authentication-logic 0.1.0

data/lib/auth/logic/session/magic_column/assigns_last_request_at.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    module Session
+      module MagicColumn
+        # Assigns the current time to the `last_request_at` attribute.
+        #
+        # 1. The `last_request_at` column must exist
+        # 2. Assignment can be disabled on a per-controller basis
+        # 3. Assignment will not happen more often than `last_request_at_threshold`
+        #   seconds.
+        #
+        # - current_time - a `Time`
+        # - record - eg. a `User`
+        # - controller - an `Authentication::Logic::ControllerAdapters::AbstractAdapter`
+        # - last_request_at_threshold - integer - seconds
+        #
+        # @api private
+        class AssignsLastRequestAt
+          def initialize(current_time, record, controller, last_request_at_threshold)
+            @current_time = current_time
+            @record = record
+            @controller = controller
+            @last_request_at_threshold = last_request_at_threshold
+          end
+
+          def assign
+            return unless assign?
+
+            @record.last_request_at = @current_time
+          end
+
+          private
+
+          # @api private
+          def assign?
+            @record &&
+              @record.class.column_names.include?("last_request_at") &&
+              @controller.last_request_update_allowed? && (
+                @record.last_request_at.blank? ||
+                @last_request_at_threshold.to_i.seconds.ago >= @record.last_request_at
+              )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/auth/logic/test_case/mock_api_controller.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    module TestCase
+      # Basically acts like an API controller but doesn't do anything.
+      # Authentication::Logic can interact with this, do it's thing and then you can look at
+      # the controller object to see if anything changed.
+      class MockAPIController < ControllerAdapters::AbstractAdapter
+        attr_writer :request_content_type
+
+        def initialize; end
+
+        # Expected API controller has no cookies method.
+        undef :cookies
+
+        def cookie_domain
+          nil
+        end
+
+        def logger
+          @logger ||= MockLogger.new
+        end
+
+        def params
+          @params ||= {}
+        end
+
+        def request
+          @request ||= MockRequest.new(self)
+        end
+
+        def request_content_type
+          @request_content_type ||= "text/html"
+        end
+
+        def session
+          @session ||= {}
+        end
+
+        # If method is defined, it causes below behavior...
+        #   controller = Authentication::Logic::ControllerAdapters::RailsAdapter.new(
+        #     Authentication::Logic::TestCase::MockAPIController.new
+        #   )
+        #   controller.responds_to_single_access_allowed? #=> true
+        #   controller.single_access_allowed?
+        #     #=> NoMethodError: undefined method `single_access_allowed?' for nil:NilClass
+        #
+        undef :single_access_allowed?
+      end
+    end
+  end
+end

data/lib/auth/logic/test_case/mock_controller.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    module TestCase
+      # Basically acts like a controller but doesn't do anything. Authentication::Logic can interact
+      # with this, do it's thing and then you can look at the controller object to see if
+      # anything changed.
+      class MockController < ControllerAdapters::AbstractAdapter
+        attr_accessor :http_user, :http_password, :realm
+        attr_writer :request_content_type
+
+        def initialize; end
+
+        def authenticate_with_http_basic
+          yield http_user, http_password
+        end
+
+        def authenticate_or_request_with_http_basic(realm = "DefaultRealm")
+          self.realm = realm
+          @http_auth_requested = true
+          yield http_user, http_password
+        end
+
+        def cookies
+          @cookies ||= MockCookieJar.new
+        end
+
+        def cookie_domain
+          nil
+        end
+
+        def logger
+          @logger ||= MockLogger.new
+        end
+
+        def params
+          @params ||= {}
+        end
+
+        def request
+          @request ||= MockRequest.new(self)
+        end
+
+        def request_content_type
+          @request_content_type ||= "text/html"
+        end
+
+        def session
+          @session ||= {}
+        end
+
+        def http_auth_requested?
+          @http_auth_requested ||= false
+        end
+      end
+    end
+  end
+end

