authlogic-nicho 6.5

data/lib/authlogic/session/magic_column/assigns_last_request_at.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module Session
+    module MagicColumn
+      # Assigns the current time to the `last_request_at` attribute.
+      #
+      # 1. The `last_request_at` column must exist
+      # 2. Assignment can be disabled on a per-controller basis
+      # 3. Assignment will not happen more often than `last_request_at_threshold`
+      #   seconds.
+      #
+      # - current_time - a `Time`
+      # - record - eg. a `User`
+      # - controller - an `Authlogic::ControllerAdapters::AbstractAdapter`
+      # - last_request_at_threshold - integer - seconds
+      #
+      # @api private
+      class AssignsLastRequestAt
+        def initialize(current_time, record, controller, last_request_at_threshold)
+          @current_time = current_time
+          @record = record
+          @controller = controller
+          @last_request_at_threshold = last_request_at_threshold
+        end
+
+        def assign
+          return unless assign?
+          @record.last_request_at = @current_time
+        end
+
+        private
+
+        # @api private
+        def assign?
+          @record &&
+            @record.class.column_names.include?("last_request_at") &&
+            @controller.last_request_update_allowed? && (
+              @record.last_request_at.blank? ||
+              @last_request_at_threshold.to_i.seconds.ago >= @record.last_request_at
+            )
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/test_case/mock_api_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module TestCase
+    # Basically acts like an API controller but doesn't do anything.
+    # Authlogic can interact with this, do it's thing and then you can look at
+    # the controller object to see if anything changed.
+    class MockAPIController < ControllerAdapters::AbstractAdapter
+      attr_writer :request_content_type
+
+      def initialize
+      end
+
+      # Expected API controller has no cookies method.
+      undef :cookies
+
+      def cookie_domain
+        nil
+      end
+
+      def logger
+        @logger ||= MockLogger.new
+      end
+
+      def params
+        @params ||= {}
+      end
+
+      def request
+        @request ||= MockRequest.new(self)
+      end
+
+      def request_content_type
+        @request_content_type ||= "text/html"
+      end
+
+      def session
+        @session ||= {}
+      end
+
+      # If method is defined, it causes below behavior...
+      #   controller = Authlogic::ControllerAdapters::RailsAdapter.new(
+      #     Authlogic::TestCase::MockAPIController.new
+      #   )
+      #   controller.responds_to_single_access_allowed? #=> true
+      #   controller.single_access_allowed?
+      #     #=> NoMethodError: undefined method `single_access_allowed?' for nil:NilClass
+      #
+      undef :single_access_allowed?
+    end
+  end
+end

data/lib/authlogic/test_case/mock_controller.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module TestCase
+    # Basically acts like a controller but doesn't do anything. Authlogic can interact
+    # with this, do it's thing and then you can look at the controller object to see if
+    # anything changed.
+    class MockController < ControllerAdapters::AbstractAdapter
+      attr_accessor :http_user, :http_password, :realm
+      attr_writer :request_content_type
+
+      def initialize
+      end
+
+      def authenticate_with_http_basic
+        yield http_user, http_password
+      end
+
+      def authenticate_or_request_with_http_basic(realm = "DefaultRealm")
+        self.realm = realm
+        @http_auth_requested = true
+        yield http_user, http_password
+      end
+
+      def cookies
+        @cookies ||= MockCookieJar.new
+      end
+
+      def cookie_domain
+        nil
+      end
+
+      def logger
+        @logger ||= MockLogger.new
+      end
+
+      def params
+        @params ||= {}
+      end
+
+      def request
+        @request ||= MockRequest.new(self)
+      end
+
+      def request_content_type
+        @request_content_type ||= "text/html"
+      end
+
+      def session
+        @session ||= {}
+      end
+
+      def http_auth_requested?
+        @http_auth_requested ||= false
+      end
+    end
+  end
+end

