RubyGems - authlogic - Versions diffs - 1.1.0 → 1.1.1 - Mend

authlogic 1.1.0 → 1.1.1

Potentially problematic release.

This version of authlogic might be problematic. Click here for more details.

Files changed (39) hide show

data/test/session_tests/params_test.rb CHANGED Viewed

@@ -7,10 +7,26 @@ module SessionTests
       session = UserSession.new
       assert !session.valid_params?
       set_params_for(ben)
+      assert !session.valid_params?
+      assert !session.unauthorized_record
+      assert !@controller.session["user_credentials"]
+      set_request_content_type("text/plain")
+      assert !session.valid_params?
+      assert !session.unauthorized_record
+      assert !@controller.session["user_credentials"]
+      set_request_content_type("application/atom+xml")
+      assert session.valid_params?
+      assert_equal ben, session.unauthorized_record
+      assert !@controller.session["user_credentials"]
+      set_request_content_type("application/rss+xml")
       assert session.valid_params?
       assert_equal ben, session.unauthorized_record
+      assert !@controller.session["user_credentials"]
     end
   end
 end

data/test/test_helper.rb CHANGED Viewed

@@ -38,8 +38,8 @@ ActiveRecord::Schema.define(:version => 1) do
     t.string    :login
     t.string    :crypted_password
     t.string    :password_salt
-    t.string    :openid
     t.string    :remember_token
+    t.string    :single_access_token
     t.string    :first_name
     t.string    :last_name
     t.integer   :login_count
@@ -134,13 +134,21 @@ class Test::Unit::TestCase
     end
     def set_params_for(user, id = nil)
-      @controller.params["user_credentials"] = user.remember_token
+      @controller.params["user_credentials"] = user.single_access_token
     end
     def unset_params
       @controller.params["user_credentials"] = nil
     end
+    def set_request_content_type(type)
+      @controller.request_content_type = type
+    end
+    def unset_request_content_type
+      @controller.request_content_type = nil
+    end
     def set_session_for(user, id = nil)
       @controller.session["user_credentials"] = user.remember_token
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Ben Johnson of Binary Logic
@@ -22,16 +22,6 @@ dependencies:
       - !ruby/object:Gem::Version
         version: "0"
     version:
-- !ruby/object:Gem::Dependency
-  name: activerecord
-  type: :runtime
-  version_requirement:
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: "0"
-    version:
 - !ruby/object:Gem::Dependency
   name: echoe
   type: :development
@@ -55,10 +45,12 @@ extra_rdoc_files:
 - lib/authlogic/controller_adapters/rails_adapter.rb
 - lib/authlogic/crypto_providers/sha1.rb
 - lib/authlogic/crypto_providers/sha512.rb
+- lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
+- lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb
 - lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb
 - lib/authlogic/session/active_record_trickery.rb
@@ -68,11 +60,9 @@ extra_rdoc_files:
 - lib/authlogic/session/config.rb
 - lib/authlogic/session/cookies.rb
 - lib/authlogic/session/errors.rb
-- lib/authlogic/session/openid.rb
 - lib/authlogic/session/params.rb
 - lib/authlogic/session/scopes.rb
 - lib/authlogic/session/session.rb
-- lib/authlogic/testing/shoulda_macros.rb
 - lib/authlogic/version.rb
 - lib/authlogic.rb
 - README.rdoc
@@ -84,10 +74,12 @@ files:
 - lib/authlogic/controller_adapters/rails_adapter.rb
 - lib/authlogic/crypto_providers/sha1.rb
 - lib/authlogic/crypto_providers/sha512.rb
+- lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
+- lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb
 - lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb
 - lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb
 - lib/authlogic/session/active_record_trickery.rb
@@ -97,17 +89,16 @@ files:
 - lib/authlogic/session/config.rb
 - lib/authlogic/session/cookies.rb
 - lib/authlogic/session/errors.rb
-- lib/authlogic/session/openid.rb
 - lib/authlogic/session/params.rb
 - lib/authlogic/session/scopes.rb
 - lib/authlogic/session/session.rb
-- lib/authlogic/testing/shoulda_macros.rb
 - lib/authlogic/version.rb
 - lib/authlogic.rb
 - Manifest
 - MIT-LICENSE
 - Rakefile
 - README.rdoc
+- shoulda_macros/authlogic.rb
 - test/fixtures/companies.yml
 - test/fixtures/employees.yml
 - test/fixtures/projects.yml
@@ -117,7 +108,12 @@ files:
 - test/libs/mock_cookie_jar.rb
 - test/libs/mock_request.rb
 - test/libs/ordered_hash.rb
-- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb
 - test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb
 - test/session_tests/active_record_trickery_test.rb
 - test/session_tests/authenticates_many_association_test.rb
@@ -161,7 +157,12 @@ signing_key:
 specification_version: 2
 summary: A clean, simple, and unobtrusive ruby authentication solution.
 test_files:
-- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb
+- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb
 - test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb
 - test/session_tests/active_record_trickery_test.rb
 - test/session_tests/authenticates_many_association_test.rb

