warden 0.8.1 → 0.9.0

data/Rakefile

@@ -1,8 +1,10 @@
 require 'rubygems'
+gem 'rspec'
 require 'spec/rake/spectask'
 require File.join(File.dirname(__FILE__), "lib", "warden", "version")
 
 begin
+  gem 'jeweler'
   require 'jeweler'
   Jeweler::Tasks.new do |gem|
     gem.name = "warden"
@@ -13,8 +15,9 @@ begin
     gem.authors = ["Daniel Neighman"]
     gem.rubyforge_project = "warden"
     gem.add_dependency "rack", ">= 1.0.0"
+    gem.add_development_dependency "rspec", ">= 1.0.0"
   end
-  
+
   Jeweler::GemcutterTasks.new
 rescue LoadError
   puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"

data/lib/warden.rb

@@ -1,17 +1,13 @@
 # encoding: utf-8
 require 'forwardable'
-$:.unshift File.join(File.dirname(__FILE__))
 
 require 'warden/mixins/common'
 require 'warden/proxy'
 require 'warden/manager'
 require 'warden/errors'
+require 'warden/session_serializer'
 require 'warden/strategies'
 require 'warden/strategies/base'
-require 'warden/serializers'
-require 'warden/serializers/base'
-require 'warden/serializers/cookie'
-require 'warden/serializers/session'
 
 module Warden
   class NotAuthenticated < StandardError; end

data/lib/warden/config.rb

@@ -34,10 +34,8 @@ module Warden
 
     def initialize(other={})
       merge!(other)
-
       self[:default_scope]       ||= :default
       self[:default_strategies]  ||= []
-      self[:default_serializers] ||= [ :session ]
     end
 
     # Do not raise an error if a missing strategy is given by default.
@@ -50,16 +48,6 @@ module Warden
       !!self[:silence_missing_strategies]
     end
 
-    # Do not raise an error if a missing serializer is given by default.
-    # :api: plugin
-    def silence_missing_serializers!
-      self[:silence_missing_serializers] = true
-    end
-
-    def silence_missing_serializers? #:nodoc:
-      !!self[:silence_missing_serializers]
-    end
-
     # Set the default strategies to use.
     # :api: public
     def default_strategies(*strategies)
@@ -70,26 +58,22 @@ module Warden
       end
     end
 
-    # Set the default serializers to use. By default, only session is enabled.
+    # Quick accessor to strategies from manager
     # :api: public
-    def default_serializers(*serializers)
-      if serializers.empty?
-        self[:default_serializers]
-      else
-        self[:default_serializers] = serializers.flatten
-      end
+    def strategies
+      Warden::Strategies
     end
 
-    # Quick accessor to strategies from manager
+    # Hook from configuration to serialize_into_session.
     # :api: public
-    def serializers
-      Warden::Serializers
+    def serialize_into_session(*args, &block)
+      Warden::Manager.serialize_into_session(*args, &block)
     end
 
-    # Quick accessor to strategies from manager
+    # Hook from configuration to serialize_from_session.
     # :api: public
-    def strategies
-      Warden::Strategies
+    def serialize_from_session(*args, &block)
+      Warden::Manager.serialize_from_session(*args, &block)
     end
   end
 end

data/lib/warden/hooks.rb

@@ -16,8 +16,8 @@ module Warden
     end
 
     # A callback hook set to run every time after a user is set.
-    # This callback is triggered the first time one of those three events happens during a request:
-    # :authentication, :fetch (from one of the serializers, like session) and :set_user (when manually set).
+    # This callback is triggered the first time one of those three events happens
+    # during a request: :authentication, :fetch (from session) and :set_user (when manually set).
     # You can supply as many hooks as you like, and they will be run in order of decleration.
     #
     # If you want to run the callbacks for a given scope and/or event, you can specify them as options.

