authlogic 3.4.6 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/ISSUE_TEMPLATE.md +13 -0
- data/.github/triage.md +87 -0
- data/.gitignore +4 -0
- data/.rubocop.yml +127 -0
- data/.rubocop_todo.yml +65 -0
- data/.travis.yml +18 -10
- data/CHANGELOG.md +156 -6
- data/CONTRIBUTING.md +71 -3
- data/Gemfile +2 -2
- data/README.md +386 -0
- data/Rakefile +13 -7
- data/UPGRADING.md +22 -0
- data/authlogic.gemspec +33 -22
- data/lib/authlogic.rb +60 -52
- data/lib/authlogic/acts_as_authentic/base.rb +40 -26
- data/lib/authlogic/acts_as_authentic/email.rb +96 -32
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +36 -12
- data/lib/authlogic/acts_as_authentic/login.rb +114 -49
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
- data/lib/authlogic/acts_as_authentic/password.rb +296 -139
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +34 -20
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +20 -24
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +68 -23
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +128 -85
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +41 -25
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +8 -8
- data/lib/authlogic/authenticates_many/association.rb +22 -14
- data/lib/authlogic/authenticates_many/base.rb +35 -16
- data/lib/authlogic/config.rb +10 -10
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +40 -12
- data/lib/authlogic/controller_adapters/rack_adapter.rb +15 -8
- data/lib/authlogic/controller_adapters/rails_adapter.rb +42 -22
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +3 -3
- data/lib/authlogic/crypto_providers.rb +91 -0
- data/lib/authlogic/crypto_providers/aes256.rb +42 -14
- data/lib/authlogic/crypto_providers/bcrypt.rb +35 -20
- data/lib/authlogic/crypto_providers/md5.rb +11 -9
- data/lib/authlogic/crypto_providers/scrypt.rb +26 -13
- data/lib/authlogic/crypto_providers/sha1.rb +14 -8
- data/lib/authlogic/crypto_providers/sha256.rb +16 -12
- data/lib/authlogic/crypto_providers/sha512.rb +8 -24
- data/lib/authlogic/crypto_providers/wordpress.rb +44 -15
- data/lib/authlogic/i18n.rb +33 -20
- data/lib/authlogic/i18n/translator.rb +1 -1
- data/lib/authlogic/random.rb +12 -29
- data/lib/authlogic/regex.rb +59 -27
- data/lib/authlogic/session/activation.rb +36 -23
- data/lib/authlogic/session/active_record_trickery.rb +13 -10
- data/lib/authlogic/session/base.rb +20 -8
- data/lib/authlogic/session/brute_force_protection.rb +87 -56
- data/lib/authlogic/session/callbacks.rb +99 -49
- data/lib/authlogic/session/cookies.rb +128 -59
- data/lib/authlogic/session/existence.rb +29 -19
- data/lib/authlogic/session/foundation.rb +70 -16
- data/lib/authlogic/session/http_auth.rb +39 -31
- data/lib/authlogic/session/id.rb +27 -15
- data/lib/authlogic/session/klass.rb +17 -13
- data/lib/authlogic/session/magic_columns.rb +78 -59
- data/lib/authlogic/session/magic_states.rb +50 -27
- data/lib/authlogic/session/params.rb +79 -50
- data/lib/authlogic/session/password.rb +197 -118
- data/lib/authlogic/session/perishable_token.rb +12 -6
- data/lib/authlogic/session/persistence.rb +20 -14
- data/lib/authlogic/session/priority_record.rb +20 -16
- data/lib/authlogic/session/scopes.rb +63 -33
- data/lib/authlogic/session/session.rb +40 -25
- data/lib/authlogic/session/timeout.rb +51 -34
- data/lib/authlogic/session/unauthorized_record.rb +24 -18
- data/lib/authlogic/session/validation.rb +32 -21
- data/lib/authlogic/test_case.rb +123 -35
- data/lib/authlogic/test_case/mock_controller.rb +14 -13
