- PATCH = "0"
3
+ MAJOR = 1
4
+ MINOR = 3
5
+ PATCH = 0
6
6
  STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
7
7
  end
8
8
  end
data/spec/controllers/redirect_logged_user_spec.rb CHANGED
@@ -21,7 +21,7 @@ describe ApplicationController do
21
21
  end
22
22
 
23
23
  it "should redirect logged users" do
24
- session[:record_id] = user.id
24
+ session[:user_id] = user.id
25
25
  get :index
26
26
 
27
27
  response.code.should match(/302/)
@@ -39,7 +39,7 @@ describe ApplicationController do
39
39
  end
40
40
 
41
41
  it "should redirect logged users" do
42
- session[:record_id] = user.id
42
+ session[:user_id] = user.id
43
43
  get :index
44
44
 
45
45
  response.code.should match(/302/)
@@ -58,7 +58,7 @@ describe ApplicationController do
58
58
 
59
59
  it "should redirect logged users" do
60
60
  SimpleAuth::Config.logged_url = proc { dashboard_path }
61
- session[:record_id] = user.id
61
+ session[:user_id] = user.id
62
62
  get :index
63
63
 
64
64
  response.code.should match(/302/)
@@ -76,7 +76,7 @@ describe ApplicationController do
76
76
  end
77
77
 
78
78
  it "should render page" do
79
- session[:record_id] = nil
79
+ session[:user_id] = nil
80
80
  get :index
81
81
 
82
82
  response.code.should match(/200/)
data/spec/controllers/require_logged_user_spec.rb CHANGED
@@ -10,6 +10,10 @@ describe ApplicationController do
10
10
  )
11
11
  }
12
12
 
13
+ before do
14
+ session[:user_id] = {}
15
+ end
16
+
13
17
  context "redirecting to requested page" do
14
18
  controller do
15
19
  require_logged_user :to => "/login"
@@ -19,6 +23,24 @@ describe ApplicationController do
19
23
  end
20
24
  end
21
25
 
26
+ it "should keep other session data" do
27
+ session[:skip_intro] = true
28
+ get :index
29
+ session[:skip_intro].should be_true
30
+ end
31
+
32
+ it "should remove record id from session" do
33
+ session[:user_id] = 0
34
+ get :index
35
+ session.should_not have_key(:user)
36
+ end
37
+
38
+ it "should remove session id from session" do
39
+ session[:session_id] = "xSQR"
40
+ get :index
41
+ session.should_not have_key(:session_id)
42
+ end
43
+
22
44
  it "should return the request url" do
23
45
  get :index, :some => "param"
24
46
  controller.send(:return_to, "/dashboard").should == "/stub_resources?some=param"
@@ -39,7 +61,7 @@ describe ApplicationController do
39
61
  end
40
62
 
41
63
  it "should redirect when user is not authorized on controller level" do
42
- session[:record_id] = user.id
64
+ session[:user_id] = user.id
43
65
  @controller.should_receive(:authorized?).and_return(false)
44
66
 
45
67
  get :index
@@ -47,7 +69,7 @@ describe ApplicationController do
47
69
  end
48
70
 
49
71
  it "should redirect when session is not valid" do
50
- session[:record_id] = "invalid"
72
+ session[:user_id] = "invalid"
51
73
 
52
74
  get :index
53
75
  response.should redirect_to("/login")
@@ -109,12 +131,9 @@ describe ApplicationController do
109
131
  end
110
132
  end
111
133
 
112
- before do
113
- session[:record_id] = user.id
114
- get :index
115
- end
116
-
117
134
  it "should render page" do
135
+ session[:user_id] = user.id
136
+ get :index
118
137
  response.body.should == "Rendered"
119
138
  end
120
139
  end
data/spec/simple_auth/config_spec.rb CHANGED
@@ -26,4 +26,15 @@ describe SimpleAuth::Config do
26
26
  specify "salt should return a 64-char long salt" do
27
27
  SimpleAuth::Config.salt.call(nil).size.should == 64
28
28
  end
29
+
30
+ specify "wipeout session should be disabled" do
31
+ SimpleAuth::Config.wipeout_session.should be_false
32
+ end
33
+
34
+ specify "deprecated reset_session accessor" do
35
+ Kernel.should_receive(:warn).twice
36
+
37
+ SimpleAuth::Config.reset_session = true
38
+ SimpleAuth::Config.reset_session
39
+ end
29
40
  end
data/spec/simple_auth/session_spec.rb CHANGED
@@ -13,7 +13,7 @@ describe SimpleAuth::Session do
13
13
 
14
14
  @session = Hash.new
15
15
  @controller = ActionController::Base.new
16
- @controller.stub :session => @session
16
+ @controller.stub :session => @session, :reset_session => nil
17
17
 
18
18
  SimpleAuth::Config.controller = @controller
19
19
  @user_session = SimpleAuth::Session.new(:credential => "johndoe", :password => "test")
@@ -27,6 +27,15 @@ describe SimpleAuth::Session do
27
27
  }.to_not raise_error
28
28
  end
29
29
 
30
+ it "should return session key" do
31
+ SimpleAuth::Session.session_key == :user_id
32
+ end
33
+
34
+ it "should return record id" do
35
+ @session[:user_id] = 42
36
+ SimpleAuth::Session.record_id == 42
37
+ end
38
+
30
39
  context "with valid credentials" do
31
40
  before do
32
41
  @user_session.save!
@@ -56,31 +65,32 @@ describe SimpleAuth::Session do
56
65
  @user_session.record.should == @user
57
66
  end
58
67
 
