authlogic 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of authlogic might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +19 -0
- data/Manifest +29 -15
- data/README.rdoc +17 -15
- data/Rakefile +1 -1
- data/authlogic.gemspec +7 -7
- data/lib/authlogic.rb +21 -4
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +19 -4
- data/lib/authlogic/controller_adapters/merb_adapter.rb +0 -27
- data/lib/authlogic/controller_adapters/rails_adapter.rb +0 -14
- data/lib/authlogic/crypto_providers/sha1.rb +24 -0
- data/lib/authlogic/crypto_providers/sha512.rb +30 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb +89 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb +144 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb +41 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb +62 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb +83 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb +58 -0
- data/lib/authlogic/{active_record/scoped_session.rb → session/authenticates_many_association.rb} +12 -3
- data/lib/authlogic/session/base.rb +63 -93
- data/lib/authlogic/session/callbacks.rb +15 -3
- data/lib/authlogic/session/config.rb +130 -26
- data/lib/authlogic/session/cookies.rb +39 -0
- data/lib/authlogic/session/openid.rb +106 -0
- data/lib/authlogic/session/params.rb +28 -0
- data/lib/authlogic/session/session.rb +33 -0
- data/lib/authlogic/testing/shoulda_macros.rb +17 -0
- data/lib/authlogic/version.rb +1 -1
- data/test/fixtures/users.yml +2 -2
- data/{test_libs → test/libs}/aes128_crypto_provider.rb +0 -0
- data/{test_libs → test/libs}/mock_controller.rb +7 -0
- data/{test_libs → test/libs}/mock_cookie_jar.rb +0 -0
- data/{test_libs → test/libs}/mock_request.rb +0 -0
- data/{test_libs → test/libs}/ordered_hash.rb +0 -0
- data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb +217 -0
- data/test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb +32 -0
- data/test/session_tests/active_record_trickery_test.rb +14 -0
- data/test/session_tests/authenticates_many_association_test.rb +20 -0
- data/test/session_tests/base_test.rb +264 -0
- data/test/session_tests/config_test.rb +165 -0
- data/test/session_tests/cookies_test.rb +32 -0
- data/test/session_tests/params_test.rb +16 -0
- data/test/session_tests/scopes_test.rb +60 -0
- data/test/session_tests/session_test.rb +45 -0
- data/test/test_helper.rb +14 -5
- metadata +57 -29
- data/lib/authlogic/active_record/acts_as_authentic.rb +0 -297
- data/lib/authlogic/active_record/authenticates_many.rb +0 -56
- data/lib/authlogic/sha512_crypto_provider.rb +0 -18
- data/test/active_record_acts_as_authentic_test.rb +0 -213
- data/test/active_record_authenticates_many_test.rb +0 -28
- data/test/user_session_active_record_trickery_test.rb +0 -12
- data/test/user_session_base_test.rb +0 -316
- data/test/user_session_config_test.rb +0 -144
- data/test/user_session_scopes_test.rb +0 -19
@@ -0,0 +1,33 @@
|
|
1
|
+
module Authlogic
|
2
|
+
module Session
|
3
|
+
# = Session
|
4
|
+
#
|
5
|
+
# Handles all parts of authentication that deal with sessions. Such as persisting a session and saving / destroy a session.
|
6
|
+
module Session
|
7
|
+
def self.included(klass)
|
8
|
+
klass.after_save :update_session!
|
9
|
+
klass.after_destroy :update_session!
|
10
|
+
klass.after_find :update_session!
|
11
|
+
end
|
12
|
+
|
13
|
+
# Tries to validate the session from information in the session
|
14
|
+
def valid_session?
|
15
|
+
if session_credentials
|
16
|
+
self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", session_credentials)
|
17
|
+
return valid?
|
18
|
+
end
|
19
|
+
|
20
|
+
false
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
def session_credentials
|
25
|
+
controller.session[session_key]
|
26
|
+
end
|
27
|
+
|
28
|
+
def update_session!
