warden 1.2.3 → 1.2.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 98bbb4bde4e4b1168fd883823a9e63f81cb6be40c117d92fd461299f4de0f86a
+  data.tar.gz: 03ac0df2de9c151a6f5387700141248be127a82177d21da1f1fc2d00db10bc64
+SHA512:
+  metadata.gz: 5d8d0d43d9f1a28d12ca7044608e175b08444a46c81c42a6c1ad351d517e45919a653005522c576bd4fe4d8de1d3b2472c52c5b524b32606bb2e69d82a533a33
+  data.tar.gz: 044152b6566f94d9bcdcd4fda5297decb19ed5146adaaee3bdd07b154d9b1e3b9d840c8da21b110add36f8f856f1879cf2547e12298f710b75c734269c86daff

data/.gitignore

@@ -0,0 +1,5 @@
+.DS_Store
+pkg
+.*~
+
+*.gem

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+install:
+  - bundle install
+rvm:
+  - 2.2
+  - 2.3
+  - 2.4.2

data/{History.rdoc → CHANGELOG.md}

@@ -1,3 +1,18 @@
+== Version 1.2.8 / 2018-11-15
+* Bugfix: Flips two lines to allow scopes authenticating from another without stepping on each other's toes. (PR #144)
+* Update `rack` dependency to >= 2.0.6 due to security vulnerability
+* Internal: Add Rubocop Lint checking
+* Internal: Update RSpec to use `.rspec` file
+
+== Version 1.2.7 / 2016-10-12
+* Added 'frozen_string_literal' comment, bump ruby to 2.3
+
+== Version 1.2.6 / 2016-01-31
+* Separate test helpers to encapsulate Warden object mocking inside it's own class
+
+== Version 1.2.5 / 2016-01-28
+* Expands on the test helpers available to make it easier for testing gems
+
 == Version 1.2.3 / 2013-07-14
 * Fix an issue with lazy loaded sessions
 
@@ -128,7 +143,7 @@
 
 === Version 0.5.1 / 2009-10-25
 * enhancements
-  * Adds yeilding to authenticated? and unauthenticated? methods (hassox)
+  * Adds yielding to authenticated? and unauthenticated? methods (hassox)
   * Adds an option to silence missing strategies (josevalim)
   * Add an option to authenticate(!) to prevent storage of a user into the session (hassox)
   * allow custom :action to be thrown (josevalim)
@@ -146,5 +161,3 @@
 
 * enhancements
   * add a hook for plugins to specify how they can clear the whole section
-
-

data/Gemfile

@@ -1,11 +1,12 @@
+# frozen_string_literal: true
 source 'https://rubygems.org'
 
 gemspec
 
 gem 'rake'
-gem 'rack', '1.3'
+gem 'rack', '>= 2.0.6'
 
 group :test do
-  gem 'rspec', '~>2'
+  gem 'rspec', '~>3'
   gem 'rack-test'
 end

data/Gemfile.lock

@@ -0,0 +1,40 @@
+PATH
+  remote: .
+  specs:
+    warden (1.2.8)
+      rack (>= 2.0.6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.3)
+    rack (2.0.6)
+    rack-test (0.7.0)
+      rack (>= 1.0, < 3)
+    rake (12.1.0)
+    rspec (3.6.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+    rspec-core (3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-expectations (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-mocks (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-support (3.6.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rack (>= 2.0.6)
+  rack-test
+  rake
+  rspec (~> 3)
+  warden!
+
+BUNDLED WITH
+   1.17.1

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2009 Daniel Neighman
+Copyright (c) 2009-2017 Daniel Neighman
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -0,0 +1,18 @@
+# Warden
+
+## Getting Started
+
+Please see the [Warden Wiki](https://wiki.github.com/hassox/warden) for overview documentation.
+
+## Maintainers
+
+* Daniel Neighman (hassox)
+* José Valim (josevalim)
+* Justin Smestad (jsmestad)
+* Whitney Smestad (whithub)
+
+[A list of all contributors is available on Github.](https://github.com/hassox/warden/contributors)
+
+## LICENSE
+
+See `LICENSE` file.

data/Rakefile

@@ -1,12 +1,8 @@
 # -*- encoding: utf-8 -*-
-require 'rubygems'
-require 'rake'
-$:.unshift  File.join(File.dirname(__FILE__), "lib")
+# frozen_string_literal: true
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
 
