diff options
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | config/config.yml.example | 8 | ||||
| -rw-r--r-- | config/initializers/load_config.rb | 1 | ||||
| -rw-r--r-- | test/dummy/app/controllers/application_controller.rb | 3 | ||||
| -rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 21 | ||||
| -rw-r--r-- | users/app/models/user.rb | 10 | ||||
| -rw-r--r-- | users/app/views/sessions/_nav.html.haml | 5 | ||||
| -rw-r--r-- | users/test/functional/application_controller_test.rb | 29 | ||||
| -rw-r--r-- | users/test/functional/helper_methods_test.rb | 42 | ||||
| -rw-r--r-- | users/test/support/auth_test_helper.rb | 25 | ||||
| -rw-r--r-- | users/test/test_helper.rb | 3 |
12 files changed, 140 insertions, 13 deletions
@@ -20,3 +20,6 @@ */Gemfile.lock test/dummy/log/* test/dummy/tmp/* + +# Ignore configuration file. +config/config.yml
\ No newline at end of file @@ -53,6 +53,9 @@ The webapp can hand out certs for the EIP client. These certs are either picked We also ship provider information through the webapp. For now please add your eip-service.json to the public/config directory. +Copy the example configuration file and customize as appropriate: + cp config/config.yml.example config/config.yml + Running ----------------------------- diff --git a/config/config.yml.example b/config/config.yml.example new file mode 100644 index 0000000..e3a0112 --- /dev/null +++ b/config/config.yml.example @@ -0,0 +1,8 @@ +development: + admins: [admin, admin2] + +test: + admins: [admin, admin2] + +production + admins: [] diff --git a/config/initializers/load_config.rb b/config/initializers/load_config.rb new file mode 100644 index 0000000..e687429 --- /dev/null +++ b/config/initializers/load_config.rb @@ -0,0 +1 @@ +APP_CONFIG = YAML.load_file("#{Rails.root}/config/config.yml")[Rails.env] diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb deleted file mode 100644 index e8065d9..0000000 --- a/test/dummy/app/controllers/application_controller.rb +++ /dev/null @@ -1,3 +0,0 @@ -class ApplicationController < ActionController::Base - protect_from_forgery -end diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index 507b62f..c3342f3 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -4,14 +4,31 @@ module ControllerExtension::Authentication private included do - helper_method :current_user + helper_method :current_user, :logged_in?, :admin? end def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end + def logged_in? + !!current_user + end + def authorize - redirect_to login_url, :alert => "Not authorized" if current_user.nil? + access_denied unless logged_in? end + + def access_denied + redirect_to login_url, :alert => "Not authorized" + end + + def admin? + current_user && current_user.is_admin? + end + + def authorize_admin + access_denied unless admin? + end + end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index a06893f..0f5d650 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -66,13 +66,9 @@ class User < CouchRest::Model::Base login end -=begin - def self.current - Thread.current[:user] + # Since we are storing admins by login, we cannot allow admins to change their login. + def is_admin? + APP_CONFIG['admins'].include? self.login end - def self.current=(user) - Thread.current[:user] = user - end -=end end diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index a5397bd..204ba88 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,6 +1,9 @@ -- if current_user +- if logged_in? %li + = 'logged in as ' + current_user.login = link_to t(:logout), logout_path + - if admin? + = 'ADMIN' # obviously not like this - else %li = link_to t(:login), login_path diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb new file mode 100644 index 0000000..69bcb2f --- /dev/null +++ b/users/test/functional/application_controller_test.rb @@ -0,0 +1,29 @@ +require 'test_helper' + +class ApplicationControllerTest < ActionController::TestCase + + def setup + # so we can test the effect on the response + @controller.response = @response + end + + def test_authorize_redirect + stub_logged_out + @controller.send(:authorize) + assert_access_denied + end + + def test_authorized + @user = stub_logged_in + @controller.send(:authorize) + assert_access_denied(false) + end + + def test_authorize_admin + @user = stub_logged_in + @user.expects(:is_admin?).returns(false) + @controller.send(:authorize_admin) + assert_access_denied + end + +end diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb new file mode 100644 index 0000000..c0eaf61 --- /dev/null +++ b/users/test/functional/helper_methods_test.rb @@ -0,0 +1,42 @@ +# +# Testing and documenting the helper methods available from +# ApplicationController +# + +require 'test_helper' + +class HelperMethodsTest < ActionController::TestCase + tests ApplicationController + + # we test them right in here... + include ApplicationController._helpers + + # they all reference the controller. + def controller + @controller + end + + def test_current_user_with_caching + @user = stub_logged_in + assert_equal @user, current_user + assert_equal @user, current_user # tests caching + end + + def test_logged_in + @user = stub_logged_in + assert logged_in? + end + + def test_logged_out + stub_logged_out + assert !logged_in? + end + + def test_admin + bool = stub + @user = stub_logged_in + @user.expects(:is_admin?).returns(bool) + assert_equal bool, admin? + end + +end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb new file mode 100644 index 0000000..d5d52b1 --- /dev/null +++ b/users/test/support/auth_test_helper.rb @@ -0,0 +1,25 @@ +module AuthTestHelper + + def stub_logged_in + @user_id = stub + @user = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(@user) + return @user + end + + def stub_logged_out + @user_id = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(nil) + end + + def assert_access_denied(denied = true) + if denied + assert_equal({:alert => "Not authorized"}, flash.to_hash) + assert_redirected_to login_path + else + assert flash[:alert].blank? + end + end +end diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb index 08d4d41..ae6a35c 100644 --- a/users/test/test_helper.rb +++ b/users/test/test_helper.rb @@ -8,3 +8,6 @@ Rails.backtrace_cleaner.remove_silencers! # Load support files Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } +class ActionController::TestCase + include AuthTestHelper +end |