authenticate 0.2.0 → 0.2.1

data/lib/authenticate/model/username.rb

@@ -42,16 +42,8 @@ module Authenticate
           username = credentials[0]
           find_by_username username
         end
-
-        # def normalize_username(username)
-        #   username.to_s.downcase.gsub(/\s+/, '')
-        # end
       end
 
-      # def normalize_username
-      #   self.username = self.class.normalize_username(username)
-      # end
-
     end
 
   end

data/lib/authenticate/modules.rb

@@ -1,6 +1,7 @@
 module Authenticate
   module Modules
     extend ActiveSupport::Concern
+    include Authenticate::Debug
 
     # Module to help Authenticate's user model load Authenticate modules.
     #
@@ -26,7 +27,7 @@ module Authenticate
       def load_modules
         constants = []
         Authenticate.configuration.modules.each do |mod|
-          puts "load_modules about to load #{mod.to_s}"
+          # puts "load_modules about to load #{mod.to_s}"
           require "authenticate/model/#{mod.to_s}" if mod.is_a?(Symbol)
           mod = load_constant(mod) if mod.is_a?(Symbol)
           constants << mod
@@ -70,7 +71,7 @@ module Authenticate
       end
 
       def message
-        "The following attribute(s) is (are) missing on your model: #{@attributes.join(", ")}"
+        "The following attribute(s) is (are) missing on your user model: #{@attributes.join(", ")}"
       end
     end
 

data/lib/authenticate/session.rb

@@ -11,7 +11,7 @@ module Authenticate
       @request = request # trackable module accesses request
       @cookies = cookies
       @session_token = @cookies[cookie_name]
-      d 'SESSION initialize: @session_token: ' + @session_token.inspect
+      debug 'SESSION initialize: @session_token: ' + @session_token.inspect
     end
 
     # consecutive_failed_logins_limit
@@ -28,9 +28,9 @@ module Authenticate
     #
     # @return [User]
     def login(user, &block)
-      d 'session.login()'
+      debug 'session.login()'
       @current_user = user
-      d "session.login @current_user: #{@current_user.inspect}"
+      debug "session.login @current_user: #{@current_user.inspect}"
       # todo extract token gen to two different strategies
       @current_user.generate_session_token if user.present?
 
@@ -39,7 +39,7 @@ module Authenticate
         Authenticate.lifecycle.run_callbacks(:after_authentication, @current_user, self, { event: :authentication })
       end
 
-      d "session.login after lifecycle callbacks, message: #{message}"
+      debug "session.login after lifecycle callbacks, message: #{message}"
       status = message.present? ? Failure.new(message) : Success.new
       if status.success?
         @current_user.save
@@ -58,7 +58,7 @@ module Authenticate
     #
     # @return [User]
     def current_user
-      d 'session.current_user'
+      debug 'session.current_user'
       if @session_token.present?
         @current_user ||= load_user
       end
@@ -69,7 +69,7 @@ module Authenticate
     #
     # @return [Boolean]
     def authenticated?
-      d 'session.authenticated?'
+      debug 'session.authenticated?'
       current_user.present?
     end
 
@@ -109,7 +109,7 @@ module Authenticate
       cookie_hash[:domain] = Authenticate.configuration.cookie_domain if Authenticate.configuration.cookie_domain
       # @cookies.signed[cookie_name] = cookie_hash
       @cookies[cookie_name] = cookie_hash
-      d 'session.write_cookie WROTE COOKIE I HOPE. Cookie guts:' + @cookies[cookie_name].inspect
+      debug 'session.write_cookie WROTE COOKIE I HOPE. Cookie guts:' + @cookies[cookie_name].inspect
     end
 
     def cookie_name

data/lib/authenticate/version.rb

@@ -1,3 +1,3 @@
 module Authenticate
-  VERSION = '0.2.0'
+  VERSION = '0.2.1'
 end

