authlogic 0.10.4 → 1.0.0

data/{test_app/test → test}/fixtures/companies.yml

@@ -1,7 +1,5 @@
 binary_logic:
-  id: 1
   name: Binary Logic
   
 logic_over_data:
-  id: 2
   name: Logic Over Data

data/test/fixtures/employees.yml

@@ -0,0 +1,17 @@
+drew:
+  company: binary_logic
+  email: dgainor@binarylogic.com
+  password_salt: <%= salt = Employee.unique_token %>
+  crypted_password: "<%= Employee.crypto_provider.encrypt("drewrocks" + salt) %>"
+  remember_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
+  first_name: Drew
+  last_name: Gainor
+  
+jennifer:
+  company: logic_over_data
+  email: jjohnson@logicoverdata.com
+  password_salt: <%= salt = Employee.unique_token %>
+  crypted_password: "<%= Employee.crypto_provider.encrypt("jenniferocks" + salt) %>"
+  remember_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
+  first_name: Jennifer
+  last_name: Johnson

data/{test_app/test → test}/fixtures/projects.yml

@@ -1,4 +1,3 @@
 web_services:
-  id: 1
   name: web services
-  
+  users: ben, zack

data/{test_app/test → test}/fixtures/users.yml

@@ -1,6 +1,5 @@
 ben:
-  id: 1
-  company_id: 1
+  company: binary_logic
   projects: web_services
   login: bjohnson
   password_salt: <%= salt = User.unique_token %>
@@ -10,12 +9,11 @@ ben:
   last_name: Johnson
   
 zack:
-  id: 2
-  company_id: 2
+  company: logic_over_data
   projects: web_services
   login: zham
   password_salt: <%= salt = User.unique_token %>
   crypted_password: <%= Authlogic::Sha512CryptoProvider.encrypt("zackrocks" + salt) %>
   remember_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
   first_name: Zack
-  last_name: Ham
+  last_name: Ham

data/test/test_helper.rb

@@ -0,0 +1,142 @@
+require "test/unit"
+require "rubygems"
+require "ruby-debug"
+require "active_record"
+require 'active_record/fixtures'
+require File.dirname(__FILE__) + '/../lib/authlogic'
+require File.dirname(__FILE__) + '/../test_libs/aes128_crypto_provider'
+require File.dirname(__FILE__) + '/../test_libs/mock_request'
+require File.dirname(__FILE__) + '/../test_libs/mock_cookie_jar'
+require File.dirname(__FILE__) + '/../test_libs/mock_controller'
+
+ActiveRecord::Schema.verbose = false
+ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
+ActiveRecord::Base.configurations = true
+ActiveRecord::Schema.define(:version => 1) do
+  create_table :companies do |t|
+    t.datetime  :created_at    
+    t.datetime  :updated_at
+    t.string    :name
+    t.boolean   :active
+  end
+
+  create_table :projects do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.string    :name
+  end
+  
+  create_table :projects_users, :id => false do |t|
+    t.integer :project_id
+    t.integer :user_id
+  end
+  
+  create_table :users do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.integer   :company_id
+    t.string    :login
+    t.string    :crypted_password
+    t.string    :password_salt
+    t.string    :remember_token
+    t.string    :first_name
+    t.string    :last_name
+    t.integer   :login_count
+    t.datetime  :last_request_at
+    t.datetime  :current_login_at
+    t.datetime  :last_login_at
+    t.string    :current_login_ip
+    t.string    :last_login_ip
+  end
+  
+  create_table :employees do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.integer   :company_id
+    t.string    :email
+    t.string    :crypted_password
+    t.string    :password_salt
+    t.string    :remember_token
+    t.string    :first_name
+    t.string    :last_name
+    t.integer   :login_count
+    t.datetime  :last_request_at
+    t.datetime  :current_login_at
+    t.datetime  :last_login_at
+    t.string    :current_login_ip
+    t.string    :last_login_ip
+  end
+end
+
+class Project < ActiveRecord::Base
+  has_and_belongs_to_many :users
+end
+
+class UserSession < Authlogic::Session::Base
+end
+
+class EmployeeSession < Authlogic::Session::Base
+end
+
+class Company < ActiveRecord::Base
+  authenticates_many :employee_sessions
+  authenticates_many :user_sessions
+  has_many :employees, :dependent => :destroy
+  has_many :users, :dependent => :destroy
+end
+
+class User < ActiveRecord::Base
+  acts_as_authentic
+  belongs_to :company
+  has_and_belongs_to_many :projects
+end
+
+class Employee < ActiveRecord::Base
+  acts_as_authentic :crypto_provider => AES128CryptoProvider
+  belongs_to :company
+end
+
+class Test::Unit::TestCase
+  self.fixture_path = File.dirname(__FILE__) + "/fixtures"
+  self.use_transactional_fixtures = true
+  self.use_instantiated_fixtures  = false
+  self.pre_loaded_fixtures = true
+  fixtures :all
+  setup :activate_authlogic
+  teardown :deactivate_authlogic
+  
+  private
+    def activate_authlogic
+      @controller = MockController.new
+      Authlogic::Session::Base.controller = @controller
+    end
+
+    def deactivate_authlogic
+      Authlogic::Session::Base.reset_controllers!
+    end
+    
+    def http_basic_auth_for(user = nil, &block)
+      unless user.blank?
+        @controller.http_user = user.login
+        @controller.http_password = user.crypted_password
+      end
+      yield
+      @controller.http_user = @controller.http_password = nil
+    end
+    
+    def set_cookie_for(user, id = nil)
+      @controller.cookies["user_credentials"] = {:value => user.remember_token, :expires => nil}
+    end
+    
+    def unset_cookie
+      @controller.cookies["user_credentials"] = nil
+    end
+    
+    def set_session_for(user, id = nil)
+      @controller.session["user_credentials"] = user.remember_token
+    end
+    
+    def unset_session
+      @controller.session["user_credentials"] = nil
+    end
+end

