sinatra-security 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.markdown +51 -2
- data/VERSION +1 -1
- data/lib/sinatra/security.rb +3 -3
- data/lib/sinatra/security/helpers.rb +7 -4
- data/sinatra-security.gemspec +3 -1
- data/test/test_different_user_class.rb +44 -0
- data/test/test_sinatra-security.rb +0 -1
- data/test/test_sinatra_security_helpers.rb +3 -2
- metadata +4 -2
data/README.markdown
CHANGED
@@ -3,8 +3,10 @@ Sinatra Security
|
|
3
3
|
|
4
4
|
This gem just provides you with the standard authentication mechanisms you would expect from your typical app.
|
5
5
|
|
6
|
-
|
7
|
-
|
6
|
+
Read the full documentation at [http://labs.sinefunc.com/sinatra-security/doc](http://labs.sinefunc.com/sinatra-security/doc).
|
7
|
+
|
8
|
+
Basic usage
|
9
|
+
-----------
|
8
10
|
|
9
11
|
# taken from examples/classic.rb
|
10
12
|
|
@@ -28,6 +30,53 @@ How to use
|
|
28
30
|
haml :login
|
29
31
|
end
|
30
32
|
|
33
|
+
Some advanced stuff you might want to do
|
34
|
+
----------------------------------------
|
35
|
+
|
36
|
+
require 'sinatra'
|
37
|
+
require 'sinatra/security'
|
38
|
+
require 'ohm'
|
39
|
+
|
40
|
+
# we set a different attribute name here.
|
41
|
+
# the default used is :email, but we can choose whatever we want.
|
42
|
+
Sinatra::Security::LoginField.attr_name :login
|
43
|
+
|
44
|
+
class User < Ohm::Model
|
45
|
+
include Sinatra::Security::User
|
46
|
+
end
|
47
|
+
|
48
|
+
user = User.create(:login => "quentin", :password => "test")
|
49
|
+
user == User.authenticate("quentin", "test")
|
50
|
+
# => true
|
51
|
+
|
52
|
+
# in our sinatra context...
|
53
|
+
# now let's secure a chunk of our pages
|
54
|
+
require_login '/admin/users'
|
55
|
+
|
56
|
+
get '/admin/users/:id' do |id|
|
57
|
+
# do something here
|
58
|
+
end
|
59
|
+
|
60
|
+
get '/admin/posts' do
|
61
|
+
# posts list here
|
62
|
+
end
|
63
|
+
|
64
|
+
# we can also do basic atomic authorization checks for our objects
|
65
|
+
|
66
|
+
get '/admin/posts/:id/edit' do |id|
|
67
|
+
post = Post[id]
|
68
|
+
ensure_current_user post.author # does a `halt 404` if this fails
|
69
|
+
|
70
|
+
# now we proceed as normal, if the author is indeed the curerent user
|
71
|
+
end
|
72
|
+
|
73
|
+
# a quick demo of how you might want to logout
|
74
|
+
get '/logout' do
|
75
|
+
logout!
|
76
|
+
redirect '/'
|
77
|
+
end
|
78
|
+
|
79
|
+
|
31
80
|
Note on Patches/Pull Requests
|
32
81
|
-----------------------------
|
33
82
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.2.
|
1
|
+
0.2.1
|
data/lib/sinatra/security.rb
CHANGED
@@ -2,7 +2,7 @@ require 'sinatra/base'
|
|
2
2
|
|
3
3
|
module Sinatra
|
4
4
|
module Security
|
5
|
-
VERSION = "0.2.
|
5
|
+
VERSION = "0.2.1"
|
6
6
|
|
7
7
|
autoload :Helpers, 'sinatra/security/helpers'
|
8
8
|
autoload :User, 'sinatra/security/user'
|
@@ -16,7 +16,7 @@ module Sinatra
|
|
16
16
|
|
17
17
|
app.set :login_error_message, "Wrong Email and/or Password combination."
|
18
18
|
app.set :login_url, "/login"
|
19
|
-
app.set :login_user_class,
|
19
|
+
app.set :login_user_class, lambda { ::User }
|
20
20
|
app.set :ignored_by_return_to, /(jpe?g|png|gif|css|js)$/
|
21
21
|
|
22
22
|
app.post '/login' do
|
@@ -44,7 +44,7 @@ module Sinatra
|
|
44
44
|
# # Users here
|
45
45
|
# end
|
46
46
|
#
|
47
|
-
# @param [#to_s] path_prefix a string to match
|
47
|
+
# @param [#to_s] path_prefix a string to match against the start of
|
48
48
|
# request.fullpath
|
49
49
|
# @return [nil]
|
50
50
|
def require_login(path_prefix)
|
@@ -61,7 +61,11 @@ module Sinatra
|
|
61
61
|
#
|
62
62
|
# # Also, if you change the settings to use a different user class,
|
63
63
|
# # then that will be respected
|
64
|
-
#
|
64
|
+
# # this assumes SuperUser is already defined
|
65
|
+
# set :login_user_class, SuperUser
|
66
|
+
#
|
67
|
+
# # if you want to lazily evaluate the class you can wrap it in a proc
|
68
|
+
# set :login_user_class, lambda { SuperUser }
|
65
69
|
#
|
66
70
|
# # assuming session[:user] == 1
|
67
71
|
# current_user == SuperUser[1]
|
@@ -118,10 +122,9 @@ module Sinatra
|
|
118
122
|
end
|
119
123
|
end
|
120
124
|
|
121
|
-
# @private
|
122
|
-
# and used by current_user
|
125
|
+
# @private convencience method for settings.login_user_class
|
123
126
|
def __USER__
|
124
|
-
|
127
|
+
settings.login_user_class
|
125
128
|
end
|
126
129
|
|
127
130
|
# @private internally used by Sinatra::Security::Helpers#require_login
|
data/sinatra-security.gemspec
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{sinatra-security}
|
8
|
-
s.version = "0.2.
