authlogic 3.8.0 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/authlogic/acts_as_authentic/base.rb +33 -36
- data/lib/authlogic/acts_as_authentic/email.rb +8 -141
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +17 -10
- data/lib/authlogic/acts_as_authentic/login.rb +14 -165
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +13 -10
- data/lib/authlogic/acts_as_authentic/password.rb +186 -254
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +30 -22
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +19 -18
- data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb +53 -0
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +83 -0
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +94 -62
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +28 -14
- data/lib/authlogic/config.rb +29 -10
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +43 -13
- data/lib/authlogic/controller_adapters/rack_adapter.rb +11 -5
- data/lib/authlogic/controller_adapters/rails_adapter.rb +11 -29
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +8 -2
- data/lib/authlogic/cookie_credentials.rb +63 -0
- data/lib/authlogic/crypto_providers/bcrypt.rb +24 -18
- data/lib/authlogic/crypto_providers/md5/v2.rb +35 -0
- data/lib/authlogic/crypto_providers/md5.rb +8 -6
- data/lib/authlogic/crypto_providers/scrypt.rb +24 -17
- data/lib/authlogic/crypto_providers/sha1/v2.rb +41 -0
- data/lib/authlogic/crypto_providers/sha1.rb +12 -5
- data/lib/authlogic/crypto_providers/sha256/v2.rb +58 -0
- data/lib/authlogic/crypto_providers/sha256.rb +18 -9
- data/lib/authlogic/crypto_providers/sha512/v2.rb +39 -0
- data/lib/authlogic/crypto_providers/sha512.rb +9 -26
- data/lib/authlogic/crypto_providers.rb +77 -1
- data/lib/authlogic/errors.rb +35 -0
- data/lib/authlogic/i18n/translator.rb +4 -1
- data/lib/authlogic/i18n.rb +29 -20
- data/lib/authlogic/random.rb +12 -28
- data/lib/authlogic/session/base.rb +2087 -33
- data/lib/authlogic/session/magic_column/assigns_last_request_at.rb +46 -0
- data/lib/authlogic/test_case/mock_controller.rb +7 -4
- data/lib/authlogic/test_case/mock_cookie_jar.rb +19 -3
- data/lib/authlogic/test_case/mock_logger.rb +2 -0
- data/lib/authlogic/test_case/mock_request.rb +8 -3
- data/lib/authlogic/test_case/rails_request_adapter.rb +5 -2
- data/lib/authlogic/test_case.rb +74 -2
- data/lib/authlogic/version.rb +22 -0
- data/lib/authlogic.rb +33 -54
- metadata +208 -234
- data/.github/ISSUE_TEMPLATE.md +0 -13
- data/.gitignore +0 -14
- data/.rubocop.yml +0 -33
- data/.rubocop_todo.yml +0 -391
- data/.travis.yml +0 -48
- data/CHANGELOG.md +0 -5
- data/CONTRIBUTING.md +0 -60
- data/Gemfile +0 -5
- data/LICENSE +0 -20
- data/README.md +0 -294
- data/Rakefile +0 -21
- data/authlogic.gemspec +0 -27
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +0 -70
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +0 -32
- data/lib/authlogic/authenticates_many/association.rb +0 -50
- data/lib/authlogic/authenticates_many/base.rb +0 -65
- data/lib/authlogic/crypto_providers/aes256.rb +0 -66
- data/lib/authlogic/crypto_providers/wordpress.rb +0 -43
- data/lib/authlogic/regex.rb +0 -48
- data/lib/authlogic/session/activation.rb +0 -70
- data/lib/authlogic/session/active_record_trickery.rb +0 -61
- data/lib/authlogic/session/brute_force_protection.rb +0 -120
- data/lib/authlogic/session/callbacks.rb +0 -105
- data/lib/authlogic/session/cookies.rb +0 -244
- data/lib/authlogic/session/existence.rb +0 -93
- data/lib/authlogic/session/foundation.rb +0 -55
- data/lib/authlogic/session/http_auth.rb +0 -100
- data/lib/authlogic/session/id.rb +0 -48
- data/lib/authlogic/session/klass.rb +0 -70
- data/lib/authlogic/session/magic_columns.rb +0 -116
- data/lib/authlogic/session/magic_states.rb +0 -76
- data/lib/authlogic/session/params.rb +0 -116
- data/lib/authlogic/session/password.rb +0 -308
- data/lib/authlogic/session/perishable_token.rb +0 -23
- data/lib/authlogic/session/persistence.rb +0 -71
- data/lib/authlogic/session/priority_record.rb +0 -35
