authlogic 3.8.0 → 6.0.0

data/test/session_test/magic_states_test.rb

@@ -1,58 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module SessionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_disable_magic_states_config
-        UserSession.disable_magic_states = true
-        assert_equal true, UserSession.disable_magic_states
-
-        UserSession.disable_magic_states false
-        assert_equal false, UserSession.disable_magic_states
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_disabling_magic_states
-        UserSession.disable_magic_states = true
-        ben = users(:ben)
-        ben.update_attribute(:active, false)
-        refute UserSession.create(ben).new_session?
-        UserSession.disable_magic_states = false
-      end
-
-      def test_validate_validate_magic_states_active
-        session = UserSession.new
-        ben = users(:ben)
-        session.unauthorized_record = ben
-        assert session.valid?
-
-        ben.update_attribute(:active, false)
-        refute session.valid?
-        refute session.errors[:base].empty?
-      end
-
-      def test_validate_validate_magic_states_approved
-        session = UserSession.new
-        ben = users(:ben)
-        session.unauthorized_record = ben
-        assert session.valid?
-
-        ben.update_attribute(:approved, false)
-        refute session.valid?
-        refute session.errors[:base].empty?
-      end
-
-      def test_validate_validate_magic_states_confirmed
-        session = UserSession.new
-        ben = users(:ben)
-        session.unauthorized_record = ben
-        assert session.valid?
-
-        ben.update_attribute(:confirmed, false)
-        refute session.valid?
-        refute session.errors[:base].empty?
-      end
-    end
-  end
-end

data/test/session_test/params_test.rb

@@ -1,53 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module ParamsTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_params_key
-        UserSession.params_key = "my_params_key"
-        assert_equal "my_params_key", UserSession.params_key
-
-        UserSession.params_key "user_credentials"
-        assert_equal "user_credentials", UserSession.params_key
-      end
-
-      def test_single_access_allowed_request_types
-        UserSession.single_access_allowed_request_types = ["my request type"]
-        assert_equal ["my request type"], UserSession.single_access_allowed_request_types
-
-        UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
-        assert_equal ["application/rss+xml", "application/atom+xml"], UserSession.single_access_allowed_request_types
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_params
-        ben = users(:ben)
-        session = UserSession.new
-
-        refute session.persisting?
-        set_params_for(ben)
-
-        refute session.persisting?
-        refute session.unauthorized_record
-        refute session.record
-        assert_nil controller.session["user_credentials"]
-
-        set_request_content_type("text/plain")
-        refute session.persisting?
-        refute session.unauthorized_record
-        assert_nil controller.session["user_credentials"]
-
-        set_request_content_type("application/atom+xml")
-        assert session.persisting?
-        assert_equal ben, session.record
-        assert_nil controller.session["user_credentials"] # should not persist since this is single access
-
-        set_request_content_type("application/rss+xml")
-        assert session.persisting?
-        assert_equal ben, session.unauthorized_record
-        assert_nil controller.session["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/password_test.rb

@@ -1,105 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module PasswordTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_find_by_login_method
-        UserSession.find_by_login_method = "my_login_method"
-        assert_equal "my_login_method", UserSession.find_by_login_method
-
-        UserSession.find_by_login_method "find_by_login"
-        assert_equal "find_by_login", UserSession.find_by_login_method
-      end
-
-      def test_verify_password_method
-        UserSession.verify_password_method = "my_login_method"
-        assert_equal "my_login_method", UserSession.verify_password_method
-
-        UserSession.verify_password_method "valid_password?"
-        assert_equal "valid_password?", UserSession.verify_password_method
-      end
-
-      def test_generalize_credentials_error_mesages_set_to_false
-        UserSession.generalize_credentials_error_messages false
-        refute UserSession.generalize_credentials_error_messages
-        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
-        assert_equal ["Password is not valid"], session.errors.full_messages
-      end
-
-      def test_generalize_credentials_error_messages_set_to_true
-        UserSession.generalize_credentials_error_messages true
-        assert UserSession.generalize_credentials_error_messages
-        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
-        assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
-      end
-
-      def test_generalize_credentials_error_messages_set_to_string
-        UserSession.generalize_credentials_error_messages = "Custom Error Message"
-        assert UserSession.generalize_credentials_error_messages
-        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
-        assert_equal ["Custom Error Message"], session.errors.full_messages
-      end
-
-      def test_login_field
-        UserSession.configured_password_methods = false
-        UserSession.login_field = :saweet
-        assert_equal :saweet, UserSession.login_field
-        session = UserSession.new
-        assert session.respond_to?(:saweet)
-
-        UserSession.login_field :login
-        assert_equal :login, UserSession.login_field
-        session = UserSession.new
-        assert session.respond_to?(:login)
-      end
-
-      def test_password_field
-        UserSession.configured_password_methods = false
-        UserSession.password_field = :saweet
-        assert_equal :saweet, UserSession.password_field
-        session = UserSession.new
-        assert session.respond_to?(:saweet)
-
-        UserSession.password_field :password
-        assert_equal :password, UserSession.password_field
-        session = UserSession.new
-        assert session.respond_to?(:password)
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_init
-        session = UserSession.new
-        assert session.respond_to?(:login)
-        assert session.respond_to?(:login=)
-        assert session.respond_to?(:password)
-        assert session.respond_to?(:password=)
-        assert session.respond_to?(:protected_password, true)
-      end
-
-      def test_credentials
-        session = UserSession.new
-        session.credentials = { :login => "login", :password => "pass" }
-        assert_equal "login", session.login
-        assert_nil session.password
-        assert_equal "pass", session.send(:protected_password)
-        assert_equal({ :password => "<protected>", :login => "login" }, session.credentials)
-      end
-
-      def test_credentials_are_params_safe
-        session = UserSession.new
-        assert_nothing_raised { session.credentials = { :hacker_method => "error!" } }
-      end
-
-      def test_save_with_credentials
-        aaron = users(:aaron)
-        session = UserSession.new(:login => aaron.login, :password => "aaronrocks")
-        assert session.save
-        refute session.new_session?
-        assert_equal 1, session.record.login_count
-        assert Time.now >= session.record.current_login_at
-        assert_equal "1.1.1.1", session.record.current_login_ip
-      end
-    end
-  end
-end

