diff options
| -rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/authentication.rb | 102 | ||||
| -rw-r--r-- | actionpack/test/controller/authentication_test.rb | 102 |
3 files changed, 0 insertions, 206 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index f4ed8f3bac..911ffd4340 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -12,8 +12,6 @@ end end -* Added authentication framework to protect actions behind a condition and redirect on failure. See ActionController::Authentication for more. - * Added Base#render_nothing as a cleaner way of doing render_text "" when you're not interested in returning anything but an empty response. * Added the possibility of passing nil to UrlHelper#link_to to use the link itself as the name diff --git a/actionpack/lib/action_controller/authentication.rb b/actionpack/lib/action_controller/authentication.rb deleted file mode 100644 index f4ccde20ca..0000000000 --- a/actionpack/lib/action_controller/authentication.rb +++ /dev/null @@ -1,102 +0,0 @@ -module ActionController #:nodoc: - module Authentication #:nodoc: - def self.append_features(base) - super - base.extend(ClassMethods) - end - - # Authentication standardizes the need to protect certain actions unless a given condition is fulfilled. It doesn't address - # _how_ someone becomes authorized, but only that if the condition isn't fulfilled a redirect to a given place will happen. - # - # The authentication model is setup up in two stages. One to configure the authentication, which is often done in the super-most - # class (such as ApplicationController in Rails), and then the protection of actions in the individual controller subclasses: - # - # class ApplicationController < ActionController::Base - # authentication :by => '@session[:authenticated]', :failure => { :controller => "login" } - # end - # - # class WeblogController < ApplicationController - # authenticates :edit, :update - # - # def show() render_text "I showed something" end - # def index() render_text "I indexed something" end - # def edit() render_text "I edited something" end - # def update() render_text "I updated something" end - # def login() @session[:authenticated] = true; render_nothing end - # end - # - # In the example above, the edit and update methods are protected by an authentication condition that requires - # <tt>@session[:authenticated]</tt> to be true. If that is not the case, the request is redirected to LoginController#index. - # Note that the :by condition is enclosed in single quotes. This is because we want to defer evaluation of the condition until - # we're at run time. Also note, that the :failure option uses the same format as Base#url_for and friends do to perform the redirect. - module ClassMethods - # Enables authentication for this class and all its subclasses. - # - # Options are: - # * <tt>:by</tt> - the code fragment that will be evaluated on each request to determine whether the request is authenticated. - # * <tt>:before</tt> - a code fragment that's run before the failure redirect happens, such as - # '@session[:return_to] = @request.request_uri'. - # * <tt>:failure</tt> - redirection options following the format of Base#url_for. - def authentication(options) - options.assert_valid_keys([:by, :failure, :before]) - class_eval <<-EOV - protected - def actions_excepted_from_authentication - self.class.read_inheritable_attribute("actions_excepted_from_authentication") || [] - end - - def actions_included_in_authentication - actions = self.class.read_inheritable_attribute("actions_included_in_authentication") - - if actions == :all - action_methods.collect { |action| action.intern } - elsif actions.is_a?(Array) - actions - else - [] - end - end - - def action_needs_authentication? - if actions_excepted_from_authentication.include?(action_name.intern) - false - elsif actions_included_in_authentication.include?(action_name.intern) - true - elsif actions_excepted_from_authentication.length > 0 - true - else - false - end - end - - def authenticate - if !action_needs_authentication? || #{options[:by]} - return true - else - #{options[:before]} - redirect_to(#{options[:failure].inspect}) - return false - end - end - EOV - - before_filter :authenticate - end - - # Protects the actions specified behind the authentication condition. - def authenticates(*actions) - write_inheritable_array("actions_included_in_authentication", actions) - end - - # Protects all the actions of this controller behind the authentication condition. - def authenticates_all - write_inheritable_attribute("actions_included_in_authentication", :all) - end - - # Protects all the actions of this controller _except_ the listed behind the authentication condition. - def authenticates_all_except(*actions) - write_inheritable_array("actions_excepted_from_authentication", actions) - end - end - end -end
\ No newline at end of file diff --git a/actionpack/test/controller/authentication_test.rb b/actionpack/test/controller/authentication_test.rb deleted file mode 100644 index 098d0596ff..0000000000 --- a/actionpack/test/controller/authentication_test.rb +++ /dev/null @@ -1,102 +0,0 @@ -require File.dirname(__FILE__) + '/../abstract_unit' - -class AuthenticationTest < Test::Unit::TestCase - class ApplicationController < ActionController::Base - authentication :by => '@session[:authenticated]', :before => '@session[:return_to] = "/weblog/"', :failure => { :controller => "login" } - end - - class WeblogController < ApplicationController - def show() render_text "I showed something" end - def index() render_text "I indexed something" end - def edit() render_text "I edited something" end - def update() render_text "I updated something" end - def login - @session[:authenticated] = true - @session[:return_to] ? redirect_to_path(@session[:return_to]) : render_nothing - end - end - - class AuthenticatesWeblogController < WeblogController - authenticates :edit, :update - end - - class AuthenticatesAllWeblogController < WeblogController - authenticates_all - end - - class AuthenticatesAllExceptWeblogController < WeblogController - authenticates_all_except :show, :index, :login - end - - class AuthenticatesSomeController < AuthenticatesAllWeblogController - authenticates_all_except :show - end - - def setup - @request = ActionController::TestRequest.new - @response = ActionController::TestResponse.new - end - - def test_access_on_authenticates - @controller = AuthenticatesWeblogController.new - - get :show - assert_success - - get :edit - assert_redirected_to :controller => "login" - end - - def test_access_on_authenticates_all - @controller = AuthenticatesAllWeblogController.new - - get :show - assert_redirected_to :controller => "login" - - get :edit - assert_redirected_to :controller => "login" - end - - def test_access_on_authenticates_all_except - @controller = AuthenticatesAllExceptWeblogController.new - - get :show - assert_success - - get :edit - assert_redirected_to :controller => "login" - end - - def test_access_on_authenticates_some - @controller = AuthenticatesSomeController.new - - get :show - assert_success - - get :edit - assert_redirected_to :controller => "login" - end - - def test_authenticated_access_on_authenticates - @controller = AuthenticatesWeblogController.new - - get :login - assert_success - - get :show - assert_success - - get :edit - assert_success - end - - def test_before_condition - @controller = AuthenticatesWeblogController.new - - get :edit - assert_redirected_to :controller => "login" - - get :login - assert_redirect_url "http://test.host/weblog/" - end -end
\ No newline at end of file |