warden 1.2.7 → 1.2.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 62095c3b46348d469f28bc0b73c4e4d1dea3c772
-  data.tar.gz: c95c0c03bd6f5cc31ebc20674d8f679331cfa6b4
+SHA256:
+  metadata.gz: b7e6c341f27479e6f36339e5d2c211277b4c0e664c960827c2044dd36b5c1c23
+  data.tar.gz: 62e22ba4d81a887444d60ff033c7a6b0a0a8e723771d15cee045ee83baece801
 SHA512:
-  metadata.gz: 2c6897e0cc915b2d3fe2dabf98f5c694a3cbc531974c61c578a579d388c21cca9755a39a6b322a25c41eb1526988c63a531afbe954f4a6075aa3d410cd9e5ef9
-  data.tar.gz: f0a701673890402bf2717fb4ff356046a24ad85dbcf570e52b109fa9a741e18534a49690b0ff4e0ace9fba7c65ac24e17dd5324849af925ac0e27cf497b64246
+  metadata.gz: a6b602f560ebc6f04848c0c7e2d9017af8bf55c6cd6e6fec978e28e0463960761eaf488fabdba1b14d78bcf16e352a97d9b95b361142c3a4c14672517ca9e5b5
+  data.tar.gz: 9a6397e9d84063c8f7cf221c878b0657151a0cf01a6f98172b2ca0dfd1d5e7eddf7da9ce616f550928f5f14dcb073553379add7a006acc875fb162a7ce2a8210

data/.github/workflows/ruby.yml

@@ -0,0 +1,27 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Tests
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '2.5', '2.6', '2.7' ]
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+pkg
+.*~
+
+*.gem
+Gemfile.lock

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--format documentation
+--color

data/{History.rdoc → CHANGELOG.md}

@@ -1,80 +1,114 @@
-== Version 1.2.7 / 2016-10-12
+# CHANGELOG
+
+## Version 1.2.9 / 2020-08-31
+* Avoid warning on uninitialized instance variable (#188)
+* Bump rack to 2.2.3 (#190)
+* Remove Gemfile.lock
+* Resolve outstanding TODO entries (#179)
+* A bunch of gem structure cleanup (thanks @olleolleolle)
+* Set winning strategy when :warden is thrown (#174)
+* Bump rack dependency to >= 2.0.9 due to CVEs
+
+## Version 1.2.8 / 2018-11-15
+
+* Bugfix: Flips two lines to allow scopes authenticating from another without stepping on each other's toes. (PR #144)
+* Update `rack` dependency to >= 2.0.6 due to security vulnerability
+* Internal: Add Rubocop Lint checking
+* Internal: Update RSpec to use `.rspec` file
+
+## Version 1.2.7 / 2016-10-12
+
 * Added 'frozen_string_literal' comment, bump ruby to 2.3
 
-== Version 1.2.6 / 2016-01-31
+## Version 1.2.6 / 2016-01-31
+
 * Separate test helpers to encapsulate Warden object mocking inside it's own class
 
-== Version 1.2.5 / 2016-01-28
+## Version 1.2.5 / 2016-01-28
+
 * Expands on the test helpers available to make it easier for testing gems
 
-== Version 1.2.3 / 2013-07-14
+## Version 1.2.3 / 2013-07-14
+
 * Fix an issue with lazy loaded sessions
 
-== Version 1.2.2 / 2013-07-12
+## Version 1.2.2 / 2013-07-12
+
 * Support nil session stores on logout
 * Fix strategies blowing up with undefined method base
 
-== Version 1.2.1 / 2012-06-16
+## Version 1.2.1 / 2012-06-16
+
 * Minor caching and speed improvements
 * Add support to #lock in the proxy
 * Add support to after_failed_fetch callback
 
-== Version 1.2.0 / 2012-05-08
+## Version 1.2.0 / 2012-05-08
+
 * Deprecate warden_cookies since it was never functional
 * Add support to serialize_from_session and serialize_into_session per scope
 
-== Version 1.1.1 / 2012-02-16
+## Version 1.1.1 / 2012-02-16
+
 * Allow run_callbacks as an option to set_user and user
 
-== Version 1.1.0 / 2011-11-02
+## Version 1.1.0 / 2011-11-02
+
 * Use the default scopes action when using a bare throw(:warden)
 
-== Version 1.0.6
+## Version 1.0.6
+
 * Remove gem files from the packaged gem
 
-== Version 1.0.3
+## Version 1.0.3
+
 * Do not renew session on user fetch
 
-== Version 1.0.2
+## Version 1.0.2
+
 * Added :intercept_401 to Warden::Config
 
-== Version 1.0.1
+## Version 1.0.1
+
 * Bug fix on strategies errors handler
 
-== Version 1.0.0
+## Version 1.0.0
+
 * Bump!
 * Allow strategies to configure if user should be stored or not
 * Force session id renewal when user is set
 