data/test/session_test/perishability_test.rb

@@ -1,15 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class PerishabilityTest < ActiveSupport::TestCase
-    def test_after_save
-      ben = users(:ben)
-      old_perishable_token = ben.perishable_token
-      UserSession.create(ben)
-      assert_not_equal old_perishable_token, ben.perishable_token
-
-      drew = employees(:drew)
-      refute UserSession.create(drew).new_session?
-    end
-  end
-end

data/test/session_test/persistence_test.rb

@@ -1,32 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class PersistenceTest < ActiveSupport::TestCase
-    def test_find
-      aaron = users(:aaron)
-      refute UserSession.find
-      http_basic_auth_for(aaron) { assert UserSession.find }
-      set_cookie_for(aaron)
-      assert UserSession.find
-      unset_cookie
-      set_session_for(aaron)
-      session = UserSession.find
-      assert session
-    end
-
-    def test_persisting
-      # tested thoroughly in test_find
-    end
-
-    def test_should_set_remember_me_on_the_next_request
-      aaron = users(:aaron)
-      session = UserSession.new(aaron)
-      session.remember_me = true
-      refute UserSession.remember_me
-      assert session.save
-      assert session.remember_me?
-      session = UserSession.find(aaron)
-      assert session.remember_me?
-    end
-  end
-end

data/test/session_test/scopes_test.rb

@@ -1,60 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class ScopesTest < ActiveSupport::TestCase
-    def test_scope_method
-      assert_nil Authlogic::Session::Base.scope
-
-      thread1 = Thread.new do
-        scope = { :id => :scope1 }
-        Authlogic::Session::Base.send(:scope=, scope)
-        assert_equal scope, Authlogic::Session::Base.scope
-      end
-      thread1.join
-
-      assert_nil Authlogic::Session::Base.scope
-
-      thread2 = Thread.new do
-        scope = { :id => :scope2 }
-        Authlogic::Session::Base.send(:scope=, scope)
-        assert_equal scope, Authlogic::Session::Base.scope
-      end
-      thread2.join
-
-      assert_nil Authlogic::Session::Base.scope
-    end
-
-    def test_with_scope_method
-      assert_raise(ArgumentError) { UserSession.with_scope }
-
-      UserSession.with_scope(:find_options => { :conditions => "awesome = 1" }, :id => "some_id") do
-        assert_equal({ :find_options => { :conditions => "awesome = 1" }, :id => "some_id" }, UserSession.scope)
-      end
-
-      assert_nil UserSession.scope
-    end
-
-    def test_initialize
-      UserSession.with_scope(:find_options => { :conditions => "awesome = 1" }, :id => "some_id") do
-        session = UserSession.new
-        assert_equal({ :find_options => { :conditions => "awesome = 1" }, :id => "some_id" }, session.scope)
-        session.id = :another_id
-        assert_equal "another_id_some_id_test", session.send(:build_key, "test")
-      end
-    end
-
-    def test_search_for_record_with_scopes
-      binary_logic = companies(:binary_logic)
-      ben = users(:ben)
-      zack = users(:zack)
-
-      session = UserSession.new
-      assert_equal zack, session.send(:search_for_record, "find_by_login", zack.login)
-
-      session.scope = { :find_options => { :conditions => ["company_id = ?", binary_logic.id] } }
-      assert_nil session.send(:search_for_record, "find_by_login", zack.login)
-
-      assert_equal ben, session.send(:search_for_record, "find_by_login", ben.login)
-    end
-  end
-end

