authlogic 3.8.0 → 4.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +28 -0
- data/.github/ISSUE_TEMPLATE/feature_proposal.md +32 -0
- data/.github/triage.md +86 -0
- data/.gitignore +4 -3
- data/.rubocop.yml +109 -9
- data/.rubocop_todo.yml +38 -355
- data/.travis.yml +11 -35
- data/CHANGELOG.md +345 -2
- data/CONTRIBUTING.md +45 -14
- data/Gemfile +3 -2
- data/README.md +244 -90
- data/Rakefile +10 -10
- data/UPGRADING.md +22 -0
- data/authlogic.gemspec +34 -21
- data/doc/use_normal_rails_validation.md +82 -0
- data/gemfiles/Gemfile.rails-4.2.x +6 -0
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.1.x +2 -2
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.2.x +2 -2
- data/lib/authlogic/acts_as_authentic/base.rb +36 -24
- data/lib/authlogic/acts_as_authentic/email.rb +65 -31
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +14 -9
- data/lib/authlogic/acts_as_authentic/login.rb +61 -45
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +6 -6
- data/lib/authlogic/acts_as_authentic/password.rb +267 -146
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +24 -19
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -15
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +50 -14
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +88 -60
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +23 -11
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +9 -6
- data/lib/authlogic/authenticates_many/association.rb +7 -7
- data/lib/authlogic/authenticates_many/base.rb +37 -21
- data/lib/authlogic/config.rb +21 -10
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +38 -11
- data/lib/authlogic/controller_adapters/rack_adapter.rb +9 -5
- data/lib/authlogic/controller_adapters/rails_adapter.rb +12 -7
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +2 -2
- data/lib/authlogic/crypto_providers/aes256.rb +37 -32
- data/lib/authlogic/crypto_providers/bcrypt.rb +21 -15
- data/lib/authlogic/crypto_providers/md5.rb +4 -2
- data/lib/authlogic/crypto_providers/scrypt.rb +22 -17
- data/lib/authlogic/crypto_providers/sha1.rb +11 -5
- data/lib/authlogic/crypto_providers/sha256.rb +13 -9
- data/lib/authlogic/crypto_providers/sha512.rb +0 -21
- data/lib/authlogic/crypto_providers/wordpress.rb +32 -3
- data/lib/authlogic/crypto_providers.rb +91 -0
- data/lib/authlogic/i18n.rb +26 -19
- data/lib/authlogic/random.rb +10 -28
- data/lib/authlogic/regex.rb +59 -28
- data/lib/authlogic/session/activation.rb +10 -7
- data/lib/authlogic/session/active_record_trickery.rb +13 -9
- data/lib/authlogic/session/base.rb +15 -4
- data/lib/authlogic/session/brute_force_protection.rb +40 -33
- data/lib/authlogic/session/callbacks.rb +94 -46
- data/lib/authlogic/session/cookies.rb +130 -45
- data/lib/authlogic/session/existence.rb +21 -11
- data/lib/authlogic/session/foundation.rb +64 -14
- data/lib/authlogic/session/http_auth.rb +35 -28
- data/lib/authlogic/session/id.rb +9 -4
- data/lib/authlogic/session/klass.rb +15 -12
- data/lib/authlogic/session/magic_columns.rb +58 -55
- data/lib/authlogic/session/magic_states.rb +25 -19
- data/lib/authlogic/session/params.rb +42 -28
- data/lib/authlogic/session/password.rb +130 -120
- data/lib/authlogic/session/perishable_token.rb +5 -4
- data/lib/authlogic/session/persistence.rb +18 -12
- data/lib/authlogic/session/priority_record.rb +15 -12
- data/lib/authlogic/session/scopes.rb +51 -32
- data/lib/authlogic/session/session.rb +38 -28
- data/lib/authlogic/session/timeout.rb +13 -13
- data/lib/authlogic/session/unauthorized_record.rb +18 -13
- data/lib/authlogic/session/validation.rb +9 -9
- data/lib/authlogic/test_case/mock_controller.rb +5 -4
- data/lib/authlogic/test_case/mock_cookie_jar.rb +47 -3
- data/lib/authlogic/test_case/mock_request.rb +6 -3
- data/lib/authlogic/test_case/rails_request_adapter.rb +3 -2
- data/lib/authlogic/test_case.rb +70 -2
- data/lib/authlogic/version.rb +21 -0
- data/lib/authlogic.rb +51 -49
- data/test/acts_as_authentic_test/base_test.rb +3 -1
- data/test/acts_as_authentic_test/email_test.rb +43 -42
- data/test/acts_as_authentic_test/logged_in_status_test.rb +6 -4
- data/test/acts_as_authentic_test/login_test.rb +77 -80
- data/test/acts_as_authentic_test/magic_columns_test.rb +3 -1
- data/test/acts_as_authentic_test/password_test.rb +51 -37
