diff options
Diffstat (limited to 'users')
| -rw-r--r-- | users/app/controllers/application_controller.rb | 14 | ||||
| -rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 34 | ||||
| -rw-r--r-- | users/app/models/user.rb | 8 | ||||
| -rw-r--r-- | users/app/views/sessions/_nav.html.haml | 5 | ||||
| -rw-r--r-- | users/config/initializers/add_controller_methods.rb | 3 | ||||
| -rw-r--r-- | users/leap_web_users.gemspec | 2 | ||||
| -rw-r--r-- | users/test/functional/application_controller_test.rb | 29 | ||||
| -rw-r--r-- | users/test/functional/helper_methods_test.rb | 42 | ||||
| -rw-r--r-- | users/test/integration/api/account_flow_test.rb | 2 | ||||
| -rw-r--r-- | users/test/support/auth_test_helper.rb | 29 | ||||
| -rw-r--r-- | users/test/test_helper.rb | 1 | ||||
| -rw-r--r-- | users/test/unit/user_test.rb | 2 |
12 files changed, 147 insertions, 24 deletions
diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb deleted file mode 100644 index 8388dda..0000000 --- a/users/app/controllers/application_controller.rb +++ /dev/null @@ -1,14 +0,0 @@ -class ApplicationController < ActionController::Base - protect_from_forgery - - private - - def current_user - @current_user ||= env['warden'].user - end - helper_method :current_user - - def authorize - redirect_to login_url, alert: "Not authorized" if current_user.nil? - end -end diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb new file mode 100644 index 0000000..50cf0d1 --- /dev/null +++ b/users/app/controllers/controller_extension/authentication.rb @@ -0,0 +1,34 @@ +module ControllerExtension::Authentication + extend ActiveSupport::Concern + + private + + included do + helper_method :current_user, :logged_in?, :admin? + end + + def current_user + @current_user ||= env['warden'].user + end + + def logged_in? + !!current_user + end + + def authorize + access_denied unless logged_in? + end + + def access_denied + redirect_to login_url, :alert => "Not authorized" + end + + def admin? + current_user && current_user.is_admin? + end + + def authorize_admin + access_denied unless admin? + end + +end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 737e083..0f5d650 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -66,11 +66,9 @@ class User < CouchRest::Model::Base login end - def self.current - Thread.current[:user] - end - def self.current=(user) - Thread.current[:user] = user + # Since we are storing admins by login, we cannot allow admins to change their login. + def is_admin? + APP_CONFIG['admins'].include? self.login end end diff --git a/users/app/views/sessions/_nav.html.haml b/users/app/views/sessions/_nav.html.haml index a5397bd..204ba88 100644 --- a/users/app/views/sessions/_nav.html.haml +++ b/users/app/views/sessions/_nav.html.haml @@ -1,6 +1,9 @@ -- if current_user +- if logged_in? %li + = 'logged in as ' + current_user.login = link_to t(:logout), logout_path + - if admin? + = 'ADMIN' # obviously not like this - else %li = link_to t(:login), login_path diff --git a/users/config/initializers/add_controller_methods.rb b/users/config/initializers/add_controller_methods.rb new file mode 100644 index 0000000..2579176 --- /dev/null +++ b/users/config/initializers/add_controller_methods.rb @@ -0,0 +1,3 @@ +ActiveSupport.on_load(:application_controller) do + include ControllerExtension::Authentication +end diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 053f8dc..0682a99 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,6 +17,6 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.3" + s.add_dependency "ruby-srp", "~> 0.1.4" s.add_dependency "rails_warden" end diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb new file mode 100644 index 0000000..69bcb2f --- /dev/null +++ b/users/test/functional/application_controller_test.rb @@ -0,0 +1,29 @@ +require 'test_helper' + +class ApplicationControllerTest < ActionController::TestCase + + def setup + # so we can test the effect on the response + @controller.response = @response + end + + def test_authorize_redirect + stub_logged_out + @controller.send(:authorize) + assert_access_denied + end + + def test_authorized + @user = stub_logged_in + @controller.send(:authorize) + assert_access_denied(false) + end + + def test_authorize_admin + @user = stub_logged_in + @user.expects(:is_admin?).returns(false) + @controller.send(:authorize_admin) + assert_access_denied + end + +end diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb new file mode 100644 index 0000000..c0eaf61 --- /dev/null +++ b/users/test/functional/helper_methods_test.rb @@ -0,0 +1,42 @@ +# +# Testing and documenting the helper methods available from +# ApplicationController +# + +require 'test_helper' + +class HelperMethodsTest < ActionController::TestCase + tests ApplicationController + + # we test them right in here... + include ApplicationController._helpers + + # they all reference the controller. + def controller + @controller + end + + def test_current_user_with_caching + @user = stub_logged_in + assert_equal @user, current_user + assert_equal @user, current_user # tests caching + end + + def test_logged_in + @user = stub_logged_in + assert logged_in? + end + + def test_logged_out + stub_logged_out + assert !logged_in? + end + + def test_admin + bool = stub + @user = stub_logged_in + @user.expects(:is_admin?).returns(bool) + assert_equal bool, admin? + end + +end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 66de1e5..5800d46 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -39,7 +39,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest end test "signup response" do - assert_json_response @user_params.slice(:login, :password_salt) + assert_json_response :login => @login, :ok => true assert_response :success end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb new file mode 100644 index 0000000..9412058 --- /dev/null +++ b/users/test/support/auth_test_helper.rb @@ -0,0 +1,29 @@ +module AuthTestHelper + + def stub_logged_in + @user_id = stub + @user = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(@user) + return @user + end + + def stub_logged_out + @user_id = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(nil) + end + + def assert_access_denied(denied = true) + if denied + assert_equal({:alert => "Not authorized"}, flash.to_hash) + assert_redirected_to login_path + else + assert flash[:alert].blank? + end + end +end + +class ActionController::TestCase + include AuthTestHelper +end diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb index 08d4d41..e8f0125 100644 --- a/users/test/test_helper.rb +++ b/users/test/test_helper.rb @@ -7,4 +7,3 @@ Rails.backtrace_cleaner.remove_silencers! # Load support files Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } - diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb index 822ef33..f057ca7 100644 --- a/users/test/unit/user_test.rb +++ b/users/test/unit/user_test.rb @@ -19,7 +19,7 @@ class UserTest < ActiveSupport::TestCase end test "test require alphanumerical for login" do - @user.login = "qwär" + @user.login = "qw#r" assert !@user.valid? end |