warden 0.8.1 → 0.9.0

data/lib/warden/session_serializer.rb

@@ -0,0 +1,44 @@
+# encoding: utf-8
+module Warden
+  class SessionSerializer
+    attr_reader :env
+    include ::Warden::Mixins::Common
+
+    def initialize(env)
+      @env = env
+    end
+
+    def key_for(scope)
+      "warden.user.#{scope}.key"
+    end
+
+    def serialize(user)
+      user
+    end
+
+    def deserialize(key)
+      key
+    end
+
+    def store(user, scope)
+      return unless user
+      session[key_for(scope)] = serialize(user)
+    end
+
+    def fetch(scope)
+      key = session[key_for(scope)]
+      return nil unless key
+      user = deserialize(key)
+      delete(scope) unless user
+      user
+    end
+
+    def stored?(scope)
+      !!session[key_for(scope)]
+    end
+
+    def delete(scope, user=nil)
+      session.delete(key_for(scope))
+    end
+  end # SessionSerializer
+end # Warden

data/lib/warden/strategies.rb

@@ -1,18 +1,46 @@
 # encoding: utf-8
-require 'warden/declarable'
-
 module Warden
   module Strategies
-    extend Warden::Declarable
-    
     class << self
-      def check_validity!(label, strategy)
-        return if strategy.method_defined?(:authenticate!)
-        raise NoMethodError, "authenticate! is not declared in the #{label.inspect} strategy" 
+      # Add a strategy and store it in a hash.
+      def add(label, strategy = nil, &block)
+        strategy ||= Class.new(Warden::Strategies::Base)
+        strategy.class_eval(&block) if block_given?
+
+        unless strategy.method_defined?(:authenticate!)
+          raise NoMethodError, "authenticate! is not declared in the #{label.inspect} strategy"
+        end
+
+        unless strategy.ancestors.include?(Warden::Strategies::Base)
+          raise "#{label.inspect} is not a #{base}"
+        end
+
+        _strategies[label] = strategy
+      end
+
+      # Update a previously given strategy.
+      def update(label, &block)
+        strategy = _strategies[label]
+        raise "Unknown strategy #{label.inspect}" unless strategy
+        add(label, strategy, &block)
       end
-      
-      alias :_strategies :_declarations
-    end # << self
 
+      # Provides access to strategies by label
+      # :api: public
+      def [](label)
+        _strategies[label]
+      end
+
+      # Clears all declared.
+      # :api: public
+      def clear!
+        _strategies.clear
+      end
+
+      # :api: private
+      def _strategies
+        @strategies ||= {}
+      end
+    end # << self
   end # Strategies
 end # Warden

data/lib/warden/strategies/base.rb

@@ -31,32 +31,41 @@ module Warden
       # :api: public
       attr_accessor :user, :message
 
-      #:api: private
-      attr_accessor :result, :custom_response
-
-      # Setup for redirection
       # :api: private
-      attr_reader   :_status
+      attr_accessor :result, :custom_response
 
-      # Accessor for the rack env
       # :api: public
-      attr_reader   :env, :scope
+      attr_reader :env, :scope, :status
+
       include ::Warden::Mixins::Common
 
       # :api: private
       def initialize(env, scope=nil) # :nodoc:
         @env, @scope = env, scope
-        @_status, @headers = nil, {}
-        @halted = false
+        @status, @headers = nil, {}
+        @halted, @performed = false, false
       end
 
       # The method that is called from above. This method calls the underlying authenticate! method
       # :api: private
       def _run! # :nodoc:
-        result = authenticate!
+        @performed = true
+        authenticate!
         self
       end
 
