authlogic 1.0.0 → 1.1.0

data/lib/authlogic/session/session.rb

@@ -0,0 +1,33 @@
+module Authlogic
+  module Session
+    # = Session
+    #
+    # Handles all parts of authentication that deal with sessions. Such as persisting a session and saving / destroy a session.
+    module Session
+      def self.included(klass)
+        klass.after_save :update_session!
+        klass.after_destroy :update_session!
+        klass.after_find :update_session!
+      end
+      
+      # Tries to validate the session from information in the session
+      def valid_session?
+        if session_credentials
+          self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", session_credentials)
+          return valid?
+        end
+        
+        false
+      end
+      
+      private
+        def session_credentials
+          controller.session[session_key]
+        end
+        
+        def update_session!
+          controller.session[session_key] = record && record.send(remember_token_field)
+        end
+    end
+  end
+end

data/lib/authlogic/testing/shoulda_macros.rb

@@ -0,0 +1,17 @@
+require "test/unit"
+
+module Authlogic
+  module Testing
+    module ShouldaMacros
+      def should_be_authentic(model)
+        should "acts as authentic" do
+          assert model.respond_to?(:unique_token)
+          assert model.respond_to?(:forget_all!)
+          assert model.respond_to?(:crypto_provider)
+        end
+      end
+    end
+  end
+end
+
+Test::Unit::TestCase.extend Authlogic::Testing::ShouldaMacros

data/lib/authlogic/version.rb

@@ -43,7 +43,7 @@ module Authlogic # :nodoc:
     end
 
     MAJOR = 1
-    MINOR = 0
+    MINOR = 1
     TINY  = 0
 
     # The current version as a Version instance

data/test/fixtures/users.yml

@@ -3,7 +3,7 @@ ben:
   projects: web_services
   login: bjohnson
   password_salt: <%= salt = User.unique_token %>
-  crypted_password: <%= Authlogic::Sha512CryptoProvider.encrypt("benrocks" + salt) %>
+  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
   remember_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
   first_name: Ben
   last_name: Johnson
@@ -13,7 +13,7 @@ zack:
   projects: web_services
   login: zham
   password_salt: <%= salt = User.unique_token %>
-  crypted_password: <%= Authlogic::Sha512CryptoProvider.encrypt("zackrocks" + salt) %>
+  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
   remember_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
   first_name: Zack
   last_name: Ham

data/{test_libs → test/libs}/mock_controller.rb

@@ -1,6 +1,9 @@
 class MockController < Authlogic::ControllerAdapters::AbstractAdapter
   attr_accessor :http_user, :http_password
   
+  def initialize
+  end
+  
   def authenticate_with_http_basic(&block)
     yield http_user, http_password
   end
@@ -9,6 +12,10 @@ class MockController < Authlogic::ControllerAdapters::AbstractAdapter
     @cookies ||= MockCookieJar.new
   end
   
+  def params
+    @params ||= {}
+  end
+  
   def request
     @request ||= MockRequest.new
   end

