authlogic 3.8.0 → 6.0.0

data/test/session_test/active_record_trickery_test.rb

@@ -1,75 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module ActiveRecordTrickeryTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      i_suck_and_my_tests_are_order_dependent! # If test_human_name is executed after test_i18n_of_human_name the test will fail.
-
-      def test_human_attribute_name
-        assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
-        assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
-      end
-
-      def test_human_name
-        assert_equal "Usersession", UserSession.human_name
-      end
-
-      def test_i18n_of_human_name
-        I18n.backend.store_translations 'en', :authlogic => { :models => { :user_session => "MySession" } }
-        assert_equal "MySession", UserSession.human_name
-      end
-
-      def test_i18n_of_model_name_human
-        I18n.backend.store_translations 'en', :authlogic => { :models => { :user_session => "MySession" } }
-        assert_equal "MySession", UserSession.model_name.human
-      end
-
-      def test_model_name
-        assert_equal "UserSession", UserSession.model_name.name
-        assert_equal "user_session", UserSession.model_name.singular
-        assert_equal "user_sessions", UserSession.model_name.plural
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_new_record
-        session = UserSession.new
-        assert session.new_record?
-      end
-
-      def test_to_key
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert_nil session.to_key
-
-        session.save
-        assert_not_nil session.to_key
-        assert_equal ben.to_key, session.to_key
-      end
-
-      def test_persisted
-        session = UserSession.new(users(:ben))
-        refute session.persisted?
-
-        session.save
-        assert session.persisted?
-
-        session.destroy
-        refute session.persisted?
-      end
-
-      def test_destroyed?
-        session = UserSession.create(users(:ben))
-        refute session.destroyed?
-
-        session.destroy
-        assert session.destroyed?
-      end
-
-      def test_to_model
-        session = UserSession.new
-        assert_equal session, session.to_model
-      end
-    end
-  end
-end

data/test/session_test/brute_force_protection_test.rb

@@ -1,108 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module BruteForceProtectionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_consecutive_failed_logins_limit
-        UserSession.consecutive_failed_logins_limit = 10
-        assert_equal 10, UserSession.consecutive_failed_logins_limit
-
-        UserSession.consecutive_failed_logins_limit 50
-        assert_equal 50, UserSession.consecutive_failed_logins_limit
-      end
-
-      def test_failed_login_ban_for
-        UserSession.failed_login_ban_for = 10
-        assert_equal 10, UserSession.failed_login_ban_for
-
-        UserSession.failed_login_ban_for 2.hours
-        assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_under_limit
-        ben = users(:ben)
-        ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
-        assert ben.save
-        session = UserSession.create(:login => ben.login, :password => "benrocks")
-        refute session.new_session?
-      end
-
-      def test_exceeded_limit
-        ben = users(:ben)
-        ben.failed_login_count = UserSession.consecutive_failed_logins_limit
-        assert ben.save
-        session = UserSession.create(:login => ben.login, :password => "benrocks")
-        assert session.new_session?
-        assert UserSession.create(ben).new_session?
-        ben.reload
-        ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
-        refute UserSession.create(ben).new_session?
-      end
-
-      def test_exceeding_failed_logins_limit
-        UserSession.consecutive_failed_logins_limit = 2
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          refute session.save
-          refute session.errors[:password].empty?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        session = UserSession.new(:login => ben.login, :password => "badpassword2")
-        refute session.save
-        assert session.errors[:password].empty?
-        assert_equal 3, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-      end
-
-      def test_exceeded_ban_for
-        UserSession.consecutive_failed_logins_limit = 2
-        UserSession.generalize_credentials_error_messages true
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          refute session.save
-          assert session.invalid_password?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        ActiveRecord::Base.connection.execute(
-          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
-        )
-        session = UserSession.new(:login => ben.login, :password => "benrocks")
-        assert session.save
-        assert_equal 0, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-        UserSession.generalize_credentials_error_messages false
-      end
-
-      def test_exceeded_ban_and_failed_doesnt_ban_again
-        UserSession.consecutive_failed_logins_limit = 2
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(:login => ben.login, :password => "badpassword1")
-          refute session.save
-          refute session.errors[:password].empty?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        ActiveRecord::Base.connection.execute(
-          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
-        )
-        session = UserSession.new(:login => ben.login, :password => "badpassword1")
-        refute session.save
-        assert_equal 1, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-      end
-    end
-  end
-end

