authlogic 3.8.0 → 4.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +28 -0
- data/.github/ISSUE_TEMPLATE/feature_proposal.md +32 -0
- data/.github/triage.md +86 -0
- data/.gitignore +4 -3
- data/.rubocop.yml +109 -9
- data/.rubocop_todo.yml +38 -355
- data/.travis.yml +11 -35
- data/CHANGELOG.md +345 -2
- data/CONTRIBUTING.md +45 -14
- data/Gemfile +3 -2
- data/README.md +244 -90
- data/Rakefile +10 -10
- data/UPGRADING.md +22 -0
- data/authlogic.gemspec +34 -21
- data/doc/use_normal_rails_validation.md +82 -0
- data/gemfiles/Gemfile.rails-4.2.x +6 -0
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.1.x +2 -2
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.2.x +2 -2
- data/lib/authlogic/acts_as_authentic/base.rb +36 -24
- data/lib/authlogic/acts_as_authentic/email.rb +65 -31
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +14 -9
- data/lib/authlogic/acts_as_authentic/login.rb +61 -45
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +6 -6
- data/lib/authlogic/acts_as_authentic/password.rb +267 -146
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +24 -19
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -15
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +50 -14
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +88 -60
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +23 -11
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +9 -6
- data/lib/authlogic/authenticates_many/association.rb +7 -7
- data/lib/authlogic/authenticates_many/base.rb +37 -21
- data/lib/authlogic/config.rb +21 -10
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +38 -11
- data/lib/authlogic/controller_adapters/rack_adapter.rb +9 -5
- data/lib/authlogic/controller_adapters/rails_adapter.rb +12 -7
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +2 -2
- data/lib/authlogic/crypto_providers/aes256.rb +37 -32
- data/lib/authlogic/crypto_providers/bcrypt.rb +21 -15
- data/lib/authlogic/crypto_providers/md5.rb +4 -2
- data/lib/authlogic/crypto_providers/scrypt.rb +22 -17
- data/lib/authlogic/crypto_providers/sha1.rb +11 -5
- data/lib/authlogic/crypto_providers/sha256.rb +13 -9
- data/lib/authlogic/crypto_providers/sha512.rb +0 -21
- data/lib/authlogic/crypto_providers/wordpress.rb +32 -3
- data/lib/authlogic/crypto_providers.rb +91 -0
- data/lib/authlogic/i18n.rb +26 -19
- data/lib/authlogic/random.rb +10 -28
- data/lib/authlogic/regex.rb +59 -28
- data/lib/authlogic/session/activation.rb +10 -7
- data/lib/authlogic/session/active_record_trickery.rb +13 -9
- data/lib/authlogic/session/base.rb +15 -4
- data/lib/authlogic/session/brute_force_protection.rb +40 -33
- data/lib/authlogic/session/callbacks.rb +94 -46
- data/lib/authlogic/session/cookies.rb +130 -45
- data/lib/authlogic/session/existence.rb +21 -11
- data/lib/authlogic/session/foundation.rb +64 -14
- data/lib/authlogic/session/http_auth.rb +35 -28
- data/lib/authlogic/session/id.rb +9 -4
- data/lib/authlogic/session/klass.rb +15 -12
- data/lib/authlogic/session/magic_columns.rb +58 -55
- data/lib/authlogic/session/magic_states.rb +25 -19
- data/lib/authlogic/session/params.rb +42 -28
- data/lib/authlogic/session/password.rb +130 -120
- data/lib/authlogic/session/perishable_token.rb +5 -4
- data/lib/authlogic/session/persistence.rb +18 -12
- data/lib/authlogic/session/priority_record.rb +15 -12
- data/lib/authlogic/session/scopes.rb +51 -32
- data/lib/authlogic/session/session.rb +38 -28
- data/lib/authlogic/session/timeout.rb +13 -13
- data/lib/authlogic/session/unauthorized_record.rb +18 -13
- data/lib/authlogic/session/validation.rb +9 -9
