authlogic 1.1.2 → 1.2.0

data/lib/authlogic/session/password_reset.rb

@@ -0,0 +1,17 @@
+module Authlogic
+  module Session
+    # = Password Reset
+    #
+    # Provides utilities that assist in maintaining the password reset token. This module just resets the token after a session has been saved, just to keep changing it and add extra security.
+    module PasswordReset
+      def self.included(klass)
+        klass.after_save :reset_password_reset_token!
+      end
+      
+      private
+        def reset_password_reset_token!
+          record.send("reset_#{password_reset_token_field}!") if record.respond_to?("reset_#{password_reset_token_field}!")
+        end
+    end
+  end
+end

data/lib/authlogic/session/scopes.rb

@@ -57,7 +57,7 @@ module Authlogic
       module ClassMethods
         # The current scope set, should be used in the block passed to with_scope.
         def scope
-          scopes[Thread.current]
+          Thread.current[:authlogic_scope]
         end
         
         # See the documentation for this class for more information on how to use this method.
@@ -71,11 +71,7 @@ module Authlogic
         
         private
           def scope=(value)
-            scopes[Thread.current] = value
-          end
-          
-          def scopes
-            @scopes ||= {}
+            Thread.current[:authlogic_scope] = value
           end
       end
       

data/lib/authlogic/version.rb

@@ -43,8 +43,8 @@ module Authlogic # :nodoc:
     end
 
     MAJOR = 1
-    MINOR = 1
-    TINY  = 2
+    MINOR = 2
+    TINY  = 0
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/test/fixtures/users.yml

@@ -6,6 +6,8 @@ ben:
   crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
   remember_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
   single_access_token: <%= User.friendly_unique_token %>
+  password_reset_token: <%= User.friendly_unique_token %>
+  email: bjohnson@binarylogic.com
   first_name: Ben
   last_name: Johnson
   
@@ -17,5 +19,6 @@ zack:
   crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
   remember_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
   single_access_token: <%= User.friendly_unique_token %>
+  email: zham@ziggityzack.com
   first_name: Zack
   last_name: Ham

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb

@@ -21,12 +21,17 @@ module ORMAdaptersTests
             :password_field => :password,
             :logged_in_timeout => 600,
             :password_salt_field => :password_salt,
+            :password_reset_token_valid_for => 600,
+            :password_reset_token_field => :password_reset_token,
             :login_field_type => :login,
             :crypto_provider => Authlogic::CryptoProviders::Sha512,
             :password_blank_message => "can not be blank",
             :crypted_password_field => :crypted_password,
             :session_class => "UserSession",
-            :login_field => :login
+            :login_field => :login,
+            :email_field => :email,
+            :email_field_regex => /\A[\w\.%\+\-]+@(?:[A-Z0-9\-]+\.)+(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)\z/i,
+            :email_field_regex_failed_message=>"should look like an email address."
           }
           assert_equal default_config, User.acts_as_authentic_config
         end

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb

@@ -9,26 +9,31 @@ module ORMAdaptersTests
           assert !user.valid?
           assert user.errors.on(:login)
           assert user.errors.on(:password)
+          assert user.errors.on(:email)
 
           user.login = "a"
           assert !user.valid?
           assert user.errors.on(:login)
           assert user.errors.on(:password)
+          assert user.errors.on(:email)
 
           user.login = "%ben*"
           assert !user.valid?
           assert user.errors.on(:login)
           assert user.errors.on(:password)
+          assert user.errors.on(:email)
 
           user.login = "bjohnson"
           assert !user.valid?
           assert user.errors.on(:login)
           assert user.errors.on(:password)
+          assert user.errors.on(:email)
 
           user.login = "my login"
           assert !user.valid?
           assert !user.errors.on(:login)
           assert user.errors.on(:password)
+          assert user.errors.on(:email)
 
           user.password = "my pass"
           assert !user.valid?
@@ -39,8 +44,17 @@ module ORMAdaptersTests
           assert !user.valid?
           assert !user.errors.on(:password)
           assert user.errors.on(:confirm_password)
+          assert user.errors.on(:email)
 
           user.confirm_password = "my pass"
+          assert !user.valid?
+          assert user.errors.on(:email)
+          
+          user.email = "some email"
+          assert !user.valid?
+          assert user.errors.on(:email)
+          
+          user.email = "a@a.com"
           assert user.valid?
         end
         