|
29
|
+
controller.session[session_key] = record && record.send(remember_token_field)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require "test/unit"
|
2
|
+
|
3
|
+
module Authlogic
|
4
|
+
module Testing
|
5
|
+
module ShouldaMacros
|
6
|
+
def should_be_authentic(model)
|
7
|
+
should "acts as authentic" do
|
8
|
+
assert model.respond_to?(:unique_token)
|
9
|
+
assert model.respond_to?(:forget_all!)
|
10
|
+
assert model.respond_to?(:crypto_provider)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
Test::Unit::TestCase.extend Authlogic::Testing::ShouldaMacros
|
data/lib/authlogic/version.rb
CHANGED
data/test/fixtures/users.yml
CHANGED
@@ -3,7 +3,7 @@ ben:
|
|
3
3
|
projects: web_services
|
4
4
|
login: bjohnson
|
5
5
|
password_salt: <%= salt = User.unique_token %>
|
6
|
-
crypted_password: <%= Authlogic::
|
6
|
+
crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
|
7
7
|
remember_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
|
8
8
|
first_name: Ben
|
9
9
|
last_name: Johnson
|
@@ -13,7 +13,7 @@ zack:
|
|
13
13
|
projects: web_services
|
14
14
|
login: zham
|
15
15
|
password_salt: <%= salt = User.unique_token %>
|
16
|
-
crypted_password: <%= Authlogic::
|
16
|
+
crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
|
17
17
|
remember_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
|
18
18
|
first_name: Zack
|
19
19
|
last_name: Ham
|
File without changes
|
@@ -1,6 +1,9 @@
|
|
1
1
|
class MockController < Authlogic::ControllerAdapters::AbstractAdapter
|
2
2
|
attr_accessor :http_user, :http_password
|
3
3
|
|
4
|
+
def initialize
|
5
|
+
end
|
6
|
+
|
4
7
|
def authenticate_with_http_basic(&block)
|
5
8
|
yield http_user, http_password
|
6
9
|
end
|
@@ -9,6 +12,10 @@ class MockController < Authlogic::ControllerAdapters::AbstractAdapter
|
|
9
12
|
@cookies ||= MockCookieJar.new
|
10
13
|
end
|
11
14
|
|
15
|
+
def params
|
16
|
+
@params ||= {}
|
17
|
+
end
|
18
|
+
|
12
19
|
def request
|
13
20
|
@request ||= MockRequest.new
|
14
21
|
end
|
File without changes
|
File without changes
|
File without changes
|
@@ -0,0 +1,217 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../../test_helper.rb'
|
2
|
+
|
3
|
+
module ORMAdaptersTests
|
4
|
+
module ActiveRecordAdapterTests
|
5
|
+
class ActsAsAuthenticTest < ActiveSupport::TestCase
|
6
|
+
def test_user_validations
|
7
|
+
user = User.new
|
8
|
+
assert !user.valid?
|
9
|
+
assert user.errors.on(:login)
|
10
|
+
assert user.errors.on(:password)
|
11
|
+
|
12
|
+
user.login = "a"
|
13
|
+
assert !user.valid?
|
14
|
+
assert user.errors.on(:login)
|
15
|
+
assert user.errors.on(:password)
|
16
|
+
|
17
|
+
user.login = "%ben*"
|
18
|
+
assert !user.valid?
|
19
|
+
assert user.errors.on(:login)
|
20
|
+
assert user.errors.on(:password)
|
21
|
+
|
22
|
+
user.login = "bjohnson"
|
23
|
+
assert !user.valid?
|
24
|
+
assert user.errors.on(:login)
|
25
|
+
assert user.errors.on(:password)
|
26
|
+
|
27
|
+
user.login = "my login"
|
28
|
+
assert !user.valid?
|
29
|
+
assert !user.errors.on(:login)
|
30
|
+
assert user.errors.on(:password)
|
31
|
+
|
32
|
+
user.password = "my pass"
|
33
|
+
assert !user.valid?