- data/lib/authlogic/session/scopes.rb +0 -119
- data/lib/authlogic/session/session.rb +0 -67
- data/lib/authlogic/session/timeout.rb +0 -103
- data/lib/authlogic/session/unauthorized_record.rb +0 -51
- data/lib/authlogic/session/validation.rb +0 -93
- data/test/acts_as_authentic_test/base_test.rb +0 -25
- data/test/acts_as_authentic_test/email_test.rb +0 -240
- data/test/acts_as_authentic_test/logged_in_status_test.rb +0 -62
- data/test/acts_as_authentic_test/login_test.rb +0 -156
- data/test/acts_as_authentic_test/magic_columns_test.rb +0 -27
- data/test/acts_as_authentic_test/password_test.rb +0 -249
- data/test/acts_as_authentic_test/perishable_token_test.rb +0 -90
- data/test/acts_as_authentic_test/persistence_token_test.rb +0 -56
- data/test/acts_as_authentic_test/restful_authentication_test.rb +0 -37
- data/test/acts_as_authentic_test/session_maintenance_test.rb +0 -96
- data/test/acts_as_authentic_test/single_access_test.rb +0 -44
- data/test/authenticates_many_test.rb +0 -31
- data/test/config_test.rb +0 -36
- data/test/crypto_provider_test/aes256_test.rb +0 -14
- data/test/crypto_provider_test/bcrypt_test.rb +0 -14
- data/test/crypto_provider_test/scrypt_test.rb +0 -14
- data/test/crypto_provider_test/sha1_test.rb +0 -23
- data/test/crypto_provider_test/sha256_test.rb +0 -14
- data/test/crypto_provider_test/sha512_test.rb +0 -14
- data/test/fixtures/companies.yml +0 -5
- data/test/fixtures/employees.yml +0 -17
- data/test/fixtures/projects.yml +0 -3
- data/test/fixtures/users.yml +0 -41
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-5.0.x +0 -6
- data/test/gemfiles/Gemfile.rails-5.1.x +0 -6
- data/test/gemfiles/Gemfile.rails-5.2.x +0 -6
- data/test/i18n/lol.yml +0 -4
- data/test/i18n_test.rb +0 -33
- data/test/libs/affiliate.rb +0 -7
- data/test/libs/company.rb +0 -6
- data/test/libs/employee.rb +0 -7
- data/test/libs/employee_session.rb +0 -2
- data/test/libs/ldaper.rb +0 -3
- data/test/libs/project.rb +0 -3
- data/test/libs/user.rb +0 -7
- data/test/libs/user_session.rb +0 -25
- data/test/random_test.rb +0 -43
- data/test/session_test/activation_test.rb +0 -43
- data/test/session_test/active_record_trickery_test.rb +0 -75
- data/test/session_test/brute_force_protection_test.rb +0 -108
- data/test/session_test/callbacks_test.rb +0 -34
- data/test/session_test/cookies_test.rb +0 -201
- data/test/session_test/credentials_test.rb +0 -0
- data/test/session_test/existence_test.rb +0 -75
- data/test/session_test/foundation_test.rb +0 -6
- data/test/session_test/http_auth_test.rb +0 -56
- data/test/session_test/id_test.rb +0 -17
- data/test/session_test/klass_test.rb +0 -40
- data/test/session_test/magic_columns_test.rb +0 -62
- data/test/session_test/magic_states_test.rb +0 -58
- data/test/session_test/params_test.rb +0 -53
- data/test/session_test/password_test.rb +0 -105
- data/test/session_test/perishability_test.rb +0 -15
- data/test/session_test/persistence_test.rb +0 -32
- data/test/session_test/scopes_test.rb +0 -60
- data/test/session_test/session_test.rb +0 -78
- data/test/session_test/timeout_test.rb +0 -82
- data/test/session_test/unauthorized_record_test.rb +0 -13
- data/test/session_test/validation_test.rb +0 -23
- data/test/test_helper.rb +0 -233
@@ -1,58 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
module SessionTest
|
5
|
-
class ConfigTest < ActiveSupport::TestCase
|
6
|
-
def test_disable_magic_states_config
|
7
|
-
UserSession.disable_magic_states = true
|
8
|
-
assert_equal true, UserSession.disable_magic_states
|
9
|
-
|
10
|
-
UserSession.disable_magic_states false
|
11
|
-
assert_equal false, UserSession.disable_magic_states
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
class InstanceMethodsTest < ActiveSupport::TestCase
|
16
|
-
def test_disabling_magic_states
|
17
|
-
UserSession.disable_magic_states = true
|
18
|
-
ben = users(:ben)
|
19
|
-
ben.update_attribute(:active, false)
|
20
|
-
refute UserSession.create(ben).new_session?
