RubyGems - authlogic - Versions diffs - 4.0.1 → 4.1.0 - Mend

authlogic 4.0.1 → 4.1.0

Files changed (101) hide show

checksums.yaml +4 -4
data/.rubocop.yml +43 -1
data/.rubocop_todo.yml +23 -132
data/CHANGELOG.md +12 -0
data/CONTRIBUTING.md +10 -3
data/Gemfile +2 -2
data/Rakefile +6 -6
data/authlogic.gemspec +13 -12
data/lib/authlogic/acts_as_authentic/base.rb +12 -7
data/lib/authlogic/acts_as_authentic/email.rb +16 -6
data/lib/authlogic/acts_as_authentic/logged_in_status.rb +10 -5
data/lib/authlogic/acts_as_authentic/login.rb +11 -5
data/lib/authlogic/acts_as_authentic/password.rb +111 -57
data/lib/authlogic/acts_as_authentic/perishable_token.rb +6 -2
data/lib/authlogic/acts_as_authentic/persistence_token.rb +1 -1
data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +2 -2
data/lib/authlogic/acts_as_authentic/restful_authentication.rb +31 -3
data/lib/authlogic/acts_as_authentic/session_maintenance.rb +11 -3
data/lib/authlogic/acts_as_authentic/single_access_token.rb +14 -2
data/lib/authlogic/acts_as_authentic/validations_scope.rb +6 -6
data/lib/authlogic/authenticates_many/association.rb +2 -2
data/lib/authlogic/authenticates_many/base.rb +27 -19
data/lib/authlogic/controller_adapters/rack_adapter.rb +1 -1
data/lib/authlogic/controller_adapters/rails_adapter.rb +6 -3
data/lib/authlogic/controller_adapters/sinatra_adapter.rb +2 -2
data/lib/authlogic/crypto_providers.rb +2 -0
data/lib/authlogic/crypto_providers/bcrypt.rb +15 -9
data/lib/authlogic/crypto_providers/md5.rb +2 -1
data/lib/authlogic/crypto_providers/scrypt.rb +12 -7
data/lib/authlogic/crypto_providers/sha256.rb +2 -1
data/lib/authlogic/crypto_providers/wordpress.rb +31 -2
data/lib/authlogic/i18n.rb +22 -17
data/lib/authlogic/regex.rb +57 -29
data/lib/authlogic/session/activation.rb +1 -1
data/lib/authlogic/session/brute_force_protection.rb +2 -2
data/lib/authlogic/session/callbacks.rb +43 -36
data/lib/authlogic/session/cookies.rb +4 -2
data/lib/authlogic/session/existence.rb +1 -1
data/lib/authlogic/session/foundation.rb +5 -1
data/lib/authlogic/session/http_auth.rb +2 -2
data/lib/authlogic/session/klass.rb +2 -1
data/lib/authlogic/session/magic_columns.rb +4 -2
data/lib/authlogic/session/magic_states.rb +9 -10
data/lib/authlogic/session/params.rb +11 -4
data/lib/authlogic/session/password.rb +72 -38
data/lib/authlogic/session/perishable_token.rb +2 -1
data/lib/authlogic/session/persistence.rb +2 -1
data/lib/authlogic/session/scopes.rb +26 -16
data/lib/authlogic/session/unauthorized_record.rb +12 -7
data/lib/authlogic/session/validation.rb +1 -1
data/lib/authlogic/test_case/mock_controller.rb +1 -1
data/lib/authlogic/test_case/mock_cookie_jar.rb +1 -1
data/lib/authlogic/test_case/mock_request.rb +1 -1
data/lib/authlogic/version.rb +1 -1
data/test/acts_as_authentic_test/base_test.rb +1 -1
data/test/acts_as_authentic_test/email_test.rb +11 -11
data/test/acts_as_authentic_test/logged_in_status_test.rb +4 -4
data/test/acts_as_authentic_test/login_test.rb +2 -2
data/test/acts_as_authentic_test/magic_columns_test.rb +1 -1
data/test/acts_as_authentic_test/password_test.rb +1 -1
data/test/acts_as_authentic_test/perishable_token_test.rb +2 -2
data/test/acts_as_authentic_test/persistence_token_test.rb +1 -1
data/test/acts_as_authentic_test/restful_authentication_test.rb +12 -3
data/test/acts_as_authentic_test/session_maintenance_test.rb +1 -1
data/test/acts_as_authentic_test/single_access_test.rb +1 -1
data/test/adapter_test.rb +3 -3
data/test/authenticates_many_test.rb +1 -1
data/test/config_test.rb +9 -9
data/test/crypto_provider_test/aes256_test.rb +1 -1
data/test/crypto_provider_test/bcrypt_test.rb +1 -1
data/test/crypto_provider_test/scrypt_test.rb +1 -1
data/test/crypto_provider_test/sha1_test.rb +1 -1
data/test/crypto_provider_test/sha256_test.rb +1 -1
data/test/crypto_provider_test/sha512_test.rb +1 -1
data/test/crypto_provider_test/wordpress_test.rb +24 -0
data/test/i18n_test.rb +3 -3
data/test/libs/user_session.rb +2 -2
data/test/random_test.rb +1 -1
data/test/session_test/activation_test.rb +1 -1
data/test/session_test/active_record_trickery_test.rb +3 -3
data/test/session_test/brute_force_protection_test.rb +1 -1
data/test/session_test/callbacks_test.rb +9 -3
data/test/session_test/cookies_test.rb +11 -11
data/test/session_test/existence_test.rb +1 -1
data/test/session_test/foundation_test.rb +1 -1
data/test/session_test/http_auth_test.rb +6 -6
data/test/session_test/id_test.rb +1 -1
data/test/session_test/klass_test.rb +1 -1
data/test/session_test/magic_columns_test.rb +1 -1
data/test/session_test/magic_states_test.rb +1 -1
data/test/session_test/params_test.rb +7 -4
data/test/session_test/password_test.rb +1 -1
data/test/session_test/perishability_test.rb +1 -1
data/test/session_test/persistence_test.rb +1 -1
data/test/session_test/scopes_test.rb +9 -3
data/test/session_test/session_test.rb +2 -2
data/test/session_test/timeout_test.rb +1 -1
data/test/session_test/unauthorized_record_test.rb +1 -1
data/test/session_test/validation_test.rb +1 -1
data/test/test_helper.rb +34 -14
metadata +6 -4

