authlogic 3.3.0 → 3.4.0

data/lib/authlogic/session/session.rb

@@ -12,7 +12,7 @@ module Authlogic
           after_persisting :update_session, :unless => :single_access?
         end
       end
-      
+
       # Configuration for the session feature.
       module Config
         # Works exactly like cookie_key, but for sessions. See cookie_key for more info.
@@ -24,7 +24,7 @@ module Authlogic
         end
         alias_method :session_key=, :session_key
       end
-      
+
       # Instance methods for the session feature.
       module InstanceMethods
         private
@@ -35,23 +35,23 @@ module Authlogic
               # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
               # This is done for performance reasons and to save on queries.
               record = record_id.nil? ?
-                search_for_record("find_by_persistence_token", persistence_token.to_s) :
-                search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
+                search_for_record("find_by_persistence_token", persistence_token) :
+                search_for_record("find_by_#{klass.primary_key}", record_id)
               self.unauthorized_record = record if record && record.persistence_token == persistence_token
               valid?
             else
               false
             end
           end
-          
+
           def session_credentials
-            [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].compact
+            [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].collect { |i| i.nil? ? i : i.to_s }.compact
           end
-          
+
           def session_key
             build_key(self.class.session_key)
           end
-          
+
           def update_session
             controller.session[session_key] = record && record.persistence_token
             controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)

data/lib/authlogic/test_case.rb

@@ -56,7 +56,7 @@ module Authlogic
   #
   #   setup :activate_authlogic
   #
-  # For those of you unfamiliar with TestUnit, the setup method bascially just executes a method before any test is ran.
+  # For those of you unfamiliar with TestUnit, the setup method basically just executes a method before any test is ran.
   # It is essentially "setting up" your tests.
   #
   # Once you have done this, just log users in like usual:
@@ -69,7 +69,7 @@ module Authlogic
   # === Integration tests
   #
   # Again, just like functional tests, you don't have to do anything. As soon as you make a request, Authlogic will be
-  # conntected. If you want to activate Authlogic before making a request follow the same steps described in the
+  # connected. If you want to activate Authlogic before making a request follow the same steps described in the
   # "functional tests" section above. It works in the same manner.
   #
   # === Unit tests
@@ -81,7 +81,7 @@ module Authlogic
   # that looks like a controller, acts like a controller, but isn't a "real" controller. You are essentially connecting
   # Authlogic to your "mock" controller, then you can test off of the mock controller to make sure everything is functioning
   # properly.
-  # 
+  #
   # I use a mock controller to test Authlogic myself. It's part of the Authlogic library that you can easily use. It's as simple
   # as functional and integration tests. Just do the following:
   #
@@ -108,13 +108,15 @@ module Authlogic
 
       Authlogic::Session::Base.controller = (@request && Authlogic::TestCase::RailsRequestAdapter.new(@request)) || controller
     end
-    
+
     # The Authlogic::TestCase::MockController object passed to Authlogic to activate it. You can access this in your test.
     # See the module description for an example.
     def controller
       @controller ||= Authlogic::TestCase::MockController.new
     end
   end
-  
+
   ::Test::Unit::TestCase.send(:include, TestCase) if defined?(::Test::Unit::TestCase)
+  ::MiniTest::Unit::TestCase.send(:include, TestCase) if defined?(::MiniTest::Unit::TestCase)
+  ::MiniTest::Test.send(:include, TestCase) if defined?(::MiniTest::Test)
 end

data/lib/authlogic/test_case/mock_cookie_jar.rb

@@ -9,6 +9,31 @@ module Authlogic
       def delete(key, options = {})
         super(key)
       end
+
+      def signed
+        @signed ||= MockSignedCookieJar.new(self)
+      end
+    end
+
+    class MockSignedCookieJar < MockCookieJar
+      attr_reader :parent_jar # helper for testing
+
+      def initialize(parent_jar)
+        @parent_jar = parent_jar
+      end
+
+      def [](val)
+        if signed_message = @parent_jar[val]
+          payload, signature = signed_message.split('--')
+          raise "Invalid signature" unless Digest::SHA1.hexdigest(payload) == signature
+          payload
+        end
+      end
+
+      def []=(key, options)
+        options[:value] = "#{options[:value]}--#{Digest::SHA1.hexdigest options[:value]}"
+        @parent_jar[key] = options
+      end
     end
   end
 end

data/lib/authlogic/test_case/mock_request.rb

@@ -7,7 +7,7 @@ module Authlogic
         self.controller = controller
       end
       
