authlogic 1.4.3 → 2.0.0

data/lib/authlogic/session/unauthorized_record.rb

@@ -0,0 +1,50 @@
+module Authlogic
+  module Session
+    # Allows you to create session with an object. Ex:
+    #
+    #   UserSession.create(my_user_object)
+    #
+    # Be careful with this, because Authlogic is assuming that you have already confirmed that the
+    # user is who he says he is.
+    #
+    # For example, this is the method used to persist the session internally. Authlogic finds the user with
+    # the persistence token. At this point we know the user is who he says he is, so Authlogic just creates a
+    # session with the record. This is particularly useful for 3rd party authentication methods, such as
+    # OpenID. Let that method verify the identity, once it's verified, pass the object and create a session.
+    module UnauthorizedRecord
+      def self.included(klass)
+        klass.class_eval do
+          attr_accessor :unauthorized_record
+          validate :validate_by_unauthorized_record, :if => :authenticating_with_unauthorized_record?
+        end
+      end
+      
+      # Returning meaningful credentials
+      def credentials
+        if authenticating_with_unauthorized_record?
+          details = {}
+          details[:unauthorized_record] = "<protected>"
+          details
+        else
+          super
+        end
+      end
+      
+      # Setting the unauthorized record if it exists in the credentials passed.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        self.unauthorized_record = values.first if values.first.class < ::ActiveRecord::Base
+      end
+      
+      private
+        def authenticating_with_unauthorized_record?
+          !unauthorized_record.nil?
+        end
+        
+        def validate_by_unauthorized_record
+          self.attempted_record = unauthorized_record
+        end
+    end
+  end
+end

data/lib/authlogic/session/validation.rb

@@ -0,0 +1,76 @@
+module Authlogic
+  module Session
+    # Responsible for session validation
+    module Validation
+      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses the exact same ActiveRecord errors class. Use it the same way:
+      #
+      #   class UserSession
+      #     validate :check_if_awesome
+      #
+      #     private
+      #       def check_if_awesome
+      #         errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
+      #         errors.add_to_base("You must be awesome to log in") unless record.awesome?
+      #       end
+      #   end
+      class Errors < ::ActiveRecord::Errors
+      end
+      
+      # You should use this as a place holder for any records that you find during validation. The main reason for this is to
+      # allow other modules to use it if needed. Take the failed_login_count feature, it needs this in order to increase
+      # the failed login count.
+      def attempted_record
+        @attempted_record
+      end
+      
+      # See attempted_record
+      def attempted_record=(value)
+        @attempted_record = value
+      end
+      
+      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses the exact same ActiveRecord errors class.
+      # Use it the same way:
+      #
+      # === Example
+      #
+      #  class UserSession
+      #    before_validation :check_if_awesome
+      #
+      #    private
+      #      def check_if_awesome
+      #        errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
+      #        errors.add_to_base("You must be awesome to log in") unless record.awesome?
+      #      end
+      #  end
+      def errors
+        @errors ||= Errors.new(self)
+      end
+      
+      # Determines if the information you provided for authentication is valid or not. If there is
+      # a problem with the information provided errors will be added to the errors object and this
+      # method will return false.
+      def valid?
+        errors.clear
+        self.attempted_record = nil
+        
+        before_validation
+        new_session? ? before_validation_on_create : before_validation_on_update
+        validate
+        ensure_authentication_attempted
+                
+        if errors.empty?
+          new_session? ? after_validation_on_create : after_validation_on_update
+          after_validation
+        end
+        
+        save_record(attempted_record)
+        errors.empty?
+      end
+      
+      private
+        def ensure_authentication_attempted
+          errors.add_to_base(I18n.t('error_messages.no_authentication_details', :default => "You did not provide any details for authentication.")) if errors.empty? && attempted_record.nil?
+        end
+    end
+  end
+end

data/lib/authlogic/testing/test_unit_helpers.rb

@@ -1,7 +1,7 @@
 module Authlogic
-  module Testing # :nodoc:
-    # = Test Unit Helpers
-    #
+  # Various utilities to help with testing. Keep in mind, Authlogic is thoroughly tested for you, the only thing you should be
+  # testing is code you write, such as code in your controller.
+  module Testing
     # Provides useful methods for testing in Test::Unit, lets you log records in, etc. Just include this in your test_helper filter:
     #
     #   require "authlogic/testing/test_unit_helpers"

data/lib/authlogic/version.rb

@@ -42,9 +42,9 @@ module Authlogic # :nodoc:
       [@major, @minor, @tiny]
     end
 
