RubyGems - authlogic - Versions diffs - 3.4.6 → 4.2.0 - Mend

authlogic 3.4.6 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

checksums.yaml +5 -5
data/.github/ISSUE_TEMPLATE.md +13 -0
data/.github/triage.md +87 -0
data/.gitignore +4 -0
data/.rubocop.yml +127 -0
data/.rubocop_todo.yml +65 -0
data/.travis.yml +18 -10
data/CHANGELOG.md +156 -6
data/CONTRIBUTING.md +71 -3
data/Gemfile +2 -2
data/README.md +386 -0
data/Rakefile +13 -7
data/UPGRADING.md +22 -0
data/authlogic.gemspec +33 -22
data/lib/authlogic.rb +60 -52
data/lib/authlogic/acts_as_authentic/base.rb +40 -26
data/lib/authlogic/acts_as_authentic/email.rb +96 -32
data/lib/authlogic/acts_as_authentic/logged_in_status.rb +36 -12
data/lib/authlogic/acts_as_authentic/login.rb +114 -49
data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
data/lib/authlogic/acts_as_authentic/password.rb +296 -139
data/lib/authlogic/acts_as_authentic/perishable_token.rb +34 -20
data/lib/authlogic/acts_as_authentic/persistence_token.rb +20 -24
data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
data/lib/authlogic/acts_as_authentic/restful_authentication.rb +68 -23
data/lib/authlogic/acts_as_authentic/session_maintenance.rb +128 -85
data/lib/authlogic/acts_as_authentic/single_access_token.rb +41 -25
data/lib/authlogic/acts_as_authentic/validations_scope.rb +8 -8
data/lib/authlogic/authenticates_many/association.rb +22 -14
data/lib/authlogic/authenticates_many/base.rb +35 -16
data/lib/authlogic/config.rb +10 -10
data/lib/authlogic/controller_adapters/abstract_adapter.rb +40 -12
data/lib/authlogic/controller_adapters/rack_adapter.rb +15 -8
data/lib/authlogic/controller_adapters/rails_adapter.rb +42 -22
data/lib/authlogic/controller_adapters/sinatra_adapter.rb +3 -3
data/lib/authlogic/crypto_providers.rb +91 -0
data/lib/authlogic/crypto_providers/aes256.rb +42 -14
data/lib/authlogic/crypto_providers/bcrypt.rb +35 -20
data/lib/authlogic/crypto_providers/md5.rb +11 -9
data/lib/authlogic/crypto_providers/scrypt.rb +26 -13
data/lib/authlogic/crypto_providers/sha1.rb +14 -8
data/lib/authlogic/crypto_providers/sha256.rb +16 -12
data/lib/authlogic/crypto_providers/sha512.rb +8 -24
data/lib/authlogic/crypto_providers/wordpress.rb +44 -15
data/lib/authlogic/i18n.rb +33 -20
data/lib/authlogic/i18n/translator.rb +1 -1
data/lib/authlogic/random.rb +12 -29
data/lib/authlogic/regex.rb +59 -27
data/lib/authlogic/session/activation.rb +36 -23
data/lib/authlogic/session/active_record_trickery.rb +13 -10
data/lib/authlogic/session/base.rb +20 -8
data/lib/authlogic/session/brute_force_protection.rb +87 -56
data/lib/authlogic/session/callbacks.rb +99 -49
data/lib/authlogic/session/cookies.rb +128 -59
data/lib/authlogic/session/existence.rb +29 -19
data/lib/authlogic/session/foundation.rb +70 -16
data/lib/authlogic/session/http_auth.rb +39 -31
data/lib/authlogic/session/id.rb +27 -15
data/lib/authlogic/session/klass.rb +17 -13
data/lib/authlogic/session/magic_columns.rb +78 -59
data/lib/authlogic/session/magic_states.rb +50 -27
data/lib/authlogic/session/params.rb +79 -50
data/lib/authlogic/session/password.rb +197 -118
data/lib/authlogic/session/perishable_token.rb +12 -6
data/lib/authlogic/session/persistence.rb +20 -14
data/lib/authlogic/session/priority_record.rb +20 -16
data/lib/authlogic/session/scopes.rb +63 -33
data/lib/authlogic/session/session.rb +40 -25
data/lib/authlogic/session/timeout.rb +51 -34