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb

@@ -0,0 +1,217 @@
+require File.dirname(__FILE__) + '/../../test_helper.rb'
+
+module ORMAdaptersTests
+  module ActiveRecordAdapterTests
+    class ActsAsAuthenticTest < ActiveSupport::TestCase
+      def test_user_validations
+        user = User.new
+        assert !user.valid?
+        assert user.errors.on(:login)
+        assert user.errors.on(:password)
+    
+        user.login = "a"
+        assert !user.valid?
+        assert user.errors.on(:login)
+        assert user.errors.on(:password)
+    
+        user.login = "%ben*"
+        assert !user.valid?
+        assert user.errors.on(:login)
+        assert user.errors.on(:password)
+    
+        user.login = "bjohnson"
+        assert !user.valid?
+        assert user.errors.on(:login)
+        assert user.errors.on(:password)
+    
+        user.login = "my login"
+        assert !user.valid?
+        assert !user.errors.on(:login)
+        assert user.errors.on(:password)
+    
+        user.password = "my pass"
+        assert !user.valid?
+        assert !user.errors.on(:password)
+        assert user.errors.on(:confirm_password)
+    
+        user.confirm_password = "my pizass"
+        assert !user.valid?
+        assert !user.errors.on(:password)
+        assert user.errors.on(:confirm_password)
+    
+        user.confirm_password = "my pass"
+        assert user.valid?
+      end
+  
+      def test_employee_validations
+        employee = Employee.new
+        employee.password = "pass"
+        employee.confirm_password = "pass"
+    
+        assert !employee.valid?
+        assert employee.errors.on(:email)
+    
+        employee.email = "fdsf"
+        assert !employee.valid?
+        assert employee.errors.on(:email)
+    
+        employee.email = "fake@email.fake"
+        assert !employee.valid?
+        assert employee.errors.on(:email)
+    
+        employee.email = "notfake@email.com"
+        assert employee.valid?
+      end
+  
+      def test_named_scopes
+        assert_equal 0, User.logged_in.count
+        assert_equal User.count, User.logged_out.count
+        http_basic_auth_for(users(:ben)) { UserSession.find }
+        assert_equal 1, User.logged_in.count
+        assert_equal User.count - 1, User.logged_out.count
+      end
+  
+      def test_unique_token
+        assert_equal 128, User.unique_token.length
+        assert_equal 128, Employee.unique_token.length # make sure encryptions use hashes also
+    
+        unique_tokens = []
+        1000.times { unique_tokens << User.unique_token }
+        unique_tokens.uniq!
+    
+        assert_equal 1000, unique_tokens.size
+      end
+  
+      def test_crypto_provider
+        assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
+        assert_equal AES128CryptoProvider, Employee.crypto_provider
+      end
+  
+      def test_forget_all
+        http_basic_auth_for(users(:ben)) { UserSession.find }
+        http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
+        assert UserSession.find
+        assert UserSession.find(:ziggity_zack)
+        User.forget_all!
+        assert !UserSession.find
+        assert !UserSession.find(:ziggity_zack)
+      end
+  
+      def test_logged_in
+        ben = users(:ben)
+        assert !ben.logged_in?
+        http_basic_auth_for(ben) { UserSession.find }
+        assert ben.reload.logged_in?
+      end
+  
+      def test_password
+        user = User.new
+        user.password = "sillywilly"
+        assert user.crypted_password
+        assert user.password_salt
+        assert user.remember_token
+        assert_equal true, user.tried_to_set_password
+        assert_nil user.password
+    
+        employee = Employee.new
+        employee.password = "awesome"
+        assert employee.crypted_password
+        assert employee.remember_token
+        assert_equal true, employee.tried_to_set_password
+        assert_nil employee.password
+      end
+  
+      def test_valid_password
+        ben = users(:ben)
+        assert ben.valid_password?("benrocks")
+        assert ben.valid_password?(ben.crypted_password)
+    
+        drew = employees(:drew)
+        assert drew.valid_password?("drewrocks")
+        assert drew.valid_password?(drew.crypted_password)
+      end
+  
+      def test_forget
+        ben = users(:ben)
+        zack = users(:zack)
+        http_basic_auth_for(ben) { UserSession.find }
+        http_basic_auth_for(zack) { UserSession.find(:ziggity_zack) }
+    
+        assert ben.reload.logged_in?
+        assert zack.reload.logged_in?
+    
+        ben.forget!
+    
+        assert !UserSession.find
+        assert UserSession.find(:ziggity_zack)
+      end
+  
+      def test_reset_password
+        ben = users(:ben)
+        UserSession.create(ben)
+        old_password = ben.crypted_password
+        old_salt = ben.password_salt
+        old_remember_token = ben.remember_token
+        ben.reset_password!
+        ben.reload
+        assert_not_equal old_password, ben.crypted_password
+        assert_not_equal old_salt, ben.password_salt
+        assert_not_equal old_remember_token, ben.remember_token
+        assert !UserSession.find
+      end
+  
+      def test_login_after_create
+        assert User.create(:login => "awesome", :password => "saweet", :confirm_password => "saweet")
+        assert UserSession.find
+      end
+  
+      def test_update_session_after_password_modify
+        ben = users(:ben)
+        UserSession.create(ben)
+        old_session_key = @controller.session["user_credentials"]
+        old_cookie_key = @controller.cookies["user_credentials"]
+        ben.password = "newpass"
+        ben.confirm_password = "newpass"
+        ben.save
+        assert @controller.session["user_credentials"]
+        assert @controller.cookies["user_credentials"]
+        assert_not_equal @controller.session["user_credentials"], old_session_key
+        assert_not_equal @controller.cookies["user_credentials"], old_cookie_key
+      end
+  
+      def test_no_session_update_after_modify
+        ben = users(:ben)
+        UserSession.create(ben)
+        old_session_key = @controller.session["user_credentials"]
+        old_cookie_key = @controller.cookies["user_credentials"]
+        ben.first_name = "Ben"
+        ben.save
+        assert_equal @controller.session["user_credentials"], old_session_key
+        assert_equal @controller.cookies["user_credentials"], old_cookie_key
+      end
+  
+      def test_updating_other_user
+        ben = users(:ben)
+        UserSession.create(ben)
+        old_session_key = @controller.session["user_credentials"]
+        old_cookie_key = @controller.cookies["user_credentials"]
+        zack = users(:zack)
+        zack.password = "newpass"
+        zack.confirm_password = "newpass"
+        zack.save
+        assert_equal @controller.session["user_credentials"], old_session_key
+        assert_equal @controller.cookies["user_credentials"], old_cookie_key
+      end
+  
+      def test_resetting_password_when_logged_out
+        ben = users(:ben)
+        assert !UserSession.find
+        ben.password = "newpass"
+        ben.confirm_password = "newpass"
+        ben.save
+        assert UserSession.find
+        assert_equal ben, UserSession.find.record
+      end
+    end
+  end
+end