data/test/session_test/callbacks_test.rb

@@ -1,34 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class CallbacksTest < ActiveSupport::TestCase
-    def setup
-     WackyUserSession.reset_callbacks(:persist)
-    end
-
-    def test_no_callbacks
-      assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 0, session.counter
-    end
-
-    def test_true_callback_cancelling_later_callbacks
-      WackyUserSession.persist :persist_by_true, :persist_by_false
-      assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
-
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 1, session.counter
-    end
-
-    def test_false_callback_continuing_to_later_callbacks
-      WackyUserSession.persist :persist_by_false, :persist_by_true
-      assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
-
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 2, session.counter
-    end
-  end
-end

data/test/session_test/cookies_test.rb

@@ -1,201 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module CookiesTest
-    class ConfiTest < ActiveSupport::TestCase
-      def test_cookie_key
-        UserSession.cookie_key = "my_cookie_key"
-        assert_equal "my_cookie_key", UserSession.cookie_key
-
-        UserSession.cookie_key "user_credentials"
-        assert_equal "user_credentials", UserSession.cookie_key
-      end
-
-      def test_default_cookie_key
-        assert_equal "user_credentials", UserSession.cookie_key
-        assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
-      end
-
-      def test_remember_me
-        UserSession.remember_me = true
-        assert_equal true, UserSession.remember_me
-        session = UserSession.new
-        assert_equal true, session.remember_me
-
-        UserSession.remember_me false
-        assert_equal false, UserSession.remember_me
-        session = UserSession.new
-        assert_equal false, session.remember_me
-      end
-
-      def test_remember_me_for
-        UserSession.remember_me_for = 3.years
-        assert_equal 3.years, UserSession.remember_me_for
-        session = UserSession.new
-        session.remember_me = true
-        assert_equal 3.years, session.remember_me_for
-
-        UserSession.remember_me_for 3.months
-        assert_equal 3.months, UserSession.remember_me_for
-        session = UserSession.new
-        session.remember_me = true
-        assert_equal 3.months, session.remember_me_for
-      end
-
-      def test_secure
-        UserSession.secure = true
-        assert_equal true, UserSession.secure
-        session = UserSession.new
-        assert_equal true, session.secure
-
-        UserSession.secure false
-        assert_equal false, UserSession.secure
-        session = UserSession.new
-        assert_equal false, session.secure
-      end
-
-      def test_httponly
-        UserSession.httponly = true
-        assert_equal true, UserSession.httponly
-        session = UserSession.new
-        assert_equal true, session.httponly
-
-        UserSession.httponly false
-        assert_equal false, UserSession.httponly
-        session = UserSession.new
-        assert_equal false, session.httponly
-      end
-
-      def test_sign_cookie
-        UserSession.sign_cookie = true
-        assert_equal true, UserSession.sign_cookie
-        session = UserSession.new
-        assert_equal true, session.sign_cookie
-
-        UserSession.sign_cookie false
-        assert_equal false, UserSession.sign_cookie
-        session = UserSession.new
-        assert_equal false, session.sign_cookie
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_credentials
-        session = UserSession.new
-        session.credentials = { :remember_me => true }
-        assert_equal true, session.remember_me
-      end
-
-      def test_remember_me
-        session = UserSession.new
-        assert_equal false, session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = false
-        assert_equal false, session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = true
-        assert_equal true, session.remember_me
-        assert session.remember_me?
-
-        session.remember_me = nil
-        assert_nil session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = "1"
-        assert_equal "1", session.remember_me
-        assert session.remember_me?
-
-        session.remember_me = "true"
-        assert_equal "true", session.remember_me
-        assert session.remember_me?
-      end
-
-      def test_remember_me_until
-        session = UserSession.new
-        assert_nil session.remember_me_until
-
-        session.remember_me = true
-        assert 3.months.from_now <= session.remember_me_until
-      end
-
-      def test_persist_persist_by_cookie
-        ben = users(:ben)
-        refute UserSession.find
-        set_cookie_for(ben)
-        assert session = UserSession.find
-        assert_equal ben, session.record
-      end
-
-      def test_persist_persist_by_cookie_with_blank_persistence_token
-        ben = users(:ben)
-        ben.update_column(:persistence_token, "")
-        refute UserSession.find
-        set_cookie_for(ben)
-        refute UserSession.find
-      end
-
-      def test_remember_me_expired
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        session.remember_me = true
-        assert session.save
-        refute session.remember_me_expired?
-
-        session = UserSession.new(ben)
-        session.remember_me = false
-        assert session.save
-        refute session.remember_me_expired?
-      end
-
-      def test_after_save_save_cookie
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert session.save
-        assert_equal(
-          "#{ben.persistence_token}::#{ben.id}",
-          controller.cookies["user_credentials"]
-        )
-      end
-
-      def test_after_save_save_cookie_signed
-        ben = users(:ben)
-
-        assert_nil controller.cookies["user_credentials"]
-        payload = "#{ben.persistence_token}::#{ben.id}"
-
-        session = UserSession.new(ben)
-        session.sign_cookie = true
-        assert session.save
-        assert_equal payload, controller.cookies.signed["user_credentials"]
-        assert_equal(
-          "#{payload}--#{Digest::SHA1.hexdigest payload}",
-          controller.cookies.signed.parent_jar["user_credentials"]
-        )
-      end
-
-      def test_after_save_save_cookie_with_remember_me
-        Timecop.freeze do
-          ben = users(:ben)
-          session = UserSession.new(ben)
-          session.remember_me = true
-          assert session.save
-          assert_equal(
-            "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
-            controller.cookies["user_credentials"]
-          )
-        end
-      end
-
-      def test_after_destroy_destroy_cookie
-        ben = users(:ben)
-        set_cookie_for(ben)
-        session = UserSession.find
-        assert controller.cookies["user_credentials"]
-        assert session.destroy
-        refute controller.cookies["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/existence_test.rb