data/lib/auth/logic/test_case/mock_cookie_jar.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    module TestCase
+      # A mock of `ActionDispatch::Cookies::CookieJar`.
+      # See action_dispatch/middleware/cookies.rb
+      class MockCookieJar < Hash # :nodoc:
+        attr_accessor :set_cookies
+
+        def [](key)
+          hash = super
+          hash && hash[:value]
+        end
+
+        # @param options - "the cookie's value [usually a string] or a hash of
+        # options as documented above [in action_dispatch/middleware/cookies.rb]"
+        def []=(key, options)
+          opt = cookie_options_to_hash(options)
+          (@set_cookies ||= {})[key.to_s] = opt
+          super(key, opt)
+        end
+
+        def delete(key, _options = {})
+          super(key)
+        end
+
+        def signed
+          @signed ||= MockSignedCookieJar.new(self)
+        end
+
+        def encrypted
+          @encrypted ||= MockEncryptedCookieJar.new(self)
+        end
+
+        private
+
+        # @api private
+        def cookie_options_to_hash(options)
+          if options.is_a?(Hash)
+            options
+          else
+            { value: options }
+          end
+        end
+      end
+
+      # A mock of `ActionDispatch::Cookies::SignedKeyRotatingCookieJar`
+      #
+      # > .. a jar that'll automatically generate a signed representation of
+      # > cookie value and verify it when reading from the cookie again.
+      # > actionpack/lib/action_dispatch/middleware/cookies.rb
+      class MockSignedCookieJar < MockCookieJar
+        attr_reader :parent_jar # helper for testing
+
+        def initialize(parent_jar)
+          @parent_jar = parent_jar
+          parent_jar.each { |k, v| self[k] = v }
+        end
+
+        def [](val)
+          signed_message = @parent_jar[val]
+          return unless signed_message
+
+          payload, signature = signed_message.split("--")
+          raise "Invalid signature" unless Digest::SHA1.hexdigest(payload) == signature
+
+          payload
+        end
+
+        def []=(key, options)
+          opt = cookie_options_to_hash(options)
+          opt[:value] = "#{opt[:value]}--#{Digest::SHA1.hexdigest opt[:value]}"
+          @parent_jar[key] = opt
+        end
+      end
+
+      # Which ActionDispatch class is this a mock of?
+      # TODO: Document as with other mocks above.
+      class MockEncryptedCookieJar < MockCookieJar
+        attr_reader :parent_jar # helper for testing
+
+        def initialize(parent_jar)
+          @parent_jar = parent_jar
+          parent_jar.each { |k, v| self[k] = v }
+        end
+
+        def [](val)
+          encrypted_message = @parent_jar[val]
+          return unless encrypted_message
+
+          self.class.decrypt(encrypted_message)
+        end
+
+        def []=(key, options)
+          opt = cookie_options_to_hash(options)
+          opt[:value] = self.class.encrypt(opt[:value])
+          @parent_jar[key] = opt
+        end
+
+        # simple caesar cipher for testing
+        def self.encrypt(str)
+          str.unpack("U*").map(&:succ).pack("U*")
+        end
+
+        def self.decrypt(str)
+          str.unpack("U*").map(&:pred).pack("U*")
+        end
+      end
+    end
+  end
+end

data/lib/auth/logic/test_case/mock_logger.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    module TestCase
+      # Simple class to replace real loggers, so that we can raise any errors being logged.
+      class MockLogger
+        def error(message)
+          raise message
+        end
+      end
+    end
+  end
+end

data/lib/auth/logic/test_case/mock_request.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    module TestCase
+      class MockRequest # :nodoc:
+        attr_accessor :controller
+
+        def initialize(controller)
+          self.controller = controller
+        end
+
+        def env
+          @env ||= {
+            ControllerAdapters::AbstractAdapter::ENV_SESSION_OPTIONS => {}
+          }
+        end
+
+        def format
+          controller.request_content_type if controller.respond_to? :request_content_type
+        end
+
+        def ip
+          controller.respond_to?(:env) &&
+            controller.env.is_a?(Hash) &&
+            controller.env["REMOTE_ADDR"] ||
+            "1.1.1.1"
+        end
+
+        private
+
+        def method_missing(*args, &block); end
+      end
+    end
+  end
+end

data/lib/auth/logic/test_case/rails_request_adapter.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    module TestCase
+      # Adapts authlogic to work with the @request object when testing. This way Authentication::Logic
+      # can set cookies and what not before a request is made, ultimately letting you log in
+      # users in functional tests.
+      class RailsRequestAdapter < ControllerAdapters::AbstractAdapter
+        def authenticate_with_http_basic(&block); end
+
+        def cookies
+          new_cookies = MockCookieJar.new
+          super.each do |key, value|
+            new_cookies[key] = cookie_value(value)
+          end
+          new_cookies
+        end
+
+        def cookie_domain
+          nil
+        end
+
+        def request
+          @request ||= MockRequest.new(controller)
+        end
+
+        def request_content_type
+          request.format.to_s
+        end
+
+        private
+
+        def cookie_value(value)
+          value.is_a?(Hash) ? value[:value] : value
+        end
+      end
+    end
+  end
+end