- data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -5
- data/lib/authlogic/test_case/mock_logger.rb +1 -1
- data/lib/authlogic/test_case/mock_request.rb +9 -4
- data/lib/authlogic/test_case/rails_request_adapter.rb +8 -7
- data/lib/authlogic/version.rb +21 -0
- data/test/acts_as_authentic_test/base_test.rb +1 -1
- data/test/acts_as_authentic_test/email_test.rb +80 -63
- data/test/acts_as_authentic_test/logged_in_status_test.rb +14 -8
- data/test/acts_as_authentic_test/login_test.rb +91 -49
- data/test/acts_as_authentic_test/magic_columns_test.rb +13 -13
- data/test/acts_as_authentic_test/password_test.rb +82 -60
- data/test/acts_as_authentic_test/perishable_token_test.rb +31 -25
- data/test/acts_as_authentic_test/persistence_token_test.rb +9 -5
- data/test/acts_as_authentic_test/restful_authentication_test.rb +18 -9
- data/test/acts_as_authentic_test/session_maintenance_test.rb +86 -22
- data/test/acts_as_authentic_test/single_access_test.rb +15 -15
- data/test/adapter_test.rb +21 -0
- data/test/authenticates_many_test.rb +26 -11
- data/test/config_test.rb +9 -9
- data/test/crypto_provider_test/aes256_test.rb +3 -3
- data/test/crypto_provider_test/bcrypt_test.rb +1 -1
- data/test/crypto_provider_test/scrypt_test.rb +2 -2
- data/test/crypto_provider_test/sha1_test.rb +4 -4
- data/test/crypto_provider_test/sha256_test.rb +2 -2
- data/test/crypto_provider_test/sha512_test.rb +3 -3
- data/test/crypto_provider_test/wordpress_test.rb +24 -0
- data/test/gemfiles/Gemfile.rails-4.2.x +2 -2
- data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
- data/test/gemfiles/Gemfile.rails-5.1.x +6 -0
- data/test/gemfiles/Gemfile.rails-5.2.x +6 -0
- data/test/gemfiles/Gemfile.rails-master +6 -0
- data/test/i18n_test.rb +9 -9
- data/test/libs/affiliate.rb +2 -2
- data/test/libs/company.rb +4 -4
- data/test/libs/employee.rb +2 -2
- data/test/libs/employee_session.rb +1 -1
- data/test/libs/ldaper.rb +1 -1
- data/test/libs/project.rb +1 -1
- data/test/libs/user_session.rb +2 -2
- data/test/random_test.rb +9 -38
- data/test/session_test/activation_test.rb +7 -7
- data/test/session_test/active_record_trickery_test.rb +9 -6
- data/test/session_test/brute_force_protection_test.rb +26 -21
- data/test/session_test/callbacks_test.rb +10 -4
- data/test/session_test/cookies_test.rb +54 -20
- data/test/session_test/existence_test.rb +45 -23
- data/test/session_test/foundation_test.rb +17 -1
- data/test/session_test/http_auth_test.rb +11 -12
- data/test/session_test/id_test.rb +3 -3
- data/test/session_test/klass_test.rb +2 -2
- data/test/session_test/magic_columns_test.rb +15 -17
- data/test/session_test/magic_states_test.rb +17 -19
- data/test/session_test/params_test.rb +26 -20
- data/test/session_test/password_test.rb +11 -12
- data/test/session_test/perishability_test.rb +5 -5
- data/test/session_test/persistence_test.rb +4 -3
- data/test/session_test/scopes_test.rb +15 -9
- data/test/session_test/session_test.rb +7 -6
- data/test/session_test/timeout_test.rb +16 -14
- data/test/session_test/unauthorized_record_test.rb +3 -3
- data/test/session_test/validation_test.rb +5 -5
- data/test/test_helper.rb +115 -49
- metadata +107 -36
- data/README.rdoc +0 -232
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
|
@@ -1,6 +1,22 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
|
+
|
|
3
|
+
# We forbid the use of AC::Parameters, and we have a test to that effect, but we
|
|
4
|
+
# do not want a development dependency on `actionpack`, so we define it here.
|
|
5
|
