authlogic 3.8.0 → 4.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +28 -0
- data/.github/ISSUE_TEMPLATE/feature_proposal.md +32 -0
- data/.github/triage.md +86 -0
- data/.gitignore +4 -3
- data/.rubocop.yml +109 -9
- data/.rubocop_todo.yml +38 -355
- data/.travis.yml +11 -35
- data/CHANGELOG.md +345 -2
- data/CONTRIBUTING.md +45 -14
- data/Gemfile +3 -2
- data/README.md +244 -90
- data/Rakefile +10 -10
- data/UPGRADING.md +22 -0
- data/authlogic.gemspec +34 -21
- data/doc/use_normal_rails_validation.md +82 -0
- data/gemfiles/Gemfile.rails-4.2.x +6 -0
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.1.x +2 -2
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.2.x +2 -2
- data/lib/authlogic/acts_as_authentic/base.rb +36 -24
- data/lib/authlogic/acts_as_authentic/email.rb +65 -31
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +14 -9
- data/lib/authlogic/acts_as_authentic/login.rb +61 -45
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +6 -6
- data/lib/authlogic/acts_as_authentic/password.rb +267 -146
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +24 -19
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -15
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +50 -14
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +88 -60
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +23 -11
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +9 -6
- data/lib/authlogic/authenticates_many/association.rb +7 -7
- data/lib/authlogic/authenticates_many/base.rb +37 -21
- data/lib/authlogic/config.rb +21 -10
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +38 -11
- data/lib/authlogic/controller_adapters/rack_adapter.rb +9 -5
- data/lib/authlogic/controller_adapters/rails_adapter.rb +12 -7
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +2 -2
- data/lib/authlogic/crypto_providers/aes256.rb +37 -32
- data/lib/authlogic/crypto_providers/bcrypt.rb +21 -15
- data/lib/authlogic/crypto_providers/md5.rb +4 -2
- data/lib/authlogic/crypto_providers/scrypt.rb +22 -17
- data/lib/authlogic/crypto_providers/sha1.rb +11 -5
- data/lib/authlogic/crypto_providers/sha256.rb +13 -9
- data/lib/authlogic/crypto_providers/sha512.rb +0 -21
- data/lib/authlogic/crypto_providers/wordpress.rb +32 -3
- data/lib/authlogic/crypto_providers.rb +91 -0
- data/lib/authlogic/i18n.rb +26 -19
- data/lib/authlogic/random.rb +10 -28
- data/lib/authlogic/regex.rb +59 -28
- data/lib/authlogic/session/activation.rb +10 -7
- data/lib/authlogic/session/active_record_trickery.rb +13 -9
- data/lib/authlogic/session/base.rb +15 -4
- data/lib/authlogic/session/brute_force_protection.rb +40 -33
- data/lib/authlogic/session/callbacks.rb +94 -46
- data/lib/authlogic/session/cookies.rb +130 -45
- data/lib/authlogic/session/existence.rb +21 -11
- data/lib/authlogic/session/foundation.rb +64 -14
- data/lib/authlogic/session/http_auth.rb +35 -28
- data/lib/authlogic/session/id.rb +9 -4
- data/lib/authlogic/session/klass.rb +15 -12
- data/lib/authlogic/session/magic_columns.rb +58 -55
- data/lib/authlogic/session/magic_states.rb +25 -19
- data/lib/authlogic/session/params.rb +42 -28
- data/lib/authlogic/session/password.rb +130 -120
- data/lib/authlogic/session/perishable_token.rb +5 -4
- data/lib/authlogic/session/persistence.rb +18 -12
- data/lib/authlogic/session/priority_record.rb +15 -12
- data/lib/authlogic/session/scopes.rb +51 -32
- data/lib/authlogic/session/session.rb +38 -28
- data/lib/authlogic/session/timeout.rb +13 -13
- data/lib/authlogic/session/unauthorized_record.rb +18 -13
- data/lib/authlogic/session/validation.rb +9 -9
- data/lib/authlogic/test_case/mock_controller.rb +5 -4
- data/lib/authlogic/test_case/mock_cookie_jar.rb +47 -3
- data/lib/authlogic/test_case/mock_request.rb +6 -3
- data/lib/authlogic/test_case/rails_request_adapter.rb +3 -2
- data/lib/authlogic/test_case.rb +70 -2
- data/lib/authlogic/version.rb +21 -0
- data/lib/authlogic.rb +51 -49
- data/test/acts_as_authentic_test/base_test.rb +3 -1
- data/test/acts_as_authentic_test/email_test.rb +43 -42
- data/test/acts_as_authentic_test/logged_in_status_test.rb +6 -4
- data/test/acts_as_authentic_test/login_test.rb +77 -80
- data/test/acts_as_authentic_test/magic_columns_test.rb +3 -1
- data/test/acts_as_authentic_test/password_test.rb +51 -37