- data/test/acts_as_authentic_test/perishable_token_test.rb +13 -5
- data/test/acts_as_authentic_test/persistence_token_test.rb +7 -1
- data/test/acts_as_authentic_test/restful_authentication_test.rb +14 -3
- data/test/acts_as_authentic_test/session_maintenance_test.rb +69 -15
- data/test/acts_as_authentic_test/single_access_test.rb +3 -1
- data/test/adapter_test.rb +23 -0
- data/test/authenticates_many_test.rb +3 -1
- data/test/config_test.rb +11 -9
- data/test/crypto_provider_test/aes256_test.rb +3 -1
- data/test/crypto_provider_test/bcrypt_test.rb +3 -1
- data/test/crypto_provider_test/scrypt_test.rb +3 -1
- data/test/crypto_provider_test/sha1_test.rb +3 -1
- data/test/crypto_provider_test/sha256_test.rb +3 -1
- data/test/crypto_provider_test/sha512_test.rb +3 -1
- data/test/crypto_provider_test/wordpress_test.rb +26 -0
- data/test/fixtures/companies.yml +2 -2
- data/test/fixtures/employees.yml +1 -1
- data/test/i18n_test.rb +6 -4
- data/test/libs/affiliate.rb +2 -0
- data/test/libs/company.rb +4 -2
- data/test/libs/employee.rb +2 -0
- data/test/libs/employee_session.rb +2 -0
- data/test/libs/ldaper.rb +2 -0
- data/test/libs/project.rb +2 -0
- data/test/libs/user.rb +2 -0
- data/test/libs/user_session.rb +4 -2
- data/test/random_test.rb +10 -38
- data/test/session_test/activation_test.rb +3 -1
- data/test/session_test/active_record_trickery_test.rb +7 -4
- data/test/session_test/brute_force_protection_test.rb +11 -9
- data/test/session_test/callbacks_test.rb +12 -4
- data/test/session_test/cookies_test.rb +48 -5
- data/test/session_test/existence_test.rb +18 -5
- data/test/session_test/foundation_test.rb +19 -1
- data/test/session_test/http_auth_test.rb +11 -7
- data/test/session_test/id_test.rb +3 -1
- data/test/session_test/klass_test.rb +3 -1
- data/test/session_test/magic_columns_test.rb +13 -13
- data/test/session_test/magic_states_test.rb +3 -1
- data/test/session_test/params_test.rb +13 -5
- data/test/session_test/password_test.rb +10 -8
- data/test/session_test/perishability_test.rb +3 -1
- data/test/session_test/persistence_test.rb +4 -1
- data/test/session_test/scopes_test.rb +16 -8
- data/test/session_test/session_test.rb +6 -4
- data/test/session_test/timeout_test.rb +4 -2
- data/test/session_test/unauthorized_record_test.rb +4 -2
- data/test/session_test/validation_test.rb +3 -1
- data/test/test_helper.rb +84 -45
- metadata +87 -73
- data/.github/ISSUE_TEMPLATE.md +0 -13
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-5.0.x +0 -6
|
@@ -1,7 +1,18 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module ActsAsAuthenticTest
|
|
4
6
|
class RestfulAuthenticationTest < ActiveSupport::TestCase
|
|
7
|
+
def setup
|
|
8
|
+
@old_deprecation_behavior = ::ActiveSupport::Deprecation.behavior
|
|
9
|
+
::ActiveSupport::Deprecation.behavior = :silence
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def teardown
|
|
13
|
+
::ActiveSupport::Deprecation.behavior = @old_deprecation_behavior
|
|
14
|
+
end
|
|
15
|
+
|
|
5
16
|
def test_act_like_restful_authentication_config
|
|
6
17
|
refute User.act_like_restful_authentication
|
|
7
18
|
refute Employee.act_like_restful_authentication
|
|
@@ -10,7 +21,7 @@ module ActsAsAuthenticTest
|
|
|
10
21
|
assert User.act_like_restful_authentication
|
|
11
22
|
assert_equal Authlogic::CryptoProviders::Sha1, User.crypto_provider
|
|
12
23
|
assert defined?(::REST_AUTH_SITE_KEY)
|
|
13
|
-
assert_equal
|
|
24
|
+
assert_equal "", ::REST_AUTH_SITE_KEY
|
|
14
25
|
assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
|
|
15
26
|
|
|
16
27
|
User.act_like_restful_authentication false
|
|
@@ -27,7 +38,7 @@ module ActsAsAuthenticTest
|
|
|
27
38
|
User.transition_from_restful_authentication = true
|
|
28
39
|
assert User.transition_from_restful_authentication
|
|
29
40
|
assert defined?(::REST_AUTH_SITE_KEY)
|
|
30
|
-
assert_equal
|
|
41
|
+
assert_equal "", ::REST_AUTH_SITE_KEY
|
|
31
42
|
assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
|
|
32
43
|
|
|
33
44
|
User.transition_from_restful_authentication false
|
|
@@ -1,24 +1,62 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module ActsAsAuthenticTest
|
|
4
6
|
class SessionMaintenanceTest < ActiveSupport::TestCase
|
|
5
|
-
def
|
|
6
|
-
|
|
7
|
-
User.