- data/lib/authlogic/test_case/mock_controller.rb +5 -4
- data/lib/authlogic/test_case/mock_cookie_jar.rb +47 -3
- data/lib/authlogic/test_case/mock_request.rb +6 -3
- data/lib/authlogic/test_case/rails_request_adapter.rb +3 -2
- data/lib/authlogic/test_case.rb +70 -2
- data/lib/authlogic/version.rb +21 -0
- data/lib/authlogic.rb +51 -49
- data/test/acts_as_authentic_test/base_test.rb +3 -1
- data/test/acts_as_authentic_test/email_test.rb +43 -42
- data/test/acts_as_authentic_test/logged_in_status_test.rb +6 -4
- data/test/acts_as_authentic_test/login_test.rb +77 -80
- data/test/acts_as_authentic_test/magic_columns_test.rb +3 -1
- data/test/acts_as_authentic_test/password_test.rb +51 -37
- data/test/acts_as_authentic_test/perishable_token_test.rb +13 -5
- data/test/acts_as_authentic_test/persistence_token_test.rb +7 -1
- data/test/acts_as_authentic_test/restful_authentication_test.rb +14 -3
- data/test/acts_as_authentic_test/session_maintenance_test.rb +69 -15
- data/test/acts_as_authentic_test/single_access_test.rb +3 -1
- data/test/adapter_test.rb +23 -0
- data/test/authenticates_many_test.rb +3 -1
- data/test/config_test.rb +11 -9
- data/test/crypto_provider_test/aes256_test.rb +3 -1
- data/test/crypto_provider_test/bcrypt_test.rb +3 -1
- data/test/crypto_provider_test/scrypt_test.rb +3 -1
- data/test/crypto_provider_test/sha1_test.rb +3 -1
- data/test/crypto_provider_test/sha256_test.rb +3 -1
- data/test/crypto_provider_test/sha512_test.rb +3 -1
- data/test/crypto_provider_test/wordpress_test.rb +26 -0
- data/test/fixtures/companies.yml +2 -2
- data/test/fixtures/employees.yml +1 -1
- data/test/i18n_test.rb +6 -4
- data/test/libs/affiliate.rb +2 -0
- data/test/libs/company.rb +4 -2
- data/test/libs/employee.rb +2 -0
- data/test/libs/employee_session.rb +2 -0
- data/test/libs/ldaper.rb +2 -0
- data/test/libs/project.rb +2 -0
- data/test/libs/user.rb +2 -0
- data/test/libs/user_session.rb +4 -2
- data/test/random_test.rb +10 -38
- data/test/session_test/activation_test.rb +3 -1
- data/test/session_test/active_record_trickery_test.rb +7 -4
- data/test/session_test/brute_force_protection_test.rb +11 -9
- data/test/session_test/callbacks_test.rb +12 -4
- data/test/session_test/cookies_test.rb +48 -5
- data/test/session_test/existence_test.rb +18 -5
- data/test/session_test/foundation_test.rb +19 -1
- data/test/session_test/http_auth_test.rb +11 -7
- data/test/session_test/id_test.rb +3 -1
- data/test/session_test/klass_test.rb +3 -1
- data/test/session_test/magic_columns_test.rb +13 -13
- data/test/session_test/magic_states_test.rb +3 -1
- data/test/session_test/params_test.rb +13 -5
- data/test/session_test/password_test.rb +10 -8
- data/test/session_test/perishability_test.rb +3 -1
- data/test/session_test/persistence_test.rb +4 -1
- data/test/session_test/scopes_test.rb +16 -8
- data/test/session_test/session_test.rb +6 -4
- data/test/session_test/timeout_test.rb +4 -2
- data/test/session_test/unauthorized_record_test.rb +4 -2
- data/test/session_test/validation_test.rb +3 -1
- data/test/test_helper.rb +84 -45
- metadata +87 -73
- data/.github/ISSUE_TEMPLATE.md +0 -13
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-5.0.x +0 -6
|
@@ -1,8 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module CookiesTest
|
|
5
|
-
class
|
|
7
|
+
class ConfigTest < ActiveSupport::TestCase
|
|
6
8
|
def test_cookie_key
|
|
7
9
|
UserSession.cookie_key = "my_cookie_key"
|
|
8
10
|
assert_equal "my_cookie_key", UserSession.cookie_key
|
|
@@ -43,7 +45,6 @@ module SessionTest
|