|
34
|
+
assert !user.errors.on(:password)
|
35
|
+
assert user.errors.on(:confirm_password)
|
36
|
+
|
37
|
+
user.confirm_password = "my pizass"
|
38
|
+
assert !user.valid?
|
39
|
+
assert !user.errors.on(:password)
|
40
|
+
assert user.errors.on(:confirm_password)
|
41
|
+
|
42
|
+
user.confirm_password = "my pass"
|
43
|
+
assert user.valid?
|
44
|
+
end
|
45
|
+
|
46
|
+
def test_employee_validations
|
47
|
+
employee = Employee.new
|
48
|
+
employee.password = "pass"
|
49
|
+
employee.confirm_password = "pass"
|
50
|
+
|
51
|
+
assert !employee.valid?
|
52
|
+
assert employee.errors.on(:email)
|
53
|
+
|
54
|
+
employee.email = "fdsf"
|
55
|
+
assert !employee.valid?
|
56
|
+
assert employee.errors.on(:email)
|
57
|
+
|
58
|
+
employee.email = "fake@email.fake"
|
59
|
+
assert !employee.valid?
|
60
|
+
assert employee.errors.on(:email)
|
61
|
+
|
62
|
+
employee.email = "notfake@email.com"
|
63
|
+
assert employee.valid?
|
64
|
+
end
|
65
|
+
|
66
|
+
def test_named_scopes
|
67
|
+
assert_equal 0, User.logged_in.count
|
68
|
+
assert_equal User.count, User.logged_out.count
|
69
|
+
http_basic_auth_for(users(:ben)) { UserSession.find }
|
70
|
+
assert_equal 1, User.logged_in.count
|
71
|
+
assert_equal User.count - 1, User.logged_out.count
|
72
|
+
end
|
73
|
+
|
74
|
+
def test_unique_token
|
75
|
+
assert_equal 128, User.unique_token.length
|
76
|
+
assert_equal 128, Employee.unique_token.length # make sure encryptions use hashes also
|
77
|
+
|
78
|
+
unique_tokens = []
|
79
|
+
1000.times { unique_tokens << User.unique_token }
|
80
|
+
unique_tokens.uniq!
|
81
|
+
|
82
|
+
assert_equal 1000, unique_tokens.size
|
83
|
+
end
|
84
|
+
|
85
|
+
def test_crypto_provider
|
86
|
+
assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
|
87
|
+
assert_equal AES128CryptoProvider, Employee.crypto_provider
|
88
|
+
end
|
89
|
+
|
90
|
+
def test_forget_all
|
91
|
+
http_basic_auth_for(users(:ben)) { UserSession.find }
|
92
|
+
http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
|
93
|
+
assert UserSession.find
|
94
|
+
assert UserSession.find(:ziggity_zack)
|
95
|
+
User.forget_all!
|
96
|
+
assert !UserSession.find
|
97
|
+
assert !UserSession.find(:ziggity_zack)
|
98
|
+
end
|
99
|
+
|
100
|
+
def test_logged_in
|
101
|
+
ben = users(:ben)
|
102
|
+
assert !ben.logged_in?
|
103
|
+
http_basic_auth_for(ben) { UserSession.find }
|
104
|
+
assert ben.reload.logged_in?
