From 194e924cb7c36eafa01b68c74774505e170e47ac Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 30 Oct 2012 12:32:10 +0100
Subject: adding in warden with a basic strategy

currently failing because we are not setting the content-type header.
---
 Gemfile.lock                                    |  3 ++
 users/app/controllers/application_controller.rb |  2 +-
 users/app/controllers/sessions_controller.rb    | 16 ++------
 users/config/initializers/warden.rb             | 52 +++++++++++++++++++++++++
 users/leap_web_users.gemspec                    |  1 +
 users/lib/leap_web_users/engine.rb              |  1 +
 6 files changed, 62 insertions(+), 13 deletions(-)
 create mode 100644 users/config/initializers/warden.rb

diff --git a/Gemfile.lock b/Gemfile.lock
index a982c2a..5b1fbf6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -20,6 +20,7 @@ PATH
     leap_web_users (0.1.0)
       leap_web_core (= 0.1.0)
       ruby-srp (~> 0.1.3)
+      warden
 
 GEM
   remote: https://rubygems.org/
@@ -161,6 +162,8 @@ GEM
     uglifier (1.2.7)
       execjs (>= 0.3.0)
       multi_json (~> 1.3)
+    warden (1.2.1)
+      rack (>= 1.0)
 
 PLATFORMS
   ruby
diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb
index 64e1a55..8388dda 100644
--- a/users/app/controllers/application_controller.rb
+++ b/users/app/controllers/application_controller.rb
@@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base
   private
 
   def current_user
-    @current_user ||= User.find(session[:user_id]) if session[:user_id]
+    @current_user ||= env['warden'].user
   end
   helper_method :current_user
 
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 4a1107d..3872866 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -6,21 +6,13 @@ class SessionsController < ApplicationController
   end
 
   def create
-    @user = User.find_by_param(params[:login])
-    session[:handshake] = @user.initialize_auth(params['A'].hex)
-    render :json => session[:handshake]
-  rescue RECORD_NOT_FOUND
-    render :json => {:errors => {:login => ["unknown user"]}}
+    debugger
+    env['warden'].authenticate!
   end
 
   def update
-    @srp_session = session.delete(:handshake)
-    @user = @srp_session.authenticate!(params[:client_auth].hex)
-    session[:user_id] = @user.id
-    render :json => @srp_session
-  rescue WRONG_PASSWORD
-    session[:handshake] = nil
-    render :json => {:errors => {"password" => ["wrong password"]}}
+    debugger
+    env['warden'].authenticate!
   end
 
   def destroy
diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
new file mode 100644
index 0000000..bb7dc13
--- /dev/null
+++ b/users/config/initializers/warden.rb
@@ -0,0 +1,52 @@
+Rails.configuration.middleware.use Warden::Manager do |manager|
+  manager.default_strategies :secure_remote_password
+  manager.failure_app = SessionsController
+end
+
+# Setup Session Serialization
+class Warden::SessionSerializer
+  def serialize(record)
+    [record.class.name, record.id]
+  end
+
+  def deserialize(keys)
+    klass, id = keys
+    klass.find(id)
+  end
+end
+
+Warden::Strategies.add(:secure_remote_password) do
+
+  def valid?
+    id && ( params['A'] || params['client_auth'] )
+  end
+
+  def authenticate!
+    if params['client_auth'] && session[:handshake]
+      validate!
+    else
+      initialize!
+    end
+  end
+
+  protected
+
+  def validate!
+    srp_session = session.delete(:handshake)
+    user = srp_session.authenticate(params['client_auth'].hex)
+    user.nil? ? fail!("Could not log in") : success!(u)
+  end
+
+  def initialize!
+    user = User.find_by_param(id)
+    session[:handshake] = user.initialize_auth(params['A'].hex)
+    custom! [200, {}, [session[:handshake].to_json]]
+  rescue RECORD_NOT_FOUND
+    fail! "User not found"
+  end
+
+  def id
+    params["id"] || params["login"]
+  end
+end
+
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 6d35f63..477265e 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -18,4 +18,5 @@ Gem::Specification.new do |s|
   s.add_dependency "leap_web_core", LeapWeb::VERSION
 
   s.add_dependency "ruby-srp", "~> 0.1.3"
+  s.add_dependency "warden"
 end
diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb
index 9b7545e..25c110e 100644
--- a/users/lib/leap_web_users/engine.rb
+++ b/users/lib/leap_web_users/engine.rb
@@ -1,6 +1,7 @@
 # thou shall require all your dependencies in an engine.
 require "leap_web_core"
 require "leap_web_core/ui_dependencies"
+require "warden"
 require "ruby-srp"
 
 module LeapWebUsers
-- 
cgit v1.2.3


From bcc0f11caeef1b09712b9b62e1607237885d1af5 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 30 Oct 2012 14:42:04 +0100
Subject: using rails_warden bit of refactoring

without rails_warden the failure app action was not getting set properly.
---
 Gemfile.lock                                 |  4 +++-
 users/app/controllers/sessions_controller.rb |  2 --
 users/config/initializers/warden.rb          | 35 +++++++++++++++++++++-------
 users/leap_web_users.gemspec                 |  2 +-
 users/lib/leap_web_users/engine.rb           |  2 +-
 5 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 5b1fbf6..a9ca432 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -19,8 +19,8 @@ PATH
   specs:
     leap_web_users (0.1.0)
       leap_web_core (= 0.1.0)
+      rails_warden
       ruby-srp (~> 0.1.3)
-      warden
 