data/lib/authlogic/session/unauthorized_record.rb +24 -18
data/lib/authlogic/session/validation.rb +32 -21
data/lib/authlogic/test_case.rb +123 -35
data/lib/authlogic/test_case/mock_controller.rb +14 -13
data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -5
data/lib/authlogic/test_case/mock_logger.rb +1 -1
data/lib/authlogic/test_case/mock_request.rb +9 -4
data/lib/authlogic/test_case/rails_request_adapter.rb +8 -7
data/lib/authlogic/version.rb +21 -0
data/test/acts_as_authentic_test/base_test.rb +1 -1
data/test/acts_as_authentic_test/email_test.rb +80 -63
data/test/acts_as_authentic_test/logged_in_status_test.rb +14 -8
data/test/acts_as_authentic_test/login_test.rb +91 -49
data/test/acts_as_authentic_test/magic_columns_test.rb +13 -13
data/test/acts_as_authentic_test/password_test.rb +82 -60
data/test/acts_as_authentic_test/perishable_token_test.rb +31 -25
data/test/acts_as_authentic_test/persistence_token_test.rb +9 -5
data/test/acts_as_authentic_test/restful_authentication_test.rb +18 -9
data/test/acts_as_authentic_test/session_maintenance_test.rb +86 -22
data/test/acts_as_authentic_test/single_access_test.rb +15 -15
data/test/adapter_test.rb +21 -0
data/test/authenticates_many_test.rb +26 -11
data/test/config_test.rb +9 -9
data/test/crypto_provider_test/aes256_test.rb +3 -3
data/test/crypto_provider_test/bcrypt_test.rb +1 -1
data/test/crypto_provider_test/scrypt_test.rb +2 -2
data/test/crypto_provider_test/sha1_test.rb +4 -4
data/test/crypto_provider_test/sha256_test.rb +2 -2
data/test/crypto_provider_test/sha512_test.rb +3 -3
data/test/crypto_provider_test/wordpress_test.rb +24 -0
data/test/gemfiles/Gemfile.rails-4.2.x +2 -2
data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
data/test/gemfiles/Gemfile.rails-5.1.x +6 -0
data/test/gemfiles/Gemfile.rails-5.2.x +6 -0
data/test/gemfiles/Gemfile.rails-master +6 -0
data/test/i18n_test.rb +9 -9
data/test/libs/affiliate.rb +2 -2
data/test/libs/company.rb +4 -4
data/test/libs/employee.rb +2 -2
data/test/libs/employee_session.rb +1 -1
data/test/libs/ldaper.rb +1 -1
data/test/libs/project.rb +1 -1
data/test/libs/user_session.rb +2 -2
data/test/random_test.rb +9 -38
data/test/session_test/activation_test.rb +7 -7
data/test/session_test/active_record_trickery_test.rb +9 -6
data/test/session_test/brute_force_protection_test.rb +26 -21
data/test/session_test/callbacks_test.rb +10 -4
data/test/session_test/cookies_test.rb +54 -20
data/test/session_test/existence_test.rb +45 -23
data/test/session_test/foundation_test.rb +17 -1
data/test/session_test/http_auth_test.rb +11 -12
data/test/session_test/id_test.rb +3 -3
data/test/session_test/klass_test.rb +2 -2
data/test/session_test/magic_columns_test.rb +15 -17
data/test/session_test/magic_states_test.rb +17 -19
data/test/session_test/params_test.rb +26 -20
data/test/session_test/password_test.rb +11 -12
data/test/session_test/perishability_test.rb +5 -5
data/test/session_test/persistence_test.rb +4 -3
data/test/session_test/scopes_test.rb +15 -9
data/test/session_test/session_test.rb +7 -6
data/test/session_test/timeout_test.rb +16 -14
data/test/session_test/unauthorized_record_test.rb +3 -3
data/test/session_test/validation_test.rb +5 -5
data/test/test_helper.rb +115 -49
metadata +107 -36
data/README.rdoc +0 -232
data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
data/test/gemfiles/Gemfile.rails-4.1.x +0 -7

