authlogic 3.4.3 → 3.4.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -0
- data/README.rdoc +13 -2
- data/authlogic.gemspec +1 -1
- data/lib/authlogic.rb +1 -0
- data/lib/authlogic/acts_as_authentic/base.rb +2 -13
- data/lib/authlogic/config.rb +23 -0
- data/lib/authlogic/session/active_record_trickery.rb +10 -22
- data/lib/authlogic/session/cookies.rb +3 -3
- data/lib/authlogic/session/foundation.rb +5 -23
- data/test/acts_as_authentic_test/base_test.rb +3 -3
- data/test/acts_as_authentic_test/email_test.rb +6 -12
- data/test/acts_as_authentic_test/logged_in_status_test.rb +4 -1
- data/test/acts_as_authentic_test/password_test.rb +53 -59
- data/test/acts_as_authentic_test/persistence_token_test.rb +14 -13
- data/test/acts_as_authentic_test/restful_authentication_test.rb +5 -8
- data/test/config_test.rb +36 -0
- data/test/fixtures/users.yml +7 -2
- data/test/gemfiles/Gemfile.rails-4.2.x +7 -0
- data/test/libs/user.rb +4 -2
- data/test/libs/user_session.rb +20 -0
- data/test/session_test/active_record_trickery_test.rb +10 -4
- data/test/session_test/brute_force_protection_test.rb +18 -16
- data/test/session_test/callbacks_test.rb +5 -25
- data/test/session_test/foundation_test.rb +6 -0
- data/test/session_test/http_auth_test.rb +13 -11
- data/test/session_test/magic_columns_test.rb +27 -27
- data/test/session_test/password_test.rb +15 -15
- data/test/session_test/persistence_test.rb +8 -8
- data/test/test_helper.rb +33 -10
- metadata +54 -49
- data/test/libs/ordered_hash.rb +0 -9
|
@@ -8,25 +8,26 @@ module ActsAsAuthenticTest
|
|
|
8
8
|
ben.password = "newpass"
|
|
9
9
|
assert_not_equal old_persistence_token, ben.persistence_token
|
|
10
10
|
end
|
|
11
|
-
|
|
11
|
+
|
|
12
12
|
def test_after_password_verification_reset_persistence_token
|
|
13
|
-
|
|
14
|
-
old_persistence_token =
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
13
|
+
aaron = users(:aaron)
|
|
14
|
+
old_persistence_token = aaron.persistence_token
|
|
15
|
+
|
|
16
|
+
assert aaron.valid_password?(password_for(aaron))
|
|
17
|
+
assert_equal old_persistence_token, aaron.reload.persistence_token
|
|
18
|
+
|
|
18
19
|
# only update it if it is nil
|
|
19
|
-
assert
|
|
20
|
-
assert
|
|
21
|
-
assert_not_equal old_persistence_token,
|
|
20
|
+
assert aaron.update_attribute(:persistence_token, nil)
|
|
21
|
+
assert aaron.valid_password?(password_for(aaron))
|
|
22
|
+
assert_not_equal old_persistence_token, aaron.persistence_token
|
|
22
23
|
end
|
|
23
|
-
|
|
24
|
+
|
|
24
25
|
def test_before_validate_reset_persistence_token
|
|
25
26
|
u = User.new
|
|
26
27
|
assert !u.valid?
