authlogic 3.4.3 → 3.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -8,25 +8,26 @@ module ActsAsAuthenticTest
8
8
  ben.password = "newpass"
9
9
  assert_not_equal old_persistence_token, ben.persistence_token
10
10
  end
11
-
11
+
12
12
  def test_after_password_verification_reset_persistence_token
13
- ben = users(:ben)
14
- old_persistence_token = ben.persistence_token
15
- assert ben.valid_password?(password_for(ben))
16
- assert_equal old_persistence_token, ben.persistence_token
17
-
13
+ aaron = users(:aaron)
14
+ old_persistence_token = aaron.persistence_token
15
+
16
+ assert aaron.valid_password?(password_for(aaron))
17
+ assert_equal old_persistence_token, aaron.reload.persistence_token
18
+
18
19
  # only update it if it is nil
19
- assert ben.update_attribute(:persistence_token, nil)
20
- assert ben.valid_password?(password_for(ben))
21
- assert_not_equal old_persistence_token, ben.persistence_token
20
+ assert aaron.update_attribute(:persistence_token, nil)
21
+ assert aaron.valid_password?(password_for(aaron))
22
+ assert_not_equal old_persistence_token, aaron.persistence_token
22
23
  end
23
-
24
+
24
25
  def test_before_validate_reset_persistence_token
25
26
  u = User.new
26
27
  assert !u.valid?
27
28
  assert_not_nil u.persistence_token
28
29
  end
29
-
30
+
30
31
  def test_forget_all
31
32
  http_basic_auth_for(users(:ben)) { UserSession.find }
32
33
  http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
@@ -36,7 +37,7 @@ module ActsAsAuthenticTest
36
37
  assert !UserSession.find
37
38
  assert !UserSession.find(:ziggity_zack)
38
39
  end
39
-
40
+
40
41
  def test_forget
41
42
  ben = users(:ben)
42
43
  zack = users(:zack)
@@ -52,4 +53,4 @@ module ActsAsAuthenticTest
52
53
  assert UserSession.find(:ziggity_zack)
53
54
  end
54
55
  end
55
- end
56
+ end
@@ -5,7 +5,7 @@ module ActsAsAuthenticTest
5
5
  def test_act_like_restful_authentication_config
6
6
  assert !User.act_like_restful_authentication
7
7
  assert !Employee.act_like_restful_authentication
8
-
8
+
9
9
  User.act_like_restful_authentication = true
10
10
  assert User.act_like_restful_authentication
11
11
  assert_equal Authlogic::CryptoProviders::Sha1, User.crypto_provider
@@ -15,7 +15,7 @@ module ActsAsAuthenticTest
15
15
 
16
16
  User.act_like_restful_authentication false
17
17
  assert !User.act_like_restful_authentication
18
-
18
+
19
19
  User.crypto_provider = Authlogic::CryptoProviders::Sha512
20
20
  User.transition_from_crypto_providers = []
21
21
  end
@@ -23,18 +23,15 @@ module ActsAsAuthenticTest
23
23
  def test_transition_from_restful_authentication_config
24
24
  assert !User.transition_from_restful_authentication
25
25
  assert !Employee.transition_from_restful_authentication
26
-
26
+
27
27
  User.transition_from_restful_authentication = true
28
28
  assert User.transition_from_restful_authentication
29
29
  assert defined?(::REST_AUTH_SITE_KEY)
30
30
  assert_equal '', ::REST_AUTH_SITE_KEY
31
31
  assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
32
-
32
+
33
33
  User.transition_from_restful_authentication false
34
34
  assert !User.transition_from_restful_authentication
35
-
36
- User.crypto_provider = Authlogic::CryptoProviders::Sha512
37
- User.transition_from_crypto_providers = []
38
35
  end
39
36
  end
40
- end
37
+ end
@@ -0,0 +1,36 @@
1
+ require 'test_helper'
2
+
3
+ class ConfigTest < ActiveSupport::TestCase
4
+ def setup
5
+ @klass = Class.new {
6
+ extend Authlogic::Config
7
+
8
+ def self.foobar(value = nil)
9
+ rw_config(:foobar_field, value, 'default_foobar')
10
+ end
11
+ }
12
+
13
+ @subklass = Class.new(@klass)
14
+ end
15
+
16
+ def test_config
17
+ assert_equal({}, @klass.acts_as_authentic_config)
18
+ end
19
+
20
+ def test_rw_config_read_with_default
21
+ assert 'default_foobar', @klass.foobar
22
+ end
23
+
24
+ def test_rw_config_write
25
+ assert_equal 'my_foobar', @klass.foobar('my_foobar')
26
+ assert_equal 'my_foobar', @klass.foobar
27
+
28
+ assert_equal 'my_new_foobar', @klass.foobar('my_new_foobar')
29
+ assert_equal 'my_new_foobar', @klass.foobar
30
+ end
31
+
32
+ def test_subclass_rw_config_write
33
+ assert_equal 'subklass_foobar', @subklass.foobar('subklass_foobar')
34
+ assert_equal 'default_foobar', @klass.foobar
35
+ end
36
+ end
@@ -1,3 +1,8 @@
1
+ # NB :ben and :zack use the legacy crypto provider (Sha512) ... when they're
2
+ # tested for valid_password?() it will transition their password
3
+ # (re: test/libs/user.rb). This could have unintended side-effects (like auto-
4
+ # resetting their persistence token when checking password) -- one solution
5
+ # is to just switch in users(:aaron) for those tests.
