audited-hp 4.3.0

data/spec/audited/sweeper_spec.rb

@@ -0,0 +1,106 @@
+require "spec_helper"
+
+class AuditsController < ActionController::Base
+  attr_reader :company
+
+  def create
+    @company = Models::ActiveRecord::Company.create
+    head :ok
+  end
+
+  def update
+    current_user.update_attributes(password: 'foo')
+    head :ok
+  end
+
+  private
+
+  attr_accessor :current_user
+  attr_accessor :custom_user
+end
+
+describe AuditsController do
+  include RSpec::Rails::ControllerExampleGroup
+  render_views
+
+  before(:each) do
+    Audited.current_user_method = :current_user
+  end
+
+  let(:user) { create_user }
+
+  describe "POST audit" do
+
+    it "should audit user" do
+      controller.send(:current_user=, user)
+      expect {
+        post :create
+      }.to change( Audited::Audit, :count )
+
+      expect(controller.company.audits.last.user).to eq(user)
+    end
+
+    it "should support custom users for sweepers" do
+      controller.send(:custom_user=, user)
+      Audited.current_user_method = :custom_user
+
+      expect {
+        post :create
+      }.to change( Audited::Audit, :count )
+
+      expect(controller.company.audits.last.user).to eq(user)
+    end
+
+    it "should record the remote address responsible for the change" do
+      request.env['REMOTE_ADDR'] = "1.2.3.4"
+      controller.send(:current_user=, user)
+
+      post :create
+
+      expect(controller.company.audits.last.remote_address).to eq('1.2.3.4')
+    end
+
+    it "should record a UUID for the web request responsible for the change" do
+      allow_any_instance_of(ActionDispatch::Request).to receive(:uuid).and_return("abc123")
+      controller.send(:current_user=, user)
+
+      post :create
+
+      expect(controller.company.audits.last.request_uuid).to eq("abc123")
+    end
+
+  end
+
+  describe "PUT update" do
+    it "should not save blank audits" do
+      controller.send(:current_user=, user)
+
+      expect {
+        put :update, id: 123
+      }.to_not change( Audited::Audit, :count )
+    end
+  end
+end
+
+
+describe Audited::Sweeper do
+
+  it "should be thread-safe" do
+    t1 = Thread.new do
+      sleep 0.5
+      Audited::Sweeper.instance.controller = 'thread1 controller instance'
+      expect(Audited::Sweeper.instance.controller).to eq('thread1 controller instance')
+    end
+
+    t2 = Thread.new do
+      Audited::Sweeper.instance.controller = 'thread2 controller instance'
+      sleep 1
+      expect(Audited::Sweeper.instance.controller).to eq('thread2 controller instance')
+    end
+
+    t1.join; t2.join
+
+    expect(Audited::Sweeper.instance.controller).to be_nil
+  end
+
+end

data/spec/audited_spec_helpers.rb

@@ -0,0 +1,20 @@
+module AuditedSpecHelpers
+
+  def create_user(attrs = {})
+    Models::ActiveRecord::User.create({name: 'Brandon', username: 'brandon', password: 'password'}.merge(attrs))
+  end
+
+  def build_user(attrs = {})
+    Models::ActiveRecord::User.new({name: 'darth', username: 'darth', password: 'noooooooo'}.merge(attrs))
+  end
+
+  def create_versions(n = 2)
+    Models::ActiveRecord::User.create(name: 'Foobar 1').tap do |u|
+      (n - 1).times do |i|
+        u.update_attribute :name, "Foobar #{i + 2}"
+      end
+      u.reload
+    end
+  end
+
+end

data/spec/rails_app/config/application.rb

@@ -0,0 +1,8 @@
+require 'rails/all'
+
+module RailsApp
+  class Application < Rails::Application
+    config.root = File.expand_path('../../', __FILE__)
+    config.i18n.enforce_available_locales = true
+  end
+end

data/spec/rails_app/config/database.yml

@@ -0,0 +1,24 @@
+sqlite3mem: &SQLITE3MEM
+  adapter: sqlite3
+  database: ":memory:"
+
+sqlite3: &SQLITE
+  adapter: sqlite3
+  database: audited_test.sqlite3.db
+
+postgresql: &POSTGRES
+  adapter: postgresql
+  username: postgres
+  password:
+  database: audited_test
+  min_messages: ERROR
+
+mysql: &MYSQL
+  adapter: mysql2
+  host: localhost
+  username: root
+  password:
+  database: audited_test
+
+test:
+  <<: *<%= ENV['DB'] || 'SQLITE3MEM' %>

data/spec/rails_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+RailsApp::Application.initialize!

