authlogic 3.8.0 → 4.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +28 -0
- data/.github/ISSUE_TEMPLATE/feature_proposal.md +32 -0
- data/.github/triage.md +86 -0
- data/.gitignore +4 -3
- data/.rubocop.yml +109 -9
- data/.rubocop_todo.yml +38 -355
- data/.travis.yml +11 -35
- data/CHANGELOG.md +345 -2
- data/CONTRIBUTING.md +45 -14
- data/Gemfile +3 -2
- data/README.md +244 -90
- data/Rakefile +10 -10
- data/UPGRADING.md +22 -0
- data/authlogic.gemspec +34 -21
- data/doc/use_normal_rails_validation.md +82 -0
- data/gemfiles/Gemfile.rails-4.2.x +6 -0
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.1.x +2 -2
- data/{test/gemfiles → gemfiles}/Gemfile.rails-5.2.x +2 -2
- data/lib/authlogic/acts_as_authentic/base.rb +36 -24
- data/lib/authlogic/acts_as_authentic/email.rb +65 -31
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +14 -9
- data/lib/authlogic/acts_as_authentic/login.rb +61 -45
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +6 -6
- data/lib/authlogic/acts_as_authentic/password.rb +267 -146
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +24 -19
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -15
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +50 -14
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +88 -60
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +23 -11
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +9 -6
- data/lib/authlogic/authenticates_many/association.rb +7 -7
- data/lib/authlogic/authenticates_many/base.rb +37 -21
- data/lib/authlogic/config.rb +21 -10
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +38 -11
- data/lib/authlogic/controller_adapters/rack_adapter.rb +9 -5
- data/lib/authlogic/controller_adapters/rails_adapter.rb +12 -7
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +2 -2
- data/lib/authlogic/crypto_providers/aes256.rb +37 -32
- data/lib/authlogic/crypto_providers/bcrypt.rb +21 -15
- data/lib/authlogic/crypto_providers/md5.rb +4 -2
- data/lib/authlogic/crypto_providers/scrypt.rb +22 -17
- data/lib/authlogic/crypto_providers/sha1.rb +11 -5
- data/lib/authlogic/crypto_providers/sha256.rb +13 -9
- data/lib/authlogic/crypto_providers/sha512.rb +0 -21
- data/lib/authlogic/crypto_providers/wordpress.rb +32 -3
- data/lib/authlogic/crypto_providers.rb +91 -0
- data/lib/authlogic/i18n.rb +26 -19
- data/lib/authlogic/random.rb +10 -28
- data/lib/authlogic/regex.rb +59 -28
- data/lib/authlogic/session/activation.rb +10 -7
- data/lib/authlogic/session/active_record_trickery.rb +13 -9
- data/lib/authlogic/session/base.rb +15 -4
- data/lib/authlogic/session/brute_force_protection.rb +40 -33
- data/lib/authlogic/session/callbacks.rb +94 -46
- data/lib/authlogic/session/cookies.rb +130 -45
- data/lib/authlogic/session/existence.rb +21 -11
- data/lib/authlogic/session/foundation.rb +64 -14
- data/lib/authlogic/session/http_auth.rb +35 -28
- data/lib/authlogic/session/id.rb +9 -4
- data/lib/authlogic/session/klass.rb +15 -12
- data/lib/authlogic/session/magic_columns.rb +58 -55
- data/lib/authlogic/session/magic_states.rb +25 -19
- data/lib/authlogic/session/params.rb +42 -28
- data/lib/authlogic/session/password.rb +130 -120
- data/lib/authlogic/session/perishable_token.rb +5 -4
- data/lib/authlogic/session/persistence.rb +18 -12
- data/lib/authlogic/session/priority_record.rb +15 -12
- data/lib/authlogic/session/scopes.rb +51 -32
- data/lib/authlogic/session/session.rb +38 -28
- data/lib/authlogic/session/timeout.rb +13 -13
- data/lib/authlogic/session/unauthorized_record.rb +18 -13
- data/lib/authlogic/session/validation.rb +9 -9
