RubyGems - authlogic - Versions diffs - 4.0.1 → 4.1.0 - Mend

authlogic 4.0.1 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

checksums.yaml +4 -4
data/.rubocop.yml +43 -1
data/.rubocop_todo.yml +23 -132
data/CHANGELOG.md +12 -0
data/CONTRIBUTING.md +10 -3
data/Gemfile +2 -2
data/Rakefile +6 -6
data/authlogic.gemspec +13 -12
data/lib/authlogic/acts_as_authentic/base.rb +12 -7
data/lib/authlogic/acts_as_authentic/email.rb +16 -6
data/lib/authlogic/acts_as_authentic/logged_in_status.rb +10 -5
data/lib/authlogic/acts_as_authentic/login.rb +11 -5
data/lib/authlogic/acts_as_authentic/password.rb +111 -57
data/lib/authlogic/acts_as_authentic/perishable_token.rb +6 -2
data/lib/authlogic/acts_as_authentic/persistence_token.rb +1 -1
data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +2 -2
data/lib/authlogic/acts_as_authentic/restful_authentication.rb +31 -3
data/lib/authlogic/acts_as_authentic/session_maintenance.rb +11 -3
data/lib/authlogic/acts_as_authentic/single_access_token.rb +14 -2
data/lib/authlogic/acts_as_authentic/validations_scope.rb +6 -6
data/lib/authlogic/authenticates_many/association.rb +2 -2
data/lib/authlogic/authenticates_many/base.rb +27 -19
data/lib/authlogic/controller_adapters/rack_adapter.rb +1 -1
data/lib/authlogic/controller_adapters/rails_adapter.rb +6 -3
data/lib/authlogic/controller_adapters/sinatra_adapter.rb +2 -2
data/lib/authlogic/crypto_providers.rb +2 -0
data/lib/authlogic/crypto_providers/bcrypt.rb +15 -9
data/lib/authlogic/crypto_providers/md5.rb +2 -1
data/lib/authlogic/crypto_providers/scrypt.rb +12 -7
data/lib/authlogic/crypto_providers/sha256.rb +2 -1
data/lib/authlogic/crypto_providers/wordpress.rb +31 -2
data/lib/authlogic/i18n.rb +22 -17
data/lib/authlogic/regex.rb +57 -29
data/lib/authlogic/session/activation.rb +1 -1
data/lib/authlogic/session/brute_force_protection.rb +2 -2
data/lib/authlogic/session/callbacks.rb +43 -36
data/lib/authlogic/session/cookies.rb +4 -2
data/lib/authlogic/session/existence.rb +1 -1
data/lib/authlogic/session/foundation.rb +5 -1
data/lib/authlogic/session/http_auth.rb +2 -2
data/lib/authlogic/session/klass.rb +2 -1
data/lib/authlogic/session/magic_columns.rb +4 -2
data/lib/authlogic/session/magic_states.rb +9 -10
data/lib/authlogic/session/params.rb +11 -4
data/lib/authlogic/session/password.rb +72 -38
data/lib/authlogic/session/perishable_token.rb +2 -1
data/lib/authlogic/session/persistence.rb +2 -1
data/lib/authlogic/session/scopes.rb +26 -16
data/lib/authlogic/session/unauthorized_record.rb +12 -7
data/lib/authlogic/session/validation.rb +1 -1
data/lib/authlogic/test_case/mock_controller.rb +1 -1
data/lib/authlogic/test_case/mock_cookie_jar.rb +1 -1
data/lib/authlogic/test_case/mock_request.rb +1 -1
data/lib/authlogic/version.rb +1 -1
data/test/acts_as_authentic_test/base_test.rb +1 -1
data/test/acts_as_authentic_test/email_test.rb +11 -11
data/test/acts_as_authentic_test/logged_in_status_test.rb +4 -4
data/test/acts_as_authentic_test/login_test.rb +2 -2
data/test/acts_as_authentic_test/magic_columns_test.rb +1 -1
data/test/acts_as_authentic_test/password_test.rb +1 -1
data/test/acts_as_authentic_test/perishable_token_test.rb +2 -2
data/test/acts_as_authentic_test/persistence_token_test.rb +1 -1
data/test/acts_as_authentic_test/restful_authentication_test.rb +12 -3
data/test/acts_as_authentic_test/session_maintenance_test.rb +1 -1
data/test/acts_as_authentic_test/single_access_test.rb +1 -1
data/test/adapter_test.rb +3 -3
data/test/authenticates_many_test.rb +1 -1
data/test/config_test.rb +9 -9
data/test/crypto_provider_test/aes256_test.rb +1 -1
data/test/crypto_provider_test/bcrypt_test.rb +1 -1
data/test/crypto_provider_test/scrypt_test.rb +1 -1
data/test/crypto_provider_test/sha1_test.rb +1 -1
data/test/crypto_provider_test/sha256_test.rb +1 -1
data/test/crypto_provider_test/sha512_test.rb +1 -1
data/test/crypto_provider_test/wordpress_test.rb +24 -0
data/test/i18n_test.rb +3 -3
data/test/libs/user_session.rb +2 -2
data/test/random_test.rb +1 -1
data/test/session_test/activation_test.rb +1 -1
data/test/session_test/active_record_trickery_test.rb +3 -3
data/test/session_test/brute_force_protection_test.rb +1 -1
data/test/session_test/callbacks_test.rb +9 -3
data/test/session_test/cookies_test.rb +11 -11
data/test/session_test/existence_test.rb +1 -1
data/test/session_test/foundation_test.rb +1 -1
data/test/session_test/http_auth_test.rb +6 -6
data/test/session_test/id_test.rb +1 -1
data/test/session_test/klass_test.rb +1 -1
data/test/session_test/magic_columns_test.rb +1 -1
data/test/session_test/magic_states_test.rb +1 -1
data/test/session_test/params_test.rb +7 -4
data/test/session_test/password_test.rb +1 -1
data/test/session_test/perishability_test.rb +1 -1
data/test/session_test/persistence_test.rb +1 -1
data/test/session_test/scopes_test.rb +9 -3
data/test/session_test/session_test.rb +2 -2
data/test/session_test/timeout_test.rb +1 -1
data/test/session_test/unauthorized_record_test.rb +1 -1
data/test/session_test/validation_test.rb +1 -1
data/test/test_helper.rb +34 -14
metadata +6 -4