|
105
|
+
end
|
106
|
+
|
107
|
+
def test_password
|
108
|
+
user = User.new
|
109
|
+
user.password = "sillywilly"
|
110
|
+
assert user.crypted_password
|
111
|
+
assert user.password_salt
|
112
|
+
assert user.remember_token
|
113
|
+
assert_equal true, user.tried_to_set_password
|
114
|
+
assert_nil user.password
|
115
|
+
|
116
|
+
employee = Employee.new
|
117
|
+
employee.password = "awesome"
|
118
|
+
assert employee.crypted_password
|
119
|
+
assert employee.remember_token
|
120
|
+
assert_equal true, employee.tried_to_set_password
|
121
|
+
assert_nil employee.password
|
122
|
+
end
|
123
|
+
|
124
|
+
def test_valid_password
|
125
|
+
ben = users(:ben)
|
126
|
+
assert ben.valid_password?("benrocks")
|
127
|
+
assert ben.valid_password?(ben.crypted_password)
|
128
|
+
|
129
|
+
drew = employees(:drew)
|
130
|
+
assert drew.valid_password?("drewrocks")
|
131
|
+
assert drew.valid_password?(drew.crypted_password)
|
132
|
+
end
|
133
|
+
|
134
|
+
def test_forget
|
135
|
+
ben = users(:ben)
|
136
|
+
zack = users(:zack)
|
137
|
+
http_basic_auth_for(ben) { UserSession.find }
|
138
|
+
http_basic_auth_for(zack) { UserSession.find(:ziggity_zack) }
|
139
|
+
|
140
|
+
assert ben.reload.logged_in?
|
141
|
+
assert zack.reload.logged_in?
|
142
|
+
|
143
|
+
ben.forget!
|
144
|
+
|
145
|
+
assert !UserSession.find
|
146
|
+
assert UserSession.find(:ziggity_zack)
|
147
|
+
end
|
148
|
+
|
149
|
+
def test_reset_password
|
150
|
+
ben = users(:ben)
|
151
|
+
UserSession.create(ben)
|
152
|
+
old_password = ben.crypted_password
|
153
|
+
old_salt = ben.password_salt
|
154
|
+
old_remember_token = ben.remember_token
|
155
|
+
ben.reset_password!
|
156
|
+
ben.reload
|
157
|
+
assert_not_equal old_password, ben.crypted_password
|
158
|
+
assert_not_equal old_salt, ben.password_salt
|
159
|
+
assert_not_equal old_remember_token, ben.remember_token
|
160
|
+
assert !UserSession.find
|
161
|
+
end
|
162
|
+
|
163
|
+
def test_login_after_create
|
164
|
+
assert User.create(:login => "awesome", :password => "saweet", :confirm_password => "saweet")
|
165
|
+
assert UserSession.find
|
166
|
+
end
|
167
|
+
|
168
|
+
def test_update_session_after_password_modify
|
169
|
+
ben = users(:ben)
|
170
|
+
UserSession.create(ben)
|
171
|
+
old_session_key = @controller.session["user_credentials"]
|
172
|
+
old_cookie_key = @controller.cookies["user_credentials"]
|
173
|
+
ben.password = "newpass"
|
174
|
+
ben.confirm_password = "newpass"
|
175
|
+
ben.save
|
176
|
+
assert @controller.session["user_credentials"]
|
177
|
+
assert @controller.cookies["user_credentials"]
|
178
|
+
assert_not_equal @controller.session["user_credentials"], old_session_key
|
179
|
+
assert_not_equal @controller.cookies["user_credentials"], old_cookie_key
|
180
|
+
end
|
181
|
+
|
182
|
+
def test_no_session_update_after_modify
|
183
|
+
ben = users(:ben)
|
184
|
+
UserSession.create(ben)
|
185
|
+
old_session_key = @controller.session["user_credentials"]
|
186
|
+
old_cookie_key = @controller.cookies["user_credentials"]
|
187
|
+
ben.first_name = "Ben"
|
188
|
+
ben.save
|
189
|
+
assert_equal @controller.session["user_credentials"], old_session_key
|
190
|
+
assert_equal @controller.cookies["user_credentials"], old_cookie_key
|
191
|
+
end
|
192
|
+
|
193
|
+
def test_updating_other_user
|
194
|
+
ben = users(:ben)
|
195
|
+
UserSession.create(ben)
|
196
|
+
old_session_key = @controller.session["user_credentials"]
|
197
|
+
old_cookie_key = @controller.cookies["user_credentials"]
|
198
|
+
zack = users(:zack)
|
199
|
+
