serialize sessions

Author: beno

Gemfile.lock

@@ -2,18 +2,20 @@ PATH
   remote: .
   specs:
     roda-auth (0.0.1)
+      bcrypt (~> 3)
       roda (~> 1.2)
       warden (~> 1.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    bcrypt (3.1.9)
     minitest (5.5.0)
     rack (1.6.0)
     rack-test (0.6.2)
       rack (>= 1.0)
     rake (10.4.2)
-    roda (1.2.0)
+    roda (1.3.0)
       rack
     warden (1.2.3)
       rack (>= 1.0)

README.md

@@ -1,6 +1,10 @@
 Roda plugin for Authentication
 =============
 
+### Status
+
+This is a first stab at integrating Roda and Warden. It is by no means ready for real use.
+
 ### Quick start
 
 Install gem with
@@ -59,6 +63,12 @@ class MyUser
     end
   end
 
+  #required when using :form strategy (for sessions)
+  
+  def self.find_by_id(id)
+    find(id)
+  end
+  
   #optional - used for  generating/updating auth tokens or tracking logins
 
   def authentic!

Rakefile

@@ -4,3 +4,11 @@ Rake::TestTask.new do |t|
 	t.libs << "test"
 	t.pattern = "test/*_test.rb"
 end
+
+desc 'individual test'
+task :one, [:file] do |_, f|
+	Rake::TestTask.new do |t|
+		t.libs << "test"
+		t.test_files = [f[:file]]
+	end
+end

lib/roda/plugins/auth.rb

@@ -28,6 +28,12 @@ def self.configure(app, *args)
 				when :form
 					strategies = [:password]
 					app.use Rack::Session::Cookie, options.delete(:cookie)
+					Warden::Manager.serialize_into_session do |user|
+						user.id
+					end
+					Warden::Manager.serialize_from_session do |id|
+						user_class.find_by_id(id)
+					end
 				when :token
 					strategies = [:token, :password]
 				end

test/auth_basic_test.rb

@@ -30,7 +30,7 @@ def setup
 	def test_public
 		assert_equal 200, status('/public')
 	end
-
+	
 	def test_private_refused
 		assert_equal 401, status('/private')
 		assert_equal "Basic realm=\"/private\"", header('WWW-AUTHENTICATE', '/private')

test/auth_form_test.rb

@@ -13,10 +13,10 @@ def setup
 
 		app :bare do |app|
 
-			app.plugin :auth, :form, redirect: '/login'
+			app.plugin :auth, :form, redirect: '/login', cookie: {secret:'foo'}
 
 			app.route do |r|
-				r.post('login') { sign_in }
+				r.post('login') { sign_in ? 'ok' : nil }
 				r.get('login') { 'LOGIN FORM' }
 				r.post('logout') { sign_out }
 				r.on 'public' do
@@ -33,21 +33,21 @@ def setup
 	def test_public
 		assert_equal 200, status('/public')
 	end
-
+	
 	def test_private_refuse_redirect
 		r = req('/private')
 		assert_equal 302, r[0]
 		assert_equal "/login", r[1]['LOCATION']
 	end
 
 	def test_private_accepted
-		post('/signout')
+		post('/logout')
 		cookie = login
 		assert_equal 200, status('/private', {'HTTP_COOKIE' => cookie})
 	end
 
 	def test_private_error
-		req('/signout')
+		req('/logout')
 		cookie = login(invalid_credentials)
 		assert_equal 302, status('/private', {'HTTP_COOKIE' => cookie})
 	end
@@ -58,7 +58,7 @@ def test_private_error
 
 	def login(cred = valid_credentials)
 		r = req('/login', {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(cred)})
-		r[0] == 201 && r[1]["Set-Cookie"]
+		r[0] == 200 && r[1]["Set-Cookie"]
 	end
 
 

test/auth_token_test.rb

@@ -40,7 +40,7 @@ def test_protected_error
 	end
 
 	def test_login_body
-		assert_equal 201, status('/session', {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(valid_credentials)})
+		assert_equal 200, status('/session', {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(valid_credentials)})
 	end
 
 	def test_login_body_invalid

test/test_helpers.rb

@@ -148,7 +148,7 @@ def authentic!
 		end
 
 		## test dummy
-	
+			
 		def initialize(args)
 			@username = args[:username]
 			@password = args[:password]
@@ -159,6 +159,12 @@ def initialize(args)
 		def self.db
 			@@db ||= {users: {}, tokens: {}}
 		end
+		
+		def self.find_by_id(id)
+			db[:users].values.find do |u|
+				u.id == id
+			end
+		end
 
 		def to_json(state = nil)
 			{id: @id, username: @username, token: @token}.to_json(state)