|
|
27
28
|
assert_not_nil u.persistence_token
|
|
28
29
|
end
|
|
29
|
-
|
|
30
|
+
|
|
30
31
|
def test_forget_all
|
|
31
32
|
http_basic_auth_for(users(:ben)) { UserSession.find }
|
|
32
33
|
http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
|
|
@@ -36,7 +37,7 @@ module ActsAsAuthenticTest
|
|
|
36
37
|
assert !UserSession.find
|
|
37
38
|
assert !UserSession.find(:ziggity_zack)
|
|
38
39
|
end
|
|
39
|
-
|
|
40
|
+
|
|
40
41
|
def test_forget
|
|
41
42
|
ben = users(:ben)
|
|
42
43
|
zack = users(:zack)
|
|
@@ -52,4 +53,4 @@ module ActsAsAuthenticTest
|
|
|
52
53
|
assert UserSession.find(:ziggity_zack)
|
|
53
54
|
end
|
|
54
55
|
end
|
|
55
|
-
end
|
|
56
|
+
end
|
|
@@ -5,7 +5,7 @@ module ActsAsAuthenticTest
|
|
|
5
5
|
def test_act_like_restful_authentication_config
|
|
6
6
|
assert !User.act_like_restful_authentication
|
|
7
7
|
assert !Employee.act_like_restful_authentication
|
|
8
|
-
|
|
8
|
+
|
|
9
9
|
User.act_like_restful_authentication = true
|
|
10
10
|
assert User.act_like_restful_authentication
|
|
11
11
|
assert_equal Authlogic::CryptoProviders::Sha1, User.crypto_provider
|
|
@@ -15,7 +15,7 @@ module ActsAsAuthenticTest
|
|
|
15
15
|
|
|
16
16
|
User.act_like_restful_authentication false
|
|
17
17
|
assert !User.act_like_restful_authentication
|
|
18
|
-
|
|
18
|
+
|
|
19
19
|
User.crypto_provider = Authlogic::CryptoProviders::Sha512
|
|
20
20
|
User.transition_from_crypto_providers = []
|
|
21
21
|
end
|
|
@@ -23,18 +23,15 @@ module ActsAsAuthenticTest
|
|
|
23
23
|
def test_transition_from_restful_authentication_config
|
|
24
24
|
assert !User.transition_from_restful_authentication
|
|
25
25
|
assert !Employee.transition_from_restful_authentication
|
|
26
|
-
|
|
26
|
+
|
|
27
27
|
User.transition_from_restful_authentication = true
|
|
28
28
|
assert User.transition_from_restful_authentication
|
|
29
29
|
assert defined?(::REST_AUTH_SITE_KEY)
|
|
30
30
|
assert_equal '', ::REST_AUTH_SITE_KEY
|
|
31
31
|
assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
|
|
32
|
-
|
|
32
|
+
|
|
33
33
|
User.transition_from_restful_authentication false
|
|
34
34
|
assert !User.transition_from_restful_authentication
|
|
35
|
-
|
|
36
|
-
User.crypto_provider = Authlogic::CryptoProviders::Sha512
|
|
37
|
-
User.transition_from_crypto_providers = []
|
|
38
35
|
end
|
|
39
36
|
end
|
|
40
|
-
end
|
|
37
|
+
end
|
data/test/config_test.rb
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class ConfigTest < ActiveSupport::TestCase
|
|
4
|
+
def setup
|
|
5
|
+
@klass = Class.new {
|
|
6
|
+
extend Authlogic::Config
|
|
7
|
+
|
|
8
|
+
def self.foobar(value = nil)
|
|
9
|
+
rw_config(:foobar_field, value, 'default_foobar')
|
|
10
|
+
end
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
@subklass = Class.new(@klass)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def test_config
|
|
17
|
+
assert_equal({}, @klass.acts_as_authentic_config)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def test_rw_config_read_with_default
|
|
21
|
+
assert 'default_foobar', @klass.foobar
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def test_rw_config_write
|
|
25
|
+
assert_equal 'my_foobar', @klass.foobar('my_foobar')
|
|
26
|
+
assert_equal 'my_foobar', @klass.foobar
|
|
27
|
+
|
|
28
|
+
assert_equal 'my_new_foobar', @klass.foobar('my_new_foobar')
|
|
29
|
+
assert_equal 'my_new_foobar', @klass.foobar
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def test_subclass_rw_config_write
|
|
33
|
+
assert_equal 'subklass_foobar', @subklass.foobar('subklass_foobar')
|
|
34
|
+
assert_equal 'default_foobar', @klass.foobar
|
|
35
|
+
end
|
|
36
|
+
end
|
data/test/fixtures/users.yml
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# NB :ben and :zack use the legacy crypto provider (Sha512) ... when they're
