warden 1.2.7 → 1.2.8

data/spec/warden/manager_spec.rb

@@ -1,341 +0,0 @@
-# encoding: utf-8
-# frozen_string_literal: true
-require 'spec_helper'
-
-describe Warden::Manager do
-
-  before(:all) do
-    load_strategies
-  end
-
-  it "should insert a Proxy object into the rack env" do
-    env = env_with_params
-    setup_rack(success_app).call(env)
-    expect(env["warden"]).to be_an_instance_of(Warden::Proxy)
-  end
-
-  describe "thrown auth" do
-    before(:each) do
-      @basic_app = lambda{|env| [200,{'Content-Type' => 'text/plain'},'OK']}
-      @authd_app = lambda do |e|
-        if e['warden'].authenticated?
-          [200,{'Content-Type' => 'text/plain'},"OK"]
-        else
-          [401,{'Content-Type' => 'text/plain'},"Fail From The App"]
-        end
-      end
-      @env = Rack::MockRequest.
-        env_for('/', 'HTTP_VERSION' => '1.1', 'REQUEST_METHOD' => 'GET')
-    end # before(:each)
-
-    describe "Failure" do
-      it "should respond with a 401 response if the strategy fails authentication" do
-         env = env_with_params("/", :foo => "bar")
-         app = lambda do |_env|
-           _env['warden'].authenticate(:failz)
-           throw(:warden, :action => :unauthenticated)
-         end
-         result = setup_rack(app, :failure_app => @fail_app).call(env) # TODO: What is @fail_app?
-         expect(result.first).to eq(401)
-      end
-
-      it "should use the failure message given to the failure method" do
-        env = env_with_params("/", {})
-        app = lambda do |_env|
-          _env['warden'].authenticate(:failz)
-          throw(:warden)
-        end
-        result = setup_rack(app, :failure_app => @fail_app).call(env) # TODO: What is @fail_app?
-        expect(result.last).to eq(["You Fail!"])
-      end
-
-      it "should set the message from the winning strategy in warden.options hash" do
-        env = env_with_params("/", {})
-        app = lambda do |_env|
-          _env['warden'].authenticate(:failz)
-          throw(:warden)
-        end
-        setup_rack(app, :failure_app => @fail_app).call(env) # TODO: What is @fail_app?
-        expect(env["warden.options"][:message]).to eq("The Fails Strategy Has Failed You")
-      end
-
-      it "should render the failure app when there's a failure" do
-        app = lambda do |e|
-          throw(:warden, :action => :unauthenticated) unless e['warden'].authenticated?(:failz)
-        end
-        fail_app = lambda do |e|
-          [401, {"Content-Type" => "text/plain"}, ["Failure App"]]
-        end
-        result = setup_rack(app, :failure_app => fail_app).call(env_with_params)
-        expect(result.last).to eq(["Failure App"])
-      end
-
-      it "should call failure app if warden is thrown even after successful authentication" do
-        env = env_with_params("/", {})
-        app = lambda do |_env|
-          _env['warden'].authenticate(:pass)
-          throw(:warden)
-        end
-        result = setup_rack(app, :failure_app => @fail_app).call(env)
-        expect(result.first).to eq(401)
-        expect(result.last).to eq(["You Fail!"])
-      end
-
-      it "should set the attempted url in warden.options hash" do
-        env = env_with_params("/access/path", {})
-        app = lambda do |_env|
-          _env['warden'].authenticate(:pass)
-          throw(:warden)
-        end
-        result = setup_rack(app, :failure_app => @fail_app).call(env) # TODO: What is @fail_app?
-        expect(result.first).to eq(401)
-        expect(env["warden.options"][:attempted_path]).to eq("/access/path")
-      end
-
-      it "should catch a resubmitted request" do
-        # this is a bit convoluted. but it's occurred in the field with Rack::OpenID
-        $count = 0
-        $throw_count = 0
-        env = env_with_params("/foo")
-        class ::ResubmittingMiddleware
-          @@app = nil
-          def initialize(app)
-            @@app = app
-          end
-
-          def self.call(env)
-            if $count > 1
-              Rack::Response.new("Bad", 401)
-            else
-              $count += 1
-              @@app.call(env)
-            end
-          end
-
-          def call(env)
-            $count += 1
-            @@app.call(env)
-          end
-
-        end
-
-        app = lambda do |e|
-          $throw_count += 1
-          throw(:warden)
-        end
-
-        builder = Rack::Builder.new do
-          use ResubmittingMiddleware
-          use Warden::Manager do |config|
-            config.failure_app = ResubmittingMiddleware
-          end
-          run app
-        end
-
-        result = builder.to_app.call(env)
-        expect(result[0]).to eq(401)
-        expect(result[2].body).to eq(["Bad"])
-        expect($throw_count).to eq(2)
-      end
-
-      it "should use the default scopes action when a bare throw is used" do
-         env = env_with_params("/", :foo => "bar")
-         action = nil
-
-         failure = lambda do |_env|
-           action = _env['PATH_INFO']
-           [401, {}, ['fail']]
-         end
-
-         app = lambda do |_env|
-           throw(:warden)
-         end
-         result = setup_rack(app,
-                             :failure_app => failure,
-                             :configurator => lambda{ |c| c.scope_defaults(:default, :action => 'my_action', :strategies => [:password]) }
-                            ).call(env)
-
-         expect(action).to eq("/my_action")
-         expect(result.first).to eq(401)
-      end
-    end # failure
-  end
-
-  describe "integrated strategies" do
-    before(:each) do
-      RAS = Warden::Strategies unless defined?(RAS)
-      Warden::Strategies.clear!