data/test/session_test/active_record_trickery_test.rb CHANGED

@@ -1,8 +1,11 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ActiveRecordTrickeryTest
     class ClassMethodsTest < ActiveSupport::TestCase
+      # If test_human_name is executed after test_i18n_of_human_name the test will fail.
+      i_suck_and_my_tests_are_order_dependent!
       def test_human_attribute_name
         assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
         assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
@@ -13,12 +16,12 @@ module SessionTest
       end
       def test_i18n_of_human_name
-        I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.human_name
       end
       def test_i18n_of_model_name_human
-        I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.model_name.human
       end
@@ -47,18 +50,18 @@ module SessionTest
       def test_persisted
         session = UserSession.new(users(:ben))
-        assert ! session.persisted?
+        refute session.persisted?
         session.save
         assert session.persisted?
         session.destroy
-        assert ! session.persisted?
+        refute session.persisted?
       end
       def test_destroyed?
         session = UserSession.create(users(:ben))
-        assert ! session.destroyed?
+        refute session.destroyed?
         session.destroy
         assert session.destroyed?

data/test/session_test/brute_force_protection_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module BruteForceProtectionTest
@@ -25,19 +25,20 @@ module SessionTest
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
         assert ben.save
-        assert UserSession.create(:login => ben.login, :password => "benrocks")
+        session = UserSession.create(login: ben.login, password: "benrocks")
+        refute session.new_session?
       end
       def test_exceeded_limit
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit
         assert ben.save
-        assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        session = UserSession.create(login: ben.login, password: "benrocks")
+        assert session.new_session?
         assert UserSession.create(ben).new_session?
         ben.reload
         ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
-        assert !UserSession.create(ben).new_session?
+        refute UserSession.create(ben).new_session?
       end
       def test_exceeding_failed_logins_limit
@@ -45,15 +46,15 @@ module SessionTest
         ben = users(:ben)
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          assert !session.save
-          assert session.errors[:password].size > 0
+          session = UserSession.new(login: ben.login, password: "badpassword1")
+          refute session.save
+          refute session.errors[:password].empty?
           assert_equal i + 1, ben.reload.failed_login_count
         end
-        session = UserSession.new(:login => ben.login, :password => "badpassword2")
-        assert !session.save
-        assert session.errors[:password].size == 0
+        session = UserSession.new(login: ben.login, password: "badpassword2")
+        refute session.save
+        assert session.errors[:password].empty?
         assert_equal 3, ben.reload.failed_login_count
         UserSession.consecutive_failed_logins_limit = 50
@@ -65,14 +66,16 @@ module SessionTest
         ben = users(:ben)
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          assert !session.save
+          session = UserSession.new(login: ben.login, password: "badpassword1")
+          refute session.save
           assert session.invalid_password?
           assert_equal i + 1, ben.reload.failed_login_count
         end
-        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
-        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        ActiveRecord::Base.connection.execute(
+          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
+        )
+        session = UserSession.new(login: ben.login, password: "benrocks")
         assert session.save
         assert_equal 0, ben.reload.failed_login_count
@@ -85,15 +88,17 @@ module SessionTest
         ben = users(:ben)
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          assert !session.save
-          assert session.errors[:password].size > 0
+          session = UserSession.new(login: ben.login, password: "badpassword1")
+          refute session.save
+          refute session.errors[:password].empty?
           assert_equal i + 1, ben.reload.failed_login_count
         end
-        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
-        session = UserSession.new(:login => ben.login, :password => "badpassword1")
-        assert !session.save
+        ActiveRecord::Base.connection.execute(
+          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
+        )
+        session = UserSession.new(login: ben.login, password: "badpassword1")
+        refute session.save
         assert_equal 1, ben.reload.failed_login_count
         UserSession.consecutive_failed_logins_limit = 50

