Empact-authlogic 2.1.4

data/test/session_test/brute_force_protection_test.rb

@@ -0,0 +1,101 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module BruteForceProtectionTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_consecutive_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 10
+        assert_equal 10, UserSession.consecutive_failed_logins_limit
+    
+        UserSession.consecutive_failed_logins_limit 50
+        assert_equal 50, UserSession.consecutive_failed_logins_limit
+      end
+      
+      def test_failed_login_ban_for
+        UserSession.failed_login_ban_for = 10
+        assert_equal 10, UserSession.failed_login_ban_for
+    
+        UserSession.failed_login_ban_for 2.hours
+        assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
+      end
+    end
+    
+    class InstaceMethodsTest < ActiveSupport::TestCase
+      def test_under_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks")
+      end
+
+      def test_exceeded_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        assert UserSession.create(ben).new_session?
+        ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
+        assert !UserSession.create(ben).new_session?
+      end
+    
+      def test_exceeding_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        session = UserSession.new(:login => ben.login, :password => "badpassword2")
+        assert !session.save
+        assert session.errors[:password].size == 0
+        assert_equal 3, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+      
+      def test_exceeded_ban_for
+        UserSession.consecutive_failed_logins_limit = 2
+        UserSession.generalize_credentials_error_messages true
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.invalid_password?
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        assert session.save
+        assert_equal 0, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+        UserSession.generalize_credentials_error_messages false
+      end
+
+      def test_exceeded_ban_and_failed_doesnt_ban_again
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "badpassword1")
+        assert !session.save
+        assert_equal 1, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+    end
+  end
+end

data/test/session_test/callbacks_test.rb

@@ -0,0 +1,6 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class CallbacksTest < ActiveSupport::TestCase
+  end
+end

data/test/session_test/cookies_test.rb

@@ -0,0 +1,112 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module CookiesTest
+    class ConfiTest < ActiveSupport::TestCase
+      def test_cookie_key
+        UserSession.cookie_key = "my_cookie_key"
+        assert_equal "my_cookie_key", UserSession.cookie_key
+    
+        UserSession.cookie_key "user_credentials"
+        assert_equal "user_credentials", UserSession.cookie_key
+      end
+    
+      def test_default_cookie_key
+        assert_equal "user_credentials", UserSession.cookie_key
+        assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
+      end
+    
+      def test_remember_me
+        UserSession.remember_me = true
+        assert_equal true, UserSession.remember_me
+        session = UserSession.new
+        assert_equal true, session.remember_me
+    
+        UserSession.remember_me false
+        assert_equal false, UserSession.remember_me
+        session = UserSession.new
+        assert_equal false, session.remember_me
+      end
+  
+      def test_remember_me_for
+        UserSession.remember_me_for = 3.years
+        assert_equal 3.years, UserSession.remember_me_for
+        session = UserSession.new
+        session.remember_me = true
+        assert_equal 3.years, session.remember_me_for
+    
+        UserSession.remember_me_for 3.months
+        assert_equal 3.months, UserSession.remember_me_for
+        session = UserSession.new
+        session.remember_me = true
+        assert_equal 3.months, session.remember_me_for
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_credentials
+        session = UserSession.new
+        session.credentials = {:remember_me => true}
+        assert_equal true, session.remember_me
+      end
+    
+      def test_remember_me
+        session = UserSession.new
+        assert_equal false, session.remember_me
+        assert !session.remember_me?
+      
+        session.remember_me = false
+        assert_equal false, session.remember_me
+        assert !session.remember_me?
+      
+        session.remember_me = true
+        assert_equal true, session.remember_me
+        assert session.remember_me?
+      
+        session.remember_me = nil
+        assert_nil session.remember_me
+        assert !session.remember_me?
+      
+        session.remember_me = "1"
+        assert_equal "1", session.remember_me
+        assert session.remember_me?
+      
+        session.remember_me = "true"
+        assert_equal "true", session.remember_me
+        assert session.remember_me?
+      end
+    
+      def test_remember_me_until
+        session = UserSession.new
+        assert_nil session.remember_me_until
+      
+        session.remember_me = true
+        assert 3.months.from_now <= session.remember_me_until
+      end
+    
+      def test_persist_persist_by_cookie
+        ben = users(:ben)
+        assert !UserSession.find
+        set_cookie_for(ben)
+        assert session = UserSession.find
+        assert_equal ben, session.record
+      end
+    
+      def test_after_save_save_cookie
+        ben = users(:ben)
+        session = UserSession.new(ben)
+        assert session.save
+        assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+      end
+    
+      def test_after_destroy_destroy_cookie
+        ben = users(:ben)
+        set_cookie_for(ben)
+        session = UserSession.find
+        assert controller.cookies["user_credentials"]
+        assert session.destroy
+        assert !controller.cookies["user_credentials"]
+      end
+    end
+  end
+end