zack.password = "newpass"
|
200
|
+
zack.confirm_password = "newpass"
|
201
|
+
zack.save
|
202
|
+
assert_equal @controller.session["user_credentials"], old_session_key
|
203
|
+
assert_equal @controller.cookies["user_credentials"], old_cookie_key
|
204
|
+
end
|
205
|
+
|
206
|
+
def test_resetting_password_when_logged_out
|
207
|
+
ben = users(:ben)
|
208
|
+
assert !UserSession.find
|
209
|
+
ben.password = "newpass"
|
210
|
+
ben.confirm_password = "newpass"
|
211
|
+
ben.save
|
212
|
+
assert UserSession.find
|
213
|
+
assert_equal ben, UserSession.find.record
|
214
|
+
end
|
215
|
+
end
|
216
|
+
end
|
217
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../../test_helper.rb'
|
2
|
+
|
3
|
+
module ORMAdaptersTests
|
4
|
+
module ActiveRecordAdapterTests
|
5
|
+
class AuthenticatesManyTest < ActiveSupport::TestCase
|
6
|
+
def test_authenticates_many_new
|
7
|
+
binary_logic = companies(:binary_logic)
|
8
|
+
user_session = binary_logic.user_sessions.new
|
9
|
+
assert_equal({:find_options => {:conditions => "\"users\".company_id = #{binary_logic.id}"}, :id => nil}, user_session.scope)
|
10
|
+
|
11
|
+
employee_session = binary_logic.employee_sessions.new
|
12
|
+
assert_equal({:find_options => {:conditions => "\"employees\".company_id = #{binary_logic.id}"}, :id => nil}, employee_session.scope)
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_authenticates_many_create_and_find
|
16
|
+
binary_logic = companies(:binary_logic)
|
17
|
+
logic_over_data = companies(:logic_over_data)
|
18
|
+
ben = users(:ben)
|
19
|
+
zack = users(:zack)
|
20
|
+
|
21
|
+
assert !binary_logic.user_sessions.find
|
22
|
+
assert !logic_over_data.user_sessions.find
|
23
|
+
assert logic_over_data.user_sessions.create(zack)
|
24
|
+
assert !binary_logic.user_sessions.find
|
25
|
+
assert logic_over_data.user_sessions.find
|
26
|
+
assert binary_logic.user_sessions.create(ben)
|
27
|
+
assert binary_logic.user_sessions.find
|
28
|
+
assert !logic_over_data.user_sessions.find
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../test_helper.rb'
|
2
|
+
|
3
|
+
module SessionTests
|
4
|
+
class ActiveRecordTrickeryTest < ActiveSupport::TestCase
|
5
|
+
def test_human_attribute_name
|
6
|
+
assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
|
7
|
+
end
|
8
|
+
|
9
|
+
def test_new_record
|
10
|
+
session = UserSession.new
|
11
|
+
assert session.new_record?
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../test_helper.rb'
|
2
|
+
|
3
|
+
module SessionTests
|
4
|
+
class AuthenticatesManyAssociationTest < ActiveSupport::TestCase
|
5
|
+
def test_initialize
|
6
|
+
assoc = Authlogic::Session::AuthenticatesManyAssociation.new(UserSession, {:conditions => ["1 = ?", 1]}, :some_id)
|
7
|
+
assert_equal UserSession, assoc.klass
|
8
|
+
assert_equal({:conditions => ["1 = ?", 1]}, assoc.find_options)
|
9
|
+
assert_equal :some_id, assoc.id
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_new
|
13
|
+
ben = users(:ben)
|
14
|
+
assoc = Authlogic::Session::AuthenticatesManyAssociation.new(UserSession, {:conditions => ["1 = ?", 1]}, :some_id)
|
15
|
+
session = assoc.new(ben)
|
16
|
+
assert_equal ben, session.unauthorized_record
|
17
|
+
assert_equal({:find_options => {:conditions => ["1 = ?", 1]}, :id => :some_id}, session.scope)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,264 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../test_helper.rb'
|
2
|
+
|
3
|
+
module SessionTests
|
4
|
+
class BaseTest < ActiveSupport::TestCase
|
5
|
+
def test_activated
|
6
|
+
assert UserSession.activated?