-      @app = setup_rack do |env|
-        env['warden'].authenticate!(:foobar)
-        [200, {"Content-Type" => "text/plain"}, ["Foo Is A Winna"]]
-      end
-    end
-
-    describe "redirecting" do
-
-      it "should redirect with a message" do
-        RAS.add(:foobar) do
-          def authenticate!
-            redirect!("/foo/bar", {:foo => "bar"}, :message => "custom redirection message")
-          end
-        end
-        result = @app.call(env_with_params)
-        expect(result[0]).to be(302)
-        expect(result[1]["Location"]).to eq("/foo/bar?foo=bar")
-        expect(result[2]).to eq(["custom redirection message"])
-      end
-
-      it "should redirect with a default message" do
-        RAS.add(:foobar) do
-          def authenticate!
-            redirect!("/foo/bar", {:foo => "bar"})
-          end
-        end
-        result = @app.call(env_with_params)
-        expect(result[0]).to eq(302)
-        expect(result[1]['Location']).to eq("/foo/bar?foo=bar")
-        expect(result[2]).to eq(["You are being redirected to /foo/bar?foo=bar"])
-      end
-
-      it "should redirect with a permanent redirect" do
-        RAS.add(:foobar) do
-          def authenticate!
-            redirect!("/foo/bar", {}, :permanent => true)
-          end
-        end
-        result = @app.call(env_with_params)
-        expect(result[0]).to eq(301)
-      end
-
-      it "should redirect with a content type" do
-        RAS.add(:foobar) do
-          def authenticate!
-            redirect!("/foo/bar", {:foo => "bar"}, :content_type => "text/xml")
-          end
-        end
-        result = @app.call(env_with_params)
-        expect(result[0]).to eq(302)
-        expect(result[1]["Location"]).to eq("/foo/bar?foo=bar")
-        expect(result[1]["Content-Type"]).to eq("text/xml")
-      end
-
-      it "should redirect with a default content type" do
-        RAS.add(:foobar) do
-          def authenticate!
-            redirect!("/foo/bar", {:foo => "bar"})
-          end
-        end
-        result = @app.call(env_with_params)
-        expect(result[0]).to eq(302)
-        expect(result[1]["Location"]).to eq("/foo/bar?foo=bar")
-        expect(result[1]["Content-Type"]).to eq("text/plain")
-      end
-    end
-
-    describe "failing" do
-      it "should fail according to the failure app" do
-        RAS.add(:foobar) do
-          def authenticate!
-            fail!
-          end
-        end
-        env = env_with_params
-        result = @app.call(env)
-        expect(result[0]).to eq(401)
-        expect(result[2]).to eq(["You Fail!"])
-        expect(env['PATH_INFO']).to eq("/unauthenticated")
-      end
-
-      it "should allow you to customize the response" do
-        app = lambda do |e|
-          e['warden'].custom_failure!
-          [401,{'Content-Type' => 'text/plain'},["Fail From The App"]]
-        end
-        env = env_with_params
-        result = setup_rack(app).call(env)
-        expect(result[0]).to eq(401)
-        expect(result[2]).to eq(["Fail From The App"])
-      end
-
-      it "should allow you to customize the response without the explicit call to custom_failure! if not intercepting 401" do
-        app = lambda do |e|
-          [401,{'Content-Type' => 'text/plain'},["Fail From The App"]]
-        end
-        env = env_with_params
-        result = setup_rack(app, :intercept_401 => false).call(env)
-        expect(result[0]).to eq(401)
-        expect(result[2]).to eq(["Fail From The App"])
-      end
-
-      it "should render the failure application for a 401 if no custom_failure flag is set" do
-        app = lambda do |e|
-          [401,{'Content-Type' => 'text/plain'},["Fail From The App"]]
-        end
-        result = setup_rack(app).call(env_with_params)
-        expect(result[0]).to eq(401)
-        expect(result[2]).to eq(["You Fail!"])
-      end
-
-    end # failing
-
-    describe "custom rack response" do
-      it "should return a custom rack response" do
-        RAS.add(:foobar) do
-          def authenticate!
-            custom!([523, {"Content-Type" => "text/plain", "Custom-Header" => "foo"}, ["Custom Stuff"]])
-          end
-        end
-        result = @app.call(env_with_params)
-        expect(result[0]).to be(523)
-        expect(result[1]["Custom-Header"]).to eq("foo")
-        expect(result[2]).to eq(["Custom Stuff"])
-      end
-    end
-
-    describe "app returns Rack::Response" do
-      it "should return it" do
-        RAS.add(:foobar) do
-          def authenticate!
-            custom!(Rack::Response.new(['body'], 201, {"Content-Type" => "text/plain"}))
-          end
-        end
-        result = @app.call(env_with_params)
-        expect(result.status).to eq(201)
-        expect(result.body).to eq(['body'])
-        expect(result.header['Content-Type']).to eq('text/plain')
-      end
-    end
-
-    describe "success" do
-      it "should pass through to the application when there is success" do
-        RAS.add(:foobar) do
-          def authenticate!
