From 11f766d3eb85fe363a17a861a9426307cd80d7f6 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sun, 9 Jan 2005 17:21:29 +0000
Subject: Removed authentication framework as xal made me realize that with
 noradios conditional filters, it was actually more code to use the framework
 than doing it by hand. Killing a darling! Props to noradio for the patch and
 xal for the nerve to stand up and question the captain before the plane
 crashed. Oh, and a pad on my own back for walking away from a couple of hours
 of work without getting pissy

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@355 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/CHANGELOG                               |   2 -
 actionpack/lib/action_controller/authentication.rb | 102 ---------------------
 actionpack/test/controller/authentication_test.rb  | 102 ---------------------
 3 files changed, 206 deletions(-)
 delete mode 100644 actionpack/lib/action_controller/authentication.rb
 delete mode 100644 actionpack/test/controller/authentication_test.rb

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index f4ed8f3bac..911ffd4340 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -12,8 +12,6 @@
         end
     end
 
-* Added authentication framework to protect actions behind a condition and redirect on failure. See ActionController::Authentication for more.
-
 * Added Base#render_nothing as a cleaner way of doing render_text "" when you're not interested in returning anything but an empty response.
 
 * Added the possibility of passing nil to UrlHelper#link_to to use the link itself as the name
diff --git a/actionpack/lib/action_controller/authentication.rb b/actionpack/lib/action_controller/authentication.rb
deleted file mode 100644
index f4ccde20ca..0000000000
--- a/actionpack/lib/action_controller/authentication.rb
+++ /dev/null
@@ -1,102 +0,0 @@
-module ActionController #:nodoc:
-  module Authentication #:nodoc:
-    def self.append_features(base)
-      super
-      base.extend(ClassMethods)
-    end
-
-    # Authentication standardizes the need to protect certain actions unless a given condition is fulfilled. It doesn't address
-    # _how_ someone becomes authorized, but only that if the condition isn't fulfilled a redirect to a given place will happen.
-    #
-    # The authentication model is setup up in two stages. One to configure the authentication, which is often done in the super-most
-    # class (such as ApplicationController in Rails), and then the protection of actions in the individual controller subclasses:
-    #
-    #   class ApplicationController < ActionController::Base
-    #     authentication :by => '@session[:authenticated]', :failure => { :controller => "login" }
-    #   end
-    #   
-    #   class WeblogController < ApplicationController
-    #     authenticates :edit, :update
-    #
-    #     def show()   render_text "I showed something"  end
-    #     def index()  render_text "I indexed something" end
-    #     def edit()   render_text "I edited something"  end
-    #     def update() render_text "I updated something" end
-    #     def login()  @session[:authenticated] = true; render_nothing end
-    #   end
-    # 
-    # In the example above, the edit and update methods are protected by an authentication condition that requires 
-    # <tt>@session[:authenticated]</tt> to be true. If that is not the case, the request is redirected to LoginController#index.
-    # Note that the :by condition is enclosed in single quotes. This is because we want to defer evaluation of the condition until
-    # we're at run time. Also note, that the :failure option uses the same format as Base#url_for and friends do to perform the redirect.
-    module ClassMethods
-      # Enables authentication for this class and all its subclasses.
-      #
-      # Options are:
-      # * <tt>:by</tt> - the code fragment that will be evaluated on each request to determine whether the request is authenticated.
-      # * <tt>:before</tt> - a code fragment that's run before the failure redirect happens, such as 
-      #   '@session[:return_to] = @request.request_uri'.
-      # * <tt>:failure</tt> - redirection options following the format of Base#url_for.
-      def authentication(options)
-        options.assert_valid_keys([:by, :failure, :before])
-        class_eval <<-EOV
-          protected          
-            def actions_excepted_from_authentication
-              self.class.read_inheritable_attribute("actions_excepted_from_authentication") || []
-            end
-          
-            def actions_included_in_authentication
-              actions = self.class.read_inheritable_attribute("actions_included_in_authentication")