data/test/session_test/session_test.rb

@@ -1,78 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module SessionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_session_key
-        UserSession.session_key = "my_session_key"
-        assert_equal "my_session_key", UserSession.session_key
-
-        UserSession.session_key "user_credentials"
-        assert_equal "user_credentials", UserSession.session_key
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_session
-        ben = users(:ben)
-        set_session_for(ben)
-        assert session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_persist_persist_by_session_with_session_fixation_attack
-        ben = users(:ben)
-        controller.session["user_credentials"] = 'neo'
-        controller.session["user_credentials_id"] = {
-          :select => " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
-        }
-        @user_session = UserSession.find
-        assert @user_session.blank?
-      end
-
-      def test_persist_persist_by_session_with_sql_injection_attack
-        controller.session["user_credentials"] = { :select => "ABRA CADABRA" }
-        controller.session["user_credentials_id"] = nil
-        assert_nothing_raised do
-          @user_session = UserSession.find
-        end
-        assert @user_session.blank?
-      end
-
-      def test_persist_persist_by_session_with_token_only
-        ben = users(:ben)
-        set_session_for(ben)
-        controller.session["user_credentials_id"] = nil
-        session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_after_save_update_session
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert controller.session["user_credentials"].blank?
-        assert session.save
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_after_destroy_update_session
-        ben = users(:ben)
-        set_session_for(ben)
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-        assert session = UserSession.find
-        assert session.destroy
-        assert controller.session["user_credentials"].blank?
-      end
-
-      def test_after_persisting_update_session
-        ben = users(:ben)
-        set_cookie_for(ben)
-        assert controller.session["user_credentials"].blank?
-        assert UserSession.find
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/timeout_test.rb

@@ -1,82 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  module TimeoutTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_logout_on_timeout
-        UserSession.logout_on_timeout = true
-        assert UserSession.logout_on_timeout
-
-        UserSession.logout_on_timeout false
-        refute UserSession.logout_on_timeout
-      end
-    end
-
-    class InstanceMethods < ActiveSupport::TestCase
-      def test_stale_state
-        UserSession.logout_on_timeout = true
-        ben = users(:ben)
-        ben.last_request_at = 3.years.ago
-        ben.save
-        set_session_for(ben)
-
-        session = UserSession.new
-        assert session.persisting?
-        assert session.stale?
-        assert_equal ben, session.stale_record
-        assert_nil session.record
-        assert_nil controller.session["user_credentials_id"]
-
-        set_session_for(ben)
-
-        ben.last_request_at = Time.now
-        ben.save
-
-        assert session.persisting?
-        refute session.stale?
-        assert_nil session.stale_record
-
-        UserSession.logout_on_timeout = false
-      end
-
-      def test_should_be_stale_with_expired_remember_date
-        UserSession.logout_on_timeout = true
-        UserSession.remember_me = true
-        UserSession.remember_me_for = 3.months
-        ben = users(:ben)
-        assert ben.save
-        session = UserSession.new(ben)
-        assert session.save
-        Timecop.freeze(Time.now + 4.month)
-        assert session.persisting?
-        assert session.stale?
-        UserSession.remember_me = false
-      end
-
-      def test_should_not_be_stale_with_valid_remember_date
-        UserSession.logout_on_timeout = true # Default is 10.minutes
-        UserSession.remember_me = true
-        UserSession.remember_me_for = 3.months
-        ben = users(:ben)
-        assert ben.save
-        session = UserSession.new(ben)
-        assert session.save
-        Timecop.freeze(Time.now + 2.months)
-        assert session.persisting?
-        refute session.stale?
-        UserSession.remember_me = false
-      end
-
-      def test_successful_login
-        UserSession.logout_on_timeout = true
-        ben = users(:ben)
-        session = UserSession.create(:login => ben.login, :password => "benrocks")
-        refute session.new_session?
-        session = UserSession.find
-        assert session
-        assert_equal ben, session.record
-        UserSession.logout_on_timeout = false
-      end
-    end
-  end
-end

data/test/session_test/unauthorized_record_test.rb

@@ -1,13 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class UnauthorizedRecordTest < ActiveSupport::TestCase
-    def test_credentials
-      ben = users(:ben)
-      session = UserSession.new
-      session.credentials = [ben]
-      assert_equal ben, session.unauthorized_record
-      assert_equal({ :unauthorized_record => "<protected>" }, session.credentials)
-    end
-  end
-end

data/test/session_test/validation_test.rb

@@ -1,23 +0,0 @@
-require 'test_helper'
-
-module SessionTest
-  class ValidationTest < ActiveSupport::TestCase
-    def test_errors
-      session = UserSession.new
-      assert session.errors.is_a?(Authlogic::Session::Validation::Errors)
-    end
-
-    def test_valid
-      session = UserSession.new
-      refute session.valid?
-      assert_nil session.record
-      assert session.errors.count > 0
-
-      ben = users(:ben)
-      session.unauthorized_record = ben
-      assert session.valid?
-      assert_equal ben, session.attempted_record
-      assert session.errors.empty?
-    end
-  end
-end