 GEM
   remote: https://rubygems.org/
@@ -120,6 +120,8 @@ GEM
       activesupport (= 3.2.8)
       bundler (~> 1.0)
       railties (= 3.2.8)
+    rails_warden (0.5.7)
+      warden (>= 1.0.0)
     railties (3.2.8)
       actionpack (= 3.2.8)
       activesupport (= 3.2.8)
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 3872866..7b7799c 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -6,12 +6,10 @@ class SessionsController < ApplicationController
   end
 
   def create
-    debugger
     env['warden'].authenticate!
   end
 
   def update
-    debugger
     env['warden'].authenticate!
   end
 
diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index bb7dc13..98dd99c 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -1,6 +1,8 @@
-Rails.configuration.middleware.use Warden::Manager do |manager|
-  manager.default_strategies :secure_remote_password
-  manager.failure_app = SessionsController
+Rails.configuration.middleware.use RailsWarden::Manager do |config|
+  config.default_strategies :secure_remote_password
+  config.failure_app = SessionsController
+  config.default_scope = :user
+  config.scope_defaults :user, :action => :new
 end
 
 # Setup Session Serialization
@@ -18,31 +20,46 @@ end
 Warden::Strategies.add(:secure_remote_password) do
 
   def valid?
-    id && ( params['A'] || params['client_auth'] )
+    handshake? || authentication?
   end
 
   def authenticate!
-    if params['client_auth'] && session[:handshake]
+    if authentication?
       validate!
-    else
+    else  # handshake
       initialize!
     end
   end
 
   protected
 
+  def handshake?
+    params['A'] && params['login']
+  end
+
+  def authentication?
+    params['client_auth'] && session[:handshake]
+  end
+
   def validate!
     srp_session = session.delete(:handshake)
     user = srp_session.authenticate(params['client_auth'].hex)
-    user.nil? ? fail!("Could not log in") : success!(u)
+    user.nil? ? fail!("Could not log in") : success!(user)
   end
 
   def initialize!
     user = User.find_by_param(id)
     session[:handshake] = user.initialize_auth(params['A'].hex)
-    custom! [200, {}, [session[:handshake].to_json]]
+    custom! json_response(session[:handshake])
   rescue RECORD_NOT_FOUND
-    fail! "User not found"
+    fail! "User not found!"
+  end
+
+  def json_response(object)
+    [ 200,
+      {"Content-Type" => "application/json; charset=utf-8"},
+      [object.to_json]
+    ]
   end
 
   def id
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 477265e..053f8dc 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -18,5 +18,5 @@ Gem::Specification.new do |s|
   s.add_dependency "leap_web_core", LeapWeb::VERSION
 
   s.add_dependency "ruby-srp", "~> 0.1.3"
-  s.add_dependency "warden"
+  s.add_dependency "rails_warden"
 end
diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb
index 25c110e..42ca072 100644
--- a/users/lib/leap_web_users/engine.rb
+++ b/users/lib/leap_web_users/engine.rb
@@ -1,7 +1,7 @@
 # thou shall require all your dependencies in an engine.
 require "leap_web_core"
 require "leap_web_core/ui_dependencies"
-require "warden"
+require "rails_warden"
 require "ruby-srp"
 
 module LeapWebUsers
-- 
cgit v1.2.3


From f2825d10e6447ea766fee085841e2b92b0477976 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 30 Oct 2012 15:36:16 +0100
Subject: sending proper error messages from warden.

still need to translate these
---
 users/app/assets/javascripts/srp             | 2 +-
 users/app/controllers/sessions_controller.rb | 7 +++++--
 users/config/initializers/warden.rb          | 8 ++++----
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp
index 23350b5..3bf101b 160000
--- a/users/app/assets/javascripts/srp
+++ b/users/app/assets/javascripts/srp
@@ -1 +1 @@
-Subproject commit 23350b54ec2723e1b2e333626567c9fe9d1e2644
+Subproject commit 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c09
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 7b7799c..06d55eb 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -3,14 +3,17 @@ class SessionsController < ApplicationController
   skip_before_filter :verify_authenticity_token
 
   def new
+    if warden.winning_strategy
+      @errors = warden.winning_strategy.message
+    end
   end
 
   def create
-    env['warden'].authenticate!
+    authenticate!
   end
 
   def update
-    env['warden'].authenticate!
+    authenticate!
   end
 
   def destroy
diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index 98dd99c..82753ec 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -1,10 +1,10 @@
 Rails.configuration.middleware.use RailsWarden::Manager do |config|
   config.default_strategies :secure_remote_password
   config.failure_app = SessionsController
-  config.default_scope = :user
-  config.scope_defaults :user, :action => :new
 end
 
+RailsWarden.unauthenticated_action = :new
+
 # Setup Session Serialization
 class Warden::SessionSerializer
   def serialize(record)
@@ -44,7 +44,7 @@ Warden::Strategies.add(:secure_remote_password) do
   def validate!
     srp_session = session.delete(:handshake)
     user = srp_session.authenticate(params['client_auth'].hex)
-    user.nil? ? fail!("Could not log in") : success!(user)
+    user ? success!(user) : fail!(:password => "Could not log in")
   end
 
   def initialize!
@@ -52,7 +52,7 @@ Warden::Strategies.add(:secure_remote_password) do
     session[:handshake] = user.initialize_auth(params['A'].hex)
     custom! json_response(session[:handshake])
   rescue RECORD_NOT_FOUND
-    fail! "User not found!"
+    fail! :login => "User not found!"
   end
 
   def json_response(object)
-- 
cgit v1.2.3


From 5acc88d8a376b2e25e5230d8174667106754c786 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 31 Oct 2012 10:40:03 +0100
Subject: user creation should send ok flag so js can start login