|
7
|
+
Authlogic::Session::Base.reset_controllers!
|
8
|
+
assert !UserSession.activated?
|
9
|
+
end
|
10
|
+
|
11
|
+
def test_controllers
|
12
|
+
Authlogic::Session::Base.reset_controllers!
|
13
|
+
assert_equal 0, Authlogic::Session::Base.send(:controllers).size
|
14
|
+
thread1 = Thread.new do
|
15
|
+
controller = MockController.new
|
16
|
+
Authlogic::Session::Base.controller = controller
|
17
|
+
assert_equal controller, Authlogic::Session::Base.controller
|
18
|
+
end
|
19
|
+
thread1.join
|
20
|
+
assert_equal 1, Authlogic::Session::Base.send(:controllers).size
|
21
|
+
assert_nil Authlogic::Session::Base.controller
|
22
|
+
thread2 = Thread.new do
|
23
|
+
controller = MockController.new
|
24
|
+
Authlogic::Session::Base.controller = controller
|
25
|
+
assert_equal controller, Authlogic::Session::Base.controller
|
26
|
+
end
|
27
|
+
thread2.join
|
28
|
+
assert_equal 2, Authlogic::Session::Base.send(:controllers).size
|
29
|
+
assert_nil Authlogic::Session::Base.controller
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_create
|
33
|
+
ben = users(:ben)
|
34
|
+
assert !UserSession.create(:login => ben.login, :password => "badpw")
|
35
|
+
assert UserSession.create(:login => ben.login, :password => "benrocks")
|
36
|
+
assert_raise(Authlogic::Session::SessionInvalid) { UserSession.create!(:login => ben.login, :password => "badpw") }
|
37
|
+
assert UserSession.create!(:login => ben.login, :password => "benrocks")
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_find
|
41
|
+
ben = users(:ben)
|
42
|
+
assert !UserSession.find
|
43
|
+
http_basic_auth_for(ben) { assert UserSession.find }
|
44
|
+
set_cookie_for(ben)
|
45
|
+
assert UserSession.find
|
46
|
+
unset_cookie
|
47
|
+
set_session_for(ben)
|
48
|
+
session = UserSession.find
|
49
|
+
assert session
|
50
|
+
assert !session.record.last_request_at.nil?
|
51
|
+
end
|
52
|
+
|
53
|
+
def test_klass
|
54
|
+
assert_equal User, UserSession.klass
|
55
|
+
end
|
56
|
+
|
57
|
+
def test_klass_name
|
58
|
+
assert_equal "User", UserSession.klass_name
|
59
|
+
end
|
60
|
+
|
61
|
+
def test_record_method
|
62
|
+
ben = users(:ben)
|
63
|
+
set_session_for(ben)
|
64
|
+
session = UserSession.find
|
65
|
+
assert_equal ben, session.record
|
66
|
+
assert_equal ben, session.user
|
67
|
+
end
|
68
|
+
|
69
|
+
def test_init
|
70
|
+
UserSession.reset_controllers!
