Last active
December 20, 2015 04:59
-
-
Save andrewcsmith/6075364 to your computer and use it in GitHub Desktop.
A quick and dirty way to authenticate users in a Sinatra app. Probably not secure.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'sinatra' | |
require 'sinatra/reloader' if development? | |
require 'digest/md5' | |
require 'haml' | |
# enable :sessions | |
use Rack::Session::Cookie, :key => 'rack.session', :path => '/', :secret => 'change_me' | |
auth_dir = "./auth" | |
configure :test do | |
auth_dir = "./auth_test" | |
unless Dir.exist? auth_dir | |
Dir.mkdir auth_dir | |
end | |
end | |
get '/' do | |
if session[:name] | |
@greeting = session[:name] | |
else | |
@greeting = "World" | |
end | |
haml :index | |
end | |
get '/login' do | |
haml :login | |
end | |
post '/login' do | |
file_path = "#{auth_dir}/#{params[:name]}.txt" | |
if File.exist?(file_path) && params[:password] | |
provided_password = Digest::MD5.hexdigest(params[:password].strip) | |
correct_password = File.read(file_path) | |
if provided_password == correct_password | |
session[:name] = params[:name] | |
redirect to '/' | |
else | |
"Invalid password." | |
end | |
else | |
"You don't exist" | |
end | |
end | |
get '/join' do | |
haml :join | |
end | |
post '/join' do | |
file_path = "#{auth_dir}/#{params[:name]}.txt" | |
if !File.exist?(file_path) && params[:password] | |
File.open(file_path, 'w') do |f| | |
f.print Digest::MD5.hexdigest(params[:password].strip) | |
end | |
session[:name] = params[:name] | |
redirect to '/' | |
else | |
"You already exist, or forgot to provide a password." | |
end | |
end | |
get '/logout' do | |
session.destroy | |
redirect to '/' | |
end | |
__END__ | |
@@ layout | |
%html | |
%body | |
= yield | |
%br | |
%ul.nav-menu{:style => "list-style-type: none;"} | |
%li | |
%a{:href => "/login"} Log In | |
%li | |
%a{:href => "/logout"} Log Out | |
%li | |
%a{:href => "/join"} Join | |
@@ index | |
= "Hello, #{@greeting}!" | |
@@ login | |
= "Log in here" | |
%form{:action => '/login', :method => 'post'} | |
%input{:type => 'text', :name => 'name'} | |
%input{:type => 'password', :name => 'password'} | |
%input{:type => 'submit', :value => 'Log In'} | |
@@ join | |
= "Join Us." | |
%form{:action => '/join', :method => 'post'} | |
%input{:type => 'test', :name => 'name'} | |
%input{:type => 'password', :name => 'password'} | |
%input{:type => 'submit', :value => 'Sign Up'} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'minitest/autorun' | |
require 'rack/test' | |
require './sinatrauthenticate.rb' | |
set :environment, :test | |
class SinatrauthenticateTest < MiniTest::Test | |
include Rack::Test::Methods | |
def app | |
Sinatra::Application | |
end | |
def test_hello_world | |
get '/' | |
assert last_response.ok? | |
assert_match /Hello, World!/, last_response.body | |
end | |
def test_login_page | |
get '/login' | |
assert last_response.ok? | |
assert_match /Log in here/, last_response.body | |
end | |
def test_join_page | |
get '/join' | |
assert last_response.ok? | |
assert_match /Join Us\./, last_response.body | |
end | |
def test_successful_login | |
post '/join', :name => "Andrew", :password => "unsafe" | |
post '/login', :name => "Andrew", :password => "unsafe" | |
follow_redirect! | |
assert_match /Hello, Andrew!/, last_response.body | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment