authlogic 3.8.0 → 4.0.0

data/test/adapter_test.rb

@@ -0,0 +1,21 @@
+require 'test_helper'
+
+module Authlogic
+  module ControllerAdapters
+    class AbstractAdapterTest < ActiveSupport::TestCase
+      def test_controller
+        controller = Class.new(MockController) do
+          def controller.an_arbitrary_method
+            'bar'
+          end
+        end.new
+        adapter = Authlogic::ControllerAdapters::AbstractAdapter.new(controller)
+
+        assert_equal controller, adapter.controller
+        assert controller.params.equal?(adapter.params)
+        assert adapter.respond_to?(:an_arbitrary_method)
+        assert_equal 'bar', adapter.an_arbitrary_method
+      end
+    end
+  end
+end

data/test/gemfiles/Gemfile.rails-4.2.x

@@ -1,7 +1,7 @@
 source "https://rubygems.org"
 gemspec :path => "./../.."
 
-gem "activerecord", "~> 4.2.0"
-gem "activesupport", "~> 4.2.0"
+gem "activerecord", "~> 4.2.8.rc1"
+gem "activesupport", "~> 4.2.8.rc1"
 gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
 gem 'sqlite3', :platforms => :ruby

data/test/gemfiles/Gemfile.rails-5.0.x

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 gemspec :path => "./../.."
 
-gem "activerecord", "~> 5.0.0"
-gem "activesupport", "~> 5.0.0"
+gem "activerecord", "~> 5.0.1"
+gem "activesupport", "~> 5.0.1"
 gem 'sqlite3', :platforms => :ruby

data/test/gemfiles/Gemfile.rails-master

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+gemspec :path => "./../.."
+
+gem "activerecord", github: "rails/rails"
+gem "activesupport", github: "rails/rails"
+gem "sqlite3", :platforms => :ruby

data/test/i18n_test.rb

@@ -20,7 +20,7 @@ class I18nTest < ActiveSupport::TestCase
 
     assert_nothing_raised do
       Authlogic::I18n.translator = Class.new do
-        def translate(key, options = {})
+        def translate(key, _options = {})
           "Translated: #{key}"
         end
       end.new

data/test/libs/company.rb

@@ -1,6 +1,6 @@
 class Company < ActiveRecord::Base
   authenticates_many :employee_sessions
   authenticates_many :user_sessions, scope_cookies: true
-  has_many :employees, :dependent => :destroy
-  has_many :users, :dependent => :destroy
+  has_many :employees, dependent: :destroy
+  has_many :users, dependent: :destroy
 end

data/test/random_test.rb

@@ -1,43 +1,13 @@
 require 'test_helper'
 
 class RandomTest < ActiveSupport::TestCase
-  def test_random_tokens_are_indeed_random
-    # this might fail if you are *really* unlucky :)
-    with_any_random do
-      assert_not_equal Authlogic::Random.hex_token,       Authlogic::Random.hex_token
-      assert_not_equal Authlogic::Random.friendly_token,  Authlogic::Random.friendly_token
-    end
+  def test_that_hex_tokens_are_unique
+    tokens = Array.new(100) { Authlogic::Random.hex_token }
+    assert_equal tokens.size, tokens.uniq.size
   end
 
-  private
-
-    def with_any_random(&block)
-      [true, false].each { |val| with_secure_random_enabled(val, &block) }
-    end
-
-    def with_secure_random_enabled(enabled = true)
-      # can't really test SecureRandom if we don't have an implementation
-      return if enabled && !Authlogic::Random::SecureRandom
-
-      current_sec_rand = Authlogic::Random::SecureRandom
-      reload_authlogic_with_sec_random!(current_sec_rand, enabled)
-
-      yield
-    ensure
-      reload_authlogic_with_sec_random!(current_sec_rand)
-    end
-
-    def reload_authlogic_with_sec_random!(secure_random, enabled = true)
-      silence_warnings do
-        secure_random.parent.const_set(secure_random.name.sub("#{secure_random.parent}::", ''), enabled ? secure_random : nil)
-        load(File.dirname(__FILE__) + '/../lib/authlogic/random.rb')
-      end
-    end
-
-    def silence_warnings
-      old_verbose, $VERBOSE = $VERBOSE, nil
-      yield
-    ensure
-      $VERBOSE = old_verbose
-    end
+  def test_that_friendly_tokens_are_unique
+    tokens = Array.new(100) { Authlogic::Random.friendly_token }
+    assert_equal tokens.size, tokens.uniq.size
+  end
 end

data/test/session_test/active_record_trickery_test.rb

@@ -3,7 +3,8 @@ require 'test_helper'
 module SessionTest
   module ActiveRecordTrickeryTest
     class ClassMethodsTest < ActiveSupport::TestCase
-      i_suck_and_my_tests_are_order_dependent! # If test_human_name is executed after test_i18n_of_human_name the test will fail.
+      # If test_human_name is executed after test_i18n_of_human_name the test will fail.
+      i_suck_and_my_tests_are_order_dependent!
 