|
71
|
+
assert_raise(Authlogic::Session::NotActivated) { UserSession.new }
|
72
|
+
UserSession.controller = @controller
|
73
|
+
|
74
|
+
session = UserSession.new
|
75
|
+
assert session.respond_to?(:login)
|
76
|
+
assert session.respond_to?(:login=)
|
77
|
+
assert session.respond_to?(:password)
|
78
|
+
assert session.respond_to?(:password=)
|
79
|
+
assert session.respond_to?(:protected_password, true)
|
80
|
+
|
81
|
+
|
82
|
+
session = UserSession.new(:my_id)
|
83
|
+
assert_equal :my_id, session.id
|
84
|
+
|
85
|
+
session = UserSession.new({:login => "login", :password => "pass", :remember_me => true}, :my_id)
|
86
|
+
assert_equal "login", session.login
|
87
|
+
assert_nil session.password
|
88
|
+
assert_equal "pass", session.send(:protected_password)
|
89
|
+
assert_equal true, session.remember_me
|
90
|
+
assert_equal :my_id, session.id
|
91
|
+
|
92
|
+
session = UserSession.new(users(:ben), true, :my_id)
|
93
|
+
assert_nil session.login
|
94
|
+
assert_nil session.password
|
95
|
+
assert_nil session.send(:protected_password)
|
96
|
+
assert session.remember_me
|
97
|
+
assert_equal :my_id, session.id
|
98
|
+
assert_equal users(:ben), session.unauthorized_record
|
99
|
+
end
|
100
|
+
|
101
|
+
def test_credentials
|
102
|
+
session = UserSession.new
|
103
|
+
session.credentials = {:login => "login", :password => "pass", :remember_me => true}
|
104
|
+
assert_equal "login", session.login
|
105
|
+
assert_nil session.password
|
106
|
+
assert_equal "pass", session.send(:protected_password)
|
107
|
+
assert_equal true, session.remember_me
|
108
|
+
assert_equal({:password => "<Protected>", :login => "login"}, session.credentials)
|
109
|
+
end
|
110
|
+
|
111
|
+
def test_destroy
|
112
|
+
ben = users(:ben)
|
113
|
+
session = UserSession.new
|
114
|
+
assert !session.valid?
|
115
|
+
assert !session.errors.empty?
|
116
|
+
assert session.destroy
|
117
|
+
assert session.errors.empty?
|
118
|
+
session.unauthorized_record = ben
|
119
|
+
assert session.save
|
120
|
+
assert session.record
|
121
|
+
assert session.destroy
|
122
|
+
assert !session.record
|
123
|
+
end
|
124
|
+
|
125
|
+
def test_errors
|
126
|
+
session = UserSession.new
|
127
|
+
assert session.errors.is_a?(Authlogic::Session::Errors)
|
128
|
+
end
|
129
|
+
|
130
|
+
def test_find_record
|
131
|
+
# tested thoroughly in test_find
|
132
|
+
end
|
133
|
+
|
134
|
+
def test_id
|
135
|
+
ben = users(:ben)
|
136
|
+
session = UserSession.new(ben, :my_id)
|
137
|
+
assert_equal :my_id, session.id
|
138
|
+
assert_equal "my_id_user_credentials", session.cookie_key
|
139
|
+
assert_equal "my_id_user_credentials", session.session_key
|
140
|
+
end
|
141
|
+
|
142
|
+
def test_inspect
|
143
|
+
session = UserSession.new
|
144
|
+
assert_equal "#<UserSession {:login=>nil, :password=>\"<protected>\"}>", session.inspect
|
145
|
+
session.login = "login"
|
146
|
+
session.password = "pass"
|
147
|
+
assert "#<UserSession {:login=>\"login\", :password=>\"<protected>\"}>" == session.inspect || "#<UserSession {:password=>\"<protected>\", :login=>\"login\"}>" == session.inspect
|
148
|
+
end
|
149
|
+
|
150
|
+
def test_new_session
|
151
|
+
session = UserSession.new
|
152
|
+
assert session.new_session?
|
153
|
+
|
154
|
+
set_session_for(users(:ben))
|
155
|
+
session = UserSession.find
|
156
|
+
assert !session.new_session?
|
157
|
+
end
|
158
|
+
|
159
|
+
def test_remember_me
|
160
|
+
session = UserSession.new
|
161
|
+
assert_nil session.remember_me
|
162
|
+
assert !session.remember_me?
|
163
|
+
|
164
|
+
session.remember_me = false
|
165
|
+
assert_equal false, session.remember_me
|
166
|
+
assert !session.remember_me?
|
167
|
+
|
168
|
+
session.remember_me = true
|
169
|
+
assert_equal true, session.remember_me
|
170
|
+
assert session.remember_me?
|
171
|
+
|
172
|
+
session.remember_me = nil
|
173
|
+
assert_nil session.remember_me
|
174
|
+
assert !session.remember_me?
