authenticate 0.1.0 → 0.2.0

data/spec/dummy/db/migrate/20160130192728_create_users.rb

@@ -0,0 +1,18 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+
+    create_table :users do |t|
+          t.string :email
+          t.string :encrypted_password, limit: 128
+          t.string :session_token, limit: 128
+          t.datetime :current_sign_in_at
+          t.string :current_sign_in_ip, limit: 128
+          t.datetime :last_sign_in_at
+          t.string :last_sign_in_ip, limit: 128
+          t.integer :sign_in_count
+        end
+
+    add_index :users, :email
+    add_index :users, :session_token
+  end
+end

data/spec/dummy/db/migrate/20160130192729_add_authenticate_brute_force_to_users.rb

@@ -0,0 +1,6 @@
+class AddAuthenticateBruteForceToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :failed_logins_count, :integer, default: 0
+    add_column :users, :lock_expires_at, :datetime, default: nil
+  end
+end

data/spec/dummy/db/migrate/20160130192730_add_authenticate_timeoutable_to_users.rb

@@ -0,0 +1,5 @@
+class AddAuthenticateTimeoutableToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :last_access_at, :datetime, default: nil
+  end
+end

data/spec/dummy/db/migrate/20160130192731_add_authenticate_password_reset_to_users.rb

@@ -0,0 +1,7 @@
+class AddAuthenticatePasswordResetToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :password_reset_token, :string, default: nil
+    add_column :users, :password_reset_sent_at, :datetime, default: nil
+  end
+end
+

data/spec/dummy/db/schema.rb

@@ -11,21 +11,25 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160120003910) do
+ActiveRecord::Schema.define(version: 20160130192731) do
 
   create_table "users", force: :cascade do |t|
     t.string   "email"
-    t.string   "encrypted_password"
-    t.string   "session_token"
-    t.datetime "session_expiration"
-    t.integer  "sign_in_count"
+    t.string   "encrypted_password",     limit: 128
+    t.string   "session_token",          limit: 128
+    t.datetime "current_sign_in_at"
+    t.string   "current_sign_in_ip",     limit: 128
     t.datetime "last_sign_in_at"
-    t.string   "last_sign_in_ip"
+    t.string   "last_sign_in_ip",        limit: 128
+    t.integer  "sign_in_count"
+    t.integer  "failed_logins_count",                default: 0
+    t.datetime "lock_expires_at"
     t.datetime "last_access_at"
-    t.datetime "current_sign_in_at"
-    t.string   "current_sign_in_ip"
-    t.datetime "created_at",         null: false
-    t.datetime "updated_at",         null: false
+    t.string   "password_reset_token"
+    t.datetime "password_reset_sent_at"
   end
 
+  add_index "users", ["email"], name: "index_users_on_email"
+  add_index "users", ["session_token"], name: "index_users_on_session_token"
+
 end

data/spec/factories/users.rb

@@ -1,3 +1,5 @@
+require 'authenticate/user'
+
 FactoryGirl.define do
   sequence :email do |n|
     "user#{n}@example.com"
@@ -11,13 +13,8 @@ FactoryGirl.define do
       session_token 'this_is_a_big_fake_long_token'
     end
 
-    # trait :with_forgotten_password do
-    #   confirmation_token Clearance::Token.new
-    # end
-
-    # factory :user_with_optional_password, class: 'UserWithOptionalPassword' do
-    #   password nil
-    #   encrypted_password ''
-    # end
+    trait :with_forgotten_password do
+      password_reset_token Authenticate::Token.new
+    end
   end
 end

