authlogic 4.4.2 → 5.0.0

data/test/session_test/activation_test.rb

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module ActivationTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      def test_activated
-        assert UserSession.activated?
-        Authlogic::Session::Base.controller = nil
-        refute UserSession.activated?
-      end
-
-      def test_controller
-        Authlogic::Session::Base.controller = nil
-        assert_nil Authlogic::Session::Base.controller
-        thread1 = Thread.new do
-          controller = MockController.new
-          Authlogic::Session::Base.controller = controller
-          assert_equal controller, Authlogic::Session::Base.controller
-        end
-        thread1.join
-
-        assert_nil Authlogic::Session::Base.controller
-
-        thread2 = Thread.new do
-          controller = MockController.new
-          Authlogic::Session::Base.controller = controller
-          assert_equal controller, Authlogic::Session::Base.controller
-        end
-        thread2.join
-
-        assert_nil Authlogic::Session::Base.controller
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_init
-        UserSession.controller = nil
-        assert_raise(Authlogic::Session::Activation::NotActivatedError) { UserSession.new }
-        UserSession.controller = controller
-      end
-    end
-  end
-end

data/test/session_test/active_record_trickery_test.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module ActiveRecordTrickeryTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      # If test_human_name is executed after test_i18n_of_human_name the test will fail.
-      i_suck_and_my_tests_are_order_dependent!
-
-      def test_human_attribute_name
-        assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
-        assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
-      end
-
-      def test_human_name
-        assert_equal "Usersession", UserSession.human_name
-      end
-
-      def test_i18n_of_human_name
-        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
-        assert_equal "MySession", UserSession.human_name
-      end
-
-      def test_i18n_of_model_name_human
-        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
-        assert_equal "MySession", UserSession.model_name.human
-      end
-
-      def test_model_name
-        assert_equal "UserSession", UserSession.model_name.name
-        assert_equal "user_session", UserSession.model_name.singular
-        assert_equal "user_sessions", UserSession.model_name.plural
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_new_record
-        session = UserSession.new
-        assert session.new_record?
-      end
-
-      def test_to_key
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert_nil session.to_key
-
-        session.save
-        assert_not_nil session.to_key
-        assert_equal ben.to_key, session.to_key
-      end
-
-      def test_persisted
-        session = UserSession.new(users(:ben))
-        refute session.persisted?
-
-        session.save
-        assert session.persisted?
-
-        session.destroy
-        refute session.persisted?
-      end
-
-      def test_destroyed?
-        session = UserSession.create(users(:ben))
-        refute session.destroyed?
-
-        session.destroy
-        assert session.destroyed?
-      end
-
-      def test_to_model
-        session = UserSession.new
-        assert_equal session, session.to_model
-      end
-    end
-  end
-end

data/test/session_test/brute_force_protection_test.rb

@@ -1,110 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module BruteForceProtectionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_consecutive_failed_logins_limit
-        UserSession.consecutive_failed_logins_limit = 10
-        assert_equal 10, UserSession.consecutive_failed_logins_limit
-
-        UserSession.consecutive_failed_logins_limit 50
-        assert_equal 50, UserSession.consecutive_failed_logins_limit
-      end
-
-      def test_failed_login_ban_for
-        UserSession.failed_login_ban_for = 10
-        assert_equal 10, UserSession.failed_login_ban_for
-
-        UserSession.failed_login_ban_for 2.hours
-        assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_under_limit
-        ben = users(:ben)
-        ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
-        assert ben.save
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        refute session.new_session?
-      end
-
-      def test_exceeded_limit
-        ben = users(:ben)
-        ben.failed_login_count = UserSession.consecutive_failed_logins_limit
-        assert ben.save
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        assert session.new_session?
-        assert UserSession.create(ben).new_session?
-        ben.reload
-        ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
-        refute UserSession.create(ben).new_session?
-      end
-
-      def test_exceeding_failed_logins_limit
-        UserSession.consecutive_failed_logins_limit = 2
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(login: ben.login, password: "badpassword1")
-          refute session.save
-          refute session.errors[:password].empty?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        session = UserSession.new(login: ben.login, password: "badpassword2")
-        refute session.save
-        assert session.errors[:password].empty?
-        assert_equal 3, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-      end
-
-      def test_exceeded_ban_for
-        UserSession.consecutive_failed_logins_limit = 2
-        UserSession.generalize_credentials_error_messages true
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(login: ben.login, password: "badpassword1")
-          refute session.save
-          assert session.invalid_password?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        ActiveRecord::Base.connection.execute(
-          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
-        )
-        session = UserSession.new(login: ben.login, password: "benrocks")
-        assert session.save
-        assert_equal 0, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-        UserSession.generalize_credentials_error_messages false
-      end
-
-      def test_exceeded_ban_and_failed_doesnt_ban_again
-        UserSession.consecutive_failed_logins_limit = 2
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(login: ben.login, password: "badpassword1")
-          refute session.save
-          refute session.errors[:password].empty?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        ActiveRecord::Base.connection.execute(
-          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
-        )
-        session = UserSession.new(login: ben.login, password: "badpassword1")
-        refute session.save
-        assert_equal 1, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-      end
-    end
-  end
-end

