sinatra-security 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -3,8 +3,10 @@ Sinatra Security
3
3
 
4
4
  This gem just provides you with the standard authentication mechanisms you would expect from your typical app.
5
5
 
6
- How to use
7
- ==========
6
+ Read the full documentation at [http://labs.sinefunc.com/sinatra-security/doc](http://labs.sinefunc.com/sinatra-security/doc).
7
+
8
+ Basic usage
9
+ -----------
8
10
 
9
11
  # taken from examples/classic.rb
10
12
 
@@ -28,6 +30,53 @@ How to use
28
30
  haml :login
29
31
  end
30
32
 
33
+ Some advanced stuff you might want to do
34
+ ----------------------------------------
35
+
36
+ require 'sinatra'
37
+ require 'sinatra/security'
38
+ require 'ohm'
39
+
40
+ # we set a different attribute name here.
41
+ # the default used is :email, but we can choose whatever we want.
42
+ Sinatra::Security::LoginField.attr_name :login
43
+
44
+ class User < Ohm::Model
45
+ include Sinatra::Security::User
46
+ end
47
+
48
+ user = User.create(:login => "quentin", :password => "test")
49
+ user == User.authenticate("quentin", "test")
50
+ # => true
51
+
52
+ # in our sinatra context...
53
+ # now let's secure a chunk of our pages
54
+ require_login '/admin/users'
55
+
56
+ get '/admin/users/:id' do |id|
57
+ # do something here
58
+ end
59
+
60
+ get '/admin/posts' do
61
+ # posts list here
62
+ end
63
+
64
+ # we can also do basic atomic authorization checks for our objects
65
+
66
+ get '/admin/posts/:id/edit' do |id|
67
+ post = Post[id]
68
+ ensure_current_user post.author # does a `halt 404` if this fails
69
+
70
+ # now we proceed as normal, if the author is indeed the curerent user
71
+ end
72
+
73
+ # a quick demo of how you might want to logout
74
+ get '/logout' do
75
+ logout!
76
+ redirect '/'
77
+ end
78
+
79
+
31
80
  Note on Patches/Pull Requests
32
81
  -----------------------------
33
82
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.0
1
+ 0.2.1
@@ -2,7 +2,7 @@ require 'sinatra/base'
2
2
 
3
3
  module Sinatra
4
4
  module Security
5
- VERSION = "0.2.0"
5
+ VERSION = "0.2.1"
6
6
 
7
7
  autoload :Helpers, 'sinatra/security/helpers'
8
8
  autoload :User, 'sinatra/security/user'
@@ -16,7 +16,7 @@ module Sinatra
16
16
 
17
17
  app.set :login_error_message, "Wrong Email and/or Password combination."
18
18
  app.set :login_url, "/login"
19
- app.set :login_user_class, :User
19
+ app.set :login_user_class, lambda { ::User }
20
20
  app.set :ignored_by_return_to, /(jpe?g|png|gif|css|js)$/
21
21
 
22
22
  app.post '/login' do
@@ -44,7 +44,7 @@ module Sinatra
44
44
  # # Users here
45
45
  # end
46
46
  #
47
- # @param [#to_s] path_prefix a string to match again the start of
47
+ # @param [#to_s] path_prefix a string to match against the start of
48
48
  # request.fullpath
49
49
  # @return [nil]
50
50
  def require_login(path_prefix)
@@ -61,7 +61,11 @@ module Sinatra
61
61
  #
62
62
  # # Also, if you change the settings to use a different user class,
63
63
  # # then that will be respected
64
- # set :login_user_class, :SuperUser
64
+ # # this assumes SuperUser is already defined
65
+ # set :login_user_class, SuperUser
66
+ #
67
+ # # if you want to lazily evaluate the class you can wrap it in a proc
68
+ # set :login_user_class, lambda { SuperUser }
65
69
  #
66
70
  # # assuming session[:user] == 1
67
71
  # current_user == SuperUser[1]
@@ -118,10 +122,9 @@ module Sinatra
118
122
  end
119
123
  end
120
124
 
121
- # @private transforms settings.login_user_class to a constant,
122
- # and used by current_user
125
+ # @private convencience method for settings.login_user_class
123
126
  def __USER__
124
- Object.const_get(settings.login_user_class)
127
+ settings.login_user_class
125
128
  end
126
129
 