- data/lib/authlogic/test_case/mock_controller.rb +5 -4
- data/lib/authlogic/test_case/mock_cookie_jar.rb +47 -3
- data/lib/authlogic/test_case/mock_request.rb +6 -3
- data/lib/authlogic/test_case/rails_request_adapter.rb +3 -2
- data/lib/authlogic/test_case.rb +70 -2
- data/lib/authlogic/version.rb +21 -0
- data/lib/authlogic.rb +51 -49
- data/test/acts_as_authentic_test/base_test.rb +3 -1
- data/test/acts_as_authentic_test/email_test.rb +43 -42
- data/test/acts_as_authentic_test/logged_in_status_test.rb +6 -4
- data/test/acts_as_authentic_test/login_test.rb +77 -80
- data/test/acts_as_authentic_test/magic_columns_test.rb +3 -1
- data/test/acts_as_authentic_test/password_test.rb +51 -37
- data/test/acts_as_authentic_test/perishable_token_test.rb +13 -5
- data/test/acts_as_authentic_test/persistence_token_test.rb +7 -1
- data/test/acts_as_authentic_test/restful_authentication_test.rb +14 -3
- data/test/acts_as_authentic_test/session_maintenance_test.rb +69 -15
- data/test/acts_as_authentic_test/single_access_test.rb +3 -1
- data/test/adapter_test.rb +23 -0
- data/test/authenticates_many_test.rb +3 -1
- data/test/config_test.rb +11 -9
- data/test/crypto_provider_test/aes256_test.rb +3 -1
- data/test/crypto_provider_test/bcrypt_test.rb +3 -1
- data/test/crypto_provider_test/scrypt_test.rb +3 -1
- data/test/crypto_provider_test/sha1_test.rb +3 -1
- data/test/crypto_provider_test/sha256_test.rb +3 -1
- data/test/crypto_provider_test/sha512_test.rb +3 -1
- data/test/crypto_provider_test/wordpress_test.rb +26 -0
- data/test/fixtures/companies.yml +2 -2
- data/test/fixtures/employees.yml +1 -1
- data/test/i18n_test.rb +6 -4
- data/test/libs/affiliate.rb +2 -0
- data/test/libs/company.rb +4 -2
- data/test/libs/employee.rb +2 -0
- data/test/libs/employee_session.rb +2 -0
- data/test/libs/ldaper.rb +2 -0
- data/test/libs/project.rb +2 -0
- data/test/libs/user.rb +2 -0
- data/test/libs/user_session.rb +4 -2
- data/test/random_test.rb +10 -38
- data/test/session_test/activation_test.rb +3 -1
- data/test/session_test/active_record_trickery_test.rb +7 -4
- data/test/session_test/brute_force_protection_test.rb +11 -9
- data/test/session_test/callbacks_test.rb +12 -4
- data/test/session_test/cookies_test.rb +48 -5
- data/test/session_test/existence_test.rb +18 -5
- data/test/session_test/foundation_test.rb +19 -1
- data/test/session_test/http_auth_test.rb +11 -7
- data/test/session_test/id_test.rb +3 -1
- data/test/session_test/klass_test.rb +3 -1
- data/test/session_test/magic_columns_test.rb +13 -13
- data/test/session_test/magic_states_test.rb +3 -1
- data/test/session_test/params_test.rb +13 -5
- data/test/session_test/password_test.rb +10 -8
- data/test/session_test/perishability_test.rb +3 -1
- data/test/session_test/persistence_test.rb +4 -1
- data/test/session_test/scopes_test.rb +16 -8
- data/test/session_test/session_test.rb +6 -4
- data/test/session_test/timeout_test.rb +4 -2
- data/test/session_test/unauthorized_record_test.rb +4 -2
- data/test/session_test/validation_test.rb +3 -1
- data/test/test_helper.rb +84 -45
- metadata +87 -73
- data/.github/ISSUE_TEMPLATE.md +0 -13
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-5.0.x +0 -6
|
@@ -1,8 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module CookiesTest
|
|
5
|
-
class
|
|
7
|
+
class ConfigTest < ActiveSupport::TestCase
|
|
6
8
|
def test_cookie_key
|
|
7
9
|
UserSession.cookie_key = "my_cookie_key"
|
|
8
10
|
assert_equal "my_cookie_key", UserSession.cookie_key
|
|
@@ -43,7 +45,6 @@ module SessionTest
|
