warden 1.2.6 → 1.2.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 4d3845a89eca007240194b1aef074f91c8d729c8
-  data.tar.gz: 380d5b071552bc8e36628dd790f08da17ea77ff5
+SHA256:
+  metadata.gz: b7e6c341f27479e6f36339e5d2c211277b4c0e664c960827c2044dd36b5c1c23
+  data.tar.gz: 62e22ba4d81a887444d60ff033c7a6b0a0a8e723771d15cee045ee83baece801
 SHA512:
-  metadata.gz: f293bc8c35385e59c260c3b32d3c15cff84849a76632ed81947a80a82c3ec25d459136c672df735dd2289b6dc38e73ea2f19346bff4aa564128ff9f1f9a8af96
-  data.tar.gz: f6a8f255f1e8e1d70ea810bd1c8410a16e330904dde200c8f5f507403e5300e4824c0e340102767a1032c673c991bd56e5459934dc32755ab1c19991d18ba76d
+  metadata.gz: a6b602f560ebc6f04848c0c7e2d9017af8bf55c6cd6e6fec978e28e0463960761eaf488fabdba1b14d78bcf16e352a97d9b95b361142c3a4c14672517ca9e5b5
+  data.tar.gz: 9a6397e9d84063c8f7cf221c878b0657151a0cf01a6f98172b2ca0dfd1d5e7eddf7da9ce616f550928f5f14dcb073553379add7a006acc875fb162a7ce2a8210

data/.github/workflows/ruby.yml

@@ -0,0 +1,27 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Tests
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '2.5', '2.6', '2.7' ]
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+pkg
+.*~
+
+*.gem
+Gemfile.lock

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--format documentation
+--color

data/{History.rdoc → CHANGELOG.md}

@@ -1,77 +1,114 @@
-== Version 1.2.6 / 2016-01-31
+# CHANGELOG
+
+## Version 1.2.9 / 2020-08-31
+* Avoid warning on uninitialized instance variable (#188)
+* Bump rack to 2.2.3 (#190)
+* Remove Gemfile.lock
+* Resolve outstanding TODO entries (#179)
+* A bunch of gem structure cleanup (thanks @olleolleolle)
+* Set winning strategy when :warden is thrown (#174)
+* Bump rack dependency to >= 2.0.9 due to CVEs
+
+## Version 1.2.8 / 2018-11-15
+
+* Bugfix: Flips two lines to allow scopes authenticating from another without stepping on each other's toes. (PR #144)
+* Update `rack` dependency to >= 2.0.6 due to security vulnerability
+* Internal: Add Rubocop Lint checking
+* Internal: Update RSpec to use `.rspec` file
+
+## Version 1.2.7 / 2016-10-12
+
+* Added 'frozen_string_literal' comment, bump ruby to 2.3
+
+## Version 1.2.6 / 2016-01-31
+
 * Separate test helpers to encapsulate Warden object mocking inside it's own class
 
-== Version 1.2.5 / 2016-01-28
+## Version 1.2.5 / 2016-01-28
+
 * Expands on the test helpers available to make it easier for testing gems
 
-== Version 1.2.3 / 2013-07-14
+## Version 1.2.3 / 2013-07-14
+
 * Fix an issue with lazy loaded sessions
 
-== Version 1.2.2 / 2013-07-12
+## Version 1.2.2 / 2013-07-12
+
 * Support nil session stores on logout
 * Fix strategies blowing up with undefined method base
 
-== Version 1.2.1 / 2012-06-16
+## Version 1.2.1 / 2012-06-16
+
 * Minor caching and speed improvements
 * Add support to #lock in the proxy
 * Add support to after_failed_fetch callback
 
-== Version 1.2.0 / 2012-05-08
+## Version 1.2.0 / 2012-05-08
+
 * Deprecate warden_cookies since it was never functional
 * Add support to serialize_from_session and serialize_into_session per scope
 
-== Version 1.1.1 / 2012-02-16
+## Version 1.1.1 / 2012-02-16
+
 * Allow run_callbacks as an option to set_user and user
 
-== Version 1.1.0 / 2011-11-02
+## Version 1.1.0 / 2011-11-02
+
 * Use the default scopes action when using a bare throw(:warden)
 
-== Version 1.0.6
+## Version 1.0.6
+
 * Remove gem files from the packaged gem
 
-== Version 1.0.3
+## Version 1.0.3
+
 * Do not renew session on user fetch
 
-== Version 1.0.2
+## Version 1.0.2
+
 * Added :intercept_401 to Warden::Config
 
-== Version 1.0.1
+## Version 1.0.1
+
 * Bug fix on strategies errors handler
 
-== Version 1.0.0
+## Version 1.0.0
+
 * Bump!
 * Allow strategies to configure if user should be stored or not
 * Force session id renewal when user is set
 
-== Version 0.10.7
+## Version 0.10.7
+
 * Performance boost. config object to use raw accessors
 * Add per strategy storage option
 