1
6
  ben:
2
7
  company: binary_logic
3
8
  projects: web_services
@@ -10,7 +15,7 @@ ben:
10
15
  email: bjohnson@binarylogic.com
11
16
  first_name: Ben
12
17
  last_name: Johnson
13
-
18
+
14
19
  zack:
15
20
  company: logic_over_data
16
21
  projects: web_services
@@ -28,7 +33,7 @@ aaron:
28
33
  projects: web_services
29
34
  login: abedra
30
35
  crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("aaronrocks") %>
31
- persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
36
+ persistence_token: e3d853f5aa0dacac5c257d03c4e097a3a7f51b182a8fc4f62096d05e939b019855aff0290157ac854e4195f13284ff5223f1996d0fd073e7e360171de54db278
32
37
  single_access_token: <%= Authlogic::Random.friendly_token %>
33
38
  perishable_token: <%= Authlogic::Random.friendly_token %>
34
39
  email: abedra@cigital.com
@@ -0,0 +1,7 @@
1
+ source "https://rubygems.org"
2
+ gemspec :path => "./../.."
3
+
4
+ gem "activerecord", "~> 4.2.0"
5
+ gem "activesupport", "~> 4.2.0"
6
+ gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
7
+ gem 'sqlite3', :platforms => :ruby
data/test/libs/user.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  class User < ActiveRecord::Base
2
- acts_as_authentic
2
+ acts_as_authentic do |c|
3
+ c.transition_from_crypto_providers Authlogic::CryptoProviders::Sha512
4
+ end
3
5
  belongs_to :company
4
6
  has_and_belongs_to_many :projects
5
- end
7
+ end
@@ -3,3 +3,23 @@ end
3
3
 
4
4
  class BackOfficeUserSession < Authlogic::Session::Base
5
5
  end
6
+
7
+ class WackyUserSession < Authlogic::Session::Base
8
+ attr_accessor :counter
9
+ authenticate_with User
10
+
11
+ def initialize
12
+ @counter = 0
13
+ super
14
+ end
15
+
16
+ def persist_by_false
17
+ self.counter += 1
18
+ return false
19
+ end
20
+
21
+ def persist_by_true
22
+ self.counter += 1
23
+ return true
24
+ end
25
+ end
@@ -7,11 +7,11 @@ module SessionTest
7
7
  assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
8
8
  assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
9
9
  end
10
-
10
+
11
11
  def test_human_name
12
12
  assert_equal "Usersession", UserSession.human_name
13
13
  end
14
-
14
+
15
15
  def test_i18n_of_human_name
16
16
  I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
17
17
  assert_equal "MySession", UserSession.human_name
@@ -21,8 +21,14 @@ module SessionTest
21
21
  I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
22
22
  assert_equal "MySession", UserSession.model_name.human
23
23
  end
24
+
25
+ def test_model_name
26
+ assert_equal "UserSession", UserSession.model_name.name
27
+ assert_equal "user_session", UserSession.model_name.singular
28
+ assert_equal "user_sessions", UserSession.model_name.plural
29
+ end
24
30
  end
25
-
31
+
26
32
  class InstanceMethodsTest < ActiveSupport::TestCase
27
33
  def test_new_record
28
34
  session = UserSession.new
@@ -49,7 +55,7 @@ module SessionTest
49
55
  session.destroy
50
56
  assert ! session.persisted?