-    MAJOR = 1
-    MINOR = 4
-    TINY  = 3
+    MAJOR = 2
+    MINOR = 0
+    TINY  = 0
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/test/acts_as_authentic_test/base_test.rb

@@ -0,0 +1,12 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class BaseTest < ActiveSupport::TestCase
+    def test_acts_as_authentic
+      assert_nothing_raised do
+        User.acts_as_authentic do
+        end
+      end
+    end
+  end
+end

data/test/acts_as_authentic_test/email_test.rb

@@ -0,0 +1,79 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class EmailTest < ActiveSupport::TestCase
+    def test_email_field_config
+      assert_equal :email, User.email_field
+      assert_equal :email, Employee.email_field
+      
+      User.email_field = :nope
+      assert_equal :nope, User.email_field
+      User.email_field :email
+      assert_equal :email, User.email_field
+    end
+    
+    def test_validate_email_field_config
+      assert User.validate_email_field
+      assert Employee.validate_email_field
+      
+      User.validate_email_field = false
+      assert !User.validate_email_field
+      User.validate_email_field true
+      assert User.validate_email_field
+    end
+    
+    def test_validates_length_of_email_field_options_config
+      assert_equal({:within => 6..100}, User.validates_length_of_email_field_options)
+      assert_equal({:within => 6..100}, Employee.validates_length_of_email_field_options)
+      
+      User.validates_length_of_email_field_options = {:yes => "no"}
+      assert_equal({:yes => "no"}, User.validates_length_of_email_field_options)
+      User.validates_length_of_email_field_options({:within => 6..100})
+      assert_equal({:within => 6..100}, User.validates_length_of_email_field_options)
+    end
+    
+    def test_validates_format_of_email_field_options_config
+      default = {:with => User.send(:email_regex), :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}
+      assert_equal default, User.validates_format_of_email_field_options
+      assert_equal default, Employee.validates_format_of_email_field_options
+      
+      User.validates_format_of_email_field_options = {:yes => "no"}
+      assert_equal({:yes => "no"}, User.validates_format_of_email_field_options)
+      User.validates_format_of_email_field_options default
+      assert_equal default, User.validates_format_of_email_field_options
+    end
+    
+    def test_validates_length_of_email_field
+      u = User.new
+      u.email = "a@a.a"
+      assert !u.valid?
+      assert u.errors.on(:email)
+      
+      u.email = "a@a.com"
+      assert !u.valid?
+      assert !u.errors.on(:email)
+    end
+    
+    def test_validates_format_of_email_field
+      u = User.new
+      u.email = "aaaaaaaaaaaaa"
+      assert !u.valid?
+      assert u.errors.on(:email)
+      
+      u.email = "a@a.com"
+      assert !u.valid?
+      assert !u.errors.on(:email)
+    end
+    
+    def test_validates_uniqueness_of_email_field
+      u = User.new
+      u.email = "bjohnson@binarylogic.com"
+      assert !u.valid?
+      assert u.errors.on(:email)
+      
+      u.email = "a@a.com"
+      assert !u.valid?
+      assert !u.errors.on(:email)
+    end
+  end
+end