-
-              if actions == :all
-                action_methods.collect { |action| action.intern }
-              elsif actions.is_a?(Array)
-                actions
-              else
-                []
-              end
-            end
-          
-            def action_needs_authentication?
-              if actions_excepted_from_authentication.include?(action_name.intern)
-                false
-              elsif actions_included_in_authentication.include?(action_name.intern)
-                true
-              elsif actions_excepted_from_authentication.length > 0
-                true
-              else
-                false
-              end
-            end
-          
-            def authenticate
-              if !action_needs_authentication? || #{options[:by]}
-                return true
-              else
-                #{options[:before]}
-                redirect_to(#{options[:failure].inspect})
-                return false
-              end
-            end
-        EOV
-
-        before_filter :authenticate
-      end
-      
-      # Protects the actions specified behind the authentication condition.
-      def authenticates(*actions)
-        write_inheritable_array("actions_included_in_authentication", actions)
-      end
-
-      # Protects all the actions of this controller behind the authentication condition.
-      def authenticates_all
-        write_inheritable_attribute("actions_included_in_authentication", :all)
-      end
-      
-      # Protects all the actions of this controller _except_ the listed behind the authentication condition.
-      def authenticates_all_except(*actions)
-        write_inheritable_array("actions_excepted_from_authentication", actions)
-      end
-    end
-  end
-end
\ No newline at end of file
diff --git a/actionpack/test/controller/authentication_test.rb b/actionpack/test/controller/authentication_test.rb
deleted file mode 100644
index 098d0596ff..0000000000
--- a/actionpack/test/controller/authentication_test.rb
+++ /dev/null
@@ -1,102 +0,0 @@
-require File.dirname(__FILE__) + '/../abstract_unit'
-
-class AuthenticationTest < Test::Unit::TestCase
-  class ApplicationController < ActionController::Base
-    authentication :by => '@session[:authenticated]', :before => '@session[:return_to] = "/weblog/"', :failure => { :controller => "login" }
-  end
-
-  class WeblogController < ApplicationController
-    def show()   render_text "I showed something"  end
-    def index()  render_text "I indexed something" end
-    def edit()   render_text "I edited something"  end
-    def update() render_text "I updated something" end
-    def login
-      @session[:authenticated] = true
-      @session[:return_to] ? redirect_to_path(@session[:return_to]) : render_nothing
-    end
-  end
-
-  class AuthenticatesWeblogController < WeblogController
-    authenticates :edit, :update
-  end
-
-  class AuthenticatesAllWeblogController < WeblogController
-    authenticates_all
-  end
-
-  class AuthenticatesAllExceptWeblogController < WeblogController
-    authenticates_all_except :show, :index, :login
-  end
-
-  class AuthenticatesSomeController < AuthenticatesAllWeblogController
-    authenticates_all_except :show
-  end
-
-  def setup
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
-  end
-
-  def test_access_on_authenticates
-    @controller = AuthenticatesWeblogController.new
-
-    get :show
-    assert_success
-
-    get :edit
-    assert_redirected_to :controller => "login"
-  end
-
-  def test_access_on_authenticates_all
-    @controller = AuthenticatesAllWeblogController.new
-
-    get :show
-    assert_redirected_to :controller => "login"
-
-    get :edit
-    assert_redirected_to :controller => "login"
-  end
-
-  def test_access_on_authenticates_all_except
-    @controller = AuthenticatesAllExceptWeblogController.new
-
-    get :show
-    assert_success
-
-    get :edit
-    assert_redirected_to :controller => "login"
-  end
-  
-  def test_access_on_authenticates_some
-    @controller = AuthenticatesSomeController.new
-
-    get :show
-    assert_success
-
-    get :edit
-    assert_redirected_to :controller => "login"
-  end
-  
-  def test_authenticated_access_on_authenticates
-    @controller = AuthenticatesWeblogController.new
-
-    get :login
-    assert_success
-
-    get :show
-    assert_success
-
-    get :edit
-    assert_success
-  end
-  
-  def test_before_condition
-    @controller = AuthenticatesWeblogController.new
-
-    get :edit
-    assert_redirected_to :controller => "login"
-    
-    get :login
-    assert_redirect_url "http://test.host/weblog/"
-  end
-end
\ No newline at end of file
-- 
cgit v1.2.3