data/spec/dummy/config/initializers/authenticate.rb

@@ -6,9 +6,10 @@ Authenticate.configure do |config|
   # config.cookie_path = '/'
   # config.secure_cookie = false # set to true in production https environments
   # config.http_only = false # set to true if you can
-  # config.timeout_in = 45.minutes
-  # config.max_session_lifetime = 8.hours
+  config.timeout_in = 45.minutes
+  config.max_session_lifetime = 5.minutes
   config.max_consecutive_bad_logins_allowed = 1
   config.bad_login_lockout_period = 2.minutes
+  config.reset_password_within = 5.minutes
   # config.authentication_strategy = :email
 end

data/spec/factories/users.rb

@@ -7,7 +7,17 @@ FactoryGirl.define do
 
   factory :user do
     email
-    encrypted_password 'password'
+    # encrypted_password 'password'
+    password 'password'
+
+    trait :without_email do
+      email nil
+    end
+
+    trait :without_password do
+      password nil
+      encrypted_password nil
+    end
 
     trait :with_session_token do
       session_token 'this_is_a_big_fake_long_token'

data/spec/model/db_password_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+require 'authenticate/model/db_password'
+
+
+describe Authenticate::Model::DbPassword do
+
+  it 'validates password' do
+    user = build(:user, :without_password)
+    user.save
+    expect(user.errors.count).to be(1)
+    expect(user.errors.messages[:password]).to eq(["can't be blank"])
+  end
+
+  it 'matches a password' do
+    user = create(:user)
+    expect(user.password_match? 'password').to be_truthy
+  end
+
+  it 'fails to match a bad password' do
+    user = create(:user)
+    expect(user.password_match? 'bad password').to be_falsey
+  end
+
+  it 'sets a password' do
+    user = create(:user)
+    user.password = 'new_password'
+    user.save!
+
+    user = User.find(user.id)
+    expect(user.password_match? 'new_password').to be_truthy
+  end
+
+end

data/spec/model/email_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+require 'authenticate/model/email'
+
+
+describe Authenticate::Model::Email do
+
+  it 'validates email' do
+    user = build(:user, :without_email)
+    user.save
+    expect(user.errors.count).to be(2)
+    expect(user.errors.messages[:email]).to include('is invalid')
+    expect(user.errors.messages[:email]).to include("can't be blank")
+  end
+
+  it 'extracts credentials from params' do
+    params = {session:{email:'foo', password:'bar'}}
+    expect(User.credentials(params)).to match_array(['foo', 'bar'])
+  end
+
+  it 'authenticates from credentials' do
+    user = create(:user)
+    expect(User.authenticate([user.email, user.password])).to eq(user)
+  end
+
+end

data/spec/model/lifetimed_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+require 'authenticate/model/lifetimed'
+
+
+describe Authenticate::Model::Lifetimed do
+
+  context '#max_session_lifetime_exceeded?' do
+    before {
+      Authenticate.configure do |config|
+        config.max_session_lifetime = 10.minutes
+      end
+    }
+
+    it 'passes fresh sessions' do
+      user = create(:user, current_sign_in_at: 1.minute.ago.utc)
+      expect(user).to_not be_max_session_lifetime_exceeded
+    end
+
+    it 'detects timed out sessions' do
+      user = create(:user, current_sign_in_at: 5.hours.ago.utc)
+      expect(user).to be_max_session_lifetime_exceeded
+    end
+
+    describe 'max_session_lifetime param not set' do
+      it 'does not time out' do
+        user = create(:user, current_sign_in_at: 5.hours.ago.utc)
+        Authenticate.configure do |config|
+          config.max_session_lifetime = nil
+        end
+        expect(user).to_not be_max_session_lifetime_exceeded
+      end
+    end
+  end
+
+end