data/test/session_test/existence_test.rb

@@ -0,0 +1,64 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module ExistenceTest
+    class ClassMethodsTest < ActiveSupport::TestCase
+      def test_create
+        ben = users(:ben)
+        assert UserSession.create(:login => "somelogin", :password => "badpw2").new_session?
+        assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { UserSession.create!(:login => ben.login, :password => "badpw") }
+        assert !UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
+      end
+    end
+    
+    class IsntaceMethodsTest < ActiveSupport::TestCase
+      def test_new_session
+        session = UserSession.new
+        assert session.new_session?
+      
+        set_session_for(users(:ben))
+        session = UserSession.find
+        assert !session.new_session?
+      end
+    
+      def test_save_with_nothing
+        session = UserSession.new
+        assert !session.save
+        assert session.new_session?
+      end
+    
+      def test_save_with_block
+        ben = users(:ben)
+        session = UserSession.new
+        block_result = session.save do |result|
+          assert !result
+        end
+        assert !block_result
+        assert session.new_session?
+      end
+    
+      def test_save_with_bang
+        session = UserSession.new
+        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
+      
+        session.unauthorized_record = users(:ben)
+        assert_nothing_raised { session.save! }
+      end
+    
+      def test_destroy
+        ben = users(:ben)
+        session = UserSession.new
+        assert !session.valid?
+        assert !session.errors.empty?
+        assert session.destroy
+        assert session.errors.empty?
+        session.unauthorized_record = ben
+        assert session.save
+        assert session.record
+        assert session.destroy
+        assert !session.record
+      end
+    end
+  end
+end

data/test/session_test/http_auth_test.rb

@@ -0,0 +1,28 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class HttpAuthTest < ActiveSupport::TestCase
+    class ConfiTest < ActiveSupport::TestCase
+      def test_allow_http_basic_auth
+        UserSession.allow_http_basic_auth = false
+        assert_equal false, UserSession.allow_http_basic_auth
+    
+        UserSession.allow_http_basic_auth true
+        assert_equal true, UserSession.allow_http_basic_auth
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_persist_persist_by_http_auth
+        ben = users(:ben)
+        http_basic_auth_for { assert !UserSession.find }
+        http_basic_auth_for(ben) do
+          assert session = UserSession.find
+          assert_equal ben, session.record
+          assert_equal ben.login, session.login
+          assert_equal "benrocks", session.send(:protected_password)
+        end
+      end
+    end
+  end
+end

data/test/session_test/id_test.rb

@@ -0,0 +1,17 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class IdTest < ActiveSupport::TestCase
+    def test_credentials
+      session = UserSession.new
+      session.credentials = [:my_id]
+      assert_equal :my_id, session.id
+    end
+      
+    def test_id
+      session = UserSession.new
+      session.id = :my_id
+      assert_equal :my_id, session.id
+    end
+  end
+end

data/test/session_test/klass_test.rb

@@ -0,0 +1,40 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module KlassTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_authenticate_with
+        UserSession.authenticate_with = Employee
+        assert_equal "Employee", UserSession.klass_name
+        assert_equal Employee, UserSession.klass
+    
+        UserSession.authenticate_with User
+        assert_equal "User", UserSession.klass_name
+        assert_equal User, UserSession.klass
+      end
+    
+      def test_klass
+        assert_equal User, UserSession.klass
+      end
+
+      def test_klass_name
+        assert_equal "User", UserSession.klass_name
+      end
+      
+      def test_guessed_klass_name
+        assert_equal "User", UserSession.guessed_klass_name
+        assert_equal "BackOfficeUser", BackOfficeUserSession.guessed_klass_name
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_record_method
+        ben = users(:ben)
+        set_session_for(ben)
+        session = UserSession.find
+        assert_equal ben, session.record
+        assert_equal ben, session.user
+      end
+    end
+  end
+end