|
|
2
|
+
# tested for valid_password?() it will transition their password
|
|
3
|
+
# (re: test/libs/user.rb). This could have unintended side-effects (like auto-
|
|
4
|
+
# resetting their persistence token when checking password) -- one solution
|
|
5
|
+
# is to just switch in users(:aaron) for those tests.
|
|
1
6
|
ben:
|
|
2
7
|
company: binary_logic
|
|
3
8
|
projects: web_services
|
|
@@ -10,7 +15,7 @@ ben:
|
|
|
10
15
|
email: bjohnson@binarylogic.com
|
|
11
16
|
first_name: Ben
|
|
12
17
|
last_name: Johnson
|
|
13
|
-
|
|
18
|
+
|
|
14
19
|
zack:
|
|
15
20
|
company: logic_over_data
|
|
16
21
|
projects: web_services
|
|
@@ -28,7 +33,7 @@ aaron:
|
|
|
28
33
|
projects: web_services
|
|
29
34
|
login: abedra
|
|
30
35
|
crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("aaronrocks") %>
|
|
31
|
-
persistence_token:
|
|
36
|
+
persistence_token: e3d853f5aa0dacac5c257d03c4e097a3a7f51b182a8fc4f62096d05e939b019855aff0290157ac854e4195f13284ff5223f1996d0fd073e7e360171de54db278
|
|
32
37
|
single_access_token: <%= Authlogic::Random.friendly_token %>
|
|
33
38
|
perishable_token: <%= Authlogic::Random.friendly_token %>
|
|
34
39
|
email: abedra@cigital.com
|
data/test/libs/user.rb
CHANGED
data/test/libs/user_session.rb
CHANGED
|
@@ -3,3 +3,23 @@ end
|
|
|
3
3
|
|
|
4
4
|
class BackOfficeUserSession < Authlogic::Session::Base
|
|
5
5
|
end
|
|
6
|
+
|
|
7
|
+
class WackyUserSession < Authlogic::Session::Base
|
|
8
|
+
attr_accessor :counter
|
|
9
|
+
authenticate_with User
|
|
10
|
+
|
|
11
|
+
def initialize
|
|
12
|
+
@counter = 0
|
|
13
|
+
super
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def persist_by_false
|
|
17
|
+
self.counter += 1
|
|
18
|
+
return false
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def persist_by_true
|
|
22
|
+
self.counter += 1
|
|
23
|
+
return true
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -7,11 +7,11 @@ module SessionTest
|
|
|
7
7
|
assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
|
|
8
8
|
assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
|
|
9
9
|
end
|
|
10
|
-
|
|
10
|
+
|
|
11
11
|
def test_human_name
|
|
12
12
|
assert_equal "Usersession", UserSession.human_name
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
def test_i18n_of_human_name
|
|
16
16
|
I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
|
|
17
17
|
assert_equal "MySession", UserSession.human_name
|
|
@@ -21,8 +21,14 @@ module SessionTest
|
|
|
21
21
|
I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
|
|
22
22
|
assert_equal "MySession", UserSession.model_name.human
|
|
23
23
|
end
|
|
24
|
+
|
|
25
|
+
def test_model_name
|
|
26
|
+
assert_equal "UserSession", UserSession.model_name.name
|
|
27
|
+
assert_equal "user_session", UserSession.model_name.singular
|
|
28
|
+
assert_equal "user_sessions", UserSession.model_name.plural
|
|
29
|
+
end
|
|
24
30
|
end
|
|
25
|
-
|
|
31
|
+
|
|
26
32
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
27
33
|
def test_new_record
|
|
28
34
|
session = UserSession.new
|
|
@@ -49,7 +55,7 @@ module SessionTest
|
|
|
49
55
|
session.destroy
|
|
50
56
|
assert ! session.persisted?
|
|
51
57
|
end
|
|
52
|
-
|
|
58
|
+
|
|
53
59
|
def test_destroyed?
|
|
54
60
|
session = UserSession.create(users(:ben))
|
|
55
61
|
assert ! session.destroyed?
|
|
@@ -6,20 +6,20 @@ module SessionTest
|
|
|
6
6
|
def test_consecutive_failed_logins_limit
|
|
7
7
|
UserSession.consecutive_failed_logins_limit = 10
|
|
8
8
|
assert_equal 10, UserSession.consecutive_failed_logins_limit
|
|
9
|
-
|
|
9
|
+
|
|
10
10
|
UserSession.consecutive_failed_logins_limit 50
|
|
11
11
|
assert_equal 50, UserSession.consecutive_failed_logins_limit
|
|
12
12
|
end
|
|
13
|
-
|
|
13
|
+
|
|
14
14
|
def test_failed_login_ban_for
|
|
15
15
|
UserSession.failed_login_ban_for = 10
|
|
16
16
|
assert_equal 10, UserSession.failed_login_ban_for
|
|
17
|
-
|
|
17
|
+
|
|
18
18
|
UserSession.failed_login_ban_for 2.hours
|
|
19
19
|
assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
|
-
|
|
22
|
+
|
|
23
23
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
24
24
|
def test_under_limit
|
|
25
25
|
ben = users(:ben)
|
|
@@ -34,46 +34,48 @@ module SessionTest
|
|
|
34
34
|
assert ben.save
|
|
35
35
|
assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
|
|
36
36
|
assert UserSession.create(ben).new_session?