data/test/acts_as_authentic_test/logged_in_status_test.rb

@@ -0,0 +1,36 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class LoggedInStatusTest < ActiveSupport::TestCase
+    def test_logged_in_timeout_config
+      assert_equal 10.minutes.to_i, User.logged_in_timeout
+      assert_equal 10.minutes.to_i, Employee.logged_in_timeout
+      
+      User.logged_in_timeout = 1.hour
+      assert_equal 1.hour.to_i, User.logged_in_timeout
+      User.logged_in_timeout 10.minutes
+      assert_equal 10.minutes.to_i, User.logged_in_timeout
+    end
+    
+    def test_named_scope_logged_in
+      assert_equal 0, User.logged_in.count
+      User.first.update_attribute(:last_request_at, Time.now)
+      assert_equal 1, User.logged_in.count
+    end
+    
+    def test_named_scope_logged_out
+      assert_equal 2, User.logged_out.count
+      User.first.update_attribute(:last_request_at, Time.now)
+      assert_equal 1, User.logged_out.count
+    end
+    
+    def test_logged_in_logged_out
+      u = User.first
+      assert !u.logged_in?
+      assert u.logged_out?
+      u.last_request_at = Time.now
+      assert u.logged_in?
+      assert !u.logged_out?
+    end
+  end
+end

data/test/acts_as_authentic_test/login_test.rb

@@ -0,0 +1,79 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class LoginTest < ActiveSupport::TestCase
+    def test_login_field_config
+      assert_equal :login, User.login_field
+      assert_nil Employee.login_field
+      
+      User.login_field = :nope
+      assert_equal :nope, User.login_field
+      User.login_field :login
+      assert_equal :login, User.login_field
+    end
+    
+    def test_validate_login_field_config
+      assert User.validate_login_field
+      assert Employee.validate_login_field
+      
+      User.validate_login_field = false
+      assert !User.validate_login_field
+      User.validate_login_field true
+      assert User.validate_login_field
+    end
+    
+    def test_validates_length_of_login_field_options_config
+      assert_equal({:within => 3..100}, User.validates_length_of_login_field_options)
+      assert_equal({:within => 3..100}, Employee.validates_length_of_login_field_options)
+      
+      User.validates_length_of_login_field_options = {:yes => "no"}
+      assert_equal({:yes => "no"}, User.validates_length_of_login_field_options)
+      User.validates_length_of_login_field_options({:within => 3..100})
+      assert_equal({:within => 3..100}, User.validates_length_of_login_field_options)
+    end
+    
+    def test_validates_format_of_login_field_options_config
+      default = {:with => /\A\w[\w\.\-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}
+      assert_equal default, User.validates_format_of_login_field_options
+      assert_equal default, Employee.validates_format_of_login_field_options
+      
+      User.validates_format_of_login_field_options = {:yes => "no"}
+      assert_equal({:yes => "no"}, User.validates_format_of_login_field_options)
+      User.validates_format_of_login_field_options default
+      assert_equal default, User.validates_format_of_login_field_options
+    end
+    
+    def test_validates_length_of_login_field
+      u = User.new
+      u.login = "a"
+      assert !u.valid?
+      assert u.errors.on(:login)
+      
+      u.login = "aaaaaaaaaa"
+      assert !u.valid?
+      assert !u.errors.on(:login)
+    end
+    
+    def test_validates_format_of_login_field
+      u = User.new
+      u.login = "fdsf@^&*"
+      assert !u.valid?
+      assert u.errors.on(:login)
+      
+      u.login = "fdsfdsfdsfdsfs"
+      assert !u.valid?
+      assert !u.errors.on(:login)
+    end
+    
+    def test_validates_uniqueness_of_login_field
+      u = User.new
+      u.login = "bjohnson"
+      assert !u.valid?
+      assert u.errors.on(:login)
+      
+      u.login = "fdsfdsf"
+      assert !u.valid?
+      assert !u.errors.on(:login)
+    end
+  end
+end

data/test/acts_as_authentic_test/magic_columns_test.rb

@@ -0,0 +1,27 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class MagicColumnsTest < ActiveSupport::TestCase
+    def test_validates_numericality_of_login_count
+      u = User.new
+      u.login_count = -1
+      assert !u.valid?
+      assert u.errors.on(:login_count)
+      
+      u.login_count = 0
+      assert !u.valid?
+      assert !u.errors.on(:login_count)
+    end
+    
+    def test_validates_numericality_of_failed_login_count
+      u = User.new
+      u.failed_login_count = -1
+      assert !u.valid?
+      assert u.errors.on(:failed_login_count)
+      
+      u.failed_login_count = 0
+      assert !u.valid?
+      assert !u.errors.on(:failed_login_count)
+    end
+  end
+end