@@ -1,75 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module ExistenceTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      def test_create_with_good_credentials
-        ben = users(:ben)
-        session = UserSession.create(:login => ben.login, :password => "benrocks")
-        refute session.new_session?
-      end
-
-      def test_create_with_bad_credentials
-        session = UserSession.create(:login => "somelogin", :password => "badpw2")
-        assert session.new_session?
-      end
-
-      def test_create_bang
-        ben = users(:ben)
-        err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
-          UserSession.create!(:login => ben.login, :password => "badpw")
-        end
-        assert_includes err.message, "Password is not valid"
-        refute UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_new_session
-        session = UserSession.new
-        assert session.new_session?
-
-        set_session_for(users(:ben))
-        session = UserSession.find
-        refute session.new_session?
-      end
-
-      def test_save_with_nothing
-        session = UserSession.new
-        refute session.save
-        assert session.new_session?
-      end
-
-      def test_save_with_block
-        session = UserSession.new
-        block_result = session.save do |result|
-          refute result
-        end
-        refute block_result
-        assert session.new_session?
-      end
-
-      def test_save_with_bang
-        session = UserSession.new
-        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
-
-        session.unauthorized_record = users(:ben)
-        assert_nothing_raised { session.save! }
-      end
-
-      def test_destroy
-        ben = users(:ben)
-        session = UserSession.new
-        refute session.valid?
-        refute session.errors.empty?
-        assert session.destroy
-        assert session.errors.empty?
-        session.unauthorized_record = ben
-        assert session.save
-        assert session.record
-        assert session.destroy
-        refute session.record
-      end
-    end
-  end
-end

data/test/session_test/foundation_test.rb

@@ -1,6 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class FoundationTest < ActiveSupport::TestCase
-  end
-end