       def test_human_attribute_name
         assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
@@ -15,12 +16,12 @@ module SessionTest
       end
 
       def test_i18n_of_human_name
-        I18n.backend.store_translations 'en', :authlogic => { :models => { :user_session => "MySession" } }
+        I18n.backend.store_translations 'en', authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.human_name
       end
 
       def test_i18n_of_model_name_human
-        I18n.backend.store_translations 'en', :authlogic => { :models => { :user_session => "MySession" } }
+        I18n.backend.store_translations 'en', authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.model_name.human
       end
 

data/test/session_test/brute_force_protection_test.rb

@@ -25,7 +25,7 @@ module SessionTest
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
         assert ben.save
-        session = UserSession.create(:login => ben.login, :password => "benrocks")
+        session = UserSession.create(login: ben.login, password: "benrocks")
         refute session.new_session?
       end
 
@@ -33,7 +33,7 @@ module SessionTest
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit
         assert ben.save
-        session = UserSession.create(:login => ben.login, :password => "benrocks")
+        session = UserSession.create(login: ben.login, password: "benrocks")
         assert session.new_session?
         assert UserSession.create(ben).new_session?
         ben.reload
@@ -46,13 +46,13 @@ module SessionTest
         ben = users(:ben)
 
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          session = UserSession.new(login: ben.login, password: "badpassword1")
           refute session.save
           refute session.errors[:password].empty?
           assert_equal i + 1, ben.reload.failed_login_count
         end
 
-        session = UserSession.new(:login => ben.login, :password => "badpassword2")
+        session = UserSession.new(login: ben.login, password: "badpassword2")
         refute session.save
         assert session.errors[:password].empty?
         assert_equal 3, ben.reload.failed_login_count
@@ -66,7 +66,7 @@ module SessionTest
         ben = users(:ben)
 
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          session = UserSession.new(login: ben.login, password: "badpassword1")
           refute session.save
           assert session.invalid_password?
           assert_equal i + 1, ben.reload.failed_login_count
@@ -75,7 +75,7 @@ module SessionTest
         ActiveRecord::Base.connection.execute(
           "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
         )
-        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        session = UserSession.new(login: ben.login, password: "benrocks")
         assert session.save
         assert_equal 0, ben.reload.failed_login_count
 
@@ -88,7 +88,7 @@ module SessionTest
         ben = users(:ben)
 
         2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          session = UserSession.new(login: ben.login, password: "badpassword1")
           refute session.save
           refute session.errors[:password].empty?
           assert_equal i + 1, ben.reload.failed_login_count
@@ -97,7 +97,7 @@ module SessionTest
         ActiveRecord::Base.connection.execute(
           "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
         )
-        session = UserSession.new(:login => ben.login, :password => "badpassword1")
+        session = UserSession.new(login: ben.login, password: "badpassword1")
         refute session.save
         assert_equal 1, ben.reload.failed_login_count
 

data/test/session_test/callbacks_test.rb

@@ -3,7 +3,7 @@ require 'test_helper'
 module SessionTest
   class CallbacksTest < ActiveSupport::TestCase
     def setup
-     WackyUserSession.reset_callbacks(:persist)
+      WackyUserSession.reset_callbacks(:persist)
     end
 
     def test_no_callbacks

data/test/session_test/cookies_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 module SessionTest
   module CookiesTest
-    class ConfiTest < ActiveSupport::TestCase
+    class ConfigTest < ActiveSupport::TestCase
       def test_cookie_key
         UserSession.cookie_key = "my_cookie_key"
         assert_equal "my_cookie_key", UserSession.cookie_key
@@ -43,7 +43,6 @@ module SessionTest
       end
 
       def test_secure
-        UserSession.secure = true
         assert_equal true, UserSession.secure
         session = UserSession.new
         assert_equal true, session.secure
@@ -55,7 +54,6 @@ module SessionTest
       end
 
       def test_httponly
-        UserSession.httponly = true
         assert_equal true, UserSession.httponly
         session = UserSession.new
         assert_equal true, session.httponly
@@ -66,6 +64,21 @@ module SessionTest
         assert_equal false, session.httponly
       end
 
