authlogic 4.4.2 → 5.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/authlogic.rb +4 -28
- data/lib/authlogic/acts_as_authentic/base.rb +3 -18
- data/lib/authlogic/acts_as_authentic/email.rb +3 -170
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +3 -1
- data/lib/authlogic/acts_as_authentic/login.rb +7 -174
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +7 -4
- data/lib/authlogic/acts_as_authentic/password.rb +54 -253
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +8 -5
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -4
- data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb +53 -0
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +36 -20
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +8 -6
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +10 -8
- data/lib/authlogic/config.rb +9 -1
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +7 -4
- data/lib/authlogic/controller_adapters/rack_adapter.rb +2 -0
- data/lib/authlogic/controller_adapters/rails_adapter.rb +19 -19
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +6 -0
- data/lib/authlogic/cookie_credentials.rb +63 -0
- data/lib/authlogic/crypto_providers.rb +5 -20
- data/lib/authlogic/crypto_providers/bcrypt.rb +3 -3
- data/lib/authlogic/crypto_providers/md5.rb +3 -6
- data/lib/authlogic/crypto_providers/scrypt.rb +2 -0
- data/lib/authlogic/crypto_providers/sha1.rb +4 -6
- data/lib/authlogic/crypto_providers/sha256.rb +2 -0
- data/lib/authlogic/crypto_providers/sha512.rb +6 -5
- data/lib/authlogic/i18n.rb +3 -1
- data/lib/authlogic/i18n/translator.rb +3 -0
- data/lib/authlogic/random.rb +2 -0
- data/lib/authlogic/session/base.rb +2087 -39
- data/lib/authlogic/session/magic_column/assigns_last_request_at.rb +46 -0
- data/lib/authlogic/test_case.rb +4 -0
- data/lib/authlogic/test_case/mock_controller.rb +2 -0
- data/lib/authlogic/test_case/mock_cookie_jar.rb +7 -0
- data/lib/authlogic/test_case/mock_logger.rb +2 -0
- data/lib/authlogic/test_case/mock_request.rb +2 -0
- data/lib/authlogic/test_case/rails_request_adapter.rb +2 -0
- data/lib/authlogic/version.rb +2 -1
- metadata +136 -182
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -28
- data/.github/ISSUE_TEMPLATE/feature_proposal.md +0 -32
- data/.github/triage.md +0 -86
- data/.gitignore +0 -15
- data/.rubocop.yml +0 -133
- data/.rubocop_todo.yml +0 -74
- data/.travis.yml +0 -24
- data/CHANGELOG.md +0 -326
- data/CONTRIBUTING.md +0 -91
- data/Gemfile +0 -6
- data/LICENSE +0 -20
- data/README.md +0 -439
- data/Rakefile +0 -21
- data/UPGRADING.md +0 -22
- data/authlogic.gemspec +0 -40
- data/doc/use_normal_rails_validation.md +0 -82
- data/gemfiles/Gemfile.rails-4.2.x +0 -6
- data/gemfiles/Gemfile.rails-5.1.x +0 -6
- data/gemfiles/Gemfile.rails-5.2.x +0 -6
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +0 -106
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +0 -35
- data/lib/authlogic/authenticates_many/association.rb +0 -50
- data/lib/authlogic/authenticates_many/base.rb +0 -81
- data/lib/authlogic/crypto_providers/aes256.rb +0 -71
- data/lib/authlogic/crypto_providers/wordpress.rb +0 -72
- data/lib/authlogic/regex.rb +0 -79
- data/lib/authlogic/session/activation.rb +0 -73
- data/lib/authlogic/session/active_record_trickery.rb +0 -65
- data/lib/authlogic/session/brute_force_protection.rb +0 -127
- data/lib/authlogic/session/callbacks.rb +0 -153
- data/lib/authlogic/session/cookies.rb +0 -296
- data/lib/authlogic/session/existence.rb +0 -103
- data/lib/authlogic/session/foundation.rb +0 -105