data/lib/authlogic/session/openid.rb DELETED Viewed

@@ -1,106 +0,0 @@
-module Authlogic
-  module Session
-    module OpenID
-      def self.included(klass)
-        klass.class_eval do
-          alias_method_chain :initialize, :openid
-          alias_method_chain :credentials=, :openid
-          alias_method_chain :create_configurable_methods!, :openid
-          before_validation :valid_openid?
-          attr_accessor :openid_response
-        end
-      end
-      def initialize_with_openid(*args)
-        initialize_without_openid(*args)
-        self.authenticating_with = :openid if openid_verification_complete?
-      end
-      def credentials_with_openid=(values)
-        result = self.credentials_without_openid = values
-        return result if openid_field.blank? || values.blank? || !values.is_a?(Hash) || values[:openid].blank?
-        self.openid = values[:openid]
-        result
-      end
-      # Returns true if logging in with openid. Credentials mean username and password.
-      def authenticating_with_openid?
-        authenticating_with == :openid
-      end
-      def verify_openid?
-        authenticating_with_openid? && controller.params[:openid_complete] != "1"
-      end
-      def openid_verified?
-        controller.params[:openid_complete] == "1"
-      end
-      def valid_openid?
-        return false if openid_field.blank?
-        if openid_verification_complete?
-          case openid_response.status
-          when OpenID::Consumer::SUCCESS
-          when OpenID::Consumer::CANCEL
-            errors.add_to_base("OpenID authentication was cancelled.")
-          when OpenID::Consumer::FAILURE
-            errors.add_to_base("OpenID authentication failed.")
-          when OpenID::Consumer::SETUP_NEEDED
-            errors.add_to_Base("OpenID authentication needs setup.")
-          end
-        else
-          if authenticating_with_openid?
-            if send(openid_field).blank?
-              errors.add(openid_field, "can not be blank")
-              return false
-            end
-            unless search_for_record(find_by_openid_method, send(openid_field))
-              errors.add(openid_field, "did not match any records in our database")
-              return false
-            end
-            begin
-              self.openid_response = openid_consumer.begin(send(openid_field))
-            rescue OpenID::OpenIDError => e
-              errors.add("The OpenID identifier #{send(openid_field)} could not be found: #{e}")
-              return false
-            end
-            sregreq = OpenID::SReg::Request.new
-            # required fields
-            #sregreq.request_fields(['email','nickname'], true)
-            # optional fields
-            #sregreq.request_fields(['dob', 'fullname'], false)
-            oidreq.add_extension(sregreq)
-            oidreq.return_to_args["openid_complete"] = 1
-          end
-        end
-      end
-      private
-        def create_configurable_methods_with_openid!
-          create_configurable_methods_without_openid!
-          return if openid_field.blank? || respond_to?(openid_field)
-          if openid_field
-            self.class.class_eval <<-"end_eval", __FILE__, __LINE__
-              attr_reader :#{openid_field}
-              def #{openid_field}=(value)
-                self.authenticating_with = :openid
-                @#{openid_field} = value
-              end
-            end_eval
-          end
-        end
-        def openid_consumer
-          @openid_consumer ||= OpenID::Consumer.new(controller.session, OpenID::FilesystemStore.new(openid_file_store_path))
-        end
-    end
-  end
-end