|
21
|
-
UserSession.disable_magic_states = false
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_validate_validate_magic_states_active
|
25
|
-
session = UserSession.new
|
26
|
-
ben = users(:ben)
|
27
|
-
session.unauthorized_record = ben
|
28
|
-
assert session.valid?
|
29
|
-
|
30
|
-
ben.update_attribute(:active, false)
|
31
|
-
refute session.valid?
|
32
|
-
refute session.errors[:base].empty?
|
33
|
-
end
|
34
|
-
|
35
|
-
def test_validate_validate_magic_states_approved
|
36
|
-
session = UserSession.new
|
37
|
-
ben = users(:ben)
|
38
|
-
session.unauthorized_record = ben
|
39
|
-
assert session.valid?
|
40
|
-
|
41
|
-
ben.update_attribute(:approved, false)
|
42
|
-
refute session.valid?
|
43
|
-
refute session.errors[:base].empty?
|
44
|
-
end
|
45
|
-
|
46
|
-
def test_validate_validate_magic_states_confirmed
|
47
|
-
session = UserSession.new
|
48
|
-
ben = users(:ben)
|
49
|
-
session.unauthorized_record = ben
|
50
|
-
assert session.valid?
|
51
|
-
|
52
|
-
ben.update_attribute(:confirmed, false)
|
53
|
-
refute session.valid?
|
54
|
-
refute session.errors[:base].empty?
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
@@ -1,53 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
module ParamsTest
|
5
|
-
class ConfigTest < ActiveSupport::TestCase
|
6
|
-
def test_params_key
|
7
|
-
UserSession.params_key = "my_params_key"
|
8
|
-
assert_equal "my_params_key", UserSession.params_key
|
9
|
-
|
10
|
-
UserSession.params_key "user_credentials"
|
11
|
-
assert_equal "user_credentials", UserSession.params_key
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_single_access_allowed_request_types
|
15
|
-
UserSession.single_access_allowed_request_types = ["my request type"]
|
16
|
-
assert_equal ["my request type"], UserSession.single_access_allowed_request_types
|
17
|
-
|
18
|
-
UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
|
19
|
-
assert_equal ["application/rss+xml", "application/atom+xml"], UserSession.single_access_allowed_request_types
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
class InstanceMethodsTest < ActiveSupport::TestCase
|
24
|
-
def test_persist_persist_by_params
|
25
|
-
ben = users(:ben)
|
26
|
-
session = UserSession.new
|
27
|
-
|
28
|
-
refute session.persisting?
|
29
|
-
set_params_for(ben)
|
30
|
-
|
31
|
-
refute session.persisting?
|
32
|
-
refute session.unauthorized_record
|
33
|
-
refute session.record
|
34
|
-
assert_nil controller.session["user_credentials"]
|
35
|
-
|
36
|
-
set_request_content_type("text/plain")
|
37
|
-
refute session.persisting?
|
38
|
-
refute session.unauthorized_record
|
39
|
-
assert_nil controller.session["user_credentials"]
|
40
|
-
|
41
|
-
set_request_content_type("application/atom+xml")
|
42
|
-
assert session.persisting?
|
43
|
-
assert_equal ben, session.record
|
44
|
-
assert_nil controller.session["user_credentials"] # should not persist since this is single access
|
45
|
-
|
46
|
-
set_request_content_type("application/rss+xml")
|
47
|
-
assert session.persisting?