-== Version 0.10.7
+## Version 0.10.7
+
 * Performance boost. config object to use raw accessors
 * Add per strategy storage option
 
-== Version 0.10.6 / 0.10.7 / 2010-05-22
+## Version 0.10.6 / 0.10.7 / 2010-05-22
+
 * Bugfix set_user was not respecting logouts in hooks
 
-== Version 0.10.4 / 0.10.5 / 2010-05-20
+## Version 0.10.4 / 0.10.5 / 2010-05-20
 * Add action specifying in scope_defaults
 
-== Version 0.10.3 / 2010-03-01
+## Version 0.10.3 / 2010-03-01
 * Bugfix prevent halted winning strategy from being skipped in subsequent runs
 
-== Version 0.10.2 / 2010-03-26
+## Version 0.10.2 / 2010-03-26
 * Halt on fail!.  Add fail to allow cascading
 * cache the winning strategy
 * Make the config object Dupable
 
-== Version 0.10.1 / 2010-03-23
+## Version 0.10.1 / 2010-03-23
 * Merge previous from master
 * tag
 
-== Version 0.10.0 / 2010-03-22
+## Version 0.10.0 / 2010-03-22
 * Allow default strategies to be set on the proxy
 * Provide each scope with it's own default strategies
 * Provide each scope with default set_user opts
 * depricate the Proxy#default_strategies= method
 
-== Version 0.9.5 / 2010-02-28
+## Version 0.9.5 / 2010-02-28
 
 * Add Warden.test_mode!
 * Add Warden.on_next_request
@@ -82,42 +116,42 @@
 ** login_as
 ** logout
 
-== Version 0.9.4 / 2010-02-23
+## Version 0.9.4 / 2010-02-23
 
 * Fix an issue where winning_strategy was not cleaned, allowing multiple scopes to sign in, even when the second one should not
 
-== Version 0.9.3 / 2010-02-17
+## Version 0.9.3 / 2010-02-17
 
 * Add prepend_ to all hooks (josevalim)
 
-== Version 0.9.2 / 2010-02-10
+## Version 0.9.2 / 2010-02-10
 
 * Ruby 1.9 compatibility changes (grimen)
 
-== Version 0.9.1 / 2010-02-09
+## Version 0.9.1 / 2010-02-09
 
 * Support for passing a custom message with Warden::Strategy::Base#success! as second optional (grimen)
 
-== Version 0.9.0 / 2010-01-21
+## Version 0.9.0 / 2010-01-21
 
 * Remove serializers and make strategies more powerful, including cache behavior (josevalim)
 
-== Version 0.8.1 / 2010-01-06
+## Version 0.8.1 / 2010-01-06
 
 * Fix a bug when silence missing serializers is set (josevalim)
 
-== Version 0.8.0 / 2010-01-06
+## Version 0.8.0 / 2010-01-06
 
 * enhancements
   * Add conditionals to callbacks (josevalim)
   * Extract Warden::Config from Warden::Manager (josevalim)
 
-== Version 0.7.0 / 2010-01-04
+## Version 0.7.0 / 2010-01-04
 
 * enhancements
   * Expose config in warden proxy (hassox)
 
-== Version 0.6.0 / 2009-11-16
+## Version 0.6.0 / 2009-11-16
 
 * enhancements
   * added serializers, including session serializer (set by default) and a cookie serializer (josevalim)
@@ -125,24 +159,27 @@
 * deprecation
   * serializer_into_session and serializer_from_session are deprecated, overwrite serialize and deserializer in Warden::Serializers::Session instead (josevalim)
 
-== Version 0.5.3 / 2009-11-10
+## Version 0.5.3 / 2009-11-10
+
 * bug fixes
   * authenticated? and unauthenticated? should return true or false, not the user or false. (hassox)
 
-== Version 0.5.2 / 2009-11-09
+## Version 0.5.2 / 2009-11-09
+
 * enhancements
   * authenticated? always try to serialize the user from session (josevalim)
   * stored_in_session? checks if user information is stored in session, without serializing (josevalim)
   * 401 behaves exactly like throw :warden (staugaard)
 
-=== Version 0.5.1 / 2009-10-25
+## Version 0.5.1 / 2009-10-25
+
 * enhancements
-  * Adds yeilding to authenticated? and unauthenticated? methods (hassox)
+  * Adds yielding to authenticated? and unauthenticated? methods (hassox)
   * Adds an option to silence missing strategies (josevalim)
   * Add an option to authenticate(!) to prevent storage of a user into the session (hassox)
   * allow custom :action to be thrown (josevalim)
 