data/lib/authlogic/testing/shoulda_macros.rb DELETED Viewed

@@ -1,17 +0,0 @@
-require "test/unit"
-module Authlogic
-  module Testing
-    module ShouldaMacros
-      def should_be_authentic(model)
-        should "acts as authentic" do
-          assert model.respond_to?(:unique_token)
-          assert model.respond_to?(:forget_all!)
-          assert model.respond_to?(:crypto_provider)
-        end
-      end
-    end
-  end
-end
-Test::Unit::TestCase.extend Authlogic::Testing::ShouldaMacros

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb DELETED Viewed

@@ -1,217 +0,0 @@
-require File.dirname(__FILE__) + '/../../test_helper.rb'
-module ORMAdaptersTests
-  module ActiveRecordAdapterTests
-    class ActsAsAuthenticTest < ActiveSupport::TestCase
-      def test_user_validations
-        user = User.new
-        assert !user.valid?
-        assert user.errors.on(:login)
-        assert user.errors.on(:password)
-        user.login = "a"
-        assert !user.valid?
-        assert user.errors.on(:login)
-        assert user.errors.on(:password)
-        user.login = "%ben*"
-        assert !user.valid?
-        assert user.errors.on(:login)
-        assert user.errors.on(:password)
-        user.login = "bjohnson"
-        assert !user.valid?
-        assert user.errors.on(:login)
-        assert user.errors.on(:password)
-        user.login = "my login"
-        assert !user.valid?
-        assert !user.errors.on(:login)
-        assert user.errors.on(:password)
-        user.password = "my pass"
-        assert !user.valid?
-        assert !user.errors.on(:password)
-        assert user.errors.on(:confirm_password)
-        user.confirm_password = "my pizass"
-        assert !user.valid?
-        assert !user.errors.on(:password)
-        assert user.errors.on(:confirm_password)
-        user.confirm_password = "my pass"
-        assert user.valid?
-      end
-      def test_employee_validations
-        employee = Employee.new
-        employee.password = "pass"
-        employee.confirm_password = "pass"
-        assert !employee.valid?
-        assert employee.errors.on(:email)
-        employee.email = "fdsf"
-        assert !employee.valid?
-        assert employee.errors.on(:email)
-        employee.email = "fake@email.fake"
-        assert !employee.valid?
-        assert employee.errors.on(:email)
-        employee.email = "notfake@email.com"
-        assert employee.valid?
-      end
-      def test_named_scopes
-        assert_equal 0, User.logged_in.count
-        assert_equal User.count, User.logged_out.count
-        http_basic_auth_for(users(:ben)) { UserSession.find }
-        assert_equal 1, User.logged_in.count
-        assert_equal User.count - 1, User.logged_out.count
-      end
-      def test_unique_token
-        assert_equal 128, User.unique_token.length
-        assert_equal 128, Employee.unique_token.length # make sure encryptions use hashes also
-        unique_tokens = []
-        1000.times { unique_tokens << User.unique_token }
-        unique_tokens.uniq!
-        assert_equal 1000, unique_tokens.size
-      end
-      def test_crypto_provider
-        assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
-        assert_equal AES128CryptoProvider, Employee.crypto_provider
-      end
-      def test_forget_all
-        http_basic_auth_for(users(:ben)) { UserSession.find }
-        http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
-        assert UserSession.find
-        assert UserSession.find(:ziggity_zack)
-        User.forget_all!
-        assert !UserSession.find
-        assert !UserSession.find(:ziggity_zack)
-      end
-      def test_logged_in
-        ben = users(:ben)
-        assert !ben.logged_in?
-        http_basic_auth_for(ben) { UserSession.find }
-        assert ben.reload.logged_in?
-      end
-      def test_password