|
|
37
|
+
|
|
38
|
+
ben.reload
|
|
37
39
|
ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
|
|
38
40
|
assert !UserSession.create(ben).new_session?
|
|
39
41
|
end
|
|
40
|
-
|
|
42
|
+
|
|
41
43
|
def test_exceeding_failed_logins_limit
|
|
42
44
|
UserSession.consecutive_failed_logins_limit = 2
|
|
43
45
|
ben = users(:ben)
|
|
44
|
-
|
|
46
|
+
|
|
45
47
|
2.times do |i|
|
|
46
48
|
session = UserSession.new(:login => ben.login, :password => "badpassword1")
|
|
47
49
|
assert !session.save
|
|
48
50
|
assert session.errors[:password].size > 0
|
|
49
51
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
50
52
|
end
|
|
51
|
-
|
|
53
|
+
|
|
52
54
|
session = UserSession.new(:login => ben.login, :password => "badpassword2")
|
|
53
55
|
assert !session.save
|
|
54
56
|
assert session.errors[:password].size == 0
|
|
55
57
|
assert_equal 3, ben.reload.failed_login_count
|
|
56
|
-
|
|
58
|
+
|
|
57
59
|
UserSession.consecutive_failed_logins_limit = 50
|
|
58
60
|
end
|
|
59
|
-
|
|
61
|
+
|
|
60
62
|
def test_exceeded_ban_for
|
|
61
63
|
UserSession.consecutive_failed_logins_limit = 2
|
|
62
64
|
UserSession.generalize_credentials_error_messages true
|
|
63
65
|
ben = users(:ben)
|
|
64
|
-
|
|
66
|
+
|
|
65
67
|
2.times do |i|
|
|
66
68
|
session = UserSession.new(:login => ben.login, :password => "badpassword1")
|
|
67
69
|
assert !session.save
|
|
68
70
|
assert session.invalid_password?
|
|
69
71
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
70
72
|
end
|
|
71
|
-
|
|
73
|
+
|
|
72
74
|
ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
|
|
73
75
|
session = UserSession.new(:login => ben.login, :password => "benrocks")
|
|
74
76
|
assert session.save
|
|
75
77
|
assert_equal 0, ben.reload.failed_login_count
|
|
76
|
-
|
|
78
|
+
|
|
77
79
|
UserSession.consecutive_failed_logins_limit = 50
|
|
78
80
|
UserSession.generalize_credentials_error_messages false
|
|
79
81
|
end
|
|
@@ -81,21 +83,21 @@ module SessionTest
|
|
|
81
83
|
def test_exceeded_ban_and_failed_doesnt_ban_again
|
|
82
84
|
UserSession.consecutive_failed_logins_limit = 2
|
|
83
85
|
ben = users(:ben)
|
|
84
|
-
|
|
86
|
+
|
|
85
87
|
2.times do |i|
|
|
86
88
|
session = UserSession.new(:login => ben.login, :password => "badpassword1")
|
|
87
89
|
assert !session.save
|
|
88
90
|
assert session.errors[:password].size > 0
|
|
89
91
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
90
92
|
end
|
|
91
|
-
|
|
93
|
+
|
|
92
94
|
ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
|
|
93
95
|
session = UserSession.new(:login => ben.login, :password => "badpassword1")
|
|
94
96
|
assert !session.save
|
|
95
97
|
assert_equal 1, ben.reload.failed_login_count
|
|
96
|
-
|
|
98
|
+
|
|
97
99
|
UserSession.consecutive_failed_logins_limit = 50
|
|
98
100
|
end
|
|
99
101
|
end
|
|
100
102
|
end
|
|
101
|
-
end
|
|
103
|
+
end
|
|
@@ -1,31 +1,11 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class WackyUserSession < Authlogic::Session::Base
|
|
4
|
-
attr_accessor :counter
|
|
5
|
-
authenticate_with User
|
|
6
|
-
|
|
7
|
-
def initialize
|
|
8
|
-
@counter = 0
|
|
9
|
-
super
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def persist_by_false
|
|
13
|
-
self.counter += 1
|
|
14
|
-
return false
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def persist_by_true
|
|
18
|
-
self.counter += 1
|
|
19
|
-
return true
