authlogic 4.4.2 → 5.0.3

data/lib/authlogic/session/unauthorized_record.rb

@@ -1,56 +0,0 @@
-module Authlogic
-  module Session
-    # Allows you to create session with an object. Ex:
-    #
-    #   UserSession.create(my_user_object)
-    #
-    # Be careful with this, because Authlogic is assuming that you have already
-    # confirmed that the user is who he says he is.
-    #
-    # For example, this is the method used to persist the session internally.
-    # Authlogic finds the user with the persistence token. At this point we know
-    # the user is who he says he is, so Authlogic just creates a session with
-    # the record. This is particularly useful for 3rd party authentication
-    # methods, such as OpenID. Let that method verify the identity, once it's
-    # verified, pass the object and create a session.
-    module UnauthorizedRecord
-      def self.included(klass)
-        klass.class_eval do
-          attr_accessor :unauthorized_record
-          validate(
-            :validate_by_unauthorized_record,
-            if: :authenticating_with_unauthorized_record?
-          )
-        end
-      end
-
-      # Returning meaningful credentials
-      def credentials
-        if authenticating_with_unauthorized_record?
-          details = {}
-          details[:unauthorized_record] = "<protected>"
-          details
-        else
-          super
-        end
-      end
-
-      # Setting the unauthorized record if it exists in the credentials passed.
-      def credentials=(value)
-        super
-        values = value.is_a?(Array) ? value : [value]
-        self.unauthorized_record = values.first if values.first.class < ::ActiveRecord::Base
-      end
-
-      private
-
-      def authenticating_with_unauthorized_record?
-        !unauthorized_record.nil?
-      end
-
-      def validate_by_unauthorized_record
-        self.attempted_record = unauthorized_record
-      end
-    end
-  end
-end

data/lib/authlogic/session/validation.rb

@@ -1,93 +0,0 @@
-module Authlogic
-  module Session
-    # Responsible for session validation
-    module Validation
-      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses
-      # the exact same ActiveRecord errors class. Use it the same way:
-      #
-      #   class UserSession
-      #     validate :check_if_awesome
-      #
-      #     private
-      #       def check_if_awesome
-      #         errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #         errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
-      #       end
-      #   end
-      class Errors < (defined?(::ActiveModel) ? ::ActiveModel::Errors : ::ActiveRecord::Errors)
-        unless defined?(::ActiveModel)
-          def [](key)
-            value = super
-            value.is_a?(Array) ? value : [value].compact
-          end
-        end
-      end
-
-      # You should use this as a place holder for any records that you find
-      # during validation. The main reason for this is to allow other modules to
-      # use it if needed. Take the failed_login_count feature, it needs this in
-      # order to increase the failed login count.
-      def attempted_record
-        @attempted_record
-      end
-
-      # See attempted_record
-      def attempted_record=(value)
-        @attempted_record = value
-      end
-
-      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses
-      # the exact same ActiveRecord errors class. Use it the same way:
-      #
-      # === Example
-      #
-      #  class UserSession
-      #    before_validation :check_if_awesome
-      #
-      #    private
-      #      def check_if_awesome
-      #        errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #        errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
-      #      end
-      #  end
-      def errors
-        @errors ||= Errors.new(self)
-      end
-
-      # Determines if the information you provided for authentication is valid
-      # or not. If there is a problem with the information provided errors will
-      # be added to the errors object and this method will return false.
-      def valid?
-        errors.clear
-        self.attempted_record = nil
-
-        before_validation
-        new_session? ? before_validation_on_create : before_validation_on_update
-        validate
-        ensure_authentication_attempted
-
-        if errors.empty?
-          new_session? ? after_validation_on_create : after_validation_on_update
-          after_validation
-        end
-
-        save_record(attempted_record)
-        errors.empty?
-      end
-
-      private
-
-      def ensure_authentication_attempted
-        if errors.empty? && attempted_record.nil?
-          errors.add(
-            :base,
-            I18n.t(
-              "error_messages.no_authentication_details",
-              default: "You did not provide any details for authentication."
-            )
-          )
-        end
-      end
-    end
-  end
-end

data/test/acts_as_authentic_test/base_test.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module ActsAsAuthenticTest
-  class BaseTest < ActiveSupport::TestCase
-    def test_acts_as_authentic
-      assert_nothing_raised do
-        User.acts_as_authentic do
-        end
-      end
-    end
-
-    def test_acts_as_authentic_with_old_config
-      assert_raise(ArgumentError) do
-        User.acts_as_authentic({})
-      end
-    end
-
-    def test_acts_as_authentic_with_no_table
-      klass = Class.new(ActiveRecord::Base)
-      assert_nothing_raised do
-        klass.acts_as_authentic
-      end
-    end
-  end
-end