|
48
|
-
assert_equal ben, session.unauthorized_record
|
49
|
-
assert_nil controller.session["user_credentials"]
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
@@ -1,105 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
module PasswordTest
|
5
|
-
class ConfigTest < ActiveSupport::TestCase
|
6
|
-
def test_find_by_login_method
|
7
|
-
UserSession.find_by_login_method = "my_login_method"
|
8
|
-
assert_equal "my_login_method", UserSession.find_by_login_method
|
9
|
-
|
10
|
-
UserSession.find_by_login_method "find_by_login"
|
11
|
-
assert_equal "find_by_login", UserSession.find_by_login_method
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_verify_password_method
|
15
|
-
UserSession.verify_password_method = "my_login_method"
|
16
|
-
assert_equal "my_login_method", UserSession.verify_password_method
|
17
|
-
|
18
|
-
UserSession.verify_password_method "valid_password?"
|
19
|
-
assert_equal "valid_password?", UserSession.verify_password_method
|
20
|
-
end
|
21
|
-
|
22
|
-
def test_generalize_credentials_error_mesages_set_to_false
|
23
|
-
UserSession.generalize_credentials_error_messages false
|
24
|
-
refute UserSession.generalize_credentials_error_messages
|
25
|
-
session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
|
26
|
-
assert_equal ["Password is not valid"], session.errors.full_messages
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_generalize_credentials_error_messages_set_to_true
|
30
|
-
UserSession.generalize_credentials_error_messages true
|
31
|
-
assert UserSession.generalize_credentials_error_messages
|
32
|
-
session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
|
33
|
-
assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_generalize_credentials_error_messages_set_to_string
|
37
|
-
UserSession.generalize_credentials_error_messages = "Custom Error Message"
|
38
|
-
assert UserSession.generalize_credentials_error_messages
|
39
|
-
session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
|
40
|
-
assert_equal ["Custom Error Message"], session.errors.full_messages
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_login_field
|
44
|
-
UserSession.configured_password_methods = false
|
45
|
-
UserSession.login_field = :saweet
|
46
|
-
assert_equal :saweet, UserSession.login_field
|
47
|
-
session = UserSession.new
|
48
|
-
assert session.respond_to?(:saweet)
|
49
|
-
|
50
|
-
UserSession.login_field :login
|
51
|
-
assert_equal :login, UserSession.login_field
|
52
|
-
session = UserSession.new
|
53
|
-
assert session.respond_to?(:login)
|
54
|
-
end
|
55
|
-
|
56
|
-
def test_password_field
|
57
|
-
UserSession.configured_password_methods = false
|
58
|
-
UserSession.password_field = :saweet
|
59
|
-
assert_equal :saweet, UserSession.password_field
|
60
|
-
session = UserSession.new
|
61
|
-
assert session.respond_to?(:saweet)
|
62
|
-
|
63
|
-
UserSession.password_field :password
|
64
|
-
assert_equal :password, UserSession.password_field
|
65
|
-
session = UserSession.new
|
66
|
-
assert session.respond_to?(:password)
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
class InstanceMethodsTest < ActiveSupport::TestCase
|
71
|
-
def test_init
|
72
|
-
session = UserSession.new
|
73
|
-
assert session.respond_to?(:login)
|
74
|
-
assert session.respond_to?(:login=)
|
75
|
-
assert session.respond_to?(:password)
|
76
|
-
assert session.respond_to?(:password=)
|
77
|
-
assert session.respond_to?(:protected_password, true)
|
78
|
-
end
|
79
|
-
|
80
|
-
def test_credentials
|
81
|
-
session = UserSession.new
|
82
|
-
session.credentials = { :login => "login", :password => "pass" }
|
83
|
-
assert_equal "login", session.login
|
84
|
-
assert_nil session.password
|
85
|
-
assert_equal "pass", session.send(:protected_password)
|
86
|
-
assert_equal({ :password => "<protected>", :login => "login" }, session.credentials)
|
87
|
-
end
|
88
|
-
|
89
|
-
def test_credentials_are_params_safe
|
90
|
-
session = UserSession.new
|
91
|
-
assert_nothing_raised { session.credentials = { :hacker_method => "error!" } }
|
92
|
-
end
|
93
|
-
|
94
|
-
def test_save_with_credentials
|
95
|
-
aaron = users(:aaron)
|
96
|
-
session = UserSession.new(:login => aaron.login, :password => "aaronrocks")
|
97
|
-
assert session.save
|
98
|
-
refute session.new_session?