-require 'rspec/core'
-require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
 
 task :default => :spec
-
-desc "Run all specs in spec directory"
-RSpec::Core::RakeTask.new(:spec)

data/lib/warden/config.rb

@@ -1,9 +1,9 @@
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
-  # This is a class which is yielded on use Warden::Manager. If you have a plugin
-  # and wants to add more configuration to warden, you just need to extend this
-  # class.
+  # This class is yielded inside Warden::Manager. If you have a plugin and want to
+  # add more configuration to warden, you just need to extend this class.
   class Config < Hash
     # Creates an accessor that simply sets and reads a key in the hash:
     #

data/lib/warden/errors.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   class Proxy
     # Lifted from DataMapper's dm-validations plugin :)
@@ -38,7 +39,7 @@ module Warden
       end
 
       def each
-        errors.map.each do |k,v|
+        errors.map.each do |_k,v|
           next if blank?(v)
           yield(v)
         end

data/lib/warden/hooks.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Hooks
 
@@ -18,21 +19,21 @@ module Warden
     # A callback hook set to run every time after a user is set.
     # This callback is triggered the first time one of those three events happens
     # during a request: :authentication, :fetch (from session) and :set_user (when manually set).
-    # You can supply as many hooks as you like, and they will be run in order of decleration.
+    # You can supply as many hooks as you like, and they will be run in order of declaration.
     #
     # If you want to run the callbacks for a given scope and/or event, you can specify them as options.
     # See parameters and example below.
     #
     # Parameters:
     # <options> Some options which specify when the callback should be executed
-    #   scope  - Executes the callback only if it maches the scope(s) given
+    #   scope  - Executes the callback only if it matches the scope(s) given
     #   only   - Executes the callback only if it matches the event(s) given
     #   except - Executes the callback except if it matches the event(s) given
     # <block> A block where you can set arbitrary logic to run every time a user is set
     #   Block Parameters: |user, auth, opts|
     #     user - The user object that is being set
     #     auth - The raw authentication proxy object.
-    #     opts - any options passed into the set_user call includeing :scope
+    #     opts - any options passed into the set_user call including :scope
     #
     # Example:
     #   Warden::Manager.after_set_user do |user,auth,opts|
@@ -77,7 +78,7 @@ module Warden
     end
 
     # after_fetch is just a wrapper to after_set_user, which is only invoked
-    # when the user is fetched from sesion. The options and yielded arguments
+    # when the user is fetched from session. The options and yielded arguments
     # are the same as in after_set_user.
     #
     # :api: public
@@ -85,18 +86,18 @@ module Warden
       after_set_user(options.merge(:event => :fetch), method, &block)
     end
 
-    # A callback that runs just prior to the failur application being called.
+    # A callback that runs just prior to the failure application being called.
     # This callback occurs after PATH_INFO has been modified for the failure (default /unauthenticated)
     # In this callback you can mutate the environment as required by the failure application
     # If a Rails controller were used for the failure_app for example, you would need to set request[:params][:action] = :unauthenticated
     #
     # Parameters:
     # <options> Some options which specify when the callback should be executed
-    #   scope  - Executes the callback only if it maches the scope(s) given
+    #   scope  - Executes the callback only if it matches the scope(s) given
     # <block> A block to contain logic for the callback
     #   Block Parameters: |env, opts|
     #     env - The rack env hash
-    #     opts - any options passed into the authenticate call includeing :scope
+    #     opts - any options passed into the authenticate call including :scope
     #
     # Example:
     #   Warden::Manager.before_failure do |env, opts|
@@ -121,7 +122,7 @@ module Warden
     #
     # Parameters:
     # <options> Some options which specify when the callback should be executed
-    #   scope  - Executes the callback only if it maches the scope(s) given
+    #   scope  - Executes the callback only if it matches the scope(s) given
     # <block> A block to contain logic for the callback
     #   Block Parameters: |user, auth, scope|
     #     user - The authenticated user for the current scope
@@ -149,7 +150,7 @@ module Warden
     #
     # Parameters:
     # <options> Some options which specify when the callback should be executed
-    #   scope  - Executes the callback only if it maches the scope(s) given
+    #   scope  - Executes the callback only if it matches the scope(s) given
     # <block> A block to contain logic for the callback
     #   Block Parameters: |user, auth, scope|
     #     user - The authenticated user for the current scope