data/spec/model/password_reset_spec.rb

@@ -0,0 +1,81 @@
+require 'spec_helper'
+require 'authenticate/model/password_reset'
+
+
+describe Authenticate::Model::PasswordReset do
+  before(:all) {
+    Authenticate.configuration.reset_password_within = 5.minutes
+  }
+  context 'forgot_password!' do
+    subject { create(:user) }
+    before { subject.forgot_password! }
+
+    it 'generates a password reset token' do
+      expect(subject.password_reset_token).to_not be_nil
+    end
+
+    it 'sets password reset sent at' do
+      expect(subject.password_reset_sent_at).to_not be_nil
+    end
+
+  end
+
+  context '#reset_password_period_valid?' do
+    subject { create(:user) }
+    before(:each) {
+      Authenticate.configuration.reset_password_within = 5.minutes
+    }
+
+    it 'always true if reset_password_within config param is nil' do
+      subject.password_reset_sent_at = 10.days.ago
+      Authenticate.configuration.reset_password_within = nil
+      expect(subject.reset_password_period_valid?).to be_truthy
+    end
+
+    it 'false if time exceeded' do
+      subject.password_reset_sent_at = 10.minutes.ago
+      expect(subject.reset_password_period_valid?).to be_falsey
+    end
+
+    it 'true if time within limit' do
+      subject.password_reset_sent_at = 1.minutes.ago
+      expect(subject.reset_password_period_valid?).to be_truthy
+    end
+  end
+
+  context '#update_password' do
+    subject { create(:user) }
+    before(:each) {
+      Authenticate.configuration.reset_password_within = 5.minutes
+    }
+
+    context 'within time time' do
+      before(:each) {
+        subject.password_reset_sent_at = 1.minutes.ago
+      }
+
+      it 'allows password update within time limit' do
+        expect(subject.update_password 'chongo').to be_truthy
+      end
+
+      it 'clears password reset token' do
+        subject.update_password 'chongo'
+        expect(subject.password_reset_token).to be_nil
+      end
+
+      it 'generates a new session token' do
+        token = subject.session_token
+        subject.update_password 'chongo'
+        expect(subject.session_token).to_not eq(token)
+      end
+
+    end
+
+    it 'stops password update after time limit' do
+      subject.password_reset_sent_at = 6.minutes.ago
+      expect(subject.update_password 'chongo').to be_falsey
+    end
+
+  end
+
+end

data/spec/model/session_spec.rb

@@ -81,10 +81,4 @@ describe Authenticate::Session do
   end
 
 
-  def mock_request
-    req = double("request")
-    allow(req).to receive(:params)
-    allow(req).to receive(:remote_ip).and_return('111.111.111.111')
-    return req
-  end
 end

data/spec/model/timeoutable_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+require 'authenticate/model/timeoutable'
+
+
+describe Authenticate::Model::Timeoutable do
+  before(:all) {
+    Authenticate.configuration.timeout_in = 45.minutes
+  }
+  subject { create(:user) }
+
+  it 'does not timeout while last_access_at is valid' do
+    subject.last_access_at = 10.minutes.ago
+    expect(subject.timedout?).to be_falsey
+  end
+
+  it 'does timeout when last_access_at is stale' do
+    subject.last_access_at = 46.minutes.ago
+    expect(subject.timedout?).to be_truthy
+  end
+end