|
99
|
-
assert_equal 1, session.record.login_count
|
100
|
-
assert Time.now >= session.record.current_login_at
|
101
|
-
assert_equal "1.1.1.1", session.record.current_login_ip
|
102
|
-
end
|
103
|
-
end
|
104
|
-
end
|
105
|
-
end
|
@@ -1,15 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
class PerishabilityTest < ActiveSupport::TestCase
|
5
|
-
def test_after_save
|
6
|
-
ben = users(:ben)
|
7
|
-
old_perishable_token = ben.perishable_token
|
8
|
-
UserSession.create(ben)
|
9
|
-
assert_not_equal old_perishable_token, ben.perishable_token
|
10
|
-
|
11
|
-
drew = employees(:drew)
|
12
|
-
refute UserSession.create(drew).new_session?
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
class PersistenceTest < ActiveSupport::TestCase
|
5
|
-
def test_find
|
6
|
-
aaron = users(:aaron)
|
7
|
-
refute UserSession.find
|
8
|
-
http_basic_auth_for(aaron) { assert UserSession.find }
|
9
|
-
set_cookie_for(aaron)
|
10
|
-
assert UserSession.find
|
11
|
-
unset_cookie
|
12
|
-
set_session_for(aaron)
|
13
|
-
session = UserSession.find
|
14
|
-
assert session
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_persisting
|
18
|
-
# tested thoroughly in test_find
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_should_set_remember_me_on_the_next_request
|
22
|
-
aaron = users(:aaron)
|
23
|
-
session = UserSession.new(aaron)
|
24
|
-
session.remember_me = true
|
25
|
-
refute UserSession.remember_me
|
26
|
-
assert session.save
|
27
|
-
assert session.remember_me?
|
28
|
-
session = UserSession.find(aaron)
|
29
|
-
assert session.remember_me?
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
@@ -1,60 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
class ScopesTest < ActiveSupport::TestCase
|
5
|
-
def test_scope_method
|
6
|
-
assert_nil Authlogic::Session::Base.scope
|
7
|
-
|
8
|
-
thread1 = Thread.new do
|
9
|
-
scope = { :id => :scope1 }
|
10
|
-
Authlogic::Session::Base.send(:scope=, scope)
|
11
|
-
assert_equal scope, Authlogic::Session::Base.scope
|
12
|
-
end
|
13
|
-
thread1.join
|
14
|
-
|
15
|
-
assert_nil Authlogic::Session::Base.scope
|
16
|
-
|
17
|
-
thread2 = Thread.new do
|
18
|
-
scope = { :id => :scope2 }
|
19
|
-
Authlogic::Session::Base.send(:scope=, scope)
|
20
|
-
assert_equal scope, Authlogic::Session::Base.scope
|
21
|
-
end
|
22
|
-
thread2.join
|
23
|
-
|
24
|
-
assert_nil Authlogic::Session::Base.scope
|
25
|
-
end
|
26
|
-
|
27
|
-
def test_with_scope_method
|
28
|
-
assert_raise(ArgumentError) { UserSession.with_scope }
|
29
|
-
|
30
|
-
UserSession.with_scope(:find_options => { :conditions => "awesome = 1" }, :id => "some_id") do
|
31
|
-
assert_equal({ :find_options => { :conditions => "awesome = 1" }, :id => "some_id" }, UserSession.scope)
|
32
|
-
end
|
33
|
-
|
34
|
-
assert_nil UserSession.scope
|
35
|
-
end
|
36
|
-
|
37
|
-
def test_initialize
|
38
|
-
UserSession.with_scope(:find_options => { :conditions => "awesome = 1" }, :id => "some_id") do
|
39
|
-
session = UserSession.new
|
40
|
-
assert_equal({ :find_options => { :conditions => "awesome = 1" }, :id => "some_id" }, session.scope)
|
41
|
-
session.id = :another_id
|
42
|
-
assert_equal "another_id_some_id_test", session.send(:build_key, "test")
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
def test_search_for_record_with_scopes
|
47
|
-