- data/test/acts_as_authentic_test/perishable_token_test.rb +13 -5
- data/test/acts_as_authentic_test/persistence_token_test.rb +7 -1
- data/test/acts_as_authentic_test/restful_authentication_test.rb +14 -3
- data/test/acts_as_authentic_test/session_maintenance_test.rb +69 -15
- data/test/acts_as_authentic_test/single_access_test.rb +3 -1
- data/test/adapter_test.rb +23 -0
- data/test/authenticates_many_test.rb +3 -1
- data/test/config_test.rb +11 -9
- data/test/crypto_provider_test/aes256_test.rb +3 -1
- data/test/crypto_provider_test/bcrypt_test.rb +3 -1
- data/test/crypto_provider_test/scrypt_test.rb +3 -1
- data/test/crypto_provider_test/sha1_test.rb +3 -1
- data/test/crypto_provider_test/sha256_test.rb +3 -1
- data/test/crypto_provider_test/sha512_test.rb +3 -1
- data/test/crypto_provider_test/wordpress_test.rb +26 -0
- data/test/fixtures/companies.yml +2 -2
- data/test/fixtures/employees.yml +1 -1
- data/test/i18n_test.rb +6 -4
- data/test/libs/affiliate.rb +2 -0
- data/test/libs/company.rb +4 -2
- data/test/libs/employee.rb +2 -0
- data/test/libs/employee_session.rb +2 -0
- data/test/libs/ldaper.rb +2 -0
- data/test/libs/project.rb +2 -0
- data/test/libs/user.rb +2 -0
- data/test/libs/user_session.rb +4 -2
- data/test/random_test.rb +10 -38
- data/test/session_test/activation_test.rb +3 -1
- data/test/session_test/active_record_trickery_test.rb +7 -4
- data/test/session_test/brute_force_protection_test.rb +11 -9
- data/test/session_test/callbacks_test.rb +12 -4
- data/test/session_test/cookies_test.rb +48 -5
- data/test/session_test/existence_test.rb +18 -5
- data/test/session_test/foundation_test.rb +19 -1
- data/test/session_test/http_auth_test.rb +11 -7
- data/test/session_test/id_test.rb +3 -1
- data/test/session_test/klass_test.rb +3 -1
- data/test/session_test/magic_columns_test.rb +13 -13
- data/test/session_test/magic_states_test.rb +3 -1
- data/test/session_test/params_test.rb +13 -5
- data/test/session_test/password_test.rb +10 -8
- data/test/session_test/perishability_test.rb +3 -1
- data/test/session_test/persistence_test.rb +4 -1
- data/test/session_test/scopes_test.rb +16 -8
- data/test/session_test/session_test.rb +6 -4
- data/test/session_test/timeout_test.rb +4 -2
- data/test/session_test/unauthorized_record_test.rb +4 -2
- data/test/session_test/validation_test.rb +3 -1
- data/test/test_helper.rb +84 -45
- metadata +87 -73
- data/.github/ISSUE_TEMPLATE.md +0 -13
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-5.0.x +0 -6
|
@@ -1,7 +1,18 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module ActsAsAuthenticTest
|
|
4
6
|
class RestfulAuthenticationTest < ActiveSupport::TestCase
|
|
7
|
+
def setup
|
|
8
|
+
@old_deprecation_behavior = ::ActiveSupport::Deprecation.behavior
|
|
9
|
+
::ActiveSupport::Deprecation.behavior = :silence
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def teardown
|
|
13
|
+
::ActiveSupport::Deprecation.behavior = @old_deprecation_behavior
|
|
14
|
+
end
|
|
15
|
+
|
|
5
16
|
def test_act_like_restful_authentication_config
|
|
6
17
|
refute User.act_like_restful_authentication
|
|
7
18
|
refute Employee.act_like_restful_authentication
|
|
@@ -10,7 +21,7 @@ module ActsAsAuthenticTest
|
|
|
10
21
|
assert User.act_like_restful_authentication
|
|
11
22
|
assert_equal Authlogic::CryptoProviders::Sha1, User.crypto_provider
|
|
12
23
|
assert defined?(::REST_AUTH_SITE_KEY)
|
|
13
|
-
assert_equal
|
|
24
|
+
assert_equal "", ::REST_AUTH_SITE_KEY
|
|
14
25
|
assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
|
|
15
26
|
|
|
16
27
|
User.act_like_restful_authentication false
|
|
@@ -27,7 +38,7 @@ module ActsAsAuthenticTest
|
|
|
27
38
|
User.transition_from_restful_authentication = true
|
|
28
39
|
assert User.transition_from_restful_authentication
|
|
29
40
|
assert defined?(::REST_AUTH_SITE_KEY)
|
|
30
|
-
assert_equal
|
|
41
|
+
assert_equal "", ::REST_AUTH_SITE_KEY
|
|
31
42
|
assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
|
|
32
43
|
|
|
33
44
|
User.transition_from_restful_authentication false
|
|
@@ -1,24 +1,62 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module ActsAsAuthenticTest
|
|
4
6
|
class SessionMaintenanceTest < ActiveSupport::TestCase
|
|
5
|
-
def
|
|
6
|
-
|
|
7
|
-
User.