- data/lib/authlogic/session/http_auth.rb +0 -107
- data/lib/authlogic/session/id.rb +0 -53
- data/lib/authlogic/session/klass.rb +0 -73
- data/lib/authlogic/session/magic_columns.rb +0 -119
- data/lib/authlogic/session/magic_states.rb +0 -82
- data/lib/authlogic/session/params.rb +0 -130
- data/lib/authlogic/session/password.rb +0 -318
- data/lib/authlogic/session/perishable_token.rb +0 -24
- data/lib/authlogic/session/persistence.rb +0 -77
- data/lib/authlogic/session/priority_record.rb +0 -38
- data/lib/authlogic/session/scopes.rb +0 -138
- data/lib/authlogic/session/session.rb +0 -77
- data/lib/authlogic/session/timeout.rb +0 -103
- data/lib/authlogic/session/unauthorized_record.rb +0 -56
- data/lib/authlogic/session/validation.rb +0 -93
- data/test/acts_as_authentic_test/base_test.rb +0 -27
- data/test/acts_as_authentic_test/email_test.rb +0 -241
- data/test/acts_as_authentic_test/logged_in_status_test.rb +0 -64
- data/test/acts_as_authentic_test/login_test.rb +0 -153
- data/test/acts_as_authentic_test/magic_columns_test.rb +0 -29
- data/test/acts_as_authentic_test/password_test.rb +0 -263
- data/test/acts_as_authentic_test/perishable_token_test.rb +0 -98
- data/test/acts_as_authentic_test/persistence_token_test.rb +0 -62
- data/test/acts_as_authentic_test/restful_authentication_test.rb +0 -48
- data/test/acts_as_authentic_test/session_maintenance_test.rb +0 -150
- data/test/acts_as_authentic_test/single_access_test.rb +0 -46
- data/test/adapter_test.rb +0 -23
- data/test/authenticates_many_test.rb +0 -33
- data/test/config_test.rb +0 -38
- data/test/crypto_provider_test/aes256_test.rb +0 -16
- data/test/crypto_provider_test/bcrypt_test.rb +0 -16
- data/test/crypto_provider_test/scrypt_test.rb +0 -16
- data/test/crypto_provider_test/sha1_test.rb +0 -25
- data/test/crypto_provider_test/sha256_test.rb +0 -16
- data/test/crypto_provider_test/sha512_test.rb +0 -16
- data/test/crypto_provider_test/wordpress_test.rb +0 -26
- data/test/fixtures/companies.yml +0 -5
- data/test/fixtures/employees.yml +0 -17
- data/test/fixtures/projects.yml +0 -3
- data/test/fixtures/users.yml +0 -41
- data/test/i18n/lol.yml +0 -4
- data/test/i18n_test.rb +0 -35
- data/test/libs/affiliate.rb +0 -9
- data/test/libs/company.rb +0 -8
- data/test/libs/employee.rb +0 -9
- data/test/libs/employee_session.rb +0 -4
- data/test/libs/ldaper.rb +0 -5
- data/test/libs/project.rb +0 -5
- data/test/libs/user.rb +0 -9
- data/test/libs/user_session.rb +0 -27
- data/test/random_test.rb +0 -15
- data/test/session_test/activation_test.rb +0 -45
- data/test/session_test/active_record_trickery_test.rb +0 -78
- data/test/session_test/brute_force_protection_test.rb +0 -110
- data/test/session_test/callbacks_test.rb +0 -42
- data/test/session_test/cookies_test.rb +0 -226
- data/test/session_test/credentials_test.rb +0 -0
- data/test/session_test/existence_test.rb +0 -88
- data/test/session_test/foundation_test.rb +0 -24
- data/test/session_test/http_auth_test.rb +0 -60
- data/test/session_test/id_test.rb +0 -19
- data/test/session_test/klass_test.rb +0 -42
- data/test/session_test/magic_columns_test.rb +0 -62
- data/test/session_test/magic_states_test.rb +0 -60
- data/test/session_test/params_test.rb +0 -61
- data/test/session_test/password_test.rb +0 -107
- data/test/session_test/perishability_test.rb +0 -17
- data/test/session_test/persistence_test.rb +0 -35
- data/test/session_test/scopes_test.rb +0 -68
- data/test/session_test/session_test.rb +0 -80
- data/test/session_test/timeout_test.rb +0 -84
- data/test/session_test/unauthorized_record_test.rb +0 -15