-            success!("A User")
-          end
-        end
-        env = env_with_params
-        result = @app.call(env)
-        expect(result[0]).to eq(200)
-        expect(result[2]).to eq(["Foo Is A Winna"])
-      end
-    end
-  end # integrated strategies
-
-  it "should allow me to set a different default scope for warden" do
-    Rack::Builder.new do
-      use Warden::Manager, :default_scope => :default do |manager|
-        expect(manager.default_scope).to eq(:default)
-        manager.default_scope = :other
-        expect(manager.default_scope).to eq(:other)
-      end
-    end
-  end
-
-  it "should allow me to access strategies through manager" do
-    Rack::Builder.new do
-      use Warden::Manager do |manager|
-        expect(manager.strategies).to eq(Warden::Strategies)
-      end
-    end
-  end
-end

data/spec/warden/proxy_spec.rb

@@ -1,1051 +0,0 @@
-# encoding: utf-8
-# frozen_string_literal: true
-require 'spec_helper'
-
-describe Warden::Proxy do
-  before(:all) do
-    load_strategies
-  end
-
-  before(:each) do
-    @basic_app = lambda{|env| [200,{'Content-Type' => 'text/plain'},'OK']}
-    @authd_app = lambda do |e|
-      e['warden'].authenticate
-      if e['warden'].authenticated?
-        [200,{'Content-Type' => 'text/plain'},"OK"]
-      else
-        [401,{'Content-Type' => 'text/plain'},"You Fail"]
-      end
-    end
-    @env = env_with_params("/")
-  end # before(:each)
-
-  describe "authentication" do
-
-    it "should not check the authentication if it is not checked" do
-      app = setup_rack(@basic_app)
-      expect(app.call(@env).first).to eq(200)
-    end
-
-    it "should check the authentication if it is explicitly checked" do
-      app = setup_rack(@authd_app)
-      expect(app.call(@env).first).to eq(401)
-    end
-
-    it "should not allow the request if incorrect conditions are supplied" do
-      env = env_with_params("/", :foo => "bar")
-      app = setup_rack(@authd_app)
-      response = app.call(env)
-      expect(response.first).to eq(401)
-    end
-
-    it "should allow the request if the correct conditions are supplied" do
-      env = env_with_params("/", :username => "fred", :password => "sekrit")
-      app = setup_rack(@authd_app)
-      resp = app.call(env)
-      expect(resp.first).to eq(200)
-    end
-
-    it "should allow authentication in my application" do
-      env = env_with_params('/', :username => "fred", :password => "sekrit")
-      app = lambda do |_env|
-        _env['warden'].authenticate
-        expect(_env['warden']).to be_authenticated
-        expect(_env['warden.spec.strategies']).to eq([:password])
-        valid_response
-      end
-      setup_rack(app).call(env)
-    end
-
-    it "should allow me to select which strategies I use in my application" do
-      env = env_with_params("/", :foo => "bar")
-      app = lambda do |_env|
-        _env['warden'].authenticate(:failz)
-        expect(_env['warden']).not_to be_authenticated
-        expect(_env['warden.spec.strategies']).to eq([:failz])
-        valid_response
-      end
-      setup_rack(app).call(env)
-    end
-
-    it "should raise error on missing strategies" do
-      app = lambda do |env|
-        env['warden'].authenticate(:unknown)
-      end
-      expect {
-        setup_rack(app).call(@env)
-      }.to raise_error(RuntimeError, "Invalid strategy unknown")
-    end
-
-    it "should raise error if the strategy failed" do
-      app = lambda do |env|
-        env['warden'].authenticate(:fail_with_user)
-        expect(env['warden'].user).to be_nil
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should not raise error on missing strategies if silencing" do
-      app = lambda do |env|
-        env['warden'].authenticate
-        valid_response
-      end
-      expect {
-        setup_rack(app, :silence_missing_strategies => true, :default_strategies => [:unknown]).call(@env)
-      }.not_to raise_error
-    end
-
-    it "should allow me to get access to the user at warden.user." do
-      app = lambda do |env|
-        env['warden'].authenticate(:pass)
-        expect(env['warden']).to be_authenticated
-        expect(env['warden.spec.strategies']).to eq([:pass])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should run strategies when authenticate? is asked" do
-      app = lambda do |env|
-        expect(env['warden']).not_to be_authenticated
-        env['warden'].authenticate?(:pass)
-        expect(env['warden']).to be_authenticated
-        expect(env['warden.spec.strategies']).to eq([:pass])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should properly send the scope to the strategy" do
-      app = lambda do |env|
-        env['warden'].authenticate(:pass, :scope => :failz)
-        expect(env['warden']).not_to be_authenticated
-        expect(env['warden.spec.strategies']).to eq([:pass])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should try multiple authentication strategies" do
-      app = lambda do |env|
-        env['warden'].authenticate(:password,:pass)
-        expect(env['warden']).to be_authenticated