data/lib/warden/manager.rb

@@ -37,10 +37,10 @@ module Warden
       result ||= {}
       case result
       when Array
-        if result.first != 401
-          return result
-        else
+        if result.first == 401
           process_unauthenticated({:original_response => result, :action => :unauthenticated}, env)
+        else
+          result
         end
       when Hash
         result[:action] ||= :unauthenticated
@@ -53,6 +53,32 @@ module Warden
       self.class._run_callbacks(*args)
     end
 
+    class << self
+      # Prepares the user to serialize into the session.
+      # Any object that can be serialized into the session in some way can be used as a "user" object
+      # Generally however complex object should not be stored in the session.
+      # If possible store only a "key" of the user object that will allow you to reconstitute it.
+      #
+      # Example:
+      #   Warden::Manager.serialize_into_session{ |user| user.id }
+      #
+      # :api: public
+      def serialize_into_session(&block)
+        Warden::SessionSerializer.send :define_method, :serialize, &block
+      end
+
+      # Reconstitues the user from the session.
+      # Use the results of user_session_key to reconstitue the user from the session on requests after the initial login
+      #
+      # Example:
+      #   Warden::Manager.serialize_from_session{ |id| User.get(id) }
+      #
+      # :api: public
+      def serialize_from_session(&block)
+        Warden::SessionSerializer.send :define_method, :deserialize, &block
+      end
+    end
+
   private
 
     # When a request is unauthentiated, here's where the processing occurs.
@@ -63,7 +89,7 @@ module Warden
 
       case action
         when :redirect
-          [env['warden']._status, env['warden'].headers, [env['warden'].message || "You are being redirected to #{env['warden'].headers['Location']}"]]
+          [env['warden'].status, env['warden'].headers, [env['warden'].message || "You are being redirected to #{env['warden'].headers['Location']}"]]
         when :custom
           env['warden'].custom_response
         else

data/lib/warden/manager_deprecation.rb

@@ -1,5 +1,22 @@
 module Warden
   module ManagerDeprecation
+    class Dummy
+      def update(type, &block)
+        if type == :session
+          warn "[DEPRECATION] warden.serializers.update(:session) is deprecated. " <<
+               "Please use Warden::Manager.serialize_from_session and Warden::Manager.serialize_into_session"
+          Warden::SessionSerializer.class_eval(&block)
+        else
+          method_missing(update)
+        end
+      end
+
+      def method_missing(method, *args)
+        warn "[DEPRECATION] warden.serializers.#{method} is deprecated."
+        nil
+      end
+    end
+
     # Read the default scope from Warden
     def default_scope
       warn "[DEPRECATION] Warden::Manager.default_scope is deprecated. It's now accessible in the Warden::Manager instance."
@@ -10,53 +27,9 @@ module Warden
       warn "[DEPRECATION] Warden::Manager.default_scope= is deprecated. Please set it in the Warden::Manager instance."
     end
 
-    # Prepares the user to serialize into the session.
-    # Any object that can be serialized into the session in some way can be used as a "user" object
-    # Generally however complex object should not be stored in the session.
-    # If possible store only a "key" of the user object that will allow you to reconstitute it.
-    #
-    # Example:
-    #   Warden::Manager.serialize_into_session{ |user| user.id }
-    #
-    # Deprecation:
-    #   This method was deprecated in favor of serializer in Session. You can set it while setting the middleware:
-    #
-    #   use Warden::Manager do |manager|
-    #     manager.serializers.update(:session) do
-    #       def serialize(user)
-    #         user.id
-    #       end
-    #     end
-    #   end
-    #
-    # :api: public
-    def serialize_into_session(&block)
-      warn "[DEPRECATION] serialize_into_session is deprecated. Please overwrite the serialize method in Warden::Serializers::Session."
-      Warden::Serializers::Session.send :define_method, :serialize, &block
+    def serializers
+      warn "[DEPRECATION] warden.serializers is deprecated since Warden::Serializers were merged into Warden::Strategies."
+      Dummy.new
     end
-
-    # Reconstitues the user from the session.
-    # Use the results of user_session_key to reconstitue the user from the session on requests after the initial login
-    #
-    # Example:
-    #   Warden::Manager.serialize_from_session{ |id| User.get(id) }
-    #
-    # Deprecation:
-    #   This method was deprecated in favor of serializer in Session. You can set it while setting the middleware:
-    #
-    #   use Warden::Manager do |manager|
-    #     manager.serializers.update(:session) do
-    #       def deserialize(id)
-    #         User.get(id)
-    #       end
-    #     end
-    #   end
-    #
-    # :api: public
-    def serialize_from_session(&block)
-      warn "[DEPRECATION] serialize_from_session is deprecated. Please overwrite the deserialize method in Warden::Serializers::Session."
-      Warden::Serializers::Session.send :define_method, :deserialize, &block
-    end
-
   end
 end