data/lib/warden/manager.rb

@@ -1,10 +1,11 @@
 # encoding: utf-8
+# frozen_string_literal: true
 require 'warden/hooks'
 require 'warden/config'
 
 module Warden
   # The middleware for Rack Authentication
-  # The middlware requires that there is a session upstream
+  # The middleware requires that there is a session upstream
   # The middleware injects an authentication object into
   # the rack environment hash
   class Manager
@@ -19,9 +20,8 @@ module Warden
       default_strategies = options.delete(:default_strategies)
 
       @app, @config = app, Warden::Config.new(options)
-      @config.default_strategies *default_strategies if default_strategies
+      @config.default_strategies(*default_strategies) if default_strategies
       yield @config if block_given?
-      self
     end
 
     # Invoke the application guarding for throw :warden.
@@ -32,19 +32,18 @@ module Warden
 
       env['warden'] = Proxy.new(env, self)
       result = catch(:warden) do
+        env['warden'].on_request
         @app.call(env)
       end
 
       result ||= {}
       case result
       when Array
-        if result.first == 401 && intercept_401?(env)
-          process_unauthenticated(env)
-        else
-          result
-        end
+        handle_chain_result(result.first, result, env)
       when Hash
         process_unauthenticated(env, result)
+      when Rack::Response
+        handle_chain_result(result.status, result, env)
       end
     end
 
@@ -72,8 +71,8 @@ module Warden
         Warden::SessionSerializer.send :define_method, method_name, &block
       end
 
-      # Reconstitues the user from the session.
-      # Use the results of user_session_key to reconstitue the user from the session on requests after the initial login
+      # Reconstitutes the user from the session.
+      # Use the results of user_session_key to reconstitute the user from the session on requests after the initial login
       # You can supply different methods of de-serialization for different scopes by passing a scope symbol
       #
       # Example:
@@ -84,12 +83,25 @@ module Warden
       # :api: public
       def serialize_from_session(scope = nil, &block)
         method_name = scope.nil? ? :deserialize : "#{scope}_deserialize"
+
+        if Warden::SessionSerializer.method_defined? method_name
+          Warden::SessionSerializer.send :remove_method, method_name
+        end
+
         Warden::SessionSerializer.send :define_method, method_name, &block
       end
     end
 
   private
 
+    def handle_chain_result(status, result, env)
+      if status == 401 && intercept_401?(env)
+        process_unauthenticated(env)
+      else
+        result
+      end
+    end
+
     def intercept_401?(env)
       config[:intercept_401] && !env['warden'].custom_failure?
     end
@@ -113,6 +125,7 @@ module Warden
       when :custom
         proxy.custom_response
       else
+        options[:message] ||= proxy.message
         call_failure_app(env, options)
       end
     end

data/lib/warden/mixins/common.rb

@@ -1,9 +1,10 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Mixins
     module Common
 
-      # Convinience method to access the session
+      # Convenience method to access the session
       # :api: public
       def session
         env['rack.session']

data/lib/warden/proxy.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
   class UserNotSet < RuntimeError; end
@@ -28,6 +29,11 @@ module Warden
       @env, @users, @winning_strategies, @locked = env, {}, {}, false
       @manager, @config = manager, manager.config.dup
       @strategies = Hash.new { |h,k| h[k] = {} }
+    end
+
+    # Run the on_request callbacks
+    # :api: private
+    def on_request
       manager._run_callbacks(:on_request, self)
     end
 
@@ -69,7 +75,7 @@ module Warden
     #
     # :api: public
     def clear_strategies_cache!(*args)
-      scope, opts = _retrieve_scope_and_opts(args)
+      scope, _opts = _retrieve_scope_and_opts(args)
 
       @winning_strategies.delete(scope)
       @strategies[scope].each do |k, v|
@@ -87,7 +93,7 @@ module Warden
       @locked = true
     end
 