-=== Version 0.4.0 / 2009-10-12
+## Version 0.4.0 / 2009-10-12
 
 * enhancements
   * add Content-Type header to redirects (staugaard)
@@ -151,9 +188,7 @@
 * bug fixes
   * Do not consume opts twice, otherwise just the first will parse the scope (josevalim)
 
-=== Version 0.3.2 / 2009-09-15
+## Version 0.3.2 / 2009-09-15
 
 * enhancements
   * add a hook for plugins to specify how they can clear the whole section
-
-

data/Gemfile

@@ -4,9 +4,9 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'rake'
-gem 'rack', '1.3'
+gem 'pry'
 
 group :test do
-  gem 'rspec', '~>3'
+  gem 'rspec', '~> 3'
   gem 'rack-test'
 end

data/LICENSE

@@ -1,4 +1,5 @@
-Copyright (c) 2009 Daniel Neighman
+Copyright (c) 2009-2017 Daniel Neighman
+Copyright (c) 2017-2020 Justin Smestad
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -0,0 +1,18 @@
+# Warden
+
+## Getting Started
+
+Please see the [Warden Wiki](https://github.com/wardencommunity/warden/wiki) for overview documentation.
+
+## Maintainers
+
+* Daniel Neighman (hassox)
+* José Valim (josevalim)
+* Justin Smestad (jsmestad)
+* Whitney Smestad (whithub)
+
+[A list of all contributors is available on Github.](https://github.com/hassox/warden/contributors)
+
+## LICENSE
+
+See `LICENSE` file.

data/Rakefile

@@ -1,13 +1,8 @@
 # -*- encoding: utf-8 -*-
 # frozen_string_literal: true
-require 'rubygems'
-require 'rake'
-$:.unshift  File.join(File.dirname(__FILE__), "lib")
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
 
-require 'rspec/core'
-require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
 
 task :default => :spec
-
-desc "Run all specs in spec directory"
-RSpec::Core::RakeTask.new(:spec)

data/lib/warden/config.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
   # This class is yielded inside Warden::Manager. If you have a plugin and want to

data/lib/warden/errors.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   class Proxy
     # Lifted from DataMapper's dm-validations plugin :)
@@ -39,7 +39,7 @@ module Warden
       end
 
       def each
-        errors.map.each do |k,v|
+        errors.map.each do |_k,v|
           next if blank?(v)
           yield(v)
         end

data/lib/warden/hooks.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Hooks
 

data/lib/warden/manager.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 require 'warden/hooks'
 require 'warden/config'
 
@@ -22,7 +22,6 @@ module Warden
       @app, @config = app, Warden::Config.new(options)
       @config.default_strategies(*default_strategies) if default_strategies
       yield @config if block_given?
-      self
     end
 
     # Invoke the application guarding for throw :warden.
@@ -33,6 +32,7 @@ module Warden
 
       env['warden'] = Proxy.new(env, self)
       result = catch(:warden) do
+        env['warden'].on_request
         @app.call(env)
       end
 

data/lib/warden/mixins/common.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Mixins
     module Common

data/lib/warden/proxy.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
   class UserNotSet < RuntimeError; end
@@ -29,6 +29,11 @@ module Warden
       @env, @users, @winning_strategies, @locked = env, {}, {}, false
       @manager, @config = manager, manager.config.dup
       @strategies = Hash.new { |h,k| h[k] = {} }
+    end
+
+    # Run the on_request callbacks
+    # :api: private
+    def on_request
       manager._run_callbacks(:on_request, self)
     end
 
@@ -106,7 +111,7 @@ module Warden
       user
     end
 
-    # Same API as authenticated, but returns a boolean instead of a user.
+    # Same API as authenticate, but returns a boolean instead of a user.
     # The difference between this method (authenticate?) and authenticated?
     # is that the former will run strategies if the user has not yet been
     # authenticated, and the second relies on already performed ones.
@@ -172,7 +177,13 @@ module Warden
 
       if opts[:store] != false && opts[:event] != :fetch
         options = env[ENV_SESSION_OPTIONS]
-        options[:renew] = true if options
+        if options
+          if options.frozen?
+            env[ENV_SESSION_OPTIONS] = options.merge(:renew => true).freeze
+          else
+            options[:renew] = true
+          end
+        end
         session_serializer.store(user, scope)
       end
 
@@ -319,7 +330,7 @@ module Warden
       user = nil
 
       # Look for an existing user in the session for this scope.
-      # If there was no user in the session. See if we can get one from the request.
+      # If there was no user in the session, see if we can get one from the request.
       return user, opts if user = user(opts.merge(:scope => scope))
       _run_strategies_for(scope, args)
 
@@ -354,9 +365,12 @@ module Warden
       (strategies || args).each do |name|
         strategy = _fetch_strategy(name, scope)
         next unless strategy && !strategy.performed? && strategy.valid?
+        catch(:warden) do
+          _update_winning_strategy(strategy, scope)
+        end
 