data/test/crypto_provider_test/aes256_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class AES256Test < ActiveSupport::TestCase

data/test/crypto_provider_test/bcrypt_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class BCryptTest < ActiveSupport::TestCase

data/test/crypto_provider_test/scrypt_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class SCryptTest < ActiveSupport::TestCase

data/test/crypto_provider_test/sha1_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class Sha1Test < ActiveSupport::TestCase

data/test/crypto_provider_test/sha256_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class Sha256Test < ActiveSupport::TestCase

data/test/crypto_provider_test/sha512_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class Sha512Test < ActiveSupport::TestCase

data/test/crypto_provider_test/wordpress_test.rb ADDED

@@ -0,0 +1,24 @@
+require "test_helper"
+::ActiveSupport::Deprecation.silence do
+  require "authlogic/crypto_providers/wordpress"
+end
+module CryptoProviderTest
+  class WordpressTest < ActiveSupport::TestCase
+    def test_matches
+      plain = "banana"
+      salt = "aaa"
+      crypted = "xxx0nope"
+      # I couldn't figure out how to even execute this method without it
+      # crashing. Maybe, when Jeffry wrote it in 2009, `Digest::MD5.digest`
+      # worked differently. He was probably using ruby 1.9 back then.
+      # Given that I can't even figure out how to run it, and for all the other
+      # reasons I've given in `wordpress.rb`, I'm just going to deprecate
+      # the whole file. -Jared 2018-04-09
+      assert_raises(NoMethodError) {
+        Authlogic::CryptoProviders::Wordpress.matches?(crypted, plain, salt)
+      }
+    end
+  end
+end

data/test/i18n_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 class I18nTest < ActiveSupport::TestCase
   def test_uses_authlogic_as_scope_by_default
@@ -6,8 +6,8 @@ class I18nTest < ActiveSupport::TestCase
   end
   def test_can_set_scope
-    assert_nothing_raised { Authlogic::I18n.scope = [:a, :b] }
-    assert_equal [:a, :b], Authlogic::I18n.scope
+    assert_nothing_raised { Authlogic::I18n.scope = %i[a b] }
+    assert_equal %i[a b], Authlogic::I18n.scope
     Authlogic::I18n.scope = :authlogic
   end

data/test/libs/user_session.rb CHANGED

@@ -15,11 +15,11 @@ class WackyUserSession < Authlogic::Session::Base
   def persist_by_false
     self.counter += 1
-    return false
+    false
   end
   def persist_by_true
     self.counter += 1
-    return true
+    true
   end
 end

data/test/random_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 class RandomTest < ActiveSupport::TestCase
   def test_that_hex_tokens_are_unique

data/test/session_test/activation_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ActivationTest

data/test/session_test/active_record_trickery_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ActiveRecordTrickeryTest
@@ -16,12 +16,12 @@ module SessionTest
       end
       def test_i18n_of_human_name
-        I18n.backend.store_translations 'en', authlogic: { models: { user_session: "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.human_name
       end
       def test_i18n_of_model_name_human
-        I18n.backend.store_translations 'en', authlogic: { models: { user_session: "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.model_name.human
       end