data/test/session_test/http_auth_test.rb

@@ -1,56 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class HttpAuthTest < ActiveSupport::TestCase
-    class ConfiTest < ActiveSupport::TestCase
-      def test_allow_http_basic_auth
-        UserSession.allow_http_basic_auth = false
-        assert_equal false, UserSession.allow_http_basic_auth
-
-        UserSession.allow_http_basic_auth true
-        assert_equal true, UserSession.allow_http_basic_auth
-      end
-
-      def test_request_http_basic_auth
-        UserSession.request_http_basic_auth = true
-        assert_equal true, UserSession.request_http_basic_auth
-
-        UserSession.request_http_basic_auth = false
-        assert_equal false, UserSession.request_http_basic_auth
-      end
-
-      def test_http_basic_auth_realm
-        assert_equal 'Application', UserSession.http_basic_auth_realm
-        UserSession.http_basic_auth_realm = 'TestRealm'
-        assert_equal 'TestRealm', UserSession.http_basic_auth_realm
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_http_auth
-        aaron = users(:aaron)
-        http_basic_auth_for do
-          refute UserSession.find
-        end
-        http_basic_auth_for(aaron) do
-          assert session = UserSession.find
-          assert_equal aaron, session.record
-          assert_equal aaron.login, session.login
-          assert_equal "aaronrocks", session.send(:protected_password)
-          refute controller.http_auth_requested?
-        end
-        unset_session
-        UserSession.request_http_basic_auth = true
-        UserSession.http_basic_auth_realm = 'PersistTestRealm'
-        http_basic_auth_for(aaron) do
-          assert session = UserSession.find
-          assert_equal aaron, session.record
-          assert_equal aaron.login, session.login
-          assert_equal "aaronrocks", session.send(:protected_password)
-          assert_equal 'PersistTestRealm', controller.realm
-          assert controller.http_auth_requested?
-        end
-      end
-    end
-  end
-end

data/test/session_test/id_test.rb

@@ -1,17 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class IdTest < ActiveSupport::TestCase
-    def test_credentials
-      session = UserSession.new
-      session.credentials = [:my_id]
-      assert_equal :my_id, session.id
-    end
-
-    def test_id
-      session = UserSession.new
-      session.id = :my_id
-      assert_equal :my_id, session.id
-    end
-  end
-end

data/test/session_test/klass_test.rb

@@ -1,40 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module KlassTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_authenticate_with
-        UserSession.authenticate_with = Employee
-        assert_equal "Employee", UserSession.klass_name
-        assert_equal Employee, UserSession.klass
-
-        UserSession.authenticate_with User
-        assert_equal "User", UserSession.klass_name
-        assert_equal User, UserSession.klass
-      end
-
-      def test_klass
-        assert_equal User, UserSession.klass
-      end
-
-      def test_klass_name
-        assert_equal "User", UserSession.klass_name
-      end
-
-      def test_klass_name_uses_custom_name
-        assert_equal "User", UserSession.klass_name
-        assert_equal "BackOfficeUser", BackOfficeUserSession.klass_name
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_record_method
-        ben = users(:ben)
-        set_session_for(ben)
-        session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben, session.user
-      end
-    end
-  end
-end

data/test/session_test/magic_columns_test.rb

@@ -1,62 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module MagicColumnsTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_last_request_at_threshold_config
-        UserSession.last_request_at_threshold = 2.minutes
-        assert_equal 2.minutes, UserSession.last_request_at_threshold
-
-        UserSession.last_request_at_threshold 0
-        assert_equal 0, UserSession.last_request_at_threshold
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_after_persisting_set_last_request_at
-        ben = users(:ben)
-        refute UserSession.create(ben).new_session?
-
-        set_cookie_for(ben)
-        old_last_request_at = ben.last_request_at
-        assert UserSession.find
-        ben.reload
-        assert ben.last_request_at != old_last_request_at
-      end
-
-      def test_valid_increase_failed_login_count
-        ben = users(:ben)
-        old_failed_login_count = ben.failed_login_count
-        session = UserSession.create(:login => ben.login, :password => "wrong")
-        assert session.new_session?
-        ben.reload
-        assert_equal old_failed_login_count + 1, ben.failed_login_count
-      end
-
-      def test_before_save_update_info
-        aaron = users(:aaron)
-
-        # increase failed login count
-        session = UserSession.create(:login => aaron.login, :password => "wrong")
-        assert session.new_session?
-        aaron.reload
-
-        # grab old values
-        old_login_count = aaron.login_count
-        old_current_login_at = aaron.current_login_at
-        old_current_login_ip = aaron.current_login_ip
-
-        session = UserSession.create(:login => aaron.login, :password => "aaronrocks")
-        assert session.valid?
-
-        aaron.reload
-        assert_equal old_login_count + 1, aaron.login_count
-        assert_equal 0, aaron.failed_login_count
-        assert_equal old_current_login_at, aaron.last_login_at
-        assert aaron.current_login_at != old_current_login_at
-        assert_equal old_current_login_ip, aaron.last_login_ip
-        assert_equal "1.1.1.1", aaron.current_login_ip
-      end
-    end
-  end
-end