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
def test_secure
|
|
46
|
-
UserSession.secure = true
|
|
47
48
|
assert_equal true, UserSession.secure
|
|
48
49
|
session = UserSession.new
|
|
49
50
|
assert_equal true, session.secure
|
|
@@ -55,7 +56,6 @@ module SessionTest
|
|
|
55
56
|
end
|
|
56
57
|
|
|
57
58
|
def test_httponly
|
|
58
|
-
UserSession.httponly = true
|
|
59
59
|
assert_equal true, UserSession.httponly
|
|
60
60
|
session = UserSession.new
|
|
61
61
|
assert_equal true, session.httponly
|
|
@@ -66,6 +66,23 @@ module SessionTest
|
|
|
66
66
|
assert_equal false, session.httponly
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
+
def test_same_site
|
|
70
|
+
assert_nil UserSession.same_site
|
|
71
|
+
assert_nil UserSession.new.same_site
|
|
72
|
+
|
|
73
|
+
UserSession.same_site "Strict"
|
|
74
|
+
assert_equal "Strict", UserSession.same_site
|
|
75
|
+
session = UserSession.new
|
|
76
|
+
assert_equal "Strict", session.same_site
|
|
77
|
+
session.same_site = "Lax"
|
|
78
|
+
assert_equal "Lax", session.same_site
|
|
79
|
+
session.same_site = "None"
|
|
80
|
+
assert_equal "None", session.same_site
|
|
81
|
+
|
|
82
|
+
assert_raise(ArgumentError) { UserSession.same_site "foo" }
|
|
83
|
+
assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
|
|
84
|
+
end
|
|
85
|
+
|
|
69
86
|
def test_sign_cookie
|
|
70
87
|
UserSession.sign_cookie = true
|
|
71
88
|
assert_equal true, UserSession.sign_cookie
|
|
@@ -82,7 +99,7 @@ module SessionTest
|
|
|
82
99
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
83
100
|
def test_credentials
|
|
84
101
|
session = UserSession.new
|
|
85
|
-
session.credentials = { :
|
|
102
|
+
session.credentials = { remember_me: true }
|
|
86
103
|
assert_equal true, session.remember_me
|
|
87
104
|
end
|
|
88
105
|
|
|
@@ -159,6 +176,22 @@ module SessionTest
|
|
|
159
176
|
)
|
|
160
177
|
end
|
|
161
178
|
|
|
179
|
+
def test_after_save_save_cookie_encrypted
|
|
180
|
+
ben = users(:ben)
|
|
181
|
+
|
|
182
|
+
assert_nil controller.cookies["user_credentials"]
|
|
183
|
+
payload = "#{ben.persistence_token}::#{ben.id}"
|
|
184
|
+
|
|
185
|
+
session = UserSession.new(ben)
|
|
186
|
+
session.encrypt_cookie = true
|
|
187
|
+
assert session.save
|
|
188
|
+
assert_equal payload, controller.cookies.encrypted["user_credentials"]
|
|
189
|
+
assert_equal(
|
|
190
|
+
Authlogic::TestCase::MockEncryptedCookieJar.encrypt(payload),
|
|
191
|
+
controller.cookies.encrypted.parent_jar["user_credentials"]
|
|
192
|
+
)
|
|
193
|
+
end
|
|
194
|
+
|
|
162
195
|
def test_after_save_save_cookie_signed
|
|
163
196
|
ben = users(:ben)
|
|
164
197
|
|
|
@@ -188,6 +221,16 @@ module SessionTest
|
|
|
188
221
|
end
|
|
189
222
|
end
|
|
190
223
|
|
|
224
|
+
def test_after_save_save_cookie_with_same_site
|
|
225
|
+
session = UserSession.new(users(:ben))
|
|
226
|
+
session.same_site = "Strict"
|
|
227
|
+
assert session.save
|
|
228
|
+
assert_equal(
|
|
229
|
+
"Strict",
|
|
230
|
+
controller.cookies.set_cookies["user_credentials"][:same_site]
|
|
231
|
+
)
|
|
232
|
+
end
|
|
233
|
+
|
|
191
234
|
def test_after_destroy_destroy_cookie
|
|
192
235
|
ben = users(:ben)
|
|
193
236
|
set_cookie_for(ben)
|
|
@@ -1,26 +1,28 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module ExistenceTest
|
|
5
7
|
class ClassMethodsTest < ActiveSupport::TestCase
|
|
6
8
|
def test_create_with_good_credentials
|
|
7
9
|
ben = users(:ben)
|
|
8
|
-
session = UserSession.create(:
|
|
10
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
9
11
|
refute session.new_session?
