1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
|
# encoding: utf-8
require 'spec_helper'
describe Warden::Manager do
before(:all) do
load_strategies
end
it "should insert a Proxy object into the rack env" do
env = env_with_params
setup_rack(success_app).call(env)
expect(env["warden"]).to be_an_instance_of(Warden::Proxy)
end
describe "thrown auth" do
before(:each) do
@basic_app = lambda{|env| [200,{'Content-Type' => 'text/plain'},'OK']}
@authd_app = lambda do |e|
if e['warden'].authenticated?
[200,{'Content-Type' => 'text/plain'},"OK"]
else
[401,{'Content-Type' => 'text/plain'},"Fail From The App"]
end
end
@env = Rack::MockRequest.
env_for('/', 'HTTP_VERSION' => '1.1', 'REQUEST_METHOD' => 'GET')
end # before(:each)
describe "Failure" do
it "should respond with a 401 response if the strategy fails authentication" do
env = env_with_params("/", :foo => "bar")
app = lambda do |env|
env['warden'].authenticate(:failz)
throw(:warden, :action => :unauthenticated)
end
result = setup_rack(app, :failure_app => @fail_app).call(env)
expect(result.first).to eq(401)
end
it "should use the failure message given to the failure method" do
env = env_with_params("/", {})
app = lambda do |env|
env['warden'].authenticate(:failz)
throw(:warden)
end
result = setup_rack(app, :failure_app => @fail_app).call(env)
expect(result.last).to eq(["You Fail!"])
end
it "should render the failure app when there's a failure" do
app = lambda do |e|
throw(:warden, :action => :unauthenticated) unless e['warden'].authenticated?(:failz)
end
fail_app = lambda do |e|
[401, {"Content-Type" => "text/plain"}, ["Failure App"]]
end
result = setup_rack(app, :failure_app => fail_app).call(env_with_params)
expect(result.last).to eq(["Failure App"])
end
it "should call failure app if warden is thrown even after successful authentication" do
env = env_with_params("/", {})
app = lambda do |env|
env['warden'].authenticate(:pass)
throw(:warden)
end
result = setup_rack(app, :failure_app => @fail_app).call(env)
expect(result.first).to eq(401)
expect(result.last).to eq(["You Fail!"])
end
it "should set the attempted url in warden.options hash" do
env = env_with_params("/access/path", {})
app = lambda do |env|
env['warden'].authenticate(:pass)
throw(:warden)
end
result = setup_rack(app, :failure_app => @fail_app).call(env)
expect(result.first).to eq(401)
expect(env["warden.options"][:attempted_path]).to eq("/access/path")
end
it "should catch a resubmitted request" do
# this is a bit convoluted. but it's occurred in the field with Rack::OpenID
$count = 0
$throw_count = 0
env = env_with_params("/foo")
class ::ResubmittingMiddleware
@@app = nil
def initialize(app)
@@app = app
end
def self.call(env)
if $count > 1
Rack::Response.new("Bad", 401)
else
$count += 1
@@app.call(env)
end
end
def call(env)
$count += 1
@@app.call(env)
end
end
app = lambda do |e|
$throw_count += 1
throw(:warden)
end
builder = Rack::Builder.new do
use ResubmittingMiddleware
use Warden::Manager do |config|
config.failure_app = ResubmittingMiddleware
end
run app
end
result = builder.to_app.call(env)
expect(result[0]).to eq(401)
expect(result[2].body).to eq(["Bad"])
expect($throw_count).to eq(2)
end
it "should use the default scopes action when a bare throw is used" do
env = env_with_params("/", :foo => "bar")
action = nil
failure = lambda do |env|
action = env['PATH_INFO']
[401, {}, ['fail']]
end
app = lambda do |env|
throw(:warden)
end
result = setup_rack(app,
:failure_app => failure,
:configurator => lambda{ |c| c.scope_defaults(:default, :action => 'my_action', :strategies => [:password]) }
).call(env)
expect(action).to eq("/my_action")
expect(result.first).to eq(401)
end
end # failure
end
describe "integrated strategies" do
before(:each) do
RAS = Warden::Strategies unless defined?(RAS)
Warden::Strategies.clear!