data/test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb

@@ -0,0 +1,32 @@
+require File.dirname(__FILE__) + '/../../test_helper.rb'
+
+module ORMAdaptersTests
+  module ActiveRecordAdapterTests
+    class AuthenticatesManyTest < ActiveSupport::TestCase
+      def test_authenticates_many_new
+        binary_logic = companies(:binary_logic)
+        user_session = binary_logic.user_sessions.new
+        assert_equal({:find_options => {:conditions => "\"users\".company_id = #{binary_logic.id}"}, :id => nil}, user_session.scope)
+    
+        employee_session = binary_logic.employee_sessions.new
+        assert_equal({:find_options => {:conditions => "\"employees\".company_id = #{binary_logic.id}"}, :id => nil}, employee_session.scope)
+      end
+  
+      def test_authenticates_many_create_and_find
+        binary_logic = companies(:binary_logic)
+        logic_over_data = companies(:logic_over_data)
+        ben = users(:ben)
+        zack = users(:zack)
+    
+        assert !binary_logic.user_sessions.find
+        assert !logic_over_data.user_sessions.find
+        assert logic_over_data.user_sessions.create(zack)
+        assert !binary_logic.user_sessions.find
+        assert logic_over_data.user_sessions.find
+        assert binary_logic.user_sessions.create(ben)
+        assert binary_logic.user_sessions.find
+        assert !logic_over_data.user_sessions.find
+      end
+    end
+  end
+end

data/test/session_tests/active_record_trickery_test.rb

@@ -0,0 +1,14 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTests
+  class ActiveRecordTrickeryTest < ActiveSupport::TestCase
+    def test_human_attribute_name
+      assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
+    end
+  
+    def test_new_record
+      session = UserSession.new
+      assert session.new_record?
+    end
+  end
+end

data/test/session_tests/authenticates_many_association_test.rb

@@ -0,0 +1,20 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTests
+  class AuthenticatesManyAssociationTest < ActiveSupport::TestCase
+    def test_initialize
+      assoc = Authlogic::Session::AuthenticatesManyAssociation.new(UserSession, {:conditions => ["1 = ?", 1]}, :some_id)
+      assert_equal UserSession, assoc.klass
+      assert_equal({:conditions => ["1 = ?", 1]}, assoc.find_options)
+      assert_equal :some_id, assoc.id
+    end
+    
+    def test_new
+      ben = users(:ben)
+      assoc = Authlogic::Session::AuthenticatesManyAssociation.new(UserSession, {:conditions => ["1 = ?", 1]}, :some_id)
+      session = assoc.new(ben)
+      assert_equal ben, session.unauthorized_record
+      assert_equal({:find_options => {:conditions => ["1 = ?", 1]}, :id => :some_id}, session.scope)
+    end
+  end
+end