@@ -95,11 +109,11 @@ module ORMAdaptersTests
         def test_valid_password
           ben = users(:ben)
           assert ben.valid_password?("benrocks")
-          assert ben.valid_password?(ben.crypted_password)
+          assert !ben.valid_password?(ben.crypted_password)
 
           drew = employees(:drew)
           assert drew.valid_password?("drewrocks")
-          assert drew.valid_password?(drew.crypted_password)
+          assert !drew.valid_password?(drew.crypted_password)
         end
         
         def test_reset_password

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/password_reset_test.rb

@@ -0,0 +1,40 @@
+require File.dirname(__FILE__) + '/../../../test_helper.rb'
+
+module ORMAdaptersTests
+  module ActiveRecordAdapterTests
+    module ActsAsAuthenticTests
+      class PasswordResetTest < ActiveSupport::TestCase
+        def test_before_validation
+          ben = users(:ben)
+          old_password_reset_token = ben.password_reset_token
+          assert ben.valid?
+          assert_not_equal old_password_reset_token, ben.password_reset_token
+          ben.reload
+          assert_equal old_password_reset_token, ben.password_reset_token
+          assert ben.save
+          assert_not_equal old_password_reset_token, ben.password_reset_token
+        end
+        
+        def test_find_using_password_reset_token
+          ben = users(:ben)
+          assert_nil User.find_using_password_reset_token("")
+          assert_equal ben, User.find_using_password_reset_token(ben.password_reset_token)
+          assert ben.class.connection.execute("update users set updated_at = '#{10.minutes.ago.to_s(:db)}' where id = '#{ben.id}';")
+          assert_nil User.find_using_password_reset_token(ben.password_reset_token)
+        end
+        
+        def test_reset_password_reset_token
+          ben = users(:ben)
+          old_password_reset_token = ben.password_reset_token
+          ben.reset_password_reset_token
+          assert_not_equal old_password_reset_token, ben.password_reset_token
+          ben.reload
+          assert_equal old_password_reset_token, ben.password_reset_token
+          ben.reset_password_reset_token!
+          ben.reload
+          assert_not_equal old_password_reset_token, ben.password_reset_token
+        end
+      end
+    end
+  end
+end

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb

@@ -5,7 +5,7 @@ module ORMAdaptersTests
     module ActsAsAuthenticTests
       class SessionMaintenanceTest < ActiveSupport::TestCase
         def test_login_after_create
-          assert User.create(:login => "awesome", :password => "saweet", :confirm_password => "saweet")
+          assert User.create(:login => "awesome", :password => "saweet", :confirm_password => "saweet", :email => "awesome@awesome.com")
           assert UserSession.find
         end
 

data/test/session_tests/base_test.rb

@@ -4,28 +4,29 @@ module SessionTests
   class BaseTest < ActiveSupport::TestCase
     def test_activated
       assert UserSession.activated?
-      Authlogic::Session::Base.reset_controllers!
+      Authlogic::Session::Base.controller = nil
       assert !UserSession.activated?
     end
     
-    def test_controllers
-      Authlogic::Session::Base.reset_controllers!
-      assert_equal 0, Authlogic::Session::Base.send(:controllers).size 
+    def test_controller
+      Authlogic::Session::Base.controller = nil
+      assert_nil Authlogic::Session::Base.controller
       thread1 = Thread.new do
         controller = MockController.new
         Authlogic::Session::Base.controller = controller
         assert_equal controller, Authlogic::Session::Base.controller
       end
       thread1.join
-      assert_equal 1, Authlogic::Session::Base.send(:controllers).size
+
       assert_nil Authlogic::Session::Base.controller
+      
       thread2 = Thread.new do
         controller = MockController.new
         Authlogic::Session::Base.controller = controller
         assert_equal controller, Authlogic::Session::Base.controller
       end
       thread2.join
-      assert_equal 2, Authlogic::Session::Base.send(:controllers).size
+      
       assert_nil Authlogic::Session::Base.controller
     end
     