+      # Returns if this strategy was already performed.
+      # :api: private
+      def performed? #:nodoc:
+        @performed
+      end
+
+      # Marks this strategy as not performed.
+      # :api: private
+      def clear!
+        @performed = false
+      end
+
       # Acts as a guarding method for the strategy.
       # If #valid? responds false, the strategy will not be executed
       # Overwrite with your own logic
@@ -127,7 +136,7 @@ module Warden
       # :api: public
       def redirect!(url, params = {}, opts = {})
         halt!
-        @_status = opts[:permanent] ? 301 : 302
+        @status = opts[:permanent] ? 301 : 302
         headers["Location"] = url
         headers["Location"] << "?" << Rack::Utils.build_query(params) unless params.empty?
         headers["Content-Type"] = opts[:content_type] || 'text/plain'

data/lib/warden/version.rb

@@ -1,3 +1,3 @@
 module Warden
-  VERSION = "0.8.1".freeze
+  VERSION = "0.9.0".freeze
 end

data/spec/spec_helper.rb

@@ -1,9 +1,11 @@
 $TESTING=true
-require 'rubygems'
-require 'rack'
+
 $:.unshift File.join(File.dirname(__FILE__), '..', 'lib')
 require 'warden'
 
+require 'rubygems'
+require 'rack'
+
 Dir[File.join(File.dirname(__FILE__), "helpers", "**/*.rb")].each do |f|
   require f
 end

data/spec/warden/config_spec.rb

@@ -23,26 +23,11 @@ describe Warden::Config do
     @config.default_strategies.should == [:foo, :bar]
   end
 
-  it "should allow to read and set default serializers" do
-    @config.default_serializers :foo, :bar
-    @config.default_serializers.should == [:foo, :bar]
-  end
-
-  it "should ship with default serializers and strategies" do
-    @config.default_strategies.should == []
-    @config.default_serializers.should == [:session]
-  end
-
   it "should allow to silence missing strategies" do
     @config.silence_missing_strategies!
     @config.silence_missing_strategies?.should be_true
   end
 
-  it "should allow to silence missing serializers" do
-    @config.silence_missing_serializers!
-    @config.silence_missing_serializers?.should be_true
-  end
-
   it "should set the default_scope" do
     @config.default_scope.should == :default
     @config.default_scope = :foo

data/spec/warden/hooks_spec.rb

@@ -93,7 +93,7 @@ describe "standard authentication hooks" do
         RAM.after_fetch{|u,a,o| a.env['warden.spec.hook.paz'] = "run paz"}
         RAM.after_fetch{|u,a,o| o[:event].should == :fetch }
         env = env_with_params
-        setup_rack(lambda { valid_response }).call(env)
+        setup_rack(lambda { |e| valid_response }).call(env)
         env['rack.session']['warden.user.default.key'] = "Foo"
         env['warden'].user.should == "Foo"
         env['warden.spec.hook.baz'].should == 'run baz'
@@ -113,7 +113,7 @@ describe "standard authentication hooks" do
       it "should not be invoked if fetched user is nil" do
         RAM.after_fetch{|u,a,o| fail}
         env = env_with_params
-        setup_rack(lambda { valid_response }).call(env)
+        setup_rack(lambda { |e| valid_response }).call(env)
         env['rack.session']['warden.user.default.key'] = nil
         env['warden'].user.should be_nil
       end
@@ -168,7 +168,7 @@ describe "standard authentication hooks" do
       RAM._before_logout.should have(1).item
     end
 
-    it "should allow me to add multiple after_authetnication hooks" do
+    it "should allow me to add multiple after_authentication hooks" do
       RAM.before_logout{|u,a,o| "bar"}
       RAM.before_logout{|u,a,o| "baz"}
       RAM._before_logout.should have(2).items
@@ -185,7 +185,7 @@ describe "standard authentication hooks" do
       env['warden.spec.hook.ipsum'].should == 'run ipsum'
     end
 
-    it "should run before_logout hook for a socufued scope" do
+    it "should run before_logout hook for a specified scope" do
       RAM.before_logout(:scope => :scope1){|u,a,o| a.env["warden.spec.hook.a"] << :scope1 }
       RAM.before_logout(:scope => [:scope2]){|u,a,o| a.env["warden.spec.hook.b"] << :scope2 }
 

data/spec/warden/manager_spec.rb

@@ -218,15 +218,7 @@ describe Warden::Manager do
     end
   end
 
-  it "should allow me to access serializers through manager" do
-    Rack::Builder.new do
-      use Warden::Manager do |manager|
-        manager.serializers.should == Warden::Serializers
-      end
-    end
-  end
-
-  it "should allow me to access serializers through manager" do
+  it "should allow me to access strategies through manager" do
     Rack::Builder.new do
       use Warden::Manager do |manager|
         manager.strategies.should == Warden::Strategies

data/spec/warden/proxy_spec.rb

@@ -46,236 +46,219 @@ describe Warden::Proxy do
       resp.first.should == 200
     end
 
