warden-github-rails 0.0.1

data/lib/warden/github/rails/test_helpers.rb

@@ -0,0 +1,28 @@
+require 'warden/github'
+require 'warden/github/rails/test_helpers/mock_user'
+
+module Warden
+  module GitHub
+    module Rails
+      module TestHelpers
+        include ::Warden::Test::Helpers
+
+        # Login a mock GitHub user and return it.
+        def github_login(scope=Rails.default_scope)
+          MockUser.new.tap do |user|
+            login_as(user, :scope => scope)
+          end
+        end
+      end
+    end
+  end
+end
+
+# Add a method to Rack::Response to easily determine if a request resulted in an
+# OAuth redirect to GitHub.
+class Rack::Response
+  def github_oauth_redirect?
+    redirect? and
+      location.start_with?('https://github.com/login/oauth/authorize')
+  end
+end

data/lib/warden/github/rails/test_helpers/mock_user.rb

@@ -0,0 +1,28 @@
+module Warden
+  module GitHub
+    module Rails
+      module TestHelpers
+        class MockUser < User
+          attr_reader :memberships
+
+          def initialize(*args)
+            super
+            @memberships = { :team => [], :org => [] }
+          end
+
+          def stub_membership(membership)
+            memberships.fetch(membership.keys.first) << membership.values.first
+          end
+
+          def team_member?(id)
+            memberships[:team].include?(id)
+          end
+
+          def organization_member?(id)
+            memberships[:org].include?(id)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/warden/github/rails/version.rb

@@ -0,0 +1,9 @@
+module Warden
+  module GitHub
+    module Rails
+      VERSION = File.read(
+        File.expand_path('../../../../../VERSION', __FILE__)
+      ).strip
+    end
+  end
+end

data/lib/warden/github/rails/view_helpers.rb

@@ -0,0 +1,18 @@
+module Warden
+  module GitHub
+    module Rails
+      module ViewHelpers
+        # Checks whether a user is logged in for the specified scope.
+        def github_authenticated?(scope=Rails.default_scope)
+          request.env['warden'].authenticated?(scope)
+        end
+
+        # Returns the currently signed in user for the specified scope. See the
+        # documentation for Warden::GitHub::User for available methods.
+        def github_user(scope=Rails.default_scope)
+          request.env['warden'].user(scope)
+        end
+      end
+    end
+  end
+end

data/spec/integration/controller_helpers_spec.rb

@@ -0,0 +1,95 @@
+require 'spec_helper'
+
+describe 'controller helpers' do
+  {
+    :scoped   => :admin,
+    :unscoped => Warden::GitHub::Rails.default_scope
+  }.each do |type, scope|
+    context "when using #{type}" do
+      describe '#github_authenticate!' do
+        subject(:request) { get "/#{type}/authenticate" }
+
+        context 'when not logged in' do
+          it 'initiates the oauth flow' do
+            request.should be_github_oauth_redirect
+          end
+        end
+
+        context 'when logged in' do
+          before { github_login(scope) }
+          it 'does nothing' do
+            request.should be_ok
+          end
+        end
+      end
+
+      describe '#github_logout' do
+        context 'when not logged in' do
+          it 'does nothing' do
+            get("/#{type}/logout").body.should eq 'false'
+          end
+        end
+
+        context 'when logged in' do
+          it 'logs out the user' do
+            github_login(scope)
+            get("/#{type}/logout").body.should eq 'true'
+            get("/#{type}/logout").body.should eq 'false'
+          end
+        end
+      end
+
+      describe '#github_authenticated?' do
+        subject(:request) { get "/#{type}/authenticated" }
+
+        context 'when not logged in' do
+          it 'returns false' do
+            request.body.should eq 'false'
+          end
+        end
+
+        context 'when logged in' do
+          it 'returns true' do
+            github_login(scope)
+            request.body.should eq 'true'
+          end
+        end
+      end
+
+      describe '#github_user' do
+        subject(:request) { get "/#{type}/user" }
+
+        context 'when not logged in' do
+          it 'returns nil' do
+            request.body.should be_blank
+          end
+        end
+
+        context 'when logged in' do
+          it 'returns the logged in user' do
+            github_login(scope)
+            request.body.
+              should include 'Warden::GitHub::Rails::TestHelpers::MockUser'
+          end
+        end
+      end
+
+      describe '#github_session' do
+        subject(:request) { get "/#{type}/session" }
+
+        context 'when not logged in' do
+          it 'should be nil' do
+            request.body.should be_blank
+          end
+        end
+
+        context 'when logged in' do
+          it "returns the user's session" do
+            github_login(scope)
+            request.body.should == { :foo => :bar }.to_s
+          end
+        end
+      end
+    end
+  end
+end