data/spec/model/brute_force_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+require 'authenticate/model/brute_force'
+
+
+describe Authenticate::Model::BruteForce do
+  before {
+    Authenticate.configure do |config|
+      config.max_consecutive_bad_logins_allowed = 2
+      config.bad_login_lockout_period = 2.minutes
+    end
+  }
+
+  it 'knows when it is locked' do
+    user = User.new
+    expect(user.locked?).to be_falsey
+    user.lock!
+    expect(user.locked?).to be_truthy
+  end
+
+  context '#register_failed_login!' do
+    it 'locks when failed login count reaches max' do
+      user = User.new
+      user.register_failed_login!
+      user.register_failed_login!
+      expect(user.locked?).to be_truthy
+    end
+
+    it 'sets lockout period' do
+      user = User.new
+      user.register_failed_login!
+      user.register_failed_login!
+      expect(user.lock_expires_at).to_not be_nil
+    end
+  end
+
+  context '#lock!' do
+    it 'before lock, locked_expires_at is nil' do
+      user = User.new
+      expect(user.lock_expires_at).to be_nil
+    end
+
+    it 'sets locked_expires_at' do
+      user = User.new
+      user.lock!
+      expect(user.lock_expires_at).to_not be_nil
+      expect(user.lock_expires_at).to be_utc
+    end
+  end
+
+  context '#unlock!' do
+    let(:user) { User.new }
+    before(:each) {
+      user.lock!
+      user.unlock!
+    }
+    it 'zeros failed_logins_count' do
+      expect(user.failed_logins_count).to be(0)
+    end
+    it 'nils lock_expires_at' do
+      expect(user.lock_expires_at).to be_nil
+    end
+  end
+end

data/spec/model/session_spec.rb

@@ -41,6 +41,9 @@ describe Authenticate::Session do
         end
       end
       it 'passes the failure status to the block when login fails' do
+        Authenticate.configure do |config|
+          config.max_consecutive_bad_logins_allowed = nil
+        end
         session = Authenticate::Session.new(mock_request, {})
         session.login nil do |status|
           expect(status.success?).to eq false
@@ -80,6 +83,7 @@ describe Authenticate::Session do
 
   def mock_request
     req = double("request")
+    allow(req).to receive(:params)
     allow(req).to receive(:remote_ip).and_return('111.111.111.111')
     return req
   end

data/spec/model/user_spec.rb

@@ -2,11 +2,21 @@ require 'spec_helper'
 
 describe Authenticate::User do
 
-  it 'generates a new session token' do
-    user = create(:user, :with_session_token)
-    old_token = user.session_token
-    user.generate_session_token
-    expect(user.session_token).to_not eq old_token
+  context 'session tokens' do
+    it 'generates a new session token' do
+      user = create(:user, :with_session_token)
+      old_token = user.session_token
+      user.generate_session_token
+      expect(user.session_token).to_not eq old_token
+    end
+
+    it 'saves user when reset_session_token! called' do
+      user = create(:user, :with_session_token)
+      old_token = user.session_token
+      user.reset_session_token!
+      new_user = User.find(user.id)
+      expect(new_user.session_token).to_not eq old_token
+    end
   end
 
 end

data/spec/spec_helper.rb

@@ -12,11 +12,12 @@ MY_ORM = :active_record
 
 
 require 'rails/all'
-# require 'rspec'
 require 'rspec/rails'
 require 'factory_girl_rails'
 # require 'timecop'
 