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
def test_secure
|
|
46
|
-
UserSession.secure = true
|
|
47
48
|
assert_equal true, UserSession.secure
|
|
48
49
|
session = UserSession.new
|
|
49
50
|
assert_equal true, session.secure
|
|
@@ -55,7 +56,6 @@ module SessionTest
|
|
|
55
56
|
end
|
|
56
57
|
|
|
57
58
|
def test_httponly
|
|
58
|
-
UserSession.httponly = true
|
|
59
59
|
assert_equal true, UserSession.httponly
|
|
60
60
|
session = UserSession.new
|
|
61
61
|
assert_equal true, session.httponly
|
|
@@ -66,6 +66,23 @@ module SessionTest
|
|
|
66
66
|
assert_equal false, session.httponly
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
+
def test_same_site
|
|
70
|
+
assert_nil UserSession.same_site
|
|
71
|
+
assert_nil UserSession.new.same_site
|
|
72
|
+
|
|
73
|
+
UserSession.same_site "Strict"
|
|
74
|
+
assert_equal "Strict", UserSession.same_site
|
|
75
|
+
session = UserSession.new
|
|
76
|
+
assert_equal "Strict", session.same_site
|
|
77
|
+
session.same_site = "Lax"
|
|
78
|
+
assert_equal "Lax", session.same_site
|
|
79
|
+
session.same_site = "None"
|
|
80
|
+
assert_equal "None", session.same_site
|
|
81
|
+
|
|
82
|
+
assert_raise(ArgumentError) { UserSession.same_site "foo" }
|
|
83
|
+
assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
|
|
84
|
+
end
|
|
85
|
+
|
|
69
86
|
def test_sign_cookie
|
|
70
87
|
UserSession.sign_cookie = true
|
|
71
88
|
assert_equal true, UserSession.sign_cookie
|
|
@@ -82,7 +99,7 @@ module SessionTest
|
|
|
82
99
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
83
100
|
def test_credentials
|
|
84
101
|
session = UserSession.new
|
|
85
|
-
session.credentials = { :
|
|
102
|
+
session.credentials = { remember_me: true }
|
|
86
103
|
assert_equal true, session.remember_me
|
|
87
104
|
end
|
|
88
105
|
|
|
@@ -159,6 +176,22 @@ module SessionTest
|
|
|
159
176
|
)
|
|
160
177
|
end
|
|
161
178
|
|
|
179
|
+
def test_after_save_save_cookie_encrypted
|
|
180
|
+
ben = users(:ben)
|
|
181
|
+
|
|
182
|
+
assert_nil controller.cookies["user_credentials"]
|
|
183
|
+
payload = "#{ben.persistence_token}::#{ben.id}"
|
|
184
|
+
|
|
185
|
+
session = UserSession.new(ben)
|
|
186
|
+
session.encrypt_cookie = true
|
|
187
|
+
assert session.save
|
|
188
|
+
assert_equal payload, controller.cookies.encrypted["user_credentials"]
|
|
189
|
+
assert_equal(
|
|
190
|
+
Authlogic::TestCase::MockEncryptedCookieJar.encrypt(payload),
|
|
191
|
+
controller.cookies.encrypted.parent_jar["user_credentials"]
|
|
192
|
+
)
|
|
193
|
+
end
|
|
194
|
+
|
|
162
195
|
def test_after_save_save_cookie_signed
|
|
163
196
|
ben = users(:ben)
|
|
164
197
|
|
|
@@ -188,6 +221,16 @@ module SessionTest
|
|
|
188
221
|
end
|
|
189
222
|
end
|
|
190
223
|
|
|
224
|
+
def test_after_save_save_cookie_with_same_site
|
|
225
|
+
session = UserSession.new(users(:ben))
|
|
226
|
+
session.same_site = "Strict"
|
|
227
|
+
assert session.save
|
|
228
|
+
assert_equal(
|
|
229
|
+
"Strict",
|
|
230
|
+
controller.cookies.set_cookies["user_credentials"][:same_site]
|
|
231
|
+
)
|
|
232
|
+
end
|
|
233
|
+
|
|
191
234
|
def test_after_destroy_destroy_cookie
|
|
192
235
|
ben = users(:ben)
|
|
193
236
|
set_cookie_for(ben)
|
|
@@ -1,26 +1,28 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module ExistenceTest
|
|
5
7
|
class ClassMethodsTest < ActiveSupport::TestCase
|
|
6
8
|
def test_create_with_good_credentials
|
|
7
9
|
ben = users(:ben)
|
|
8
|
-
session = UserSession.create(:
|
|
10
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
9
11
|
refute session.new_session?
