wardencommunity / sinatra_warden Goto Github PK

tried adding authorization to my sinatra app using the sinatra_warden gem, setup a new branch for testing. checkout: http://github.com/zacharyscott/tewdew/tree/warden

NoMethodError: undefined method authenticated?' for nil:NilClass /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra_warden-0.3.1/lib/sinatra_warden/sinatra.rb:19:inauthenticated?'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra_warden-0.3.1/lib/sinatra_warden/sinatra.rb:59:in authorize!' ./main.rb:69:inGET /tasks'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:863:in call' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:863:inroute'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:521:in instance_eval' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:521:inroute_eval'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:500:in route!' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:497:incatch'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:497:in route!' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:476:ineach'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:476:in route!' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:601:indispatch!'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:411:in call!' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:566:ininstance_eval'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:566:in invoke' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:566:incatch'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:566:in invoke' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:411:incall!'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:399:in call' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/showexceptions.rb:24:incall'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/session/cookie.rb:37:in call' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:979:incall'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:1005:in synchronize' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/sinatra-1.0/lib/sinatra/base.rb:979:incall'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/lint.rb:48:in _call' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/lint.rb:36:incall'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/showexceptions.rb:24:in call' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/commonlogger.rb:18:incall'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/content_length.rb:13:in call' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/handler/webrick.rb:52:inservice'
/home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/httpserver.rb:104:in service' /home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/httpserver.rb:65:inrun'
/home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:173:in start_thread' /home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:162:instart'
/home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:162:in start_thread' /home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:95:instart'
/home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:92:in each' /home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:92:instart'
/home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:23:in start' /home/zakscott/.rvm/rubies/ruby-1.8.7-p299/lib/ruby/1.8/webrick/server.rb:82:instart'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/handler/webrick.rb:13:in run' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/server.rb:213:instart'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/lib/rack/server.rb:100:in start' /home/zakscott/.rvm/gems/ruby-1.8.7-p299/gems/rack-1.2.1/bin/rackup:4 /home/zakscott/.rvm/gems/ruby-1.8.7-p299/bin/rackup:19:inload'
/home/zakscott/.rvm/gems/ruby-1.8.7-p299/bin/rackup:19
127.0.0.1 - - [02/Aug/2010 22:08:00] "GET /tasks HTTP/1.1" 500 127330 0.2552

Hi!

I'm a new user of this library, and I'd like to explore what it takes for it to be 2.x-compatible.

# application
class Application < Sinatra::Base
  register Sinatra::Warden
  set :use_oauth, false

  use Warden::Manager do |config|
    config.serialize_into_session{|user| user.id }
    config.serialize_from_session{|id| User.get(id) }
    config.scope_defaults :default, strategies: [:password], action: 'login'
    config.failure_app = self
  end

    Warden::Manager.before_failure do |env, opts|
      env['REQUEST_METHOD'] = 'GET'
    end
end

# strategy
require 'warden'
Warden::Strategies.add(:password) do
  def valid?
    params['user'] && params['user']['login'] && params['user']['password']
  end

  def authenticate!
    user = User.first login: params['user']['login'], password: params['user']['password']
    if user.nil?
      throw(:warden, message: "The username you entered does not exist.")
    elsif user.authenticate(params['user']['password'])
      success!(user)
    else
      throw(:warden, message: "The username and password combination ")
    end
  end
end

# user
class User
  def authenticate(attempted_password)
    true
  end
end

As i understood debugging the app, the password strategy successfully autheticates the user, but it doesn't put serialized user to the session.
This code worked on 0.3.2, but fails on 1.0.0.

I just tracked down an issue we we're having with sessions which was caused because this gem silently enables sessions at the Sinatra level. Our product spans a couple Sinatra and plain Rack apps so we use Rack::Session::Cookie as a normal middleware, which causes conflicts with the "Sinatra way".

I'm not sure if it's feasible but I like the approach rack_csrf takes that checks for sessions or raises an error.

Hi,

I am trying to use Warden to Authenticate two different modular Sinatra apps, and I have run into trouble with that. I posted a repo that shows my problem.

[email protected]:resistorsoftware/test-modular-sinatra.git

I am getting Thread errors with Warden 1.0.3 on Ruby 1.8.7 and Sinatra 1.2.3. I have been using Thin to avoid session problems with shotgun. I managed to cobble it all together in my real app.. but only with an Ugly hack involving the Failure App. I set it to a stand-alone Class to handle failures, and my problems go away. When I set the failure app to the modular app itself, I get endless looping and/or thread errors from Warden.. depending on how I arrange things.

Can anyone point me to glory here? I really would love to have this Warden Authentication working like a peach, and I am sure it is possible.

Thanks!

Am I right to think your README's Usage example should use:

require 'sinatra/base'

instead of

require 'sinatra'

?

is there a way to make it so :login will redirect to somewhere else if we're already logged in?

@jsmestad I have a Rails app that handles all of our authentication today using sessions stored in cookies. Upon every request, the cookie is sent back to the Rails app, decrypted using devise, and authenticated.

I have a separate sinatra app under the same tld that needs to authenticate each incoming request. I would like to send the same cookie generated from the Rails app mentioned above to this separate sinatra app to authenticate. Can I use sintatra_warden to do so?

I realize I will need a shared secret between the two apps...

Default :auth_success_path, lambda { back } specified in http://github.com/jsmestad/sinatra_warden/blob/master/lib/sinatra_warden/sinatra.rb#L42 does not work correctly bailing out with NameError: undefined local variable or method `back' for Sinatra::Application:Class

Unit tests do not catch this issue because :auth_success_path is redefined in them.