authenticate 0.5.0 → 0.6.0

data/spec/spec_helper.rb

@@ -2,6 +2,12 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
 ENV['RAILS_ENV'] ||= 'test'
 
 require File.expand_path('../dummy/config/environment.rb', __FILE__)
+
+# nasty hacky catch of environment data wiped out by tests run in rails 4 via appraisal
+if ActiveRecord::VERSION::STRING >= '5.0'
+  system('bin/rails dummy:db:environment:set RAILS_ENV=test')
+end
+
 require 'rspec/rails'
 require 'shoulda-matchers'
 require 'capybara/rails'
@@ -9,14 +15,11 @@ require 'capybara/rspec'
 require 'database_cleaner'
 require 'factory_girl'
 require 'timecop'
+require 'support/mailer'
 
 Rails.backtrace_cleaner.remove_silencers!
 DatabaseCleaner.strategy = :truncation
 
-# No longer autoloading support, individually requiring instead.
-#
-# Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
-
 # Load factory girl factories.
 Dir[File.join(File.dirname(__FILE__), 'factories/**/*.rb')].each { |f| require f }
 
@@ -27,6 +30,12 @@ else
   ActiveRecord::Migration.check_pending! # rails 4.0
 end
 
+if ActiveRecord::VERSION::STRING >= '4.2' && ActiveRecord::VERSION::STRING < '5.0'
+  ActiveRecord::Base.raise_in_transactional_callbacks = true
+end
+
+puts 'MAJOR:' + Rails::VERSION::MAJOR.to_s
+
 RSpec.configure do |config|
   config.include FactoryGirl::Syntax::Methods
   config.infer_spec_type_from_file_location!
@@ -54,3 +63,36 @@ def mock_request(params = {})
   allow(req).to receive(:remote_ip).and_return('111.111.111.111')
   req
 end
+
+#
+# Dumb glue method, deal with rails 4 vs rails 5 get/post methods.
+#
+def do_post(path, *args)
+  if Rails::VERSION::MAJOR >= 5
+    post path, *args
+  else
+    post path, *(args.collect{|i| i.values}.flatten)
+  end
+end
+
+def do_get(path, *args)
+  if Rails::VERSION::MAJOR >= 5
+    get path, *args
+  else
+    get path, *(args.collect{|i| i.values}.flatten)
+  end
+end
+
+def do_put(path, *args)
+  if Rails::VERSION::MAJOR >= 5
+    put path, *args
+  else
+    put path, *(args.collect{|i| i.values}.flatten)
+  end
+end
+
+# class ActionMailer::MessageDelivery
+#   def deliver_later
+#     deliver_now
+#   end
+# end

data/spec/support/features/feature_helpers.rb

@@ -20,12 +20,16 @@ module Features
     end
 
     def expect_page_to_display_sign_in_error
-      expect(page).to have_content 'Invalid id or password'
+      expect(page).to have_content I18n.t('callbacks.authenticatable.failure')
     end
 
     def expect_user_to_be_signed_out
       expect(page).to have_content 'Sign in'
     end
+
+    def expect_path_is_redirect_url
+      expect(current_path).to eq(Authenticate.configuration.redirect_url)
+    end
   end
 end
 