-    describe "authenticate!" do
-
-      it "should allow authentication in my application" do
-        env = env_with_params('/', :username => "fred", :password => "sekrit")
-        app = lambda do |env|
-          env['warden'].authenticate
-          env['warden'].should be_authenticated
-          env['warden.spec.strategies'].should == [:password]
-          valid_response
-        end
-        setup_rack(app).call(env)
-      end
-
-      it "should be false in my application" do
-        env = env_with_params("/", :foo => "bar")
-        app = lambda do |env|
-          env['warden'].authenticate
-          env['warden'].should_not be_authenticated
-          env['warden.spec.strategies'].should == [:password]
-          valid_response
-        end
-        setup_rack(app).call(env)
+    it "should allow authentication in my application" do
+      env = env_with_params('/', :username => "fred", :password => "sekrit")
+      app = lambda do |env|
+        env['warden'].authenticate
+        env['warden'].should be_authenticated
+        env['warden.spec.strategies'].should == [:password]
+        valid_response
       end
+      setup_rack(app).call(env)
+    end
 
-      it "should allow me to select which strategies I use in my appliction" do
-        env = env_with_params("/", :foo => "bar")
-        app = lambda do |env|
-          env['warden'].authenticate(:failz)
-          env['warden'].should_not be_authenticated
-          env['warden.spec.strategies'].should == [:failz]
-          valid_response
-        end
-        setup_rack(app).call(env)
+    it "should allow me to select which strategies I use in my appliction" do
+      env = env_with_params("/", :foo => "bar")
+      app = lambda do |env|
+        env['warden'].authenticate(:failz)
+        env['warden'].should_not be_authenticated
+        env['warden.spec.strategies'].should == [:failz]
+        valid_response
       end
+      setup_rack(app).call(env)
+    end
 
-      it "should raise error on missing strategies" do
-        env = env_with_params('/')
-        app = lambda do |env|
-          env['warden'].authenticate(:unknown)
-        end
-        lambda {
-          setup_rack(app).call(env)
-        }.should raise_error(RuntimeError, "Invalid strategy unknown")
+    it "should raise error on missing strategies" do
+      env = env_with_params('/')
+      app = lambda do |env|
+        env['warden'].authenticate(:unknown)
       end
+      lambda {
+        setup_rack(app).call(env)
+      }.should raise_error(RuntimeError, "Invalid strategy unknown")
+    end
 
-      it "should not raise error on default missing strategies if silencing" do
-        env = env_with_params('/')
-        app = lambda do |env|
-          env['warden'].authenticate
-          valid_response
-        end
-        lambda {
-          setup_rack(app, :silence_missing_strategies => true, :default_strategies => [:unknown]).call(env)
-        }.should_not raise_error
+    it "should not raise error on missing strategies if silencing" do
+      env = env_with_params('/')
+      app = lambda do |env|
+        env['warden'].authenticate
+        valid_response
       end
+      lambda {
+        setup_rack(app, :silence_missing_strategies => true, :default_strategies => [:unknown]).call(env)
+      }.should_not raise_error
+    end
 
-      it "should allow me to get access to the user at warden.user." do
-        env = env_with_params("/")
-        app = lambda do |env|
-          env['warden'].authenticate(:pass)
-          env['warden'].should be_authenticated
-          env['warden.spec.strategies'].should == [:pass]
-          valid_response
-        end
-        setup_rack(app).call(env)
+    it "should allow me to get access to the user at warden.user." do
+      env = env_with_params("/")
+      app = lambda do |env|
+        env['warden'].authenticate(:pass)
+        env['warden'].should be_authenticated
+        env['warden.spec.strategies'].should == [:pass]
+        valid_response
       end
+      setup_rack(app).call(env)
+    end
 