data/lib/auth/logic/test_case.rb

@@ -0,0 +1,216 @@
+# frozen_string_literal: true
+
+require "#{File.dirname(__FILE__)}/test_case/rails_request_adapter"
+require "#{File.dirname(__FILE__)}/test_case/mock_api_controller"
+require "#{File.dirname(__FILE__)}/test_case/mock_cookie_jar"
+require "#{File.dirname(__FILE__)}/test_case/mock_controller"
+require "#{File.dirname(__FILE__)}/test_case/mock_logger"
+require "#{File.dirname(__FILE__)}/test_case/mock_request"
+
+module Authentication
+  module Logic
+    # This module is a collection of methods and classes that help you easily test
+    # Authlogic. In fact, I use these same tools to test the internals of
+    # Authlogic.
+    #
+    # === The quick and dirty
+    #
+    #   require "authlogic/test_case" # include at the top of test_helper.rb
+    #   setup :activate_authlogic # run before tests are executed
+    #   UserSession.create(users(:whomever)) # logs a user in
+    #
+    # For a more detailed explanation, see below.
+    #
+    # === Setting up
+    #
+    # Authlogic comes with some simple testing tools. To get these, you need to
+    # first require Authlogic's TestCase. If you are doing this in a rails app,
+    # you would require this file at the top of your test_helper.rb file:
+    #
+    #   require "authlogic/test_case"
+    #
+    # If you are using Test::Unit::TestCase, the standard testing library that
+    # comes with ruby, then you can skip this next part. If you are not, you need
+    # to include the Authlogic::TestCase into your testing suite as follows:
+    #
+    #   include Authlogic::TestCase
+    #
+    # Now that everything is ready to go, let's move onto actually testing. Here
+    # is the basic idea behind testing:
+    #
+    # Authlogic requires a "connection" to your controller to activate it. In the
+    # same manner that ActiveRecord requires a connection to your database. It
+    # can't do anything until it gets connected. That being said, Authlogic will
+    # raise an Authlogic::Session::Activation::NotActivatedError any time you try
+    # to instantiate an object without a "connection". So before you do anything
+    # with Authlogic, you need to activate / connect Authlogic. Let's walk through
+    # how to do this in tests:
+    #
+    # === Fixtures / Factories
+    #
+    # Creating users via fixtures / factories is easy. Here's an example of a
+    # fixture:
+    #
+    #   ben:
+    #     email: whatever@whatever.com
+    #     password_salt: <%= salt = Authlogic::Random.hex_token %>
+    #     crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("benrocks" + salt) %>
+    #     persistence_token: <%= Authlogic::Random.hex_token %>
+    #     single_access_token: <%= Authlogic::Random.friendly_token %>
+    #     perishable_token: <%= Authlogic::Random.friendly_token %>
+    #
+    # Notice the crypted_password value. Just supplement that with whatever crypto
+    # provider you are using, if you are not using the default.
+    #
+    # === Functional tests
+    #
+    # Activating Authlogic isn't a problem here, because making a request will
+    # activate Authlogic for you. The problem is logging users in so they can
+    # access restricted areas. Solving this is simple, just do this:
+    #
+    #   setup :activate_authlogic
+    #
+    # For those of you unfamiliar with TestUnit, the setup method basically just
+    # executes a method before any test is ran. It is essentially "setting up"
+    # your tests.
+    #
+    # Once you have done this, just log users in like usual:
+    #
+    #   UserSession.create(users(:whomever))
+    #   # access my restricted area here
+    #
+    # Do this before you make your request and it will act as if that user is
+    # logged in.
+    #
+    # === Integration tests
+    #
+    # Again, just like functional tests, you don't have to do anything. As soon as
+    # you make a request, Authlogic will be connected. If you want to activate
+    # Authlogic before making a request follow the same steps described in the
+    # "functional tests" section above. It works in the same manner.
+    #
+    # === Unit tests
+    #
+    # The only time you need to do any trickiness here is if you want to test
+    # Authlogic models. Maybe you added some custom code or methods in your
+    # Authlogic models. Maybe you are writing a plugin or a library that extends
+    # Authlogic.
+    #
+    # That being said, in this environment there is no controller. So you need to
+    # use a "mock" controller. Something that looks like a controller, acts like a
+    # controller, but isn't a "real" controller. You are essentially connecting
+    # Authlogic to your "mock" controller, then you can test off of the mock
+    # controller to make sure everything is functioning properly.
+    #
+    # I use a mock controller to test Authlogic myself. It's part of the Authlogic
+    # library that you can easily use. It's as simple as functional and
+    # integration tests. Just do the following:
+    #
+    #   setup :activate_authlogic
+    #
+    # You also get a controller method that you can test off of. For example:
+    #
+    #   ben = users(:ben)
+    #   assert_nil controller.session["user_credentials"]
+    #   assert UserSession.create(ben)
+    #   assert_equal controller.session["user_credentials"], ben.persistence_token
+    #
+    # See how I am checking that Authlogic is interacting with the controller
+    # properly? That's the idea here.
+    #
+    # === Testing with Rails 5
+    #
+    # Rails 5 has [deprecated classic controller tests](https://goo.gl/4zmt6y).
+    # Controller tests now inherit from `ActionDispatch::IntegrationTest` making
+    # them plain old integration tests now. You have two options for testing
+    # AuthLogic in Rails 5:
+    #
+    # * Add the `rails-controller-testing` gem to bring back the original
+    #   controller testing usage
+    # * Go full steam ahead with integration testing and actually log a user in
+    #   by submitting a form in the integration test.
+    #
+    # Naturally DHH recommends the second method and this is
+    # [what he does in his own tests](https://goo.gl/Ar6p0u). This is useful
+    # for testing not only AuthLogic itself (submitting login credentials to a
+    # UserSessionsController, for example) but any controller action that is
+    # behind a login wall. Add a helper method and use that before testing your
+    # actual controller action:
+    #
+    #   # test/test_helper.rb
+    #   def login(user)
+    #     post user_sessions_url, :params => { :email => user.email, :password => 'password' }
+    #   end
+    #
+    #   # test/controllers/posts_controller_test.rb
+    #   test "#create requires a user to be logged in
+    #     post posts_url, :params => { :body => 'Lorem ipsum' }
+    #
+    #     assert_redirected_to new_user_session_url
+    #   end
+    #
+    #   test "#create lets a logged in user create a new post" do
+    #     login(users(:admin))
+    #
+    #     assert_difference 'Posts.count' do
+    #       post posts_url, :params => { :body => 'Lorem ipsum' }
+    #     end
+    #
+    #     assert_redirected_to posts_url
+    #   end
+    #
+    # You still have access to the `session` helper in an integration test and so
+    # you can still test to see if a user is logged in. A couple of helper methods
+    # might look like:
+    #
+    #   # test/test_helper.rb
+    #   def assert_logged_in
+    #     assert session[:user_credentials].present?
+    #   end
+    #
+    #   def assert_not_logged_in
+    #     assert session[:user_credentials].blank?
+    #   end
+    #
+    #   # test/user_sessions_controller_test.rb
+    #   test "#create logs in a user" do
+    #     login(users(:admin))
+    #
+    #     assert_logged_in
+    #   end
+    module TestCase
+      def initialize(*args)
+        @request = nil
+        super
+      end
+
+      # Activates authlogic so that you can use it in your tests. You should call
+      # this method in your test's setup. Ex:
+      #
+      #   setup :activate_authlogic
+      def activate_authlogic
+        if @request && !@request.respond_to?(:params)
+          class << @request
+            alias_method :params, :parameters
+          end
+        end
+
+        Authlogic::Session::Base.controller = @request &&
+                                              Authlogic::TestCase::RailsRequestAdapter.new(@request) ||
+                                              controller
+      end
+
+      # The Authlogic::TestCase::MockController object passed to Authlogic to
+      # activate it. You can access this in your test. See the module description
+      # for an example.
+      def controller
+        @controller ||= Authlogic::TestCase::MockController.new
+      end
+    end
+
+    # TODO: Why are these lines inside the `Authlogic` module? Should be outside?
+    ::Test::Unit::TestCase.include TestCase if defined?(::Test::Unit::TestCase)
+    ::MiniTest::Unit::TestCase.include TestCase if defined?(::MiniTest::Unit::TestCase)
+    ::MiniTest::Test.include TestCase if defined?(::MiniTest::Test)
+  end
+end