data/lib/warden/mixins/common.rb

@@ -18,11 +18,11 @@ module Warden
         @request ||= Rack::Request.new(@env)
       end # request
 
-      # Convenience method to access the rack response. This should be replaced by the
-      # actual response returned to the client.
+      # Provides a warden repository for cookies. Those are sent to the client
+      # when the response is streamed back from the app.
       # :api: public
-      def response
-        @response ||= Rack::Response.new(@env)
+      def warden_cookies
+        env['warden.cookies'] ||= {}
       end # response
 
       # Convenience method to access the rack request params

data/lib/warden/proxy.rb

@@ -3,7 +3,7 @@ module Warden
   class UserNotSet < RuntimeError; end
 
   class Proxy
-    # An accessor to the wining strategy
+    # An accessor to the winning strategy
     # :api: private
     attr_accessor :winning_strategy
 
@@ -15,56 +15,77 @@ module Warden
     include ::Warden::Mixins::Common
 
     # :api: private
-    def_delegators :winning_strategy, :headers, :_status, :custom_response
+    def_delegators :winning_strategy, :headers, :status, :custom_response
 
     def initialize(env, manager) #:nodoc:
       @env, @users = env, {}
+      @strategies  = Hash.new { |h,k| h[k] = {} }
       @manager, @config = manager, manager.config
       errors # setup the error object in the session
     end
 
-    # Check to see if there is an authenticated user for the given scope.
-    # When scope is not specified, Warden::Manager.default_scope is assumed.
-    # This will not try to reconstitute the user from the session and will simply check for the
-    # existance of a session key
+    # Points to a SessionSerializer instance responsible for handling
+    # everything related with storing, fetching and removing the user
+    # session.
+    # :api: public
+    def session_serializer
+      @session_serializer ||= Warden::SessionSerializer.new(@env)
+    end
+
+    # Clear the cache of performed strategies so far. It has the same API
+    # as authenticate, allowing you to clear an specific strategies for
+    # given scope:
     #
     # Parameters:
-    #   scope - the scope to check for authentication.  Defaults to :default
+    #   args - a list of symbols (labels) that name the strategies to attempt
+    #   opts - an options hash that contains the :scope of the user to check
     #
     # Example:
-    #   env['warden'].authenticated?(:admin)
+    #   # Clear all strategies for the configured default_scope
+    #   env['warden'].clear_strategies_cache!
+    #
+    #   # Clear all strategies for the :admin scope
+    #   env['warden'].clear_strategies_cache!(:scope => :admin)
+    #
+    #   # Clear password strategy for the :admin scope
+    #   env['warden'].clear_strategies_cache!(:password, :scope => :admin)
     #
     # :api: public
-    def authenticated?(scope = @config.default_scope)
-      result = !!user(scope)
-      yield if block_given? && result
-      result
-    end
+    def clear_strategies_cache!(*args)
+      scope, opts = _retrieve_scope_and_opts(args)
 
-    # Same API as authenticated, but returns false when authenticated.
-    # :api: public
-    def unauthenticated?(scope = @config.default_scope)
-      result = !authenticated?(scope)
-      yield if block_given? && result
-      result
+      @strategies[scope].each do |k, v|
+        v.clear! if args.empty? || args.include?(k)
+      end
     end
 