- data/test/session_test/validation_test.rb +0 -25
- data/test/test_helper.rb +0 -272
@@ -1,25 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
module CryptoProviderTest
|
6
|
-
class Sha1Test < ActiveSupport::TestCase
|
7
|
-
def test_encrypt
|
8
|
-
assert Authlogic::CryptoProviders::Sha1.encrypt("mypass")
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_matches
|
12
|
-
hash = Authlogic::CryptoProviders::Sha1.encrypt("mypass")
|
13
|
-
assert Authlogic::CryptoProviders::Sha1.matches?(hash, "mypass")
|
14
|
-
end
|
15
|
-
|
16
|
-
def test_old_restful_authentication_passwords
|
17
|
-
password = "test"
|
18
|
-
salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
|
19
|
-
digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
|
20
|
-
Authlogic::CryptoProviders::Sha1.stretches = 1
|
21
|
-
assert Authlogic::CryptoProviders::Sha1.matches?(digest, nil, salt, password, nil)
|
22
|
-
Authlogic::CryptoProviders::Sha1.stretches = 10
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
module CryptoProviderTest
|
6
|
-
class Sha256Test < ActiveSupport::TestCase
|
7
|
-
def test_encrypt
|
8
|
-
assert Authlogic::CryptoProviders::Sha256.encrypt("mypass")
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_matches
|
12
|
-
hash = Authlogic::CryptoProviders::Sha256.encrypt("mypass")
|
13
|
-
assert Authlogic::CryptoProviders::Sha256.matches?(hash, "mypass")
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
module CryptoProviderTest
|
6
|
-
class Sha512Test < ActiveSupport::TestCase
|
7
|
-
def test_encrypt
|
8
|
-
assert Authlogic::CryptoProviders::Sha512.encrypt("mypass")
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_matches
|
12
|
-
hash = Authlogic::CryptoProviders::Sha512.encrypt("mypass")
|
13
|
-
assert Authlogic::CryptoProviders::Sha512.matches?(hash, "mypass")
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
::ActiveSupport::Deprecation.silence do
|
6
|
-
require "authlogic/crypto_providers/wordpress"
|
7
|
-
end
|
8
|
-
|
9
|
-
module CryptoProviderTest
|
10
|
-
class WordpressTest < ActiveSupport::TestCase
|
11
|
-
def test_matches
|
12
|
-
plain = "banana"
|
13
|
-
salt = "aaa"
|
14
|
-
crypted = "xxx0nope"
|
15
|
-
# I couldn't figure out how to even execute this method without it
|
16
|
-
# crashing. Maybe, when Jeffry wrote it in 2009, `Digest::MD5.digest`
|
17
|
-
# worked differently. He was probably using ruby 1.9 back then.
|
18
|
-
# Given that I can't even figure out how to run it, and for all the other
|
19
|
-
# reasons I've given in `wordpress.rb`, I'm just going to deprecate
|
20
|
-
# the whole file. -Jared 2018-04-09
|
21
|
-
assert_raises(NoMethodError) {
|
22
|
-
Authlogic::CryptoProviders::Wordpress.matches?(crypted, plain, salt)
|
23
|
-
}
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
data/test/fixtures/companies.yml
DELETED
data/test/fixtures/employees.yml
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
drew:
|
2
|
-
company: binary_logic
|
3
|
-
email: dgainor@binarylogic.com
|
4
|
-
password_salt: <%= salt = Authlogic::Random.hex_token %>
|
5
|
-
crypted_password: '<%= Employee.crypto_provider.encrypt("drewrocks" + salt) %>'
|
6
|
-
persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
|
7
|
-
first_name: Drew
|
8
|
-
last_name: Gainor
|
9
|
-
|
10
|
-
jennifer:
|
11
|
-
company: logic_over_data
|
12
|
-
email: jjohnson@logicoverdata.com
|
13
|
-
password_salt: <%= salt = Authlogic::Random.hex_token %>
|
14
|
-
crypted_password: '<%= Employee.crypto_provider.encrypt("jenniferocks" + salt) %>'
