authlogic-rails3 2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (126) hide show
  1. data/.gitignore +9 -0
  2. data/CHANGELOG.rdoc +345 -0
  3. data/LICENSE +20 -0
  4. data/README.rdoc +246 -0
  5. data/Rakefile +44 -0
  6. data/VERSION.yml +5 -0
  7. data/authlogic-rails3.gemspec +218 -0
  8. data/generators/session/session_generator.rb +9 -0
  9. data/generators/session/templates/session.rb +2 -0
  10. data/init.rb +1 -0
  11. data/lib/authlogic.rb +64 -0
  12. data/lib/authlogic/acts_as_authentic/base.rb +107 -0
  13. data/lib/authlogic/acts_as_authentic/email.rb +110 -0
  14. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +60 -0
  15. data/lib/authlogic/acts_as_authentic/login.rb +141 -0
  16. data/lib/authlogic/acts_as_authentic/magic_columns.rb +24 -0
  17. data/lib/authlogic/acts_as_authentic/password.rb +355 -0
  18. data/lib/authlogic/acts_as_authentic/perishable_token.rb +105 -0
  19. data/lib/authlogic/acts_as_authentic/persistence_token.rb +68 -0
  20. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +61 -0
  21. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +139 -0
  22. data/lib/authlogic/acts_as_authentic/single_access_token.rb +65 -0
  23. data/lib/authlogic/acts_as_authentic/validations_scope.rb +32 -0
  24. data/lib/authlogic/authenticates_many/association.rb +42 -0
  25. data/lib/authlogic/authenticates_many/base.rb +55 -0
  26. data/lib/authlogic/controller_adapters/abstract_adapter.rb +67 -0
  27. data/lib/authlogic/controller_adapters/merb_adapter.rb +30 -0
  28. data/lib/authlogic/controller_adapters/rails_adapter.rb +48 -0
  29. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +61 -0
  30. data/lib/authlogic/crypto_providers/aes256.rb +43 -0
  31. data/lib/authlogic/crypto_providers/bcrypt.rb +90 -0
  32. data/lib/authlogic/crypto_providers/md5.rb +34 -0
  33. data/lib/authlogic/crypto_providers/sha1.rb +35 -0
  34. data/lib/authlogic/crypto_providers/sha256.rb +50 -0
  35. data/lib/authlogic/crypto_providers/sha512.rb +50 -0
  36. data/lib/authlogic/crypto_providers/wordpress.rb +43 -0
  37. data/lib/authlogic/i18n.rb +83 -0
  38. data/lib/authlogic/i18n/translator.rb +15 -0
  39. data/lib/authlogic/random.rb +33 -0
  40. data/lib/authlogic/regex.rb +25 -0
  41. data/lib/authlogic/session/activation.rb +58 -0
  42. data/lib/authlogic/session/active_record_trickery.rb +64 -0
  43. data/lib/authlogic/session/base.rb +37 -0
  44. data/lib/authlogic/session/brute_force_protection.rb +96 -0
  45. data/lib/authlogic/session/callbacks.rb +99 -0
  46. data/lib/authlogic/session/cookies.rb +130 -0
  47. data/lib/authlogic/session/existence.rb +93 -0
  48. data/lib/authlogic/session/foundation.rb +71 -0
  49. data/lib/authlogic/session/http_auth.rb +58 -0
  50. data/lib/authlogic/session/id.rb +41 -0
  51. data/lib/authlogic/session/klass.rb +78 -0
  52. data/lib/authlogic/session/magic_columns.rb +95 -0
  53. data/lib/authlogic/session/magic_states.rb +59 -0
  54. data/lib/authlogic/session/params.rb +101 -0
  55. data/lib/authlogic/session/password.rb +240 -0
  56. data/lib/authlogic/session/perishable_token.rb +18 -0
  57. data/lib/authlogic/session/persistence.rb +70 -0
  58. data/lib/authlogic/session/priority_record.rb +34 -0
  59. data/lib/authlogic/session/scopes.rb +101 -0
  60. data/lib/authlogic/session/session.rb +62 -0
  61. data/lib/authlogic/session/timeout.rb +82 -0
  62. data/lib/authlogic/session/unauthorized_record.rb +50 -0
  63. data/lib/authlogic/session/validation.rb +82 -0
  64. data/lib/authlogic/test_case.rb +120 -0
  65. data/lib/authlogic/test_case/mock_controller.rb +45 -0