---
 users/app/models/user.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 1afb9db..737e083 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -44,7 +44,10 @@ class User < CouchRest::Model::Base
   end
 
   def to_json(options={})
-    super(options.merge(:only => ['login', 'password_salt']))
+    {
+      :login => login,
+      :ok => valid?
+    }.to_json(options)
   end
 
   def initialize_auth(aa)
-- 
cgit v1.2.3


From b92d418ebec6486a9e728c57f38f82d4c3343341 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 31 Oct 2012 10:40:51 +0100
Subject: using json template for rendering the warden failures

---
 users/app/views/sessions/new.json.erb | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 users/app/views/sessions/new.json.erb

diff --git a/users/app/views/sessions/new.json.erb b/users/app/views/sessions/new.json.erb
new file mode 100644
index 0000000..36154b8
--- /dev/null
+++ b/users/app/views/sessions/new.json.erb
@@ -0,0 +1,3 @@
+{
+"errors": <%= raw @errors.to_json %>
+}
-- 
cgit v1.2.3


From e1fc3f4850ee73e0591bd67a92b104db4f63e4cb Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sun, 4 Nov 2012 21:01:27 +0100
Subject: stubbing current_user the warden way

---
 .../controller_extension/authentication.rb          |  2 +-
 .../test/functional/application_controller_test.rb  |  7 +++----
 users/test/functional/helper_methods_test.rb        | 15 ++++++---------
 users/test/integration/api/account_flow_test.rb     |  4 ++--
 users/test/support/auth_test_helper.rb              | 21 +++++++++++----------
 5 files changed, 23 insertions(+), 26 deletions(-)

diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 50cf0d1..0408b77 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -8,7 +8,7 @@ module ControllerExtension::Authentication
   end
 
   def current_user
-    @current_user ||= env['warden'].user
+    @current_user ||= request.env['warden'].user
   end
 
   def logged_in?
diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
index 69bcb2f..857bae5 100644
--- a/users/test/functional/application_controller_test.rb
+++ b/users/test/functional/application_controller_test.rb
@@ -8,20 +8,19 @@ class ApplicationControllerTest < ActionController::TestCase
   end
 
   def test_authorize_redirect
-    stub_logged_out
     @controller.send(:authorize)
     assert_access_denied
   end
 
   def test_authorized
-    @user = stub_logged_in
+    login
     @controller.send(:authorize)
     assert_access_denied(false)
   end
 
   def test_authorize_admin
-    @user = stub_logged_in
-    @user.expects(:is_admin?).returns(false)
+    login
+    @current_user.expects(:is_admin?).returns(false)
     @controller.send(:authorize_admin)
     assert_access_denied
   end
diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb
index c0eaf61..2b2375c 100644
--- a/users/test/functional/helper_methods_test.rb
+++ b/users/test/functional/helper_methods_test.rb
@@ -16,26 +16,23 @@ class HelperMethodsTest < ActionController::TestCase
     @controller
   end
 
-  def test_current_user_with_caching
-    @user = stub_logged_in
-    assert_equal @user, current_user
-    assert_equal @user, current_user # tests caching
+  def test_current_user
+    login
+    assert_equal @current_user, current_user
   end
 
   def test_logged_in
-    @user = stub_logged_in
+    login
     assert logged_in?
   end
 
   def test_logged_out
-    stub_logged_out
     assert !logged_in?
   end
 
   def test_admin
-    bool = stub
-    @user = stub_logged_in
-    @user.expects(:is_admin?).returns(bool)
+    login
+    @current_user.expects(:is_admin?).returns(bool = stub)
     assert_equal bool, admin?
   end
 
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 5800d46..69e0599 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -4,7 +4,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
 
   # this test wraps the api and implements the interface the ruby-srp client.
   def handshake(login, aa)
-    post "sessions", :login => login, 'A' => aa.to_s(16)
+    post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json
     assert_response :success
     response = JSON.parse(@response.body)
     if response['errors']
@@ -15,7 +15,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   end
 
   def validate(m)
-    put "sessions/" + @login, :client_auth => m.to_s(16)
+    put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json
     assert_response :success
     return JSON.parse(@response.body)
   end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index 9412058..f211597 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -1,17 +1,18 @@
 module AuthTestHelper
+  extend ActiveSupport::Concern
 
-  def stub_logged_in
-    @user_id = stub
-    @user = stub
-    session[:user_id] = @user_id
-    User.expects(:find).once.with(@user_id).returns(@user)
-    return @user
+  # Controller will fetch current user from warden.
+  # Make it pick up our current_user
+  included do
+    setup do
+      request.env['warden'] ||= stub :user => nil
+    end
   end
 
-  def stub_logged_out
-    @user_id = stub
-    session[:user_id] = @user_id
-    User.expects(:find).once.with(@user_id).returns(nil)
+  def login(user = nil)
+    @current_user = user || stub
+    request.env['warden'] = stub :user => @current_user
+    return @current_user
   end
 
   def assert_access_denied(denied = true)
-- 
cgit v1.2.3


From c8f1eb55be6743fcc476d6a8f81e1244e455154a Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sun, 4 Nov 2012 21:01:58 +0100
Subject: using new login helper and cleaning up test a bit