data/test/crypto_provider_test/aes256_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class AES256Test < ActiveSupport::TestCase

data/test/crypto_provider_test/bcrypt_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class BCryptTest < ActiveSupport::TestCase

data/test/crypto_provider_test/scrypt_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class SCryptTest < ActiveSupport::TestCase

data/test/crypto_provider_test/sha1_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class Sha1Test < ActiveSupport::TestCase

data/test/crypto_provider_test/sha256_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class Sha256Test < ActiveSupport::TestCase

data/test/crypto_provider_test/sha512_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module CryptoProviderTest
   class Sha512Test < ActiveSupport::TestCase

data/test/crypto_provider_test/wordpress_test.rb ADDED

@@ -0,0 +1,24 @@
+require "test_helper"
+::ActiveSupport::Deprecation.silence do
+  require "authlogic/crypto_providers/wordpress"
+end
+module CryptoProviderTest
+  class WordpressTest < ActiveSupport::TestCase
+    def test_matches
+      plain = "banana"
+      salt = "aaa"
+      crypted = "xxx0nope"
+      # I couldn't figure out how to even execute this method without it
+      # crashing. Maybe, when Jeffry wrote it in 2009, `Digest::MD5.digest`
+      # worked differently. He was probably using ruby 1.9 back then.
+      # Given that I can't even figure out how to run it, and for all the other
+      # reasons I've given in `wordpress.rb`, I'm just going to deprecate
+      # the whole file. -Jared 2018-04-09
+      assert_raises(NoMethodError) {
+        Authlogic::CryptoProviders::Wordpress.matches?(crypted, plain, salt)
+      }
+    end
+  end
+end

data/test/i18n_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 class I18nTest < ActiveSupport::TestCase
   def test_uses_authlogic_as_scope_by_default
@@ -6,8 +6,8 @@ class I18nTest < ActiveSupport::TestCase
   end
   def test_can_set_scope
-    assert_nothing_raised { Authlogic::I18n.scope = [:a, :b] }
-    assert_equal [:a, :b], Authlogic::I18n.scope
+    assert_nothing_raised { Authlogic::I18n.scope = %i[a b] }
+    assert_equal %i[a b], Authlogic::I18n.scope
     Authlogic::I18n.scope = :authlogic
   end

data/test/libs/user_session.rb CHANGED

@@ -15,11 +15,11 @@ class WackyUserSession < Authlogic::Session::Base
   def persist_by_false
     self.counter += 1
-    return false
+    false
   end
   def persist_by_true
     self.counter += 1
-    return true
+    true
   end
 end

data/test/random_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 class RandomTest < ActiveSupport::TestCase
   def test_that_hex_tokens_are_unique

data/test/session_test/activation_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ActivationTest

data/test/session_test/active_record_trickery_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ActiveRecordTrickeryTest
@@ -16,12 +16,12 @@ module SessionTest
       end
       def test_i18n_of_human_name
-        I18n.backend.store_translations 'en', authlogic: { models: { user_session: "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.human_name
       end
       def test_i18n_of_model_name_human
-        I18n.backend.store_translations 'en', authlogic: { models: { user_session: "MySession" } }
+        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
         assert_equal "MySession", UserSession.model_name.human
       end