  66. data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -0
  67. data/lib/authlogic/test_case/mock_logger.rb +10 -0
  68. data/lib/authlogic/test_case/mock_request.rb +19 -0
  69. data/lib/authlogic/test_case/rails_request_adapter.rb +30 -0
  70. data/rails/init.rb +1 -0
  71. data/shoulda_macros/authlogic.rb +69 -0
  72. data/test/acts_as_authentic_test/base_test.rb +18 -0
  73. data/test/acts_as_authentic_test/email_test.rb +101 -0
  74. data/test/acts_as_authentic_test/logged_in_status_test.rb +36 -0
  75. data/test/acts_as_authentic_test/login_test.rb +109 -0
  76. data/test/acts_as_authentic_test/magic_columns_test.rb +27 -0
  77. data/test/acts_as_authentic_test/password_test.rb +236 -0
  78. data/test/acts_as_authentic_test/perishable_token_test.rb +90 -0
  79. data/test/acts_as_authentic_test/persistence_token_test.rb +55 -0
  80. data/test/acts_as_authentic_test/restful_authentication_test.rb +40 -0
  81. data/test/acts_as_authentic_test/session_maintenance_test.rb +84 -0
  82. data/test/acts_as_authentic_test/single_access_test.rb +44 -0
  83. data/test/authenticates_many_test.rb +16 -0
  84. data/test/crypto_provider_test/aes256_test.rb +14 -0
  85. data/test/crypto_provider_test/bcrypt_test.rb +14 -0
  86. data/test/crypto_provider_test/sha1_test.rb +23 -0
  87. data/test/crypto_provider_test/sha256_test.rb +14 -0
  88. data/test/crypto_provider_test/sha512_test.rb +14 -0
  89. data/test/fixtures/companies.yml +5 -0
  90. data/test/fixtures/employees.yml +17 -0
  91. data/test/fixtures/projects.yml +3 -0
  92. data/test/fixtures/users.yml +24 -0
  93. data/test/i18n_test.rb +33 -0
  94. data/test/libs/affiliate.rb +7 -0
  95. data/test/libs/company.rb +6 -0
  96. data/test/libs/employee.rb +7 -0
  97. data/test/libs/employee_session.rb +2 -0
  98. data/test/libs/ldaper.rb +3 -0
  99. data/test/libs/ordered_hash.rb +9 -0
  100. data/test/libs/project.rb +3 -0
  101. data/test/libs/user.rb +5 -0
  102. data/test/libs/user_session.rb +6 -0
  103. data/test/random_test.rb +42 -0
  104. data/test/session_test/activation_test.rb +43 -0
  105. data/test/session_test/active_record_trickery_test.rb +36 -0
  106. data/test/session_test/brute_force_protection_test.rb +101 -0
  107. data/test/session_test/callbacks_test.rb +6 -0
  108. data/test/session_test/cookies_test.rb +112 -0
  109. data/test/session_test/credentials_test.rb +0 -0
  110. data/test/session_test/existence_test.rb +64 -0
  111. data/test/session_test/http_auth_test.rb +28 -0
  112. data/test/session_test/id_test.rb +17 -0
  113. data/test/session_test/klass_test.rb +40 -0
  114. data/test/session_test/magic_columns_test.rb +62 -0
  115. data/test/session_test/magic_states_test.rb +60 -0
  116. data/test/session_test/params_test.rb +53 -0
  117. data/test/session_test/password_test.rb +106 -0
  118. data/test/session_test/perishability_test.rb +15 -0
  119. data/test/session_test/persistence_test.rb +21 -0
  120. data/test/session_test/scopes_test.rb +60 -0
  121. data/test/session_test/session_test.rb +59 -0
  122. data/test/session_test/timeout_test.rb +52 -0
  123. data/test/session_test/unauthorized_record_test.rb +13 -0
  124. data/test/session_test/validation_test.rb +23 -0
  125. data/test/test_helper.rb +182 -0
  126. metadata +253 -0
File without changes
@@ -0,0 +1,64 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module ExistenceTest
5
+ class ClassMethodsTest < ActiveSupport::TestCase
6
+ def test_create
7
+ ben = users(:ben)
8
+ assert UserSession.create(:login => "somelogin", :password => "badpw2").new_session?
