authlogic 3.5.0 → 3.8.0

data/test/session_test/cookies_test.rb

@@ -89,11 +89,11 @@ module SessionTest
       def test_remember_me
         session = UserSession.new
         assert_equal false, session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
 
         session.remember_me = false
         assert_equal false, session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
 
         session.remember_me = true
         assert_equal true, session.remember_me
@@ -101,7 +101,7 @@ module SessionTest
 
         session.remember_me = nil
         assert_nil session.remember_me
-        assert !session.remember_me?
+        refute session.remember_me?
 
         session.remember_me = "1"
         assert_equal "1", session.remember_me
@@ -122,7 +122,7 @@ module SessionTest
 
       def test_persist_persist_by_cookie
         ben = users(:ben)
-        assert !UserSession.find
+        refute UserSession.find
         set_cookie_for(ben)
         assert session = UserSession.find
         assert_equal ben, session.record
@@ -131,9 +131,9 @@ module SessionTest
       def test_persist_persist_by_cookie_with_blank_persistence_token
         ben = users(:ben)
         ben.update_column(:persistence_token, "")
-        assert !UserSession.find
+        refute UserSession.find
         set_cookie_for(ben)
-        assert !UserSession.find
+        refute UserSession.find
       end
 
       def test_remember_me_expired
@@ -141,19 +141,22 @@ module SessionTest
         session = UserSession.new(ben)
         session.remember_me = true
         assert session.save
-        assert !session.remember_me_expired?
+        refute session.remember_me_expired?
 
         session = UserSession.new(ben)
         session.remember_me = false
         assert session.save
-        assert !session.remember_me_expired?
+        refute session.remember_me_expired?
       end
 
       def test_after_save_save_cookie
         ben = users(:ben)
         session = UserSession.new(ben)
         assert session.save
-        assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+        assert_equal(
+          "#{ben.persistence_token}::#{ben.id}",
+          controller.cookies["user_credentials"]
+        )
       end
 
       def test_after_save_save_cookie_signed
@@ -166,7 +169,10 @@ module SessionTest
         session.sign_cookie = true
         assert session.save
         assert_equal payload, controller.cookies.signed["user_credentials"]
-        assert_equal "#{payload}--#{Digest::SHA1.hexdigest payload}", controller.cookies.signed.parent_jar["user_credentials"]
+        assert_equal(
+          "#{payload}--#{Digest::SHA1.hexdigest payload}",
+          controller.cookies.signed.parent_jar["user_credentials"]
+        )
       end
 
       def test_after_save_save_cookie_with_remember_me
@@ -175,7 +181,10 @@ module SessionTest
           session = UserSession.new(ben)
           session.remember_me = true
           assert session.save
-          assert_equal "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}", controller.cookies["user_credentials"]
+          assert_equal(
+            "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
+            controller.cookies["user_credentials"]
+          )
         end
       end
 
@@ -185,7 +194,7 @@ module SessionTest
         session = UserSession.find
         assert controller.cookies["user_credentials"]
         assert session.destroy
-        assert !controller.cookies["user_credentials"]
+        refute controller.cookies["user_credentials"]
       end
     end
   end

data/test/session_test/existence_test.rb

@@ -3,10 +3,15 @@ require 'test_helper'
 module SessionTest
   module ExistenceTest
     class ClassMethodsTest < ActiveSupport::TestCase
-      def test_create
+      def test_create_with_good_credentials
         ben = users(:ben)
-        assert UserSession.create(:login => "somelogin", :password => "badpw2").new_session?
-        refute UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        session = UserSession.create(:login => ben.login, :password => "benrocks")
+        refute session.new_session?
+      end
+
+      def test_create_with_bad_credentials
+        session = UserSession.create(:login => "somelogin", :password => "badpw2")
+        assert session.new_session?
       end
 
       def test_create_bang
@@ -26,21 +31,21 @@ module SessionTest
 
         set_session_for(users(:ben))
         session = UserSession.find
-        assert !session.new_session?
+        refute session.new_session?
       end
 
       def test_save_with_nothing
         session = UserSession.new
-        assert !session.save
+        refute session.save
         assert session.new_session?
       end
 
       def test_save_with_block
         session = UserSession.new
         block_result = session.save do |result|
-          assert !result
+          refute result
         end
-        assert !block_result
+        refute block_result
         assert session.new_session?
       end
 