binary_logic = companies(:binary_logic)
|
48
|
-
ben = users(:ben)
|
49
|
-
zack = users(:zack)
|
50
|
-
|
51
|
-
session = UserSession.new
|
52
|
-
assert_equal zack, session.send(:search_for_record, "find_by_login", zack.login)
|
53
|
-
|
54
|
-
session.scope = { :find_options => { :conditions => ["company_id = ?", binary_logic.id] } }
|
55
|
-
assert_nil session.send(:search_for_record, "find_by_login", zack.login)
|
56
|
-
|
57
|
-
assert_equal ben, session.send(:search_for_record, "find_by_login", ben.login)
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
@@ -1,78 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
module SessionTest
|
5
|
-
class ConfigTest < ActiveSupport::TestCase
|
6
|
-
def test_session_key
|
7
|
-
UserSession.session_key = "my_session_key"
|
8
|
-
assert_equal "my_session_key", UserSession.session_key
|
9
|
-
|
10
|
-
UserSession.session_key "user_credentials"
|
11
|
-
assert_equal "user_credentials", UserSession.session_key
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
class InstanceMethodsTest < ActiveSupport::TestCase
|
16
|
-
def test_persist_persist_by_session
|
17
|
-
ben = users(:ben)
|
18
|
-
set_session_for(ben)
|
19
|
-
assert session = UserSession.find
|
20
|
-
assert_equal ben, session.record
|
21
|
-
assert_equal ben.persistence_token, controller.session["user_credentials"]
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_persist_persist_by_session_with_session_fixation_attack
|
25
|
-
ben = users(:ben)
|
26
|
-
controller.session["user_credentials"] = 'neo'
|
27
|
-
controller.session["user_credentials_id"] = {
|
28
|
-
:select => " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
|
29
|
-
}
|
30
|
-
@user_session = UserSession.find
|
31
|
-
assert @user_session.blank?
|
32
|
-
end
|
33
|
-
|
34
|
-
def test_persist_persist_by_session_with_sql_injection_attack
|
35
|
-
controller.session["user_credentials"] = { :select => "ABRA CADABRA" }
|
36
|
-
controller.session["user_credentials_id"] = nil
|
37
|
-
assert_nothing_raised do
|
38
|
-
@user_session = UserSession.find
|
39
|
-
end
|
40
|
-
assert @user_session.blank?
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_persist_persist_by_session_with_token_only
|
44
|
-
ben = users(:ben)
|
45
|
-
set_session_for(ben)
|
46
|
-
controller.session["user_credentials_id"] = nil
|
47
|
-
session = UserSession.find
|
48
|
-
assert_equal ben, session.record
|
49
|
-
assert_equal ben.persistence_token, controller.session["user_credentials"]
|
50
|
-
end
|
51
|
-
|
52
|
-
def test_after_save_update_session
|
53
|
-
ben = users(:ben)
|
54
|
-
session = UserSession.new(ben)
|
55
|
-
assert controller.session["user_credentials"].blank?
|
56
|
-
assert session.save
|
57
|
-
assert_equal ben.persistence_token, controller.session["user_credentials"]
|
58
|
-
end
|
59
|
-
|
60
|
-
def test_after_destroy_update_session
|
61
|
-
ben = users(:ben)
|
62
|
-
set_session_for(ben)
|
63
|
-
assert_equal ben.persistence_token, controller.session["user_credentials"]
|
64
|
-
assert session = UserSession.find
|
65
|
-
assert session.destroy
|
66
|
-
assert controller.session["user_credentials"].blank?
|
67
|
-
end
|
68
|
-
|
69
|
-
def test_after_persisting_update_session
|
70
|
-
ben = users(:ben)
|
71
|
-
set_cookie_for(ben)
|
72
|
-
assert controller.session["user_credentials"].blank?