-        self.winning_strategy = @winning_strategies[scope] = strategy
         strategy._run!
+        _update_winning_strategy(strategy, scope)
         break if strategy.halted?
       end
     end
@@ -371,6 +385,11 @@ module Warden
         raise "Invalid strategy #{name}"
       end
     end
+
+    # Updates the winning strategy for a given scope
+    def _update_winning_strategy(strategy, scope)
+      self.winning_strategy = @winning_strategies[scope] = strategy
+    end
   end # Proxy
 
 end # Warden

data/lib/warden/session_serializer.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   class SessionSerializer
     attr_reader :env

data/lib/warden/strategies/base.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
   module Strategies
     # A strategy is a place where you can put logic related to authentication. Any strategy inherits
@@ -45,6 +45,7 @@ module Warden
         @env, @scope = env, scope
         @status, @headers = nil, {}
         @halted, @performed = false, false
+        @result = nil
       end
 
       # The method that is called from above. This method calls the underlying authenticate! method

data/lib/warden/test/helpers.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
   module Test
@@ -7,7 +7,7 @@ module Warden
     # These provide the ability to login and logout on any given request
     # Note: During the teardown phase of your specs you should include: Warden.test_reset!
     module Helpers
-      def self.included(base)
+      def self.included(_base)
         ::Warden.test_mode!
       end
 

data/lib/warden/test/mock.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 
 require 'rack'
 
@@ -8,7 +8,7 @@ module Warden
     # A mock of an application to get a Warden object to test on
     # Note: During the teardown phase of your specs you should include: Warden.test_reset!
     module Mock
-      def self.included(base)
+      def self.included(_base)
         ::Warden.test_mode!
       end
 
@@ -37,7 +37,7 @@ module Warden
       def app
         @app ||= begin
           opts = {
-            failure_app: lambda {
+            failure_app: lambda { |_e|
               [401, { 'Content-Type' => 'text/plain' }, ['You Fail!']]
             },
             default_strategies: :password,
@@ -46,7 +46,7 @@ module Warden
           Rack::Builder.new do
             use Warden::Test::Mock::Session
             use Warden::Manager, opts, &proc {}
-            run lambda { |e|
+            run lambda { |_e|
               [200, { 'Content-Type' => 'text/plain' }, ['You Win']]
             }
           end
@@ -55,7 +55,7 @@ module Warden
 
       class Session
         attr_accessor :app
-        def initialize(app,configs = {})
+        def initialize(app, _configs={})
           @app = app
         end
 

data/lib/warden/test/warden_helpers.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 
 module Warden
 

data/lib/warden/version.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 module Warden
-  VERSION = "1.2.7"
+  VERSION = "1.2.9"
 end

data/lib/warden.rb

@@ -1,5 +1,5 @@
-# frozen_string_literal: true
 # encoding: utf-8
+# frozen_string_literal: true
 require 'forwardable'
 
 require 'warden/mixins/common'

data/warden.gemspec

@@ -1,25 +1,25 @@
 # -*- encoding: utf-8 -*-
 # frozen_string_literal: true
 
-require './lib/warden/version'
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'warden/version'
 
-Gem::Specification.new do |s|
-  s.name = %q{warden}
-  s.version = Warden::VERSION.dup
-  s.authors = ["Daniel Neighman"]
-  s.email = %q{has.sox@gmail.com}
-  s.license = "MIT"
-  s.extra_rdoc_files = [
+Gem::Specification.new do |spec|
+  spec.name = "warden"
+  spec.version = Warden::VERSION
+  spec.authors = ["Daniel Neighman", "Justin Smestad", "Whitney Smestad", "José Valim"]
+  spec.email = %q{hasox.sox@gmail.com justin.smestad@gmail.com whitcolorado@gmail.com}
+  spec.homepage = "https://github.com/hassox/warden"
+  spec.summary = "An authentication library compatible with all Rack-based frameworks"
+  spec.license = "MIT"
+  spec.extra_rdoc_files = [
     "LICENSE",
-     "README.textile"
+    "README.md"
   ]
-  s.files = Dir["**/*"] - Dir["*.gem"] - ["Gemfile.lock"]
-  s.homepage = %q{http://github.com/hassox/warden}
-  s.rdoc_options = ["--charset=UTF-8"]
-  s.require_paths = ["lib"]
-  s.rubyforge_project = %q{warden}
-  s.rubygems_version = %q{1.3.7}
-  s.summary = %q{Rack middleware that provides authentication for rack applications}
-  s.add_dependency "rack", ">= 1.0"
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.require_paths = ["lib"]
+  spec.add_dependency "rack", ">= 2.0.9"
 end
-