@@ -82,7 +83,7 @@ module SessionTests
     end
     
     def test_init
-      UserSession.reset_controllers!
+      UserSession.controller = nil
       assert_raise(Authlogic::Session::NotActivated) { UserSession.new }
       UserSession.controller = @controller
       
@@ -272,7 +273,7 @@ module SessionTests
         assert session.valid_http_auth?
         assert_equal ben, session.record
         assert_equal ben.login, session.login
-        assert_equal ben.crypted_password, session.send(:protected_password)
+        assert_equal "benrocks", session.send(:protected_password)
       end
     end
   end

data/test/session_tests/config_test.rb

@@ -65,6 +65,30 @@ module SessionTests
       assert_equal 0, session.last_request_at_threshold
     end
   
+    def test_login_blank_message
+      UserSession.login_blank_message = "message"
+      assert_equal "message", UserSession.login_blank_message
+      session = UserSession.new
+      assert_equal "message", session.login_blank_message
+    
+      UserSession.login_blank_message "can not be blank"
+      assert_equal "can not be blank", UserSession.login_blank_message
+      session = UserSession.new
+      assert_equal "can not be blank", session.login_blank_message
+    end
+    
+    def test_login_not_found_message
+      UserSession.login_not_found_message = "message"
+      assert_equal "message", UserSession.login_not_found_message
+      session = UserSession.new
+      assert_equal "message", session.login_not_found_message
+    
+      UserSession.login_not_found_message "does not exist"
+      assert_equal "does not exist", UserSession.login_not_found_message
+      session = UserSession.new
+      assert_equal "does not exist", session.login_not_found_message
+    end
+    
     def test_login_field
       UserSession.login_field = :saweet
       assert_equal :saweet, UserSession.login_field
@@ -79,6 +103,42 @@ module SessionTests
       assert session.respond_to?(:login)
     end
     
+    def test_not_active_message
+      UserSession.not_active_message = "message"
+      assert_equal "message", UserSession.not_active_message
+      session = UserSession.new
+      assert_equal "message", session.not_active_message
+    
+      UserSession.not_active_message "Your account is not active"
+      assert_equal "Your account is not active", UserSession.not_active_message
+      session = UserSession.new
+      assert_equal "Your account is not active", session.not_active_message
+    end
+    
+    def test_not_approved_message
+      UserSession.not_approved_message = "message"
+      assert_equal "message", UserSession.not_approved_message
+      session = UserSession.new
+      assert_equal "message", session.not_approved_message
+    
+      UserSession.not_approved_message "Your account is not approved"
+      assert_equal "Your account is not approved", UserSession.not_approved_message
+      session = UserSession.new
+      assert_equal "Your account is not approved", session.not_approved_message
+    end
+    
+    def test_not_confirmed_message
+      UserSession.not_confirmed_message = "message"
+      assert_equal "message", UserSession.not_confirmed_message
+      session = UserSession.new
+      assert_equal "message", session.not_confirmed_message
+    
+      UserSession.not_confirmed_message "Your account is not confirmed"
+      assert_equal "Your account is not confirmed", UserSession.not_confirmed_message
+      session = UserSession.new
+      assert_equal "Your account is not confirmed", session.not_confirmed_message
+    end
+    
     def test_params_key
       UserSession.params_key = "my_params_key"
       assert_equal "my_params_key", UserSession.params_key
@@ -90,6 +150,18 @@ module SessionTests
       session = UserSession.new
       assert_equal "user_credentials", session.params_key
     end
+    
+    def test_password_blank_message
+      UserSession.password_blank_message = "message"
+      assert_equal "message", UserSession.password_blank_message
+      session = UserSession.new
+      assert_equal "message", session.password_blank_message
+    
+      UserSession.password_blank_message "can not be blank"
+      assert_equal "can not be blank", UserSession.password_blank_message
+      session = UserSession.new
+      assert_equal "can not be blank", session.password_blank_message
+    end
   