---
 help/test/functional/tickets_controller_test.rb | 27 +++++++++++++------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb
index 7a03a86..6bdb6c7 100644
--- a/help/test/functional/tickets_controller_test.rb
+++ b/help/test/functional/tickets_controller_test.rb
@@ -21,13 +21,13 @@ class TicketsControllerTest < ActionController::TestCase
     assert_difference('Ticket.count') do
       post :create, :ticket => params
     end
-    
+
     assert_response :redirect
     #assert_equal assigns(:ticket).email, User.current.email
     #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login
     assert_nil assigns(:ticket).created_by
 
-    assert_equal assigns(:ticket).comments.count, 1
+    assert_equal 1, assigns(:ticket).comments.count
   end
 
 
@@ -35,28 +35,29 @@ class TicketsControllerTest < ActionController::TestCase
 
     params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
 
-    #todo: should redo this and actually authorize
-    user = User.last
-    session[:user_id] = user.id
+    login User.last
 
     assert_difference('Ticket.count') do
       post :create, :ticket => params
     end
 
     assert_response :redirect
-    assert_equal assigns(:ticket).created_by, user.id
-    assert_equal assigns(:ticket).email, user.email
+    ticket = assigns(:ticket)
+    assert ticket
+    assert_equal @current_user.id, ticket.created_by
+    assert_equal @current_user.email, ticket.email
 
-    assert_equal assigns(:ticket).comments.count, 1
+    assert_equal 1, assigns(:ticket).comments.count
   end
 
   test "add comment to ticket" do
 
-    t = Ticket.last
-    comment_count = t.comments.count
-    put :update, :id => t.id, :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
-    assert_equal(comment_count + 1, assigns(:ticket).comments.count)
-    #assert_difference block isn't working
+    ticket = Ticket.last
+    assert_difference('Ticket.last.comments.count') do
+      put :update, :id => ticket.id,
+        :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
+    end
+    assert_equal ticket, assigns(:ticket)
 
   end
 
-- 
cgit v1.2.3


From ef90c45998b33ba8606c3786875e21496ace4686 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sun, 4 Nov 2012 22:14:13 +0100
Subject: fixed functional tests

---
 .../controller_extension/authentication.rb         |  4 +-
 users/app/controllers/sessions_controller.rb       |  6 +-
 users/test/functional/sessions_controller_test.rb  | 85 ++++++++++------------
 users/test/integration/api/account_flow_test.rb    |  7 +-
 4 files changed, 49 insertions(+), 53 deletions(-)

diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 0408b77..87f7921 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -7,8 +7,8 @@ module ControllerExtension::Authentication
     helper_method :current_user, :logged_in?, :admin?
   end
 
-  def current_user
-    @current_user ||= request.env['warden'].user
+  def authentication_error
+    warden.winning_strategy.try(:message)
   end
 
   def logged_in?
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 06d55eb..722265a 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -3,9 +3,7 @@ class SessionsController < ApplicationController
   skip_before_filter :verify_authenticity_token
 
   def new
-    if warden.winning_strategy
-      @errors = warden.winning_strategy.message
-    end
+    @errors = authentication_error
   end
 
   def create
@@ -17,7 +15,7 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    session[:user_id] = nil
+    logout
     redirect_to root_path
   end
 end
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 47d7052..4bad12f 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -2,74 +2,67 @@ require 'test_helper'
 
 class SessionsControllerTest < ActionController::TestCase
 
-  def setup
+  setup do
     @user = stub :login => "me", :id => 123
     @client_hex = 'a123'
-    @client_rnd = @client_hex.hex
-    @server_hex = 'b123'
-    @server_rnd = @server_hex.hex
-    @server_rnd_exp = 'e123'.hex
-    @salt = 'stub user salt'
-    @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
-    @server_auth = 'adfe'
   end
 
   test "should get login screen" do
+    request.env['warden'].expects(:winning_strategy)
     get :new
     assert_response :success
+    assert_equal "text/html", response.content_type
+    assert_template "sessions/new"
   end
 
-  test "should perform handshake" do
-    @user.expects(:initialize_auth).
-      with(@client_rnd).
-      returns(@server_handshake)
-    @server_handshake.expects(:to_json).
-     returns({'B' => @server_hex, 'salt' => @salt}.to_json)
-    User.expects(:find_by_param).with(@user.login).returns(@user)
-    post :create, :login => @user.login, 'A' => @client_hex
-    assert_equal @server_handshake, session[:handshake]
+  test "renders json" do
+    request.env['warden'].expects(:winning_strategy)
+    get :new, :format => :json
     assert_response :success
-    assert_json_response :B => @server_hex, :salt => @salt
+    assert_json_response :errors => nil
   end
 
-  test "should report user not found" do
-    unknown = "login_that_does_not_exist"
-    User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
-    post :create, :login => unknown
+  test "renders warden errors" do
+    strategy = stub :message => "Warden auth did not work"
+    request.env['warden'].expects(:winning_strategy).returns(strategy)
+    get :new, :format => :json
     assert_response :success
-    assert_json_response :errors => {"login" => ["unknown user"]}
+    assert_json_response :errors => strategy.message
   end
 