-        expect(env['warden.spec.strategies']).to eq([:password, :pass])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should look for an active user in the session with authenticate" do
-      app = lambda do |env|
-        env['rack.session']["warden.user.default.key"] = "foo as a user"
-        env['warden'].authenticate(:pass)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-      expect(@env['warden'].user).to eq("foo as a user")
-    end
-
-    it "should look for an active user in the session with authenticate?" do
-      app = lambda do |env|
-        env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
-        env['warden'].authenticate?(:pass, :scope => :foo_scope)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-      expect(@env['warden'].user(:foo_scope)).to eq("a foo user")
-    end
-
-    it "should look for an active user in the session with authenticate!" do
-      app = lambda do |env|
-        env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
-        env['warden'].authenticate!(:pass, :scope => :foo_scope)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-      expect(@env['warden'].user(:foo_scope)).to eq("a foo user")
-    end
-
-    it "should throw an error when authenticate!" do
-      app = lambda do |env|
-        env['warden'].authenticate!(:pass, :scope => :failz)
-        raise "OMG"
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should login 2 different users from the session" do
-      app = lambda do |env|
-        env['rack.session']['warden.user.foo.key'] = 'foo user'
-        env['rack.session']['warden.user.bar.key'] = 'bar user'
-        expect(env['warden']).to be_authenticated(:foo)
-        expect(env['warden']).to be_authenticated(:bar)
-        expect(env['warden']).not_to be_authenticated # default scope
-        valid_response
-      end
-      setup_rack(app).call(@env)
-      expect(@env['warden'].user(:foo)).to eq('foo user')
-      expect(@env['warden'].user(:bar)).to eq('bar user')
-      expect(@env['warden'].user).to be_nil
-    end
-
-    it "should not authenticate other scopes just because the first is authenticated" do
-      app = lambda do |env|
-        env['warden'].authenticate(:pass, :scope => :foo)
-        env['warden'].authenticate(:invalid, :scope => :bar)
-        expect(env['warden']).to be_authenticated(:foo)
-        expect(env['warden']).not_to be_authenticated(:bar)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    SID_REGEXP = /rack\.session=([^;]*);/
-
-    it "should renew session when user is set" do
-      app = lambda do |env|
-        env["rack.session"]["counter"] ||= 0
-        env["rack.session"]["counter"] += 1
-        if env["warden.on"]
-          env["warden"].authenticate!(:pass)
-          expect(env["warden"]).to be_authenticated
-        end
-        valid_response
-      end
-
-      # Setup a rack app with Pool session.
-      app = setup_rack(app, :session => Rack::Session::Pool).to_app
-      response = app.call(@env)
-      expect(@env["rack.session"]["counter"]).to eq(1)
-
-      # Ensure a cookie was given back
-      cookie = response[1]["Set-Cookie"]
-      expect(cookie).not_to be_nil
-
-      # Ensure a session id was given
-      sid = cookie.match(SID_REGEXP)[1]
-      expect(sid).not_to be_nil
-
-      # Do another request, giving a cookie but turning on warden authentication
-      env = env_with_params("/", {}, 'rack.session' => @env['rack.session'], "HTTP_COOKIE" => cookie, "warden.on" => true)
-      response = app.call(env)
-      expect(env["rack.session"]["counter"]).to be(2)
-
-      # Regardless of rack version, a cookie should be sent back
-      new_cookie = response[1]["Set-Cookie"]
-      expect(new_cookie).not_to be_nil
-
-      # And the session id in this cookie should not be the same as the previous one
-      new_sid = new_cookie.match(SID_REGEXP)[1]
-      expect(new_sid).not_to be_nil
-      expect(new_sid).not_to eq(sid)
-    end
-
-    it "should not renew session when user is fetch" do
-      app = lambda do |env|
-        env["rack.session"]["counter"] ||= 0
-        env["rack.session"]["counter"] += 1
-        env["warden"].authenticate!(:pass)
-        expect(env["warden"]).to be_authenticated
-        valid_response
-      end
-
-      # Setup a rack app with Pool session.
-      app = setup_rack(app, :session => Rack::Session::Pool).to_app
-      response = app.call(@env)
-      expect(@env["rack.session"]["counter"]).to eq(1)
-
-      # Ensure a cookie was given back
-      cookie = response[1]["Set-Cookie"]
-      expect(cookie).not_to be_nil
-
-      # Ensure a session id was given
-      sid = cookie.match(SID_REGEXP)[1]
-      expect(sid).not_to be_nil
-
-      # Do another request, passing the cookie. The user should be fetched from cookie.
-      env = env_with_params("/", {}, "HTTP_COOKIE" => cookie)
-      response = app.call(env)
-      expect(env["rack.session"]["counter"]).to eq(2)
-
-      # Depending on rack version, a cookie will be returned with the
-      # same session id or no cookie is given back (becase it did not change).
-      # If we don't get any of these two behaviors, raise an error.