+
module ActionController
|
|
6
|
+
class Parameters; end
|
|
7
|
+
end
|
|
2
8
|
|
|
3
9
|
module SessionTest
|
|
4
10
|
class FoundationTest < ActiveSupport::TestCase
|
|
11
|
+
def test_credentials_raise_if_not_a_hash
|
|
12
|
+
session = UserSession.new
|
|
13
|
+
e = assert_raises(TypeError) {
|
|
14
|
+
session.credentials = ActionController::Parameters.new
|
|
15
|
+
}
|
|
16
|
+
assert_equal(
|
|
17
|
+
::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
|
|
18
|
+
e.message
|
|
19
|
+
)
|
|
20
|
+
end
|
|
5
21
|
end
|
|
6
22
|
end
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
class HttpAuthTest < ActiveSupport::TestCase
|
|
5
|
-
class
|
|
5
|
+
class ConfigTest < ActiveSupport::TestCase
|
|
6
6
|
def test_allow_http_basic_auth
|
|
7
7
|
UserSession.allow_http_basic_auth = false
|
|
8
8
|
assert_equal false, UserSession.allow_http_basic_auth
|
|
@@ -20,37 +20,36 @@ module SessionTest
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def test_http_basic_auth_realm
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
assert_equal
|
|
26
|
-
|
|
27
|
-
UserSession.http_basic_auth_realm = 'TestRealm'
|
|
28
|
-
assert_equal 'TestRealm', UserSession.http_basic_auth_realm
|
|
23
|
+
assert_equal "Application", UserSession.http_basic_auth_realm
|
|
24
|
+
UserSession.http_basic_auth_realm = "TestRealm"
|
|
25
|
+
assert_equal "TestRealm", UserSession.http_basic_auth_realm
|
|
29
26
|
end
|
|
30
27
|
end
|
|
31
28
|
|
|
32
29
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
33
30
|
def test_persist_persist_by_http_auth
|
|
31
|
+
UserSession.allow_http_basic_auth = true
|
|
32
|
+
|
|
34
33
|
aaron = users(:aaron)
|
|
35
34
|
http_basic_auth_for do
|
|
36
|
-
|
|
35
|
+
refute UserSession.find
|
|
37
36
|
end
|
|
38
37
|
http_basic_auth_for(aaron) do
|
|
39
38
|
assert session = UserSession.find
|
|
40
39
|
assert_equal aaron, session.record
|
|
41
40
|
assert_equal aaron.login, session.login
|
|
42
41
|
assert_equal "aaronrocks", session.send(:protected_password)
|
|
43
|
-
|
|
42
|
+
refute controller.http_auth_requested?
|
|
44
43
|
end
|
|
45
44
|
unset_session
|
|
46
45
|
UserSession.request_http_basic_auth = true
|
|
47
|
-
UserSession.http_basic_auth_realm =
|
|
46
|
+
UserSession.http_basic_auth_realm = "PersistTestRealm"
|
|
48
47
|
http_basic_auth_for(aaron) do
|
|
49
48
|
assert session = UserSession.find
|
|
50
49
|
assert_equal aaron, session.record
|
|
51
50
|
assert_equal aaron.login, session.login
|
|
52
51
|
assert_equal "aaronrocks", session.send(:protected_password)
|
|
53
|
-
assert_equal
|
|
52
|
+
assert_equal "PersistTestRealm", controller.realm
|
|
54
53
|
assert controller.http_auth_requested?
|
|
55
54
|
end
|
|
56
55
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
class IdTest < ActiveSupport::TestCase
|
|
@@ -7,11 +7,11 @@ module SessionTest
|
|
|
7
7
|
session.credentials = [:my_id]
|
|
8
8
|
assert_equal :my_id, session.id
|
|
9
9
|
end
|
|
10
|
-
|
|
10
|
+
|
|
11
11
|
def test_id
|
|
12
12
|
session = UserSession.new
|
|
13
13
|
session.id = :my_id
|
|
14
14
|
assert_equal :my_id, session.id
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
|
-
end
|
|
17
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
module MagicColumnsTest
|
|
@@ -15,7 +15,7 @@ module SessionTest
|
|
|
15
15
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
16
16
|
def test_after_persisting_set_last_request_at
|
|
17
17
|
ben = users(:ben)
|
|
18
|
-
|
|
18
|
+
refute UserSession.create(ben).new_session?