|
|
10
12
|
end
|
|
11
13
|
|
|
12
14
|
def test_create_with_bad_credentials
|
|
13
|
-
session = UserSession.create(:
|
|
15
|
+
session = UserSession.create(login: "somelogin", password: "badpw2")
|
|
14
16
|
assert session.new_session?
|
|
15
17
|
end
|
|
16
18
|
|
|
17
19
|
def test_create_bang
|
|
18
20
|
ben = users(:ben)
|
|
19
21
|
err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
|
|
20
|
-
UserSession.create!(:
|
|
22
|
+
UserSession.create!(login: ben.login, password: "badpw")
|
|
21
23
|
end
|
|
22
24
|
assert_includes err.message, "Password is not valid"
|
|
23
|
-
refute UserSession.create!(:
|
|
25
|
+
refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
|
|
24
26
|
end
|
|
25
27
|
end
|
|
26
28
|
|
|
@@ -71,5 +73,16 @@ module SessionTest
|
|
|
71
73
|
refute session.record
|
|
72
74
|
end
|
|
73
75
|
end
|
|
76
|
+
|
|
77
|
+
class SessionInvalidErrorTest < ActiveSupport::TestCase
|
|
78
|
+
def test_message
|
|
79
|
+
session = UserSession.new
|
|
80
|
+
assert !session.valid?
|
|
81
|
+
error = Authlogic::Session::Existence::SessionInvalidError.new(session)
|
|
82
|
+
message = "Your session is invalid and has the following errors: " +
|
|
83
|
+
session.errors.full_messages.to_sentence
|
|
84
|
+
assert_equal message, error.message
|
|
85
|
+
end
|
|
86
|
+
end
|
|
74
87
|
end
|
|
75
88
|
end
|
|
@@ -1,6 +1,24 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
4
|
+
|
|
5
|
+
# We forbid the use of AC::Parameters, and we have a test to that effect, but we
|
|
6
|
+
# do not want a development dependency on `actionpack`, so we define it here.
|
|
7
|
+
module ActionController
|
|
8
|
+
class Parameters; end
|
|
9
|
+
end
|
|
2
10
|
|
|
3
11
|
module SessionTest
|
|
4
12
|
class FoundationTest < ActiveSupport::TestCase
|
|
13
|
+
def test_credentials_raise_if_not_a_hash
|
|
14
|
+
session = UserSession.new
|
|
15
|
+
e = assert_raises(TypeError) {
|
|
16
|
+
session.credentials = ActionController::Parameters.new
|
|
17
|
+
}
|
|
18
|
+
assert_equal(
|
|
19
|
+
::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
|
|
20
|
+
e.message
|
|
21
|
+
)
|
|
22
|
+
end
|
|
5
23
|
end
|
|
6
24
|
end
|
|
@@ -1,8 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class HttpAuthTest < ActiveSupport::TestCase
|
|
5
|
-
class
|
|
7
|
+
class ConfigTest < ActiveSupport::TestCase
|
|
6
8
|
def test_allow_http_basic_auth
|
|
7
9
|
UserSession.allow_http_basic_auth = false
|
|
8
10
|
assert_equal false, UserSession.allow_http_basic_auth
|
|
@@ -20,14 +22,16 @@ module SessionTest
|
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
def test_http_basic_auth_realm
|
|
23
|
-
assert_equal
|
|
24
|
-
UserSession.http_basic_auth_realm =
|
|
25
|
-
assert_equal
|
|
25
|
+
assert_equal "Application", UserSession.http_basic_auth_realm
|
|
26
|
+
UserSession.http_basic_auth_realm = "TestRealm"
|
|
27
|
+
assert_equal "TestRealm", UserSession.http_basic_auth_realm
|
|
26
28
|
end
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
30
32
|
def test_persist_persist_by_http_auth
|
|
33
|
+
UserSession.allow_http_basic_auth = true
|
|
34
|
+
|
|
31
35
|
aaron = users(:aaron)
|
|
32
36
|
http_basic_auth_for do
|
|
33
37
|
refute UserSession.find
|
|
@@ -41,13 +45,13 @@ module SessionTest
|
|
|
41
45
|
end
|
|
42
46
|
unset_session
|
|
43
47
|
UserSession.request_http_basic_auth = true
|
|
44
|
-
UserSession.http_basic_auth_realm =
|
|
48
|
+
UserSession.http_basic_auth_realm = "PersistTestRealm"
|
|
45
49
|
http_basic_auth_for(aaron) do
|
|
46
50
|
assert session = UserSession.find
|
|
47
51
|
assert_equal aaron, session.record
|
|
48
52
|
assert_equal aaron.login, session.login
|
|
49
53
|
assert_equal "aaronrocks", session.send(:protected_password)
|
|
50
|
-
assert_equal
|
|
54
|
+
assert_equal "PersistTestRealm", controller.realm
|
|
51
55
|
assert controller.http_auth_requested?