@app = setup_rack do |env|
env['warden'].authenticate!(:foobar)
[200, {"Content-Type" => "text/plain"}, ["Foo Is A Winna"]]
end
end
describe "redirecting" do
it "should redirect with a message" do
RAS.add(:foobar) do
def authenticate!
redirect!("/foo/bar", {:foo => "bar"}, :message => "custom redirection message")
end
end
result = @app.call(env_with_params)
expect(result[0]).to eq(302)
expect(result[1]["Location"]).to eq("/foo/bar?foo=bar")
expect(result[2]).to eq(["custom redirection message"])
end
it "should redirect with a default message" do
RAS.add(:foobar) do
def authenticate!
redirect!("/foo/bar", {:foo => "bar"})
end
end
result = @app.call(env_with_params)
expect(result[0]).to eq(302)
expect(result[1]['Location']).to eq("/foo/bar?foo=bar")
expect(result[2]).to eq(["You are being redirected to /foo/bar?foo=bar"])
end
it "should redirect with a permanent redirect" do
RAS.add(:foobar) do
def authenticate!
redirect!("/foo/bar", {}, :permanent => true)
end
end
result = @app.call(env_with_params)
expect(result[0]).to eq(301)
end
it "should redirect with a content type" do
RAS.add(:foobar) do
def authenticate!
redirect!("/foo/bar", {:foo => "bar"}, :content_type => "text/xml")
end
end
result = @app.call(env_with_params)
expect(result[0]).to eq(302)
expect(result[1]["Location"]).to eq("/foo/bar?foo=bar")
expect(result[1]["Content-Type"]).to eq("text/xml")
end
it "should redirect with a default content type" do
RAS.add(:foobar) do
def authenticate!
redirect!("/foo/bar", {:foo => "bar"})
end
end
result = @app.call(env_with_params)
expect(result[0]).to eq(302)
expect(result[1]["Location"]).to eq("/foo/bar?foo=bar")
expect(result[1]["Content-Type"]).to eq("text/plain")
end
end
describe "failing" do
it "should fail according to the failure app" do
RAS.add(:foobar) do
def authenticate!
fail!
end
end
env = env_with_params
result = @app.call(env)
expect(result[0]).to eq(401)
expect(result[2]).to eq(["You Fail!"])
expect(env['PATH_INFO']).to eq("/unauthenticated")
end
it "should allow you to customize the response" do
app = lambda do |e|
e['warden'].custom_failure!
[401,{'Content-Type' => 'text/plain'},["Fail From The App"]]
end
env = env_with_params
result = setup_rack(app).call(env)
expect(result[0]).to eq(401)
expect(result[2]).to eq(["Fail From The App"])
end
it "should allow you to customize the response without the explicit call to custom_failure! if not intercepting 401" do
app = lambda do |e|
[401,{'Content-Type' => 'text/plain'},["Fail From The App"]]
end
env = env_with_params
result = setup_rack(app, :intercept_401 => false).call(env)
expect(result[0]).to eq(401)
expect(result[2]).to eq(["Fail From The App"])
end
it "should render the failure application for a 401 if no custom_failure flag is set" do
app = lambda do |e|
[401,{'Content-Type' => 'text/plain'},["Fail From The App"]]
end
result = setup_rack(app).call(env_with_params)
expect(result[0]).to eq(401)
expect(result[2]).to eq(["You Fail!"])
end
end # failing
describe "custom rack response" do
it "should return a custom rack response" do
RAS.add(:foobar) do
def authenticate!
custom!([523, {"Content-Type" => "text/plain", "Custom-Header" => "foo"}, ["Custom Stuff"]])
end
end
result = @app.call(env_with_params)
expect(result[0]).to eq(523)
expect(result[1]["Custom-Header"]).to eq("foo")
expect(result[2]).to eq(["Custom Stuff"])
end
end
describe "success" do
it "should pass through to the application when there is success" do
RAS.add(:foobar) do
def authenticate!
success!("A User")
end
end
env = env_with_params
result = @app.call(env)
expect(result[0]).to eq(200)
expect(result[2]).to eq(["Foo Is A Winna"])
end
end
end # integrated strategies
it "should allow me to set a different default scope for warden" do
Rack::Builder.new do
use Warden::Manager, :default_scope => :default do |manager|
expect(manager.default_scope).to eq(:default)
manager.default_scope = :other
expect(manager.default_scope).to eq(:other)
end
end
end
it "should allow me to access strategies through manager" do
Rack::Builder.new do
use Warden::Manager do |manager|
expect(manager.strategies).to eq(Warden::Strategies)
end
end
end
end
|