data/spec/support/mailer.rb

@@ -0,0 +1,6 @@
+# Hacky monkey patch, do later deliveries right now, so
+class ActionMailer::MessageDelivery
+  def deliver_later
+    deliver_now
+  end
+end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: authenticate
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Justin Tomich
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-27 00:00:00.000000000 Z
+date: 2017-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: email_validator
   requirement: !ruby/object:Gem::Requirement
@@ -64,28 +64,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.4'
+        version: '4.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.4'
+        version: '4.8'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '3.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '3.6'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -134,14 +134,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '2.14'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
@@ -170,6 +170,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Authentication for Rails applications
 email:
 - justin@tomich.org
@@ -186,6 +214,7 @@ files:
 - ".rubocop.yml"
 - ".ruby-version"
 - ".travis.yml"
+- Appraisals
 - CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
@@ -206,9 +235,11 @@ files:
 - app/views/users/new.html.erb
 - authenticate.gemspec
 - bin/rails
+- bin/setup
 - config/locales/authenticate.en.yml
 - config/routes.rb
-- gemfiles/rails42.gemfile
+- gemfiles/4.2.gemfile
+- gemfiles/5.0.gemfile
 - lib/authenticate.rb
 - lib/authenticate/callbacks/authenticatable.rb
 - lib/authenticate/callbacks/brute_force.rb
@@ -253,10 +284,7 @@ files:
 - lib/generators/authenticate/views/USAGE
 - lib/generators/authenticate/views/views_generator.rb
 - lib/tasks/authenticate_tasks.rake
-- spec/controllers/passwords_controller_spec.rb
 - spec/controllers/secured_controller_spec.rb
-- spec/controllers/sessions_controller_spec.rb
-- spec/controllers/users_controller_spec.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
 - spec/dummy/app/assets/images/.keep
@@ -309,7 +337,9 @@ files:
 - spec/dummy/public/favicon.ico
 - spec/factories/users.rb
 - spec/features/brute_force_spec.rb
+- spec/features/create_user_spec.rb
 - spec/features/max_session_lifetime_spec.rb
+- spec/features/new_user_form_spec.rb
 - spec/features/password_reset_spec.rb
 - spec/features/password_update_spec.rb
 - spec/features/sign_in_spec.rb
@@ -329,9 +359,12 @@ files:
 - spec/model/trackable_spec.rb
 - spec/model/user_spec.rb
 - spec/orm/active_record.rb
+- spec/requests/csrf_rotation_spec.rb
+- spec/requests/session_key_spec.rb
 - spec/spec_helper.rb
 - spec/support/controllers/controller_helpers.rb
 - spec/support/features/feature_helpers.rb
+- spec/support/mailer.rb
 homepage: http://github.com/tomichj/authenticate
 licenses:
 - MIT
@@ -353,7 +386,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Authentication for Rails applications

data/gemfiles/rails42.gemfile

@@ -1,17 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem 'shoulda-matchers', '~> 2.8'
-gem 'capybara', '~> 2.6.2'
-gem 'database_cleaner', '~> 1.5.1'
-gem 'timecop', '~> 0.8.0'
-
-gem "bundler", "~> 1.3"
-gem "factory_girl", "~> 4.4"
-gem "rspec-rails", "~> 3.1"
-gem "sqlite3", "~> 1.3"
-gem "pry", :require => false
-gem "rails", "~> 4.2.0"
-
-gemspec :path => "../"

data/spec/controllers/passwords_controller_spec.rb

@@ -1,117 +0,0 @@
-require 'spec_helper'
-require 'support/controllers/controller_helpers'
-
-describe Authenticate::PasswordsController, type: :controller do
-  it { is_expected.to be_a Authenticate::Controller }
-
-  describe 'get to #new' do
-    it 'renders the new form' do
-      get :new
-      expect(response).to be_success
-      expect(response).to render_template(:new)
-    end
-  end
-
-  describe 'post to #create' do
-    context 'with email for an existing user' do
-      it 'generates a password_reset_token' do
-        user = create(:user)
-        post :create, password: { email: user.email.upcase }
-        expect(user.reload.password_reset_token).not_to be_nil
-      end
-      it 'sends a password reset email' do
-        ActionMailer::Base.deliveries.clear
-        user = create(:user)
-        post :create, password: { email: user.email }
-        email = ActionMailer::Base.deliveries.last
-        expect(email.subject).to match(/change your password/i)
-      end
-    end
-    context 'with email that does not belong to an existing user' do
-      bad_email = 'bunk_email_address@non_existent_domain.com'
-      it 'does not send an email' do
-        ActionMailer::Base.deliveries.clear
-        post :create, password: { email: bad_email }
-        expect(ActionMailer::Base.deliveries).to be_empty
-      end
-      it 'always responds with redirect to avoid leaking user information' do
-        post :create, password: { email: bad_email }
-        expect(response).to be_redirect
-      end
-    end
-  end
-
-  describe 'get to #edit' do
-    context 'with a valid password_reset_token and timestamp' do
-      it 'renders password update form' do
-        user = create(:user, :with_password_reset_token_and_timestamp)
-        get :edit, id: user.id, token: user.password_reset_token
-        expect(response).to be_success
-        expect(response).to render_template(:edit)
-        expect(assigns(:user)).to eq user
-      end
-    end
-    context 'with a valid timestamp but invalid password_reset_token' do
-      it 'renders #new password form with notice' do
-        user = create(:user, :with_password_reset_token_and_timestamp)
-        get :edit, id: user.id, token: 'bad token'
-        expect(response).to be_success
-        expect(response).to render_template(:new)
-      end
-    end
-    context 'with a valid password_reset_token but invalid timestamp' do
-      it 'renders #new password form with notice' do
-        user = create(:user, :with_password_reset_token_and_timestamp, password_reset_sent_at: 2.years.ago)
-        get :edit, id: user.id, token: user.password_reset_token
-        expect(response).to be_redirect
-        expect(flash[:notice]).to match(/password change request has expired/)
-      end
-    end
-    context 'with a blank password_reset_token' do
-      it 'renders #new password form with notice' do
-        user = create(:user)
-        get :edit, id: user.id, token: nil
-        expect(response).to be_success
-        expect(response).to render_template(:new)
-      end
-    end
-  end
-
-  describe 'put to #update' do
-    context 'with valid password_reset_token and new password' do
-      it 'updates the user password' do
-        user = create(:user, :with_password_reset_token_and_timestamp)
-        old_encrypted_password = user.encrypted_password
-        put :update, update_params(user, new_password: 'new_password')
-        expect(user.reload.encrypted_password).not_to eq old_encrypted_password
-      end
-      it 'signs in the user' do
-        user = create(:user, :with_password_reset_token_and_timestamp)
-        put :update, update_params(user, new_password: 'new_password')
-        expect(cookies[:authenticate_session_token]).to be_present
-        expect(cookies[:authenticate_session_token]).to eq user.reload.session_token
-      end
-      it 'redirects user' do
-        user = create(:user, :with_password_reset_token_and_timestamp)
-        put :update, update_params(user, new_password: 'new_password')
-        expect(response).to redirect_to(Authenticate.configuration.redirect_url)
-      end
-    end
-    context 'with invalid new password' do
-      it 're-renders password edit form' do
-        user = create(:user, :with_password_reset_token_and_timestamp)
-        put :update, update_params(user, new_password: 'short')
-        expect(response).to render_template(:edit)
-      end
-    end
-  end
-
-  def update_params(user, options = {})
-    new_password = options.fetch(:new_password)
-    {
-      id: user,
-      token: user.password_reset_token,
-      password_reset: { password: new_password }
-    }
-  end
-end