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
7
|
+
def setup
|
|
8
|
+
User.log_in_after_create = true
|
|
9
|
+
User.log_in_after_password_change = true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def test_log_in_after_create_config
|
|
13
|
+
assert User.log_in_after_create
|
|
14
|
+
User.log_in_after_create = false
|
|
15
|
+
refute User.log_in_after_create
|
|
16
|
+
User.log_in_after_create = true
|
|
17
|
+
assert User.log_in_after_create
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def test_log_in_after_password_change_config
|
|
21
|
+
assert User.log_in_after_password_change
|
|
22
|
+
User.log_in_after_password_change = false
|
|
23
|
+
refute User.log_in_after_password_change
|
|
24
|
+
User.log_in_after_password_change = true
|
|
25
|
+
assert User.log_in_after_password_change
|
|
11
26
|
end
|
|
12
27
|
|
|
13
28
|
def test_login_after_create
|
|
29
|
+
User.log_in_after_create = true
|
|
14
30
|
user = User.create(
|
|
15
|
-
:
|
|
16
|
-
:
|
|
17
|
-
:
|
|
18
|
-
:
|
|
31
|
+
login: "awesome",
|
|
32
|
+
password: "saweeeet",
|
|
33
|
+
password_confirmation: "saweeeet",
|
|
34
|
+
email: "awesome@awesome.com"
|
|
19
35
|
)
|
|
20
36
|
assert user.persisted?
|
|
21
37
|
assert UserSession.find
|
|
38
|
+
logged_in_user = UserSession.find.user
|
|
39
|
+
assert_equal logged_in_user, user
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def test_no_login_after_create
|
|
43
|
+
old_user = User.create(
|
|
44
|
+
login: "awesome",
|
|
45
|
+
password: "saweeeet",
|
|
46
|
+
password_confirmation: "saweeeet",
|
|
47
|
+
email: "awesome@awesome.com"
|
|
48
|
+
)
|
|
49
|
+
User.log_in_after_create = false
|
|
50
|
+
user2 = User.create(
|
|
51
|
+
login: "awesome2",
|
|
52
|
+
password: "saweeeet2",
|
|
53
|
+
password_confirmation: "saweeeet2",
|
|
54
|
+
email: "awesome2@awesome.com"
|
|
55
|
+
)
|
|
56
|
+
assert user2.persisted?