     def test_password_field
       UserSession.password_field = :saweet
@@ -104,6 +176,18 @@ module SessionTests
       assert_equal :password, session.password_field
       assert session.respond_to?(:password)
     end
+    
+    def test_password_invalid_message
+      UserSession.password_invalid_message = "message"
+      assert_equal "message", UserSession.password_invalid_message
+      session = UserSession.new
+      assert_equal "message", session.password_invalid_message
+    
+      UserSession.password_invalid_message "is invalid"
+      assert_equal "is invalid", UserSession.password_invalid_message
+      session = UserSession.new
+      assert_equal "is invalid", session.password_invalid_message
+    end
   
     def test_remember_me
       UserSession.remember_me = true
@@ -131,18 +215,6 @@ module SessionTests
       assert_equal 3.months, session.remember_me_for
     end
   
-    def test_remember_token_field
-      UserSession.remember_token_field = :saweet
-      assert_equal :saweet, UserSession.remember_token_field
-      session = UserSession.new
-      assert_equal :saweet, session.remember_token_field
-    
-      UserSession.remember_token_field :remember_token
-      assert_equal :remember_token, UserSession.remember_token_field
-      session = UserSession.new
-      assert_equal :remember_token, session.remember_token_field
-    end
-  
     def test_session_key
       UserSession.session_key = "my_session_key"
       assert_equal "my_session_key", UserSession.session_key

data/test/session_tests/password_reset_test.rb

@@ -0,0 +1,15 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTests
+  class PasswordResetTest < ActiveSupport::TestCase
+    def test_after_save
+      ben = users(:ben)
+      old_password_reset_token = ben.password_reset_token
+      session = UserSession.create(ben)
+      assert_not_equal old_password_reset_token, ben.password_reset_token
+      
+      drew = employees(:drew)
+      assert UserSession.create(drew)
+    end
+  end
+end

data/test/session_tests/scopes_test.rb

@@ -3,24 +3,25 @@ require File.dirname(__FILE__) + '/../test_helper.rb'
 module SessionTests
   class ScopesTest < ActiveSupport::TestCase
     def test_scope_method
-      assert_equal 0, Authlogic::Session::Base.send(:scopes).size 
+      assert_nil Authlogic::Session::Base.scope
+      
       thread1 = Thread.new do
         scope = {:id => :scope1}
         Authlogic::Session::Base.send(:scope=, scope)
         assert_equal scope, Authlogic::Session::Base.scope
       end
       thread1.join
-      assert_equal 1, Authlogic::Session::Base.send(:scopes).size
+      
       assert_nil Authlogic::Session::Base.scope
+      
       thread2 = Thread.new do
         scope = {:id => :scope2}
         Authlogic::Session::Base.send(:scope=, scope)
         assert_equal scope, Authlogic::Session::Base.scope
       end
       thread2.join
-      assert_equal 2, Authlogic::Session::Base.send(:scopes).size
+
       assert_nil Authlogic::Session::Base.scope
-      Authlogic::Session::Base.send(:scopes).clear
     end
   
     def test_with_scope_method

data/test/test_helper.rb

@@ -40,6 +40,8 @@ ActiveRecord::Schema.define(:version => 1) do
     t.string    :password_salt
     t.string    :remember_token
     t.string    :single_access_token
+    t.string    :password_reset_token
+    t.string    :email
     t.string    :first_name
     t.string    :last_name
     t.integer   :login_count
@@ -104,22 +106,26 @@ class Test::Unit::TestCase
   self.pre_loaded_fixtures = true
   fixtures :all
   setup :activate_authlogic
-  teardown :deactivate_authlogic
   
   private
     def activate_authlogic
       @controller = MockController.new
       Authlogic::Session::Base.controller = @controller
     end
-
-    def deactivate_authlogic
-      Authlogic::Session::Base.reset_controllers!
-    end
     
     def http_basic_auth_for(user = nil, &block)
       unless user.blank?
         @controller.http_user = user.login
-        @controller.http_password = user.crypted_password
+        
+        password = nil
+        case user
+        when users(:ben)
+          password = "benrocks"
+        when users(:zack)
+          password = "zackrocks"
+        end
+        
+        @controller.http_password = password
       end
       yield
       @controller.http_user = @controller.http_password = nil