|
15
|
-
persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
|
16
|
-
first_name: Jennifer
|
17
|
-
last_name: Johnson
|
data/test/fixtures/projects.yml
DELETED
data/test/fixtures/users.yml
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
# NB :ben and :zack use the legacy crypto provider (Sha512) ... when they're
|
2
|
-
# tested for valid_password?() it will transition their password
|
3
|
-
# (re: test/libs/user.rb). This could have unintended side-effects (like auto-
|
4
|
-
# resetting their persistence token when checking password) -- one solution
|
5
|
-
# is to just switch in users(:aaron) for those tests.
|
6
|
-
ben:
|
7
|
-
company: binary_logic
|
8
|
-
projects: web_services
|
9
|
-
login: bjohnson
|
10
|
-
password_salt: <%= salt = Authlogic::Random.hex_token %>
|
11
|
-
crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
|
12
|
-
persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
|
13
|
-
single_access_token: <%= Authlogic::Random.friendly_token %>
|
14
|
-
perishable_token: <%= Authlogic::Random.friendly_token %>
|
15
|
-
email: bjohnson@binarylogic.com
|
16
|
-
first_name: Ben
|
17
|
-
last_name: Johnson
|
18
|
-
|
19
|
-
zack:
|
20
|
-
company: logic_over_data
|
21
|
-
projects: web_services
|
22
|
-
login: zackham
|
23
|
-
password_salt: <%= salt = Authlogic::Random.hex_token %>
|
24
|
-
crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
|
25
|
-
persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
|
26
|
-
single_access_token: <%= Authlogic::Random.friendly_token %>
|
27
|
-
email: zham@ziggityzack.com
|
28
|
-
first_name: Zack
|
29
|
-
last_name: Ham
|
30
|
-
|
31
|
-
aaron:
|
32
|
-
company: cigital
|
33
|
-
projects: web_services
|
34
|
-
login: abedra
|
35
|
-
crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("aaronrocks") %>
|
36
|
-
persistence_token: e3d853f5aa0dacac5c257d03c4e097a3a7f51b182a8fc4f62096d05e939b019855aff0290157ac854e4195f13284ff5223f1996d0fd073e7e360171de54db278
|
37
|
-
single_access_token: <%= Authlogic::Random.friendly_token %>
|
38
|
-
perishable_token: <%= Authlogic::Random.friendly_token %>
|
39
|
-
email: abedra@cigital.com
|
40
|
-
first_name: Aaron
|
41
|
-
last_name: Bedra
|
data/test/i18n/lol.yml
DELETED
data/test/i18n_test.rb
DELETED
@@ -1,35 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
class I18nTest < ActiveSupport::TestCase
|
6
|
-
def test_uses_authlogic_as_scope_by_default
|
7
|
-
assert_equal :authlogic, Authlogic::I18n.scope
|
8
|
-
end
|
9
|
-
|
10
|
-
def test_can_set_scope
|
11
|
-
assert_nothing_raised { Authlogic::I18n.scope = %i[a b] }
|
12
|
-
assert_equal %i[a b], Authlogic::I18n.scope
|
13
|
-
Authlogic::I18n.scope = :authlogic
|
14
|
-
end
|
15
|
-
|
16
|
-
def test_uses_built_in_translator_by_default
|
17
|
-
assert_equal Authlogic::I18n::Translator, Authlogic::I18n.translator.class
|
18
|
-
end
|
19
|
-
|
20
|
-
def test_can_set_custom_translator
|
21
|
-
old_translator = Authlogic::I18n.translator
|
22
|
-
|
23
|
-
assert_nothing_raised do
|
24
|
-
Authlogic::I18n.translator = Class.new do
|
25
|
-
def translate(key, _options = {})
|
26
|
-
"Translated: #{key}"
|
27
|
-
end
|
28
|
-
end.new
|
29
|
-
end
|
30
|
-
|
31
|
-
assert_equal "Translated: x", Authlogic::I18n.translate(:x)