59
- it "should set record_id on session" do
60
- @session[:record_id].should == @user.id
61
- end
62
-
63
68
  it "should be saved" do
64
69
  @user_session.save.should be_true
65
70
  end
66
71
 
72
+ it "should reset session before saving" do
73
+ @session[:session_id] = "xWA1"
74
+ @user_session.save
75
+ @session.should_not have_key(:session_id)
76
+ end
77
+
67
78
  it "should automatically save session when calling create!" do
68
79
  @user_session = SimpleAuth::Session.create!(:credential => "johndoe", :password => "test")
69
80
  @user_session.should be_valid
70
81
  @user_session.record.should == @user
71
- @session[:record_id].should == @user.id
72
- end
73
-
74
- it "should reset session" do
75
- SimpleAuth::Config.reset_session = true
76
- SimpleAuth::Config.controller.should_receive(:reset_session)
77
- @user_session.save
82
+ @session[:user_id].should == @user.id
78
83
  end
79
84
 
80
85
  it "should destroy session" do
81
86
  @user_session.destroy.should be_true
82
87
  @user_session.record.should be_nil
83
- @session[:record_id].should be_nil
88
+ @session.should_not have_key(:user)
89
+ end
90
+
91
+ it "should initialize record session" do
92
+ @user_session.save
93
+ @session[:user_id].should == @user.id
84
94
  end
85
95
  end
86
96
 
@@ -91,15 +101,15 @@ describe SimpleAuth::Session do
91
101
  end
92
102
 
93
103
  it "should unset previous record id when is not valid" do
94
- @session[:record_id] = 1
104
+ @session[:user_id] = 1
95
105
  @user_session.should_not be_valid
96
- @session[:record_id].should be_nil
106
+ @session.should_not have_key(:user)
97
107
  end
98
108
 
99
109
  it "should unset previous record id when is not saved" do
100
- @session[:record_id] = 1
110
+ @session[:user_id] = 1
101
111
  @user_session.save.should be_false
102
- @session[:record_id].should be_nil
112
+ @session.should_not have_key(:user)
103
113
  end
104
114
 
105
115
  it "should be new record" do
@@ -137,8 +147,8 @@ describe SimpleAuth::Session do
137
147
  @user_session.should_not be_valid
138
148
  end
139
149
 
140
- it "should unset record_id from session" do
141
- @session[:record_id].should be_nil
150
+ it "should unset record store from session" do
151
+ @session.should_not have_key(:user)
142
152
  end
143
153
 
144
154
  it "should not be saved" do
@@ -157,14 +167,37 @@ describe SimpleAuth::Session do
157
167
  context "when destroying session" do
158
168
  before do
159
169
  @user_session.save!
170
+ end
171
+
172
+ it "should remove record session" do
173
+ @user_session.destroy
174
+ @session.should_not have_key(:user_id)
175
+ end
176
+
177
+ it "should keep keys composed by user_*" do
178
+ SimpleAuth::Config.wipeout_session = false
179
+
180
+ @session[:user_friends_count] = 42
160
181
  @user_session.destroy
182
+
183
+ @session[:user_friends_count].should == 42
161
184
  end
162
185
 
163
- it "should unset record_id from session" do
164
- @session[:record_id].should be_nil
186
+ it "should wipe out keys composed by user_*" do
187
+ SimpleAuth::Config.wipeout_session = true
188
+
189
+ @session[:user_friends_count] = 100
190
+ @session[:user_preferred_number] = 42
191
+
192
+ @user_session.destroy
193
+
194
+ @session.should_not have_key(:user_friends_count)
195
+ @session.should_not have_key(:user_preferred_number)
165
196
  end
166
197
 
167
198
  it "should unset current_user instance variable" do
199
+ @user_session.destroy
200
+
168
201
  SimpleAuth::Config.controller.send(:current_user).should be_nil
169
202
  SimpleAuth::Config.controller.instance_variable_get("@current_user").should be_nil
170
203
  SimpleAuth::Config.controller.instance_variable_get("@current_session").should be_nil
data/templates/initializer.rb CHANGED
@@ -17,4 +17,15 @@ SimpleAuth.setup do |config|
17
17
  # Logged users will be redirect to this url
18
18
  # when +redirect_logged_user+ helper is used.
19
19
  config.logged_url = proc { root_path }
20
+
21
+ # Automatically remove all session values that start with your model name.
22
+ #
23
+ # When an existing session is destroyed or a new session is created,
24
+ # SimpleAuth will remove the record id stored as <tt>#{SimpleAuth::Config.model}</tt>.
25
+ #
26
+ # Additionally, you can enable this option to remove any other key composed by
27
+ # <tt>#{SimpleAuth::Config.model}_*</tt>.
28
+ #
29
+ cattr_accessor :wipeout_session
30
+ @@wipeout_session = false
20
31
  end
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: simple_auth
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 1.2.0
5
+ version: 1.3.0
6
6
  platform: ruby
7
7
  authors:
8
8
  - Nando Vieira
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2011-02-08 00:00:00 -02:00
13
+ date: 2011-03-16 00:00:00 -03:00
14
14
  default_executable:
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
151
151
  requirements: []
152
152
 
153
153
  rubyforge_project:
154
- rubygems_version: 1.5.0
154
+ rubygems_version: 1.6.0
155
155
  signing_key:
156
156
  specification_version: 3
157
157
  summary: A simple authentication system for Rails apps