|
|
19
19
|
|
|
20
20
|
set_cookie_for(ben)
|
|
21
21
|
old_last_request_at = ben.last_request_at
|
|
@@ -27,7 +27,8 @@ module SessionTest
|
|
|
27
27
|
def test_valid_increase_failed_login_count
|
|
28
28
|
ben = users(:ben)
|
|
29
29
|
old_failed_login_count = ben.failed_login_count
|
|
30
|
-
|
|
30
|
+
session = UserSession.create(login: ben.login, password: "wrong")
|
|
31
|
+
assert session.new_session?
|
|
31
32
|
ben.reload
|
|
32
33
|
assert_equal old_failed_login_count + 1, ben.failed_login_count
|
|
33
34
|
end
|
|
@@ -36,25 +37,22 @@ module SessionTest
|
|
|
36
37
|
aaron = users(:aaron)
|
|
37
38
|
|
|
38
39
|
# increase failed login count
|
|
39
|
-
|
|
40
|
+
session = UserSession.create(login: aaron.login, password: "wrong")
|
|
41
|
+
assert session.new_session?
|
|
40
42
|
aaron.reload
|
|
43
|
+
assert_equal 0, aaron.login_count
|
|
44
|
+
assert_nil aaron.current_login_at
|
|
45
|
+
assert_nil aaron.current_login_ip
|
|
41
46
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
old_failed_login_count = aaron.failed_login_count
|
|
45
|
-
old_last_login_at = aaron.last_login_at
|
|
46
|
-
old_current_login_at = aaron.current_login_at
|
|
47
|
-
old_last_login_ip = aaron.last_login_ip
|
|
48
|
-
old_current_login_ip = aaron.current_login_ip
|
|
49
|
-
|
|
50
|
-
assert UserSession.create(:login => aaron.login, :password => "aaronrocks").valid?
|
|
47
|
+
session = UserSession.create(login: aaron.login, password: "aaronrocks")
|
|
48
|
+
assert session.valid?
|
|
51
49
|
|
|
52
50
|
aaron.reload
|
|
53
|
-
assert_equal
|
|
51
|
+
assert_equal 1, aaron.login_count
|
|
54
52
|
assert_equal 0, aaron.failed_login_count
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
53
|
+
assert_nil aaron.last_login_at
|
|
54
|
+
assert_not_nil aaron.current_login_at
|
|
55
|
+
assert_nil aaron.last_login_ip
|
|
58
56
|
assert_equal "1.1.1.1", aaron.current_login_ip
|
|
59
57
|
end
|
|
60
58
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
module SessionTest
|
|
@@ -6,55 +6,53 @@ module SessionTest
|
|
|
6
6
|
def test_disable_magic_states_config
|
|
7
7
|
UserSession.disable_magic_states = true
|
|
8
8
|
assert_equal true, UserSession.disable_magic_states
|
|
9
|
-
|
|
9
|
+
|
|
10
10
|
UserSession.disable_magic_states false
|
|
11
11
|
assert_equal false, UserSession.disable_magic_states
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
16
16
|
def test_disabling_magic_states
|
|
17
17
|
UserSession.disable_magic_states = true
|
|
18
|
-
|
|
19
18
|
ben = users(:ben)
|
|
20
19
|
ben.update_attribute(:active, false)
|
|
21
|
-
|
|
22
|
-
|
|
20
|
+
refute UserSession.create(ben).new_session?
|
|
23
21
|
UserSession.disable_magic_states = false
|
|
24
22
|
end
|
|
25
|
-
|
|
23
|
+
|
|
26
24
|
def test_validate_validate_magic_states_active
|
|
27
25
|
session = UserSession.new
|
|
28
26
|
ben = users(:ben)
|
|
29
27
|
session.unauthorized_record = ben
|
|
30
28
|
assert session.valid?
|
|
31
|
-
|
|
29
|
+
|
|
32
30
|
ben.update_attribute(:active, false)
|
|
33
|
-
|
|
34
|
-
|
|
31
|
+
refute session.valid?
|
|
32
|
+
refute session.errors[:base].empty?