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
7
|
+
def setup
|
|
8
|
+
User.log_in_after_create = true
|
|
9
|
+
User.log_in_after_password_change = true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def test_log_in_after_create_config
|
|
13
|
+
assert User.log_in_after_create
|
|
14
|
+
User.log_in_after_create = false
|
|
15
|
+
refute User.log_in_after_create
|
|
16
|
+
User.log_in_after_create = true
|
|
17
|
+
assert User.log_in_after_create
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def test_log_in_after_password_change_config
|
|
21
|
+
assert User.log_in_after_password_change
|
|
22
|
+
User.log_in_after_password_change = false
|
|
23
|
+
refute User.log_in_after_password_change
|
|
24
|
+
User.log_in_after_password_change = true
|
|
25
|
+
assert User.log_in_after_password_change
|
|
11
26
|
end
|
|
12
27
|
|
|
13
28
|
def test_login_after_create
|
|
29
|
+
User.log_in_after_create = true
|
|
14
30
|
user = User.create(
|
|
15
|
-
:
|
|
16
|
-
:
|
|
17
|
-
:
|
|
18
|
-
:
|
|
31
|
+
login: "awesome",
|
|
32
|
+
password: "saweeeet",
|
|
33
|
+
password_confirmation: "saweeeet",
|
|
34
|
+
email: "awesome@awesome.com"
|
|
19
35
|
)
|
|
20
36
|
assert user.persisted?
|
|
21
37
|
assert UserSession.find
|
|
38
|
+
logged_in_user = UserSession.find.user
|
|
39
|
+
assert_equal logged_in_user, user
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def test_no_login_after_create
|
|
43
|
+
old_user = User.create(
|
|
44
|
+
login: "awesome",
|
|
45
|
+
password: "saweeeet",
|
|
46
|
+
password_confirmation: "saweeeet",
|
|
47
|
+
email: "awesome@awesome.com"
|
|
48
|
+
)
|
|
49
|
+
User.log_in_after_create = false
|
|
50
|
+
user2 = User.create(
|
|
51
|
+
login: "awesome2",
|
|
52
|
+
password: "saweeeet2",
|
|
53
|
+
password_confirmation: "saweeeet2",
|
|
54
|
+
email: "awesome2@awesome.com"
|
|
55
|
+
)
|
|
56
|
+
assert user2.persisted?