data/spec/rails_app/config/environments/development.rb

@@ -0,0 +1,21 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the webserver when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  # config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  config.eager_load = false
+end

data/spec/rails_app/config/environments/production.rb

@@ -0,0 +1,35 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # The production environment is meant for finished, "live" apps.
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Use a different logger for distributed setups
+  # config.logger = SyslogLogger.new
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Disable Rails's static asset server
+  # In production, Apache or nginx will already do this
+  config.serve_static_assets = false
+
+  # Enable serving of images, stylesheets, and javascripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  config.eager_load = true
+end

data/spec/rails_app/config/environments/test.rb

@@ -0,0 +1,47 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure static file server for tests with Cache-Control for performance.
+  if config.respond_to?(:public_file_server)
+    config.public_file_server.enabled = true
+    config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
+  else
+    config.static_cache_control = 'public, max-age=3600'
+    config.serve_static_files   = true
+  end
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  # config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  # config.action_controller.allow_forgery_protection = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Randomize the order test cases are executed.
+  config.active_support.test_order = :random
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/spec/rails_app/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+Rails.backtrace_cleaner.remove_silencers!

data/spec/rails_app/config/initializers/inflections.rb

@@ -0,0 +1,2 @@
+ActiveSupport::Inflector.inflections do |inflect|
+end

data/spec/rails_app/config/initializers/secret_token.rb

@@ -0,0 +1,3 @@
+Rails.application.config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571'
+Rails.application.config.session_store :cookie_store, key: "_my_app"
+Rails.application.config.secret_key_base = 'secret value'

data/spec/rails_app/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  resources :audits
+end

data/spec/spec_helper.rb

@@ -0,0 +1,21 @@
+ENV['RAILS_ENV'] = 'test'
+
+if Bundler.definition.dependencies.map(&:name).include?('protected_attributes')
+  require 'protected_attributes'
+end
+require 'rails_app/config/environment'
+require 'rspec/rails'
+require 'audited'
+require 'audited_spec_helpers'
+require 'support/active_record/models'
+load "audited/sweeper.rb" # force to reload sweeper
+
+SPEC_ROOT = Pathname.new(File.expand_path('../', __FILE__))
+
+Dir[SPEC_ROOT.join('support/*.rb')].each{|f| require f }
+
+RSpec.configure do |config|
+  config.include AuditedSpecHelpers
+  config.use_transactional_fixtures = false if Rails.version.start_with?('4.')
+  config.use_transactional_tests = false if config.respond_to?(:use_transactional_tests=)
+end