     # Run the authentiation strategies for the given strategies.
     # If there is already a user logged in for a given scope, the strategies are not run
     # This does not halt the flow of control and is a passive attempt to authenticate only
-    # When scope is not specified, Warden::Manager.default_scope is assumed.
+    # When scope is not specified, the default_scope is assumed.
     #
     # Parameters:
     #   args - a list of symbols (labels) that name the strategies to attempt
     #   opts - an options hash that contains the :scope of the user to check
     #
     # Example:
-    #   env['auth'].authenticate(:password, :basic, :scope => :sudo)
+    #   env['warden'].authenticate(:password, :basic, :scope => :sudo)
     #
     # :api: public
     def authenticate(*args)
-      scope, opts = _perform_authentication(*args)
-      user(scope)
+      user, opts = _perform_authentication(*args)
+      user
+    end
+
+    # Same API as authenticated, but returns a boolean instead of a user.
+    # The difference between this method (authenticate?) and authenticated?
+    # is that the former will run strategies if the user has not yet been authenticated,
+    # and the second relies on already performed ones.
+    # :api: public
+    def authenticate?(*args)
+      result = !!authenticate(*args)
+      yield if result && block_given?
+      result
     end
 
     # The same as +authenticate+ except on failure it will throw an :warden symbol causing the request to be halted
@@ -75,28 +96,34 @@ module Warden
     #
     # :api: public
     def authenticate!(*args)
-      scope, opts = _perform_authentication(*args)
-      throw(:warden, opts) if !user(scope)
-      user(scope)
+      user, opts = _perform_authentication(*args)
+      throw(:warden, opts) unless user
+      user
     end
 
-    # Checks if the given scope is stored in session. Different from authenticated?, this method
-    # does not serialize values from session.
+    # Check to see if there is an authenticated user for the given scope.
+    # This brings the user from the session, but does not run strategies before doing so.
+    # If you want strategies to be run, please check authenticate?.
     #
-    # Example
-    #   env['warden'].set_user(@user)
-    #   env['warden'].stored?                     #=> true
-    #   env['warden'].stored?(:default)           #=> true
-    #   env['warden'].stored?(:default, :session) #=> true
-    #   env['warden'].stored?(:default, :cookie)  #=> false
+    # Parameters:
+    #   scope - the scope to check for authentication. Defaults to default_scope
+    #
+    # Example:
+    #   env['warden'].authenticated?(:admin)
     #
     # :api: public
-    def stored?(scope = @config.default_scope, serializer = nil)
-      if serializer
-        _find_serializer(serializer).stored?(scope)
-      else
-        serializers.any? { |s| s.stored?(scope) }
-      end
+    def authenticated?(scope = @config.default_scope)
+      result = !!user(scope)
+      yield if block_given? && result
+      result
+    end
+
+    # Same API as authenticated?, but returns false when authenticated.
+    # :api: public
+    def unauthenticated?(scope = @config.default_scope)
+      result = !authenticated?(scope)
+      yield if block_given? && result
+      result
     end
 
     # Manually set the user into the session and auth proxy
@@ -109,8 +136,9 @@ module Warden
     def set_user(user, opts = {})
       return unless user
       scope = (opts[:scope] ||= @config.default_scope)
-      _store_user(user, scope) unless opts[:store] == false
+
       @users[scope] = user
+      session_serializer.store(user, scope) unless opts[:store] == false
 
       opts[:event] ||= :set_user
       manager._run_callbacks(:after_set_user, user, self, opts)
@@ -118,7 +146,8 @@ module Warden
     end
 
     # Provides acccess to the user object in a given scope for a request.
-    # will be nil if not logged in
+    # Will be nil if not logged in. Please notice that this method does not
+    # perform strategies.
     #
     # Example:
     #   # without scope (default user)
@@ -129,7 +158,8 @@ module Warden
     #
     # :api: public
     def user(scope = @config.default_scope)
-      @users[scope] ||= set_user(_fetch_user(scope), :scope => scope, :event => :fetch)
+      @users[scope] ||= set_user(session_serializer.fetch(scope),
+                                 :scope => scope, :event => :fetch)
     end
 