|
|
57
|
+
logged_in_user = UserSession.find.user
|
|
58
|
+
assert_not_equal logged_in_user, user2
|
|
59
|
+
assert_equal logged_in_user, old_user
|
|
22
60
|
end
|
|
23
61
|
|
|
24
62
|
def test_updating_session_with_failed_magic_state
|
|
@@ -30,6 +68,7 @@ module ActsAsAuthenticTest
|
|
|
30
68
|
end
|
|
31
69
|
|
|
32
70
|
def test_update_session_after_password_modify
|
|
71
|
+
User.log_in_after_password_change = true
|
|
33
72
|
ben = users(:ben)
|
|
34
73
|
UserSession.create(ben)
|
|
35
74
|
old_session_key = controller.session["user_credentials"]
|
|
@@ -43,6 +82,21 @@ module ActsAsAuthenticTest
|
|
|
43
82
|
assert_not_equal controller.cookies["user_credentials"], old_cookie_key
|
|
44
83
|
end
|
|
45
84
|
|
|
85
|
+
def test_no_update_session_after_password_modify
|
|
86
|
+
User.log_in_after_password_change = false
|
|
87
|
+
ben = users(:ben)
|
|
88
|
+
UserSession.create(ben)
|
|
89
|
+
old_session_key = controller.session["user_credentials"]
|
|
90
|
+
old_cookie_key = controller.cookies["user_credentials"]
|
|
91
|
+
ben.password = "newpasswd"
|
|
92
|
+
ben.password_confirmation = "newpasswd"
|
|
93
|
+
assert ben.save
|
|
94
|
+
assert controller.session["user_credentials"]
|
|
95
|
+
assert controller.cookies["user_credentials"]
|
|
96
|
+
assert_equal controller.session["user_credentials"], old_session_key
|
|
97
|
+
assert_equal controller.cookies["user_credentials"], old_cookie_key
|
|
98
|
+
end
|
|
99
|
+
|
|
46
100
|
def test_no_session_update_after_modify
|
|
47
101
|
ben = users(:ben)
|
|
48
102
|
UserSession.create(ben)
|
|
@@ -60,10 +114,10 @@ module ActsAsAuthenticTest
|
|
|
60
114
|
old_session_key = controller.session["user_credentials"]
|
|
61
115
|
old_cookie_key = controller.cookies["user_credentials"]
|
|
62
116
|
user = User.create(
|
|
63
|
-
:
|
|
64
|
-
:
|
|
65
|
-
:
|
|
66
|
-
:
|
|
117
|
+
login: "awesome",
|
|
118
|
+
password: "saweet", # Password is too short, user invalid
|
|
119
|
+
password_confirmation: "saweet",
|
|
120
|
+
email: "awesome@saweet.com"
|
|
67
121
|
)
|
|
68
122
|
refute user.persisted?
|
|
69
123
|
assert_equal controller.session["user_credentials"], old_session_key
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
4
|
+
|
|
5
|
+
module Authlogic
|
|
6
|
+
module ControllerAdapters
|
|
7
|
+
class AbstractAdapterTest < ActiveSupport::TestCase
|
|
8
|
+
def test_controller
|
|
9
|
+
controller = Class.new(MockController) do
|
|
10
|
+
def controller.an_arbitrary_method
|
|
11
|
+
"bar"
|
|
12
|
+
end
|
|
13
|
+
end.new
|
|
14
|
+
adapter = Authlogic::ControllerAdapters::AbstractAdapter.new(controller)
|
|
15
|
+
|
|
16
|
+
assert_equal controller, adapter.controller
|
|
17
|
+
assert controller.params.equal?(adapter.params)
|
|
18
|
+
assert adapter.respond_to?(:an_arbitrary_method)
|
|
19
|
+
assert_equal "bar", adapter.an_arbitrary_method
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
data/test/config_test.rb
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
class ConfigTest < ActiveSupport::TestCase
|
|
4
6
|
def setup
|
|
@@ -6,7 +8,7 @@ class ConfigTest < ActiveSupport::TestCase
|
|
|
6
8
|
extend Authlogic::Config
|
|
7
9
|
|
|
8
10
|
def self.foobar(value = nil)
|
|
9
|
-
rw_config(:foobar_field, value,
|
|
11
|
+
rw_config(:foobar_field, value, "default_foobar")
|
|
10
12
|
end
|
|
11
13
|
}
|
|
12
14
|
|
|
@@ -18,19 +20,19 @@ class ConfigTest < ActiveSupport::TestCase
|
|
|
18
20
|
end
|
|
19
21
|
|
|
20
22
|
def test_rw_config_read_with_default
|
|
21
|
-
assert
|
|
23
|
+
assert "default_foobar", @klass.foobar
|
|
22
24
|
end
|
|
23
25
|
|
|
24
26
|
def test_rw_config_write
|
|
25
|
-
assert_equal
|
|
26
|
-
assert_equal
|
|
27
|
+
assert_equal "my_foobar", @klass.foobar("my_foobar")
|
|
28
|
+
assert_equal "my_foobar", @klass.foobar
|
|
27
29
|
|
|
28
|
-
assert_equal
|
|
29
|
-
assert_equal
|
|
30
|
+
assert_equal "my_new_foobar", @klass.foobar("my_new_foobar")
|
|
31
|
+
assert_equal "my_new_foobar", @klass.foobar
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def test_subclass_rw_config_write
|
|
33
|
-
assert_equal
|
|
34
|
-
assert_equal
|
|
35
|
+
assert_equal "subklass_foobar", @subklass.foobar("subklass_foobar")
|
|
36
|
+
assert_equal "default_foobar", @klass.foobar
|
|
35
37
|
end
|
|
36
38
|
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
4
|
+
|
|
5
|
+
::ActiveSupport::Deprecation.silence do
|
|
6
|
+
require "authlogic/crypto_providers/wordpress"
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
module CryptoProviderTest
|
|
10
|
+
class WordpressTest < ActiveSupport::TestCase
|
|
11
|
+
def test_matches
|
|
12
|
+
plain = "banana"
|
|
13
|
+
salt = "aaa"
|
|
14
|
+
crypted = "xxx0nope"