-      def ip
+      def remote_ip
         (controller && controller.respond_to?(:env) && controller.env.is_a?(Hash) && controller.env['REMOTE_ADDR']) || "1.1.1.1"
       end
       
@@ -16,4 +16,4 @@ module Authlogic
         end
     end
   end
-end
+end

data/test/acts_as_authentic_test/logged_in_status_test.rb

@@ -36,9 +36,9 @@ module ActsAsAuthenticTest
       # test happens so fast that the test fails... I just don't know a better way to test it!
       assert User.logged_in.where_values != User.logged_out.where_values, ERROR_MSG % '#logged_out'
 
-      assert_equal 2, User.logged_out.count
+      assert_equal 3, User.logged_out.count
       User.first.update_attribute(:last_request_at, Time.now)
-      assert_equal 1, User.logged_out.count
+      assert_equal 2, User.logged_out.count
     end
 
     def test_logged_in_logged_out
@@ -50,4 +50,4 @@ module ActsAsAuthenticTest
       assert !u.logged_out?
     end
   end
-end
+end

data/test/acts_as_authentic_test/password_test.rb

@@ -84,7 +84,7 @@ module ActsAsAuthenticTest
     end
     
     def test_crypto_provider_config
-      assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
+      assert_equal Authlogic::CryptoProviders::SCrypt, User.crypto_provider
       assert_equal Authlogic::CryptoProviders::AES256, Employee.crypto_provider
       
       User.crypto_provider = Authlogic::CryptoProviders::BCrypt
@@ -111,7 +111,12 @@ module ActsAsAuthenticTest
       
       u.password = "test"
       assert !u.valid?
-      assert u.errors[:password_confirmation].size == 0
+
+      if ActiveModel.respond_to?(:version) and ActiveModel.version.segments.first >= 4
+        assert u.errors[:password_confirmation].size == 5
+      else
+        assert u.errors[:password_confirmation].size == 0
+      end
     end
     
     def test_validates_confirmation_of_password
@@ -119,8 +124,12 @@ module ActsAsAuthenticTest
       u.password = "test"
       u.password_confirmation = "test2"
       assert !u.valid?
-      assert u.errors[:password].size > 0
-      
+#      assert u.errors[:password].size > 0
+      if ActiveModel.respond_to?(:version) and ActiveModel.version.segments.first >= 4
+        assert u.errors[:password_confirmation].size > 0
+      else
+        assert u.errors[:password].size > 0
+      end
       u.password_confirmation = "test"
       assert !u.valid?
       assert u.errors[:password].size == 0
@@ -166,10 +175,10 @@ module ActsAsAuthenticTest
     end
     
     def test_checks_password_against_database
-      ben = users(:ben)
+      ben = users(:aaron)
       ben.password = "new pass"
       assert !ben.valid_password?("new pass")
-      assert ben.valid_password?("benrocks")
+      assert ben.valid_password?("aaronrocks")
     end
     
     def test_checks_password_against_database_and_always_fails_on_new_records
@@ -233,4 +242,4 @@ module ActsAsAuthenticTest
         end
       end
   end
-end
+end

data/test/crypto_provider_test/bcrypt_test.rb

@@ -5,18 +5,10 @@ module CryptoProviderTest
     def test_encrypt
       assert Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
     end
-    
+
     def test_matches
       hash = Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
       assert Authlogic::CryptoProviders::BCrypt.matches?(hash, "mypass")
     end
-
-    def test_minimum_cost
-      Authlogic::CryptoProviders::BCrypt.cost = 4
-      assert_equal 4, Authlogic::CryptoProviders::BCrypt.cost
-
-      assert_raises(ArgumentError) { Authlogic::CryptoProviders::BCrypt.cost = 2 }
-      assert_equal 4, Authlogic::CryptoProviders::BCrypt.cost
-    end
   end
 end