-  test "should authorize" do
-    session[:handshake] = @server_handshake
-    @server_handshake.expects(:authenticate!).
-      with(@client_rnd).
-      returns(@user)
-    @server_handshake.expects(:to_json).
-      returns({:M2 => @server_auth}.to_json)
-    post :update, :id => @user.login, :client_auth => @client_hex
-    assert_nil session[:handshake]
-    assert_json_response :M2 => @server_auth
-    assert_equal @user.id, session[:user_id]
+  test "should perform handshake" do
+    assert_raises ActionView::MissingTemplate do
+      request.env['warden'].expects(:authenticate!)
+      post :create, :login => @user.login, 'A' => @client_hex
+      assert params['A']
+      assert params['login']
+    end
   end
 
-  test "should report wrong password" do
-    session[:handshake] = @server_handshake
-    @server_handshake.expects(:authenticate!).
-      with(@client_rnd).
-      raises(WRONG_PASSWORD)
-    post :update, :id => @user.login, :client_auth => @client_hex
-    assert_nil session[:handshake]
-    assert_nil session[:user_id]
-    assert_json_response :errors => {"password" => ["wrong password"]}
+  test "should authorize" do
+    assert_raises ActionView::MissingTemplate do
+      request.env['warden'].expects(:authenticate!)
+      session[:handshake] = stub
+      post :update, :id => @user.login, :client_auth => @client_hex
+      assert params['client_auth']
+      assert session[:handshake]
+    end
   end
 
-  test "logout should reset sessions user_id" do
-    session[:user_id] = "set"
+  test "logout should reset warden user" do
+    expect_warden_logout
     delete :destroy
-    assert_nil session[:user_id]
     assert_response :redirect
     assert_redirected_to root_url
   end
 
+  def expect_warden_logout
+    raw = mock('raw session') do
+      expects(:inspect)
+    end
+    request.env['warden'].expects(:raw_session).returns(raw)
+    request.env['warden'].expects(:logout)
+  end
+
+
 end
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 69e0599..dc475b5 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -1,6 +1,11 @@
 require 'test_helper'
 
 class AccountFlowTest < ActionDispatch::IntegrationTest
+  include Warden::Test::Helpers
+
+  def teardown
+    Warden.test_reset!
+  end
 
   # this test wraps the api and implements the interface the ruby-srp client.
   def handshake(login, aa)
@@ -52,7 +57,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   test "signup and wrong password login attempt" do
     srp = SRP::Client.new(@login, "wrong password")
     server_auth = srp.authenticate(self)
-    assert_equal ["wrong password"], server_auth["errors"]['password']
+    assert_equal "Could not log in", server_auth["errors"]['password']
     assert_nil server_auth["M2"]
   end
 
-- 
cgit v1.2.3


From da2804c8f8a800851fa1863f579e2b8e9a57b4cc Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 6 Nov 2012 11:51:10 +0100
Subject: first steps towards warden srp testing

---
 core/lib/extensions/testing.rb                     | 13 +++--
 users/app/controllers/sessions_controller.rb       |  1 +
 users/test/integration/api/account_flow_test.rb    | 26 ++++++---
 .../warden_strategy_secure_remote_password_test.rb | 61 ++++++++++++++++++++++
 4 files changed, 90 insertions(+), 11 deletions(-)
 create mode 100644 users/test/unit/warden_strategy_secure_remote_password_test.rb

diff --git a/core/lib/extensions/testing.rb b/core/lib/extensions/testing.rb
index 14a5698..86a059f 100644
--- a/core/lib/extensions/testing.rb
+++ b/core/lib/extensions/testing.rb
@@ -1,15 +1,22 @@
 module LeapWebCore
   module AssertResponses
 
+    # response that works with different TestCases:
+    # ActionController::TestCase has @response
+    # ActionDispatch::IntegrationTest has @response
+    # Rack::Test::Methods defines last_response
+    def get_response
+      @response || last_response
+    end
+
     def assert_attachement_filename(name)
       assert_equal %Q(attachment; filename="#{name}"),
-        @response.headers["Content-Disposition"]
+        get_response.headers["Content-Disposition"]
     end
 
-
     def assert_json_response(object)
       object.stringify_keys! if object.respond_to? :stringify_keys!
-      assert_equal object, JSON.parse(@response.body)
+      assert_equal object, JSON.parse(get_response.body)
     end
 
   end
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 722265a..72e2892 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -11,6 +11,7 @@ class SessionsController < ApplicationController
   end
 
   def update
+    debugger
     authenticate!
   end
 
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index dc475b5..4dcca24 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -1,7 +1,16 @@
 require 'test_helper'
 
-class AccountFlowTest < ActionDispatch::IntegrationTest
+CONFIG_RU = (Rails.root + 'config.ru').to_s
+OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
+
+class AccountFlowTest < ActiveSupport::TestCase
+  include Rack::Test::Methods
   include Warden::Test::Helpers
+  include LeapWebCore::AssertResponses
+
+  def app
+    OUTER_APP
+  end
 
   def teardown
     Warden.test_reset!
@@ -9,9 +18,9 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
 