-== Version 0.10.6 / 0.10.7 / 2010-05-22
+## Version 0.10.6 / 0.10.7 / 2010-05-22
+
 * Bugfix set_user was not respecting logouts in hooks
 
-== Version 0.10.4 / 0.10.5 / 2010-05-20
+## Version 0.10.4 / 0.10.5 / 2010-05-20
 * Add action specifying in scope_defaults
 
-== Version 0.10.3 / 2010-03-01
+## Version 0.10.3 / 2010-03-01
 * Bugfix prevent halted winning strategy from being skipped in subsequent runs
 
-== Version 0.10.2 / 2010-03-26
+## Version 0.10.2 / 2010-03-26
 * Halt on fail!.  Add fail to allow cascading
 * cache the winning strategy
 * Make the config object Dupable
 
-== Version 0.10.1 / 2010-03-23
+## Version 0.10.1 / 2010-03-23
 * Merge previous from master
 * tag
 
-== Version 0.10.0 / 2010-03-22
+## Version 0.10.0 / 2010-03-22
 * Allow default strategies to be set on the proxy
 * Provide each scope with it's own default strategies
 * Provide each scope with default set_user opts
 * depricate the Proxy#default_strategies= method
 
-== Version 0.9.5 / 2010-02-28
+## Version 0.9.5 / 2010-02-28
 
 * Add Warden.test_mode!
 * Add Warden.on_next_request
@@ -79,42 +116,42 @@
 ** login_as
 ** logout
 
-== Version 0.9.4 / 2010-02-23
+## Version 0.9.4 / 2010-02-23
 
 * Fix an issue where winning_strategy was not cleaned, allowing multiple scopes to sign in, even when the second one should not
 
-== Version 0.9.3 / 2010-02-17
+## Version 0.9.3 / 2010-02-17
 
 * Add prepend_ to all hooks (josevalim)
 
-== Version 0.9.2 / 2010-02-10
+## Version 0.9.2 / 2010-02-10
 
 * Ruby 1.9 compatibility changes (grimen)
 
-== Version 0.9.1 / 2010-02-09
+## Version 0.9.1 / 2010-02-09
 
 * Support for passing a custom message with Warden::Strategy::Base#success! as second optional (grimen)
 
-== Version 0.9.0 / 2010-01-21
+## Version 0.9.0 / 2010-01-21
 
 * Remove serializers and make strategies more powerful, including cache behavior (josevalim)
 
-== Version 0.8.1 / 2010-01-06
+## Version 0.8.1 / 2010-01-06
 
 * Fix a bug when silence missing serializers is set (josevalim)
 
-== Version 0.8.0 / 2010-01-06
+## Version 0.8.0 / 2010-01-06
 
 * enhancements
   * Add conditionals to callbacks (josevalim)
   * Extract Warden::Config from Warden::Manager (josevalim)
 
-== Version 0.7.0 / 2010-01-04
+## Version 0.7.0 / 2010-01-04
 
 * enhancements
   * Expose config in warden proxy (hassox)
 
-== Version 0.6.0 / 2009-11-16
+## Version 0.6.0 / 2009-11-16
 
 * enhancements
   * added serializers, including session serializer (set by default) and a cookie serializer (josevalim)
@@ -122,24 +159,27 @@
 * deprecation
   * serializer_into_session and serializer_from_session are deprecated, overwrite serialize and deserializer in Warden::Serializers::Session instead (josevalim)
 
-== Version 0.5.3 / 2009-11-10
+## Version 0.5.3 / 2009-11-10
+
 * bug fixes
   * authenticated? and unauthenticated? should return true or false, not the user or false. (hassox)
 
-== Version 0.5.2 / 2009-11-09
+## Version 0.5.2 / 2009-11-09
+
 * enhancements
   * authenticated? always try to serialize the user from session (josevalim)
   * stored_in_session? checks if user information is stored in session, without serializing (josevalim)
   * 401 behaves exactly like throw :warden (staugaard)
 
-=== Version 0.5.1 / 2009-10-25
+## Version 0.5.1 / 2009-10-25
+
 * enhancements
-  * Adds yeilding to authenticated? and unauthenticated? methods (hassox)
+  * Adds yielding to authenticated? and unauthenticated? methods (hassox)
   * Adds an option to silence missing strategies (josevalim)
   * Add an option to authenticate(!) to prevent storage of a user into the session (hassox)
   * allow custom :action to be thrown (josevalim)
 
-=== Version 0.4.0 / 2009-10-12
+## Version 0.4.0 / 2009-10-12
 
 * enhancements
   * add Content-Type header to redirects (staugaard)
@@ -148,9 +188,7 @@
 * bug fixes
   * Do not consume opts twice, otherwise just the first will parse the scope (josevalim)
 