data/spec/model/trackable_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+require 'authenticate/model/trackable'
+
+
+describe Authenticate::Model::Trackable do
+  subject {create(:user)}
+
+  context '#last_sign_in_at' do
+    it 'sets to old current_sign_in_at if it is not nil' do
+      old_sign_in = 2.days.ago.utc
+      subject.current_sign_in_at = old_sign_in
+      subject.update_tracked_fields mock_request
+      expect(subject.last_sign_in_at).to eq(old_sign_in)
+    end
+
+    it 'sets to current time if old current_sign_in_at is nil' do
+      subject.current_sign_in_at = nil
+      subject.update_tracked_fields mock_request
+      expect(subject.last_sign_in_at).to be_within(5.seconds).of(Time.now.utc)
+    end
+  end
+
+  context '#last_sign_in_ip' do
+    it 'sets to old current_sign_in_ip if it is not nil' do
+      old_ip = '222.222.222.222'
+      subject.current_sign_in_ip = old_ip
+      subject.update_tracked_fields mock_request
+      expect(subject.last_sign_in_ip).to eq(old_ip)
+    end
+
+    it 'sets to current ip if old current_sign_in_ip is nil' do
+      subject.current_sign_in_ip = nil
+      subject.update_tracked_fields mock_request
+      expect(subject.last_sign_in_ip).to_not be_nil
+    end
+  end
+
+  it 'sets current_sign_in_at to now' do
+    subject.current_sign_in_at = nil
+    subject.update_tracked_fields mock_request
+    expect(subject.current_sign_in_at).to be_within(5.seconds).of(Time.now.utc)
+  end
+
+  context '#sign_in_count' do
+    it 'initializes a nil count' do
+      subject.sign_in_count = nil
+      subject.update_tracked_fields mock_request
+      expect(subject.sign_in_count).to eq(1)
+    end
+    it 'increments existing count' do
+      subject.sign_in_count = 4
+      subject.update_tracked_fields mock_request
+      expect(subject.sign_in_count).to eq(5)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -53,6 +53,12 @@ def restore_default_configuration
   Authenticate.configure {}
 end
 
+def mock_request(params = {})
+  req = double("request")
+  allow(req).to receive(:params).and_return(params)
+  allow(req).to receive(:remote_ip).and_return('111.111.111.111')
+  req
+end
 
 
 # # This file was generated by the `rails generate rspec:install` command. Conventionally, all

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authenticate
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Justin Tomich
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-03 00:00:00.000000000 Z
+date: 2016-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -59,7 +59,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '5.1'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: factory_girl_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -87,7 +87,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: factory_girl_rails
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -101,7 +101,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -114,7 +114,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Rails authentication with email & password
+description: Authentication for Rails applications
 email:
 - justin@tomich.org
 executables: []
@@ -122,10 +122,12 @@ extensions: []
 extra_rdoc_files:
 - LICENSE
 - README.md
+- CHANGELOG.md
 files:
 - ".gitignore"
 - ".rspec"
 - ".ruby-version"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
@@ -136,6 +138,7 @@ files:
 - app/assets/images/authenticate/.keep
 - app/assets/javascripts/authenticate/.keep
 - app/assets/stylesheets/authenticate/.keep
+- app/controllers/authenticate/authenticate_controller.rb
 - app/controllers/authenticate/passwords_controller.rb
 - app/controllers/authenticate/sessions_controller.rb
 - app/controllers/authenticate/users_controller.rb
@@ -153,6 +156,7 @@ files:
 - bin/rails
 - config/locales/authenticate.en.yml
 - config/routes.rb
+- gemfiles/rails42.gemfile
 - lib/authenticate.rb
 - lib/authenticate/callbacks/authenticatable.rb
 - lib/authenticate/callbacks/brute_force.rb
@@ -249,8 +253,14 @@ files:
 - spec/dummy/public/favicon.ico
 - spec/factories/users.rb
 - spec/model/brute_force_spec.rb
+- spec/model/db_password_spec.rb
+- spec/model/email_spec.rb
+- spec/model/lifetimed_spec.rb
+- spec/model/password_reset_spec.rb
 - spec/model/session_spec.rb
+- spec/model/timeoutable_spec.rb
 - spec/model/token_spec.rb
+- spec/model/trackable_spec.rb
 - spec/model/user_spec.rb
 - spec/orm/active_record.rb
 - spec/spec_helper.rb
@@ -278,10 +288,5 @@ rubyforge_project:
 rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
-summary: Rails authentication with email & password
-test_files:
-- spec/configuration_spec.rb
-- spec/model/brute_force_spec.rb
-- spec/model/session_spec.rb
-- spec/model/token_spec.rb
-- spec/model/user_spec.rb
+summary: Authentication for Rails applications
+test_files: []