data/spec/support/active_record/models.rb

@@ -0,0 +1,99 @@
+require 'cgi'
+require File.expand_path('../schema', __FILE__)
+
+module Models
+  module ActiveRecord
+    class User < ::ActiveRecord::Base
+      audited allow_mass_assignment: true, except: :password
+
+      attr_protected :logins if respond_to?(:attr_protected)
+
+      def name=(val)
+        write_attribute(:name, CGI.escapeHTML(val))
+      end
+    end
+
+    class UserOnlyPassword < ::ActiveRecord::Base
+      self.table_name = :users
+      audited allow_mass_assignment: true, only: :password
+    end
+
+    class CommentRequiredUser < ::ActiveRecord::Base
+      self.table_name = :users
+      audited comment_required: true
+    end
+
+    class AccessibleAfterDeclarationUser < ::ActiveRecord::Base
+      self.table_name = :users
+      audited
+      attr_accessible :name, :username, :password if respond_to?(:attr_accessible)
+    end
+
+    class AccessibleBeforeDeclarationUser < ::ActiveRecord::Base
+      self.table_name = :users
+      attr_accessible :name, :username, :password if respond_to?(:attr_accessible) # declare attr_accessible before calling aaa
+      audited
+    end
+
+    class NoAttributeProtectionUser < ::ActiveRecord::Base
+      self.table_name = :users
+      audited allow_mass_assignment: true
+    end
+
+    class UserWithAfterAudit < ::ActiveRecord::Base
+      self.table_name = :users
+      audited
+      attr_accessor :bogus_attr, :around_attr
+
+      private
+
+      def after_audit
+        self.bogus_attr = "do something"
+      end
+
+      def around_audit
+        self.around_attr = yield
+      end
+    end
+
+    class Company < ::ActiveRecord::Base
+      audited
+    end
+
+    class Company::STICompany < Company
+    end
+
+    class Owner < ::ActiveRecord::Base
+      self.table_name = 'users'
+      has_associated_audits
+      has_many :companies, class_name: "OwnedCompany", dependent: :destroy
+    end
+
+    class OwnedCompany < ::ActiveRecord::Base
+      self.table_name = 'companies'
+      belongs_to :owner, class_name: "Owner"
+      attr_accessible :name, :owner if respond_to?(:attr_accessible) # declare attr_accessible before calling aaa
+      audited associated_with: :owner
+    end
+
+    class OnUpdateDestroy < ::ActiveRecord::Base
+      self.table_name = 'companies'
+      audited on: [:update, :destroy]
+    end
+
+    class OnCreateDestroy < ::ActiveRecord::Base
+      self.table_name = 'companies'
+      audited on: [:create, :destroy]
+    end
+
+    class OnCreateDestroyExceptName < ::ActiveRecord::Base
+      self.table_name = 'companies'
+      audited except: :name, on: [:create, :destroy]
+    end
+
+    class OnCreateUpdate < ::ActiveRecord::Base
+      self.table_name = 'companies'
+      audited on: [:create, :update]
+    end
+  end
+end

data/spec/support/active_record/schema.rb

@@ -0,0 +1,81 @@
+require 'active_record'
+require 'logger'
+
+begin
+  db_config = ActiveRecord::Base.configurations[Rails.env].clone
+  db_type = db_config['adapter']
+  db_name = db_config.delete('database')
+  raise Exception.new('No database name specified.') if db_name.blank?
+  if db_type == 'sqlite3'
+    db_file = Pathname.new(__FILE__).dirname.join(db_name)
+    db_file.unlink if db_file.file?
+  else
+    if defined?(JRUBY_VERSION)
+      db_config.symbolize_keys!
+      db_config[:configure_connection] = false
+    end
+    adapter = ActiveRecord::Base.send("#{db_type}_connection", db_config)
+    adapter.recreate_database db_name
+    adapter.disconnect!
+  end
+rescue Exception => e
+  Kernel.warn e
+end
+
+logfile = Pathname.new(__FILE__).dirname.join('debug.log')
+logfile.unlink if logfile.file?
+ActiveRecord::Base.logger = Logger.new(logfile)
+
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.establish_connection
+
+ActiveRecord::Schema.define do
+  create_table :users do |t|
+    t.column :name, :string
+    t.column :username, :string
+    t.column :password, :string
+    t.column :activated, :boolean
+    t.column :suspended_at, :datetime
+    t.column :logins, :integer, default: 0
+    t.column :created_at, :datetime
+    t.column :updated_at, :datetime
+  end
+
+  create_table :companies do |t|
+    t.column :name, :string
+    t.column :owner_id, :integer
+    t.column :type, :string
+  end
+
+  create_table :authors do |t|
+    t.column :name, :string
+  end
+
+  create_table :books do |t|
+    t.column :authord_id, :integer
+    t.column :title, :string
+  end
+
+  create_table :audits do |t|
+    t.column :auditable_id, :integer
+    t.column :auditable_type, :string
+    t.column :associated_id, :integer
+    t.column :associated_type, :string
+    t.column :user_id, :integer
+    t.column :user_type, :string
+    t.column :username, :string
+    t.column :action, :string
+    t.column :audited_changes, :text
+    t.column :version, :integer, default: 0
+    t.column :comment, :string
+    t.column :remote_address, :string
+    t.column :request_uuid, :string
+    t.column :created_at, :datetime
+  end
+
+  add_index :audits, [:auditable_id, :auditable_type], name: 'auditable_index'
+  add_index :audits, [:associated_id, :associated_type], name: 'associated_index'
+  add_index :audits, [:user_id, :user_type], name: 'user_index'
+  add_index :audits, :request_uuid
+  add_index :audits, :created_at
+end