-      it "should properly sent the scope to the strategy" do
-        env = env_with_params("/")
-        app = lambda do |env|
-          env['warden'].authenticate!(:pass, :scope => :failz)
-          env['warden'].should_not be_authenticated
-          env['warden.spec.strategies'].should == [:pass]
-          valid_response
-        end
-        setup_rack(app).call(env)
+    it "should run strategies when authenticate? is asked" do
+      env = env_with_params("/")
+      app = lambda do |env|
+        env['warden'].should_not be_authenticated
+        env['warden'].authenticate?(:pass)
+        env['warden'].should be_authenticated
+        env['warden.spec.strategies'].should == [:pass]
+        valid_response
       end
+      setup_rack(app).call(env)
+    end
 
-      it "should try multiple authentication strategies" do
-        env = env_with_params("/")
-        app = lambda do |env|
-          env['warden'].authenticate(:password,:pass)
-          env['warden'].should be_authenticated
-          env['warden.spec.strategies'].should == [:password, :pass]
-          valid_response
-        end
-        setup_rack(app).call(env)
+    it "should properly send the scope to the strategy" do
+      env = env_with_params("/")
+      app = lambda do |env|
+        env['warden'].authenticate(:pass, :scope => :failz)
+        env['warden'].should_not be_authenticated
+        env['warden.spec.strategies'].should == [:pass]
+        valid_response
       end
+      setup_rack(app).call(env)
+    end
 
-      it "should look for an active user in the session with authenticate!" do
-        app = lambda do |env|
-          env['rack.session']["warden.user.default.key"] = "foo as a user"
-          env['warden'].authenticate!(:pass)
-          valid_response
-        end
-        env = env_with_params
-        setup_rack(app).call(env)
-        env['warden'].user.should == "foo as a user"
+    it "should try multiple authentication strategies" do
+      env = env_with_params("/")
+      app = lambda do |env|
+        env['warden'].authenticate(:password,:pass)
+        env['warden'].should be_authenticated
+        env['warden.spec.strategies'].should == [:password, :pass]
+        valid_response
       end
+      setup_rack(app).call(env)
+    end
 
-      it "should look for an active user in the session with authenticate?" do
-        app = lambda do |env|
-          env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
-          env['warden'].authenticate(:pass, :scope => :foo_scope)
-          env['warden'].authenticated?(:foo_scope)
-          valid_response
-        end
-        env = env_with_params
-        setup_rack(app).call(env)
-        env['warden'].user(:foo_scope).should == "a foo user"
+    it "should look for an active user in the session with authenticate" do
+      app = lambda do |env|
+        env['rack.session']["warden.user.default.key"] = "foo as a user"
+        env['warden'].authenticate(:pass)
+        valid_response
       end
+      env = env_with_params
+      setup_rack(app).call(env)
+      env['warden'].user.should == "foo as a user"
+    end
 
-      it "should login 2 different users from the session" do
-        app = lambda do |env|
-          env['rack.session']['warden.user.foo.key'] = 'foo user'
-          env['rack.session']['warden.user.bar.key'] = 'bar user'
-          env['warden'].authenticate(:pass, :scope => :foo)
-          env['warden'].authenticate(:pass, :scope => :bar)
-          env['warden'].authenticate(:password)
-          env['warden'].authenticated?(:foo).should == true
-          env['warden'].authenticated?(:bar).should == true
-          env['warden'].authenticated?.should be_false
-          valid_response
-        end
-        env = env_with_params
-        setup_rack(app).call(env)
-        env['warden'].user(:foo).should == 'foo user'
-        env['warden'].user(:bar).should == 'bar user'
-        env['warden'].user.should be_nil
+    it "should look for an active user in the session with authenticate?" do
+      app = lambda do |env|
+        env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
+        env['warden'].authenticate?(:pass, :scope => :foo_scope)
+        valid_response
       end
+      env = env_with_params
+      setup_rack(app).call(env)
+      env['warden'].user(:foo_scope).should == "a foo user"
+    end
 