|
|
10
12
|
end
|
|
11
13
|
|
|
12
14
|
def test_create_with_bad_credentials
|
|
13
|
-
session = UserSession.create(:
|
|
15
|
+
session = UserSession.create(login: "somelogin", password: "badpw2")
|
|
14
16
|
assert session.new_session?
|
|
15
17
|
end
|
|
16
18
|
|
|
17
19
|
def test_create_bang
|
|
18
20
|
ben = users(:ben)
|
|
19
21
|
err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
|
|
20
|
-
UserSession.create!(:
|
|
22
|
+
UserSession.create!(login: ben.login, password: "badpw")
|
|
21
23
|
end
|
|
22
24
|
assert_includes err.message, "Password is not valid"
|
|
23
|
-
refute UserSession.create!(:
|
|
25
|
+
refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
|
|
24
26
|
end
|
|
25
27
|
end
|
|
26
28
|
|
|
@@ -71,5 +73,16 @@ module SessionTest
|
|
|
71
73
|
refute session.record
|
|
72
74
|
end
|
|
73
75
|
end
|
|
76
|
+
|
|
77
|
+
class SessionInvalidErrorTest < ActiveSupport::TestCase
|
|
78
|
+
def test_message
|
|
79
|
+
session = UserSession.new
|
|
80
|
+
assert !session.valid?
|
|
81
|
+
error = Authlogic::Session::Existence::SessionInvalidError.new(session)
|
|
82
|
+
message = "Your session is invalid and has the following errors: " +
|
|
83
|
+
session.errors.full_messages.to_sentence
|
|
84
|
+
assert_equal message, error.message
|
|
85
|
+
end
|
|
86
|
+
end
|
|
74
87
|
end
|
|
75
88
|
end
|
|
@@ -1,6 +1,24 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
4
|
+
|
|
5
|
+
# We forbid the use of AC::Parameters, and we have a test to that effect, but we
|
|
6
|
+
# do not want a development dependency on `actionpack`, so we define it here.
|
|
7
|
+
module ActionController
|
|
8
|
+
class Parameters; end
|
|
9
|
+
end
|
|
2
10
|
|
|
3
11
|
module SessionTest
|
|
4
12
|
class FoundationTest < ActiveSupport::TestCase
|
|
13
|
+
def test_credentials_raise_if_not_a_hash
|
|
14
|
+
session = UserSession.new
|
|
15
|
+
e = assert_raises(TypeError) {
|
|
16
|
+
session.credentials = ActionController::Parameters.new
|
|
17
|
+
}
|
|
18
|
+
assert_equal(
|
|
19
|
+
::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
|
|
20
|
+
e.message
|
|
21
|
+
)
|
|
22
|
+
end
|
|
5
23
|
end
|
|
6
24
|
end
|
|
@@ -1,8 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class HttpAuthTest < ActiveSupport::TestCase
|
|
5
|
-
class
|
|
7
|
+
class ConfigTest < ActiveSupport::TestCase
|
|
6
8
|
def test_allow_http_basic_auth
|
|
7
9
|
UserSession.allow_http_basic_auth = false
|
|
8
10
|
assert_equal false, UserSession.allow_http_basic_auth
|
|
@@ -20,14 +22,16 @@ module SessionTest
|
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
def test_http_basic_auth_realm
|
|
23
|
-
assert_equal
|
|
24
|
-
UserSession.http_basic_auth_realm =
|
|
25
|
-
assert_equal
|
|
25
|
+
assert_equal "Application", UserSession.http_basic_auth_realm
|
|
26
|
+
UserSession.http_basic_auth_realm = "TestRealm"
|
|
27
|
+
assert_equal "TestRealm", UserSession.http_basic_auth_realm
|
|
26
28
|
end
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
class InstanceMethodsTest < ActiveSupport::TestCase
|
|
30
32
|
def test_persist_persist_by_http_auth
|
|
33
|
+
UserSession.allow_http_basic_auth = true
|
|
34
|
+
|
|
31
35
|
aaron = users(:aaron)
|
|
32
36
|
http_basic_auth_for do
|
|
33
37
|
refute UserSession.find
|
|
@@ -41,13 +45,13 @@ module SessionTest
|
|
|
41
45
|
end
|
|
42
46
|
unset_session
|
|
43
47
|
UserSession.request_http_basic_auth = true
|
|
44
|
-
UserSession.http_basic_auth_realm =
|
|
48
|
+
UserSession.http_basic_auth_realm = "PersistTestRealm"
|
|
45
49
|
http_basic_auth_for(aaron) do
|
|
46
50
|
assert session = UserSession.find
|
|
47
51
|
assert_equal aaron, session.record
|
|
48
52
|
assert_equal aaron.login, session.login
|
|
49
53
|
assert_equal "aaronrocks", session.send(:protected_password)
|
|
50
|
-
assert_equal
|
|
54
|
+
assert_equal "PersistTestRealm", controller.realm
|
|
51
55
|
assert controller.http_auth_requested?