-      # Regardless of rack version, a cookie should be sent back
-      new_cookie = response[1]["Set-Cookie"]
-      if new_cookie && new_cookie.match(SID_REGEXP)[1] != sid
-        raise "Expected a cookie to not be sent or session id to match"
-      end
-    end
-  end
-
-  describe "authentication cache" do
-    it "should run strategies just once for a given scope" do
-      app = lambda do |env|
-        env['warden'].authenticate(:password, :pass, :scope => :failz)
-        expect(env['warden']).not_to be_authenticated(:failz)
-        env['warden'].authenticate(:password, :pass, :scope => :failz)
-        expect(env['warden']).not_to be_authenticated(:failz)
-        expect(env['warden.spec.strategies']).to eq([:password, :pass])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should run strategies for a given scope several times if cache is cleaned" do
-      app = lambda do |env|
-        env['warden'].authenticate(:password, :pass, :scope => :failz)
-        env['warden'].clear_strategies_cache!(:scope => :failz)
-        env['warden'].authenticate(:password, :pass, :scope => :failz)
-        expect(env['warden.spec.strategies']).to eq([:password, :pass, :password, :pass])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should clear the cache for a specified strategy" do
-      app = lambda do |env|
-        env['warden'].authenticate(:password, :pass, :scope => :failz)
-        env['warden'].clear_strategies_cache!(:password, :scope => :failz)
-        env['warden'].authenticate(:password, :pass, :scope => :failz)
-        expect(env['warden.spec.strategies']).to eq([:password, :pass, :password])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should run the strategies several times for different scopes" do
-      app = lambda do |env|
-        env['warden'].authenticate(:password, :pass, :scope => :failz)
-        expect(env['warden']).not_to be_authenticated(:failz)
-        env['warden'].authenticate(:password, :pass)
-        expect(env['warden']).to be_authenticated
-        expect(env['warden.spec.strategies']).to eq([:password, :pass, :password, :pass])
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should not run strategies until cache is cleaned if latest winning strategy halted" do
-      app = lambda do |env|
-        env['warden'].authenticate(:failz)
-        expect(env['warden']).not_to be_authenticated
-        env['warden'].authenticate(:pass)
-        expect(env['warden'].winning_strategy.message).to eq("The Fails Strategy Has Failed You")
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should not store user if strategy isn't meant for permanent login" do
-      session = Warden::SessionSerializer.new(@env)
-      app = lambda do |env|
-        env['warden'].authenticate(:single)
-        expect(env['warden']).to  be_authenticated
-        expect(env['warden'].user).to eq("Valid User")
-        expect(session).not_to be_stored(:default)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-  end
-
-  describe "set user" do
-    it "should store the user into the session" do
-      app = lambda do |env|
-        env['warden'].authenticate(:pass)
-        expect(env['warden']).to be_authenticated
-        expect(env['warden'].user).to eq("Valid User")
-        expect(env['rack.session']["warden.user.default.key"]).to eq("Valid User")
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should not store the user if the :store option is set to false" do
-      app = lambda do |env|
-        env['warden'].authenticate(:pass, :store => false)
-        expect(env['warden']).to be_authenticated
-        expect(env['warden'].user).to eq("Valid User")
-        expect(env['rack.session']['warden.user.default.key']).to be_nil
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should not throw error when no session is configured and store is false" do
-      app = lambda do |env|
-        env['rack.session'] = nil
-        env['warden'].authenticate(:pass, :store => false)
-        expect(env['warden']).to be_authenticated
-        expect(env['warden'].user).to eq("Valid User")
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should not run the callbacks when :run_callbacks is false" do
-      app = lambda do |env|
-        expect(env['warden'].manager).not_to receive(:_run_callbacks)
-        env['warden'].authenticate(:run_callbacks => false, :scope => :pass)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should run the callbacks when :run_callbacks is true" do
-      app = lambda do |env|
-        expect(env['warden'].manager).to receive(:_run_callbacks).at_least(:once)
-        env['warden'].authenticate(:pass)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should run the callbacks by default" do
-      app = lambda do |env|
-        expect(env['warden'].manager).to receive(:_run_callbacks).at_least(:once)
-        env['warden'].authenticate(:pass)
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-  end
-
-  describe "lock" do
-    it "should not run any strategy" do
-      _app = lambda do |env|
-        env['warden'].lock!
-        env['warden'].authenticate(:pass)
-        expect(env['warden'].user).to be_nil
-        valid_response
-      end
-    end
-
-    it "should keep already authenticated users" do
-      _app = lambda do |env|
-        env['warden'].authenticate(:pass)
-        env['warden'].lock!
-        expect(env['warden'].user).not_to be_nil
-        valid_response
-      end
-    end
-  end
-
-  describe "get user" do
-    before(:each) do
-      @env['rack.session'] ||= {}
-      @env['rack.session'].delete("warden.user.default.key")
-    end
-
-    it "should return nil when not logged in" do
-      app = lambda do |env|
-        expect(env['warden'].user).to be_nil
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should not run strategies when not logged in" do
-      app = lambda do |env|
-        expect(env['warden'].user).to be_nil
-        expect(env['warden.spec.strategies']).to be_nil
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should cache unfound user" do
-      expect_any_instance_of(Warden::SessionSerializer).to receive(:fetch).once
-      app = lambda do |env|
-        expect(env['warden'].user).to be_nil
-        expect(env['warden'].user).to be_nil
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    describe "previously logged in" do
-      before(:each) do
-        @env['rack.session']['warden.user.default.key'] = "A Previous User"
-        @env['warden.spec.strategies'] = []
-      end
-