data/test/session_tests/base_test.rb

@@ -0,0 +1,264 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTests
+  class BaseTest < ActiveSupport::TestCase
+    def test_activated
+      assert UserSession.activated?
+      Authlogic::Session::Base.reset_controllers!
+      assert !UserSession.activated?
+    end
+    
+    def test_controllers
+      Authlogic::Session::Base.reset_controllers!
+      assert_equal 0, Authlogic::Session::Base.send(:controllers).size 
+      thread1 = Thread.new do
+        controller = MockController.new
+        Authlogic::Session::Base.controller = controller
+        assert_equal controller, Authlogic::Session::Base.controller
+      end
+      thread1.join
+      assert_equal 1, Authlogic::Session::Base.send(:controllers).size
+      assert_nil Authlogic::Session::Base.controller
+      thread2 = Thread.new do
+        controller = MockController.new
+        Authlogic::Session::Base.controller = controller
+        assert_equal controller, Authlogic::Session::Base.controller
+      end
+      thread2.join
+      assert_equal 2, Authlogic::Session::Base.send(:controllers).size
+      assert_nil Authlogic::Session::Base.controller
+    end
+    
+    def test_create
+      ben = users(:ben)
+      assert !UserSession.create(:login => ben.login, :password => "badpw")
+      assert UserSession.create(:login => ben.login, :password => "benrocks")
+      assert_raise(Authlogic::Session::SessionInvalid) { UserSession.create!(:login => ben.login, :password => "badpw") }
+      assert UserSession.create!(:login => ben.login, :password => "benrocks")
+    end
+    
+    def test_find
+      ben = users(:ben)
+      assert !UserSession.find
+      http_basic_auth_for(ben) { assert UserSession.find }
+      set_cookie_for(ben)
+      assert UserSession.find
+      unset_cookie
+      set_session_for(ben)
+      session = UserSession.find
+      assert session
+      assert !session.record.last_request_at.nil?
+    end
+    
+    def test_klass
+      assert_equal User, UserSession.klass
+    end
+    
+    def test_klass_name
+      assert_equal "User", UserSession.klass_name
+    end
+    
+    def test_record_method
+      ben = users(:ben)
+      set_session_for(ben)
+      session = UserSession.find
+      assert_equal ben, session.record
+      assert_equal ben, session.user
+    end
+    
+    def test_init
+      UserSession.reset_controllers!
+      assert_raise(Authlogic::Session::NotActivated) { UserSession.new }
+      UserSession.controller = @controller
+      
+      session = UserSession.new
+      assert session.respond_to?(:login)
+      assert session.respond_to?(:login=)
+      assert session.respond_to?(:password)
+      assert session.respond_to?(:password=)
+      assert session.respond_to?(:protected_password, true)
+      
+      
+      session = UserSession.new(:my_id)
+      assert_equal :my_id, session.id
+      
+      session = UserSession.new({:login => "login", :password => "pass", :remember_me => true}, :my_id)
+      assert_equal "login", session.login
+      assert_nil session.password
+      assert_equal "pass", session.send(:protected_password)
+      assert_equal true, session.remember_me
+      assert_equal :my_id, session.id
+      
+      session = UserSession.new(users(:ben), true, :my_id)
+      assert_nil session.login
+      assert_nil session.password
+      assert_nil session.send(:protected_password)
+      assert session.remember_me
+      assert_equal :my_id, session.id
+      assert_equal users(:ben), session.unauthorized_record
+    end
+    
+    def test_credentials
+      session = UserSession.new
+      session.credentials = {:login => "login", :password => "pass", :remember_me => true}
+      assert_equal "login", session.login
+      assert_nil session.password
+      assert_equal "pass", session.send(:protected_password)
+      assert_equal true, session.remember_me
+      assert_equal({:password => "<Protected>", :login => "login"}, session.credentials)
+    end
+  
+    def test_destroy
+      ben = users(:ben)
+      session = UserSession.new
+      assert !session.valid?
+      assert !session.errors.empty?
+      assert session.destroy
+      assert session.errors.empty?
+      session.unauthorized_record = ben
+      assert session.save
+      assert session.record
+      assert session.destroy
