Merge branch 'develop' into feature-warden-srp

Conflicts:
	Gemfile.lock
	users/app/controllers/application_controller.rb
	users/leap_web_users.gemspec

12 files changed, 147 insertions, 24 deletions

diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb
deleted file mode 100644
index 8388dda..0000000
--- a/users/app/controllers/application_controller.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-class ApplicationController < ActionController::Base
-  protect_from_forgery
-
-  private
-
-  def current_user
-    @current_user ||= env['warden'].user
-  end
-  helper_method :current_user
-
-  def authorize
-    redirect_to login_url, alert: "Not authorized" if current_user.nil?
-  end
-end
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
new file mode 100644
index 0000000..50cf0d1
--- /dev/null
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -0,0 +1,34 @@
+module ControllerExtension::Authentication
+  extend ActiveSupport::Concern
+
+  private
+
+  included do
+    helper_method :current_user, :logged_in?, :admin?
+  end
+
+  def current_user
+    @current_user ||= env['warden'].user
+  end
+
+  def logged_in?
+    !!current_user
+  end
+
+  def authorize
+    access_denied unless logged_in?
+  end
+
+  def access_denied
+    redirect_to login_url, :alert => "Not authorized"
+  end
+
+  def admin?
+    current_user && current_user.is_admin?
+  end
+
+  def authorize_admin
+    access_denied unless admin?
+  end
+
+end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 737e083..0f5d650 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -66,11 +66,9 @@ class User < CouchRest::Model::Base
     login
   end
 
-  def self.current
-    Thread.current[:user]
-  end
-  def self.current=(user)
-    Thread.current[:user] = user
+  # Since we are storing admins by login, we cannot allow admins to change their login.
+  def is_admin?
+    APP_CONFIG['admins'].include? self.login
   end
 
 end
diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml
index a5397bd..204ba88 100644
--- a/users/app/views/sessions/_nav.html.haml
+++ b/users/app/views/sessions/_nav.html.haml
@@ -1,6 +1,9 @@
-- if current_user
+- if logged_in?
   %li
+    = 'logged in as ' + current_user.login
     = link_to t(:logout), logout_path
+    - if admin?
+      = 'ADMIN' # obviously not like this
 - else
   %li
     = link_to t(:login), login_path
diff --git a/users/config/initializers/add_controller_methods.rb b/users/config/initializers/add_controller_methods.rb
new file mode 100644
index 0000000..2579176
--- /dev/null
+++ b/users/config/initializers/add_controller_methods.rb
@@ -0,0 +1,3 @@
+ActiveSupport.on_load(:application_controller) do
+  include ControllerExtension::Authentication
+end
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 053f8dc..0682a99 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -17,6 +17,6 @@ Gem::Specification.new do |s|
 
   s.add_dependency "leap_web_core", LeapWeb::VERSION
 
-  s.add_dependency "ruby-srp", "~> 0.1.3"
+  s.add_dependency "ruby-srp", "~> 0.1.4"
   s.add_dependency "rails_warden"
 end
diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
new file mode 100644
index 0000000..69bcb2f
--- /dev/null
+++ b/users/test/functional/application_controller_test.rb
@@ -0,0 +1,29 @@
+require 'test_helper'
+
+class ApplicationControllerTest < ActionController::TestCase
+
+  def setup
+    # so we can test the effect on the response
+    @controller.response = @response
+  end
+
+  def test_authorize_redirect
+    stub_logged_out
+    @controller.send(:authorize)
+    assert_access_denied
+  end
+
+  def test_authorized
+    @user = stub_logged_in
+    @controller.send(:authorize)
+    assert_access_denied(false)
+  end
+
+  def test_authorize_admin
+    @user = stub_logged_in
+    @user.expects(:is_admin?).returns(false)
+    @controller.send(:authorize_admin)
+    assert_access_denied
+  end
+
+end
diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb
new file mode 100644
index 0000000..c0eaf61
--- /dev/null
+++ b/users/test/functional/helper_methods_test.rb
@@ -0,0 +1,42 @@
+#
+# Testing and documenting the helper methods available from
+# ApplicationController
+#
+
+require 'test_helper'
+
+class HelperMethodsTest < ActionController::TestCase
+  tests ApplicationController
+
+  # we test them right in here...
+  include ApplicationController._helpers
+
+  # they all reference the controller.
+  def controller
+    @controller
+  end
+
+  def test_current_user_with_caching
+    @user = stub_logged_in
+    assert_equal @user, current_user
+    assert_equal @user, current_user # tests caching
+  end
+
+  def test_logged_in
+    @user = stub_logged_in
+    assert logged_in?
+  end
+
+  def test_logged_out
+    stub_logged_out
+    assert !logged_in?
+  end
+
+  def test_admin
+    bool = stub
+    @user = stub_logged_in
+    @user.expects(:is_admin?).returns(bool)
+    assert_equal bool, admin?
+  end
+
+end
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 66de1e5..5800d46 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -39,7 +39,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   end
 
   test "signup response" do
-    assert_json_response @user_params.slice(:login, :password_salt)
+    assert_json_response :login => @login, :ok => true
     assert_response :success
   end
 
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
new file mode 100644
index 0000000..9412058
--- /dev/null
+++ b/users/test/support/auth_test_helper.rb
@@ -0,0 +1,29 @@
+module AuthTestHelper
+
+  def stub_logged_in
+    @user_id = stub
+    @user = stub
+    session[:user_id] = @user_id
+    User.expects(:find).once.with(@user_id).returns(@user)
+    return @user
+  end
+
+  def stub_logged_out
+    @user_id = stub
+    session[:user_id] = @user_id
+    User.expects(:find).once.with(@user_id).returns(nil)
+  end
+
+  def assert_access_denied(denied = true)
+    if denied
+      assert_equal({:alert => "Not authorized"}, flash.to_hash)
+      assert_redirected_to login_path
+    else
+      assert flash[:alert].blank?
+    end
+  end
+end
+
+class ActionController::TestCase
+  include AuthTestHelper
+end
diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb
index 08d4d41..e8f0125 100644
--- a/users/test/test_helper.rb
+++ b/users/test/test_helper.rb
@@ -7,4 +7,3 @@ Rails.backtrace_cleaner.remove_silencers!
 
 # Load support files
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
-
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index 822ef33..f057ca7 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -19,7 +19,7 @@ class UserTest < ActiveSupport::TestCase
   end
 
   test "test require alphanumerical for login" do
-    @user.login = "qwär"
+    @user.login = "qw#r"
     assert !@user.valid?
   end