data/test/fixtures/users.yml

@@ -21,4 +21,16 @@ zack:
   single_access_token: <%= Authlogic::Random.friendly_token %>
   email: zham@ziggityzack.com
   first_name: Zack
-  last_name: Ham
+  last_name: Ham
+
+aaron:
+  company: cigital
+  projects: web_services
+  login: abedra
+  crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("aaronrocks") %>
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  perishable_token: <%= Authlogic::Random.friendly_token %>
+  email: abedra@cigital.com
+  first_name: Aaron
+  last_name: Bedra

data/test/gemfiles/Gemfile.rails-3.2.x

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+gemspec :path => "./../.."
+
+gem "activerecord", "3.2.17"
+gem "activesupport", "3.2.17"

data/test/gemfiles/Gemfile.rails-4.0.x

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+gemspec :path => "./../.."
+
+gem "activerecord", "4.0.3"
+gem "activesupport", "4.0.3"

data/test/gemfiles/Gemfile.rails-4.1.x

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+gemspec :path => "./../.."
+
+gem "activerecord", "4.1.0.rc1"
+gem "activesupport", "4.1.0.rc1"

data/test/session_test/active_record_trickery_test.rb

@@ -28,7 +28,36 @@ module SessionTest
         session = UserSession.new
         assert session.new_record?
       end
+
+      def test_to_key
+        ben = users(:ben)
+        session = UserSession.new(ben)
+        assert_nil session.to_key
+
+        session.save
+        assert_not_nil session.to_key
+        assert_equal ben.to_key, session.to_key
+      end
+
+      def test_persisted
+        session = UserSession.new(users(:ben))
+        assert ! session.persisted?
+
+        session.save
+        assert session.persisted?
+
+        session.destroy
+        assert ! session.persisted?
+      end
       
+      def test_destroyed?
+        session = UserSession.create(users(:ben))
+        assert ! session.destroyed?
+
+        session.destroy
+        assert session.destroyed?
+      end
+
       def test_to_model
         session = UserSession.new
         assert_equal session, session.to_model

data/test/session_test/cookies_test.rb

@@ -65,6 +65,18 @@ module SessionTest
         session = UserSession.new
         assert_equal false, session.httponly
       end
+
+      def test_sign_cookie
+        UserSession.sign_cookie = true
+        assert_equal true, UserSession.sign_cookie
+        session = UserSession.new
+        assert_equal true, session.sign_cookie
+
+        UserSession.sign_cookie false
+        assert_equal false, UserSession.sign_cookie
+        session = UserSession.new
+        assert_equal false, session.sign_cookie
+      end
     end
 
     class InstanceMethodsTest < ActiveSupport::TestCase
@@ -136,12 +148,25 @@ module SessionTest
         assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
       end
 
+      def test_after_save_save_cookie_signed
+        ben = users(:ben)
+
+        assert_nil controller.cookies["user_credentials"]
+        payload = "#{ben.persistence_token}::#{ben.id}"
+
+        session = UserSession.new(ben)
+        session.sign_cookie = true
+        assert session.save
+        assert_equal payload, controller.cookies.signed["user_credentials"]
+        assert_equal "#{payload}--#{Digest::SHA1.hexdigest payload}", controller.cookies.signed.parent_jar["user_credentials"]
+      end
+
       def test_after_save_save_cookie_with_remember_me
         ben = users(:ben)
         session = UserSession.new(ben)
         session.remember_me = true
         assert session.save
-        assert_equal "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until}", controller.cookies["user_credentials"]
+        assert_equal "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}", controller.cookies["user_credentials"]
       end
 