9
+ assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
10
+ assert_raise(Authlogic::Session::Existence::SessionInvalidError) { UserSession.create!(:login => ben.login, :password => "badpw") }
11
+ assert !UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
12
+ end
13
+ end
14
+
15
+ class IsntaceMethodsTest < ActiveSupport::TestCase
16
+ def test_new_session
17
+ session = UserSession.new
18
+ assert session.new_session?
19
+
20
+ set_session_for(users(:ben))
21
+ session = UserSession.find
22
+ assert !session.new_session?
23
+ end
24
+
25
+ def test_save_with_nothing
26
+ session = UserSession.new
27
+ assert !session.save
28
+ assert session.new_session?
29
+ end
30
+
31
+ def test_save_with_block
32
+ ben = users(:ben)
33
+ session = UserSession.new
34
+ block_result = session.save do |result|
35
+ assert !result
36
+ end
37
+ assert !block_result
38
+ assert session.new_session?
39
+ end
40
+
41
+ def test_save_with_bang
42
+ session = UserSession.new
43
+ assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
44
+
45
+ session.unauthorized_record = users(:ben)
46
+ assert_nothing_raised { session.save! }
47
+ end
48
+
49
+ def test_destroy
50
+ ben = users(:ben)
51
+ session = UserSession.new
52
+ assert !session.valid?
53
+ assert !session.errors.empty?
54
+ assert session.destroy
55
+ assert session.errors.empty?
56
+ session.unauthorized_record = ben
57
+ assert session.save
58
+ assert session.record
59
+ assert session.destroy
60
+ assert !session.record
61
+ end
62
+ end
63
+ end
64
+ end
@@ -0,0 +1,28 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ class HttpAuthTest < ActiveSupport::TestCase
5
+ class ConfiTest < ActiveSupport::TestCase
6
+ def test_allow_http_basic_auth
7
+ UserSession.allow_http_basic_auth = false
8
+ assert_equal false, UserSession.allow_http_basic_auth
9
+
10
+ UserSession.allow_http_basic_auth true
11
+ assert_equal true, UserSession.allow_http_basic_auth
12
+ end
13
+ end
14
+
15
+ class InstanceMethodsTest < ActiveSupport::TestCase
16
+ def test_persist_persist_by_http_auth
17
+ ben = users(:ben)
18
+ http_basic_auth_for { assert !UserSession.find }
19
+ http_basic_auth_for(ben) do
20
+ assert session = UserSession.find
21
+ assert_equal ben, session.record
22
+ assert_equal ben.login, session.login
23
+ assert_equal "benrocks", session.send(:protected_password)
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
@@ -0,0 +1,17 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ class IdTest < ActiveSupport::TestCase
5
+ def test_credentials
6
+ session = UserSession.new
7
+ session.credentials = [:my_id]
8
+ assert_equal :my_id, session.id
9
+ end
10
+
11
+ def test_id
12
+ session = UserSession.new
13
+ session.id = :my_id
14
+ assert_equal :my_id, session.id
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,40 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module KlassTest
5
+ class ConfigTest < ActiveSupport::TestCase
6
+ def test_authenticate_with
7
+ UserSession.authenticate_with = Employee
8
+ assert_equal "Employee", UserSession.klass_name
9
+ assert_equal Employee, UserSession.klass
10
+
11
+ UserSession.authenticate_with User
12
+ assert_equal "User", UserSession.klass_name
13
+ assert_equal User, UserSession.klass
14
+ end
15
+
16
+ def test_klass
17
+ assert_equal User, UserSession.klass
18
+ end
19
+
20
+ def test_klass_name
21
+ assert_equal "User", UserSession.klass_name
22
+ end
23
+
24