-    # Run the authentiation strategies for the given strategies.
+    # Run the authentication strategies for the given strategies.
     # If there is already a user logged in for a given scope, the strategies are not run
     # This does not halt the flow of control and is a passive attempt to authenticate only
     # When scope is not specified, the default_scope is assumed.
@@ -101,7 +107,7 @@ module Warden
     #
     # :api: public
     def authenticate(*args)
-      user, opts = _perform_authentication(*args)
+      user, _opts = _perform_authentication(*args)
       user
     end
 
@@ -171,7 +177,13 @@ module Warden
 
       if opts[:store] != false && opts[:event] != :fetch
         options = env[ENV_SESSION_OPTIONS]
-        options[:renew] = true if options
+        if options
+          if options.frozen?
+            env[ENV_SESSION_OPTIONS] = options.merge(:renew => true).freeze
+          else
+            options[:renew] = true
+          end
+        end
         session_serializer.store(user, scope)
       end
 
@@ -181,7 +193,7 @@ module Warden
       @users[scope]
     end
 
-    # Provides acccess to the user object in a given scope for a request.
+    # Provides access to the user object in a given scope for a request.
     # Will be nil if not logged in. Please notice that this method does not
     # perform strategies.
     #
@@ -280,7 +292,7 @@ module Warden
       winning_strategy && winning_strategy.message
     end
 
-    # Provides a way to return a 401 without warden defering to the failure app
+    # Provides a way to return a 401 without warden deferring to the failure app
     # The result is a direct passthrough of your own response
     # :api: public
     def custom_failure!
@@ -290,7 +302,11 @@ module Warden
     # Check to see if the custom failure flag has been set
     # :api: public
     def custom_failure?
-      !!@custom_failure
+      if instance_variable_defined?(:@custom_failure)
+        !!@custom_failure
+      else
+        false
+      end
     end
 
     # Check to see if this is an asset request
@@ -314,11 +330,11 @@ module Warden
       user = nil
 
       # Look for an existing user in the session for this scope.
-      # If there was no user in the session. See if we can get one from the request.
+      # If there was no user in the session, see if we can get one from the request.
       return user, opts if user = user(opts.merge(:scope => scope))
       _run_strategies_for(scope, args)
 
-      if winning_strategy && winning_strategy.user
+      if winning_strategy && winning_strategy.successful?
         opts[:store] = opts.fetch(:store, winning_strategy.store?)
         set_user(winning_strategy.user, opts.merge!(:event => :authentication))
       end
@@ -350,13 +366,13 @@ module Warden
         strategy = _fetch_strategy(name, scope)
         next unless strategy && !strategy.performed? && strategy.valid?
 
-        self.winning_strategy = @winning_strategies[scope] = strategy
         strategy._run!
+        self.winning_strategy = @winning_strategies[scope] = strategy
         break if strategy.halted?
       end
     end
 
-    # Fetchs strategies and keep them in a hash cache.
+    # Fetches strategies and keep them in a hash cache.
     def _fetch_strategy(name, scope)
       @strategies[scope][name] ||= if klass = Warden::Strategies[name]
         klass.new(@env, scope)

data/lib/warden/session_serializer.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   class SessionSerializer
     attr_reader :env

data/lib/warden/strategies/base.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Strategies
     # A strategy is a place where you can put logic related to authentication. Any strategy inherits
@@ -9,11 +10,11 @@ module Warden
     # You _may_ provide a @valid?@ method.
     # The valid method should return true or false depending on if the strategy is a valid one for the request.
     #
-    # The parameters for Warden::Strategies.add method is:
+    # The parameters for Warden::Strategies.add method are:
     #   <label: Symbol> The label is the name given to a strategy.  Use the label to refer to the strategy when authenticating
-    #   <strategy: Class|nil> The optional stragtegy argument if set _must_ be a class that inherits from Warden::Strategies::Base and _must_
+    #   <strategy: Class|nil> The optional strategy argument if set _must_ be a class that inherits from Warden::Strategies::Base and _must_
     #                         implement an @authenticate!@ method
-    #   <block> The block acts as a convinient way to declare your strategy.  Inside is the class definition of a strategy.
+    #   <block> The block acts as a convenient way to declare your strategy.  Inside is the class definition of a strategy.
     #
     # Examples:
     #
@@ -108,8 +109,13 @@ module Warden
       # :api: public
       def pass; end
 
