authlogic 3.4.6 → 4.2.0

data/test/session_test/active_record_trickery_test.rb

@@ -1,8 +1,11 @@
-require 'test_helper'
+require "test_helper"
 
 module SessionTest
   module ActiveRecordTrickeryTest
     class ClassMethodsTest < ActiveSupport::TestCase
+      # If test_human_name is executed after test_i18n_of_human_name the test will fail.
+      i_suck_and_my_tests_are_order_dependent!
+
       def test_human_attribute_name
         assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
         assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
@@ -13,12 +16,12 @@ module SessionTest
       end
 
       def test_i18n_of_human_name
-        I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.human_name
       end
 
       def test_i18n_of_model_name_human
-        I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.model_name.human
       end
 
@@ -47,18 +50,18 @@ module SessionTest
 
       def test_persisted
         session = UserSession.new(users(:ben))
-        assert ! session.persisted?
+        refute session.persisted?
 
         session.save
         assert session.persisted?
 
         session.destroy
-        assert ! session.persisted?
+        refute session.persisted?
       end
 
       def test_destroyed?
         session = UserSession.create(users(:ben))
-        assert ! session.destroyed?
+        refute session.destroyed?
 
         session.destroy
         assert session.destroyed?

data/test/session_test/brute_force_protection_test.rb

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 
 module SessionTest
   module BruteForceProtectionTest
@@ -25,19 +25,20 @@ module SessionTest
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
         assert ben.save
-        assert UserSession.create(:login => ben.login, :password => "benrocks")
+        session = UserSession.create(login: ben.login, password: "benrocks")
+        refute session.new_session?
       end
 
       def test_exceeded_limit
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit
         assert ben.save
-        assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        session = UserSession.create(login: ben.login, password: "benrocks")
+        assert session.new_session?
         assert UserSession.create(ben).new_session?
-
         ben.reload
         ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
-        assert !UserSession.create(ben).new_session?
+        refute UserSession.create(ben).new_session?
       end
 
       def test_exceeding_failed_logins_limit
@@ -45,15 +46,15 @@ module SessionTest
         ben = users(:ben)
 
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          assert !session.save
-          assert session.errors[:password].size > 0
+          session = UserSession.new(login: ben.login, password: "badpassword1")
+          refute session.save
+          refute session.errors[:password].empty?
           assert_equal i + 1, ben.reload.failed_login_count
         end
 
-        session = UserSession.new(:login => ben.login, :password => "badpassword2")
-        assert !session.save
-        assert session.errors[:password].size == 0
+        session = UserSession.new(login: ben.login, password: "badpassword2")
+        refute session.save
+        assert session.errors[:password].empty?
         assert_equal 3, ben.reload.failed_login_count
 
         UserSession.consecutive_failed_logins_limit = 50
@@ -65,14 +66,16 @@ module SessionTest
         ben = users(:ben)
 
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          assert !session.save
+          session = UserSession.new(login: ben.login, password: "badpassword1")
+          refute session.save
           assert session.invalid_password?
           assert_equal i + 1, ben.reload.failed_login_count
         end
 
-        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
-        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        ActiveRecord::Base.connection.execute(
+          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
+        )
+        session = UserSession.new(login: ben.login, password: "benrocks")
         assert session.save
         assert_equal 0, ben.reload.failed_login_count
 
@@ -85,15 +88,17 @@ module SessionTest
         ben = users(:ben)
 
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          assert !session.save
-          assert session.errors[:password].size > 0
+          session = UserSession.new(login: ben.login, password: "badpassword1")
+          refute session.save
+          refute session.errors[:password].empty?
           assert_equal i + 1, ben.reload.failed_login_count
         end
 
-        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
-        session = UserSession.new(:login => ben.login, :password => "badpassword1")
-        assert !session.save
+        ActiveRecord::Base.connection.execute(
+          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
+        )
+        session = UserSession.new(login: ben.login, password: "badpassword1")
+        refute session.save
         assert_equal 1, ben.reload.failed_login_count
 