data/test/session_test/brute_force_protection_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module BruteForceProtectionTest

data/test/session_test/callbacks_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class CallbacksTest < ActiveSupport::TestCase
@@ -15,7 +15,10 @@ module SessionTest
     def test_true_callback_cancelling_later_callbacks
       WackyUserSession.persist :persist_by_true, :persist_by_false
-      assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_true persist_by_false],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
       session = WackyUserSession.new
       session.send(:persist)
@@ -24,7 +27,10 @@ module SessionTest
     def test_false_callback_continuing_to_later_callbacks
       WackyUserSession.persist :persist_by_false, :persist_by_true
-      assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
+      assert_equal(
+        %i[persist_by_false persist_by_true],
+        WackyUserSession._persist_callbacks.map(&:filter)
+      )
       session = WackyUserSession.new
       session.send(:persist)

data/test/session_test/cookies_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module CookiesTest
@@ -68,15 +68,15 @@ module SessionTest
         assert_nil UserSession.same_site
         assert_nil UserSession.new.same_site
-        UserSession.same_site 'Strict'
-        assert_equal 'Strict', UserSession.same_site
+        UserSession.same_site "Strict"
+        assert_equal "Strict", UserSession.same_site
         session = UserSession.new
-        assert_equal 'Strict', session.same_site
-        session.same_site = 'Lax'
-        assert_equal 'Lax', session.same_site
+        assert_equal "Strict", session.same_site
+        session.same_site = "Lax"
+        assert_equal "Lax", session.same_site
-        assert_raise(ArgumentError) { UserSession.same_site 'foo' }
-        assert_raise(ArgumentError) { UserSession.new.same_site 'foo' }
+        assert_raise(ArgumentError) { UserSession.same_site "foo" }
+        assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
       end
       def test_sign_cookie
@@ -203,11 +203,11 @@ module SessionTest
       def test_after_save_save_cookie_with_same_site
         session = UserSession.new(users(:ben))
-        session.same_site = 'Strict'
+        session.same_site = "Strict"
         assert session.save
         assert_equal(
-          'Strict',
-          controller.cookies.set_cookies['user_credentials'][:same_site]
+          "Strict",
+          controller.cookies.set_cookies["user_credentials"][:same_site]
         )
       end

data/test/session_test/existence_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ExistenceTest

data/test/session_test/foundation_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 # We forbid the use of AC::Parameters, and we have a test to that effect, but we
 # do not want a development dependency on `actionpack`, so we define it here.

data/test/session_test/http_auth_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class HttpAuthTest < ActiveSupport::TestCase
@@ -20,9 +20,9 @@ module SessionTest
       end
       def test_http_basic_auth_realm
-        assert_equal 'Application', UserSession.http_basic_auth_realm
-        UserSession.http_basic_auth_realm = 'TestRealm'
-        assert_equal 'TestRealm', UserSession.http_basic_auth_realm
+        assert_equal "Application", UserSession.http_basic_auth_realm
+        UserSession.http_basic_auth_realm = "TestRealm"
+        assert_equal "TestRealm", UserSession.http_basic_auth_realm
       end
     end
@@ -43,13 +43,13 @@ module SessionTest
         end
         unset_session
         UserSession.request_http_basic_auth = true
-        UserSession.http_basic_auth_realm = 'PersistTestRealm'
+        UserSession.http_basic_auth_realm = "PersistTestRealm"
         http_basic_auth_for(aaron) do
           assert session = UserSession.find
           assert_equal aaron, session.record
           assert_equal aaron.login, session.login
           assert_equal "aaronrocks", session.send(:protected_password)
-          assert_equal 'PersistTestRealm', controller.realm
+          assert_equal "PersistTestRealm", controller.realm
           assert controller.http_auth_requested?
         end
       end

data/test/session_test/id_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class IdTest < ActiveSupport::TestCase

data/test/session_test/klass_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module KlassTest

data/test/session_test/magic_columns_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module MagicColumnsTest

data/test/session_test/magic_states_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module SessionTest

data/test/session_test/params_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module ParamsTest
@@ -14,8 +14,9 @@ module SessionTest
       def test_single_access_allowed_request_types
         UserSession.single_access_allowed_request_types = ["my request type"]
         assert_equal ["my request type"], UserSession.single_access_allowed_request_types
-        UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
+        UserSession.single_access_allowed_request_types(
+          ["application/rss+xml", "application/atom+xml"]
+        )
         assert_equal(
           ["application/rss+xml", "application/atom+xml"],
           UserSession.single_access_allowed_request_types
@@ -44,7 +45,9 @@ module SessionTest
         set_request_content_type("application/atom+xml")
         assert session.persisting?
         assert_equal ben, session.record
-        assert_nil controller.session["user_credentials"] # should not persist since this is single access
+        # should not persist since this is single access
+        assert_nil controller.session["user_credentials"]
         set_request_content_type("application/rss+xml")
         assert session.persisting?