|
|
15
|
+
# I couldn't figure out how to even execute this method without it
|
|
16
|
+
# crashing. Maybe, when Jeffry wrote it in 2009, `Digest::MD5.digest`
|
|
17
|
+
# worked differently. He was probably using ruby 1.9 back then.
|
|
18
|
+
# Given that I can't even figure out how to run it, and for all the other
|
|
19
|
+
# reasons I've given in `wordpress.rb`, I'm just going to deprecate
|
|
20
|
+
# the whole file. -Jared 2018-04-09
|
|
21
|
+
assert_raises(NoMethodError) {
|
|
22
|
+
Authlogic::CryptoProviders::Wordpress.matches?(crypted, plain, salt)
|
|
23
|
+
}
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
data/test/fixtures/companies.yml
CHANGED
data/test/fixtures/employees.yml
CHANGED
|
@@ -6,7 +6,7 @@ drew:
|
|
|
6
6
|
persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
|
|
7
7
|
first_name: Drew
|
|
8
8
|
last_name: Gainor
|
|
9
|
-
|
|
9
|
+
|
|
10
10
|
jennifer:
|
|
11
11
|
company: logic_over_data
|
|
12
12
|
email: jjohnson@logicoverdata.com
|
data/test/i18n_test.rb
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
class I18nTest < ActiveSupport::TestCase
|
|
4
6
|
def test_uses_authlogic_as_scope_by_default
|
|
@@ -6,8 +8,8 @@ class I18nTest < ActiveSupport::TestCase
|
|
|
6
8
|
end
|
|
7
9
|
|
|
8
10
|
def test_can_set_scope
|
|
9
|
-
assert_nothing_raised { Authlogic::I18n.scope = [
|
|
10
|
-
assert_equal [
|
|
11
|
+
assert_nothing_raised { Authlogic::I18n.scope = %i[a b] }
|
|
12
|
+
assert_equal %i[a b], Authlogic::I18n.scope
|
|
11
13
|
Authlogic::I18n.scope = :authlogic
|
|
12
14
|
end
|
|
13
15
|
|
|
@@ -20,7 +22,7 @@ class I18nTest < ActiveSupport::TestCase
|
|
|
20
22
|
|
|
21
23
|
assert_nothing_raised do
|
|
22
24
|
Authlogic::I18n.translator = Class.new do
|
|
23
|
-
def translate(key,
|
|
25
|
+
def translate(key, _options = {})
|
|
24
26
|
"Translated: #{key}"
|
|
25
27
|
end
|
|
26
28
|
end.new
|
data/test/libs/affiliate.rb
CHANGED
data/test/libs/company.rb
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
class Company < ActiveRecord::Base
|
|
2
4
|
authenticates_many :employee_sessions
|
|
3
5
|
authenticates_many :user_sessions, scope_cookies: true
|
|
4
|
-
has_many :employees, :
|
|
5
|
-
has_many :users, :
|
|
6
|
+
has_many :employees, dependent: :destroy
|
|
7
|
+
has_many :users, dependent: :destroy
|
|
6
8
|
end
|
data/test/libs/employee.rb
CHANGED
data/test/libs/ldaper.rb
CHANGED
data/test/libs/project.rb
CHANGED
data/test/libs/user.rb
CHANGED
data/test/libs/user_session.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
class UserSession < Authlogic::Session::Base
|
|
2
4
|
end
|
|
3
5
|
|
|
@@ -15,11 +17,11 @@ class WackyUserSession < Authlogic::Session::Base
|
|
|
15
17
|
|
|
16
18
|
def persist_by_false
|
|
17
19
|
self.counter += 1
|
|
18
|
-
|
|
20
|
+
false
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
def persist_by_true
|
|
22
24
|
self.counter += 1
|
|
23
|
-
|
|
25
|
+
true
|
|
24
26
|
end
|
|
25
27
|
end
|
data/test/random_test.rb
CHANGED
|
@@ -1,43 +1,15 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
class RandomTest < ActiveSupport::TestCase