|
|
52
56
|
end
|
|
53
57
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module MagicColumnsTest
|
|
@@ -27,7 +29,7 @@ module SessionTest
|
|
|
27
29
|
def test_valid_increase_failed_login_count
|
|
28
30
|
ben = users(:ben)
|
|
29
31
|
old_failed_login_count = ben.failed_login_count
|
|
30
|
-
session = UserSession.create(:
|
|
32
|
+
session = UserSession.create(login: ben.login, password: "wrong")
|
|
31
33
|
assert session.new_session?
|
|
32
34
|
ben.reload
|
|
33
35
|
assert_equal old_failed_login_count + 1, ben.failed_login_count
|
|
@@ -37,24 +39,22 @@ module SessionTest
|
|
|
37
39
|
aaron = users(:aaron)
|
|
38
40
|
|
|
39
41
|
# increase failed login count
|
|
40
|
-
session = UserSession.create(:
|
|
42
|
+
session = UserSession.create(login: aaron.login, password: "wrong")
|
|
41
43
|
assert session.new_session?
|
|
42
44
|
aaron.reload
|
|
45
|
+
assert_equal 0, aaron.login_count
|
|
46
|
+
assert_nil aaron.current_login_at
|
|
47
|
+
assert_nil aaron.current_login_ip
|
|
43
48
|
|
|
44
|
-
|
|
45
|
-
old_login_count = aaron.login_count
|
|
46
|
-
old_current_login_at = aaron.current_login_at
|
|
47
|
-
old_current_login_ip = aaron.current_login_ip
|
|
48
|
-
|
|
49
|
-
session = UserSession.create(:login => aaron.login, :password => "aaronrocks")
|
|
49
|
+
session = UserSession.create(login: aaron.login, password: "aaronrocks")
|
|
50
50
|
assert session.valid?
|
|
51
51
|
|
|
52
52
|
aaron.reload
|
|
53
|
-
assert_equal
|
|
53
|
+
assert_equal 1, aaron.login_count
|
|
54
54
|
assert_equal 0, aaron.failed_login_count
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
55
|
+
assert_nil aaron.last_login_at
|
|
56
|
+
assert_not_nil aaron.current_login_at
|
|
57
|
+
assert_nil aaron.last_login_ip
|
|
58
58
|
assert_equal "1.1.1.1", aaron.current_login_ip
|
|
59
59
|
end
|
|
60
60
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module ParamsTest
|
|
@@ -14,9 +16,13 @@ module SessionTest
|
|
|
14
16
|
def test_single_access_allowed_request_types
|
|
15
17
|
UserSession.single_access_allowed_request_types = ["my request type"]
|
|
16
18
|
assert_equal ["my request type"], UserSession.single_access_allowed_request_types
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
19
|
+
UserSession.single_access_allowed_request_types(
|
|
20
|
+
["application/rss+xml", "application/atom+xml"]
|
|
21
|
+
)
|
|
22
|
+
assert_equal(
|
|
23
|
+
["application/rss+xml", "application/atom+xml"],
|
|
24
|
+
UserSession.single_access_allowed_request_types
|
|
25
|
+
)
|
|
20
26
|
end
|
|
21
27
|
end
|
|
22
28
|
|
|
@@ -41,7 +47,9 @@ module SessionTest
|
|
|
41
47
|
set_request_content_type("application/atom+xml")
|
|
42
48
|
assert session.persisting?
|
|
43
49
|
assert_equal ben, session.record
|
|
44
|
-
|
|
50
|
+
|
|
51
|
+
# should not persist since this is single access
|
|
52
|
+
assert_nil controller.session["user_credentials"]
|
|
45
53
|
|
|
46
54
|
set_request_content_type("application/rss+xml")
|
|
47
55
|
assert session.persisting?