|
|
52
56
|
end
|
|
53
57
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module MagicColumnsTest
|
|
@@ -27,7 +29,7 @@ module SessionTest
|
|
|
27
29
|
def test_valid_increase_failed_login_count
|
|
28
30
|
ben = users(:ben)
|
|
29
31
|
old_failed_login_count = ben.failed_login_count
|
|
30
|
-
session = UserSession.create(:
|
|
32
|
+
session = UserSession.create(login: ben.login, password: "wrong")
|
|
31
33
|
assert session.new_session?
|
|
32
34
|
ben.reload
|
|
33
35
|
assert_equal old_failed_login_count + 1, ben.failed_login_count
|
|
@@ -37,24 +39,22 @@ module SessionTest
|
|
|
37
39
|
aaron = users(:aaron)
|
|
38
40
|
|
|
39
41
|
# increase failed login count
|
|
40
|
-
session = UserSession.create(:
|
|
42
|
+
session = UserSession.create(login: aaron.login, password: "wrong")
|
|
41
43
|
assert session.new_session?
|
|
42
44
|
aaron.reload
|
|
45
|
+
assert_equal 0, aaron.login_count
|
|
46
|
+
assert_nil aaron.current_login_at
|
|
47
|
+
assert_nil aaron.current_login_ip
|
|
43
48
|
|
|
44
|
-
|
|
45
|
-
old_login_count = aaron.login_count
|
|
46
|
-
old_current_login_at = aaron.current_login_at
|
|
47
|
-
old_current_login_ip = aaron.current_login_ip
|
|
48
|
-
|
|
49
|
-
session = UserSession.create(:login => aaron.login, :password => "aaronrocks")
|
|
49
|
+
session = UserSession.create(login: aaron.login, password: "aaronrocks")
|
|
50
50
|
assert session.valid?
|
|
51
51
|
|
|
52
52
|
aaron.reload
|
|
53
|
-
assert_equal
|
|
53
|
+
assert_equal 1, aaron.login_count
|
|
54
54
|
assert_equal 0, aaron.failed_login_count
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
55
|
+
assert_nil aaron.last_login_at
|
|
56
|
+
assert_not_nil aaron.current_login_at
|
|
57
|
+
assert_nil aaron.last_login_ip
|
|
58
58
|
assert_equal "1.1.1.1", aaron.current_login_ip
|
|
59
59
|
end
|
|
60
60
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module ParamsTest
|
|
@@ -14,9 +16,13 @@ module SessionTest
|
|
|
14
16
|
def test_single_access_allowed_request_types
|
|
15
17
|
UserSession.single_access_allowed_request_types = ["my request type"]
|
|
16
18
|
assert_equal ["my request type"], UserSession.single_access_allowed_request_types
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
19
|
+
UserSession.single_access_allowed_request_types(
|
|
20
|
+
["application/rss+xml", "application/atom+xml"]
|
|
21
|
+
)
|
|
22
|
+
assert_equal(
|
|
23
|
+
["application/rss+xml", "application/atom+xml"],
|
|
24
|
+
UserSession.single_access_allowed_request_types
|
|
25
|
+
)
|
|
20
26
|
end
|
|
21
27
|
end
|
|
22
28
|
|
|
@@ -41,7 +47,9 @@ module SessionTest
|
|
|
41
47
|
set_request_content_type("application/atom+xml")
|
|
42
48
|
assert session.persisting?
|
|
43
49
|
assert_equal ben, session.record
|
|
44
|
-
|
|
50
|
+
|
|
51
|
+
# should not persist since this is single access
|
|
52
|
+
assert_nil controller.session["user_credentials"]
|
|
45
53
|
|
|
46
54
|
set_request_content_type("application/rss+xml")
|
|
47
55
|
assert session.persisting?