data/test/acts_as_authentic_test/email_test.rb

@@ -1,241 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module ActsAsAuthenticTest
-  class EmailTest < ActiveSupport::TestCase
-    GOOD_ASCII_EMAILS = [
-      "a@a.com",
-      "damien+test1...etc..@mydomain.com",
-      "dakota.dux+1@gmail.com",
-      "dakota.d'ux@gmail.com",
-      "a&b@c.com",
-      "someuser@somedomain.travelersinsurance"
-    ].freeze
-
-    BAD_ASCII_EMAILS = [
-      "",
-      "aaaaaaaaaaaaa",
-      "question?mark@gmail.com",
-      "backslash@g\\mail.com",
-      "<script>alert(123);</script>\nnobody@example.com",
-      "someuser@somedomain.isreallytoolongandimeanreallytoolong"
-    ].freeze
-
-    # http://en.wikipedia.org/wiki/ISO/IEC_8859-1#Codepage_layout
-    GOOD_ISO88591_EMAILS = [
-      "töm.öm@dömain.fi",  # https://github.com/binarylogic/authlogic/issues/176
-      "Pelé@examplé.com",  # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-    ].freeze
-
-    BAD_ISO88591_EMAILS = [
-      "",
-      "öm(@ava.fi",      # L paren
-      "é)@domain.com",   # R paren
-      "é[@example.com",  # L bracket
-      "question?mark@gmail.com",  # question mark
-      "back\\slash@gmail.com",    # backslash
-    ].freeze
-
-    GOOD_UTF8_EMAILS = [
-      "δκιμή@παράδεγμα.δοκμή", # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-      "我本@屋企.香港",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-      "甲斐@黒川.日買",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-      "чебурша@ящик-с-пельнами.рф", # Contains dashes in domain head
-      "企斐@黒川.みんな", #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
-    ].freeze
-
-    BAD_UTF8_EMAILS = [
-      "",
-      ".みんな", #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
-      "δκιμή@παράδεγμα.δ",          # short TLD
-      "öm(@ava.fi",                 # L paren
-      "é)@domain.com",              # R paren
-      "é[@example.com",             # L bracket
-      "δ]@πράιγμα.δοκμή",           # R bracket
-      "我\.香港",                    # slash
-      "甲;.日本",                    # semicolon
-      "ч:@ящик-с-пельнами.рф", # colon
-      "斐,.みんな", #  comma
-      "香<.香港",                    # less than
-      "我>.香港",                    # greater than
-      "我?本@屋企.香港", # question mark
-      "чебурша@ьн\\ами.рф", # backslash
-      "user@domain.com%0A<script>alert('hello')</script>"
-    ].freeze
-
-    def test_email_field_config
-      assert_equal :email, User.email_field
-      assert_equal :email, Employee.email_field
-
-      User.email_field = :nope
-      assert_equal :nope, User.email_field
-      User.email_field :email
-      assert_equal :email, User.email_field
-    end
-
-    def test_validate_email_field_config
-      assert User.validate_email_field
-      assert Employee.validate_email_field
-
-      User.validate_email_field = false
-      refute User.validate_email_field
-      User.validate_email_field true
-      assert User.validate_email_field
-    end
-
-    def test_validates_length_of_email_field_options_config
-      assert_equal({ maximum: 100 }, User.validates_length_of_email_field_options)
-      assert_equal({ maximum: 100 }, Employee.validates_length_of_email_field_options)
-
-      User.validates_length_of_email_field_options = { yes: "no" }
-      assert_equal({ yes: "no" }, User.validates_length_of_email_field_options)
-      User.validates_length_of_email_field_options(within: 6..100)
-      assert_equal({ within: 6..100 }, User.validates_length_of_email_field_options)
-    end
-
-    def test_validates_format_of_email_field_options_config
-      default = {
-        with: Authlogic::Regex::EMAIL,
-        message: proc do
-          I18n.t(
-            "error_messages.email_invalid",
-            default: "should look like an email address."
-          )
-        end
-      }
-      default_message = default.delete(:message).call
-
-      options = User.validates_format_of_email_field_options
-      message = options.delete(:message)
-      assert message.is_a?(Proc)
-      assert_equal default_message, message.call
-      assert_equal default, options
-
-      options = Employee.validates_format_of_email_field_options
-      message = options.delete(:message)
-      assert message.is_a?(Proc)
-      assert_equal default_message, message.call
-      assert_equal default, options
-
-      User.validates_format_of_email_field_options = { yes: "no" }
-      assert_equal({ yes: "no" }, User.validates_format_of_email_field_options)
-      User.validates_format_of_email_field_options default
-      assert_equal default, User.validates_format_of_email_field_options
-
-      with_email_nonascii = {
-        with: Authlogic::Regex::EMAIL_NONASCII,
-        message: proc do
-          I18n.t(
-            "error_messages.email_invalid_international",
-            default: "should look like an international email address."
-          )
-        end
-      }
-      User.validates_format_of_email_field_options = with_email_nonascii
-      assert_equal(with_email_nonascii, User.validates_format_of_email_field_options)
-      User.validates_format_of_email_field_options with_email_nonascii
-      assert_equal with_email_nonascii, User.validates_format_of_email_field_options
-    end
-
-    def test_deferred_error_message_translation
-      # ensure we successfully loaded the test locale
-      assert I18n.available_locales.include?(:lol), "Test locale failed to load"
-
-      I18n.with_locale("lol") do
-        message = I18n.t("authlogic.error_messages.email_invalid")
-
-        cat = User.new
-        cat.email = "meow"
-        cat.valid?
-
-        # filter duplicate error messages
-        error = cat.errors[:email]
-        error = error.first if error.is_a?(Array)
-
-        assert_equal message, error
-      end
-    end
-
-    def test_validates_uniqueness_of_email_field_options_config
-      default = {
-        case_sensitive: false,
-        scope: Employee.validations_scope,
-        if: "#{Employee.email_field}_changed?".to_sym
-      }
-      assert_equal default, Employee.validates_uniqueness_of_email_field_options
-
-      Employee.validates_uniqueness_of_email_field_options = { yes: "no" }
-      assert_equal({ yes: "no" }, Employee.validates_uniqueness_of_email_field_options)
-      Employee.validates_uniqueness_of_email_field_options default
-      assert_equal default, Employee.validates_uniqueness_of_email_field_options
-    end
-
-    def test_validates_length_of_email_field
-      u = User.new
-      u.email = "a@a.a"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a@a.com"
-      refute u.valid?
-      assert u.errors[:email].empty?
-    end
-
-    def test_validates_format_of_email_field
-      u = User.new
-      u.email = "aaaaaaaaaaaaa"
-      u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a@a.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "damien+test1...etc..@mydomain.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "dakota.dux+1@gmail.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "dakota.d'ux@gmail.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "<script>alert(123);</script>\nnobody@example.com"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a&b@c.com"
-      u.valid?
-      assert u.errors[:email].empty?
-    end
-
-    def test_validates_format_of_nonascii_email_field
-      (GOOD_ASCII_EMAILS + GOOD_ISO88591_EMAILS + GOOD_UTF8_EMAILS).each do |e|
-        assert e =~ Authlogic::Regex::EMAIL_NONASCII, "Good email should validate: #{e}"
-      end
-
-      (BAD_ASCII_EMAILS + BAD_ISO88591_EMAILS + BAD_UTF8_EMAILS).each do |e|
-        assert e !~ Authlogic::Regex::EMAIL_NONASCII, "Bad email should not validate: #{e}"
-      end
-    end
-
-    def test_validates_uniqueness_of_email_field
-      u = User.new
-      u.email = "bjohnson@binarylogic.com"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "BJOHNSON@binarylogic.com"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a@a.com"
-      refute u.valid?
-      assert u.errors[:email].empty?
-    end
-  end
-end