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module PasswordTest
|
|
@@ -22,21 +24,21 @@ module SessionTest
|
|
|
22
24
|
def test_generalize_credentials_error_mesages_set_to_false
|
|
23
25
|
UserSession.generalize_credentials_error_messages false
|
|
24
26
|
refute UserSession.generalize_credentials_error_messages
|
|
25
|
-
session = UserSession.create(:
|
|
27
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
26
28
|
assert_equal ["Password is not valid"], session.errors.full_messages
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def test_generalize_credentials_error_messages_set_to_true
|
|
30
32
|
UserSession.generalize_credentials_error_messages true
|
|
31
33
|
assert UserSession.generalize_credentials_error_messages
|
|
32
|
-
session = UserSession.create(:
|
|
34
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
33
35
|
assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
|
|
34
36
|
end
|
|
35
37
|
|
|
36
38
|
def test_generalize_credentials_error_messages_set_to_string
|
|
37
39
|
UserSession.generalize_credentials_error_messages = "Custom Error Message"
|
|
38
40
|
assert UserSession.generalize_credentials_error_messages
|
|
39
|
-
session = UserSession.create(:
|
|
41
|
+
session = UserSession.create(login: users(:ben).login, password: "invalud-password")
|
|
40
42
|
assert_equal ["Custom Error Message"], session.errors.full_messages
|
|
41
43
|
end
|
|
42
44
|
|
|
@@ -79,21 +81,21 @@ module SessionTest
|
|
|
79
81
|
|
|
80
82
|
def test_credentials
|
|
81
83
|
session = UserSession.new
|
|
82
|
-
session.credentials = { :
|
|
84
|
+
session.credentials = { login: "login", password: "pass" }
|
|
83
85
|
assert_equal "login", session.login
|
|
84
86
|
assert_nil session.password
|
|
85
87
|
assert_equal "pass", session.send(:protected_password)
|
|
86
|
-
assert_equal({ :
|
|
88
|
+
assert_equal({ password: "<protected>", login: "login" }, session.credentials)
|
|
87
89
|
end
|
|
88
90
|
|
|
89
91
|
def test_credentials_are_params_safe
|
|
90
92
|
session = UserSession.new
|
|
91
|
-
assert_nothing_raised { session.credentials = { :
|
|
93
|
+
assert_nothing_raised { session.credentials = { hacker_method: "error!" } }
|
|
92
94
|
end
|
|
93
95
|
|
|
94
96
|
def test_save_with_credentials
|
|
95
97
|
aaron = users(:aaron)
|
|
96
|
-
session = UserSession.new(:
|
|
98
|
+
session = UserSession.new(login: aaron.login, password: "aaronrocks")
|
|
97
99
|
assert session.save
|
|
98
100
|
refute session.new_session?
|
|
99
101
|
assert_equal 1, session.record.login_count
|
|
@@ -1,10 +1,13 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class PersistenceTest < ActiveSupport::TestCase
|
|
5
7
|
def test_find
|
|
6
8
|
aaron = users(:aaron)
|
|
7
9
|
refute UserSession.find
|
|
10
|
+
UserSession.allow_http_basic_auth = true
|
|
8
11
|
http_basic_auth_for(aaron) { assert UserSession.find }
|
|
9
12
|
set_cookie_for(aaron)
|
|
10
13
|
assert UserSession.find
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class ScopesTest < ActiveSupport::TestCase
|
|
@@ -6,7 +8,7 @@ module SessionTest
|
|
|
6
8
|
assert_nil Authlogic::Session::Base.scope
|
|
7
9
|
|
|
8
10
|
thread1 = Thread.new do
|
|
9
|
-
scope = { :
|
|
11
|
+
scope = { id: :scope1 }
|
|
10
12
|
Authlogic::Session::Base.send(:scope=, scope)
|
|
11
13
|
assert_equal scope, Authlogic::Session::Base.scope
|
|
12
14
|
end
|
|
@@ -15,7 +17,7 @@ module SessionTest
|
|
|
15
17
|
assert_nil Authlogic::Session::Base.scope
|
|
16
18
|
|
|
17
19
|
thread2 = Thread.new do
|
|
18
|
-
scope = { :
|
|
20
|
+
scope = { id: :scope2 }
|
|
19