-=== Version 0.3.2 / 2009-09-15
+## Version 0.3.2 / 2009-09-15
 
 * enhancements
   * add a hook for plugins to specify how they can clear the whole section
-
-

data/Gemfile

@@ -1,11 +1,12 @@
+# frozen_string_literal: true
 source 'https://rubygems.org'
 
 gemspec
 
 gem 'rake'
-gem 'rack', '1.3'
+gem 'pry'
 
 group :test do
-  gem 'rspec', '~>3'
+  gem 'rspec', '~> 3'
   gem 'rack-test'
 end

data/LICENSE

@@ -1,4 +1,5 @@
-Copyright (c) 2009 Daniel Neighman
+Copyright (c) 2009-2017 Daniel Neighman
+Copyright (c) 2017-2020 Justin Smestad
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -0,0 +1,18 @@
+# Warden
+
+## Getting Started
+
+Please see the [Warden Wiki](https://github.com/wardencommunity/warden/wiki) for overview documentation.
+
+## Maintainers
+
+* Daniel Neighman (hassox)
+* José Valim (josevalim)
+* Justin Smestad (jsmestad)
+* Whitney Smestad (whithub)
+
+[A list of all contributors is available on Github.](https://github.com/hassox/warden/contributors)
+
+## LICENSE
+
+See `LICENSE` file.

data/Rakefile

@@ -1,12 +1,8 @@
 # -*- encoding: utf-8 -*-
-require 'rubygems'
-require 'rake'
-$:.unshift  File.join(File.dirname(__FILE__), "lib")
+# frozen_string_literal: true
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
 
-require 'rspec/core'
-require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
 
 task :default => :spec
-
-desc "Run all specs in spec directory"
-RSpec::Core::RakeTask.new(:spec)

data/lib/warden.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 require 'forwardable'
 
 require 'warden/mixins/common'

data/lib/warden/config.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
   # This class is yielded inside Warden::Manager. If you have a plugin and want to

data/lib/warden/errors.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   class Proxy
     # Lifted from DataMapper's dm-validations plugin :)
@@ -38,7 +39,7 @@ module Warden
       end
 
       def each
-        errors.map.each do |k,v|
+        errors.map.each do |_k,v|
           next if blank?(v)
           yield(v)
         end

data/lib/warden/hooks.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Hooks
 

data/lib/warden/manager.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 require 'warden/hooks'
 require 'warden/config'
 
@@ -21,7 +22,6 @@ module Warden
       @app, @config = app, Warden::Config.new(options)
       @config.default_strategies(*default_strategies) if default_strategies
       yield @config if block_given?
-      self
     end
 
     # Invoke the application guarding for throw :warden.
@@ -32,6 +32,7 @@ module Warden
 
       env['warden'] = Proxy.new(env, self)
       result = catch(:warden) do
+        env['warden'].on_request
         @app.call(env)
       end
 

data/lib/warden/mixins/common.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Mixins
     module Common

data/lib/warden/proxy.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
   class UserNotSet < RuntimeError; end
@@ -28,6 +29,11 @@ module Warden
       @env, @users, @winning_strategies, @locked = env, {}, {}, false
       @manager, @config = manager, manager.config.dup
       @strategies = Hash.new { |h,k| h[k] = {} }
+    end
+
+    # Run the on_request callbacks
+    # :api: private
+    def on_request
       manager._run_callbacks(:on_request, self)
     end
 
@@ -105,7 +111,7 @@ module Warden
       user
     end
 
-    # Same API as authenticated, but returns a boolean instead of a user.
+    # Same API as authenticate, but returns a boolean instead of a user.
     # The difference between this method (authenticate?) and authenticated?
     # is that the former will run strategies if the user has not yet been
     # authenticated, and the second relies on already performed ones.
@@ -171,7 +177,13 @@ module Warden
 
       if opts[:store] != false && opts[:event] != :fetch
         options = env[ENV_SESSION_OPTIONS]
-        options[:renew] = true if options
+        if options
+          if options.frozen?
+            env[ENV_SESSION_OPTIONS] = options.merge(:renew => true).freeze
+          else
+            options[:renew] = true
+          end
+        end
         session_serializer.store(user, scope)
       end
 
@@ -318,7 +330,7 @@ module Warden
       user = nil
 
       # Look for an existing user in the session for this scope.
-      # If there was no user in the session. See if we can get one from the request.
+      # If there was no user in the session, see if we can get one from the request.
       return user, opts if user = user(opts.merge(:scope => scope))
       _run_strategies_for(scope, args)
 
@@ -353,9 +365,12 @@ module Warden
       (strategies || args).each do |name|
         strategy = _fetch_strategy(name, scope)
         next unless strategy && !strategy.performed? && strategy.valid?
+        catch(:warden) do
+          _update_winning_strategy(strategy, scope)
+        end
 
-        self.winning_strategy = @winning_strategies[scope] = strategy
         strategy._run!
+        _update_winning_strategy(strategy, scope)
         break if strategy.halted?
       end
     end
@@ -370,6 +385,11 @@ module Warden
         raise "Invalid strategy #{name}"
       end
     end
+
+    # Updates the winning strategy for a given scope
+    def _update_winning_strategy(strategy, scope)
+      self.winning_strategy = @winning_strategies[scope] = strategy
+    end
   end # Proxy
 
 end # Warden