   # this test wraps the api and implements the interface the ruby-srp client.
   def handshake(login, aa)
-    post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json
-    assert_response :success
-    response = JSON.parse(@response.body)
+    post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
+    assert last_response.successful?
+    response = JSON.parse(last_response.body)
     if response['errors']
       raise RECORD_NOT_FOUND.new(response['errors'])
     else
@@ -20,9 +29,10 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   end
 
   def validate(m)
-    put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json
-    assert_response :success
-    return JSON.parse(@response.body)
+    debugger
+    put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
+    assert last_response.successful?
+    return JSON.parse(last_response.body)
   end
 
   def setup
@@ -45,7 +55,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
 
   test "signup response" do
     assert_json_response :login => @login, :ok => true
-    assert_response :success
+    assert last_response.successful?
   end
 
   test "signup and login with srp via api" do
diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb
new file mode 100644
index 0000000..ee68fe7
--- /dev/null
+++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb
@@ -0,0 +1,61 @@
+class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
+
+  setup do
+    @user = stub :login => "me", :id => 123
+    @client_hex = 'a123'
+    @client_rnd = @client_hex.hex
+    @server_hex = 'b123'
+    @server_rnd = @server_hex.hex
+    @server_rnd_exp = 'e123'.hex
+    @salt = 'stub user salt'
+    @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
+    @server_auth = 'adfe'
+  end
+
+
+  test "should perform handshake" do
+    @user.expects(:initialize_auth).
+      with(@client_rnd).
+      returns(@server_handshake)
+    @server_handshake.expects(:to_json).
+     returns({'B' => @server_hex, 'salt' => @salt}.to_json)
+    User.expects(:find_by_param).with(@user.login).returns(@user)
+    assert_equal @server_handshake, session[:handshake]
+    assert_response :success
+    assert_json_response :B => @server_hex, :salt => @salt
+  end
+
+  test "should report user not found" do
+    unknown = "login_that_does_not_exist"
+    User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
+    post :create, :login => unknown
+    assert_response :success
+    assert_json_response :errors => {"login" => ["unknown user"]}
+  end
+
+  test "should authorize" do
+    session[:handshake] = @server_handshake
+    @server_handshake.expects(:authenticate!).
+      with(@client_rnd).
+      returns(@user)
+    @server_handshake.expects(:to_json).
+      returns({:M2 => @server_auth}.to_json)
+    post :update, :id => @user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_json_response :M2 => @server_auth
+    assert_equal @user.id, session[:user_id]
+  end
+
+  test "should report wrong password" do
+    session[:handshake] = @server_handshake
+    @server_handshake.expects(:authenticate!).
+      with(@client_rnd).
+      raises(WRONG_PASSWORD)
+    post :update, :id => @user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_nil session[:user_id]
+    assert_json_response :errors => {"password" => ["wrong password"]}
+  end
+
+
+end
-- 
cgit v1.2.3


From 63c5b2cafdefbd9b13297faa57ee2f18a5c07bf5 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 9 Nov 2012 16:05:22 +0100
Subject: got integration test and login flow to work

---
 users/app/controllers/sessions_controller.rb    | 2 +-
 users/config/initializers/warden.rb             | 5 ++---
 users/test/integration/api/account_flow_test.rb | 1 -
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 72e2892..486f67e 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -11,8 +11,8 @@ class SessionsController < ApplicationController
   end
 
   def update
-    debugger
     authenticate!
+    render :json => session.delete(:handshake)
   end
 
   def destroy
diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index 82753ec..11b950f 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -13,7 +13,7 @@ class Warden::SessionSerializer
 
   def deserialize(keys)
     klass, id = keys
-    klass.find(id)
+    klass.constantize.find(id)
   end
 end
 
@@ -42,8 +42,7 @@ Warden::Strategies.add(:secure_remote_password) do
   end
 
   def validate!
-    srp_session = session.delete(:handshake)
-    user = srp_session.authenticate(params['client_auth'].hex)
+    user = session[:handshake].authenticate(params['client_auth'].hex)
     user ? success!(user) : fail!(:password => "Could not log in")
   end
 
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 4dcca24..c9a7109 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -29,7 +29,6 @@ class AccountFlowTest < ActiveSupport::TestCase
   end
 
   def validate(m)
-    debugger
     put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
     assert last_response.successful?
     return JSON.parse(last_response.body)
-- 
cgit v1.2.3


From 5b300b554682c232c0955bdb0dd3d8263dde901e Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 9 Nov 2012 16:45:54 +0100
Subject: seperated the warden classes from the initializer

also commented the sessions controller test a bit and fixed it
---
 users/config/initializers/warden.rb                | 61 ----------------------
 users/lib/leap_web_users/engine.rb                 |  3 ++
 users/lib/warden/session_serializer.rb             | 13 +++++
 .../warden/strategies/secure_remote_password.rb    | 57 ++++++++++++++++++++
 users/test/functional/sessions_controller_test.rb  | 29 +++++-----
 5 files changed, 89 insertions(+), 74 deletions(-)
 create mode 100644 users/lib/warden/session_serializer.rb
 create mode 100644 users/lib/warden/strategies/secure_remote_password.rb

diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index 11b950f..45feb6c 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -5,64 +5,3 @@ end
 