       def test_after_destroy_destroy_cookie

data/test/session_test/session_test.rb

@@ -6,12 +6,12 @@ module SessionTest
       def test_session_key
         UserSession.session_key = "my_session_key"
         assert_equal "my_session_key", UserSession.session_key
-    
+
         UserSession.session_key "user_credentials"
         assert_equal "user_credentials", UserSession.session_key
       end
     end
-    
+
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_persist_persist_by_session
         ben = users(:ben)
@@ -38,16 +38,16 @@ module SessionTest
         end
         assert @user_session.blank?
       end
-      
+
       def test_persist_persist_by_session_with_token_only
         ben = users(:ben)
         set_session_for(ben)
         controller.session["user_credentials_id"] = nil
-        assert session = UserSession.find
+        session = UserSession.find
         assert_equal ben, session.record
         assert_equal ben.persistence_token, controller.session["user_credentials"]
       end
-    
+
       def test_after_save_update_session
         ben = users(:ben)
         session = UserSession.new(ben)
@@ -55,7 +55,7 @@ module SessionTest
         assert session.save
         assert_equal ben.persistence_token, controller.session["user_credentials"]
       end
-    
+
       def test_after_destroy_update_session
         ben = users(:ben)
         set_session_for(ben)
@@ -64,7 +64,7 @@ module SessionTest
         assert session.destroy
         assert controller.session["user_credentials"].blank?
       end
-    
+
       def test_after_persisting_update_session
         ben = users(:ben)
         set_cookie_for(ben)

data/test/test_helper.rb

@@ -1,10 +1,11 @@
-require "test/unit"
 require "rubygems"
+require "minitest/autorun"
 require "active_record"
 require "active_record/fixtures"
 require "timecop"
 require "i18n"
 
+
 I18n.load_path << File.dirname(__FILE__) + '/i18n/lol.yml'
 
 #ActiveRecord::Schema.verbose = false
@@ -14,6 +15,7 @@ logger.level= Logger::FATAL
 ActiveRecord::Base.logger = logger
 
 ActiveRecord::Base.configurations = true
+ActiveRecord::Base.default_timezone = :local
 ActiveRecord::Schema.define(:version => 1) do
   create_table :companies do |t|
     t.datetime  :created_at

metadata

@@ -1,144 +1,141 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 3.3.0
-  prerelease: 
+  version: 3.4.0
 platform: ruby
 authors:
 - Ben Johnson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-04 00:00:00.000000000 Z
+date: 2014-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: request_store
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.5
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 10.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 10.1.1
 - !ruby/object:Gem::Dependency
   name: bcrypt-ruby
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.1.5
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.1.5
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.9
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.9
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.7.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.7.1
 - !ruby/object:Gem::Dependency
   name: i18n
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.9
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.9
 description: A clean, simple, and unobtrusive ruby authentication solution.
 email:
 - bjohnson@binarylogic.com
@@ -146,9 +143,12 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
+- ".travis.yml"
+- CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
+- History
 - LICENSE
 - README.rdoc
 - Rakefile
@@ -169,7 +169,6 @@ files:
 - lib/authlogic/authenticates_many/association.rb
 - lib/authlogic/authenticates_many/base.rb
 - lib/authlogic/controller_adapters/abstract_adapter.rb
-- lib/authlogic/controller_adapters/rack_adapter.rb
 - lib/authlogic/controller_adapters/rails_adapter.rb
 - lib/authlogic/controller_adapters/sinatra_adapter.rb
 - lib/authlogic/crypto_providers/aes256.rb
@@ -235,6 +234,9 @@ files:
 - test/fixtures/employees.yml
 - test/fixtures/projects.yml
 - test/fixtures/users.yml
+- test/gemfiles/Gemfile.rails-3.2.x
+- test/gemfiles/Gemfile.rails-4.0.x
+- test/gemfiles/Gemfile.rails-4.1.x
 - test/i18n/lol.yml
 - test/i18n_test.rb
 - test/libs/affiliate.rb
@@ -271,27 +273,26 @@ files:
 - test/test_helper.rb
 homepage: http://github.com/binarylogic/authlogic
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A clean, simple, and unobtrusive ruby authentication solution.
 test_files:
 - test/acts_as_authentic_test/base_test.rb
@@ -316,6 +317,9 @@ test_files:
 - test/fixtures/employees.yml
 - test/fixtures/projects.yml
 - test/fixtures/users.yml
+- test/gemfiles/Gemfile.rails-3.2.x
+- test/gemfiles/Gemfile.rails-4.0.x
+- test/gemfiles/Gemfile.rails-4.1.x
 - test/i18n/lol.yml
 - test/i18n_test.rb
 - test/libs/affiliate.rb