data/lib/authlogic/test_case/mock_cookie_jar.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module TestCase
+    # A mock of `ActionDispatch::Cookies::CookieJar`.
+    # See action_dispatch/middleware/cookies.rb
+    class MockCookieJar < Hash # :nodoc:
+      attr_accessor :set_cookies
+
+      def [](key)
+        hash = super
+        hash && hash[:value]
+      end
+
+      # @param options - "the cookie's value [usually a string] or a hash of
+      # options as documented above [in action_dispatch/middleware/cookies.rb]"
+      def []=(key, options)
+        opt = cookie_options_to_hash(options)
+        (@set_cookies ||= {})[key.to_s] = opt
+        super(key, opt)
+      end
+
+      def delete(key, _options = {})
+        super(key)
+      end
+
+      def signed
+        @signed ||= MockSignedCookieJar.new(self)
+      end
+
+      def encrypted
+        @encrypted ||= MockEncryptedCookieJar.new(self)
+      end
+
+      private
+
+      # @api private
+      def cookie_options_to_hash(options)
+        if options.is_a?(Hash)
+          options
+        else
+          { value: options }
+        end
+      end
+    end
+
+    # A mock of `ActionDispatch::Cookies::SignedKeyRotatingCookieJar`
+    #
+    # > .. a jar that'll automatically generate a signed representation of
+    # > cookie value and verify it when reading from the cookie again.
+    # > actionpack/lib/action_dispatch/middleware/cookies.rb
+    class MockSignedCookieJar < MockCookieJar
+      attr_reader :parent_jar # helper for testing
+
+      def initialize(parent_jar)
+        @parent_jar = parent_jar
+        parent_jar.each { |k, v| self[k] = v }
+      end
+
+      def [](val)
+        signed_message = @parent_jar[val]
+        if signed_message
+          payload, signature = signed_message.split("--")
+          raise "Invalid signature" unless Digest::SHA1.hexdigest(payload) == signature
+          payload
+        end
+      end
+
+      def []=(key, options)
+        opt = cookie_options_to_hash(options)
+        opt[:value] = "#{opt[:value]}--#{Digest::SHA1.hexdigest opt[:value]}"
+        @parent_jar[key] = opt
+      end
+    end
+
+    # Which ActionDispatch class is this a mock of?
+    # TODO: Document as with other mocks above.
+    class MockEncryptedCookieJar < MockCookieJar
+      attr_reader :parent_jar # helper for testing
+
+      def initialize(parent_jar)
+        @parent_jar = parent_jar
+        parent_jar.each { |k, v| self[k] = v }
+      end
+
+      def [](val)
+        encrypted_message = @parent_jar[val]
+        if encrypted_message
+          self.class.decrypt(encrypted_message)
+        end
+      end
+
+      def []=(key, options)
+        opt = cookie_options_to_hash(options)
+        opt[:value] = self.class.encrypt(opt[:value])
+        @parent_jar[key] = opt
+      end
+
+      # simple caesar cipher for testing
+      def self.encrypt(str)
+        str.unpack("U*").map(&:succ).pack("U*")
+      end
+
+      def self.decrypt(str)
+        str.unpack("U*").map(&:pred).pack("U*")
+      end
+    end
+  end
+end

data/lib/authlogic/test_case/mock_logger.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module TestCase
+    # Simple class to replace real loggers, so that we can raise any errors being logged.
+    class MockLogger
+      def error(message)
+        raise message
+      end
+    end
+  end
+end

data/lib/authlogic/test_case/mock_request.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module TestCase
+    class MockRequest # :nodoc:
+      attr_accessor :controller
+
+      def initialize(controller)
+        self.controller = controller
+      end
+
+      def env
+        @env ||= {
+          ControllerAdapters::AbstractAdapter::ENV_SESSION_OPTIONS => {}
+        }
+      end
+
+      def format
+        controller.request_content_type if controller.respond_to? :request_content_type
+      end
+
+      def ip
+        controller&.respond_to?(:env) &&
+          controller.env.is_a?(Hash) &&
+          controller.env["REMOTE_ADDR"] ||
+          "1.1.1.1"
+      end
+
+      private
+
+      def method_missing(*args, &block)
+      end
+    end
+  end
+end