|
|
35
33
|
end
|
|
36
|
-
|
|
34
|
+
|
|
37
35
|
def test_validate_validate_magic_states_approved
|
|
38
36
|
session = UserSession.new
|
|
39
37
|
ben = users(:ben)
|
|
40
38
|
session.unauthorized_record = ben
|
|
41
39
|
assert session.valid?
|
|
42
|
-
|
|
40
|
+
|
|
43
41
|
ben.update_attribute(:approved, false)
|
|
44
|
-
|
|
45
|
-
|
|
42
|
+
refute session.valid?
|
|
43
|
+
refute session.errors[:base].empty?
|
|
46
44
|
end
|
|
47
|
-
|
|
45
|
+
|
|
48
46
|
def test_validate_validate_magic_states_confirmed
|
|
49
47
|
session = UserSession.new
|
|
50
48
|
ben = users(:ben)
|
|
51
49
|
session.unauthorized_record = ben
|
|
52
50
|
assert session.valid?
|
|
53
|
-
|
|
51
|
+
|
|
54
52
|
ben.update_attribute(:confirmed, false)
|
|
55
|
-
|
|
56
|
-
|
|
53
|
+
refute session.valid?
|
|
54
|
+
refute session.errors[:base].empty?
|
|
57
55
|
end
|
|
58
56
|
end
|
|
59
57
|
end
|
|
60
|
-
end
|
|
58
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
module ParamsTest
|
|
@@ -6,43 +6,49 @@ module SessionTest
|
|
|
6
6
|
def test_params_key
|
|
7
7
|
UserSession.params_key = "my_params_key"
|
|
8
8
|
assert_equal "my_params_key", UserSession.params_key
|
|
9
|
-
|
|
9
|
+
|
|
10
10
|
UserSession.params_key "user_credentials"
|
|
11
11
|
assert_equal "user_credentials", UserSession.params_key
|
|
12
12
|
end
|
|
13
|
-
|
|
13
|
+
|
|
14
14
|
def test_single_access_allowed_request_types
|
|
15
15
|
UserSession.single_access_allowed_request_types = ["my request type"]
|
|
16
16
|
assert_equal ["my request type"], UserSession.single_access_allowed_request_types
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
17
|
+
UserSession.single_access_allowed_request_types(
|
|
18
|
+
["application/rss+xml", "application/atom+xml"]
|
|
19
|
+
)
|
|
20
|
+
assert_equal(
|
|
21
|
+
["application/rss+xml", "application/atom+xml"],
|
|
22
|
+
UserSession.single_access_allowed_request_types
|
|
23
|
+
)
|
|
20
24
|
end
|
|
21
25
|
end
|
|
22
|
-
|
|
26
|
+
|
|
23
27
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
24
28
|
def test_persist_persist_by_params
|
|
25
29
|
ben = users(:ben)
|
|
26
30
|
session = UserSession.new
|
|
27
|
-
|
|
28
|
-
|
|
31
|
+
|
|
32
|
+
refute session.persisting?
|
|
29
33
|
set_params_for(ben)
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
+
|
|
35
|
+
refute session.persisting?
|
|
36
|
+
refute session.unauthorized_record
|
|
37
|
+
refute session.record
|
|
34
38
|
assert_nil controller.session["user_credentials"]
|
|
35
|
-
|
|
39
|
+
|
|
36
40
|
set_request_content_type("text/plain")
|
|
37
|
-
|
|
38
|
-
|
|
41
|
+
refute session.persisting?
|
|
42
|
+
refute session.unauthorized_record
|
|
39
43
|
assert_nil controller.session["user_credentials"]
|
|
40
|
-
|
|
44
|
+
|
|
41
45
|
set_request_content_type("application/atom+xml")
|
|
42
46
|
assert session.persisting?
|
|
43
47
|
assert_equal ben, session.record
|
|
44
|
-
|
|
45
|
-
|
|
48
|
+
|
|
49
|
+
# should not persist since this is single access
|
|
50
|
+
assert_nil controller.session["user_credentials"]
|
|
51
|
+
|
|
46
52
|
set_request_content_type("application/rss+xml")
|
|
47
53
|
assert session.persisting?