+      assert !session.record
+    end
+    
+    def test_errors
+      session = UserSession.new
+      assert session.errors.is_a?(Authlogic::Session::Errors)
+    end
+    
+    def test_find_record
+      # tested thoroughly in test_find
+    end
+    
+    def test_id
+      ben = users(:ben)
+      session = UserSession.new(ben, :my_id)
+      assert_equal :my_id, session.id
+      assert_equal "my_id_user_credentials", session.cookie_key
+      assert_equal "my_id_user_credentials", session.session_key
+    end
+    
+    def test_inspect
+      session = UserSession.new
+      assert_equal "#<UserSession {:login=>nil, :password=>\"<protected>\"}>", session.inspect
+      session.login = "login"
+      session.password = "pass"
+      assert "#<UserSession {:login=>\"login\", :password=>\"<protected>\"}>" == session.inspect || "#<UserSession {:password=>\"<protected>\", :login=>\"login\"}>" == session.inspect
+    end
+    
+    def test_new_session
+      session = UserSession.new
+      assert session.new_session?
+      
+      set_session_for(users(:ben))
+      session = UserSession.find
+      assert !session.new_session?
+    end
+    
+    def test_remember_me
+      session = UserSession.new
+      assert_nil session.remember_me
+      assert !session.remember_me?
+      
+      session.remember_me = false
+      assert_equal false, session.remember_me
+      assert !session.remember_me?
+      
+      session.remember_me = true
+      assert_equal true, session.remember_me
+      assert session.remember_me?
+      
+      session.remember_me = nil
+      assert_nil session.remember_me
+      assert !session.remember_me?
+      
+      session.remember_me = "1"
+      assert_equal "1", session.remember_me
+      assert session.remember_me?
+      
+      session.remember_me = "true"
+      assert_equal "true", session.remember_me
+      assert session.remember_me?
+    end
+    
+    def test_remember_me_until
+      session = UserSession.new
+      assert_nil session.remember_me_until
+      
+      session.remember_me = true
+      assert 3.months.from_now <= session.remember_me_until
+    end
+    
+    def test_save_with_nothing
+      session = UserSession.new
+      assert !session.save
+      assert session.new_session?
+    end
+    
+    def test_save_with_record
+      ben = users(:ben)
+      session = UserSession.new(:login => ben.login, :password => "benrocks")
+      assert session.save
+      assert !session.new_session?
+      assert_equal 1, session.record.login_count
+      assert Time.now >= session.record.current_login_at
+      assert_equal "1.1.1.1", session.record.current_login_ip
+      unset_cookie
+      unset_session
+    end
+    
+    def test_save_with_credentials
+      ben = users(:ben)
+      session = UserSession.new(ben)
+      assert session.save
+      assert !session.new_session?
+      assert_equal 1, session.record.login_count
+      assert Time.now >= session.record.current_login_at
+      assert_equal "1.1.1.1", session.record.current_login_ip
+    end
+    
+    def test_save_with_bang
+      session = UserSession.new
+      assert_raise(Authlogic::Session::SessionInvalid) { session.save! }
+      
+      session.unauthorized_record = users(:ben)
+      assert session.save!
+    end
+    
+    def test_unauthorized_record
+      session = UserSession.new
+      ben = users(:ben)
+      session.unauthorized_record = ben
+      assert_equal ben, session.unauthorized_record
+      assert_equal :unauthorized_record, session.authenticating_with
+    end
+    
+    def test_valid
+      session = UserSession.new
+      assert !session.valid?
+      assert_nil session.record
+      assert session.errors.count > 0
+      
+      ben = users(:ben)
+      session.unauthorized_record = ben
+      assert session.valid?
+      assert_equal ben, session.record
+      assert session.errors.empty?
+    end
+    
+    def test_valid_http_auth
+      ben = users(:ben)
+      session = UserSession.new
+      
+      http_basic_auth_for { assert !session.valid_http_auth? }
+      
+      http_basic_auth_for(ben) do
+        assert session.valid_http_auth?
+        assert_equal ben, session.record
+        assert_equal ben.login, session.login
+        assert_equal ben.crypted_password, session.send(:protected_password)
+      end
+    end
+  end
+end