sinatra-security 0.2.0 → 0.2.1

data/README.markdown

@@ -3,8 +3,10 @@ Sinatra Security
 
 This gem just provides you with the standard authentication mechanisms you would expect from your typical app.
 
-How to use
-==========
+Read the full documentation at [http://labs.sinefunc.com/sinatra-security/doc](http://labs.sinefunc.com/sinatra-security/doc).
+
+Basic usage
+-----------
  
     # taken from examples/classic.rb
 
@@ -28,6 +30,53 @@ How to use
       haml :login
     end
 
+Some advanced stuff you might want to do
+----------------------------------------
+    
+    require 'sinatra'
+    require 'sinatra/security'
+    require 'ohm'
+    
+    # we set a different attribute name here. 
+    # the default used is :email, but we can choose whatever we want.
+    Sinatra::Security::LoginField.attr_name :login
+
+    class User < Ohm::Model
+      include Sinatra::Security::User
+    end
+
+    user = User.create(:login => "quentin", :password => "test")
+    user == User.authenticate("quentin", "test")
+    # => true
+  
+    # in our sinatra context...
+    # now let's secure a chunk of our pages
+    require_login '/admin/users'
+
+    get '/admin/users/:id' do |id|
+      # do something here
+    end
+
+    get '/admin/posts' do
+      # posts list here
+    end
+
+    # we can also do basic atomic authorization checks for our objects
+
+    get '/admin/posts/:id/edit' do |id|
+      post = Post[id]
+      ensure_current_user post.author # does a `halt 404` if this fails
+
+      # now we proceed as normal, if the author is indeed the curerent user
+    end
+    
+    # a quick demo of how you might want to logout
+    get '/logout' do
+      logout!
+      redirect '/'
+    end
+
+
 Note on Patches/Pull Requests
 -----------------------------
  

data/VERSION

@@ -1 +1 @@
-0.2.0
+0.2.1

data/lib/sinatra/security.rb

@@ -2,7 +2,7 @@ require 'sinatra/base'
 
 module Sinatra
   module Security
-    VERSION = "0.2.0"
+    VERSION = "0.2.1"
 
     autoload :Helpers,        'sinatra/security/helpers'
     autoload :User,           'sinatra/security/user'
@@ -16,7 +16,7 @@ module Sinatra
 
       app.set :login_error_message, "Wrong Email and/or Password combination."
       app.set :login_url,           "/login"
-      app.set :login_user_class,    :User
+      app.set :login_user_class,    lambda { ::User }
       app.set :ignored_by_return_to, /(jpe?g|png|gif|css|js)$/
         
       app.post '/login' do
@@ -44,7 +44,7 @@ module Sinatra
     #     # Users here
     #   end
     #
-    # @param [#to_s] path_prefix a string to match again the start of 
+    # @param [#to_s] path_prefix a string to match against the start of 
     #                request.fullpath
     # @return [nil]
     def require_login(path_prefix)

data/lib/sinatra/security/helpers.rb

@@ -61,7 +61,11 @@ module Sinatra
       #
       #   # Also, if you change the settings to use a different user class,
       #   # then that will be respected
-      #   set :login_user_class, :SuperUser
+      #   # this assumes SuperUser is already defined
+      #   set :login_user_class, SuperUser 
+      #
+      #   # if you want to lazily evaluate the class you can wrap it in a proc
+      #   set :login_user_class, lambda { SuperUser }
       #
       #   # assuming session[:user] == 1
       #   current_user == SuperUser[1]
@@ -118,10 +122,9 @@ module Sinatra
         end
       end
 
-      # @private transforms settings.login_user_class to a constant, 
-      #          and used by current_user
+      # @private convencience method for settings.login_user_class
       def __USER__
-        Object.const_get(settings.login_user_class)
+        settings.login_user_class
       end
   
       # @private internally used by Sinatra::Security::Helpers#require_login

data/sinatra-security.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{sinatra-security}
-  s.version = "0.2.0"
+  s.version = "0.2.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Cyril David"]
@@ -35,6 +35,7 @@ Gem::Specification.new do |s|
      "lib/sinatra/security/validations.rb",
      "sinatra-security.gemspec",
      "test/helper.rb",
+     "test/test_different_user_class.rb",
      "test/test_login_field_flexibility.rb",
      "test/test_password.rb",
      "test/test_sinatra-security.rb",
@@ -49,6 +50,7 @@ Gem::Specification.new do |s|
   s.summary = %q{Sinatra authentication extension}
   s.test_files = [
     "test/helper.rb",
+     "test/test_different_user_class.rb",
      "test/test_login_field_flexibility.rb",
      "test/test_password.rb",
      "test/test_sinatra-security.rb",

data/test/test_different_user_class.rb

@@ -0,0 +1,44 @@
+require "helper"
+
+class DifferentUserClassTest < Test::Unit::TestCase
+  class BasicApp < Sinatra::Base
+    class Operator < Struct.new(:id)
+      def self.authenticate(u, p)
+        return new(1001) if u == 'Foo' && p == 'Bar'
+      end
+    end
+
+    use Rack::Session::Cookie
+
+    register Sinatra::Security
+    
+    set :login_user_class, lambda { Operator }
+
+    get '/secured' do
+      require_login
+
+      "Secured!"
+    end
+  end
+
+  describe "an app with a different user class" do
+    def app
+      BasicApp.new
+    end
+
+    test "blocks non-authenticated users properly" do
+      get '/secured'
+      
+      assert_equal 302, last_response.status
+      assert_equal '/login', last_response.headers['Location']
+    end
+
+    test "authenticates properly" do
+      post '/login', :username => "Foo", :password => "Bar"
+      
+      assert_equal 302, last_response.status
+      assert_equal '/', last_response.headers['Location']
+
+    end
+  end
+end

data/test/test_sinatra-security.rb

@@ -164,5 +164,4 @@ class TestSinatraSecurity < Test::Unit::TestCase
       assert_equal '/login', last_response.headers['Location']
     end
   end
-
 end

data/test/test_sinatra_security_helpers.rb

@@ -27,7 +27,7 @@ class TestSinatraSecurityHelpers < Test::Unit::TestCase
 
   describe "when session[:user] is set to 1" do
     setup do
-      @settings = stub("Settings", :login_user_class => :User)
+      @settings = stub("Settings", :login_user_class => ::User)
 
       @context.stubs(:settings).returns(@settings)
       @context.session[:user] = 1
@@ -40,7 +40,8 @@ class TestSinatraSecurityHelpers < Test::Unit::TestCase
     end
 
     should "return the found user as the result" do
-      User.stubs(:[]).returns(:user)
+      # User.stubs(:[]).returns(:user)
+      User.expects(:[]).at_least_once.returns(:user)
 
       assert_equal :user, @context.current_user
     end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 2
-  - 0
-  version: 0.2.0
+  - 1
+  version: 0.2.1
 platform: ruby
 authors: 
 - Cyril David
@@ -46,6 +46,7 @@ files:
 - lib/sinatra/security/validations.rb
 - sinatra-security.gemspec
 - test/helper.rb
+- test/test_different_user_class.rb
 - test/test_login_field_flexibility.rb
 - test/test_password.rb
 - test/test_sinatra-security.rb
@@ -84,6 +85,7 @@ specification_version: 3
 summary: Sinatra authentication extension
 test_files: 
 - test/helper.rb
+- test/test_different_user_class.rb
 - test/test_login_field_flexibility.rb
 - test/test_password.rb
 - test/test_sinatra-security.rb