data/test/user_session_active_record_trickery_test.rb

@@ -0,0 +1,12 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class UserSessionActiveRecordTrickeryTest < ActiveSupport::TestCase
+  def test_human_attribute_name
+    assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
+  end
+  
+  def test_new_record
+    session = UserSession.new
+    assert session.new_record?
+  end
+end

data/test/user_session_base_test.rb

@@ -0,0 +1,316 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class UserSessionBaseTest < ActiveSupport::TestCase
+  def test_activated
+    assert UserSession.activated?
+    Authlogic::Session::Base.reset_controllers!
+    assert !UserSession.activated?
+  end
+  
+  def test_controllers
+    Authlogic::Session::Base.reset_controllers!
+    assert_equal 0, Authlogic::Session::Base.send(:controllers).size 
+    thread1 = Thread.new do
+      controller = MockController.new
+      Authlogic::Session::Base.controller = controller
+      assert_equal controller, Authlogic::Session::Base.controller
+    end
+    thread1.join
+    assert_equal 1, Authlogic::Session::Base.send(:controllers).size
+    assert_equal nil, Authlogic::Session::Base.controller
+    thread2 = Thread.new do
+      controller = MockController.new
+      Authlogic::Session::Base.controller = controller
+      assert_equal controller, Authlogic::Session::Base.controller
+    end
+    thread2.join
+    assert_equal 2, Authlogic::Session::Base.send(:controllers).size
+    assert_equal nil, Authlogic::Session::Base.controller
+  end
+  
+  def test_create
+    ben = users(:ben)
+    assert !UserSession.create(ben.login, "badpw")
+    assert UserSession.create(ben.login, "benrocks")
+    assert_raise(Authlogic::Session::SessionInvalid) { UserSession.create!(ben.login, "badpw") }
+    assert UserSession.create!(ben.login, "benrocks")
+  end
+  
+  def test_find
+    ben = users(:ben)
+    assert !UserSession.find
+    http_basic_auth_for(ben) { assert UserSession.find }
+    set_cookie_for(ben)
+    assert UserSession.find
+    unset_cookie
+    set_session_for(ben)
+    session = UserSession.find
+    assert session
+    assert !session.record.last_request_at.nil?
+  end
+  
+  def test_klass
+    assert_equal User, UserSession.klass
+  end
+  
+  def test_klass_name
+    assert_equal "User", UserSession.klass_name
+  end
+  
+  def test_scope_method # test_scope is reserved
+    UserSession.with_scope(:find_options => {:conditions => "1 = 1"}, :id => "some_id") do
+      assert_equal({:find_options => {:conditions => "1 = 1"}, :id => "some_id"}, UserSession.scope)
+      
+      ben = users(:ben)
+      session = UserSession.new
+      assert_equal({:find_options => {:conditions => "1 = 1"}, :id => "some_id"}, session.scope)
+      
+      session.id = :another_id
+      session.unauthorized_record = ben
+      assert session.save
+      assert_equal ben.remember_token, @controller.session["another_id_some_id_user_credentials"]
+      assert_equal ben.remember_token, @controller.cookies["another_id_some_id_user_credentials"]
+    end
+    
+    assert_equal nil, UserSession.scope
+  end
+  
+  def test_with_scope_method # test_with_scope is reserved
+    assert_raise(ArgumentError) { UserSession.with_scope }
+    # the rest of the method was tested in test_scope
+  end
+  
+  def test_init
+    UserSession.reset_controllers!
+    assert_raise(Authlogic::Session::NotActivated) { UserSession.new }
+    UserSession.controller = @controller
+    
+    session = UserSession.new
+    assert session.respond_to?(:login)
+    assert session.respond_to?(:login=)
+    assert session.respond_to?(:password)