|
|
57
|
+
logged_in_user = UserSession.find.user
|
|
58
|
+
assert_not_equal logged_in_user, user2
|
|
59
|
+
assert_equal logged_in_user, old_user
|
|
22
60
|
end
|
|
23
61
|
|
|
24
62
|
def test_updating_session_with_failed_magic_state
|
|
@@ -30,6 +68,7 @@ module ActsAsAuthenticTest
|
|
|
30
68
|
end
|
|
31
69
|
|
|
32
70
|
def test_update_session_after_password_modify
|
|
71
|
+
User.log_in_after_password_change = true
|
|
33
72
|
ben = users(:ben)
|
|
34
73
|
UserSession.create(ben)
|
|
35
74
|
old_session_key = controller.session["user_credentials"]
|
|
@@ -43,6 +82,21 @@ module ActsAsAuthenticTest
|
|
|
43
82
|
assert_not_equal controller.cookies["user_credentials"], old_cookie_key
|
|
44
83
|
end
|
|
45
84
|
|
|
85
|
+
def test_no_update_session_after_password_modify
|
|
86
|
+
User.log_in_after_password_change = false
|
|
87
|
+
ben = users(:ben)
|
|
88
|
+
UserSession.create(ben)
|
|
89
|
+
old_session_key = controller.session["user_credentials"]
|
|
90
|
+
old_cookie_key = controller.cookies["user_credentials"]
|
|
91
|
+
ben.password = "newpasswd"
|
|
92
|
+
ben.password_confirmation = "newpasswd"
|
|
93
|
+
assert ben.save
|
|
94
|
+
assert controller.session["user_credentials"]
|
|
95
|
+
assert controller.cookies["user_credentials"]
|
|
96
|
+
assert_equal controller.session["user_credentials"], old_session_key
|
|
97
|
+
assert_equal controller.cookies["user_credentials"], old_cookie_key
|
|
98
|
+
end
|
|
99
|
+
|
|
46
100
|
def test_no_session_update_after_modify
|
|
47
101
|
ben = users(:ben)
|
|
48
102
|
UserSession.create(ben)
|
|
@@ -60,10 +114,10 @@ module ActsAsAuthenticTest
|
|
|
60
114
|
old_session_key = controller.session["user_credentials"]
|
|
61
115
|
old_cookie_key = controller.cookies["user_credentials"]
|
|
62
116
|
user = User.create(
|
|
63
|
-
:
|
|
64
|
-
:
|
|
65
|
-
:
|
|
66
|
-
:
|
|
117
|
+
login: "awesome",
|
|
118
|
+
password: "saweet", # Password is too short, user invalid
|
|
119
|
+
password_confirmation: "saweet",
|
|
120
|
+
email: "awesome@saweet.com"
|
|
67
121
|
)
|
|
68
122
|
refute user.persisted?
|
|
69
123
|
assert_equal controller.session["user_credentials"], old_session_key
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
4
|
+
|
|
5
|
+
module Authlogic
|
|
6
|
+
module ControllerAdapters
|
|
7
|
+
class AbstractAdapterTest < ActiveSupport::TestCase
|
|
8
|
+
def test_controller
|
|
9
|
+
controller = Class.new(MockController) do
|
|
10
|
+
def controller.an_arbitrary_method
|
|
11
|
+
"bar"
|
|
12
|
+
end
|
|
13
|
+
end.new
|
|
14
|
+
adapter = Authlogic::ControllerAdapters::AbstractAdapter.new(controller)
|
|
15
|
+
|
|
16
|
+
assert_equal controller, adapter.controller
|
|
17
|
+
assert controller.params.equal?(adapter.params)
|
|
18
|
+
assert adapter.respond_to?(:an_arbitrary_method)
|
|
19
|
+
assert_equal "bar", adapter.an_arbitrary_method
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
data/test/config_test.rb
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
class ConfigTest < ActiveSupport::TestCase
|
|
4
6
|
def setup
|
|
@@ -6,7 +8,7 @@ class ConfigTest < ActiveSupport::TestCase
|
|
|
6
8
|
extend Authlogic::Config
|
|
7
9
|
|
|
8
10
|
def self.foobar(value = nil)
|
|
9
|
-
rw_config(:foobar_field, value,
|
|
11
|
+
rw_config(:foobar_field, value, "default_foobar")
|
|
10
12
|
end
|
|
11
13
|
}
|
|
12
14
|
|
|
@@ -18,19 +20,19 @@ class ConfigTest < ActiveSupport::TestCase
|
|
|
18
20
|
end
|
|
19
21
|
|
|
20
22
|
def test_rw_config_read_with_default
|
|
21
|
-
assert
|
|
23
|
+
assert "default_foobar", @klass.foobar
|
|
22
24
|
end
|
|
23
25
|
|
|
24
26
|
def test_rw_config_write
|
|
25
|
-
assert_equal
|
|
26
|
-
assert_equal
|
|
27
|
+
assert_equal "my_foobar", @klass.foobar("my_foobar")
|
|
28
|
+
assert_equal "my_foobar", @klass.foobar
|
|
27
29
|
|
|
28
|
-
assert_equal
|
|
29
|
-
assert_equal
|
|
30
|
+
assert_equal "my_new_foobar", @klass.foobar("my_new_foobar")
|
|
31
|
+
assert_equal "my_new_foobar", @klass.foobar
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def test_subclass_rw_config_write
|
|
33
|
-
assert_equal
|
|
34
|
-
assert_equal
|
|
35
|
+
assert_equal "subklass_foobar", @subklass.foobar("subklass_foobar")
|
|
36
|
+
assert_equal "default_foobar", @klass.foobar
|
|
35
37
|
end
|
|
36
38
|
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
4
|
+
|
|
5
|
+
::ActiveSupport::Deprecation.silence do
|
|
6
|
+
require "authlogic/crypto_providers/wordpress"
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
module CryptoProviderTest
|
|
10
|
+
class WordpressTest < ActiveSupport::TestCase
|
|
11
|
+
def test_matches
|
|
12
|
+
plain = "banana"
|
|
13
|
+
salt = "aaa"
|
|
14
|
+
crypted = "xxx0nope"