|
|
48
54
|
assert_equal ben, session.unauthorized_record
|
|
@@ -50,4 +56,4 @@ module SessionTest
|
|
|
50
56
|
end
|
|
51
57
|
end
|
|
52
58
|
end
|
|
53
|
-
end
|
|
59
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
module PasswordTest
|
|
@@ -21,26 +21,25 @@ module SessionTest
|
|
|
21
21
|
|
|
22
22
|
def test_generalize_credentials_error_mesages_set_to_false
|
|
23
23
|
UserSession.generalize_credentials_error_messages false
|
|
24
|
-
|
|
25
|
-
session = UserSession.create(:
|
|
24
|
+
refute UserSession.generalize_credentials_error_messages
|
|
25
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
26
26
|
assert_equal ["Password is not valid"], session.errors.full_messages
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def test_generalize_credentials_error_messages_set_to_true
|
|
30
30
|
UserSession.generalize_credentials_error_messages true
|
|
31
31
|
assert UserSession.generalize_credentials_error_messages
|
|
32
|
-
session = UserSession.create(:
|
|
32
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
33
33
|
assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
def test_generalize_credentials_error_messages_set_to_string
|
|
37
|
-
UserSession.generalize_credentials_error_messages= "Custom Error Message"
|
|
37
|
+
UserSession.generalize_credentials_error_messages = "Custom Error Message"
|
|
38
38
|
assert UserSession.generalize_credentials_error_messages
|
|
39
|
-
session = UserSession.create(:
|
|
39
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
40
40
|
assert_equal ["Custom Error Message"], session.errors.full_messages
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
-
|
|
44
43
|
def test_login_field
|
|
45
44
|
UserSession.configured_password_methods = false
|
|
46
45
|
UserSession.login_field = :saweet
|
|
@@ -80,23 +79,23 @@ module SessionTest
|
|
|
80
79
|
|
|
81
80
|
def test_credentials
|
|
82
81
|
session = UserSession.new
|
|
83
|
-
session.credentials = {:
|
|
82
|
+
session.credentials = { login: "login", password: "pass" }
|
|
84
83
|
assert_equal "login", session.login
|
|
85
84
|
assert_nil session.password
|
|
86
85
|
assert_equal "pass", session.send(:protected_password)
|
|
87
|
-
assert_equal({:
|
|
86
|
+
assert_equal({ password: "<protected>", login: "login" }, session.credentials)
|
|
88
87
|
end
|
|
89
88
|
|
|
90
89
|
def test_credentials_are_params_safe
|
|
91
90
|
session = UserSession.new
|
|
92
|
-
assert_nothing_raised { session.credentials = {:
|
|
91
|
+
assert_nothing_raised { session.credentials = { hacker_method: "error!" } }
|
|
93
92
|
end
|
|
94
93
|
|
|
95
94
|
def test_save_with_credentials
|
|
96
95
|
aaron = users(:aaron)
|
|
97
|
-
session = UserSession.new(:
|
|
96
|
+
session = UserSession.new(login: aaron.login, password: "aaronrocks")
|
|
98
97
|
assert session.save
|
|
99
|
-
|
|
98
|
+
refute session.new_session?
|
|
100
99
|
assert_equal 1, session.record.login_count
|
|
101
100
|
assert Time.now >= session.record.current_login_at
|
|
102
101
|
assert_equal "1.1.1.1", session.record.current_login_ip
|
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
class PerishabilityTest < ActiveSupport::TestCase
|
|
5
5
|
def test_after_save
|
|
6
6
|
ben = users(:ben)
|
|
7
7
|
old_perishable_token = ben.perishable_token
|
|
8
|
-
|
|
8
|
+
UserSession.create(ben)
|
|
9
9
|
assert_not_equal old_perishable_token, ben.perishable_token
|
|
10
|
-
|
|
10
|
+
|
|
11
11
|
drew = employees(:drew)
|
|
12
|
-
|
|
12
|
+
refute UserSession.create(drew).new_session?