data/test/session_test/magic_columns_test.rb

@@ -0,0 +1,62 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module MagicColumnsTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_last_request_at_threshold_config
+        UserSession.last_request_at_threshold = 2.minutes
+        assert_equal 2.minutes, UserSession.last_request_at_threshold
+    
+        UserSession.last_request_at_threshold 0
+        assert_equal 0, UserSession.last_request_at_threshold
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_after_persisting_set_last_request_at
+        ben = users(:ben)
+        assert !UserSession.create(ben).new_session?
+        
+        set_cookie_for(ben)
+        old_last_request_at = ben.last_request_at
+        assert UserSession.find
+        ben.reload
+        assert ben.last_request_at != old_last_request_at
+      end
+    
+      def test_valid_increase_failed_login_count
+        ben = users(:ben)
+        old_failed_login_count = ben.failed_login_count
+        assert UserSession.create(:login => ben.login, :password => "wrong").new_session?
+        ben.reload
+        assert_equal old_failed_login_count + 1, ben.failed_login_count
+      end
+    
+      def test_before_save_update_info
+        ben = users(:ben)
+      
+        # increase failed login count
+        assert UserSession.create(:login => ben.login, :password => "wrong").new_session?
+        ben.reload
+      
+        # grab old values
+        old_login_count = ben.login_count
+        old_failed_login_count = ben.failed_login_count
+        old_last_login_at = ben.last_login_at
+        old_current_login_at = ben.current_login_at
+        old_last_login_ip = ben.last_login_ip
+        old_current_login_ip = ben.current_login_ip
+      
+        assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        
+        ben.reload
+        assert_equal old_login_count + 1, ben.login_count
+        assert_equal 0, ben.failed_login_count
+        assert_equal old_current_login_at, ben.last_login_at
+        assert ben.current_login_at != old_current_login_at
+        assert_equal old_current_login_ip, ben.last_login_ip
+        assert_equal "1.1.1.1", ben.current_login_ip
+      end
+    end
+  end
+end

data/test/session_test/magic_states_test.rb

@@ -0,0 +1,60 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module SessionTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_disable_magic_states_config
+        UserSession.disable_magic_states = true
+        assert_equal true, UserSession.disable_magic_states
+    
+        UserSession.disable_magic_states false
+        assert_equal false, UserSession.disable_magic_states
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_disabling_magic_states
+        UserSession.disable_magic_states = true
+      
+        ben = users(:ben)
+        ben.update_attribute(:active, false)
+        assert UserSession.create(ben)
+      
+        UserSession.disable_magic_states = false
+      end
+    
+      def test_validate_validate_magic_states_active
+        session = UserSession.new
+        ben = users(:ben)
+        session.unauthorized_record = ben
+        assert session.valid?
+      
+        ben.update_attribute(:active, false)
+        assert !session.valid?
+        assert session.errors[:base].size > 0
+      end
+    
+      def test_validate_validate_magic_states_approved
+        session = UserSession.new
+        ben = users(:ben)
+        session.unauthorized_record = ben
+        assert session.valid?
+      
+        ben.update_attribute(:approved, false)
+        assert !session.valid?
+        assert session.errors[:base].size > 0
+      end
+    
+      def test_validate_validate_magic_states_confirmed
+        session = UserSession.new
+        ben = users(:ben)
+        session.unauthorized_record = ben
+        assert session.valid?
+      
+        ben.update_attribute(:confirmed, false)
+        assert !session.valid?
+        assert session.errors[:base].size > 0
+      end
+    end
+  end
+end