+ def test_guessed_klass_name
25
+ assert_equal "User", UserSession.guessed_klass_name
26
+ assert_equal "BackOfficeUser", BackOfficeUserSession.guessed_klass_name
27
+ end
28
+ end
29
+
30
+ class InstanceMethodsTest < ActiveSupport::TestCase
31
+ def test_record_method
32
+ ben = users(:ben)
33
+ set_session_for(ben)
34
+ session = UserSession.find
35
+ assert_equal ben, session.record
36
+ assert_equal ben, session.user
37
+ end
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,62 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module MagicColumnsTest
5
+ class ConfigTest < ActiveSupport::TestCase
6
+ def test_last_request_at_threshold_config
7
+ UserSession.last_request_at_threshold = 2.minutes
8
+ assert_equal 2.minutes, UserSession.last_request_at_threshold
9
+
10
+ UserSession.last_request_at_threshold 0
11
+ assert_equal 0, UserSession.last_request_at_threshold
12
+ end
13
+ end
14
+
15
+ class InstanceMethodsTest < ActiveSupport::TestCase
16
+ def test_after_persisting_set_last_request_at
17
+ ben = users(:ben)
18
+ assert !UserSession.create(ben).new_session?
19
+
20
+ set_cookie_for(ben)
21
+ old_last_request_at = ben.last_request_at
22
+ assert UserSession.find
23
+ ben.reload
24
+ assert ben.last_request_at != old_last_request_at
25
+ end
26
+
27
+ def test_valid_increase_failed_login_count
28
+ ben = users(:ben)
29
+ old_failed_login_count = ben.failed_login_count
30
+ assert UserSession.create(:login => ben.login, :password => "wrong").new_session?
31
+ ben.reload
32
+ assert_equal old_failed_login_count + 1, ben.failed_login_count
33
+ end
34
+
35
+ def test_before_save_update_info
36
+ ben = users(:ben)
37
+
38
+ # increase failed login count
39
+ assert UserSession.create(:login => ben.login, :password => "wrong").new_session?
40
+ ben.reload
41
+
42
+ # grab old values
43
+ old_login_count = ben.login_count
44
+ old_failed_login_count = ben.failed_login_count
45
+ old_last_login_at = ben.last_login_at
46
+ old_current_login_at = ben.current_login_at
47
+ old_last_login_ip = ben.last_login_ip
48
+ old_current_login_ip = ben.current_login_ip
49
+
50
+ assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
51
+
52
+ ben.reload
53
+ assert_equal old_login_count + 1, ben.login_count
54
+ assert_equal 0, ben.failed_login_count
55
+ assert_equal old_current_login_at, ben.last_login_at
56
+ assert ben.current_login_at != old_current_login_at
57
+ assert_equal old_current_login_ip, ben.last_login_ip
58
+ assert_equal "1.1.1.1", ben.current_login_ip
59
+ end
60
+ end
61
+ end
62
+ end
@@ -0,0 +1,60 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module SessionTest
5
+ class ConfigTest < ActiveSupport::TestCase
6
+ def test_disable_magic_states_config
7
+ UserSession.disable_magic_states = true
8
+ assert_equal true, UserSession.disable_magic_states
9
+
10
+ UserSession.disable_magic_states false
11
+ assert_equal false, UserSession.disable_magic_states
12
+ end
13
+ end
14
+
15
+ class InstanceMethodsTest < ActiveSupport::TestCase
16
+ def test_disabling_magic_states
17
+ UserSession.disable_magic_states = true
18
+
19
+ ben = users(:ben)
20
+ ben.update_attribute(:active, false)
21
+ assert UserSession.create(ben)
22
+
23
+ UserSession.disable_magic_states = false
24
+ end
25
+
26
+ def test_validate_validate_magic_states_active
27
+ session = UserSession.new
28
+ ben = users(:ben)
29
+ session.unauthorized_record = ben
30
+ assert session.valid?