data/lib/authlogic/test_case/rails_request_adapter.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module TestCase
+    # Adapts authlogic to work with the @request object when testing. This way Authlogic
+    # can set cookies and what not before a request is made, ultimately letting you log in
+    # users in functional tests.
+    class RailsRequestAdapter < ControllerAdapters::AbstractAdapter
+      def authenticate_with_http_basic(&block)
+      end
+
+      def cookies
+        new_cookies = MockCookieJar.new
+        super.each do |key, value|
+          new_cookies[key] = cookie_value(value)
+        end
+        new_cookies
+      end
+
+      def cookie_domain
+        nil
+      end
+
+      def request
+        @request ||= MockRequest.new(controller)
+      end
+
+      def request_content_type
+        request.format.to_s
+      end
+
+      private
+
+      def cookie_value(value)
+        value.is_a?(Hash) ? value[:value] : value
+      end
+    end
+  end
+end

data/lib/authlogic/test_case.rb

@@ -0,0 +1,215 @@
+# frozen_string_literal: true
+
+require File.dirname(__FILE__) + "/test_case/rails_request_adapter"
+require File.dirname(__FILE__) + "/test_case/mock_api_controller"
+require File.dirname(__FILE__) + "/test_case/mock_cookie_jar"
+require File.dirname(__FILE__) + "/test_case/mock_controller"
+require File.dirname(__FILE__) + "/test_case/mock_logger"
+require File.dirname(__FILE__) + "/test_case/mock_request"
+
+# :nodoc:
+module Authlogic
+  # This module is a collection of methods and classes that help you easily test
+  # Authlogic. In fact, I use these same tools to test the internals of
+  # Authlogic.
+  #
+  # === The quick and dirty
+  #
+  #   require "authlogic/test_case" # include at the top of test_helper.rb
+  #   setup :activate_authlogic # run before tests are executed
+  #   UserSession.create(users(:whomever)) # logs a user in
+  #
+  # For a more detailed explanation, see below.
+  #
+  # === Setting up
+  #
+  # Authlogic comes with some simple testing tools. To get these, you need to
+  # first require Authlogic's TestCase. If you are doing this in a rails app,
+  # you would require this file at the top of your test_helper.rb file:
+  #
+  #   require "authlogic/test_case"
+  #
+  # If you are using Test::Unit::TestCase, the standard testing library that
+  # comes with ruby, then you can skip this next part. If you are not, you need
+  # to include the Authlogic::TestCase into your testing suite as follows:
+  #
+  #   include Authlogic::TestCase
+  #
+  # Now that everything is ready to go, let's move onto actually testing. Here
+  # is the basic idea behind testing:
+  #
+  # Authlogic requires a "connection" to your controller to activate it. In the
+  # same manner that ActiveRecord requires a connection to your database. It
+  # can't do anything until it gets connected. That being said, Authlogic will
+  # raise an Authlogic::Session::Activation::NotActivatedError any time you try
+  # to instantiate an object without a "connection". So before you do anything
+  # with Authlogic, you need to activate / connect Authlogic. Let's walk through
+  # how to do this in tests:
+  #
+  # === Fixtures / Factories
+  #
+  # Creating users via fixtures / factories is easy. Here's an example of a
+  # fixture:
+  #
+  #   ben:
+  #     email: whatever@whatever.com
+  #     password_salt: <%= salt = Authlogic::Random.hex_token %>
+  #     crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("benrocks" + salt) %>
+  #     persistence_token: <%= Authlogic::Random.hex_token %>
+  #     single_access_token: <%= Authlogic::Random.friendly_token %>
+  #     perishable_token: <%= Authlogic::Random.friendly_token %>
+  #
+  # Notice the crypted_password value. Just supplement that with whatever crypto
+  # provider you are using, if you are not using the default.
+  #
+  # === Functional tests
+  #
+  # Activating Authlogic isn't a problem here, because making a request will
+  # activate Authlogic for you. The problem is logging users in so they can
+  # access restricted areas. Solving this is simple, just do this:
+  #
+  #   setup :activate_authlogic
+  #
+  # For those of you unfamiliar with TestUnit, the setup method basically just
+  # executes a method before any test is ran. It is essentially "setting up"
+  # your tests.
+  #
+  # Once you have done this, just log users in like usual:
+  #
+  #   UserSession.create(users(:whomever))
+  #   # access my restricted area here
+  #
+  # Do this before you make your request and it will act as if that user is
+  # logged in.
+  #
+  # === Integration tests
+  #
+  # Again, just like functional tests, you don't have to do anything. As soon as
+  # you make a request, Authlogic will be connected. If you want to activate
+  # Authlogic before making a request follow the same steps described in the