data/test/session_test/callbacks_test.rb CHANGED

@@ -1,9 +1,9 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class CallbacksTest < ActiveSupport::TestCase
     def setup
-     WackyUserSession.reset_callbacks(:persist)
+      WackyUserSession.reset_callbacks(:persist)
     end
     def test_no_callbacks
@@ -15,7 +15,10 @@ module SessionTest
     def test_true_callback_cancelling_later_callbacks
       WackyUserSession.persist :persist_by_true, :persist_by_false
-      assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_true persist_by_false],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
       session = WackyUserSession.new
       session.send(:persist)
@@ -24,7 +27,10 @@ module SessionTest
     def test_false_callback_continuing_to_later_callbacks
       WackyUserSession.persist :persist_by_false, :persist_by_true
-      assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_false persist_by_true],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
       session = WackyUserSession.new
       session.send(:persist)

data/test/session_test/cookies_test.rb CHANGED

@@ -1,8 +1,8 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module CookiesTest
-    class ConfiTest < ActiveSupport::TestCase
+    class ConfigTest < ActiveSupport::TestCase
       def test_cookie_key
         UserSession.cookie_key = "my_cookie_key"
         assert_equal "my_cookie_key", UserSession.cookie_key
@@ -43,7 +43,6 @@ module SessionTest
       end
       def test_secure
-        UserSession.secure = true
         assert_equal true, UserSession.secure
         session = UserSession.new
         assert_equal true, session.secure
@@ -55,7 +54,6 @@ module SessionTest
       end
       def test_httponly
-        UserSession.httponly = true
         assert_equal true, UserSession.httponly
         session = UserSession.new
         assert_equal true, session.httponly
@@ -66,6 +64,21 @@ module SessionTest
         assert_equal false, session.httponly
       end
+      def test_same_site
+        assert_nil UserSession.same_site
+        assert_nil UserSession.new.same_site
+        UserSession.same_site "Strict"
+        assert_equal "Strict", UserSession.same_site
+        session = UserSession.new
+        assert_equal "Strict", session.same_site
+        session.same_site = "Lax"
+        assert_equal "Lax", session.same_site
+        assert_raise(ArgumentError) { UserSession.same_site "foo" }
+        assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
+      end
       def test_sign_cookie
         UserSession.sign_cookie = true
         assert_equal true, UserSession.sign_cookie
@@ -82,18 +95,18 @@ module SessionTest
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_credentials
         session = UserSession.new
-        session.credentials = {:remember_me => true}
+        session.credentials = { remember_me: true }
         assert_equal true, session.remember_me
       end
       def test_remember_me
         session = UserSession.new
         assert_equal false, session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
         session.remember_me = false
         assert_equal false, session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
         session.remember_me = true
         assert_equal true, session.remember_me
@@ -101,7 +114,7 @@ module SessionTest
         session.remember_me = nil
         assert_nil session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
         session.remember_me = "1"
         assert_equal "1", session.remember_me
@@ -122,7 +135,7 @@ module SessionTest
       def test_persist_persist_by_cookie
         ben = users(:ben)
-        assert !UserSession.find
+        refute UserSession.find
         set_cookie_for(ben)
         assert session = UserSession.find
         assert_equal ben, session.record
@@ -131,9 +144,9 @@ module SessionTest
       def test_persist_persist_by_cookie_with_blank_persistence_token
         ben = users(:ben)
         ben.update_column(:persistence_token, "")
-        assert !UserSession.find
+        refute UserSession.find
         set_cookie_for(ben)
-        assert !UserSession.find
+        refute UserSession.find
       end
       def test_remember_me_expired
@@ -141,19 +154,22 @@ module SessionTest
         session = UserSession.new(ben)
         session.remember_me = true
         assert session.save
-        assert !session.remember_me_expired?
+        refute session.remember_me_expired?
         session = UserSession.new(ben)
         session.remember_me = false
         assert session.save
-        assert !session.remember_me_expired?
+        refute session.remember_me_expired?
       end
       def test_after_save_save_cookie
         ben = users(:ben)
         session = UserSession.new(ben)
         assert session.save
-        assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+        assert_equal(
+          "#{ben.persistence_token}::#{ben.id}",
+          controller.cookies["user_credentials"]
+        )
       end
       def test_after_save_save_cookie_signed
@@ -166,15 +182,33 @@ module SessionTest
         session.sign_cookie = true
         assert session.save
         assert_equal payload, controller.cookies.signed["user_credentials"]
-        assert_equal "#{payload}--#{Digest::SHA1.hexdigest payload}", controller.cookies.signed.parent_jar["user_credentials"]
+        assert_equal(
+          "#{payload}--#{Digest::SHA1.hexdigest payload}",
+          controller.cookies.signed.parent_jar["user_credentials"]
+        )
       end
       def test_after_save_save_cookie_with_remember_me
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        session.remember_me = true
+        Timecop.freeze do
+          ben = users(:ben)
+          session = UserSession.new(ben)
+          session.remember_me = true
+          assert session.save
+          assert_equal(
+            "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
+            controller.cookies["user_credentials"]
+          )
+        end
+      end
+      def test_after_save_save_cookie_with_same_site
+        session = UserSession.new(users(:ben))
+        session.same_site = "Strict"
         assert session.save
-        assert_equal "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}", controller.cookies["user_credentials"]
+        assert_equal(
+          "Strict",
+          controller.cookies.set_cookies["user_credentials"][:same_site]
+        )
       end
       def test_after_destroy_destroy_cookie
@@ -183,7 +217,7 @@ module SessionTest
         session = UserSession.find
         assert controller.cookies["user_credentials"]
         assert session.destroy
-        assert !controller.cookies["user_credentials"]
+        refute controller.cookies["user_credentials"]
       end
     end
   end