|
32
|
-
|
33
|
-
Authlogic::I18n.translator = old_translator
|
34
|
-
end
|
35
|
-
end
|
data/test/libs/affiliate.rb
DELETED
data/test/libs/company.rb
DELETED
data/test/libs/employee.rb
DELETED
data/test/libs/ldaper.rb
DELETED
data/test/libs/project.rb
DELETED
data/test/libs/user.rb
DELETED
data/test/libs/user_session.rb
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UserSession < Authlogic::Session::Base
|
4
|
-
end
|
5
|
-
|
6
|
-
class BackOfficeUserSession < Authlogic::Session::Base
|
7
|
-
end
|
8
|
-
|
9
|
-
class WackyUserSession < Authlogic::Session::Base
|
10
|
-
attr_accessor :counter
|
11
|
-
authenticate_with User
|
12
|
-
|
13
|
-
def initialize
|
14
|
-
@counter = 0
|
15
|
-
super
|
16
|
-
end
|
17
|
-
|
18
|
-
def persist_by_false
|
19
|
-
self.counter += 1
|
20
|
-
false
|
21
|
-
end
|
22
|
-
|
23
|
-
def persist_by_true
|
24
|
-
self.counter += 1
|
25
|
-
true
|
26
|
-
end
|
27
|
-
end
|
data/test/random_test.rb
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
class RandomTest < ActiveSupport::TestCase
|
6
|
-
def test_that_hex_tokens_are_unique
|
7
|
-
tokens = Array.new(100) { Authlogic::Random.hex_token }
|
8
|
-
assert_equal tokens.size, tokens.uniq.size
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_that_friendly_tokens_are_unique
|
12
|
-
tokens = Array.new(100) { Authlogic::Random.friendly_token }
|
13
|
-
assert_equal tokens.size, tokens.uniq.size
|
14
|
-
end
|
15
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
module SessionTest
|
6
|
-
module ActivationTest
|
7
|
-
class ClassMethodsTest < ActiveSupport::TestCase
|
8
|
-
def test_activated
|
9
|
-
assert UserSession.activated?
|
10
|
-
Authlogic::Session::Base.controller = nil
|
11
|
-
refute UserSession.activated?
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_controller
|
15
|
-
Authlogic::Session::Base.controller = nil
|
16
|
-
assert_nil Authlogic::Session::Base.controller
|
17
|
-
thread1 = Thread.new do
|
18
|
-
controller = MockController.new
|
19
|
-
Authlogic::Session::Base.controller = controller
|
20
|
-
assert_equal controller, Authlogic::Session::Base.controller
|
21
|
-
end
|
22
|
-
thread1.join
|
23
|
-
|
24
|
-
assert_nil Authlogic::Session::Base.controller
|
25
|
-
|
26
|
-
thread2 = Thread.new do
|
27
|
-
controller = MockController.new
|
28
|
-
Authlogic::Session::Base.controller = controller
|
29
|
-
assert_equal controller, Authlogic::Session::Base.controller
|
30
|
-
end
|
31
|
-
thread2.join
|
32
|
-
|
33
|
-
assert_nil Authlogic::Session::Base.controller
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
class InstanceMethodsTest < ActiveSupport::TestCase
|
38
|
-
def test_init
|
39
|
-
UserSession.controller = nil
|
40
|
-
assert_raise(Authlogic::Session::Activation::NotActivatedError) { UserSession.new }
|
41
|
-
UserSession.controller = controller
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,78 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
module SessionTest
|
6
|
-
module ActiveRecordTrickeryTest
|
7
|
-
class ClassMethodsTest < ActiveSupport::TestCase
|
8
|
-
# If test_human_name is executed after test_i18n_of_human_name the test will fail.
|
9
|
-
i_suck_and_my_tests_are_order_dependent!