@@ -55,15 +60,15 @@ module SessionTest
       def test_destroy
         ben = users(:ben)
         session = UserSession.new
-        assert !session.valid?
-        assert !session.errors.empty?
+        refute session.valid?
+        refute session.errors.empty?
         assert session.destroy
         assert session.errors.empty?
         session.unauthorized_record = ben
         assert session.save
         assert session.record
         assert session.destroy
-        assert !session.record
+        refute session.record
       end
     end
   end

data/test/session_test/http_auth_test.rb

@@ -30,14 +30,14 @@ module SessionTest
       def test_persist_persist_by_http_auth
         aaron = users(:aaron)
         http_basic_auth_for do
-          assert !UserSession.find
+          refute UserSession.find
         end
         http_basic_auth_for(aaron) do
           assert session = UserSession.find
           assert_equal aaron, session.record
           assert_equal aaron.login, session.login
           assert_equal "aaronrocks", session.send(:protected_password)
-          assert !controller.http_auth_requested?
+          refute controller.http_auth_requested?
         end
         unset_session
         UserSession.request_http_basic_auth = true

data/test/session_test/magic_columns_test.rb

@@ -15,7 +15,7 @@ module SessionTest
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_after_persisting_set_last_request_at
         ben = users(:ben)
-        assert !UserSession.create(ben).new_session?
+        refute UserSession.create(ben).new_session?
 
         set_cookie_for(ben)
         old_last_request_at = ben.last_request_at
@@ -27,7 +27,8 @@ module SessionTest
       def test_valid_increase_failed_login_count
         ben = users(:ben)
         old_failed_login_count = ben.failed_login_count
-        assert UserSession.create(:login => ben.login, :password => "wrong").new_session?
+        session = UserSession.create(:login => ben.login, :password => "wrong")
+        assert session.new_session?
         ben.reload
         assert_equal old_failed_login_count + 1, ben.failed_login_count
       end
@@ -36,7 +37,8 @@ module SessionTest
         aaron = users(:aaron)
 
         # increase failed login count
-        assert UserSession.create(:login => aaron.login, :password => "wrong").new_session?
+        session = UserSession.create(:login => aaron.login, :password => "wrong")
+        assert session.new_session?
         aaron.reload
 
         # grab old values
@@ -44,7 +46,8 @@ module SessionTest
         old_current_login_at = aaron.current_login_at
         old_current_login_ip = aaron.current_login_ip
 
-        assert UserSession.create(:login => aaron.login, :password => "aaronrocks").valid?
+        session = UserSession.create(:login => aaron.login, :password => "aaronrocks")
+        assert session.valid?
 
         aaron.reload
         assert_equal old_login_count + 1, aaron.login_count

data/test/session_test/magic_states_test.rb

@@ -15,11 +15,9 @@ module SessionTest
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_disabling_magic_states
         UserSession.disable_magic_states = true
-
         ben = users(:ben)
         ben.update_attribute(:active, false)
-        assert UserSession.create(ben)
-
+        refute UserSession.create(ben).new_session?
         UserSession.disable_magic_states = false
       end
 
@@ -30,8 +28,8 @@ module SessionTest
         assert session.valid?
 
         ben.update_attribute(:active, false)
-        assert !session.valid?
-        assert session.errors[:base].size > 0
+        refute session.valid?
+        refute session.errors[:base].empty?
       end
 
       def test_validate_validate_magic_states_approved
@@ -41,8 +39,8 @@ module SessionTest
         assert session.valid?
 
         ben.update_attribute(:approved, false)
-        assert !session.valid?
-        assert session.errors[:base].size > 0
+        refute session.valid?
+        refute session.errors[:base].empty?
       end
 
       def test_validate_validate_magic_states_confirmed
@@ -52,8 +50,8 @@ module SessionTest
         assert session.valid?
 
         ben.update_attribute(:confirmed, false)
-        assert !session.valid?
-        assert session.errors[:base].size > 0
+        refute session.valid?
+        refute session.errors[:base].empty?
       end
     end
   end

data/test/session_test/params_test.rb

@@ -25,17 +25,17 @@ module SessionTest
         ben = users(:ben)
         session = UserSession.new
 
-        assert !session.persisting?
+        refute session.persisting?
         set_params_for(ben)
 
-        assert !session.persisting?
-        assert !session.unauthorized_record
-        assert !session.record
+        refute session.persisting?
+        refute session.unauthorized_record
+        refute session.record
         assert_nil controller.session["user_credentials"]
 
         set_request_content_type("text/plain")
-        assert !session.persisting?
-        assert !session.unauthorized_record
+        refute session.persisting?
+        refute session.unauthorized_record
         assert_nil controller.session["user_credentials"]
 
         set_request_content_type("application/atom+xml")

data/test/session_test/password_test.rb

@@ -21,7 +21,7 @@ module SessionTest
 
       def test_generalize_credentials_error_mesages_set_to_false
         UserSession.generalize_credentials_error_messages false
-        assert !UserSession.generalize_credentials_error_messages
+        refute UserSession.generalize_credentials_error_messages
         session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
         assert_equal ["Password is not valid"], session.errors.full_messages
       end
@@ -95,7 +95,7 @@ module SessionTest
         aaron = users(:aaron)
         session = UserSession.new(:login => aaron.login, :password => "aaronrocks")
         assert session.save
-        assert !session.new_session?
+        refute session.new_session?
         assert_equal 1, session.record.login_count
         assert Time.now >= session.record.current_login_at
         assert_equal "1.1.1.1", session.record.current_login_ip