+    assert session.respond_to?(:password=)
+    assert session.respond_to?(:protected_password, true)
+    
+    
+    session = UserSession.new(:my_id)
+    assert_equal :my_id, session.id
+    
+    session = UserSession.new("login", "pass", true, :my_id)
+    assert_equal "login", session.login
+    assert_equal nil, session.password
+    assert_equal "pass", session.send(:protected_password)
+    assert_equal true, session.remember_me
+    assert_equal :my_id, session.id
+    
+    session = UserSession.new({:login => "login", :password => "pass", :remember_me => true}, :my_id)
+    assert_equal "login", session.login
+    assert_equal nil, session.password
+    assert_equal "pass", session.send(:protected_password)
+    assert_equal true, session.remember_me
+    assert_equal :my_id, session.id
+    
+    session = UserSession.new(users(:ben), :my_id)
+    assert_equal nil, session.login
+    assert_equal nil, session.password
+    assert_equal nil, session.send(:protected_password)
+    assert_equal nil, session.remember_me
+    assert_equal :my_id, session.id
+    assert_equal users(:ben), session.unauthorized_record
+  end
+  
+  def test_credentials
+    session = UserSession.new
+    session.credentials = {:login => "login", :password => "pass", :remember_me => true}
+    assert_equal "login", session.login
+    assert_equal nil, session.password
+    assert_equal "pass", session.send(:protected_password)
+    assert_equal true, session.remember_me
+    assert_equal({:password => "<Protected>", :login => "login"}, session.credentials)
+  end
+  
+  def test_destroy
+    ben = users(:ben)
+    session = UserSession.create(ben)
+    assert session
+    assert_equal ben.remember_token, @controller.session["user_credentials"]
+    assert_equal ben.remember_token, @controller.cookies["user_credentials"]
+    session.destroy
+    assert_equal nil, @controller.session["user_credentials"]
+    assert_equal nil, @controller.cookies["user_credentials"]
+  end
+  
+  def test_errors
+    session = UserSession.new
+    assert session.errors.is_a?(Authlogic::Session::Errors)
+  end
+  
+  def test_find_record
+    # tested thoroughly in test_find
+  end
+  
+  def test_id
+    ben = users(:ben)
+    session = UserSession.new(ben, :my_id)
+    assert_equal :my_id, session.id
+    assert session.save
+    assert_equal ben.remember_token, @controller.session["my_id_user_credentials"]
+    assert_equal ben.remember_token, @controller.cookies["my_id_user_credentials"]
+  end
+  
+  def test_inspect
+    session = UserSession.new
+    assert_equal "#<UserSession {:unauthorized_record=>\"<protected>\"}>", session.inspect
+    session.login = "login"
+    session.password = "pass"
+    assert "#<UserSession {:login=>\"login\", :password=>\"<protected>\"}>" == session.inspect || "#<UserSession {:password=>\"<protected>\", :login=>\"login\"}>" == session.inspect
+  end
+  
+  def test_new_session
+    session = UserSession.new
+    assert session.new_session?
+    
+    set_session_for(users(:ben))
+    session = UserSession.find
+    assert !session.new_session?
+  end
+  
+  def test_remember_me
+    session = UserSession.new
+    assert_equal nil, session.remember_me
+    assert !session.remember_me?
+    
+    session.remember_me = false
+    assert_equal false, session.remember_me
+    assert !session.remember_me?
+    
+    session.remember_me = true
+    assert_equal true, session.remember_me
+    assert session.remember_me?
+    
+    session.remember_me = nil
+    assert_equal nil, session.remember_me
+    assert !session.remember_me?
+    
+    session.remember_me = "1"
+    assert_equal "1", session.remember_me