51
57
  end
52
-
58
+
53
59
  def test_destroyed?
54
60
  session = UserSession.create(users(:ben))
55
61
  assert ! session.destroyed?
@@ -6,20 +6,20 @@ module SessionTest
6
6
  def test_consecutive_failed_logins_limit
7
7
  UserSession.consecutive_failed_logins_limit = 10
8
8
  assert_equal 10, UserSession.consecutive_failed_logins_limit
9
-
9
+
10
10
  UserSession.consecutive_failed_logins_limit 50
11
11
  assert_equal 50, UserSession.consecutive_failed_logins_limit
12
12
  end
13
-
13
+
14
14
  def test_failed_login_ban_for
15
15
  UserSession.failed_login_ban_for = 10
16
16
  assert_equal 10, UserSession.failed_login_ban_for
17
-
17
+
18
18
  UserSession.failed_login_ban_for 2.hours
19
19
  assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
20
20
  end
21
21
  end
22
-
22
+
23
23
  class InstanceMethodsTest < ActiveSupport::TestCase
24
24
  def test_under_limit
25
25
  ben = users(:ben)
@@ -34,46 +34,48 @@ module SessionTest
34
34
  assert ben.save
35
35
  assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
36
36
  assert UserSession.create(ben).new_session?
37
+
38
+ ben.reload
37
39
  ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
38
40
  assert !UserSession.create(ben).new_session?
39
41
  end
40
-
42
+
41
43
  def test_exceeding_failed_logins_limit
42
44
  UserSession.consecutive_failed_logins_limit = 2
43
45
  ben = users(:ben)
44
-
46
+
45
47
  2.times do |i|
46
48
  session = UserSession.new(:login => ben.login, :password => "badpassword1")
47
49
  assert !session.save
48
50
  assert session.errors[:password].size > 0
49
51
  assert_equal i + 1, ben.reload.failed_login_count
50
52
  end
51
-
53
+
52
54
  session = UserSession.new(:login => ben.login, :password => "badpassword2")
53
55
  assert !session.save
54
56
  assert session.errors[:password].size == 0
55
57
  assert_equal 3, ben.reload.failed_login_count
56
-
58
+
57
59
  UserSession.consecutive_failed_logins_limit = 50
58
60
  end
59
-
61
+
60
62
  def test_exceeded_ban_for
61
63
  UserSession.consecutive_failed_logins_limit = 2
62
64
  UserSession.generalize_credentials_error_messages true
63
65
  ben = users(:ben)
64
-
66
+
65
67
  2.times do |i|
66
68
  session = UserSession.new(:login => ben.login, :password => "badpassword1")
67
69
  assert !session.save
68
70
  assert session.invalid_password?
69
71
  assert_equal i + 1, ben.reload.failed_login_count
70
72
  end
71
-
73
+
72
74
  ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
73
75
  session = UserSession.new(:login => ben.login, :password => "benrocks")
74
76
  assert session.save
75
77
  assert_equal 0, ben.reload.failed_login_count
76
-
78
+
77
79
  UserSession.consecutive_failed_logins_limit = 50
78
80
  UserSession.generalize_credentials_error_messages false
79
81
  end
@@ -81,21 +83,21 @@ module SessionTest
81
83
  def test_exceeded_ban_and_failed_doesnt_ban_again
82
84
  UserSession.consecutive_failed_logins_limit = 2
83
85
  ben = users(:ben)
84
-
86
+
85
87
  2.times do |i|
86
88
  session = UserSession.new(:login => ben.login, :password => "badpassword1")
87
89
  assert !session.save
88
90
  assert session.errors[:password].size > 0
89
91
  assert_equal i + 1, ben.reload.failed_login_count
90
92
  end
91
-
93
+
92
94
  ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
93
95
  session = UserSession.new(:login => ben.login, :password => "badpassword1")
94
96
  assert !session.save
95
97
  assert_equal 1, ben.reload.failed_login_count
96
-
98
+
97
99
  UserSession.consecutive_failed_logins_limit = 50
98
100
  end
99
101
  end
100
102
  end
101
- end
103
+ end
@@ -1,31 +1,11 @@
1
1