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module PasswordTest
|
|
@@ -22,21 +24,21 @@ module SessionTest
|
|
|
22
24
|
def test_generalize_credentials_error_mesages_set_to_false
|
|
23
25
|
UserSession.generalize_credentials_error_messages false
|
|
24
26
|
refute UserSession.generalize_credentials_error_messages
|
|
25
|
-
session = UserSession.create(:
|
|
27
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
26
28
|
assert_equal ["Password is not valid"], session.errors.full_messages
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def test_generalize_credentials_error_messages_set_to_true
|
|
30
32
|
UserSession.generalize_credentials_error_messages true
|
|
31
33
|
assert UserSession.generalize_credentials_error_messages
|
|
32
|
-
session = UserSession.create(:
|
|
34
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
33
35
|
assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
|
|
34
36
|
end
|
|
35
37
|
|
|
36
38
|
def test_generalize_credentials_error_messages_set_to_string
|
|
37
39
|
UserSession.generalize_credentials_error_messages = "Custom Error Message"
|
|
38
40
|
assert UserSession.generalize_credentials_error_messages
|
|
39
|
-
session = UserSession.create(:
|
|
41
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
40
42
|
assert_equal ["Custom Error Message"], session.errors.full_messages
|
|
41
43
|
end
|
|
42
44
|
|
|
@@ -79,21 +81,21 @@ module SessionTest
|
|
|
79
81
|
|
|
80
82
|
def test_credentials
|
|
81
83
|
session = UserSession.new
|
|
82
|
-
session.credentials = { :
|
|
84
|
+
session.credentials = { login: "login", password: "pass" }
|
|
83
85
|
assert_equal "login", session.login
|
|
84
86
|
assert_nil session.password
|
|
85
87
|
assert_equal "pass", session.send(:protected_password)
|
|
86
|
-
assert_equal({ :
|
|
88
|
+
assert_equal({ password: "<protected>", login: "login" }, session.credentials)
|
|
87
89
|
end
|
|
88
90
|
|
|
89
91
|
def test_credentials_are_params_safe
|
|
90
92
|
session = UserSession.new
|
|
91
|
-
assert_nothing_raised { session.credentials = { :
|
|
93
|
+
assert_nothing_raised { session.credentials = { hacker_method: "error!" } }
|
|
92
94
|
end
|
|
93
95
|
|
|
94
96
|
def test_save_with_credentials
|
|
95
97
|
aaron = users(:aaron)
|
|
96
|
-
session = UserSession.new(:
|
|
98
|
+
session = UserSession.new(login: aaron.login, password: "aaronrocks")
|
|
97
99
|
assert session.save
|
|
98
100
|
refute session.new_session?
|
|
99
101
|
assert_equal 1, session.record.login_count
|
|
@@ -1,10 +1,13 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class PersistenceTest < ActiveSupport::TestCase
|
|
5
7
|
def test_find
|
|
6
8
|
aaron = users(:aaron)
|
|
7
9
|
refute UserSession.find
|
|
10
|
+
UserSession.allow_http_basic_auth = true
|
|
8
11
|
http_basic_auth_for(aaron) { assert UserSession.find }
|
|
9
12
|
set_cookie_for(aaron)
|
|
10
13
|
assert UserSession.find
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class ScopesTest < ActiveSupport::TestCase
|
|
@@ -6,7 +8,7 @@ module SessionTest
|
|
|
6
8
|
assert_nil Authlogic::Session::Base.scope
|
|
7
9
|
|
|
8
10
|
thread1 = Thread.new do
|
|
9
|
-
scope = { :
|
|
11
|
+
scope = { id: :scope1 }
|
|
10
12
|
Authlogic::Session::Base.send(:scope=, scope)
|
|
11
13
|
assert_equal scope, Authlogic::Session::Base.scope
|
|
12
14
|
end
|
|
@@ -15,7 +17,7 @@ module SessionTest
|
|
|
15
17
|
assert_nil Authlogic::Session::Base.scope
|
|
16
18
|
|
|
17
19
|
thread2 = Thread.new do
|
|
18
|
-
scope = { :
|
|
20
|
+