|
8
|
+
s.version = "0.2.1"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Cyril David"]
|
@@ -35,6 +35,7 @@ Gem::Specification.new do |s|
|
|
35
35
|
"lib/sinatra/security/validations.rb",
|
36
36
|
"sinatra-security.gemspec",
|
37
37
|
"test/helper.rb",
|
38
|
+
"test/test_different_user_class.rb",
|
38
39
|
"test/test_login_field_flexibility.rb",
|
39
40
|
"test/test_password.rb",
|
40
41
|
"test/test_sinatra-security.rb",
|
@@ -49,6 +50,7 @@ Gem::Specification.new do |s|
|
|
49
50
|
s.summary = %q{Sinatra authentication extension}
|
50
51
|
s.test_files = [
|
51
52
|
"test/helper.rb",
|
53
|
+
"test/test_different_user_class.rb",
|
52
54
|
"test/test_login_field_flexibility.rb",
|
53
55
|
"test/test_password.rb",
|
54
56
|
"test/test_sinatra-security.rb",
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require "helper"
|
2
|
+
|
3
|
+
class DifferentUserClassTest < Test::Unit::TestCase
|
4
|
+
class BasicApp < Sinatra::Base
|
5
|
+
class Operator < Struct.new(:id)
|
6
|
+
def self.authenticate(u, p)
|
7
|
+
return new(1001) if u == 'Foo' && p == 'Bar'
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
use Rack::Session::Cookie
|
12
|
+
|
13
|
+
register Sinatra::Security
|
14
|
+
|
15
|
+
set :login_user_class, lambda { Operator }
|
16
|
+
|
17
|
+
get '/secured' do
|
18
|
+
require_login
|
19
|
+
|
20
|
+
"Secured!"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
describe "an app with a different user class" do
|
25
|
+
def app
|
26
|
+
BasicApp.new
|
27
|
+
end
|
28
|
+
|
29
|
+
test "blocks non-authenticated users properly" do
|
30
|
+
get '/secured'
|
31
|
+
|
32
|
+
assert_equal 302, last_response.status
|
33
|
+
assert_equal '/login', last_response.headers['Location']
|
34
|
+
end
|
35
|
+
|
36
|
+
test "authenticates properly" do
|
37
|
+
post '/login', :username => "Foo", :password => "Bar"
|
38
|
+
|
39
|
+
assert_equal 302, last_response.status
|
40
|
+
assert_equal '/', last_response.headers['Location']
|
41
|
+
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -27,7 +27,7 @@ class TestSinatraSecurityHelpers < Test::Unit::TestCase
|
|
27
27
|
|
28
28
|
describe "when session[:user] is set to 1" do
|
29
29
|
setup do
|
30
|
-
@settings = stub("Settings", :login_user_class =>
|
30
|
+
@settings = stub("Settings", :login_user_class => ::User)
|
31
31
|
|
32
32
|
@context.stubs(:settings).returns(@settings)
|
33
33
|
@context.session[:user] = 1
|
@@ -40,7 +40,8 @@ class TestSinatraSecurityHelpers < Test::Unit::TestCase
|
|
40
40
|
end
|
41
41
|
|
42
42
|
should "return the found user as the result" do
|
43
|
-
User.stubs(:[]).returns(:user)
|
43
|
+
# User.stubs(:[]).returns(:user)
|
44
|
+
User.expects(:[]).at_least_once.returns(:user)
|
44
45
|
|
45
46
|
assert_equal :user, @context.current_user
|
46
47
|
end
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 2
|
8
|
-
-
|
9
|
-
version: 0.2.
|
8
|
+
- 1
|
9
|
+
version: 0.2.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Cyril David
|
@@ -46,6 +46,7 @@ files:
|
|
46
46
|
- lib/sinatra/security/validations.rb
|
47
47
|
- sinatra-security.gemspec
|
48
48
|
- test/helper.rb
|
49
|
+
- test/test_different_user_class.rb
|
49
50
|
- test/test_login_field_flexibility.rb
|
50
51
|
- test/test_password.rb
|
51
52
|
- test/test_sinatra-security.rb
|
@@ -84,6 +85,7 @@ specification_version: 3
|
|
84
85
|
summary: Sinatra authentication extension
|
85
86
|
test_files:
|
86
87
|
- test/helper.rb
|
88
|
+
- test/test_different_user_class.rb
|
87
89
|
- test/test_login_field_flexibility.rb
|
88
90
|
- test/test_password.rb
|
89
91
|
- test/test_sinatra-security.rb
|