summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore3
-rw-r--r--README.md3
-rw-r--r--config/config.yml.example8
-rw-r--r--config/initializers/load_config.rb1
-rw-r--r--test/dummy/app/controllers/application_controller.rb3
-rw-r--r--users/app/controllers/controller_extension/authentication.rb21
-rw-r--r--users/app/models/user.rb10
-rw-r--r--users/app/views/sessions/_nav.html.haml5
-rw-r--r--users/test/functional/application_controller_test.rb29
-rw-r--r--users/test/functional/helper_methods_test.rb42
-rw-r--r--users/test/support/auth_test_helper.rb25
-rw-r--r--users/test/test_helper.rb3
12 files changed, 140 insertions, 13 deletions
diff --git a/.gitignore b/.gitignore
index 93547cd..d447b54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,6 @@
*/Gemfile.lock
test/dummy/log/*
test/dummy/tmp/*
+
+# Ignore configuration file.
+config/config.yml \ No newline at end of file
diff --git a/README.md b/README.md
index 3ea47bb..fee4e60 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,9 @@ The webapp can hand out certs for the EIP client. These certs are either picked
We also ship provider information through the webapp. For now please add your eip-service.json to the public/config directory.
+Copy the example configuration file and customize as appropriate:
+ cp config/config.yml.example config/config.yml
+
Running
-----------------------------
diff --git a/config/config.yml.example b/config/config.yml.example
new file mode 100644
index 0000000..e3a0112
--- /dev/null
+++ b/config/config.yml.example
@@ -0,0 +1,8 @@
+development:
+ admins: [admin, admin2]
+
+test:
+ admins: [admin, admin2]
+
+production
+ admins: []
diff --git a/config/initializers/load_config.rb b/config/initializers/load_config.rb
new file mode 100644
index 0000000..e687429
--- /dev/null
+++ b/config/initializers/load_config.rb
@@ -0,0 +1 @@
+APP_CONFIG = YAML.load_file("#{Rails.root}/config/config.yml")[Rails.env]
diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb
deleted file mode 100644
index e8065d9..0000000
--- a/test/dummy/app/controllers/application_controller.rb
+++ /dev/null
@@ -1,3 +0,0 @@
-class ApplicationController < ActionController::Base
- protect_from_forgery
-end
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 507b62f..c3342f3 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -4,14 +4,31 @@ module ControllerExtension::Authentication
private
included do
- helper_method :current_user
+ helper_method :current_user, :logged_in?, :admin?
end
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
+ def logged_in?
+ !!current_user
+ end
+
def authorize
- redirect_to login_url, :alert => "Not authorized" if current_user.nil?
+ access_denied unless logged_in?
end
+
+ def access_denied
+ redirect_to login_url, :alert => "Not authorized"
+ end
+
+ def admin?
+ current_user && current_user.is_admin?
+ end
+
+ def authorize_admin
+ access_denied unless admin?
+ end
+
end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index a06893f..0f5d650 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -66,13 +66,9 @@ class User < CouchRest::Model::Base
login
end
-=begin
- def self.current
- Thread.current[:user]
+ # Since we are storing admins by login, we cannot allow admins to change their login.
+ def is_admin?
+ APP_CONFIG['admins'].include? self.login
end
- def self.current=(user)
- Thread.current[:user] = user
- end
-=end
end
diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml
index a5397bd..204ba88 100644
--- a/users/app/views/sessions/_nav.html.haml
+++ b/users/app/views/sessions/_nav.html.haml
@@ -1,6 +1,9 @@
-- if current_user
+- if logged_in?
%li
+ = 'logged in as ' + current_user.login
= link_to t(:logout), logout_path
+ - if admin?
+ = 'ADMIN' # obviously not like this
- else
%li
= link_to t(:login), login_path
diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
new file mode 100644
index 0000000..69bcb2f
--- /dev/null
+++ b/users/test/functional/application_controller_test.rb
@@ -0,0 +1,29 @@
+require 'test_helper'
+
+class ApplicationControllerTest < ActionController::TestCase
+
+ def setup
+ # so we can test the effect on the response
+ @controller.response = @response
+ end
+
+ def test_authorize_redirect
+ stub_logged_out
+ @controller.send(:authorize)
+ assert_access_denied
+ end
+
+ def test_authorized
+ @user = stub_logged_in
+ @controller.send(:authorize)
+ assert_access_denied(false)
+ end
+
+ def test_authorize_admin
+ @user = stub_logged_in
+ @user.expects(:is_admin?).returns(false)
+ @controller.send(:authorize_admin)
+ assert_access_denied
+ end
+
+end
diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb
new file mode 100644
index 0000000..c0eaf61
--- /dev/null
+++ b/users/test/functional/helper_methods_test.rb
@@ -0,0 +1,42 @@
+#
+# Testing and documenting the helper methods available from
+# ApplicationController
+#
+
+require 'test_helper'
+
+class HelperMethodsTest < ActionController::TestCase
+ tests ApplicationController
+
+ # we test them right in here...
+ include ApplicationController._helpers
+
+ # they all reference the controller.
+ def controller
+ @controller
+ end
+
+ def test_current_user_with_caching
+ @user = stub_logged_in
+ assert_equal @user, current_user
+ assert_equal @user, current_user # tests caching
+ end
+
+ def test_logged_in
+ @user = stub_logged_in
+ assert logged_in?
+ end
+
+ def test_logged_out
+ stub_logged_out
+ assert !logged_in?
+ end
+
+ def test_admin
+ bool = stub
+ @user = stub_logged_in
+ @user.expects(:is_admin?).returns(bool)
+ assert_equal bool, admin?
+ end
+
+end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
new file mode 100644
index 0000000..d5d52b1
--- /dev/null
+++ b/users/test/support/auth_test_helper.rb
@@ -0,0 +1,25 @@
+module AuthTestHelper
+
+ def stub_logged_in
+ @user_id = stub
+ @user = stub
+ session[:user_id] = @user_id
+ User.expects(:find).once.with(@user_id).returns(@user)
+ return @user
+ end
+
+ def stub_logged_out
+ @user_id = stub
+ session[:user_id] = @user_id
+ User.expects(:find).once.with(@user_id).returns(nil)
+ end
+
+ def assert_access_denied(denied = true)
+ if denied
+ assert_equal({:alert => "Not authorized"}, flash.to_hash)
+ assert_redirected_to login_path
+ else
+ assert flash[:alert].blank?
+ end
+ end
+end
diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb
index 08d4d41..ae6a35c 100644
--- a/users/test/test_helper.rb
+++ b/users/test/test_helper.rb
@@ -8,3 +8,6 @@ Rails.backtrace_cleaner.remove_silencers!
# Load support files
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+class ActionController::TestCase
+ include AuthTestHelper
+end