-      it "should not be authenticated if scope cannot be retrieved from session" do
-        begin
-          Warden::Manager.serialize_from_session { |k| nil }
-          app = lambda do |env|
-            env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
-            env['warden'].authenticated?(:foo_scope)
-            valid_response
-          end
-          env = env_with_params
-          setup_rack(app).call(env)
-          env['warden'].user(:foo_scope).should be_nil
-        ensure
-          Warden::Manager.serialize_from_session { |k| k }
-        end
+    it "should look for an active user in the session with authenticate!" do
+      app = lambda do |env|
+        env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
+        env['warden'].authenticate!(:pass, :scope => :foo_scope)
+        valid_response
       end
+      env = env_with_params
+      setup_rack(app).call(env)
+      env['warden'].user(:foo_scope).should == "a foo user"
     end
-  end # describe "authentication"
 
-  describe "stored?" do
-    before(:each) do
-      @env['rack.session'] ||= {}
-      @env['rack.session']['warden.user.default.key'] = "User"
+    it "should throw an error when authenticate!" do
+      app = lambda do |env|
+        env['warden'].authenticate!(:pass, :scope => :failz)
+        raise "OMG"
+      end
+      env = env_with_params
+      setup_rack(app).call(env)
     end
 
-    it "returns true if user key is stored in session" do
+    it "should login 2 different users from the session" do
       app = lambda do |env|
-        env['warden'].stored?.should == true
+        env['rack.session']['warden.user.foo.key'] = 'foo user'
+        env['rack.session']['warden.user.bar.key'] = 'bar user'
+        env['warden'].authenticate(:pass, :scope => :foo)
+        env['warden'].authenticate(:pass, :scope => :bar)
+        env['warden'].authenticate(:password)
+        env['warden'].should be_authenticated(:foo)
+        env['warden'].should be_authenticated(:bar)
+        env['warden'].should_not be_authenticated # default scope
         valid_response
       end
-      setup_rack(app).call(@env)
+      env = env_with_params
+      setup_rack(app).call(env)
+      env['warden'].user(:foo).should == 'foo user'
+      env['warden'].user(:bar).should == 'bar user'
+      env['warden'].user.should be_nil
     end
+  end
 
-    it "returns false if user key is not stored in session" do
-      @env['rack.session'].delete("warden.user.default.key")
+  describe "authentication cache" do
+    it "should run strategies just once for a given scope" do
+      env = env_with_params("/")
       app = lambda do |env|
-        env['warden'].stored?.should  == false
+        env['warden'].authenticate(:password, :pass, :scope => :failz)
+        env['warden'].should_not be_authenticated(:failz)
+        env['warden'].authenticate(:password, :pass, :scope => :failz)
+        env['warden'].should_not be_authenticated(:failz)
+        env['warden.spec.strategies'].should == [:password, :pass]
         valid_response
       end
-      setup_rack(app).call(@env)
+      setup_rack(app).call(env)
     end
 
-    it "returns false if scope given is not stored in session" do
+    it "should run strategies for a given scope several times if cache is cleaned" do
+      env = env_with_params("/")
       app = lambda do |env|
-        env['warden'].stored?.should be_true
-        env['warden'].stored?(:another).should be_false
+        env['warden'].authenticate(:password, :pass, :scope => :failz)
+        env['warden'].clear_strategies_cache!(:scope => :failz)
+        env['warden'].authenticate(:password, :pass, :scope => :failz)
+        env['warden.spec.strategies'].should == [:password, :pass, :password, :pass]
         valid_response
       end
-      setup_rack(app).call(@env)
+      setup_rack(app).call(env)
     end
 