-      it "should take the user from the session when logged in" do
-        app = lambda do |env|
-          expect(env['warden'].user).to eq("A Previous User")
-          valid_response
-        end
-        setup_rack(app).call(@env)
-      end
-
-      it "should cache found user" do
-        expect_any_instance_of(Warden::SessionSerializer).to receive(:fetch).once.and_return "A Previous User"
-        app = lambda do |env|
-          expect(env['warden'].user).to eq("A Previous User")
-          expect(env['warden'].user).to eq("A Previous User")
-          valid_response
-        end
-        setup_rack(app).call(@env)
-      end
-
-      it "should not run strategies when the user exists in the session" do
-        app = lambda do |env|
-          env['warden'].authenticate!(:pass)
-          valid_response
-        end
-        setup_rack(app).call(@env)
-        expect(@env['warden.spec.strategies']).not_to include(:pass)
-      end
-
-      describe "run callback option" do
-        it "should not call run_callbacks when we pass a :run_callback => false" do
-          app = lambda do |env|
-            expect(env['warden'].manager).not_to receive(:_run_callbacks)
-            env['warden'].user(:run_callbacks => false)
-            valid_response
-          end
-          setup_rack(app).call(@env)
-        end
-
-        it "should call run_callbacks when we pass a :run_callback => true" do
-          app = lambda do |env|
-            expect(env['warden'].manager).to receive(:_run_callbacks).at_least(:once)
-            env['warden'].user(:run_callbacks => true)
-            valid_response
-          end
-          setup_rack(app).call(@env)
-        end
-
-        it "should call run_callbacks by default" do
-          app = lambda do |env|
-            expect(env['warden'].manager).to receive(:_run_callbacks).at_least(:once)
-            env['warden'].user
-            valid_response
-          end
-          setup_rack(app).call(@env)
-        end
-      end
-    end
-  end
-
-  describe "logout" do
-    before(:each) do
-      @env['rack.session'] = {"warden.user.default.key" => "default key", "warden.user.foo.key" => "foo key", :foo => "bar"}
-      @app = lambda do |e|
-        e['warden'].logout(e['warden.spec.which_logout'])
-        valid_response
-      end
-    end
-
-    it "should logout only the scoped foo user" do
-      @app = setup_rack(@app)
-      @env['warden.spec.which_logout'] = :foo
-      @app.call(@env)
-      expect(@env['rack.session']['warden.user.default.key']).to eq("default key")
-      expect(@env['rack.session']['warden.user.foo.key']).to be_nil
-      expect(@env['rack.session'][:foo]).to eq("bar")
-    end
-
-    it "should logout only the scoped default user" do
-      @app = setup_rack(@app)
-      @env['warden.spec.which_logout'] = :default
-      @app.call(@env)
-      expect(@env['rack.session']['warden.user.default.key']).to be_nil
-      expect(@env['rack.session']['warden.user.foo.key']).to eq("foo key")
-      expect(@env['rack.session'][:foo]).to eq("bar")
-    end
-
-    it "should clear the session when no argument is given to logout" do
-      expect(@env['rack.session']).not_to be_nil
-      app = lambda do |e|
-        e['warden'].logout
-        valid_response
-      end
-      setup_rack(app).call(@env)
-      expect(@env['rack.session']).to be_empty
-    end
-
-    it "should not raise exception if raw_session is nil" do
-      @app = setup_rack(@app, { nil_session: true })
-      @env['rack.session'] = nil
-      @env['warden.spec.which_logout'] = :foo
-      expect { @app.call(@env) }.to_not raise_error
-    end
-
-    it "should clear the user when logging out" do
-      expect(@env['rack.session']).not_to be_nil
-      app = lambda do |e|
-        expect(e['warden'].user).not_to be_nil
-        e['warden'].logout
-        expect(e['warden']).not_to be_authenticated
-        expect(e['warden'].user).to be_nil
-        valid_response
-      end
-      setup_rack(app).call(@env)
-      expect(@env['warden'].user).to be_nil
-    end
-
-    it "should clear the session data when logging out" do
-      expect(@env['rack.session']).not_to be_nil
-      app = lambda do |e|
-        expect(e['warden'].user).not_to be_nil
-        e['warden'].session[:foo] = :bar
-        e['warden'].logout
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should clear out the session by calling reset_session! so that plugins can setup their own session clearing" do
-      expect(@env['rack.session']).not_to be_nil
-      app = lambda do |e|
-        expect(e['warden'].user).not_to be_nil
-        expect(e['warden']).to receive(:reset_session!)
-        e['warden'].logout
-        valid_response
-      end
-      setup_rack(app).call(@env)
-    end
-  end
-
-  describe "messages" do
-    it "should allow access to the failure message" do
-      failure = lambda do |e|
-        [401, {"Content-Type" => "text/plain"}, [e['warden'].message]]
-      end
-      app = lambda do |e|
-        e['warden'].authenticate! :failz
-      end
-      result = setup_rack(app, :failure_app => failure).call(@env)
-      expect(result.last).to eq(["The Fails Strategy Has Failed You"])
-    end
-
-    it "should allow access to the success message" do
-      success = lambda do |e|
-        [200, {"Content-Type" => "text/plain"}, [e['warden'].message]]
-      end
-      app = lambda do |e|
-        e['warden'].authenticate! :pass_with_message
-        success.call(e)
-      end
-      result = setup_rack(app).call(@env)
-      expect(result.last).to eq(["The Success Strategy Has Accepted You"])
-    end
-
-    it "should not die when accessing a message from a source where no authentication has occurred" do
-      app = lambda do |e|
-        [200, {"Content-Type" => "text/plain"}, [e['warden'].message]]
-      end
-      result = setup_rack(app).call(@env)
-      expect(result[2]).to eq([nil])
-    end
-  end
-
-  describe "when all strategies are not valid?" do
-    it "should return false for authenticated? when there are no valid? strategies" do
-     @env['rack.session'] = {}
-     app = lambda do |e|
-       expect(e['warden'].authenticate(:invalid)).to be_nil
-       expect(e['warden']).not_to be_authenticated
-     end
-     setup_rack(app).call(@env)
-    end
-
-    it "should return nil for authenticate when there are no valid strategies" do
-      @env['rack.session'] = {}
-      app = lambda do |e|
-        expect(e['warden'].authenticate(:invalid)).to be_nil