 RailsWarden.unauthenticated_action = :new
 
-# Setup Session Serialization
-class Warden::SessionSerializer
-  def serialize(record)
-    [record.class.name, record.id]
-  end
-
-  def deserialize(keys)
-    klass, id = keys
-    klass.constantize.find(id)
-  end
-end
-
-Warden::Strategies.add(:secure_remote_password) do
-
-  def valid?
-    handshake? || authentication?
-  end
-
-  def authenticate!
-    if authentication?
-      validate!
-    else  # handshake
-      initialize!
-    end
-  end
-
-  protected
-
-  def handshake?
-    params['A'] && params['login']
-  end
-
-  def authentication?
-    params['client_auth'] && session[:handshake]
-  end
-
-  def validate!
-    user = session[:handshake].authenticate(params['client_auth'].hex)
-    user ? success!(user) : fail!(:password => "Could not log in")
-  end
-
-  def initialize!
-    user = User.find_by_param(id)
-    session[:handshake] = user.initialize_auth(params['A'].hex)
-    custom! json_response(session[:handshake])
-  rescue RECORD_NOT_FOUND
-    fail! :login => "User not found!"
-  end
-
-  def json_response(object)
-    [ 200,
-      {"Content-Type" => "application/json; charset=utf-8"},
-      [object.to_json]
-    ]
-  end
-
-  def id
-    params["id"] || params["login"]
-  end
-end
-
diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb
index 42ca072..7033576 100644
--- a/users/lib/leap_web_users/engine.rb
+++ b/users/lib/leap_web_users/engine.rb
@@ -4,6 +4,9 @@ require "leap_web_core/ui_dependencies"
 require "rails_warden"
 require "ruby-srp"
 
+require "warden/session_serializer"
+require "warden/strategies/secure_remote_password"
+
 module LeapWebUsers
   class Engine < ::Rails::Engine
 
diff --git a/users/lib/warden/session_serializer.rb b/users/lib/warden/session_serializer.rb
new file mode 100644
index 0000000..81d7076
--- /dev/null
+++ b/users/lib/warden/session_serializer.rb
@@ -0,0 +1,13 @@
+module Warden
+  # Setup Session Serialization
+  class SessionSerializer
+    def serialize(record)
+      [record.class.name, record.id]
+    end
+
+    def deserialize(keys)
+      klass, id = keys
+      klass.constantize.find(id)
+    end
+  end
+end
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
new file mode 100644
index 0000000..8266e2d
--- /dev/null
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -0,0 +1,57 @@
+module Warden
+  module Strategies
+    class SecureRemotePassword < Warden::Strategies::Base
+
+      def valid?
+        handshake? || authentication?
+      end
+
+      def authenticate!
+        if authentication?
+          validate!
+        else  # handshake
+          initialize!
+        end
+      end
+
+      protected
+
+      def handshake?
+        params['A'] && params['login']
+      end
+
+      def authentication?
+        params['client_auth'] && session[:handshake]
+      end
+
+      def validate!
+        user = session[:handshake].authenticate(params['client_auth'].hex)
+        user ? success!(user) : fail!(:password => "Could not log in")
+      end
+
+      def initialize!
+        user = User.find_by_param(id)
+        session[:handshake] = user.initialize_auth(params['A'].hex)
+        custom! json_response(session[:handshake])
+      rescue RECORD_NOT_FOUND
+        fail! :login => "User not found!"
+      end
+
+      def json_response(object)
+        [ 200,
+          {"Content-Type" => "application/json; charset=utf-8"},
+          [object.to_json]
+        ]
+      end
+
+      def id
+        params["id"] || params["login"]
+      end
+    end
+  end
+  Warden::Strategies.add :secure_remote_password,
+    Warden::Strategies::SecureRemotePassword
+
+end
+
+
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 4bad12f..8f2d95c 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -1,5 +1,8 @@
 require 'test_helper'
 
+# This is a simple controller unit test.
+# We're stubbing out both warden and srp.
+# There's an integration test testing the full rack stack and srp
 class SessionsControllerTest < ActionController::TestCase
 
   setup do
@@ -30,23 +33,23 @@ class SessionsControllerTest < ActionController::TestCase
     assert_json_response :errors => strategy.message
   end
 
+  # Warden takes care of parsing the params and
+  # rendering the response. So not much to test here.
   test "should perform handshake" do
-    assert_raises ActionView::MissingTemplate do
-      request.env['warden'].expects(:authenticate!)
-      post :create, :login => @user.login, 'A' => @client_hex
-      assert params['A']
-      assert params['login']
-    end
+    request.env['warden'].expects(:authenticate!)
+    # make sure we don't get a template missing error:
+    @controller.stubs(:render)
+    post :create, :login => @user.login, 'A' => @client_hex
   end
 
   test "should authorize" do
-    assert_raises ActionView::MissingTemplate do
-      request.env['warden'].expects(:authenticate!)
-      session[:handshake] = stub
-      post :update, :id => @user.login, :client_auth => @client_hex
-      assert params['client_auth']
-      assert session[:handshake]
-    end
+    request.env['warden'].expects(:authenticate!)
+    handshake = stub(:to_json => "JSON")
+    session[:handshake] = handshake
+    post :update, :id => @user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_response :success
+    assert_equal handshake.to_json, @response.body
   end
 
   test "logout should reset warden user" do
-- 
cgit v1.2.3


From 8bb19e57c5d7a40d7319c70b191d4e3145a172ce Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 12 Nov 2012 19:19:49 +0100
Subject: commented out an unfinished test

---
 users/test/unit/warden_strategy_secure_remote_password_test.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb
index ee68fe7..79480f0 100644
--- a/users/test/unit/warden_strategy_secure_remote_password_test.rb
+++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb
@@ -1,5 +1,7 @@
 class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
 
+# TODO : turn this into sth. real
+=begin
   setup do
     @user = stub :login => "me", :id => 123
     @client_hex = 'a123'
@@ -57,5 +59,5 @@ class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
     assert_json_response :errors => {"password" => ["wrong password"]}
   end
 
-
+=end
 end
-- 
cgit v1.2.3


From fe8b49232d31681667badaaeff7aa4d0a40445ea Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 12 Nov 2012 19:22:27 +0100
Subject: don't track Gemfile.lock