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
|
-
end
|
|
15
|
+
end
|
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
class PersistenceTest < ActiveSupport::TestCase
|
|
5
5
|
def test_find
|
|
6
6
|
aaron = users(:aaron)
|
|
7
|
-
|
|
7
|
+
refute UserSession.find
|
|
8
|
+
UserSession.allow_http_basic_auth = true
|
|
8
9
|
http_basic_auth_for(aaron) { assert UserSession.find }
|
|
9
10
|
set_cookie_for(aaron)
|
|
10
11
|
assert UserSession.find
|
|
@@ -22,7 +23,7 @@ module SessionTest
|
|
|
22
23
|
aaron = users(:aaron)
|
|
23
24
|
session = UserSession.new(aaron)
|
|
24
25
|
session.remember_me = true
|
|
25
|
-
|
|
26
|
+
refute UserSession.remember_me
|
|
26
27
|
assert session.save
|
|
27
28
|
assert session.remember_me?
|
|
28
29
|
session = UserSession.find(aaron)
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "test_helper"
|
|
2
2
|
|
|
3
3
|
module SessionTest
|
|
4
4
|
class ScopesTest < ActiveSupport::TestCase
|
|
@@ -6,7 +6,7 @@ module SessionTest
|
|
|
6
6
|
assert_nil Authlogic::Session::Base.scope
|
|
7
7
|
|
|
8
8
|
thread1 = Thread.new do
|
|
9
|
-
scope = {:
|
|
9
|
+
scope = { id: :scope1 }
|
|
10
10
|
Authlogic::Session::Base.send(:scope=, scope)
|
|
11
11
|
assert_equal scope, Authlogic::Session::Base.scope
|
|
12
12
|
end
|
|
@@ -15,7 +15,7 @@ module SessionTest
|
|
|
15
15
|
assert_nil Authlogic::Session::Base.scope
|
|
16
16
|
|
|
17
17
|
thread2 = Thread.new do
|
|
18
|
-
scope = {:
|
|
18
|
+
scope = { id: :scope2 }
|
|
19
19
|
Authlogic::Session::Base.send(:scope=, scope)
|
|
20
20
|
assert_equal scope, Authlogic::Session::Base.scope
|
|
21
21
|
end
|
|
@@ -27,17 +27,23 @@ module SessionTest
|
|
|
27
27
|
def test_with_scope_method
|
|
28
28
|
assert_raise(ArgumentError) { UserSession.with_scope }
|
|
29
29
|
|
|
30
|
-
UserSession.with_scope(:
|
|
31
|
-
assert_equal(
|
|
30
|
+
UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
|
|
31
|
+
assert_equal(
|
|
32
|
+
{ find_options: { conditions: "awesome = 1" }, id: "some_id" },
|
|
33
|
+
UserSession.scope
|
|
34
|
+
)
|
|
32
35
|
end
|
|
33
36
|
|
|
34
37
|
assert_nil UserSession.scope
|
|
35
38
|
end
|
|
36
39
|
|
|
37
40
|
def test_initialize
|
|
38
|
-
UserSession.with_scope(:
|
|
41
|
+
UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
|
|
39
42
|
session = UserSession.new
|
|
40
|
-
assert_equal(
|
|
43
|
+
assert_equal(
|
|
44
|
+
{ find_options: { conditions: "awesome = 1" }, id: "some_id" },
|
|
45
|
+
session.scope
|
|
46
|
+
)
|
|
41
47
|
session.id = :another_id
|
|
42
48
|
assert_equal "another_id_some_id_test", session.send(:build_key, "test")
|
|
43
49
|
end
|
|
@@ -51,10 +57,10 @@ module SessionTest
|
|
|
51
57
|
session = UserSession.new
|
|
52
58
|
assert_equal zack, session.send(:search_for_record, "find_by_login", zack.login)
|
|
53
59
|
|
|
54
|
-
session.scope = {:
|
|
60
|
+
session.scope = { find_options: { conditions: ["company_id = ?", binary_logic.id] } }
|
|
55
61
|
assert_nil session.send(:search_for_record, "find_by_login", zack.login)
|
|
56
62
|
|
|
57
63
|
assert_equal ben, session.send(:search_for_record, "find_by_login", ben.login)
|
|
58
64
|
end
|
|
59
65
|
end
|
|
60
|
-
end
|
|
66
|
+
end
|