data/test/session_test/callbacks_test.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class CallbacksTest < ActiveSupport::TestCase
-    def setup
-      WackyUserSession.reset_callbacks(:persist)
-    end
-
-    def test_no_callbacks
-      assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 0, session.counter
-    end
-
-    def test_true_callback_cancelling_later_callbacks
-      WackyUserSession.persist :persist_by_true, :persist_by_false
-      assert_equal(
-        %i[persist_by_true persist_by_false],
-        WackyUserSession._persist_callbacks.map(&:filter)
-      )
-
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 1, session.counter
-    end
-
-    def test_false_callback_continuing_to_later_callbacks
-      WackyUserSession.persist :persist_by_false, :persist_by_true
-      assert_equal(
-        %i[persist_by_false persist_by_true],
-        WackyUserSession._persist_callbacks.map(&:filter)
-      )
-
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 2, session.counter
-    end
-  end
-end

data/test/session_test/cookies_test.rb

@@ -1,226 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module CookiesTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_cookie_key
-        UserSession.cookie_key = "my_cookie_key"
-        assert_equal "my_cookie_key", UserSession.cookie_key
-
-        UserSession.cookie_key "user_credentials"
-        assert_equal "user_credentials", UserSession.cookie_key
-      end
-
-      def test_default_cookie_key
-        assert_equal "user_credentials", UserSession.cookie_key
-        assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
-      end
-
-      def test_remember_me
-        UserSession.remember_me = true
-        assert_equal true, UserSession.remember_me
-        session = UserSession.new
-        assert_equal true, session.remember_me
-
-        UserSession.remember_me false
-        assert_equal false, UserSession.remember_me
-        session = UserSession.new
-        assert_equal false, session.remember_me
-      end
-
-      def test_remember_me_for
-        UserSession.remember_me_for = 3.years
-        assert_equal 3.years, UserSession.remember_me_for
-        session = UserSession.new
-        session.remember_me = true
-        assert_equal 3.years, session.remember_me_for
-
-        UserSession.remember_me_for 3.months
-        assert_equal 3.months, UserSession.remember_me_for
-        session = UserSession.new
-        session.remember_me = true
-        assert_equal 3.months, session.remember_me_for
-      end
-
-      def test_secure
-        assert_equal true, UserSession.secure
-        session = UserSession.new
-        assert_equal true, session.secure
-
-        UserSession.secure false
-        assert_equal false, UserSession.secure
-        session = UserSession.new
-        assert_equal false, session.secure
-      end
-
-      def test_httponly
-        assert_equal true, UserSession.httponly
-        session = UserSession.new
-        assert_equal true, session.httponly
-
-        UserSession.httponly false
-        assert_equal false, UserSession.httponly
-        session = UserSession.new
-        assert_equal false, session.httponly
-      end
-
-      def test_same_site
-        assert_nil UserSession.same_site
-        assert_nil UserSession.new.same_site
-
-        UserSession.same_site "Strict"
-        assert_equal "Strict", UserSession.same_site
-        session = UserSession.new
-        assert_equal "Strict", session.same_site
-        session.same_site = "Lax"
-        assert_equal "Lax", session.same_site
-
-        assert_raise(ArgumentError) { UserSession.same_site "foo" }
-        assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
-      end
-
-      def test_sign_cookie
-        UserSession.sign_cookie = true
-        assert_equal true, UserSession.sign_cookie
-        session = UserSession.new
-        assert_equal true, session.sign_cookie
-
-        UserSession.sign_cookie false