+      def test_same_site
+        assert_nil UserSession.same_site
+        assert_nil UserSession.new.same_site
+
+        UserSession.same_site 'Strict'
+        assert_equal 'Strict', UserSession.same_site
+        session = UserSession.new
+        assert_equal 'Strict', session.same_site
+        session.same_site = 'Lax'
+        assert_equal 'Lax', session.same_site
+
+        assert_raise(ArgumentError) { UserSession.same_site 'foo' }
+        assert_raise(ArgumentError) { UserSession.new.same_site 'foo' }
+      end
+
       def test_sign_cookie
         UserSession.sign_cookie = true
         assert_equal true, UserSession.sign_cookie
@@ -82,7 +95,7 @@ module SessionTest
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_credentials
         session = UserSession.new
-        session.credentials = { :remember_me => true }
+        session.credentials = { remember_me: true }
         assert_equal true, session.remember_me
       end
 
@@ -188,6 +201,16 @@ module SessionTest
         end
       end
 
+      def test_after_save_save_cookie_with_same_site
+        session = UserSession.new(users(:ben))
+        session.same_site = 'Strict'
+        assert session.save
+        assert_equal(
+          'Strict',
+          controller.cookies.set_cookies['user_credentials'][:same_site]
+        )
+      end
+
       def test_after_destroy_destroy_cookie
         ben = users(:ben)
         set_cookie_for(ben)

data/test/session_test/existence_test.rb

@@ -5,22 +5,22 @@ module SessionTest
     class ClassMethodsTest < ActiveSupport::TestCase
       def test_create_with_good_credentials
         ben = users(:ben)
-        session = UserSession.create(:login => ben.login, :password => "benrocks")
+        session = UserSession.create(login: ben.login, password: "benrocks")
         refute session.new_session?
       end
 
       def test_create_with_bad_credentials
-        session = UserSession.create(:login => "somelogin", :password => "badpw2")
+        session = UserSession.create(login: "somelogin", password: "badpw2")
         assert session.new_session?
       end
 
       def test_create_bang
         ben = users(:ben)
         err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
-          UserSession.create!(:login => ben.login, :password => "badpw")
+          UserSession.create!(login: ben.login, password: "badpw")
         end
         assert_includes err.message, "Password is not valid"
-        refute UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
+        refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
       end
     end
 
@@ -71,5 +71,16 @@ module SessionTest
         refute session.record
       end
     end
+
+    class SessionInvalidErrorTest < ActiveSupport::TestCase
+      def test_message
+        session = UserSession.new
+        assert !session.valid?
+        error = Authlogic::Session::Existence::SessionInvalidError.new(session)
+        message = "Your session is invalid and has the following errors: " +
+          session.errors.full_messages.to_sentence
+        assert_equal message, error.message
+      end
+    end
   end
 end

data/test/session_test/foundation_test.rb

@@ -1,6 +1,22 @@
 require 'test_helper'
 
+# We forbid the use of AC::Parameters, and we have a test to that effect, but we
+# do not want a development dependency on `actionpack`, so we define it here.
+module ActionController
+  class Parameters; end
+end
+
 module SessionTest
   class FoundationTest < ActiveSupport::TestCase
+    def test_credentials_raise_if_not_a_hash
+      session = UserSession.new
+      e = assert_raises(TypeError) {
+        session.credentials = ActionController::Parameters.new
+      }
+      assert_equal(
+        ::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
+        e.message
+      )
+    end
   end
 end

data/test/session_test/http_auth_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 module SessionTest
   class HttpAuthTest < ActiveSupport::TestCase
-    class ConfiTest < ActiveSupport::TestCase
+    class ConfigTest < ActiveSupport::TestCase
       def test_allow_http_basic_auth
         UserSession.allow_http_basic_auth = false
         assert_equal false, UserSession.allow_http_basic_auth
@@ -28,6 +28,8 @@ module SessionTest
 