scope = { id: :scope2 }
|
|
19
21
|
Authlogic::Session::Base.send(:scope=, scope)
|
|
20
22
|
assert_equal scope, Authlogic::Session::Base.scope
|
|
21
23
|
end
|
|
@@ -27,17 +29,23 @@ module SessionTest
|
|
|
27
29
|
def test_with_scope_method
|
|
28
30
|
assert_raise(ArgumentError) { UserSession.with_scope }
|
|
29
31
|
|
|
30
|
-
UserSession.with_scope(:
|
|
31
|
-
assert_equal(
|
|
32
|
+
UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
|
|
33
|
+
assert_equal(
|
|
34
|
+
{ find_options: { conditions: "awesome = 1" }, id: "some_id" },
|
|
35
|
+
UserSession.scope
|
|
36
|
+
)
|
|
32
37
|
end
|
|
33
38
|
|
|
34
39
|
assert_nil UserSession.scope
|
|
35
40
|
end
|
|
36
41
|
|
|
37
42
|
def test_initialize
|
|
38
|
-
UserSession.with_scope(:
|
|
43
|
+
UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
|
|
39
44
|
session = UserSession.new
|
|
40
|
-
assert_equal(
|
|
45
|
+
assert_equal(
|
|
46
|
+
{ find_options: { conditions: "awesome = 1" }, id: "some_id" },
|
|
47
|
+
session.scope
|
|
48
|
+
)
|
|
41
49
|
session.id = :another_id
|
|
42
50
|
assert_equal "another_id_some_id_test", session.send(:build_key, "test")
|
|
43
51
|
end
|
|
@@ -51,7 +59,7 @@ module SessionTest
|
|
|
51
59
|
session = UserSession.new
|
|
52
60
|
assert_equal zack, session.send(:search_for_record, "find_by_login", zack.login)
|
|
53
61
|
|
|
54
|
-
session.scope = { :
|
|
62
|
+
session.scope = { find_options: { conditions: ["company_id = ?", binary_logic.id] } }
|
|
55
63
|
assert_nil session.send(:search_for_record, "find_by_login", zack.login)
|
|
56
64
|
|
|
57
65
|
assert_equal ben, session.send(:search_for_record, "find_by_login", ben.login)
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module SessionTest
|
|
@@ -23,16 +25,16 @@ module SessionTest
|
|
|
23
25
|
|
|
24
26
|
def test_persist_persist_by_session_with_session_fixation_attack
|
|
25
27
|
ben = users(:ben)
|
|
26
|
-
controller.session["user_credentials"] =
|
|
28
|
+
controller.session["user_credentials"] = "neo"
|
|
27
29
|
controller.session["user_credentials_id"] = {
|
|
28
|
-
:
|
|
30
|
+
select: " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
|
|
29
31
|
}
|
|
30
32
|
@user_session = UserSession.find
|
|
31
33
|
assert @user_session.blank?
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def test_persist_persist_by_session_with_sql_injection_attack
|
|
35
|
-
controller.session["user_credentials"] = { :
|
|
37
|
+
controller.session["user_credentials"] = { select: "ABRA CADABRA" }
|
|
36
38
|
controller.session["user_credentials_id"] = nil
|
|
37
39
|
assert_nothing_raised do
|
|
38
40
|
@user_session = UserSession.find
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module TimeoutTest
|
|
@@ -70,7 +72,7 @@ module SessionTest
|
|
|
70
72
|
def test_successful_login
|
|
71
73
|
UserSession.logout_on_timeout = true
|
|
72
74
|
ben = users(:ben)
|
|
73
|
-
session = UserSession.create(:
|
|
75
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
74
76
|
refute session.new_session?
|
|
75
77
|
session = UserSession.find
|
|
76
78
|
assert session
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class UnauthorizedRecordTest < ActiveSupport::TestCase
|
|
@@ -7,7 +9,7 @@ module SessionTest
|
|
|
7
9
|
session = UserSession.new
|
|
8
10
|
session.credentials = [ben]
|
|
9
11
|
assert_equal ben, session.unauthorized_record
|
|
10
|
-
assert_equal({ :
|
|
12
|
+
assert_equal({ unauthorized_record: "<protected>" }, session.credentials)
|
|
11
13
|
end
|
|
12
14
|
end
|
|
13
15
|
end
|