-        user = User.new
-        user.password = "sillywilly"
-        assert user.crypted_password
-        assert user.password_salt
-        assert user.remember_token
-        assert_equal true, user.tried_to_set_password
-        assert_nil user.password
-        employee = Employee.new
-        employee.password = "awesome"
-        assert employee.crypted_password
-        assert employee.remember_token
-        assert_equal true, employee.tried_to_set_password
-        assert_nil employee.password
-      end
-      def test_valid_password
-        ben = users(:ben)
-        assert ben.valid_password?("benrocks")
-        assert ben.valid_password?(ben.crypted_password)
-        drew = employees(:drew)
-        assert drew.valid_password?("drewrocks")
-        assert drew.valid_password?(drew.crypted_password)
-      end
-      def test_forget
-        ben = users(:ben)
-        zack = users(:zack)
-        http_basic_auth_for(ben) { UserSession.find }
-        http_basic_auth_for(zack) { UserSession.find(:ziggity_zack) }
-        assert ben.reload.logged_in?
-        assert zack.reload.logged_in?
-        ben.forget!
-        assert !UserSession.find
-        assert UserSession.find(:ziggity_zack)
-      end
-      def test_reset_password
-        ben = users(:ben)
-        UserSession.create(ben)
-        old_password = ben.crypted_password
-        old_salt = ben.password_salt
-        old_remember_token = ben.remember_token
-        ben.reset_password!
-        ben.reload
-        assert_not_equal old_password, ben.crypted_password
-        assert_not_equal old_salt, ben.password_salt
-        assert_not_equal old_remember_token, ben.remember_token
-        assert !UserSession.find
-      end
-      def test_login_after_create
-        assert User.create(:login => "awesome", :password => "saweet", :confirm_password => "saweet")
-        assert UserSession.find
-      end
-      def test_update_session_after_password_modify
-        ben = users(:ben)
-        UserSession.create(ben)
-        old_session_key = @controller.session["user_credentials"]
-        old_cookie_key = @controller.cookies["user_credentials"]
-        ben.password = "newpass"
-        ben.confirm_password = "newpass"
-        ben.save
-        assert @controller.session["user_credentials"]
-        assert @controller.cookies["user_credentials"]
-        assert_not_equal @controller.session["user_credentials"], old_session_key
-        assert_not_equal @controller.cookies["user_credentials"], old_cookie_key
-      end
-      def test_no_session_update_after_modify
-        ben = users(:ben)
-        UserSession.create(ben)
-        old_session_key = @controller.session["user_credentials"]
-        old_cookie_key = @controller.cookies["user_credentials"]
-        ben.first_name = "Ben"
-        ben.save
-        assert_equal @controller.session["user_credentials"], old_session_key
-        assert_equal @controller.cookies["user_credentials"], old_cookie_key
-      end
-      def test_updating_other_user
-        ben = users(:ben)
-        UserSession.create(ben)
-        old_session_key = @controller.session["user_credentials"]
-        old_cookie_key = @controller.cookies["user_credentials"]
-        zack = users(:zack)
-        zack.password = "newpass"
-        zack.confirm_password = "newpass"
-        zack.save
-        assert_equal @controller.session["user_credentials"], old_session_key
-        assert_equal @controller.cookies["user_credentials"], old_cookie_key
-      end
-      def test_resetting_password_when_logged_out
-        ben = users(:ben)
-        assert !UserSession.find
-        ben.password = "newpass"
-        ben.confirm_password = "newpass"
-        ben.save
-        assert UserSession.find
-        assert_equal ben, UserSession.find.record
-      end
-    end
-  end
-end