data/test/session_test/perishability_test.rb

@@ -9,7 +9,7 @@ module SessionTest
       assert_not_equal old_perishable_token, ben.perishable_token
 
       drew = employees(:drew)
-      assert UserSession.create(drew)
+      refute UserSession.create(drew).new_session?
     end
   end
 end

data/test/session_test/persistence_test.rb

@@ -4,7 +4,7 @@ module SessionTest
   class PersistenceTest < ActiveSupport::TestCase
     def test_find
       aaron = users(:aaron)
-      assert !UserSession.find
+      refute UserSession.find
       http_basic_auth_for(aaron) { assert UserSession.find }
       set_cookie_for(aaron)
       assert UserSession.find
@@ -22,7 +22,7 @@ module SessionTest
       aaron = users(:aaron)
       session = UserSession.new(aaron)
       session.remember_me = true
-      assert !UserSession.remember_me
+      refute UserSession.remember_me
       assert session.save
       assert session.remember_me?
       session = UserSession.find(aaron)

data/test/session_test/timeout_test.rb

@@ -8,7 +8,7 @@ module SessionTest
         assert UserSession.logout_on_timeout
 
         UserSession.logout_on_timeout false
-        assert !UserSession.logout_on_timeout
+        refute UserSession.logout_on_timeout
       end
     end
 
@@ -33,7 +33,7 @@ module SessionTest
         ben.save
 
         assert session.persisting?
-        assert !session.stale?
+        refute session.stale?
         assert_nil session.stale_record
 
         UserSession.logout_on_timeout = false
@@ -63,15 +63,17 @@ module SessionTest
         assert session.save
         Timecop.freeze(Time.now + 2.months)
         assert session.persisting?
-        assert !session.stale?
+        refute session.stale?
         UserSession.remember_me = false
       end
 
       def test_successful_login
         UserSession.logout_on_timeout = true
         ben = users(:ben)
-        assert UserSession.create(:login => ben.login, :password => "benrocks")
-        assert session = UserSession.find
+        session = UserSession.create(:login => ben.login, :password => "benrocks")
+        refute session.new_session?
+        session = UserSession.find
+        assert session
         assert_equal ben, session.record
         UserSession.logout_on_timeout = false
       end

data/test/session_test/validation_test.rb

@@ -9,7 +9,7 @@ module SessionTest
 
     def test_valid
       session = UserSession.new
-      assert !session.valid?
+      refute session.valid?
       assert_nil session.record
       assert session.errors.count > 0
 

data/test/test_helper.rb

@@ -114,13 +114,25 @@ require_relative 'libs/user'
 require_relative 'libs/user_session'
 require_relative 'libs/company'
 
-Authlogic::CryptoProviders::AES256.key = "myafdsfddddddddddddddddddddddddddddddddddddddddddddddd"
+# Recent change, 2017-10-23: We had used a 54-letter string here. In the default
+# encoding, UTF-8, that's 54 bytes, which is clearly incorrect for an algorithm
+# with a 256-bit key, but I guess it worked. With the release of ruby 2.4 (and
+# thus openssl gem 2.0), it is more strict, and must be exactly 32 bytes.
+Authlogic::CryptoProviders::AES256.key = ::OpenSSL::Random.random_bytes(32)
 
 class ActiveSupport::TestCase
   include ActiveRecord::TestFixtures
   self.fixture_path = File.dirname(__FILE__) + "/fixtures"
-  self.use_transactional_fixtures = false
-  self.use_instantiated_fixtures  = false
+
+  # use_transactional_fixtures= is deprecated and will be removed from Rails 5.1
+  # (use use_transactional_tests= instead)
+  if respond_to?(:use_transactional_tests=)
+    self.use_transactional_tests = false
+  else
+    self.use_transactional_fixtures = false
+  end
+
+  self.use_instantiated_fixtures = false
   self.pre_loaded_fixtures = false
   fixtures :all
   setup :activate_authlogic
@@ -191,9 +203,28 @@ class ActiveSupport::TestCase
       controller.request_content_type = nil
     end
 
-    def set_session_for(user)
-      controller.session["user_credentials"] = user.persistence_token
-      controller.session["user_credentials_id"] = user.id
+    def session_credentials_prefix(scope_record)
+      if scope_record.nil?
+        ""
+      else
+        format(
+          "%s_%d_",
+          scope_record.class.model_name.name.underscore,
+          scope_record.id
+        )
+      end
+    end
+
+    # Sets the session variables that `record` (eg. a `User`) would have after
+    # logging in.
+    #
+    # If `record` belongs to an `authenticates_many` association that uses the
+    # `scope_cookies` option, then a `scope_record` can be provided.
+    def set_session_for(record, scope_record = nil)
+      prefix = session_credentials_prefix(scope_record)
+      record_class_name = record.class.model_name.name.underscore
+      controller.session["#{prefix}#{record_class_name}_credentials"] = record.persistence_token
+      controller.session["#{prefix}#{record_class_name}_credentials_id"] = record.id
     end
 
     def unset_session