+require 'authenticate'
+
 ENGINE_RAILS_ROOT=File.join(File.dirname(__FILE__), '../')
 Dir[File.join(ENGINE_RAILS_ROOT, "spec/factories/**/*.rb")].each {|f| require f }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authenticate
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Justin Tomich
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-23 00:00:00.000000000 Z
+date: 2016-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -73,7 +73,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -87,7 +87,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec-rails
+  name: factory_girl_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -101,7 +101,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: factory_girl_rails
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -126,6 +126,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".ruby-version"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -135,13 +136,22 @@ files:
 - app/assets/images/authenticate/.keep
 - app/assets/javascripts/authenticate/.keep
 - app/assets/stylesheets/authenticate/.keep
-- app/controllers/.keep
+- app/controllers/authenticate/passwords_controller.rb
+- app/controllers/authenticate/sessions_controller.rb
+- app/controllers/authenticate/users_controller.rb
 - app/helpers/.keep
-- app/mailers/.keep
+- app/mailers/authenticate_mailer.rb
 - app/models/.keep
-- app/views/.keep
+- app/views/authenticate_mailer/change_password.html.erb
+- app/views/authenticate_mailer/change_password.text.erb
+- app/views/layouts/application.html.erb
+- app/views/passwords/edit.html.erb
+- app/views/passwords/new.html.erb
+- app/views/sessions/new.html.erb
+- app/views/users/new.html.erb
 - authenticate.gemspec
 - bin/rails
+- config/locales/authenticate.en.yml
 - config/routes.rb
 - lib/authenticate.rb
 - lib/authenticate/callbacks/authenticatable.rb
@@ -160,6 +170,7 @@ files:
 - lib/authenticate/model/db_password.rb
 - lib/authenticate/model/email.rb
 - lib/authenticate/model/lifetimed.rb
+- lib/authenticate/model/password_reset.rb
 - lib/authenticate/model/timeoutable.rb
 - lib/authenticate/model/trackable.rb
 - lib/authenticate/model/username.rb
@@ -168,6 +179,22 @@ files:
 - lib/authenticate/token.rb
 - lib/authenticate/user.rb
 - lib/authenticate/version.rb
+- lib/generators/authenticate/controllers/USAGE
+- lib/generators/authenticate/controllers/controllers_generator.rb
+- lib/generators/authenticate/install/USAGE
+- lib/generators/authenticate/install/install_generator.rb
+- lib/generators/authenticate/install/templates/authenticate.rb
+- lib/generators/authenticate/install/templates/db/migrate/add_authenticate_brute_force_to_users.rb
+- lib/generators/authenticate/install/templates/db/migrate/add_authenticate_password_reset_to_users.rb
+- lib/generators/authenticate/install/templates/db/migrate/add_authenticate_timeoutable_to_users.rb
+- lib/generators/authenticate/install/templates/db/migrate/add_authenticate_to_users.rb
+- lib/generators/authenticate/install/templates/db/migrate/create_users.rb
+- lib/generators/authenticate/install/templates/user.rb
+- lib/generators/authenticate/routes/USAGE
+- lib/generators/authenticate/routes/routes_generator.rb
+- lib/generators/authenticate/routes/templates/routes.rb
+- lib/generators/authenticate/views/USAGE
+- lib/generators/authenticate/views/views_generator.rb
 - lib/tasks/authenticate_tasks.rake
 - spec/configuration_spec.rb
 - spec/dummy/README.rdoc
@@ -208,7 +235,10 @@ files:
 - spec/dummy/config/routes.rb
 - spec/dummy/config/secrets.yml
 - spec/dummy/db/development.sqlite3
-- spec/dummy/db/migrate/20160120003910_create_users.rb
+- spec/dummy/db/migrate/20160130192728_create_users.rb
+- spec/dummy/db/migrate/20160130192729_add_authenticate_brute_force_to_users.rb
+- spec/dummy/db/migrate/20160130192730_add_authenticate_timeoutable_to_users.rb
+- spec/dummy/db/migrate/20160130192731_add_authenticate_password_reset_to_users.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/db/test.sqlite3
 - spec/dummy/lib/assets/.keep
@@ -218,6 +248,7 @@ files:
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/factories/users.rb
+- spec/model/brute_force_spec.rb
 - spec/model/session_spec.rb
 - spec/model/token_spec.rb
 - spec/model/user_spec.rb
@@ -250,6 +281,7 @@ specification_version: 4
 summary: Rails authentication with email & password
 test_files:
 - spec/configuration_spec.rb
+- spec/model/brute_force_spec.rb
 - spec/model/session_spec.rb
 - spec/model/token_spec.rb
 - spec/model/user_spec.rb

data/spec/dummy/db/migrate/20160120003910_create_users.rb

@@ -1,18 +0,0 @@
-class CreateUsers < ActiveRecord::Migration
-  def change
-    create_table :users do |t|
-      t.string :email
-      t.string :encrypted_password
-      t.string :session_token
-      t.datetime :session_expiration
-      t.integer :sign_in_count
-      t.datetime :last_sign_in_at
-      t.string :last_sign_in_ip
-      t.datetime :last_access_at
-      t.datetime :current_sign_in_at
-      t.string :current_sign_in_ip
-
-      t.timestamps null: false
-    end
-  end
-end