|
|
15
|
+
# I couldn't figure out how to even execute this method without it
|
|
16
|
+
# crashing. Maybe, when Jeffry wrote it in 2009, `Digest::MD5.digest`
|
|
17
|
+
# worked differently. He was probably using ruby 1.9 back then.
|
|
18
|
+
# Given that I can't even figure out how to run it, and for all the other
|
|
19
|
+
# reasons I've given in `wordpress.rb`, I'm just going to deprecate
|
|
20
|
+
# the whole file. -Jared 2018-04-09
|
|
21
|
+
assert_raises(NoMethodError) {
|
|
22
|
+
Authlogic::CryptoProviders::Wordpress.matches?(crypted, plain, salt)
|
|
23
|
+
}
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
data/test/fixtures/companies.yml
CHANGED
data/test/fixtures/employees.yml
CHANGED
|
@@ -6,7 +6,7 @@ drew:
|
|
|
6
6
|
persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
|
|
7
7
|
first_name: Drew
|
|
8
8
|
last_name: Gainor
|
|
9
|
-
|
|
9
|
+
|
|
10
10
|
jennifer:
|
|
11
11
|
company: logic_over_data
|
|
12
12
|
email: jjohnson@logicoverdata.com
|
data/test/i18n_test.rb
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
class I18nTest < ActiveSupport::TestCase
|
|
4
6
|
def test_uses_authlogic_as_scope_by_default
|
|
@@ -6,8 +8,8 @@ class I18nTest < ActiveSupport::TestCase
|
|
|
6
8
|
end
|
|
7
9
|
|
|
8
10
|
def test_can_set_scope
|
|
9
|
-
assert_nothing_raised { Authlogic::I18n.scope = [
|
|
10
|
-
assert_equal [
|
|
11
|
+
assert_nothing_raised { Authlogic::I18n.scope = %i[a b] }
|
|
12
|
+
assert_equal %i[a b], Authlogic::I18n.scope
|
|
11
13
|
Authlogic::I18n.scope = :authlogic
|
|
12
14
|
end
|
|
13
15
|
|
|
@@ -20,7 +22,7 @@ class I18nTest < ActiveSupport::TestCase
|
|
|
20
22
|
|
|
21
23
|
assert_nothing_raised do
|
|
22
24
|
Authlogic::I18n.translator = Class.new do
|
|
23
|
-
def translate(key,
|
|
25
|
+
def translate(key, _options = {})
|
|
24
26
|
"Translated: #{key}"
|
|
25
27
|
end
|
|
26
28
|
end.new
|
data/test/libs/affiliate.rb
CHANGED
data/test/libs/company.rb
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
class Company < ActiveRecord::Base
|
|
2
4
|
authenticates_many :employee_sessions
|
|
3
5
|
authenticates_many :user_sessions, scope_cookies: true
|
|
4
|
-
has_many :employees, :
|
|
5
|
-
has_many :users, :
|
|
6
|
+
has_many :employees, dependent: :destroy
|
|
7
|
+
has_many :users, dependent: :destroy
|
|
6
8
|
end
|
data/test/libs/employee.rb
CHANGED
data/test/libs/ldaper.rb
CHANGED
data/test/libs/project.rb
CHANGED
data/test/libs/user.rb
CHANGED
data/test/libs/user_session.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
class UserSession < Authlogic::Session::Base
|
|
2
4
|
end
|
|
3
5
|
|
|
@@ -15,11 +17,11 @@ class WackyUserSession < Authlogic::Session::Base
|
|
|
15
17
|
|
|
16
18
|
def persist_by_false
|
|
17
19
|
self.counter += 1
|
|
18
|
-
|
|
20
|
+
false
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
def persist_by_true
|
|
22
24
|
self.counter += 1
|
|
23
|
-
|
|
25
|
+
true
|
|
24
26
|
end
|
|
25
27
|
end
|
data/test/random_test.rb
CHANGED
|
@@ -1,43 +1,15 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
class RandomTest < ActiveSupport::TestCase
|
|
4
|
-
def
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
assert_not_equal Authlogic::Random.hex_token, Authlogic::Random.hex_token
|
|
8
|
-