data/test/session_test/password_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module PasswordTest

data/test/session_test/perishability_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class PerishabilityTest < ActiveSupport::TestCase

data/test/session_test/persistence_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class PersistenceTest < ActiveSupport::TestCase

data/test/session_test/scopes_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class ScopesTest < ActiveSupport::TestCase
@@ -28,7 +28,10 @@ module SessionTest
       assert_raise(ArgumentError) { UserSession.with_scope }
       UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
-        assert_equal({ find_options: { conditions: "awesome = 1" }, id: "some_id" }, UserSession.scope)
+        assert_equal(
+          { find_options: { conditions: "awesome = 1" }, id: "some_id" },
+          UserSession.scope
+        )
       end
       assert_nil UserSession.scope
@@ -37,7 +40,10 @@ module SessionTest
     def test_initialize
       UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
         session = UserSession.new
-        assert_equal({ find_options: { conditions: "awesome = 1" }, id: "some_id" }, session.scope)
+        assert_equal(
+          { find_options: { conditions: "awesome = 1" }, id: "some_id" },
+          session.scope
+        )
         session.id = :another_id
         assert_equal "another_id_some_id_test", session.send(:build_key, "test")
       end

data/test/session_test/session_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module SessionTest
@@ -23,7 +23,7 @@ module SessionTest
       def test_persist_persist_by_session_with_session_fixation_attack
         ben = users(:ben)
-        controller.session["user_credentials"] = 'neo'
+        controller.session["user_credentials"] = "neo"
         controller.session["user_credentials_id"] = {
           select: " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
         }

data/test/session_test/timeout_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   module TimeoutTest

data/test/session_test/unauthorized_record_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class UnauthorizedRecordTest < ActiveSupport::TestCase

data/test/session_test/validation_test.rb CHANGED

@@ -1,4 +1,4 @@
-require 'test_helper'
+require "test_helper"
 module SessionTest
   class ValidationTest < ActiveSupport::TestCase

data/test/test_helper.rb CHANGED

@@ -6,7 +6,7 @@ require "active_record/fixtures"
 require "timecop"
 require "i18n"
-I18n.load_path << File.dirname(__FILE__) + '/i18n/lol.yml'
+I18n.load_path << File.dirname(__FILE__) + "/i18n/lol.yml"
 # ActiveRecord::Schema.verbose = false
 ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: ":memory:")
@@ -14,7 +14,7 @@ logger = Logger.new(STDOUT)
 logger.level = Logger::FATAL
 ActiveRecord::Base.logger = logger
-if (ActiveRecord::VERSION::STRING < '4.1')
+if ActiveRecord::VERSION::STRING < "4.1"
   ActiveRecord::Base.configurations = true
 end
@@ -104,16 +104,18 @@ ActiveRecord::Schema.define(version: 1) do
   end
 end
-require_relative '../lib/authlogic'
-require_relative '../lib/authlogic/test_case'
-require_relative 'libs/project'
-require_relative 'libs/affiliate'
-require_relative 'libs/employee'
-require_relative 'libs/employee_session'
-require_relative 'libs/ldaper'
-require_relative 'libs/user'
-require_relative 'libs/user_session'
-require_relative 'libs/company'
+require "English"
+$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
+require "authlogic"
+require "authlogic/test_case"
+require "libs/project"
+require "libs/affiliate"
+require "libs/employee"
+require "libs/employee_session"
+require "libs/ldaper"
+require "libs/user"
+require "libs/user_session"
+require "libs/company"
 # Recent change, 2017-10-23: We had used a 54-letter string here. In the default
 # encoding, UTF-8, that's 54 bytes, which is clearly incorrect for an algorithm
@@ -149,7 +151,16 @@ module ActiveSupport
       # tests until Rails 4.1 was added for testing. This ensures that all the
       # models start tests with their original config.
       def config_setup
-        [Project, Affiliate, Employee, EmployeeSession, Ldaper, User, UserSession, Company].each do |model|
+        [
+          Project,
+          Affiliate,
+          Employee,
+          EmployeeSession,
+          Ldaper,
+          User,
+          UserSession,
+          Company
+        ].each do |model|
           unless model.respond_to?(:original_acts_as_authentic_config)
             model.class_attribute :original_acts_as_authentic_config
           end
@@ -158,7 +169,16 @@ module ActiveSupport
       end
       def config_teardown
-        [Project, Affiliate, Employee, EmployeeSession, Ldaper, User, UserSession, Company].each do |model|
+        [
+          Project,
+          Affiliate,
+          Employee,
+          EmployeeSession,
+          Ldaper,
+          User,
+          UserSession,
+          Company
+        ].each do |model|
           model.acts_as_authentic_config = model.original_acts_as_authentic_config
         end
       end