-        assert_equal false, UserSession.sign_cookie
-        session = UserSession.new
-        assert_equal false, session.sign_cookie
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_credentials
-        session = UserSession.new
-        session.credentials = { remember_me: true }
-        assert_equal true, session.remember_me
-      end
-
-      def test_remember_me
-        session = UserSession.new
-        assert_equal false, session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = false
-        assert_equal false, session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = true
-        assert_equal true, session.remember_me
-        assert session.remember_me?
-
-        session.remember_me = nil
-        assert_nil session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = "1"
-        assert_equal "1", session.remember_me
-        assert session.remember_me?
-
-        session.remember_me = "true"
-        assert_equal "true", session.remember_me
-        assert session.remember_me?
-      end
-
-      def test_remember_me_until
-        session = UserSession.new
-        assert_nil session.remember_me_until
-
-        session.remember_me = true
-        assert 3.months.from_now <= session.remember_me_until
-      end
-
-      def test_persist_persist_by_cookie
-        ben = users(:ben)
-        refute UserSession.find
-        set_cookie_for(ben)
-        assert session = UserSession.find
-        assert_equal ben, session.record
-      end
-
-      def test_persist_persist_by_cookie_with_blank_persistence_token
-        ben = users(:ben)
-        ben.update_column(:persistence_token, "")
-        refute UserSession.find
-        set_cookie_for(ben)
-        refute UserSession.find
-      end
-
-      def test_remember_me_expired
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        session.remember_me = true
-        assert session.save
-        refute session.remember_me_expired?
-
-        session = UserSession.new(ben)
-        session.remember_me = false
-        assert session.save
-        refute session.remember_me_expired?
-      end
-
-      def test_after_save_save_cookie
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert session.save
-        assert_equal(
-          "#{ben.persistence_token}::#{ben.id}",
-          controller.cookies["user_credentials"]
-        )
-      end
-
-      def test_after_save_save_cookie_signed
-        ben = users(:ben)
-
-        assert_nil controller.cookies["user_credentials"]
-        payload = "#{ben.persistence_token}::#{ben.id}"
-
-        session = UserSession.new(ben)
-        session.sign_cookie = true
-        assert session.save
-        assert_equal payload, controller.cookies.signed["user_credentials"]
-        assert_equal(
-          "#{payload}--#{Digest::SHA1.hexdigest payload}",
-          controller.cookies.signed.parent_jar["user_credentials"]
-        )
-      end
-
-      def test_after_save_save_cookie_with_remember_me
-        Timecop.freeze do
-          ben = users(:ben)
-          session = UserSession.new(ben)
-          session.remember_me = true
-          assert session.save
-          assert_equal(
-            "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
-            controller.cookies["user_credentials"]
-          )
-        end
-      end
-
-      def test_after_save_save_cookie_with_same_site
-        session = UserSession.new(users(:ben))
-        session.same_site = "Strict"
-        assert session.save
-        assert_equal(
-          "Strict",
-          controller.cookies.set_cookies["user_credentials"][:same_site]
-        )
-      end
-
-      def test_after_destroy_destroy_cookie
-        ben = users(:ben)
-        set_cookie_for(ben)
-        session = UserSession.find
-        assert controller.cookies["user_credentials"]
-        assert session.destroy
-        refute controller.cookies["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/existence_test.rb