---
 .gitignore   |   2 +-
 Gemfile.lock | 194 -----------------------------------------------------------
 2 files changed, 1 insertion(+), 195 deletions(-)
 delete mode 100644 Gemfile.lock

diff --git a/.gitignore b/.gitignore
index d447b54..cdbdc16 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,4 +22,4 @@ test/dummy/log/*
 test/dummy/tmp/*
 
 # Ignore configuration file.
-config/config.yml
\ No newline at end of file
+config/config.ymlGemfile.lock
diff --git a/Gemfile.lock b/Gemfile.lock
deleted file mode 100644
index 01a2291..0000000
--- a/Gemfile.lock
+++ /dev/null
@@ -1,194 +0,0 @@
-PATH
-  remote: certs
-  specs:
-    leap_web_certs (0.1.0)
-      leap_web_core (= 0.1.0)
-
-PATH
-  remote: core
-  specs:
-    leap_web_core (0.1.0)
-      couchrest (~> 1.1.3)
-      couchrest_model (~> 2.0.0.beta2)
-      couchrest_session_store (~> 0.0.1)
-      json
-      rails (~> 3.2.8)
-
-PATH
-  remote: help
-  specs:
-    leap_web_help (0.1.0)
-      leap_web_core (= 0.1.0)
-
-PATH
-  remote: users
-  specs:
-    leap_web_users (0.1.0)
-      leap_web_core (= 0.1.0)
-      rails_warden
-      ruby-srp (~> 0.1.4)
-
-GEM
-  remote: https://rubygems.org/
-  remote: http://rubygems.org/
-  specs:
-    actionmailer (3.2.8)
-      actionpack (= 3.2.8)
-      mail (~> 2.4.4)
-    actionpack (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.0)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.8)
-      activesupport (= 3.2.8)
-      builder (~> 3.0.0)
-    activerecord (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-    activesupport (3.2.8)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    arel (3.0.2)
-    bootstrap-sass (2.1.0.0)
-    builder (3.0.3)
-    coffee-rails (3.2.2)
-      coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
-    coffee-script (2.2.0)
-      coffee-script-source
-      execjs
-    coffee-script-source (1.3.3)
-    columnize (0.3.6)
-    couchrest (1.1.3)
-      mime-types (~> 1.15)
-      multi_json (~> 1.0)
-      rest-client (~> 1.6.1)
-    couchrest_model (2.0.0.beta2)
-      activemodel (~> 3.0)
-      couchrest (~> 1.1.3)
-      mime-types (~> 1.15)
-      tzinfo (~> 0.3.22)
-    couchrest_session_store (0.0.1)
-      couchrest
-      couchrest_model
-    erubis (2.7.0)
-    execjs (1.4.0)
-      multi_json (~> 1.0)
-    haml (3.1.7)
-    haml-rails (0.3.5)
-      actionpack (>= 3.1, < 4.1)
-      activesupport (>= 3.1, < 4.1)
-      haml (~> 3.1)
-      railties (>= 3.1, < 4.1)
-    hike (1.2.1)
-    i18n (0.6.1)
-    journey (1.0.4)
-    jquery-rails (2.1.3)
-      railties (>= 3.1.0, < 5.0)
-      thor (~> 0.14)
-    json (1.7.5)
-    libv8 (3.3.10.4)
-    linecache (0.46)
-      rbx-require-relative (> 0.0.4)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    metaclass (0.0.1)
-    mime-types (1.19)
-    mocha (0.12.6)
-      metaclass (~> 0.0.1)
-    multi_json (1.3.6)
-    polyglot (0.3.3)
-    rack (1.4.1)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (3.2.8)
-      actionmailer (= 3.2.8)
-      actionpack (= 3.2.8)
-      activerecord (= 3.2.8)
-      activeresource (= 3.2.8)
-      activesupport (= 3.2.8)
-      bundler (~> 1.0)
-      railties (= 3.2.8)
-    rails_warden (0.5.7)
-      warden (>= 1.0.0)
-    railties (3.2.8)
-      actionpack (= 3.2.8)
-      activesupport (= 3.2.8)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (0.9.2.2)
-    rbx-require-relative (0.0.9)
-    rdoc (3.12)
-      json (~> 1.4)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    ruby-debug (0.10.4)
-      columnize (>= 0.1)
-      ruby-debug-base (~> 0.10.4.0)
-    ruby-debug-base (0.10.4)
-      linecache (>= 0.3)
-    ruby-srp (0.1.4)
-    sass (3.2.1)
-    sass-rails (3.2.5)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
-    simple_form (2.0.4)
-      actionpack (~> 3.0)
-      activemodel (~> 3.0)
-    sprockets (2.1.3)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    therubyracer (0.10.2)
-      libv8 (~> 3.3.10)
-    thor (0.16.0)
-    tilt (1.3.3)
-    treetop (1.4.10)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.33)
-    uglifier (1.2.7)
-      execjs (>= 0.3.0)
-      multi_json (~> 1.3)
-    warden (1.2.1)
-      rack (>= 1.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bootstrap-sass (~> 2.1.0)
-  coffee-rails (~> 3.2.2)
-  haml (~> 3.1.7)
-  haml-rails (~> 0.3.4)
-  jquery-rails
-  leap_web_certs!
-  leap_web_core!
-  leap_web_help!
-  leap_web_users!
-  mocha
-  ruby-debug
-  sass-rails (~> 3.2.5)
-  simple_form
-  therubyracer
-  uglifier (~> 1.2.7)
-- 
cgit v1.2.3