data/test/acts_as_authentic_test/password_test.rb

@@ -0,0 +1,212 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class PasswordTest < ActiveSupport::TestCase
+    def test_crypted_password_field_config
+      assert_equal :crypted_password, User.crypted_password_field
+      assert_equal :crypted_password, Employee.crypted_password_field
+      
+      User.crypted_password_field = :nope
+      assert_equal :nope, User.crypted_password_field
+      User.crypted_password_field :crypted_password
+      assert_equal :crypted_password, User.crypted_password_field
+    end
+    
+    def test_password_salt_field_config
+      assert_equal :password_salt, User.password_salt_field
+      assert_equal :password_salt, Employee.password_salt_field
+      
+      User.password_salt_field = :nope
+      assert_equal :nope, User.password_salt_field
+      User.password_salt_field :password_salt
+      assert_equal :password_salt, User.password_salt_field
+    end
+    
+    def test_validate_password_field_config
+      assert User.validate_password_field
+      assert Employee.validate_password_field
+      
+      User.validate_password_field = false
+      assert !User.validate_password_field
+      User.validate_password_field true
+      assert User.validate_password_field
+    end
+    
+    def test_validates_confirmation_of_password_field_options_config
+      default = {:minimum => 4, :if => "#{User.password_salt_field}_changed?".to_sym}
+      assert_equal default, User.validates_confirmation_of_password_field_options
+      assert_equal default, Employee.validates_confirmation_of_password_field_options
+      
+      User.validates_confirmation_of_password_field_options = {:yes => "no"}
+      assert_equal({:yes => "no"}, User.validates_confirmation_of_password_field_options)
+      User.validates_confirmation_of_password_field_options default
+      assert_equal default, User.validates_confirmation_of_password_field_options
+    end
+    
+    def test_validates_length_of_password_confirmation_field_options_config
+      default = {:minimum => 4, :if => :require_password_confirmation?}
+      assert_equal default, User.validates_length_of_password_confirmation_field_options
+      assert_equal default, Employee.validates_length_of_password_confirmation_field_options
+      
+      User.validates_length_of_password_confirmation_field_options = {:yes => "no"}
+      assert_equal({:yes => "no"}, User.validates_length_of_password_confirmation_field_options)
+      User.validates_length_of_password_confirmation_field_options default
+      assert_equal default, User.validates_length_of_password_confirmation_field_options
+    end
+    
+    def test_crypto_provider_config
+      assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
+      assert_equal Authlogic::CryptoProviders::AES256, Employee.crypto_provider
+      
+      User.crypto_provider = Authlogic::CryptoProviders::BCrypt
+      assert_equal Authlogic::CryptoProviders::BCrypt, User.crypto_provider
+      User.crypto_provider Authlogic::CryptoProviders::Sha512
+      assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
+    end
+    
+    def test_transition_from_crypto_providers_config
+      assert_equal [], User.transition_from_crypto_providers
+      assert_equal [], Employee.transition_from_crypto_providers
+      
+      User.transition_from_crypto_providers = [Authlogic::CryptoProviders::BCrypt]
+      assert_equal [Authlogic::CryptoProviders::BCrypt], User.transition_from_crypto_providers
+      User.transition_from_crypto_providers []
+      assert_equal [], User.transition_from_crypto_providers
+    end
+    
+    def test_act_like_restful_authentication_config
+      assert !User.act_like_restful_authentication
+      assert !Employee.act_like_restful_authentication
+      
+      User.act_like_restful_authentication = true
+      assert User.act_like_restful_authentication
+      assert_equal Authlogic::CryptoProviders::Sha1, User.crypto_provider
+      assert defined?(::REST_AUTH_SITE_KEY)
+      assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
+
+      User.act_like_restful_authentication false
+      assert !User.act_like_restful_authentication
+      
+      User.crypto_provider = Authlogic::CryptoProviders::Sha512
+      User.transition_from_crypto_providers = []
+    end
+    
+    def test_transition_from_restful_authentication_config