data/test/session_test/brute_force_protection_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module BruteForceProtectionTest

data/test/session_test/callbacks_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class CallbacksTest < ActiveSupport::TestCase
@@ -15,7 +15,10 @@ module SessionTest
     def test_true_callback_cancelling_later_callbacks
       WackyUserSession.persist :persist_by_true, :persist_by_false
-      assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_true persist_by_false],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
       session = WackyUserSession.new
       session.send(:persist)
@@ -24,7 +27,10 @@ module SessionTest
     def test_false_callback_continuing_to_later_callbacks
       WackyUserSession.persist :persist_by_false, :persist_by_true
-      assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_false persist_by_true],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
       session = WackyUserSession.new
       session.send(:persist)

data/test/session_test/cookies_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module CookiesTest
@@ -68,15 +68,15 @@ module SessionTest
         assert_nil UserSession.same_site
         assert_nil UserSession.new.same_site
-        UserSession.same_site 'Strict'
-        assert_equal 'Strict', UserSession.same_site
+        UserSession.same_site "Strict"
+        assert_equal "Strict", UserSession.same_site
         session = UserSession.new
-        assert_equal 'Strict', session.same_site
-        session.same_site = 'Lax'
-        assert_equal 'Lax', session.same_site
+        assert_equal "Strict", session.same_site
+        session.same_site = "Lax"
+        assert_equal "Lax", session.same_site
-        assert_raise(ArgumentError) { UserSession.same_site 'foo' }
-        assert_raise(ArgumentError) { UserSession.new.same_site 'foo' }
+        assert_raise(ArgumentError) { UserSession.same_site "foo" }
+        assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
       end
       def test_sign_cookie
@@ -203,11 +203,11 @@ module SessionTest
       def test_after_save_save_cookie_with_same_site
         session = UserSession.new(users(:ben))
-        session.same_site = 'Strict'
+        session.same_site = "Strict"
         assert session.save
         assert_equal(
-          'Strict',
-          controller.cookies.set_cookies['user_credentials'][:same_site]
+          "Strict",
+          controller.cookies.set_cookies["user_credentials"][:same_site]
         )
       end

data/test/session_test/existence_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ExistenceTest

data/test/session_test/foundation_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 # We forbid the use of AC::Parameters, and we have a test to that effect, but we
 # do not want a development dependency on `actionpack`, so we define it here.

data/test/session_test/http_auth_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class HttpAuthTest < ActiveSupport::TestCase
@@ -20,9 +20,9 @@ module SessionTest
       end
       def test_http_basic_auth_realm
-        assert_equal 'Application', UserSession.http_basic_auth_realm
-        UserSession.http_basic_auth_realm = 'TestRealm'
-        assert_equal 'TestRealm', UserSession.http_basic_auth_realm
+        assert_equal "Application", UserSession.http_basic_auth_realm
+        UserSession.http_basic_auth_realm = "TestRealm"
+        assert_equal "TestRealm", UserSession.http_basic_auth_realm
       end
     end
@@ -43,13 +43,13 @@ module SessionTest
         end
         unset_session
         UserSession.request_http_basic_auth = true
-        UserSession.http_basic_auth_realm = 'PersistTestRealm'
+        UserSession.http_basic_auth_realm = "PersistTestRealm"
         http_basic_auth_for(aaron) do
           assert session = UserSession.find
           assert_equal aaron, session.record
           assert_equal aaron.login, session.login
           assert_equal "aaronrocks", session.send(:protected_password)
-          assert_equal 'PersistTestRealm', controller.realm
+          assert_equal "PersistTestRealm", controller.realm
           assert controller.http_auth_requested?
         end
       end

data/test/session_test/id_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class IdTest < ActiveSupport::TestCase

data/test/session_test/klass_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module KlassTest

data/test/session_test/magic_columns_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module MagicColumnsTest

data/test/session_test/magic_states_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module SessionTest

data/test/session_test/params_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ParamsTest
@@ -14,8 +14,9 @@ module SessionTest
       def test_single_access_allowed_request_types
         UserSession.single_access_allowed_request_types = ["my request type"]
         assert_equal ["my request type"], UserSession.single_access_allowed_request_types
-        UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
+        UserSession.single_access_allowed_request_types(
+          ["application/rss+xml", "application/atom+xml"]
+        )
         assert_equal(
           ["application/rss+xml", "application/atom+xml"],
           UserSession.single_access_allowed_request_types
@@ -44,7 +45,9 @@ module SessionTest
         set_request_content_type("application/atom+xml")
         assert session.persisting?
         assert_equal ben, session.record
-        assert_nil controller.session["user_credentials"] # should not persist since this is single access
+        # should not persist since this is single access
+        assert_nil controller.session["user_credentials"]
         set_request_content_type("application/rss+xml")
         assert session.persisting?