assert_not_equal Authlogic::Random.friendly_token, Authlogic::Random.friendly_token
|
|
9
|
-
end
|
|
6
|
+
def test_that_hex_tokens_are_unique
|
|
7
|
+
tokens = Array.new(100) { Authlogic::Random.hex_token }
|
|
8
|
+
assert_equal tokens.size, tokens.uniq.size
|
|
10
9
|
end
|
|
11
10
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def with_secure_random_enabled(enabled = true)
|
|
19
|
-
# can't really test SecureRandom if we don't have an implementation
|
|
20
|
-
return if enabled && !Authlogic::Random::SecureRandom
|
|
21
|
-
|
|
22
|
-
current_sec_rand = Authlogic::Random::SecureRandom
|
|
23
|
-
reload_authlogic_with_sec_random!(current_sec_rand, enabled)
|
|
24
|
-
|
|
25
|
-
yield
|
|
26
|
-
ensure
|
|
27
|
-
reload_authlogic_with_sec_random!(current_sec_rand)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def reload_authlogic_with_sec_random!(secure_random, enabled = true)
|
|
31
|
-
silence_warnings do
|
|
32
|
-
secure_random.parent.const_set(secure_random.name.sub("#{secure_random.parent}::", ''), enabled ? secure_random : nil)
|
|
33
|
-
load(File.dirname(__FILE__) + '/../lib/authlogic/random.rb')
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def silence_warnings
|
|
38
|
-
old_verbose, $VERBOSE = $VERBOSE, nil
|
|
39
|
-
yield
|
|
40
|
-
ensure
|
|
41
|
-
$VERBOSE = old_verbose
|
|
42
|
-
end
|
|
11
|
+
def test_that_friendly_tokens_are_unique
|
|
12
|
+
tokens = Array.new(100) { Authlogic::Random.friendly_token }
|
|
13
|
+
assert_equal tokens.size, tokens.uniq.size
|
|
14
|
+
end
|
|
43
15
|
end
|
|
@@ -1,9 +1,12 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module ActiveRecordTrickeryTest
|
|
5
7
|
class ClassMethodsTest < ActiveSupport::TestCase
|
|
6
|
-
|
|
8
|
+
# If test_human_name is executed after test_i18n_of_human_name the test will fail.
|
|
9
|
+
i_suck_and_my_tests_are_order_dependent!
|
|
7
10
|
|
|
8
11
|
def test_human_attribute_name
|
|
9
12
|
assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
|
|
@@ -15,12 +18,12 @@ module SessionTest
|
|
|
15
18
|
end
|
|
16
19
|
|
|
17
20
|
def test_i18n_of_human_name
|
|
18
|
-
I18n.backend.store_translations
|
|
21
|
+
I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
|
|
19
22
|
assert_equal "MySession", UserSession.human_name
|
|
20
23
|
end
|
|
21
24
|
|
|
22
25
|
def test_i18n_of_model_name_human
|
|
23
|
-
I18n.backend.store_translations
|
|
26
|
+
I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
|
|
24
27
|
assert_equal "MySession", UserSession.model_name.human
|
|
25
28
|
end
|
|
26
29
|
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module BruteForceProtectionTest
|
|
@@ -25,7 +27,7 @@ module SessionTest
|
|
|
25
27
|
ben = users(:ben)
|
|
26
28
|
ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
|
|
27
29
|
assert ben.save
|
|
28
|
-
session = UserSession.create(:
|
|
30
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
29
31
|
refute session.new_session?
|
|
30
32
|
end
|
|
31
33
|
|
|
@@ -33,7 +35,7 @@ module SessionTest
|
|
|
33
35
|
ben = users(:ben)
|
|
34
36
|
ben.failed_login_count = UserSession.consecutive_failed_logins_limit
|
|
35
37
|
assert ben.save
|
|
36
|
-
session = UserSession.create(:
|
|
38
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
37
39
|
assert session.new_session?