31
+
32
+ ben.update_attribute(:active, false)
33
+ assert !session.valid?
34
+ assert session.errors[:base].size > 0
35
+ end
36
+
37
+ def test_validate_validate_magic_states_approved
38
+ session = UserSession.new
39
+ ben = users(:ben)
40
+ session.unauthorized_record = ben
41
+ assert session.valid?
42
+
43
+ ben.update_attribute(:approved, false)
44
+ assert !session.valid?
45
+ assert session.errors[:base].size > 0
46
+ end
47
+
48
+ def test_validate_validate_magic_states_confirmed
49
+ session = UserSession.new
50
+ ben = users(:ben)
51
+ session.unauthorized_record = ben
52
+ assert session.valid?
53
+
54
+ ben.update_attribute(:confirmed, false)
55
+ assert !session.valid?
56
+ assert session.errors[:base].size > 0
57
+ end
58
+ end
59
+ end
60
+ end
@@ -0,0 +1,53 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module ParamsTest
5
+ class ConfigTest < ActiveSupport::TestCase
6
+ def test_params_key
7
+ UserSession.params_key = "my_params_key"
8
+ assert_equal "my_params_key", UserSession.params_key
9
+
10
+ UserSession.params_key "user_credentials"
11
+ assert_equal "user_credentials", UserSession.params_key
12
+ end
13
+
14
+ def test_single_access_allowed_request_types
15
+ UserSession.single_access_allowed_request_types = ["my request type"]
16
+ assert_equal ["my request type"], UserSession.single_access_allowed_request_types
17
+
18
+ UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
19
+ assert_equal ["application/rss+xml", "application/atom+xml"], UserSession.single_access_allowed_request_types
20
+ end
21
+ end
22
+
23
+ class InstanceMethodsTest < ActiveSupport::TestCase
24
+ def test_persist_persist_by_params
25
+ ben = users(:ben)
26
+ session = UserSession.new
27
+
28
+ assert !session.persisting?
29
+ set_params_for(ben)
30
+
31
+ assert !session.persisting?
32
+ assert !session.unauthorized_record
33
+ assert !session.record
34
+ assert_nil controller.session["user_credentials"]
35
+
36
+ set_request_content_type("text/plain")
37
+ assert !session.persisting?
38
+ assert !session.unauthorized_record
39
+ assert_nil controller.session["user_credentials"]
40
+
41
+ set_request_content_type("application/atom+xml")
42
+ assert session.persisting?
43
+ assert_equal ben, session.record
44
+ assert_nil controller.session["user_credentials"] # should not persist since this is single access
45
+
46
+ set_request_content_type("application/rss+xml")
47
+ assert session.persisting?
48
+ assert_equal ben, session.unauthorized_record
49
+ assert_nil controller.session["user_credentials"]
50
+ end
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,106 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module PasswordTest
5
+ class ConfigTest < ActiveSupport::TestCase
6
+ def test_find_by_login_method
7
+ UserSession.find_by_login_method = "my_login_method"
8
+ assert_equal "my_login_method", UserSession.find_by_login_method
9
+
10
+ UserSession.find_by_login_method "find_by_login"
11
+ assert_equal "find_by_login", UserSession.find_by_login_method
12
+ end
13
+
14
+ def test_verify_password_method
15
+ UserSession.verify_password_method = "my_login_method"
16
+ assert_equal "my_login_method", UserSession.verify_password_method
17
+
18
+ UserSession.verify_password_method "valid_password?"