@@ -1,88 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module ExistenceTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      def test_create_with_good_credentials
-        ben = users(:ben)
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        refute session.new_session?
-      end
-
-      def test_create_with_bad_credentials
-        session = UserSession.create(login: "somelogin", password: "badpw2")
-        assert session.new_session?
-      end
-
-      def test_create_bang
-        ben = users(:ben)
-        err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
-          UserSession.create!(login: ben.login, password: "badpw")
-        end
-        assert_includes err.message, "Password is not valid"
-        refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_new_session
-        session = UserSession.new
-        assert session.new_session?
-
-        set_session_for(users(:ben))
-        session = UserSession.find
-        refute session.new_session?
-      end
-
-      def test_save_with_nothing
-        session = UserSession.new
-        refute session.save
-        assert session.new_session?
-      end
-
-      def test_save_with_block
-        session = UserSession.new
-        block_result = session.save do |result|
-          refute result
-        end
-        refute block_result
-        assert session.new_session?
-      end
-
-      def test_save_with_bang
-        session = UserSession.new
-        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
-
-        session.unauthorized_record = users(:ben)
-        assert_nothing_raised { session.save! }
-      end
-
-      def test_destroy
-        ben = users(:ben)
-        session = UserSession.new
-        refute session.valid?
-        refute session.errors.empty?
-        assert session.destroy
-        assert session.errors.empty?
-        session.unauthorized_record = ben
-        assert session.save
-        assert session.record
-        assert session.destroy
-        refute session.record
-      end
-    end
-
-    class SessionInvalidErrorTest < ActiveSupport::TestCase
-      def test_message
-        session = UserSession.new
-        assert !session.valid?
-        error = Authlogic::Session::Existence::SessionInvalidError.new(session)
-        message = "Your session is invalid and has the following errors: " +
-          session.errors.full_messages.to_sentence
-        assert_equal message, error.message
-      end
-    end
-  end
-end

data/test/session_test/foundation_test.rb

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-# We forbid the use of AC::Parameters, and we have a test to that effect, but we
-# do not want a development dependency on `actionpack`, so we define it here.
-module ActionController
-  class Parameters; end
-end
-
-module SessionTest
-  class FoundationTest < ActiveSupport::TestCase
-    def test_credentials_raise_if_not_a_hash
-      session = UserSession.new
-      e = assert_raises(TypeError) {
-        session.credentials = ActionController::Parameters.new
-      }
-      assert_equal(
-        ::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
-        e.message
-      )
-    end
-  end
-end

data/test/session_test/http_auth_test.rb

@@ -1,60 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class HttpAuthTest < ActiveSupport::TestCase
-    class ConfigTest < ActiveSupport::TestCase
-      def test_allow_http_basic_auth
-        UserSession.allow_http_basic_auth = false
-        assert_equal false, UserSession.allow_http_basic_auth
-
-        UserSession.allow_http_basic_auth true
-        assert_equal true, UserSession.allow_http_basic_auth
-      end
-
-      def test_request_http_basic_auth
-        UserSession.request_http_basic_auth = true
-        assert_equal true, UserSession.request_http_basic_auth
-
-        UserSession.request_http_basic_auth = false
-        assert_equal false, UserSession.request_http_basic_auth
-      end
-
-      def test_http_basic_auth_realm
-        assert_equal "Application", UserSession.http_basic_auth_realm
-        UserSession.http_basic_auth_realm = "TestRealm"
-        assert_equal "TestRealm", UserSession.http_basic_auth_realm
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_http_auth
-        UserSession.allow_http_basic_auth = true
-
-        aaron = users(:aaron)
-        http_basic_auth_for do
-          refute UserSession.find
-        end
-        http_basic_auth_for(aaron) do
-          assert session = UserSession.find
-          assert_equal aaron, session.record
-          assert_equal aaron.login, session.login
-          assert_equal "aaronrocks", session.send(:protected_password)
-          refute controller.http_auth_requested?
-        end
-        unset_session
-        UserSession.request_http_basic_auth = true
-        UserSession.http_basic_auth_realm = "PersistTestRealm"
-        http_basic_auth_for(aaron) do
-          assert session = UserSession.find
-          assert_equal aaron, session.record
-          assert_equal aaron.login, session.login
-          assert_equal "aaronrocks", session.send(:protected_password)
-          assert_equal "PersistTestRealm", controller.realm
-          assert controller.http_auth_requested?
-        end
-      end
-    end
-  end
-end

data/test/session_test/id_test.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class IdTest < ActiveSupport::TestCase
-    def test_credentials
-      session = UserSession.new
-      session.credentials = [:my_id]
-      assert_equal :my_id, session.id
-    end
-
-    def test_id
-      session = UserSession.new
-      session.id = :my_id
-      assert_equal :my_id, session.id
-    end
-  end
-end