|
73
|
-
assert UserSession.find
|
74
|
-
assert_equal ben.persistence_token, controller.session["user_credentials"]
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
@@ -1,82 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
module TimeoutTest
|
5
|
-
class ConfigTest < ActiveSupport::TestCase
|
6
|
-
def test_logout_on_timeout
|
7
|
-
UserSession.logout_on_timeout = true
|
8
|
-
assert UserSession.logout_on_timeout
|
9
|
-
|
10
|
-
UserSession.logout_on_timeout false
|
11
|
-
refute UserSession.logout_on_timeout
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
class InstanceMethods < ActiveSupport::TestCase
|
16
|
-
def test_stale_state
|
17
|
-
UserSession.logout_on_timeout = true
|
18
|
-
ben = users(:ben)
|
19
|
-
ben.last_request_at = 3.years.ago
|
20
|
-
ben.save
|
21
|
-
set_session_for(ben)
|
22
|
-
|
23
|
-
session = UserSession.new
|
24
|
-
assert session.persisting?
|
25
|
-
assert session.stale?
|
26
|
-
assert_equal ben, session.stale_record
|
27
|
-
assert_nil session.record
|
28
|
-
assert_nil controller.session["user_credentials_id"]
|
29
|
-
|
30
|
-
set_session_for(ben)
|
31
|
-
|
32
|
-
ben.last_request_at = Time.now
|
33
|
-
ben.save
|
34
|
-
|
35
|
-
assert session.persisting?
|
36
|
-
refute session.stale?
|
37
|
-
assert_nil session.stale_record
|
38
|
-
|
39
|
-
UserSession.logout_on_timeout = false
|
40
|
-
end
|
41
|
-
|
42
|
-
def test_should_be_stale_with_expired_remember_date
|
43
|
-
UserSession.logout_on_timeout = true
|
44
|
-
UserSession.remember_me = true
|
45
|
-
UserSession.remember_me_for = 3.months
|
46
|
-
ben = users(:ben)
|
47
|
-
assert ben.save
|
48
|
-
session = UserSession.new(ben)
|
49
|
-
assert session.save
|
50
|
-
Timecop.freeze(Time.now + 4.month)
|
51
|
-
assert session.persisting?
|
52
|
-
assert session.stale?
|
53
|
-
UserSession.remember_me = false
|
54
|
-
end
|
55
|
-
|
56
|
-
def test_should_not_be_stale_with_valid_remember_date
|
57
|
-
UserSession.logout_on_timeout = true # Default is 10.minutes
|
58
|
-
UserSession.remember_me = true
|
59
|
-
UserSession.remember_me_for = 3.months
|
60
|
-
ben = users(:ben)
|
61
|
-
assert ben.save
|
62
|
-
session = UserSession.new(ben)
|
63
|
-
assert session.save
|
64
|
-
Timecop.freeze(Time.now + 2.months)
|
65
|
-
assert session.persisting?
|
66
|
-
refute session.stale?
|
67
|
-
UserSession.remember_me = false
|
68
|
-
end
|
69
|
-
|
70
|
-
def test_successful_login
|
71
|
-
UserSession.logout_on_timeout = true
|
72
|
-
ben = users(:ben)
|
73
|
-
session = UserSession.create(:login => ben.login, :password => "benrocks")
|
74
|
-
refute session.new_session?
|
75
|
-
session = UserSession.find
|
76
|
-
assert session
|
77
|
-
assert_equal ben, session.record
|
78
|
-
UserSession.logout_on_timeout = false
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
@@ -1,13 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
class UnauthorizedRecordTest < ActiveSupport::TestCase
|
5
|
-
def test_credentials
|
6
|
-
ben = users(:ben)
|
7
|
-
session = UserSession.new
|
8
|
-
session.credentials = [ben]
|
9
|
-
assert_equal ben, session.unauthorized_record
|
10
|
-
assert_equal({ :unauthorized_record => "<protected>" }, session.credentials)
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module SessionTest
|
4
|
-
class ValidationTest < ActiveSupport::TestCase
|
5
|
-
def test_errors
|
6
|
-
session = UserSession.new
|
7
|
-
assert session.errors.is_a?(Authlogic::Session::Validation::Errors)
|
8
|
-
end
|
9
|
-
|
10
|
-
def test_valid
|
11
|
-
session = UserSession.new
|
12
|
-
refute session.valid?
|
13
|
-
assert_nil session.record
|
14
|
-
assert session.errors.count > 0
|
15
|
-
|
16
|
-
ben = users(:ben)
|
17
|
-
session.unauthorized_record = ben
|
18
|
-
assert session.valid?
|
19
|
-
assert_equal ben, session.attempted_record
|
20
|
-
assert session.errors.empty?
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|