data/lib/auth/logic/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Authentication
+  module Logic
+    VERSION = "0.1.0"
+  end
+end

data/lib/auth/logic.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative "logic/version"
+require "active_support/all"
+
+require "active_record"
+
+path = "#{File.dirname(__FILE__)}/auth/logic/"
+
+[
+  "errors",
+  "i18n",
+  "random",
+  "config",
+
+  "controller_adapters/abstract_adapter",
+  "cookie_credentials",
+
+  "crypto_providers",
+
+  "acts_as_authentic/email",
+  "acts_as_authentic/logged_in_status",
+  "acts_as_authentic/login",
+  "acts_as_authentic/magic_columns",
+  "acts_as_authentic/password",
+  "acts_as_authentic/perishable_token",
+  "acts_as_authentic/persistence_token",
+  "acts_as_authentic/session_maintenance",
+  "acts_as_authentic/single_access_token",
+  "acts_as_authentic/base",
+
+  "session/magic_column/assigns_last_request_at",
+  "session/base"
+].each do |library|
+  require path + library
+end
+
+require "#{path}controller_adapters/rails_adapter"   if defined?(Rails)
+require "#{path}controller_adapters/sinatra_adapter" if defined?(Sinatra)
+
+module Authentication
+  module Logic
+    class Error < StandardError; end
+    # Your code goes here...
+  end
+end