21
|
Authlogic::Session::Base.send(:scope=, scope)
|
|
20
22
|
assert_equal scope, Authlogic::Session::Base.scope
|
|
21
23
|
end
|
|
@@ -27,17 +29,23 @@ module SessionTest
|
|
|
27
29
|
def test_with_scope_method
|
|
28
30
|
assert_raise(ArgumentError) { UserSession.with_scope }
|
|
29
31
|
|
|
30
|
-
UserSession.with_scope(:
|
|
31
|
-
assert_equal(
|
|
32
|
+
UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
|
|
33
|
+
assert_equal(
|
|
34
|
+
{ find_options: { conditions: "awesome = 1" }, id: "some_id" },
|
|
35
|
+
UserSession.scope
|
|
36
|
+
)
|
|
32
37
|
end
|
|
33
38
|
|
|
34
39
|
assert_nil UserSession.scope
|
|
35
40
|
end
|
|
36
41
|
|
|
37
42
|
def test_initialize
|
|
38
|
-
UserSession.with_scope(:
|
|
43
|
+
UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
|
|
39
44
|
session = UserSession.new
|
|
40
|
-
assert_equal(
|
|
45
|
+
assert_equal(
|
|
46
|
+
{ find_options: { conditions: "awesome = 1" }, id: "some_id" },
|
|
47
|
+
session.scope
|
|
48
|
+
)
|
|
41
49
|
session.id = :another_id
|
|
42
50
|
assert_equal "another_id_some_id_test", session.send(:build_key, "test")
|
|
43
51
|
end
|
|
@@ -51,7 +59,7 @@ module SessionTest
|
|
|
51
59
|
session = UserSession.new
|
|
52
60
|
assert_equal zack, session.send(:search_for_record, "find_by_login", zack.login)
|
|
53
61
|
|
|
54
|
-
session.scope = { :
|
|
62
|
+
session.scope = { find_options: { conditions: ["company_id = ?", binary_logic.id] } }
|
|
55
63
|
assert_nil session.send(:search_for_record, "find_by_login", zack.login)
|
|
56
64
|
|
|
57
65
|
assert_equal ben, session.send(:search_for_record, "find_by_login", ben.login)
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module SessionTest
|
|
@@ -23,16 +25,16 @@ module SessionTest
|
|
|
23
25
|
|
|
24
26
|
def test_persist_persist_by_session_with_session_fixation_attack
|
|
25
27
|
ben = users(:ben)
|
|
26
|
-
controller.session["user_credentials"] =
|
|
28
|
+
controller.session["user_credentials"] = "neo"
|
|
27
29
|
controller.session["user_credentials_id"] = {
|
|
28
|
-
:
|
|
30
|
+
select: " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
|
|
29
31
|
}
|
|
30
32
|
@user_session = UserSession.find
|
|
31
33
|
assert @user_session.blank?
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def test_persist_persist_by_session_with_sql_injection_attack
|
|
35
|
-
controller.session["user_credentials"] = { :
|
|
37
|
+
controller.session["user_credentials"] = { select: "ABRA CADABRA" }
|
|
36
38
|
controller.session["user_credentials_id"] = nil
|
|
37
39
|
assert_nothing_raised do
|
|
38
40
|
@user_session = UserSession.find
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
module TimeoutTest
|
|
@@ -70,7 +72,7 @@ module SessionTest
|
|
|
70
72
|
def test_successful_login
|
|
71
73
|
UserSession.logout_on_timeout = true
|
|
72
74
|
ben = users(:ben)
|
|
73
|
-
session = UserSession.create(:
|
|
75
|
+
session = UserSession.create(login: ben.login, password: "benrocks")
|
|
74
76
|
refute session.new_session?
|
|
75
77
|
session = UserSession.find
|
|
76
78
|
assert session
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "test_helper"
|
|
2
4
|
|
|
3
5
|
module SessionTest
|
|
4
6
|
class UnauthorizedRecordTest < ActiveSupport::TestCase
|
|
@@ -7,7 +9,7 @@ module SessionTest
|
|
|
7
9
|
session = UserSession.new
|
|
8
10
|
session.credentials = [ben]
|
|
9
11
|
assert_equal ben, session.unauthorized_record
|
|
10
|
-
assert_equal({ :
|
|
12
|
+
assert_equal({ unauthorized_record: "<protected>" }, session.credentials)
|
|
11
13
|
end
|
|
12
14
|
end
|
|
13
15
|
end
|