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should return false for authenticate? when there are no valid strategies" do
-      @env['rack.session'] = {}
-      app = lambda do |e|
-        expect(e['warden'].authenticate?(:invalid)).to eq(false)
-      end
-      setup_rack(app).call(@env)
-    end
-
-    it "should respond with a 401 when authenticate! cannot find any valid strategies" do
-      @env['rack.session'] = {}
-      app = lambda do |e|
-        e['warden'].authenticate!(:invalid)
-      end
-      result = setup_rack(app).call(@env)
-      expect(result.first).to eq(401)
-    end
-  end
-
-  describe "authenticated?" do
-    describe "positive authentication" do
-      before do
-        @env['rack.session'] = {'warden.user.default.key' => 'defult_key'}
-        $captures = []
-      end
-
-      it "should return true when authenticated in the session" do
-        app = lambda do |e|
-          expect(e['warden']).to be_authenticated
-        end
-        setup_rack(app).call(@env)
-      end
-
-      it "should yield to a block when the block is passed and authenticated" do
-        app = lambda do |e|
-          e['warden'].authenticated? do
-            $captures << :in_the_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([:in_the_block])
-      end
-
-      it "should authenticate for a user in a different scope" do
-        @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'}
-        app = lambda do |e|
-          e['warden'].authenticated?(:foo) do
-            $captures << :in_the_foo_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([:in_the_foo_block])
-      end
-    end
-
-    describe "negative authentication" do
-      before do
-        @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'}
-        $captures = []
-      end
-
-      it "should return false when authenticated in the session" do
-        app = lambda do |e|
-          expect(e['warden']).not_to be_authenticated
-        end
-        setup_rack(app).call(@env)
-      end
-
-      it "should return false if scope cannot be retrieved from session" do
-        begin
-          Warden::Manager.serialize_from_session { |k| nil }
-          app = lambda do |env|
-            env['rack.session']['warden.user.foo_scope.key'] = "a foo user"
-            env['warden'].authenticated?(:foo_scope)
-            valid_response
-          end
-          setup_rack(app).call(@env)
-          expect(@env['warden'].user(:foo_scope)).to be_nil
-        ensure
-          Warden::Manager.serialize_from_session { |k| k }
-        end
-      end
-
-      it "should not yield to a block when the block is passed and authenticated" do
-        app = lambda do |e|
-          e['warden'].authenticated? do
-            $captures << :in_the_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([])
-      end
-
-      it "should not yield for a user in a different scope" do
-        app = lambda do |e|
-          e['warden'].authenticated?(:bar) do
-            $captures << :in_the_bar_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([])
-      end
-    end
-  end
-
-  describe "unauthenticated?" do
-    describe "negative unauthentication" do
-      before do
-        @env['rack.session'] = {'warden.user.default.key' => 'defult_key'}
-        $captures = []
-      end
-
-      it "should return false when authenticated in the session" do
-        app = lambda do |e|
-          expect(e['warden']).not_to be_unauthenticated
-        end
-        _result = setup_rack(app).call(@env)
-      end
-
-      it "should not yield to a block when the block is passed and authenticated" do
-        app = lambda do |e|
-          e['warden'].unauthenticated? do
-            $captures << :in_the_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([])
-      end
-
-      it "should not yield to the block for a user in a different scope" do
-        @env['rack.session'] = {'warden.user.foo.key' => 'foo_key'}
-        app = lambda do |e|
-          e['warden'].unauthenticated?(:foo) do
-            $captures << :in_the_foo_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([])
-      end
-    end
-
-    describe "positive unauthentication" do
-      before do
-        @env['rack.session'] = {'warden.foo.default.key' => 'foo_key'}
-        $captures = []
-      end
-
-      it "should return false when unauthenticated in the session" do
-        app = lambda do |e|
-          expect(e['warden']).to be_unauthenticated
-        end
-        setup_rack(app).call(@env)
-      end
-
-      it "should yield to a block when the block is passed and authenticated" do
-        app = lambda do |e|
-          e['warden'].unauthenticated? do
-            $captures << :in_the_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([:in_the_block])
-      end
-
-      it "should yield for a user in a different scope" do
-        app = lambda do |e|
-          e['warden'].unauthenticated?(:bar) do
-            $captures << :in_the_bar_block
-          end
-        end
-        setup_rack(app).call(@env)
-        expect($captures).to eq([:in_the_bar_block])
-      end
-    end
-  end
-
-  describe "attributes" do
-    def def_app(&blk)
-      @app = setup_rack(blk)
-    end
-
-    it "should have a config attribute" do
-      app = def_app do |e|
-        expect(e['warden'].config).to be_a_kind_of(Hash)
-        valid_response
-      end
-      app.call(@env)
-    end
-  end
-end
-
-describe "dynamic default_strategies" do
-  before(:all) do
-    load_strategies
-
-    class ::DynamicDefaultStrategies
-      def initialize(app, &blk)
-        @app, @blk = app, blk
-      end
-
-      def call(env)
-        @blk.call(env)
-        @app.call(env)
-      end
-    end
-
-    Warden::Strategies.add(:one) do
-      def authenticate!; $captures << :one; success!("User") end
-    end
-
-    Warden::Strategies.add(:two) do
-      def authenticate!; $captures << :two; fail("User not found") end
-    end
-  end
-
-  before(:each) do
-    @app = lambda{|e| e['warden'].authenticate! }
-    @env = env_with_params("/")
-    $captures = []
-  end
-
-  def wrap_app(app, &blk)
-    builder = Rack::Builder.new do
-      use DynamicDefaultStrategies, &blk
-      run app
-    end
-    builder.to_app
-  end
-
-  it "should allow me to change the default strategies on the fly" do
-    app = wrap_app(@app) do |e|
-      expect(e['warden'].default_strategies).to eq([:password])
-      expect(e['warden'].config.default_strategies).to eq([:password])
-      e['warden'].default_strategies :one
-      e['warden'].authenticate!