-    it "returns based on the given store" do
-      @env['rack.session'].delete("warden.user.default.key")
-      @env["HTTP_COOKIE"] = "warden.user.default.key=user;"
+    it "should clear the cache for a specified strategy" do
+      env = env_with_params("/")
       app = lambda do |env|
-        env['warden'].stored?(:default, :session).should be_false
-        env['warden'].stored?(:default, :cookie).should be_true
+        env['warden'].authenticate(:password, :pass, :scope => :failz)
+        env['warden'].clear_strategies_cache!(:password, :scope => :failz)
+        env['warden'].authenticate(:password, :pass, :scope => :failz)
+        env['warden.spec.strategies'].should == [:password, :pass, :password]
         valid_response
       end
-      setup_rack(app, :default_serializers => [:session, :cookie]).call(@env)
+      setup_rack(app).call(env)
     end
-  end
 
-  it "should not raise errors with missing serializers" do
-    env = env_with_params('/')
-    app = lambda do |env|
-      env['warden'].authenticate
-      env['warden'].serializers.size.should == 1
-      env['warden'].serializers.first.should be_kind_of(Warden::Serializers[:session])
-      valid_response
-    end
-    lambda {
-      setup_rack(app, :silence_missing_serializers => true, :default_serializers => [:session, :unknown]).call(env)
-    }.should_not raise_error
-  end
-
-  describe "set user" do
-    it "should store the user into the session" do
+    it "should run the strategies several times for different scopes" do
       env = env_with_params("/")
       app = lambda do |env|
-        env['warden'].authenticate(:pass)
+        env['warden'].authenticate(:password, :pass, :scope => :failz)
+        env['warden'].should_not be_authenticated(:failz)
+        env['warden'].authenticate(:password, :pass)
         env['warden'].should be_authenticated
-        env['warden'].user.should == "Valid User"
-        env['rack.session']["warden.user.default.key"].should == "Valid User"
+        env['warden.spec.strategies'].should == [:password, :pass, :password, :pass]
         valid_response
       end
       setup_rack(app).call(env)
     end
+  end
 
-    it "should store the user in all serializers" do
+  describe "set user" do
+    it "should store the user into the session" do
       env = env_with_params("/")
       app = lambda do |env|
         env['warden'].authenticate(:pass)
         env['warden'].should be_authenticated
         env['warden'].user.should == "Valid User"
+        env['rack.session']["warden.user.default.key"].should == "Valid User"
         valid_response
       end
-      setup_rack(app, :default_serializers => [:session, :cookie]).call(env)
-      headers = env['warden'].serializers.last.response.headers
-      headers['Set-Cookie'].split(";").first.should == "warden.user.default.key=Valid+User"
+      setup_rack(app).call(env)
     end
 
     it "should not store the user if the :store option is set to false" do
@@ -314,17 +297,7 @@ describe Warden::Proxy do
       setup_rack(app).call(@env)
     end
 
-    it "should load user from others serializers" do
-      @env["HTTP_COOKIE"] = "warden.user.default.key=user;"
-      app = lambda do |env|
-        env['warden'].user.should == "user"
-        valid_response
-      end
-      setup_rack(app, :default_serializers => [:session, :cookie]).call(@env)
-    end
-
     describe "previously logged in" do
-
       before(:each) do
         @env['rack.session']['warden.user.default.key'] = "A Previous User"
         @env['warden.spec.strategies'] = []
@@ -412,15 +385,6 @@ describe Warden::Proxy do
       setup_rack(app).call(@env)
     end
 
-    it "should clear the session in all serializers" do
-      @app = setup_rack(@app, :default_serializers => [:session, :cookie])
-      @env['warden.spec.which_logout'] = :default
-      @app.call(@env)
-      @env['warden'].serializers.last.should_not be_nil
-      headers = @env['warden'].serializers.last.response.headers
-      headers['Set-Cookie'].first.split(";").first.should == "warden.user.default.key="
-    end
-
     it "should clear out the session by calling reset_session! so that plugins can setup their own session clearing" do
       @env['rack.session'].should_not be_nil
       app = lambda do |e|
@@ -455,10 +419,11 @@ describe Warden::Proxy do
   end
 
   describe "when all strategies are not valid?" do
-    it "should return false for authenticated when there are no valid? strategies" do
+    it "should return false for authenticated? when there are no valid? strategies" do
      @env['rack.session'] = {}
      app = lambda do |e|
-       e['warden'].authenticated?(:invalid).should be_false
+       e['warden'].authenticate(:invalid).should be_nil
+       e['warden'].should_not be_authenticated
      end
      setup_rack(app).call(@env)
     end
@@ -471,6 +436,14 @@ describe Warden::Proxy do
       setup_rack(app).call(@env)
     end
 