data/test/session_test/password_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module PasswordTest

data/test/session_test/perishability_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class PerishabilityTest < ActiveSupport::TestCase

data/test/session_test/persistence_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class PersistenceTest < ActiveSupport::TestCase

data/test/session_test/scopes_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class ScopesTest < ActiveSupport::TestCase
@@ -28,7 +28,10 @@ module SessionTest
       assert_raise(ArgumentError) { UserSession.with_scope }
       UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
-        assert_equal({ find_options: { conditions: "awesome = 1" }, id: "some_id" }, UserSession.scope)
+        assert_equal(
+          { find_options: { conditions: "awesome = 1" }, id: "some_id" },
+          UserSession.scope
+        )
       end
       assert_nil UserSession.scope
@@ -37,7 +40,10 @@ module SessionTest
     def test_initialize
       UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
         session = UserSession.new
-        assert_equal({ find_options: { conditions: "awesome = 1" }, id: "some_id" }, session.scope)
+        assert_equal(
+          { find_options: { conditions: "awesome = 1" }, id: "some_id" },
+          session.scope
+        )
         session.id = :another_id
         assert_equal "another_id_some_id_test", session.send(:build_key, "test")
       end

data/test/session_test/session_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module SessionTest
@@ -23,7 +23,7 @@ module SessionTest
       def test_persist_persist_by_session_with_session_fixation_attack
         ben = users(:ben)
-        controller.session["user_credentials"] = 'neo'
+        controller.session["user_credentials"] = "neo"
         controller.session["user_credentials_id"] = {
           select: " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
         }

data/test/session_test/timeout_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module TimeoutTest

data/test/session_test/unauthorized_record_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class UnauthorizedRecordTest < ActiveSupport::TestCase

data/test/session_test/validation_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class ValidationTest < ActiveSupport::TestCase

data/test/test_helper.rb CHANGED

@@ -6,7 +6,7 @@ require "active_record/fixtures"
 require "timecop"
 require "i18n"
-I18n.load_path << File.dirname(__FILE__) + '/i18n/lol.yml'
+I18n.load_path << File.dirname(__FILE__) + "/i18n/lol.yml"
 # ActiveRecord::Schema.verbose = false
 ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: ":memory:")
@@ -14,7 +14,7 @@ logger = Logger.new(STDOUT)
 logger.level = Logger::FATAL
 ActiveRecord::Base.logger = logger
-if (ActiveRecord::VERSION::STRING < '4.1')
+if ActiveRecord::VERSION::STRING < "4.1"
   ActiveRecord::Base.configurations = true
 end
@@ -104,16 +104,18 @@ ActiveRecord::Schema.define(version: 1) do
   end
 end
-require_relative '../lib/authlogic'
-require_relative '../lib/authlogic/test_case'
-require_relative 'libs/project'
-require_relative 'libs/affiliate'
-require_relative 'libs/employee'
-require_relative 'libs/employee_session'
-require_relative 'libs/ldaper'
-require_relative 'libs/user'
-require_relative 'libs/user_session'
-require_relative 'libs/company'
+require "English"
+$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
+require "authlogic"
+require "authlogic/test_case"
+require "libs/project"
+require "libs/affiliate"
+require "libs/employee"
+require "libs/employee_session"
+require "libs/ldaper"
+require "libs/user"
+require "libs/user_session"
+require "libs/company"
 # Recent change, 2017-10-23: We had used a 54-letter string here. In the default
 # encoding, UTF-8, that's 54 bytes, which is clearly incorrect for an algorithm
@@ -149,7 +151,16 @@ module ActiveSupport
       # tests until Rails 4.1 was added for testing. This ensures that all the
       # models start tests with their original config.
       def config_setup
-        [Project, Affiliate, Employee, EmployeeSession, Ldaper, User, UserSession, Company].each do |model|
+        [
+          Project,
+          Affiliate,
+          Employee,
+          EmployeeSession,
+          Ldaper,
+          User,
+          UserSession,
+          Company
+        ].each do |model|
           unless model.respond_to?(:original_acts_as_authentic_config)
             model.class_attribute :original_acts_as_authentic_config
           end
@@ -158,7 +169,16 @@ module ActiveSupport
       end
       def config_teardown
-        [Project, Affiliate, Employee, EmployeeSession, Ldaper, User, UserSession, Company].each do |model|
+        [
+          Project,
+          Affiliate,
+          Employee,
+          EmployeeSession,
+          Ldaper,
+          User,
+          UserSession,
+          Company
+        ].each do |model|
           model.acts_as_authentic_config = model.original_acts_as_authentic_config
         end
       end