-      Rack::Response.new("OK").finish
-    end
-    setup_rack(app).call(@env)
-
-    expect($captures).to eq([:one])
-  end
-
-  it "should allow me to append to the default strategies on the fly" do
-    app = wrap_app(@app) do |e|
-      e['warden'].default_strategies << :one
-      expect(e['warden'].default_strategies).to eq([:password, :one])
-      e['warden'].authenticate!
-      Rack::Response.new("OK").finish
-    end
-    setup_rack(app).call(@env)
-
-    expect($captures).to eq([:one])
-  end
-
-  it "should allow me to set the default strategies on a per scope basis" do
-    app = wrap_app(@app) do |e|
-      w = e['warden']
-      w.default_strategies(:two, :one, :scope => :foo)
-      w.default_strategies(:two, :scope => :default)
-      expect(w.default_strategies(:scope => :foo)).to eq([:two, :one])
-      w.authenticate(:scope => :foo)
-      expect($captures).to eq([:two, :one])
-      $captures.clear
-      w.authenticate
-      expect($captures).to eq([:two])
-    end
-    setup_rack(app).call(@env)
-    expect($captures).to eq([:two])
-  end
-
-  it "should allow me to setup default strategies for each scope on the manager" do
-    builder = Rack::Builder.new do
-      use Warden::Spec::Helpers::Session
-      use Warden::Manager do |config|
-        config.default_strategies :one
-        config.default_strategies :two, :one, :scope => :foo
-        config.failure_app = Warden::Spec::Helpers::FAILURE_APP
-      end
-      run(lambda do |e|
-        w = e['warden']
-        w.authenticate
-        w.authenticate(:scope => :foo)
-        $captures << :complete
-      end)
-    end
-    builder.to_app.call(@env)
-    expect($captures).to eq([:one, :two, :one, :complete])
-  end
-
-  it "should not change the master configurations strategies when I change them" do
-    app = wrap_app(@app) do |e|
-      e['warden'].default_strategies << :one
-      expect(e['warden'].default_strategies).to eq([:password, :one])
-      expect(e['warden'].manager.config.default_strategies).to eq([:password])
-      e['warden'].authenticate!
-      Rack::Response.new("OK").finish
-    end
-    setup_rack(app).call(@env)
-
-    expect($captures).to eq([:one])
-  end
-
-  describe "default scope options" do
-
-    it "should allow me to set a default action for a given scope" do
-      $captures = []
-      builder = Rack::Builder.new do
-        use Warden::Manager do |config|
-          config.scope_defaults :foo, :strategies => [:two], :action => "some_bad_action"
-          config.failure_app = Warden::Spec::Helpers::FAILURE_APP
-        end
-
-        run(lambda do |e|
-          e['warden'].authenticate!(:scope => :foo)
-        end)
-      end
-
-      env = env_with_params("/foo")
-      env["rack.session"] = {}
-      builder.to_app.call(env)
-      request = Rack::Request.new(env)
-      expect(request.path).to eq("/some_bad_action")
-    end
-
-    it "should allow me to set store, false on a given scope" do
-      $captures = []
-      warden = []
-      builder = Rack::Builder.new do
-        use Warden::Manager do |config|
-          config.default_strategies :one
-          config.default_strategies :two, :one, :scope => :foo
-          config.default_strategies :two, :one, :scope => :bar
-
-          config.scope_defaults :bar, :store => false
-          config.scope_defaults :baz, :store => false
-          config.failure_app = Warden::Spec::Helpers::FAILURE_APP
-        end
-        run(lambda do |e|
-          w = e['warden']
-          w.authenticate
-          w.authenticate(:scope => :foo)
-          w.authenticate(:one, :scope => :bar)
-          w.authenticate(:one, :scope => :baz, :store => true)
-          warden << w
-          $captures << :complete
-          Rack::Response.new("OK").finish
-        end)
-      end
-      session = @env["rack.session"] = {}
-      builder.to_app.call(@env)
-      expect($captures).to include(:complete)
-      w = warden.first
-      expect(w.user).to eq("User")
-      expect(w.user(:foo)).to eq("User")
-      expect(w.user(:bar)).to eq("User")
-      expect(w.user(:baz)).to eq("User")
-      expect(session['warden.user.default.key']).to eq("User")
-      expect(session['warden.user.foo.key']).to eq("User")
-      expect(session.key?('warden.user.bar.key')).to eq(false)
-      expect(session['warden.user.bar.key']).to be_nil
-      expect(session['warden.user.baz.key']).to eq("User")
-    end
-  end
-
-  describe "#asset_request?" do
-    before(:each) do
-      @asset_regex = /^\/assets\//
-      ::Warden.asset_paths = @asset_regex
-    end
-
-    it "should return true if PATH_INFO is in asset list" do
-      env = env_with_params('/assets/fun.gif')
-      setup_rack(success_app).call(env)
-      proxy = env["warden"]
-
-      expect(proxy.env['PATH_INFO']).to match(@asset_regex)
-      expect(proxy).to be_asset_request
-    end
-
-    it "should return false if PATH_INFO is not in asset list" do
-      env = env_with_params('/home')
-      setup_rack(success_app).call(env)
-      proxy = env["warden"]
-
-      expect(proxy.env['PATH_INFO']).not_to match(@asset_regex)
-      expect(proxy).not_to be_asset_request
-    end
-  end
-end