data/spec/integration/membership_spec.rb

@@ -0,0 +1,183 @@
+require 'spec_helper'
+
+describe 'request to a protected resource' do
+  context 'that requires a team membership' do
+    context 'which is specified by a numeric team id' do
+      subject { get '/team/protected' }
+
+      context 'when not logged in' do
+        it { should be_github_oauth_redirect }
+      end
+
+      context 'when logged in' do
+        context 'and team member' do
+          before do
+            user = github_login
+            user.stub_membership(:team => 123)
+          end
+
+          it { should be_ok }
+        end
+
+        context 'and not team member' do
+          before { github_login }
+          it { should be_not_found}
+        end
+      end
+    end
+
+    context 'which is specified by a team alias' do
+      subject { get '/team_alias/protected' }
+
+      context 'when not logged in' do
+        it { should be_github_oauth_redirect }
+      end
+
+      context 'when logged in' do
+        context 'and team member' do
+          before do
+            user = github_login
+            user.stub_membership(:team => 456)
+          end
+
+          it { should be_ok }
+        end
+
+        context 'and not team member' do
+          before { github_login }
+          it { should be_not_found}
+        end
+      end
+    end
+
+    context 'which is specified by a lambda' do
+      subject { get '/dynamic_team/123' }
+
+      context 'when logged in' do
+        context 'and team member' do
+          before do
+            user = github_login
+            user.stub_membership(:team => 123)
+          end
+
+          it { should be_ok }
+        end
+
+        context 'and not team member' do
+          before { github_login }
+          it { should be_not_found}
+        end
+      end
+    end
+  end
+
+  context 'that requires an organization membership' do
+    { :org => :foobar_inc, :organization => 'some_org' }.each do |key, value|
+      context "which is specified as #{key}" do
+        subject { get "/#{key}/protected" }
+
+        context 'when not logged in' do
+          it { should be_github_oauth_redirect }
+        end
+
+        context 'when logged in' do
+          context 'and organization member' do
+            before do
+              user = github_login
+              user.stub_membership(:org => value)
+            end
+
+            it { should be_ok }
+          end
+
+          context 'and not organization member' do
+            before { github_login }
+            it { should be_not_found }
+          end
+        end
+      end
+    end
+
+    context 'which is specified by a lambda' do
+      subject { get '/dynamic_org/some_org' }
+
+      context 'when logged in' do
+        context 'and organization member' do
+          before do
+            user = github_login
+            user.stub_membership(:org => 'some_org')
+          end
+
+          it { should be_ok }
+        end
+
+        context 'and not organization member' do
+          before { github_login }
+          it { should be_not_found}
+        end
+      end
+    end
+  end
+end
+
+describe 'request to a resource that only exists when logged in' do
+  context 'that requires a team membership' do
+    context 'which is specified by a numeric team id' do
+      subject { get '/team/conditional' }
+
+      context 'when team member' do
+        before do
+          user = github_login
+          user.stub_membership(:team => 123)
+        end
+
+        it { should be_ok }
+      end
+
+      context 'when not team member' do
+        before { github_login }
+        it { should be_not_found}
+      end
+    end
+
+    context 'which is specified by a team alias' do
+      subject { get '/team_alias/conditional' }
+
+      context 'when team member' do
+        before do
+          user = github_login
+          user.stub_membership(:team => 456)
+        end
+
+        it { should be_ok }
+      end
+
+      context 'when not team member' do
+        before { github_login }
+        it { should be_not_found}
+      end
+    end
+  end
+
+  context 'that requires an organization membership' do
+    { :org => :foobar_inc, :organization => 'some_org' }.each do |key, value|
+      context "which is specified as #{key}" do
+        subject { get "/#{key}/conditional" }
+
+        context 'when organization member' do
+          before do
+            user = github_login
+            user.stub_membership(:org => value)
+          end
+
+          it { should be_ok }
+        end
+
+        context 'when not organization member' do
+          before { github_login }
+          it { should be_not_found }
+        end
+      end
+    end
+  end
+end

data/spec/integration/route_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+
+describe 'request to a protected resource' do
+  subject { get '/protected' }
+
+  context 'when not logged in' do
+    it { should be_github_oauth_redirect }
+  end
+
+  context 'when logged in' do
+    before { github_login }
+    it { should be_ok }
+  end
+
+  context 'with multiple scopes' do
+    subject { get '/admin/protected' }
+
+    context 'when logged in in the wrong scope' do
+      before { github_login }
+      it { should be_github_oauth_redirect }
+    end
+
+    context 'when logged in in the correct scope' do
+      before { github_login(:admin) }
+      it { should be_ok }
+    end
+  end
+end
+
+describe 'request to a resource that only exists when logged in' do
+  subject { get '/conditional' }
+
+  context 'when not logged in' do
+    it { should be_not_found }
+  end
+
+  context 'when logged in' do
+    before { github_login }
+    it { should be_ok }
+  end
+
+  context 'with mutliple scopes' do
+    subject { get '/admin/conditional' }
+
+    context 'when logged in in the wrong scope' do
+      before { github_login }
+      it { should be_not_found }
+    end
+
+    context 'when logged in in the correct scope' do
+      before { github_login(:admin) }
+      it { should be_ok }
+    end
+  end
+end
+
+describe 'request to a resource that only exists when logged out' do
+  subject { get '/conditional_inverse' }
+
+  context 'when not logged in' do
+    it { should be_ok }
+  end
+
+  context 'when logged in' do
+    before { github_login }
+    it { should be_not_found }
+  end
+
+  context 'with mutliple scopes' do
+    subject { get '/admin/conditional_inverse' }
+
+    context 'when logged in in the wrong scope' do
+      before { github_login }
+      it { should be_ok }
+    end
+
+    context 'when logged in in the correct scope' do
+      before { github_login(:admin) }
+      it { should be_not_found }
+    end
+  end
+end