+  # "functional tests" section above. It works in the same manner.
+  #
+  # === Unit tests
+  #
+  # The only time you need to do any trickiness here is if you want to test
+  # Authlogic models. Maybe you added some custom code or methods in your
+  # Authlogic models. Maybe you are writing a plugin or a library that extends
+  # Authlogic.
+  #
+  # That being said, in this environment there is no controller. So you need to
+  # use a "mock" controller. Something that looks like a controller, acts like a
+  # controller, but isn't a "real" controller. You are essentially connecting
+  # Authlogic to your "mock" controller, then you can test off of the mock
+  # controller to make sure everything is functioning properly.
+  #
+  # I use a mock controller to test Authlogic myself. It's part of the Authlogic
+  # library that you can easily use. It's as simple as functional and
+  # integration tests. Just do the following:
+  #
+  #   setup :activate_authlogic
+  #
+  # You also get a controller method that you can test off of. For example:
+  #
+  #   ben = users(:ben)
+  #   assert_nil controller.session["user_credentials"]
+  #   assert UserSession.create(ben)
+  #   assert_equal controller.session["user_credentials"], ben.persistence_token
+  #
+  # See how I am checking that Authlogic is interacting with the controller
+  # properly? That's the idea here.
+  #
+  # === Testing with Rails 5
+  #
+  # Rails 5 has [deprecated classic controller tests](https://goo.gl/4zmt6y).
+  # Controller tests now inherit from `ActionDispatch::IntegrationTest` making
+  # them plain old integration tests now. You have two options for testing
+  # AuthLogic in Rails 5:
+  #
+  # * Add the `rails-controller-testing` gem to bring back the original
+  #   controller testing usage
+  # * Go full steam ahead with integration testing and actually log a user in
+  #   by submitting a form in the integration test.
+  #
+  # Naturally DHH recommends the second method and this is
+  # [what he does in his own tests](https://goo.gl/Ar6p0u). This is useful
+  # for testing not only AuthLogic itself (submitting login credentials to a
+  # UserSessionsController, for example) but any controller action that is
+  # behind a login wall. Add a helper method and use that before testing your
+  # actual controller action:
+  #
+  #   # test/test_helper.rb
+  #   def login(user)
+  #     post user_sessions_url, :params => { :email => user.email, :password => 'password' }
+  #   end
+  #
+  #   # test/controllers/posts_controller_test.rb
+  #   test "#create requires a user to be logged in
+  #     post posts_url, :params => { :body => 'Lorem ipsum' }
+  #
+  #     assert_redirected_to new_user_session_url
+  #   end
+  #
+  #   test "#create lets a logged in user create a new post" do
+  #     login(users(:admin))
+  #
+  #     assert_difference 'Posts.count' do
+  #       post posts_url, :params => { :body => 'Lorem ipsum' }
+  #     end
+  #
+  #     assert_redirected_to posts_url
+  #   end
+  #
+  # You still have access to the `session` helper in an integration test and so
+  # you can still test to see if a user is logged in. A couple of helper methods
+  # might look like:
+  #
+  #   # test/test_helper.rb
+  #   def assert_logged_in
+  #     assert session[:user_credentials].present?
+  #   end
+  #
+  #   def assert_not_logged_in
+  #     assert session[:user_credentials].blank?
+  #   end
+  #
+  #   # test/user_sessions_controller_test.rb
+  #   test "#create logs in a user" do
+  #     login(users(:admin))
+  #
+  #     assert_logged_in
+  #   end
+  module TestCase
+    def initialize(*args)
+      @request = nil
+      super
+    end
+
+    # Activates authlogic so that you can use it in your tests. You should call
+    # this method in your test's setup. Ex:
+    #
+    #   setup :activate_authlogic
+    def activate_authlogic
+      if @request && !@request.respond_to?(:params)
+        class <<@request
+          alias_method :params, :parameters
+        end
+      end
+
+      Authlogic::Session::Base.controller = @request &&
+        Authlogic::TestCase::RailsRequestAdapter.new(@request) ||
+        controller
+    end
+
+    # The Authlogic::TestCase::MockController object passed to Authlogic to
+    # activate it. You can access this in your test. See the module description
+    # for an example.
+    def controller
+      @controller ||= Authlogic::TestCase::MockController.new
+    end
+  end
+
+  # TODO: Why are these lines inside the `Authlogic` module? Should be outside?
+  ::Test::Unit::TestCase.send(:include, TestCase) if defined?(::Test::Unit::TestCase)
+  ::MiniTest::Unit::TestCase.send(:include, TestCase) if defined?(::MiniTest::Unit::TestCase)
+  ::MiniTest::Test.send(:include, TestCase) if defined?(::MiniTest::Test)
+end