19
+ assert_equal "valid_password?", UserSession.verify_password_method
20
+ end
21
+
22
+ def test_generalize_credentials_error_mesages_set_to_false
23
+ UserSession.generalize_credentials_error_messages false
24
+ assert !UserSession.generalize_credentials_error_messages
25
+ session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
26
+ assert_equal ["Password is not valid"], session.errors.full_messages
27
+ end
28
+
29
+ def test_generalize_credentials_error_messages_set_to_true
30
+ UserSession.generalize_credentials_error_messages true
31
+ assert UserSession.generalize_credentials_error_messages
32
+ session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
33
+ assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
34
+ end
35
+
36
+ def test_generalize_credentials_error_messages_set_to_string
37
+ UserSession.generalize_credentials_error_messages= "Custom Error Message"
38
+ assert UserSession.generalize_credentials_error_messages
39
+ session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
40
+ assert_equal ["Custom Error Message"], session.errors.full_messages
41
+ end
42
+
43
+
44
+ def test_login_field
45
+ UserSession.configured_password_methods = false
46
+ UserSession.login_field = :saweet
47
+ assert_equal :saweet, UserSession.login_field
48
+ session = UserSession.new
49
+ assert session.respond_to?(:saweet)
50
+
51
+ UserSession.login_field :login
52
+ assert_equal :login, UserSession.login_field
53
+ session = UserSession.new
54
+ assert session.respond_to?(:login)
55
+ end
56
+
57
+ def test_password_field
58
+ UserSession.configured_password_methods = false
59
+ UserSession.password_field = :saweet
60
+ assert_equal :saweet, UserSession.password_field
61
+ session = UserSession.new
62
+ assert session.respond_to?(:saweet)
63
+
64
+ UserSession.password_field :password
65
+ assert_equal :password, UserSession.password_field
66
+ session = UserSession.new
67
+ assert session.respond_to?(:password)
68
+ end
69
+ end
70
+
71
+ class InstanceMethodsTest < ActiveSupport::TestCase
72
+ def test_init
73
+ session = UserSession.new
74
+ assert session.respond_to?(:login)
75
+ assert session.respond_to?(:login=)
76
+ assert session.respond_to?(:password)
77
+ assert session.respond_to?(:password=)
78
+ assert session.respond_to?(:protected_password, true)
79
+ end
80
+
81
+ def test_credentials
82
+ session = UserSession.new
83
+ session.credentials = {:login => "login", :password => "pass"}
84
+ assert_equal "login", session.login
85
+ assert_nil session.password
86
+ assert_equal "pass", session.send(:protected_password)
87
+ assert_equal({:password => "<protected>", :login => "login"}, session.credentials)
88
+ end
89
+
90
+ def test_credentials_are_params_safe
91
+ session = UserSession.new
92
+ assert_nothing_raised { session.credentials = {:hacker_method => "error!"} }
93
+ end
94
+
95
+ def test_save_with_credentials
96
+ ben = users(:ben)
97
+ session = UserSession.new(:login => ben.login, :password => "benrocks")
98
+ assert session.save
99
+ assert !session.new_session?
100
+ assert_equal 1, session.record.login_count
101
+ assert Time.now >= session.record.current_login_at
102
+ assert_equal "1.1.1.1", session.record.current_login_ip
103
+ end
104
+ end
105
+ end
106
+ end
@@ -0,0 +1,15 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ class PerishabilityTest < ActiveSupport::TestCase
5
+ def test_after_save
6
+ ben = users(:ben)
7
+ old_perishable_token = ben.perishable_token
8
+ session = UserSession.create(ben)
9
+ assert_not_equal old_perishable_token, ben.perishable_token
10
+
11
+ drew = employees(:drew)
12
+ assert UserSession.create(drew)
13
+ end
14
+ end
15
+ end