|
|
4
|
-
def
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
assert_not_equal Authlogic::Random.hex_token, Authlogic::Random.hex_token
|
|
8
|
-
assert_not_equal Authlogic::Random.friendly_token, Authlogic::Random.friendly_token
|
|
9
|
-
end
|
|
6
|
+
def test_that_hex_tokens_are_unique
|
|
7
|
+
tokens = Array.new(100) { Authlogic::Random.hex_token }
|
|
8
|
+
assert_equal tokens.size, tokens.uniq.size
|
|
10
9
|
end
|
|
11
10
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def with_secure_random_enabled(enabled = true)
|
|
19
|
-
# can't really test SecureRandom if we don't have an implementation
|
|
20
|
-
return if enabled && !Authlogic::Random::SecureRandom
|
|
21
|
-
|
|
22
|
-
current_sec_rand = Authlogic::Random::SecureRandom
|
|
23
|
-
reload_authlogic_with_sec_random!(current_sec_rand, enabled)
|
|
24
|
-
|
|
25
|
-
yield
|
|
26
|
-
ensure
|
|
27
|
-
reload_authlogic_with_sec_random!(current_sec_rand)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def reload_authlogic_with_sec_random!(secure_random, enabled = true)
|
|
31
|
-
silence_warnings do
|
|
32
|
-
secure_random.parent.const_set(secure_random.name.sub("#{secure_random.parent}::", ''), enabled ? secure_random : nil)
|
|
33
|
-
load(File.dirname(__FILE__) + '/../lib/authlogic/random.rb')
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def silence_warnings
|
|
38
|
-
old_verbose, $VERBOSE = $VERBOSE, nil
|
|
39
|
-
yield
|
|
40
|
-
ensure
|
|
41
|
-
$VERBOSE = old_verbose
|
|
42
|
-
end
|
|
11
|
+
def test_that_friendly_tokens_are_unique
|
|
12
|
+
tokens = Array.new(100) { Authlogic::Random.friendly_token }
|
|
13
|
+
assert_equal tokens.size, tokens.uniq.size
|
|
14
|
+
end
|
|
43
15
|
end
|
|
@@ -1,9 +1,12 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module ActiveRecordTrickeryTest
|
|
5
7
|
class ClassMethodsTest < ActiveSupport::TestCase
|
|
6
|
-
|
|
8
|
+
# If test_human_name is executed after test_i18n_of_human_name the test will fail.
|
|
9
|
+
i_suck_and_my_tests_are_order_dependent!
|
|
7
10
|
|
|
8
11
|
def test_human_attribute_name
|
|
9
12
|
assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
|
|
@@ -15,12 +18,12 @@ module SessionTest
|
|
|
15
18
|
end
|
|
16
19
|
|
|
17
20
|
def test_i18n_of_human_name
|
|
18
|
-
I18n.backend.store_translations
|
|
21
|
+
I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
|
|
19
22
|
assert_equal "MySession", UserSession.human_name
|
|
20
23
|
end
|
|
21
24
|
|
|
22
25
|
def test_i18n_of_model_name_human
|
|
23
|
-
I18n.backend.store_translations
|
|
26
|
+
I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
|
|
24
27
|
assert_equal "MySession", UserSession.model_name.human
|
|
25
28
|
end
|
|
26
29
|
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module BruteForceProtectionTest
|
|
@@ -25,7 +27,7 @@ module SessionTest
|
|
|
25
27
|
ben = users(:ben)
|
|
26
28
|
ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
|
|
27
29
|
assert ben.save
|
|
28
|
-
session = UserSession.create(:
|
|
30
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
29
31
|
refute session.new_session?