+    it "should return false for authenticate? when there are no valid strategies" do
+      @env['rack.session'] = {}
+      app = lambda do |e|
+        e['warden'].authenticate?(:invalid).should be_false
+      end
+      setup_rack(app).call(@env)
+    end
+
     it "should respond with a 401 when authenticate! cannot find any valid strategies" do
       @env['rack.session'] = {}
       app = lambda do |e|
@@ -479,153 +452,167 @@ describe Warden::Proxy do
       result = setup_rack(app).call(@env)
       result.first.should == 401
     end
+  end
 
-    describe "authenticated?" do
-      describe "positive authentication" do
-        before do
-          @env['rack.session'] = {'warden.user.default.key' => 'defult_key'}
-          $captures = []
-        end
+  describe "authenticated?" do
+    describe "positive authentication" do
+      before do
+        @env['rack.session'] = {'warden.user.default.key' => 'defult_key'}
+        $captures = []
+      end
 
-        it "should return true when authenticated in the session" do
-          app = lambda do |e|
-            e['warden'].should be_authenticated
-          end
-          result = setup_rack(app).call(@env)
+      it "should return true when authenticated in the session" do
+        app = lambda do |e|
+          e['warden'].should be_authenticated
         end
+        result = setup_rack(app).call(@env)
+      end
 
-        it "should yield to a block when the block is passed and authenticated" do
-          app = lambda do |e|
-            e['warden'].authenticated? do
-              $captures << :in_the_block
-            end
+      it "should yield to a block when the block is passed and authenticated" do
+        app = lambda do |e|
+          e['warden'].authenticated? do
+            $captures << :in_the_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == [:in_the_block]
         end
+        setup_rack(app).call(@env)
+        $captures.should == [:in_the_block]
+      end
 
-        it "should authenticate for a user in a different scope" do
-          @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'}
-          app = lambda do |e|
-            e['warden'].authenticated?(:foo) do
-              $captures << :in_the_foo_block
-            end
+      it "should authenticate for a user in a different scope" do
+        @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'}
+        app = lambda do |e|
+          e['warden'].authenticated?(:foo) do
+            $captures << :in_the_foo_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == [:in_the_foo_block]
         end
+        setup_rack(app).call(@env)
+        $captures.should == [:in_the_foo_block]
+      end
+    end
+
+    describe "negative authentication" do
+      before do
+        @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'}
+        $captures = []
       end
 
-      describe "negative authentication" do
-        before do
-          @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'}
-          $captures = []
+      it "should return false when authenticated in the session" do
+        app = lambda do |e|
+          e['warden'].should_not be_authenticated
         end
+        result = setup_rack(app).call(@env)
+      end
 
-        it "should return false when authenticated in the session" do
-          app = lambda do |e|
-            e['warden'].should_not be_authenticated
+      it "should return false if scope cannot be retrieved from session" do
+        begin
+          Warden::Manager.serialize_from_session { |k| nil }
+          app = lambda do |env|
+            env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
+            env['warden'].authenticated?(:foo_scope)
+            valid_response
           end
-          result = setup_rack(app).call(@env)
+          env = env_with_params
+          setup_rack(app).call(env)
+          env['warden'].user(:foo_scope).should be_nil
+        ensure
+          Warden::Manager.serialize_from_session { |k| k }
         end
+      end
 
-        it "should not yield to a block when the block is passed and authenticated" do
-          app = lambda do |e|
-            e['warden'].authenticated? do
-              $captures << :in_the_block
-            end
+      it "should not yield to a block when the block is passed and authenticated" do
+        app = lambda do |e|
+          e['warden'].authenticated? do
+            $captures << :in_the_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == []
         end
+        setup_rack(app).call(@env)
+        $captures.should == []
+      end
 