127
130
  # @private internally used by Sinatra::Security::Helpers#require_login
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{sinatra-security}
8
- s.version = "0.2.0"
8
+ s.version = "0.2.1"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Cyril David"]
@@ -35,6 +35,7 @@ Gem::Specification.new do |s|
35
35
  "lib/sinatra/security/validations.rb",
36
36
  "sinatra-security.gemspec",
37
37
  "test/helper.rb",
38
+ "test/test_different_user_class.rb",
38
39
  "test/test_login_field_flexibility.rb",
39
40
  "test/test_password.rb",
40
41
  "test/test_sinatra-security.rb",
@@ -49,6 +50,7 @@ Gem::Specification.new do |s|
49
50
  s.summary = %q{Sinatra authentication extension}
50
51
  s.test_files = [
51
52
  "test/helper.rb",
53
+ "test/test_different_user_class.rb",
52
54
  "test/test_login_field_flexibility.rb",
53
55
  "test/test_password.rb",
54
56
  "test/test_sinatra-security.rb",
@@ -0,0 +1,44 @@
1
+ require "helper"
2
+
3
+ class DifferentUserClassTest < Test::Unit::TestCase
4
+ class BasicApp < Sinatra::Base
5
+ class Operator < Struct.new(:id)
6
+ def self.authenticate(u, p)
7
+ return new(1001) if u == 'Foo' && p == 'Bar'
8
+ end
9
+ end
10
+
11
+ use Rack::Session::Cookie
12
+
13
+ register Sinatra::Security
14
+
15
+ set :login_user_class, lambda { Operator }
16
+
17
+ get '/secured' do
18
+ require_login
19
+
20
+ "Secured!"
21
+ end
22
+ end
23
+
24
+ describe "an app with a different user class" do
25
+ def app
26
+ BasicApp.new
27
+ end
28
+
29
+ test "blocks non-authenticated users properly" do
30
+ get '/secured'
31
+
32
+ assert_equal 302, last_response.status
33
+ assert_equal '/login', last_response.headers['Location']
34
+ end
35
+
36
+ test "authenticates properly" do
37
+ post '/login', :username => "Foo", :password => "Bar"
38
+
39
+ assert_equal 302, last_response.status
40
+ assert_equal '/', last_response.headers['Location']
41
+
42
+ end
43
+ end
44
+ end
@@ -164,5 +164,4 @@ class TestSinatraSecurity < Test::Unit::TestCase
164
164
  assert_equal '/login', last_response.headers['Location']
165
165
  end
166
166
  end
167
-
168
167
  end
@@ -27,7 +27,7 @@ class TestSinatraSecurityHelpers < Test::Unit::TestCase
27
27
 
28
28
  describe "when session[:user] is set to 1" do
29
29
  setup do
30
- @settings = stub("Settings", :login_user_class => :User)
30
+ @settings = stub("Settings", :login_user_class => ::User)
31
31
 
32
32
  @context.stubs(:settings).returns(@settings)
33
33
  @context.session[:user] = 1
@@ -40,7 +40,8 @@ class TestSinatraSecurityHelpers < Test::Unit::TestCase
40
40
  end
41
41
 
42
42
  should "return the found user as the result" do
43
- User.stubs(:[]).returns(:user)
43
+ # User.stubs(:[]).returns(:user)
44
+ User.expects(:[]).at_least_once.returns(:user)
44
45
 
45
46
  assert_equal :user, @context.current_user
46
47
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 2
8
- - 0
9
- version: 0.2.0
8
+ - 1
9
+ version: 0.2.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - Cyril David
@@ -46,6 +46,7 @@ files:
46
46
  - lib/sinatra/security/validations.rb
47
47
  - sinatra-security.gemspec
48
48
  - test/helper.rb
49
+ - test/test_different_user_class.rb
49
50
  - test/test_login_field_flexibility.rb
50
51
  - test/test_password.rb
51
52
  - test/test_sinatra-security.rb
@@ -84,6 +85,7 @@ specification_version: 3
84
85
  summary: Sinatra authentication extension
85
86
  test_files:
86
87
  - test/helper.rb
88
+ - test/test_different_user_class.rb
87
89
  - test/test_login_field_flexibility.rb
88
90
  - test/test_password.rb
89
91
  - test/test_sinatra-security.rb