data/test/session_test/existence_test.rb CHANGED

@@ -1,64 +1,86 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ExistenceTest
     class ClassMethodsTest < ActiveSupport::TestCase
-      def test_create
+      def test_create_with_good_credentials
         ben = users(:ben)
-        assert UserSession.create(:login => "somelogin", :password => "badpw2").new_session?
-        assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
-        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { UserSession.create!(:login => ben.login, :password => "badpw") }
-        assert !UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
+        session = UserSession.create(login: ben.login, password: "benrocks")
+        refute session.new_session?
+      end
+      def test_create_with_bad_credentials
+        session = UserSession.create(login: "somelogin", password: "badpw2")
+        assert session.new_session?
+      end
+      def test_create_bang
+        ben = users(:ben)
+        err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
+          UserSession.create!(login: ben.login, password: "badpw")
+        end
+        assert_includes err.message, "Password is not valid"
+        refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
       end
     end
-    class IsntaceMethodsTest < ActiveSupport::TestCase
+    class InstanceMethodsTest < ActiveSupport::TestCase
       def test_new_session
         session = UserSession.new
         assert session.new_session?
         set_session_for(users(:ben))
         session = UserSession.find
-        assert !session.new_session?
+        refute session.new_session?
       end
       def test_save_with_nothing
         session = UserSession.new
-        assert !session.save
+        refute session.save
         assert session.new_session?
       end
       def test_save_with_block
-        ben = users(:ben)
         session = UserSession.new
         block_result = session.save do |result|
-          assert !result
+          refute result
         end
-        assert !block_result
+        refute block_result
         assert session.new_session?
       end
       def test_save_with_bang
         session = UserSession.new
         assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
         session.unauthorized_record = users(:ben)
         assert_nothing_raised { session.save! }
       end
       def test_destroy
         ben = users(:ben)
         session = UserSession.new
-        assert !session.valid?
-        assert !session.errors.empty?
+        refute session.valid?
+        refute session.errors.empty?
         assert session.destroy
         assert session.errors.empty?
         session.unauthorized_record = ben
         assert session.save
         assert session.record
         assert session.destroy
-        assert !session.record
+        refute session.record
+      end
+    end
+    class SessionInvalidErrorTest < ActiveSupport::TestCase
+      def test_message
+        session = UserSession.new
+        assert !session.valid?
+        error = Authlogic::Session::Existence::SessionInvalidError.new(session)
+        message = "Your session is invalid and has the following errors: " +
+          session.errors.full_messages.to_sentence
+        assert_equal message, error.message
       end
     end
   end
-end
+end