+    assert session.remember_me?
+    
+    session.remember_me = "true"
+    assert_equal "true", session.remember_me
+    assert session.remember_me?
+  end
+  
+  def test_remember_me_until
+    session = UserSession.new
+    assert_equal nil, session.remember_me_until
+    
+    session.remember_me = true
+    assert 3.months.from_now <= session.remember_me_until
+  end
+  
+  def test_save_with_nothing
+    session = UserSession.new
+    assert !session.save
+    assert session.new_session?
+  end
+  
+  def test_save_with_record
+    ben = users(:ben)
+    session = UserSession.new(ben.login, "benrocks")
+    assert session.save
+    assert !session.new_session?
+    assert_equal ben.remember_token, @controller.session["user_credentials"]
+    assert_equal ben.remember_token, @controller.cookies["user_credentials"]
+    assert_equal 1, session.record.login_count
+    assert Time.now >= session.record.current_login_at
+    assert_equal "1.1.1.1", session.record.current_login_ip
+    unset_cookie
+    unset_session
+  end
+  
+  def test_save_with_credentials
+    ben = users(:ben)
+    session = UserSession.new(ben)
+    assert session.save
+    assert !session.new_session?
+    assert_equal ben.remember_token, @controller.session["user_credentials"]
+    assert_equal ben.remember_token, @controller.cookies["user_credentials"]
+    assert_equal 1, session.record.login_count
+    assert Time.now >= session.record.current_login_at
+    assert_equal "1.1.1.1", session.record.current_login_ip
+  end
+  
+  def test_save_with_bang
+    session = UserSession.new
+    assert_raise(Authlogic::Session::SessionInvalid) { session.save! }
+    
+    session.unauthorized_record = users(:ben)
+    assert session.save!
+  end
+  
+  def test_unauthorized_record
+    session = UserSession.new
+    ben = users(:ben)
+    session.unauthorized_record = ben
+    assert_equal ben, session.unauthorized_record
+    assert_equal :unauthorized_record, session.login_with
+  end
+  
+  def test_valid
+    session = UserSession.new
+    assert !session.valid?
+    assert_equal nil, session.record
+    assert session.errors.count > 0
+    
+    ben = users(:ben)
+    session.unauthorized_record = ben
+    assert session.valid?
+    assert_equal ben, session.record
+    assert session.errors.empty?
+  end
+  
+  def test_valid_http_auth
+    ben = users(:ben)
+    session = UserSession.new
+    
+    http_basic_auth_for { assert !session.valid_http_auth? }
+    
+    http_basic_auth_for(ben) do
+      assert session.valid_http_auth?
+      assert_equal ben, session.record
+      assert_equal ben.remember_token, @controller.session["user_credentials"]
+      assert_equal ben.login, session.login
+      assert_equal ben.crypted_password, session.send(:protected_password)
+      assert !session.new_session?
+    end
+  end
+  
+  def test_valid_cookie
+    ben = users(:ben)
+    session = UserSession.new
+    
+    assert !session.valid_cookie?
+    
+    set_cookie_for(ben)
+    assert session.valid_cookie?
+    assert_equal ben, session.record
+    assert_equal ben.remember_token, @controller.session["user_credentials"]
+    assert_equal ben, session.unauthorized_record
+    assert !session.new_session?
+  end
+  
+  def test_valid_session
+    ben = users(:ben)
+    session = UserSession.new
+    
+    assert !session.valid_session?
+    
+    set_session_for(ben)
+    assert session.valid_session?
+    assert_equal ben, session.record
+    assert_equal ben.remember_token, @controller.session["user_credentials"]
+    assert_equal ben, session.unauthorized_record
+    assert !session.new_session?
+  end
+end