     # Provides a scoped session data for authenticated users.
@@ -176,7 +206,7 @@ module Warden
         manager._run_callbacks(:before_logout, user, self, :scope => scope)
 
         raw_session.delete("warden.user.#{scope}.session")
-        _delete_user(user, scope)
+        session_serializer.delete(scope, user)
       end
 
       reset_session! if reset_session
@@ -207,97 +237,56 @@ module Warden
       !!@custom_failure
     end
 
-    # Retrieve and initializer serializers.
-    # :api: private
-    def serializers # :nodoc:
-      @serializers ||= begin
-        @config.default_serializers.inject([]) do |array, s|
-          unless klass = Warden::Serializers[s]
-            raise "Invalid serializer #{s}" unless @config.silence_missing_serializers?
-            array
-          else
-            array << klass.new(@env)
-          end
-        end
-      end
-    end
-
     private
 
-    # :api: private
     def _perform_authentication(*args)
-      scope = scope_from_args(args)
-      opts  = opts_from_args(args)
+      scope, opts = _retrieve_scope_and_opts(args)
+      user = nil
 
       # Look for an existing user in the session for this scope.
-      # If there was no user in the session. See if we can get one from the request
-      return scope, opts if user(scope)
-
+      # If there was no user in the session. See if we can get one from the request.
+      return user, opts if user = user(scope)
       _run_strategies_for(scope, args)
 
       if winning_strategy && winning_strategy.user
         set_user(winning_strategy.user, opts.merge!(:event => :authentication))
       end
 
-      [scope, opts]
+      [@users[scope], opts]
     end
 
-    # :api: private
-    def scope_from_args(args) # :nodoc:
-      Hash === args.last ? args.last.fetch(:scope, @config.default_scope) : @config.default_scope
-    end
-
-    # :api: private
-    def opts_from_args(args) # :nodoc:
-      Hash === args.last ? args.pop : {}
+    def _retrieve_scope_and_opts(args) #:nodoc:
+      opts  = args.last.is_a?(Hash) ? args.pop : {}
+      scope = opts[:scope] || @config.default_scope
+      [scope, opts]
     end
 
-    # :api: private
+    # Run the strategies for a given scope
     def _run_strategies_for(scope, args) #:nodoc:
       strategies = args.empty? ? @config.default_strategies : args
-      raise "No Strategies Found" if strategies.empty?
 
-      strategies.each do |s|
-        unless klass = Warden::Strategies[s]
-          raise "Invalid strategy #{s}" unless args.empty? && @config.silence_missing_strategies?
-          next
-        end
+      strategies.each do |name|
+        strategy = _fetch_strategy(name, scope)
+        next unless strategy && !strategy.performed? && strategy.valid?
 
-        strategy = klass.new(@env, scope)
         self.winning_strategy = strategy
-        next unless strategy.valid?
-
         strategy._run!
         break if strategy.halted?
       end
     end
 
-    # Does the work of storing the user in stores.
-    # :api: private
-    def _store_user(user, scope) # :nodoc:
-      return unless user
-      serializers.each { |s| s.store(user, scope) }
-    end
+    # Fetchs strategies and keep them in a hash cache.
+    def _fetch_strategy(name, scope)
+      return @strategies[scope][name] if @strategies[scope].key?(name)
 
-    # Does the work of fetching the user from the first store.
-    # :api: private
-    def _fetch_user(scope) # :nodoc:
-      serializers.each do |s|
-        user = s.fetch(scope)
-        return user if user
+      @strategies[scope][name] = if klass = Warden::Strategies[name]
+        klass.new(@env, scope)
+      elsif @config.silence_missing_strategies?
+        nil
+      else
+        raise "Invalid strategy #{name}"
       end
-      nil
-    end
-
-    # Does the work of deleteing the user in all stores.
-    # :api: private
-    def _delete_user(user, scope) # :nodoc:
-      serializers.each { |s| s.delete(scope, user) }
     end
 
-    # :api: private
-    def _find_serializer(name) # :nodoc:
-      serializers.find { |s| s.class == ::Warden::Serializers[name] }
-    end
   end # Proxy
 end # Warden