         UserSession.consecutive_failed_logins_limit = 50

data/test/session_test/callbacks_test.rb

@@ -1,9 +1,9 @@
-require 'test_helper'
+require "test_helper"
 
 module SessionTest
   class CallbacksTest < ActiveSupport::TestCase
     def setup
-     WackyUserSession.reset_callbacks(:persist)
+      WackyUserSession.reset_callbacks(:persist)
     end
 
     def test_no_callbacks
@@ -15,7 +15,10 @@ module SessionTest
 
     def test_true_callback_cancelling_later_callbacks
       WackyUserSession.persist :persist_by_true, :persist_by_false
-      assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_true persist_by_false],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
 
       session = WackyUserSession.new
       session.send(:persist)
@@ -24,7 +27,10 @@ module SessionTest
 
     def test_false_callback_continuing_to_later_callbacks
       WackyUserSession.persist :persist_by_false, :persist_by_true
-      assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_false persist_by_true],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
 
       session = WackyUserSession.new
       session.send(:persist)

data/test/session_test/cookies_test.rb

@@ -1,8 +1,8 @@
-require 'test_helper'
+require "test_helper"
 
 module SessionTest
   module CookiesTest
-    class ConfiTest < ActiveSupport::TestCase
+    class ConfigTest < ActiveSupport::TestCase
       def test_cookie_key
         UserSession.cookie_key = "my_cookie_key"
         assert_equal "my_cookie_key", UserSession.cookie_key
@@ -43,7 +43,6 @@ module SessionTest
       end
 
       def test_secure
-        UserSession.secure = true
         assert_equal true, UserSession.secure
         session = UserSession.new
         assert_equal true, session.secure
@@ -55,7 +54,6 @@ module SessionTest
       end
 
       def test_httponly
-        UserSession.httponly = true
         assert_equal true, UserSession.httponly
         session = UserSession.new
         assert_equal true, session.httponly
@@ -66,6 +64,21 @@ module SessionTest
         assert_equal false, session.httponly
       end
 
+      def test_same_site
+        assert_nil UserSession.same_site
+        assert_nil UserSession.new.same_site
+
+        UserSession.same_site "Strict"
+        assert_equal "Strict", UserSession.same_site
+        session = UserSession.new
+        assert_equal "Strict", session.same_site
+        session.same_site = "Lax"
+        assert_equal "Lax", session.same_site
+
+        assert_raise(ArgumentError) { UserSession.same_site "foo" }
+        assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
+      end
+
       def test_sign_cookie
         UserSession.sign_cookie = true
         assert_equal true, UserSession.sign_cookie
@@ -82,18 +95,18 @@ module SessionTest
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_credentials
         session = UserSession.new
-        session.credentials = {:remember_me => true}
+        session.credentials = { remember_me: true }
         assert_equal true, session.remember_me
       end
 
       def test_remember_me
         session = UserSession.new
         assert_equal false, session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
 
         session.remember_me = false
         assert_equal false, session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
 
         session.remember_me = true
         assert_equal true, session.remember_me
@@ -101,7 +114,7 @@ module SessionTest
 
         session.remember_me = nil
         assert_nil session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
 
         session.remember_me = "1"
         assert_equal "1", session.remember_me
@@ -122,7 +135,7 @@ module SessionTest
 
       def test_persist_persist_by_cookie
         ben = users(:ben)
-        assert !UserSession.find
+        refute UserSession.find
         set_cookie_for(ben)
         assert session = UserSession.find
         assert_equal ben, session.record
@@ -131,9 +144,9 @@ module SessionTest
       def test_persist_persist_by_cookie_with_blank_persistence_token
         ben = users(:ben)
         ben.update_column(:persistence_token, "")
-        assert !UserSession.find
+        refute UserSession.find
         set_cookie_for(ben)
-        assert !UserSession.find
+        refute UserSession.find
       end
 
       def test_remember_me_expired
@@ -141,19 +154,22 @@ module SessionTest
         session = UserSession.new(ben)
         session.remember_me = true
         assert session.save
-        assert !session.remember_me_expired?
+        refute session.remember_me_expired?
 