data/test/acts_as_authentic_test/logged_in_status_test.rb

@@ -1,64 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module ActsAsAuthenticTest
-  class LoggedInStatusTest < ActiveSupport::TestCase
-    ERROR_MSG = "Multiple calls to %s should result in different relations"
-
-    def test_logged_in_timeout_config
-      assert_equal 10.minutes.to_i, User.logged_in_timeout
-      assert_equal 10.minutes.to_i, Employee.logged_in_timeout
-
-      User.logged_in_timeout = 1.hour
-      assert_equal 1.hour.to_i, User.logged_in_timeout
-      User.logged_in_timeout 10.minutes
-      assert_equal 10.minutes.to_i, User.logged_in_timeout
-    end
-
-    def test_named_scope_logged_in
-      # Testing that the scope returned differs, because the time it was called should be
-      # slightly different. This is an attempt to make sure the scope is lambda wrapped
-      # so that it is re-evaluated every time its called. My biggest concern is that the
-      # test happens so fast that the test fails... I just don't know a better way to test it!
-
-      # for rails 5 I've changed the where_values to to_sql to compare
-
-      query1 = User.logged_in.to_sql
-      sleep 0.1
-      query2 = User.logged_in.to_sql
-      assert query1 != query2, ERROR_MSG % "#logged_in"
-
-      assert_equal 0, User.logged_in.count
-      user = User.first
-      user.last_request_at = Time.now
-      user.current_login_at = Time.now
-      user.save!
-      assert_equal 1, User.logged_in.count
-    end
-
-    def test_named_scope_logged_out
-      # Testing that the scope returned differs, because the time it was called should be
-      # slightly different. This is an attempt to make sure the scope is lambda wrapped
-      # so that it is re-evaluated every time its called. My biggest concern is that the
-      # test happens so fast that the test fails... I just don't know a better way to test it!
-
-      # for rails 5 I've changed the where_values to to_sql to compare
-
-      assert User.logged_in.to_sql != User.logged_out.to_sql, ERROR_MSG % "#logged_out"
-
-      assert_equal 3, User.logged_out.count
-      User.first.update_attribute(:last_request_at, Time.now)
-      assert_equal 2, User.logged_out.count
-    end
-
-    def test_logged_in_logged_out
-      u = User.first
-      refute u.logged_in?
-      assert u.logged_out?
-      u.last_request_at = Time.now
-      assert u.logged_in?
-      refute u.logged_out?
-    end
-  end
-end