|
|
38
40
|
assert UserSession.create(ben).new_session?
|
|
39
41
|
ben.reload
|
|
@@ -46,13 +48,13 @@ module SessionTest
|
|
|
46
48
|
ben = users(:ben)
|
|
47
49
|
|
|
48
50
|
2.times do |i|
|
|
49
|
-
session = UserSession.new(:
|
|
51
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
50
52
|
refute session.save
|
|
51
53
|
refute session.errors[:password].empty?
|
|
52
54
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
53
55
|
end
|
|
54
56
|
|
|
55
|
-
session = UserSession.new(:
|
|
57
|
+
session = UserSession.new(login: ben.login, password: "badpassword2")
|
|
56
58
|
refute session.save
|
|
57
59
|
assert session.errors[:password].empty?
|
|
58
60
|
assert_equal 3, ben.reload.failed_login_count
|
|
@@ -66,7 +68,7 @@ module SessionTest
|
|
|
66
68
|
ben = users(:ben)
|
|
67
69
|
|
|
68
70
|
2.times do |i|
|
|
69
|
-
session = UserSession.new(:
|
|
71
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
70
72
|
refute session.save
|
|
71
73
|
assert session.invalid_password?
|
|
72
74
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
@@ -75,7 +77,7 @@ module SessionTest
|
|
|
75
77
|
ActiveRecord::Base.connection.execute(
|
|
76
78
|
"update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
|
|
77
79
|
)
|
|
78
|
-
session = UserSession.new(:
|
|
80
|
+
session = UserSession.new(login: ben.login, password: "benrocks")
|
|
79
81
|
assert session.save
|
|
80
82
|
assert_equal 0, ben.reload.failed_login_count
|
|
81
83
|
|
|
@@ -88,7 +90,7 @@ module SessionTest
|
|
|
88
90
|
ben = users(:ben)
|
|
89
91
|
|
|
90
92
|
2.times do |i|
|
|
91
|
-
session = UserSession.new(:
|
|
93
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
92
94
|
refute session.save
|
|
93
95
|
refute session.errors[:password].empty?
|
|
94
96
|
assert_equal i + 1, ben.reload.failed_login_count
|
|
@@ -97,7 +99,7 @@ module SessionTest
|
|
|
97
99
|
ActiveRecord::Base.connection.execute(
|
|
98
100
|
"update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
|
|
99
101
|
)
|
|
100
|
-
session = UserSession.new(:
|
|
102
|
+
session = UserSession.new(login: ben.login, password: "badpassword1")
|
|
101
103
|
refute session.save
|
|
102
104
|
assert_equal 1, ben.reload.failed_login_count
|
|
103
105
|
|
|
@@ -1,9 +1,11 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class CallbacksTest < ActiveSupport::TestCase
|
|
5
7
|
def setup
|
|
6
|
-
|
|
8
|
+
WackyUserSession.reset_callbacks(:persist)
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
def test_no_callbacks
|
|
@@ -15,7 +17,10 @@ module SessionTest
|
|
|
15
17
|
|
|
16
18
|
def test_true_callback_cancelling_later_callbacks
|
|
17
19
|
WackyUserSession.persist :persist_by_true, :persist_by_false
|
|
18
|
-
assert_equal
|
|
20
|
+
assert_equal(
|
|
21
|
+
%i[persist_by_true persist_by_false],
|
|
22
|
+
WackyUserSession._persist_callbacks.map(&:filter)
|
|
23
|
+
)
|
|
19
24
|
|
|
20
25
|
session = WackyUserSession.new
|
|
21
26
|
session.send(:persist)
|
|
@@ -24,7 +29,10 @@ module SessionTest
|
|
|
24
29
|
|
|
25
30
|
def test_false_callback_continuing_to_later_callbacks
|
|
26
31
|
WackyUserSession.persist :persist_by_false, :persist_by_true
|
|
27
|
-
assert_equal
|
|
32
|
+
assert_equal(
|
|
33
|
+
%i[persist_by_false persist_by_true],
|
|
34
|
+
WackyUserSession._persist_callbacks.map(&:filter)
|
|
35
|
+
)
|
|
28
36
|
|
|
29
37
|
session = WackyUserSession.new
|
|
30
38
|
session.send(:persist)
|