         session = UserSession.new(ben)
         session.remember_me = false
         assert session.save
-        assert !session.remember_me_expired?
+        refute session.remember_me_expired?
       end
 
       def test_after_save_save_cookie
         ben = users(:ben)
         session = UserSession.new(ben)
         assert session.save
-        assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+        assert_equal(
+          "#{ben.persistence_token}::#{ben.id}",
+          controller.cookies["user_credentials"]
+        )
       end
 
       def test_after_save_save_cookie_signed
@@ -166,15 +182,33 @@ module SessionTest
         session.sign_cookie = true
         assert session.save
         assert_equal payload, controller.cookies.signed["user_credentials"]
-        assert_equal "#{payload}--#{Digest::SHA1.hexdigest payload}", controller.cookies.signed.parent_jar["user_credentials"]
+        assert_equal(
+          "#{payload}--#{Digest::SHA1.hexdigest payload}",
+          controller.cookies.signed.parent_jar["user_credentials"]
+        )
       end
 
       def test_after_save_save_cookie_with_remember_me
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        session.remember_me = true
+        Timecop.freeze do
+          ben = users(:ben)
+          session = UserSession.new(ben)
+          session.remember_me = true
+          assert session.save
+          assert_equal(
+            "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
+            controller.cookies["user_credentials"]
+          )
+        end
+      end
+
+      def test_after_save_save_cookie_with_same_site
+        session = UserSession.new(users(:ben))
+        session.same_site = "Strict"
         assert session.save
-        assert_equal "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}", controller.cookies["user_credentials"]
+        assert_equal(
+          "Strict",
+          controller.cookies.set_cookies["user_credentials"][:same_site]
+        )
       end
 
       def test_after_destroy_destroy_cookie
@@ -183,7 +217,7 @@ module SessionTest
         session = UserSession.find
         assert controller.cookies["user_credentials"]
         assert session.destroy
-        assert !controller.cookies["user_credentials"]
+        refute controller.cookies["user_credentials"]
       end
     end
   end

data/test/session_test/existence_test.rb

@@ -1,64 +1,86 @@
-require 'test_helper'
+require "test_helper"
 
 module SessionTest
   module ExistenceTest
     class ClassMethodsTest < ActiveSupport::TestCase
-      def test_create
+      def test_create_with_good_credentials
         ben = users(:ben)
-        assert UserSession.create(:login => "somelogin", :password => "badpw2").new_session?
-        assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
-        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { UserSession.create!(:login => ben.login, :password => "badpw") }
-        assert !UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
+        session = UserSession.create(login: ben.login, password: "benrocks")
+        refute session.new_session?
+      end
+
+      def test_create_with_bad_credentials
+        session = UserSession.create(login: "somelogin", password: "badpw2")
+        assert session.new_session?
+      end
+
+      def test_create_bang
+        ben = users(:ben)
+        err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
+          UserSession.create!(login: ben.login, password: "badpw")
+        end
+        assert_includes err.message, "Password is not valid"
+        refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
       end
     end
-    
-    class IsntaceMethodsTest < ActiveSupport::TestCase
+
+    class InstanceMethodsTest < ActiveSupport::TestCase
       def test_new_session
         session = UserSession.new
         assert session.new_session?
-      
+
         set_session_for(users(:ben))
         session = UserSession.find
-        assert !session.new_session?
+        refute session.new_session?
       end
-    
+
       def test_save_with_nothing
         session = UserSession.new
-        assert !session.save
+        refute session.save
         assert session.new_session?
       end
-    
+
       def test_save_with_block
-        ben = users(:ben)
         session = UserSession.new
         block_result = session.save do |result|
-          assert !result
+          refute result
         end
-        assert !block_result
+        refute block_result
         assert session.new_session?
       end
-    
+
       def test_save_with_bang
         session = UserSession.new
         assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
-      
+
         session.unauthorized_record = users(:ben)
         assert_nothing_raised { session.save! }
       end
-    
+
       def test_destroy
         ben = users(:ben)
         session = UserSession.new
-        assert !session.valid?
-        assert !session.errors.empty?
+        refute session.valid?
+        refute session.errors.empty?
         assert session.destroy
         assert session.errors.empty?
         session.unauthorized_record = ben
         assert session.save
         assert session.record
         assert session.destroy
-        assert !session.record
+        refute session.record
+      end
+    end
+
+    class SessionInvalidErrorTest < ActiveSupport::TestCase
+      def test_message
+        session = UserSession.new
+        assert !session.valid?
+        error = Authlogic::Session::Existence::SessionInvalidError.new(session)
+        message = "Your session is invalid and has the following errors: " +
+          session.errors.full_messages.to_sentence
+        assert_equal message, error.message
       end
     end
   end
-end
+end