data/lib/authlogic/version.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "rubygems"
+
+# :nodoc:
+module Authlogic
+  # Returns a `::Gem::Version`, the version number of the authlogic gem.
+  #
+  # It is preferable for a library to provide a `gem_version` method, rather
+  # than a `VERSION` string, because `::Gem::Version` is easier to use in a
+  # comparison.
+  #
+  # We cannot return a frozen `Version`, because rubygems will try to modify it.
+  # https://github.com/binarylogic/authlogic/pull/590
+  #
+  # Added in 4.0.0
+  #
+  # @api public
+  def self.gem_version
+    ::Gem::Version.new("6.5")
+  end
+end

data/lib/authlogic.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# Authlogic uses ActiveSupport's core extensions like `strip_heredoc` and
+# `squish`. ActiveRecord does not `require` these exensions, so we must.
+#
+# It's possible that we could save a few milliseconds by loading only the
+# specific core extensions we need, but `all.rb` is simpler. We can revisit this
+# decision if it becomes a problem.
+require "active_support/all"
+
+require "active_record"
+
+path = File.dirname(__FILE__) + "/authlogic/"
+
+[
+  "errors",
+  "i18n",
+  "random",
+  "config",
+
+  "controller_adapters/abstract_adapter",
+  "cookie_credentials",
+
+  "crypto_providers",
+
+  "acts_as_authentic/email",
+  "acts_as_authentic/logged_in_status",
+  "acts_as_authentic/login",
+  "acts_as_authentic/magic_columns",
+  "acts_as_authentic/password",
+  "acts_as_authentic/perishable_token",
+  "acts_as_authentic/persistence_token",
+  "acts_as_authentic/session_maintenance",
+  "acts_as_authentic/single_access_token",
+  "acts_as_authentic/base",
+
+  "session/magic_column/assigns_last_request_at",
+  "session/base"
+].each do |library|
+  require path + library
+end
+
+require path + "controller_adapters/rails_adapter"   if defined?(Rails)
+require path + "controller_adapters/sinatra_adapter" if defined?(Sinatra)