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_persist_persist_by_http_auth
+        UserSession.allow_http_basic_auth = true
+
         aaron = users(:aaron)
         http_basic_auth_for do
           refute UserSession.find

data/test/session_test/magic_columns_test.rb

@@ -27,7 +27,7 @@ module SessionTest
       def test_valid_increase_failed_login_count
         ben = users(:ben)
         old_failed_login_count = ben.failed_login_count
-        session = UserSession.create(:login => ben.login, :password => "wrong")
+        session = UserSession.create(login: ben.login, password: "wrong")
         assert session.new_session?
         ben.reload
         assert_equal old_failed_login_count + 1, ben.failed_login_count
@@ -37,24 +37,22 @@ module SessionTest
         aaron = users(:aaron)
 
         # increase failed login count
-        session = UserSession.create(:login => aaron.login, :password => "wrong")
+        session = UserSession.create(login: aaron.login, password: "wrong")
         assert session.new_session?
         aaron.reload
+        assert_equal 0, aaron.login_count
+        assert_nil aaron.current_login_at
+        assert_nil aaron.current_login_ip
 
-        # grab old values
-        old_login_count = aaron.login_count
-        old_current_login_at = aaron.current_login_at
-        old_current_login_ip = aaron.current_login_ip
-
-        session = UserSession.create(:login => aaron.login, :password => "aaronrocks")
+        session = UserSession.create(login: aaron.login, password: "aaronrocks")
         assert session.valid?
 
         aaron.reload
-        assert_equal old_login_count + 1, aaron.login_count
+        assert_equal 1, aaron.login_count
         assert_equal 0, aaron.failed_login_count
-        assert_equal old_current_login_at, aaron.last_login_at
-        assert aaron.current_login_at != old_current_login_at
-        assert_equal old_current_login_ip, aaron.last_login_ip
+        assert_nil aaron.last_login_at
+        assert_not_nil aaron.current_login_at
+        assert_nil aaron.last_login_ip
         assert_equal "1.1.1.1", aaron.current_login_ip
       end
     end

data/test/session_test/params_test.rb

@@ -16,7 +16,10 @@ module SessionTest
         assert_equal ["my request type"], UserSession.single_access_allowed_request_types
 
         UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
-        assert_equal ["application/rss+xml", "application/atom+xml"], UserSession.single_access_allowed_request_types
+        assert_equal(
+          ["application/rss+xml", "application/atom+xml"],
+          UserSession.single_access_allowed_request_types
+        )
       end
     end
 

data/test/session_test/password_test.rb

@@ -22,21 +22,21 @@ module SessionTest
       def test_generalize_credentials_error_mesages_set_to_false
         UserSession.generalize_credentials_error_messages false
         refute UserSession.generalize_credentials_error_messages
-        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        session = UserSession.create(login: users(:ben).login, password: "invalud-password")
         assert_equal ["Password is not valid"], session.errors.full_messages
       end
 
       def test_generalize_credentials_error_messages_set_to_true
         UserSession.generalize_credentials_error_messages true
         assert UserSession.generalize_credentials_error_messages
-        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        session = UserSession.create(login: users(:ben).login, password: "invalud-password")
         assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
       end
 
       def test_generalize_credentials_error_messages_set_to_string
         UserSession.generalize_credentials_error_messages = "Custom Error Message"
         assert UserSession.generalize_credentials_error_messages
-        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        session = UserSession.create(login: users(:ben).login, password: "invalud-password")
         assert_equal ["Custom Error Message"], session.errors.full_messages
       end
 
@@ -79,21 +79,21 @@ module SessionTest
 
       def test_credentials
         session = UserSession.new
-        session.credentials = { :login => "login", :password => "pass" }
+        session.credentials = { login: "login", password: "pass" }
         assert_equal "login", session.login
         assert_nil session.password
         assert_equal "pass", session.send(:protected_password)
-        assert_equal({ :password => "<protected>", :login => "login" }, session.credentials)
+        assert_equal({ password: "<protected>", login: "login" }, session.credentials)
       end
 
       def test_credentials_are_params_safe
         session = UserSession.new
-        assert_nothing_raised { session.credentials = { :hacker_method => "error!" } }
+        assert_nothing_raised { session.credentials = { hacker_method: "error!" } }
       end
 
       def test_save_with_credentials
         aaron = users(:aaron)
-        session = UserSession.new(:login => aaron.login, :password => "aaronrocks")
+        session = UserSession.new(login: aaron.login, password: "aaronrocks")
         assert session.save
         refute session.new_session?
         assert_equal 1, session.record.login_count