  require 'test_helper'
2
2
 
3
- class WackyUserSession < Authlogic::Session::Base
4
- attr_accessor :counter
5
- authenticate_with User
6
-
7
- def initialize
8
- @counter = 0
9
- super
10
- end
11
-
12
- def persist_by_false
13
- self.counter += 1
14
- return false
15
- end
16
-
17
- def persist_by_true
18
- self.counter += 1
19
- return true
20
- end
21
- end
22
-
23
3
  module SessionTest
24
4
  class CallbacksTest < ActiveSupport::TestCase
25
5
  def setup
26
6
  WackyUserSession.reset_callbacks(:persist)
27
7
  end
28
-
8
+
29
9
  def test_no_callbacks
30
10
  assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
31
11
  session = WackyUserSession.new
@@ -36,19 +16,19 @@ module SessionTest
36
16
  def test_true_callback_cancelling_later_callbacks
37
17
  WackyUserSession.persist :persist_by_true, :persist_by_false
38
18
  assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
39
-
19
+
40
20
  session = WackyUserSession.new
41
21
  session.send(:persist)
42
22
  assert_equal 1, session.counter
43
23
  end
44
-
24
+
45
25
  def test_false_callback_continuing_to_later_callbacks
46
26
  WackyUserSession.persist :persist_by_false, :persist_by_true
47
27
  assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
48
-
28
+
49
29
  session = WackyUserSession.new
50
30
  session.send(:persist)
51
31
  assert_equal 2, session.counter
52
32
  end
53
33
  end
54
- end
34
+ end
@@ -0,0 +1,6 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ class FoundationTest < ActiveSupport::TestCase
5
+ end
6
+ end
@@ -6,7 +6,7 @@ module SessionTest
6
6
  def test_allow_http_basic_auth
7
7
  UserSession.allow_http_basic_auth = false
8
8
  assert_equal false, UserSession.allow_http_basic_auth
9
-
9
+
10
10
  UserSession.allow_http_basic_auth true
11
11
  assert_equal true, UserSession.allow_http_basic_auth
12
12
  end
@@ -20,34 +20,36 @@ module SessionTest
20
20
  end
21
21
 
22
22
  def test_http_basic_auth_realm
23
+ original_http_basic_auth_realm = UserSession.http_basic_auth_realm
24
+
23
25
  assert_equal 'Application', UserSession.http_basic_auth_realm
24
26
 
25
27
  UserSession.http_basic_auth_realm = 'TestRealm'
26
28
  assert_equal 'TestRealm', UserSession.http_basic_auth_realm
27
29
  end
28
30
  end
29
-
31
+
30
32
  class InstanceMethodsTest < ActiveSupport::TestCase
31
33
  def test_persist_persist_by_http_auth
32
- ben = users(:ben)
34
+ aaron = users(:aaron)
33
35
  http_basic_auth_for do
34
36
  assert !UserSession.find
35
37
  end
36
- http_basic_auth_for(ben) do
38
+ http_basic_auth_for(aaron) do
37
39
  assert session = UserSession.find
38
- assert_equal ben, session.record
39
- assert_equal ben.login, session.login
40
- assert_equal "benrocks", session.send(:protected_password)
40
+ assert_equal aaron, session.record
41
+ assert_equal aaron.login, session.login
42
+ assert_equal "aaronrocks", session.send(:protected_password)
41
43
  assert !controller.http_auth_requested?
42
44
  end
43
45
  unset_session
44
46
  UserSession.request_http_basic_auth = true
45
47
  UserSession.http_basic_auth_realm = 'PersistTestRealm'
46
- http_basic_auth_for(ben) do
48
+ http_basic_auth_for(aaron) do
47
49
  assert session = UserSession.find
48
- assert_equal ben, session.record
49
- assert_equal ben.login, session.login
50
- assert_equal "benrocks", session.send(:protected_password)
50
+ assert_equal aaron, session.record
51
+ assert_equal aaron.login, session.login
52
+ assert_equal "aaronrocks", session.send(:protected_password)
51
53
  assert_equal 'PersistTestRealm', controller.realm
52
54
  assert controller.http_auth_requested?
53
55
  end