|
|
30
32
|
end
|
|
31
33
|
|
|
@@ -33,7 +35,7 @@ module SessionTest
|
|
|
33
35
|
ben = users(:ben)
|
|
34
36
|
ben.failed_login_count = UserSession.consecutive_failed_logins_limit
|
|
35
37
|
assert ben.save
|
|
36
|
-
session = UserSession.create(:
|
|
38
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
37
39
|
assert session.new_session?
|
|
38
40
|
assert UserSession.create(ben).new_session?
|
|
39
41
|
ben.reload
|
|
@@ -46,13 +48,13 @@ module SessionTest
|
|
|
46
48
|
ben = users(:ben)
|
|
47
49
|
|
|
48
50
|
2.times do |i|
|
|
49
|
-
session = UserSession.new(:
|
|
51
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
50
52
|
refute session.save
|
|
51
53
|
refute session.errors[:password].empty?
|
|
52
54
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
53
55
|
end
|
|
54
56
|
|
|
55
|
-
session = UserSession.new(:
|
|
57
|
+
session = UserSession.new(login: ben.login, password: "badpassword2")
|
|
56
58
|
refute session.save
|
|
57
59
|
assert session.errors[:password].empty?
|
|
58
60
|
assert_equal 3, ben.reload.failed_login_count
|
|
@@ -66,7 +68,7 @@ module SessionTest
|
|
|
66
68
|
ben = users(:ben)
|
|
67
69
|
|
|
68
70
|
2.times do |i|
|
|
69
|
-
session = UserSession.new(:
|
|
71
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
70
72
|
refute session.save
|
|
71
73
|
assert session.invalid_password?
|
|
72
74
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
@@ -75,7 +77,7 @@ module SessionTest
|
|
|
75
77
|
ActiveRecord::Base.connection.execute(
|
|
76
78
|
"update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
|
|
77
79
|
)
|
|
78
|
-
session = UserSession.new(:
|
|
80
|
+
session = UserSession.new(login: ben.login, password: "benrocks")
|
|
79
81
|
assert session.save
|
|
80
82
|
assert_equal 0, ben.reload.failed_login_count
|
|
81
83
|
|
|
@@ -88,7 +90,7 @@ module SessionTest
|
|
|
88
90
|
ben = users(:ben)
|
|
89
91
|
|
|
90
92
|
2.times do |i|
|
|
91
|
-
session = UserSession.new(:
|
|
93
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
92
94
|
refute session.save
|
|
93
95
|
refute session.errors[:password].empty?
|
|
94
96
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
@@ -97,7 +99,7 @@ module SessionTest
|
|
|
97
99
|
ActiveRecord::Base.connection.execute(
|
|
98
100
|
"update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
|
|
99
101
|
)
|
|
100
|
-
session = UserSession.new(:
|
|
102
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
101
103
|
refute session.save
|
|
102
104
|
assert_equal 1, ben.reload.failed_login_count
|
|
103
105
|
|
|
@@ -1,9 +1,11 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class CallbacksTest < ActiveSupport::TestCase
|
|
5
7
|
def setup
|
|
6
|
-
|
|
8
|
+
WackyUserSession.reset_callbacks(:persist)
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
def test_no_callbacks
|
|
@@ -15,7 +17,10 @@ module SessionTest
|
|
|
15
17
|
|
|
16
18
|
def test_true_callback_cancelling_later_callbacks
|
|
17
19
|
WackyUserSession.persist :persist_by_true, :persist_by_false
|
|
18
|
-
assert_equal
|
|
20
|
+
assert_equal(
|
|
21
|
+
%i[persist_by_true persist_by_false],
|
|
22
|
+
WackyUserSession._persist_callbacks.map(&:filter)
|
|
23
|
+
)
|
|
19
24
|
|
|
20
25
|
session = WackyUserSession.new
|
|
21
26
|
session.send(:persist)
|
|
@@ -24,7 +29,10 @@ module SessionTest
|
|
|
24
29
|
|
|
25
30
|
def test_false_callback_continuing_to_later_callbacks
|
|
26
31
|
WackyUserSession.persist :persist_by_false, :persist_by_true
|
|
27
|
-
assert_equal
|
|
32
|
+
assert_equal(
|
|
33
|
+
%i[persist_by_false persist_by_true],
|
|
34
|
+
WackyUserSession._persist_callbacks.map(&:filter)
|
|
35
|
+
)
|
|
28
36
|
|
|
29
37
|
session = WackyUserSession.new
|
|
30
38
|
session.send(:persist)
|