|
175
|
+
|
176
|
+
session.remember_me = "1"
|
177
|
+
assert_equal "1", session.remember_me
|
178
|
+
assert session.remember_me?
|
179
|
+
|
180
|
+
session.remember_me = "true"
|
181
|
+
assert_equal "true", session.remember_me
|
182
|
+
assert session.remember_me?
|
183
|
+
end
|
184
|
+
|
185
|
+
def test_remember_me_until
|
186
|
+
session = UserSession.new
|
187
|
+
assert_nil session.remember_me_until
|
188
|
+
|
189
|
+
session.remember_me = true
|
190
|
+
assert 3.months.from_now <= session.remember_me_until
|
191
|
+
end
|
192
|
+
|
193
|
+
def test_save_with_nothing
|
194
|
+
session = UserSession.new
|
195
|
+
assert !session.save
|
196
|
+
assert session.new_session?
|
197
|
+
end
|
198
|
+
|
199
|
+
def test_save_with_record
|
200
|
+
ben = users(:ben)
|
201
|
+
session = UserSession.new(:login => ben.login, :password => "benrocks")
|
202
|
+
assert session.save
|
203
|
+
assert !session.new_session?
|
204
|
+
assert_equal 1, session.record.login_count
|
205
|
+
assert Time.now >= session.record.current_login_at
|
206
|
+
assert_equal "1.1.1.1", session.record.current_login_ip
|
207
|
+
unset_cookie
|
208
|
+
unset_session
|
209
|
+
end
|
210
|
+
|
211
|
+
def test_save_with_credentials
|
212
|
+
ben = users(:ben)
|
213
|
+
session = UserSession.new(ben)
|
214
|
+
assert session.save
|
215
|
+
assert !session.new_session?
|
216
|
+
assert_equal 1, session.record.login_count
|
217
|
+
assert Time.now >= session.record.current_login_at
|
218
|
+
assert_equal "1.1.1.1", session.record.current_login_ip
|
219
|
+
end
|
220
|
+
|
221
|
+
def test_save_with_bang
|
222
|
+
session = UserSession.new
|
223
|
+
assert_raise(Authlogic::Session::SessionInvalid) { session.save! }
|
224
|
+
|
225
|
+
session.unauthorized_record = users(:ben)
|
226
|
+
assert session.save!
|
227
|
+
end
|
228
|
+
|
229
|
+
def test_unauthorized_record
|
230
|
+
session = UserSession.new
|
231
|
+
ben = users(:ben)
|
232
|
+
session.unauthorized_record = ben
|
233
|
+
assert_equal ben, session.unauthorized_record
|
234
|
+
assert_equal :unauthorized_record, session.authenticating_with
|
235
|
+
end
|
236
|
+
|
237
|
+
def test_valid
|
238
|
+
session = UserSession.new
|
239
|
+
assert !session.valid?
|
240
|
+
assert_nil session.record
|
241
|
+
assert session.errors.count > 0
|
242
|
+
|
243
|
+
ben = users(:ben)
|
244
|
+
session.unauthorized_record = ben
|
245
|
+
assert session.valid?
|
246
|
+
assert_equal ben, session.record
|
247
|
+
assert session.errors.empty?
|
248
|
+
end
|
249
|
+
|
250
|
+
def test_valid_http_auth
|
251
|
+
ben = users(:ben)
|
252
|
+
session = UserSession.new
|
253
|
+
|
254
|
+
http_basic_auth_for { assert !session.valid_http_auth? }
|
255
|
+
|
256
|
+
http_basic_auth_for(ben) do
|
257
|
+
assert session.valid_http_auth?
|
258
|
+
assert_equal ben, session.record
|
259
|
+
assert_equal ben.login, session.login
|
260
|
+
assert_equal ben.crypted_password, session.send(:protected_password)
|
261
|
+
end
|
262
|
+
end
|
263
|
+
end
|
264
|
+
end
|