+      assert !User.transition_from_restful_authentication
+      assert !Employee.transition_from_restful_authentication
+      
+      User.transition_from_restful_authentication = true
+      assert User.transition_from_restful_authentication
+      assert defined?(::REST_AUTH_SITE_KEY)
+      assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
+      
+      User.transition_from_restful_authentication false
+      assert !User.transition_from_restful_authentication
+      
+      User.crypto_provider = Authlogic::CryptoProviders::Sha512
+      User.transition_from_crypto_providers = []
+    end
+    
+    def test_validates_confirmation_of_password
+      u = User.new
+      u.password = "test"
+      u.password_confirmation = "test2"
+      assert !u.valid?
+      assert u.errors.on(:password)
+      
+      u.password_confirmation = "test"
+      assert !u.valid?
+      assert !u.errors.on(:password)
+    end
+    
+    def test_validates_length_of_password_confirmation
+      u = User.new
+      
+      assert !u.valid?
+      assert u.errors.on(:password_confirmation)
+      
+      u.password = "test"
+      u.password_confirmation = ""
+      assert !u.valid?
+      assert u.errors.on(:password_confirmation)
+      
+      u.password_confirmation = "test"
+      assert !u.valid?
+      assert !u.errors.on(:password_confirmation)
+      
+      ben = users(:ben)
+      assert ben.valid?
+      
+      ben.password = "newpass"
+      assert !ben.valid?
+      assert ben.errors.on(:password_confirmation)
+      
+      ben.password_confirmation = "newpass"
+      assert ben.valid?
+    end
+    
+    def test_password
+      u = User.new
+      old_password_salt = u.password_salt
+      old_crypted_password = u.crypted_password
+      u.password = "test"
+      assert_not_equal old_password_salt, u.password_salt
+      assert_not_equal old_crypted_password, u.crypted_password
+    end
+    
+    def test_transitioning_password
+      ben = users(:ben)
+      transition_password_to(Authlogic::CryptoProviders::BCrypt, ben)
+      transition_password_to(Authlogic::CryptoProviders::Sha1, ben, [Authlogic::CryptoProviders::Sha512, Authlogic::CryptoProviders::BCrypt])
+      transition_password_to(Authlogic::CryptoProviders::Sha512, ben, [Authlogic::CryptoProviders::Sha1, Authlogic::CryptoProviders::BCrypt])
+    end
+    
+    def test_reset_password
+      ben = users(:ben)
+      old_crypted_password = ben.crypted_password
+      old_password_salt = ben.password_salt
+      
+      # soft reset
+      ben.reset_password
+      assert_not_equal old_crypted_password, ben.crypted_password
+      assert_not_equal old_password_salt, ben.password_salt
+      
+      # make sure it didn't go into the db
+      ben.reload
+      assert_equal old_crypted_password, ben.crypted_password
+      assert_equal old_password_salt, ben.password_salt
+      
+      # hard reset
+      assert ben.reset_password!
+      assert_not_equal old_crypted_password, ben.crypted_password
+      assert_not_equal old_password_salt, ben.password_salt
+      
+      # make sure it did go into the db
+      ben.reload
+      assert_not_equal old_crypted_password, ben.crypted_password
+      assert_not_equal old_password_salt, ben.password_salt
+    end
+    
+    private
+      def transition_password_to(crypto_provider, records, from_crypto_providers = Authlogic::CryptoProviders::Sha512)
+        records = [records] unless records.is_a?(Array)
+        User.acts_as_authentic do |c|
+          c.crypto_provider = crypto_provider
+          c.transition_from_crypto_providers = from_crypto_providers
+        end
+        records.each do |record|
+          old_hash = record.crypted_password
+          old_persistence_token = record.persistence_token
+          assert record.valid_password?(password_for(record))
+          assert_not_equal old_hash.to_s, record.crypted_password.to_s
+          assert_not_equal old_persistence_token.to_s, record.persistence_token.to_s
+          
+          old_hash = record.crypted_password
+          old_persistence_token = record.persistence_token
+          assert record.valid_password?(password_for(record))
+          assert_equal old_hash.to_s, record.crypted_password.to_s
+          assert_equal old_persistence_token.to_s, record.persistence_token.to_s
+        end
+      end
+  end
+end