data/spec/controllers/sessions_controller_spec.rb

@@ -1,86 +0,0 @@
-require 'spec_helper'
-require 'support/controllers/controller_helpers'
-
-describe Authenticate::SessionsController, type: :controller do
-  it { is_expected.to be_a Authenticate::Controller }
-
-  describe 'get to #new' do
-    context 'when user not signed in' do
-      before do
-        get :new
-      end
-      it { is_expected.to respond_with 200 }
-      it { is_expected.to render_template :new }
-      it { is_expected.not_to set_flash }
-    end
-
-    context 'when user is signed in' do
-      before do
-        sign_in
-        get :new
-      end
-
-      it { is_expected.not_to set_flash }
-      it { is_expected.to redirect_to(Authenticate.configuration.redirect_url) }
-    end
-  end
-
-  describe 'post to #create' do
-    context 'without password' do
-      it 'renders page with error' do
-        user = create(:user)
-        post :create, session: { email: user.email }
-        expect(response).to render_template :new
-        expect(flash[:notice]).to match(/Invalid id or password/)
-      end
-    end
-    context 'with good password' do
-      before do
-        @user = create(:user)
-        post :create, session: { email: @user.email, password: @user.password }
-      end
-      it { is_expected.to respond_with 302 }
-
-      it { is_expected.to redirect_to Authenticate.configuration.redirect_url }
-
-      it 'sets user session token' do
-        @user.reload
-        expect(@user.session_token).to_not be_nil
-      end
-
-      it 'sets user session' do
-        expect(controller.current_user).to eq(@user)
-      end
-    end
-  end
-
-  describe 'delete to #destroy' do
-    context 'with a signed out user' do
-      before do
-        sign_out
-        get :destroy
-      end
-
-      it { is_expected.to redirect_to sign_in_url }
-    end
-
-    context 'with a session cookie' do
-      before do
-        @user = create(:user, session_token: 'old-session-token')
-        @request.cookies['authenticate_session_token'] = 'old-session-token'
-        get :destroy
-      end
-
-      it { is_expected.to redirect_to sign_in_url }
-
-      it 'reset the session token' do
-        @user.reload
-        expect(@user.session_token).to_not eq('old-session-token')
-      end
-
-      it 'unset the current user' do
-        expect(controller.current_user).to be_nil
-      end
-    end
-  end
-end