data/test/session_test/params_test.rb

@@ -0,0 +1,53 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module ParamsTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_params_key
+        UserSession.params_key = "my_params_key"
+        assert_equal "my_params_key", UserSession.params_key
+    
+        UserSession.params_key "user_credentials"
+        assert_equal "user_credentials", UserSession.params_key
+      end
+    
+      def test_single_access_allowed_request_types
+        UserSession.single_access_allowed_request_types = ["my request type"]
+        assert_equal ["my request type"], UserSession.single_access_allowed_request_types
+    
+        UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
+        assert_equal ["application/rss+xml", "application/atom+xml"], UserSession.single_access_allowed_request_types
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_persist_persist_by_params
+        ben = users(:ben)
+        session = UserSession.new
+    
+        assert !session.persisting?
+        set_params_for(ben)
+      
+        assert !session.persisting?
+        assert !session.unauthorized_record
+        assert !session.record
+        assert_nil controller.session["user_credentials"]
+      
+        set_request_content_type("text/plain")
+        assert !session.persisting?
+        assert !session.unauthorized_record
+        assert_nil controller.session["user_credentials"]
+      
+        set_request_content_type("application/atom+xml")
+        assert session.persisting?
+        assert_equal ben, session.record
+        assert_nil controller.session["user_credentials"] # should not persist since this is single access
+      
+        set_request_content_type("application/rss+xml")
+        assert session.persisting?
+        assert_equal ben, session.unauthorized_record
+        assert_nil controller.session["user_credentials"]
+      end
+    end
+  end
+end

data/test/session_test/password_test.rb

@@ -0,0 +1,106 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module PasswordTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_find_by_login_method
+        UserSession.find_by_login_method = "my_login_method"
+        assert_equal "my_login_method", UserSession.find_by_login_method
+    
+        UserSession.find_by_login_method "find_by_login"
+        assert_equal "find_by_login", UserSession.find_by_login_method
+      end
+    
+      def test_verify_password_method
+        UserSession.verify_password_method = "my_login_method"
+        assert_equal "my_login_method", UserSession.verify_password_method
+    
+        UserSession.verify_password_method "valid_password?"
+        assert_equal "valid_password?", UserSession.verify_password_method
+      end
+    
+      def test_generalize_credentials_error_mesages_set_to_false
+        UserSession.generalize_credentials_error_messages false
+        assert !UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Password is not valid"], session.errors.full_messages
+      end
+      
+      def test_generalize_credentials_error_messages_set_to_true
+        UserSession.generalize_credentials_error_messages true
+        assert UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
+      end
+
+      def test_generalize_credentials_error_messages_set_to_string
+        UserSession.generalize_credentials_error_messages= "Custom Error Message"
+        assert UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Custom Error Message"], session.errors.full_messages
+      end
+
+      
+      def test_login_field
+        UserSession.configured_password_methods = false
+        UserSession.login_field = :saweet
+        assert_equal :saweet, UserSession.login_field
+        session = UserSession.new
+        assert session.respond_to?(:saweet)
+    
+        UserSession.login_field :login
+        assert_equal :login, UserSession.login_field
+        session = UserSession.new
+        assert session.respond_to?(:login)
+      end
+    
+      def test_password_field
+        UserSession.configured_password_methods = false
+        UserSession.password_field = :saweet
+        assert_equal :saweet, UserSession.password_field
+        session = UserSession.new
+        assert session.respond_to?(:saweet)
+    
+        UserSession.password_field :password
+        assert_equal :password, UserSession.password_field
+        session = UserSession.new
+        assert session.respond_to?(:password)
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_init
+        session = UserSession.new
+        assert session.respond_to?(:login)
+        assert session.respond_to?(:login=)
+        assert session.respond_to?(:password)
+        assert session.respond_to?(:password=)
+        assert session.respond_to?(:protected_password, true)
+      end
+    
+      def test_credentials
+        session = UserSession.new
+        session.credentials = {:login => "login", :password => "pass"}
+        assert_equal "login", session.login
+        assert_nil session.password
+        assert_equal "pass", session.send(:protected_password)
+        assert_equal({:password => "<protected>", :login => "login"}, session.credentials)
+      end
+    
+      def test_credentials_are_params_safe
+        session = UserSession.new
+        assert_nothing_raised { session.credentials = {:hacker_method => "error!"} }
+      end
+    
+      def test_save_with_credentials
+        ben = users(:ben)
+        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        assert session.save
+        assert !session.new_session?
+        assert_equal 1, session.record.login_count
+        assert Time.now >= session.record.current_login_at
+        assert_equal "1.1.1.1", session.record.current_login_ip
+      end
+    end
+  end
+end

data/test/session_test/perishability_test.rb

@@ -0,0 +1,15 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class PerishabilityTest < ActiveSupport::TestCase
+    def test_after_save
+      ben = users(:ben)
+      old_perishable_token = ben.perishable_token
+      session = UserSession.create(ben)
+      assert_not_equal old_perishable_token, ben.perishable_token
+      
+      drew = employees(:drew)
+      assert UserSession.create(drew)
+    end
+  end
+end