+      # Returns true only if the result is a success and a user was assigned.
+      def successful?
+        @result == :success && !user.nil?
+      end
+
       # Whenever you want to provide a user object as "authenticated" use the +success!+ method.
-      # This will halt the strategy, and set the user in the approprieate scope.
+      # This will halt the strategy, and set the user in the appropriate scope.
       # It is the "login" method
       #
       # Parameters:
@@ -133,7 +139,7 @@ module Warden
         @result = :failure
       end
 
-      # Casuses the strategy to fail, but not halt.  The strategies will cascade after this failure and warden will check the next strategy.  The last strategy to fail will have it's message displayed.
+      # Causes the strategy to fail, but not halt.  The strategies will cascade after this failure and warden will check the next strategy.  The last strategy to fail will have it's message displayed.
       # :api: public
       def fail(message = "Failed to Login")
         @message = message
@@ -144,15 +150,15 @@ module Warden
       #
       # Parameters:
       #  url <String> - The string representing the URL to be redirected to
-      #  pararms <Hash> - Any parameters to encode into the URL
-      #  opts <Hash> - Any options to recirect with.
+      #  params <Hash> - Any parameters to encode into the URL
+      #  opts <Hash> - Any options to redirect with.
       #    available options: permanent => (true || false)
       #
       # :api: public
       def redirect!(url, params = {}, opts = {})
         halt!
         @status = opts[:permanent] ? 301 : 302
-        headers["Location"] = url
+        headers["Location"] = url.dup
         headers["Location"] << "?" << Rack::Utils.build_query(params) unless params.empty?
         headers["Content-Type"] = opts[:content_type] || 'text/plain'
 

data/lib/warden/strategies.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Strategies
     class << self

data/lib/warden/test/helpers.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
   module Test
@@ -6,11 +7,11 @@ module Warden
     # These provide the ability to login and logout on any given request
     # Note: During the teardown phase of your specs you should include: Warden.test_reset!
     module Helpers
-      def self.included(base)
+      def self.included(_base)
         ::Warden.test_mode!
       end
 
-      # A helper method that will peform a login of a user in warden for the next request
+      # A helper method that will perform a login of a user in warden for the next request.
       # Provide it the same options as you would to Warden::Proxy#set_user
       # @see Warden::Proxy#set_user
       # @api public

data/lib/warden/test/mock.rb

@@ -0,0 +1,69 @@
+# encoding: utf-8
+# frozen_string_literal: true
+
+require 'rack'
+
+module Warden
+  module Test
+    # A mock of an application to get a Warden object to test on
+    # Note: During the teardown phase of your specs you should include: Warden.test_reset!
+    module Mock
+      def self.included(_base)
+        ::Warden.test_mode!
+      end
+
+      # A helper method that provides the warden object by mocking the env variable.
+      # @api public
+      def warden
+        @warden ||= begin
+          env['warden']
+        end
+      end
+
+      private
+
+      def env
+        @env ||= begin
+          request = Rack::MockRequest.env_for(
+            "/?#{Rack::Utils.build_query({})}",
+            { 'HTTP_VERSION' => '1.1', 'REQUEST_METHOD' => 'GET' }
+          )
+          app.call(request)
+
+          request
+        end
+      end
+
+      def app
+        @app ||= begin
+          opts = {
+            failure_app: lambda { |_e|
+              [401, { 'Content-Type' => 'text/plain' }, ['You Fail!']]
+            },
+            default_strategies: :password,
+            default_serializers: :session
+          }
+          Rack::Builder.new do
+            use Warden::Test::Mock::Session
+            use Warden::Manager, opts, &proc {}
+            run lambda { |_e|
+              [200, { 'Content-Type' => 'text/plain' }, ['You Win']]
+            }
+          end
+        end
+      end
+
+      class Session
+        attr_accessor :app
+        def initialize(app, _configs={})
+          @app = app
+        end
+
+        def call(e)
+          e['rack.session'] ||= {}
+          @app.call(e)
+        end
+      end # session
+    end
+  end
+end

data/lib/warden/test/warden_helpers.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
 
@@ -32,7 +33,7 @@ module Warden
         _on_next_request.clear
       end
 
-      # A containter for the on_next_request items.
+      # A container for the on_next_request items.
       # @api private
       def _on_next_request
         @_on_next_request ||= []