-        it "should not yield for a user in a different scope" do
-          app = lambda do |e|
-            e['warden'].authenticated?(:bar) do
-              $captures << :in_the_bar_block
-            end
+      it "should not yield for a user in a different scope" do
+        app = lambda do |e|
+          e['warden'].authenticated?(:bar) do
+            $captures << :in_the_bar_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == []
         end
+        setup_rack(app).call(@env)
+        $captures.should == []
       end
     end
+  end
 
+  describe "unauthenticated?" do
+    describe "negative unauthentication" do
+      before do
+        @env['rack.session'] = {'warden.user.default.key' => 'defult_key'}
+        $captures = []
+      end
 
-    describe "unauthenticated?" do
-      describe "negative unauthentication" do
-        before do
-          @env['rack.session'] = {'warden.user.default.key' => 'defult_key'}
-          $captures = []
-        end
-
-        it "should return false when authenticated in the session" do
-          app = lambda do |e|
-            e['warden'].should_not be_unauthenticated
-          end
-          result = setup_rack(app).call(@env)
+      it "should return false when authenticated in the session" do
+        app = lambda do |e|
+          e['warden'].should_not be_unauthenticated
         end
+        result = setup_rack(app).call(@env)
+      end
 
-        it "should not yield to a block when the block is passed and authenticated" do
-          app = lambda do |e|
-            e['warden'].unauthenticated? do
-              $captures << :in_the_block
-            end
+      it "should not yield to a block when the block is passed and authenticated" do
+        app = lambda do |e|
+          e['warden'].unauthenticated? do
+            $captures << :in_the_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == []
         end
+        setup_rack(app).call(@env)
+        $captures.should == []
+      end
 
-        it "should not yield to the block for a user in a different scope" do
-          @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'}
-          app = lambda do |e|
-            e['warden'].unauthenticated?(:foo) do
-              $captures << :in_the_foo_block
-            end
+      it "should not yield to the block for a user in a different scope" do
+        @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'}
+        app = lambda do |e|
+          e['warden'].unauthenticated?(:foo) do
+            $captures << :in_the_foo_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == []
         end
+        setup_rack(app).call(@env)
+        $captures.should == []
       end
+    end
 
-      describe "positive unauthentication" do
-        before do
-          @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'}
-          $captures = []
-        end
+    describe "positive unauthentication" do
+      before do
+        @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'}
+        $captures = []
+      end
 
-        it "should return false when unauthenticated in the session" do
-          app = lambda do |e|
-            e['warden'].should be_unauthenticated
-          end
-          result = setup_rack(app).call(@env)
+      it "should return false when unauthenticated in the session" do
+        app = lambda do |e|
+          e['warden'].should be_unauthenticated
         end
+        result = setup_rack(app).call(@env)
+      end
 
-        it "should yield to a block when the block is passed and authenticated" do
-          app = lambda do |e|
-            e['warden'].unauthenticated? do
-              $captures << :in_the_block
-            end
+      it "should yield to a block when the block is passed and authenticated" do
+        app = lambda do |e|
+          e['warden'].unauthenticated? do
+            $captures << :in_the_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == [:in_the_block]
         end
+        setup_rack(app).call(@env)
+        $captures.should == [:in_the_block]
+      end
 
-        it "should yield for a user in a different scope" do
-          app = lambda do |e|
-            e['warden'].unauthenticated?(:bar) do
-              $captures << :in_the_bar_block
-            end
+      it "should yield for a user in a different scope" do
+        app = lambda do |e|
+          e['warden'].unauthenticated?(:bar) do
+            $captures << :in_the_bar_block
           end
-          setup_rack(app).call(@env)
-          $captures.should == [:in_the_bar_block]
         end
+        setup_rack(app).call(@env)
+        $captures.should == [:in_the_bar_block]
       end
     end
   end
 
   describe "attributes" do
-
     def def_app(&blk)
       @app = setup_rack(blk)
     end