The first tests for authentication in Java

Paint Data Matrix 2d barcode in Java The first tests for authentication
Listing 1010 The first tests for authentication
ECC200 Encoder In Java
Using Barcode printer for Java Control to generate, create Data Matrix 2d barcode image in Java applications.
spec/controllers/users_controller_specrb
Bar Code Drawer In Java
Using Barcode maker for Java Control to generate, create barcode image in Java applications.
describe UsersController do render_views describe "authentication of edit/update pages" do before(:each) do @user = Factory(:user) end describe "for non-signed-in users" do it "should deny access to 'edit'" do get :edit, :id => @user
Recognizing Barcode In Java
Using Barcode reader for Java Control to read, scan read, scan image in Java applications.
5 To be fair, they would need the user s password, but if we ever made the password unnecessary (as planned for the screencasts) it would open up a huge security hole
Printing DataMatrix In Visual C#.NET
Using Barcode encoder for .NET framework Control to generate, create ECC200 image in .NET framework applications.
Protecting Pages
Printing ECC200 In Visual Studio .NET
Using Barcode printer for ASP.NET Control to generate, create DataMatrix image in ASP.NET applications.
responseshould redirect_to(signin_path) end
Creating Data Matrix 2d Barcode In VS .NET
Using Barcode drawer for Visual Studio .NET Control to generate, create ECC200 image in Visual Studio .NET applications.
it "should deny access to 'update'" do put :update, :id => @user, :user => {} responseshould redirect_to(signin_path) end end end end
Generate Data Matrix ECC200 In VB.NET
Using Barcode maker for .NET framework Control to generate, create Data Matrix 2d barcode image in VS .NET applications.
A mockup of the result of visiting a protected page
Paint Universal Product Code Version A In Java
Using Barcode generator for Java Control to generate, create GTIN - 12 image in Java applications.
10: Updating, Showing, and Deleting Users
Encode Barcode In Java
Using Barcode generator for Java Control to generate, create bar code image in Java applications.
The application code gets these tests to pass using a before filter, which arranges for a particular method to be called before the given actions In this case, we define an authenticate method and invoke it using before_filter :authenticate, as shown in Listing 1011
Encoding USS Code 39 In Java
Using Barcode generation for Java Control to generate, create Code 39 image in Java applications.
Listing 1011 Adding an authenticate before filter
Bar Code Printer In Java
Using Barcode drawer for Java Control to generate, create bar code image in Java applications.
app/controllers/users_controllerrb
Make EAN / UCC - 13 In Java
Using Barcode generator for Java Control to generate, create GS1 - 13 image in Java applications.
class UsersController < ApplicationController before_filter :authenticate, :only => [:edit, :update] private def authenticate deny_access unless signed_in end end
ISBN Maker In Java
Using Barcode creation for Java Control to generate, create ISBN - 13 image in Java applications.
By default, before filters apply to every action in a controller, so here we restrict the filter to act only on the :edit and :update actions by passing the :only options hash This code won t work yet, because deny_access hasn t been defined Since access denial is part of authentication, we ll put it in the Sessions helper from 9 All deny_access does is put a message in flash[:notice] and then redirect to the signin page (Listing 1012)
Drawing Bar Code In Visual C#
Using Barcode drawer for VS .NET Control to generate, create barcode image in .NET framework applications.
Listing 1012 The deny_access method for user authentication
Recognizing Code 39 Extended In Visual Studio .NET
Using Barcode scanner for .NET framework Control to read, scan read, scan image in VS .NET applications.
app/helpers/sessions_helperrb
Making Bar Code In .NET
Using Barcode printer for ASP.NET Control to generate, create barcode image in ASP.NET applications.
module SessionsHelper def deny_access redirect_to signin_path, :notice => "Please sign in to access this page" end end
Bar Code Drawer In .NET
Using Barcode creation for ASP.NET Control to generate, create bar code image in ASP.NET applications.
Note here that Listing 1012 uses a shortcut for setting flash[:notice] by passing an options hash to the redirect_to function The code in Listing 1012 is equivalent to the more verbose
Scan Barcode In Java
Using Barcode decoder for Java Control to read, scan read, scan image in Java applications.
Protecting Pages
Data Matrix Creation In VS .NET
Using Barcode maker for ASP.NET Control to generate, create Data Matrix ECC200 image in ASP.NET applications.
The signin form after trying to access a protected page
GTIN - 128 Encoder In .NET Framework
Using Barcode generator for ASP.NET Control to generate, create EAN / UCC - 13 image in ASP.NET applications.
flash[:notice] = "Please sign in to access this page" redirect_to signin_path
(The same construction works for the :error key, but not for :success) Together with :success and :error, the :notice key completes our triumvirate of flash styles, all of which are supported natively by Blueprint CSS By signing out and attempting to access the user edit page /users/1/edit, we can see the resulting yellow "notice" box, as seen in Figure 106
1022 Requiring the Right User
Of course, requiring users to sign in isn t quite enough; users should only be allowed to edit their own information We can test for this by first signing in as an incorrect user and then hitting the edit and update actions (Listing 1013) Note that, since users
10: Updating, Showing, and Deleting Users
should never even try to edit another user s profile, we redirect not to the signin page but to the root url
Listing 1013 Authentication tests for signed-in users
spec/controllers/users_controller_specrb
describe UsersController do render_views describe "authentication of edit/update pages" do describe "for signed-in users" do before(:each) do wrong_user = Factory(:user, :email => "user@examplenet") test_sign_in(wrong_user) end it "should require matching users for 'edit'" do get :edit, :id => @user responseshould redirect_to(root_path) end it "should require matching users for 'update'" do put :update, :id => @user, :user => {} responseshould redirect_to(root_path) end end end end
The application code is simple: we add a second before filter to call the correct_user method (which we have to write), as shown in Listing 1014
Listing 1014 A correct_user before filter to protect the edit/update pages
app/controllers/users_controllerrb
class UsersController < ApplicationController before_filter :authenticate, :only => [:edit, :update] before_filter :correct_user, :only => [:edit, :update]
Protecting Pages
def edit @title = "Edit user" end private def authenticate deny_access unless signed_in end def correct_user @user = Userfind(params[:id]) redirect_to(root_path) unless current_user (@user) end end
This uses the current_user method, which (as with deny_access) we define in the Sessions helper (Listing 1015)
Listing 1015 The current_user method
app/helpers/sessions_helperrb
module SessionsHelper def current_user (user) user == current_user end def deny_access redirect_to signin_path, :notice => "Please sign in to access this page" end private end
Listing 1014 also shows the updated edit action Before, in Listing 102, we had
def edit @user = Userfind(params[:id]) @title = "Edit user" end
10: Updating, Showing, and Deleting Users
but now that the correct_user before filter defines @user we can omit it from the edit action (and from the update action as well)