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
|
|
23
3
|
module SessionTest
|
|
24
4
|
class CallbacksTest < ActiveSupport::TestCase
|
|
25
5
|
def setup
|
|
26
6
|
WackyUserSession.reset_callbacks(:persist)
|
|
27
7
|
end
|
|
28
|
-
|
|
8
|
+
|
|
29
9
|
def test_no_callbacks
|
|
30
10
|
assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
|
|
31
11
|
session = WackyUserSession.new
|
|
@@ -36,19 +16,19 @@ module SessionTest
|
|
|
36
16
|
def test_true_callback_cancelling_later_callbacks
|
|
37
17
|
WackyUserSession.persist :persist_by_true, :persist_by_false
|
|
38
18
|
assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
|
|
39
|
-
|
|
19
|
+
|
|
40
20
|
session = WackyUserSession.new
|
|
41
21
|
session.send(:persist)
|
|
42
22
|
assert_equal 1, session.counter
|
|
43
23
|
end
|
|
44
|
-
|
|
24
|
+
|
|
45
25
|
def test_false_callback_continuing_to_later_callbacks
|
|
46
26
|
WackyUserSession.persist :persist_by_false, :persist_by_true
|
|
47
27
|
assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
|
|
48
|
-
|
|
28
|
+
|
|
49
29
|
session = WackyUserSession.new
|
|
50
30
|
session.send(:persist)
|
|
51
31
|
assert_equal 2, session.counter
|
|
52
32
|
end
|
|
53
33
|
end
|
|
54
|
-
end
|
|
34
|
+
end
|
|
@@ -6,7 +6,7 @@ module SessionTest
|
|
|
6
6
|
def test_allow_http_basic_auth
|
|
7
7
|
UserSession.allow_http_basic_auth = false
|
|
8
8
|
assert_equal false, UserSession.allow_http_basic_auth
|
|
9
|
-
|
|
9
|
+
|
|
10
10
|
UserSession.allow_http_basic_auth true
|
|
11
11
|
assert_equal true, UserSession.allow_http_basic_auth
|
|
12
12
|
end
|
|
@@ -20,34 +20,36 @@ module SessionTest
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def test_http_basic_auth_realm
|
|
23
|
+
original_http_basic_auth_realm = UserSession.http_basic_auth_realm
|
|
24
|
+
|
|
23
25
|
assert_equal 'Application', UserSession.http_basic_auth_realm
|
|
24
26
|
|
|
25
27
|
UserSession.http_basic_auth_realm = 'TestRealm'
|
|
26
28
|
assert_equal 'TestRealm', UserSession.http_basic_auth_realm
|
|
27
29
|
end
|
|
28
30
|
end
|
|
29
|
-
|
|
31
|
+
|
|
30
32
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
31
33
|
def test_persist_persist_by_http_auth
|
|
32
|
-
|
|
34
|
+
aaron = users(:aaron)
|
|
33
35
|
http_basic_auth_for do
|
|
34
36
|
assert !UserSession.find
|
|
35
37
|
end
|
|
36
|
-
http_basic_auth_for(
|
|
38
|
+
http_basic_auth_for(aaron) do
|
|
37
39
|
assert session = UserSession.find
|
|
38
|
-
assert_equal
|
|
39
|
-
assert_equal
|
|
40
|
-
assert_equal "
|
|
40
|
+
assert_equal aaron, session.record
|
|
41
|
+
assert_equal aaron.login, session.login
|
|
42
|
+
assert_equal "aaronrocks", session.send(:protected_password)
|
|
41
43
|
assert !controller.http_auth_requested?
|
|
42
44
|
end
|
|
43
45
|
unset_session
|
|
44
46
|
UserSession.request_http_basic_auth = true
|
|
45
47
|
UserSession.http_basic_auth_realm = 'PersistTestRealm'
|
|
46
|
-
http_basic_auth_for(
|
|
48
|
+
http_basic_auth_for(aaron) do
|
|
47
49
|
assert session = UserSession.find
|
|
48
|
-
assert_equal
|
|
49
|
-
assert_equal
|
|
50
|
-
assert_equal "
|
|
50
|
+
assert_equal aaron, session.record
|
|
51
|
+
assert_equal aaron.login, session.login
|
|
52
|
+
assert_equal "aaronrocks", session.send(:protected_password)
|
|
51
53
|
assert_equal 'PersistTestRealm', controller.realm
|
|
52
54
|
assert controller.http_auth_requested?
|
|
53
55
|
end
|