|
10
|
-
|
11
|
-
def test_human_attribute_name
|
12
|
-
assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
|
13
|
-
assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
|
14
|
-
end
|
15
|
-
|
16
|
-
def test_human_name
|
17
|
-
assert_equal "Usersession", UserSession.human_name
|
18
|
-
end
|
19
|
-
|
20
|
-
def test_i18n_of_human_name
|
21
|
-
I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
|
22
|
-
assert_equal "MySession", UserSession.human_name
|
23
|
-
end
|
24
|
-
|
25
|
-
def test_i18n_of_model_name_human
|
26
|
-
I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
|
27
|
-
assert_equal "MySession", UserSession.model_name.human
|
28
|
-
end
|
29
|
-
|
30
|
-
def test_model_name
|
31
|
-
assert_equal "UserSession", UserSession.model_name.name
|
32
|
-
assert_equal "user_session", UserSession.model_name.singular
|
33
|
-
assert_equal "user_sessions", UserSession.model_name.plural
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
class InstanceMethodsTest < ActiveSupport::TestCase
|
38
|
-
def test_new_record
|
39
|
-
session = UserSession.new
|
40
|
-
assert session.new_record?
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_to_key
|
44
|
-
ben = users(:ben)
|
45
|
-
session = UserSession.new(ben)
|
46
|
-
assert_nil session.to_key
|
47
|
-
|
48
|
-
session.save
|
49
|
-
assert_not_nil session.to_key
|
50
|
-
assert_equal ben.to_key, session.to_key
|
51
|
-
end
|
52
|
-
|
53
|
-
def test_persisted
|
54
|
-
session = UserSession.new(users(:ben))
|
55
|
-
refute session.persisted?
|
56
|
-
|
57
|
-
session.save
|
58
|
-
assert session.persisted?
|
59
|
-
|
60
|
-
session.destroy
|
61
|
-
refute session.persisted?
|
62
|
-
end
|
63
|
-
|
64
|
-
def test_destroyed?
|
65
|
-
session = UserSession.create(users(:ben))
|
66
|
-
refute session.destroyed?
|
67
|
-
|
68
|
-
session.destroy
|
69
|
-
assert session.destroyed?
|
70
|
-
end
|
71
|
-
|
72
|
-
def test_to_model
|
73
|
-
session = UserSession.new
|
74
|
-
assert_equal session, session.to_model
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
@@ -1,110 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "test_helper"
|
4
|
-
|
5
|
-
module SessionTest
|
6
|
-
module BruteForceProtectionTest
|
7
|
-
class ConfigTest < ActiveSupport::TestCase
|
8
|
-
def test_consecutive_failed_logins_limit
|
9
|
-
UserSession.consecutive_failed_logins_limit = 10
|
10
|
-
assert_equal 10, UserSession.consecutive_failed_logins_limit
|
11
|
-
|
12
|
-
UserSession.consecutive_failed_logins_limit 50
|
13
|
-
assert_equal 50, UserSession.consecutive_failed_logins_limit
|
14
|
-
end
|
15
|
-
|
16
|
-
def test_failed_login_ban_for
|
17
|
-
UserSession.failed_login_ban_for = 10
|
18
|
-
assert_equal 10, UserSession.failed_login_ban_for
|
19
|
-
|
20
|
-
UserSession.failed_login_ban_for 2.hours
|
21
|
-
assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
class InstanceMethodsTest < ActiveSupport::TestCase
|
26
|
-
def test_under_limit
|
27
|
-
ben = users(:ben)
|
28
|
-
ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
|
29
|
-
assert ben.save
|
30
|
-
session = UserSession.create(login: ben.login, password: "benrocks")
|
31
|
-
refute session.new_session?
|
32
|
-
end
|
33
|
-
|
34
|
-
def test_exceeded_limit
|
35
|
-
ben = users(:ben)
|
36
|
-
ben.failed_login_count = UserSession.consecutive_failed_logins_limit
|
37
|
-
assert ben.save
|
38
|
-
session = UserSession.create(login: ben.login, password: "benrocks")
|
39
|
-
assert session.new_session?
|
40
|
-
assert UserSession.create(ben).new_session?
|
41
|
-
ben.reload
|
42
|
-
ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
|
43
|
-
refute UserSession.create(ben).new_session?
|
44
|
-
end
|
45
|
-
|
46
|
-
def test_exceeding_failed_logins_limit
|
47
|
-
UserSession.consecutive_failed_logins_limit = 2
|
48
|
-
ben = users(:ben)
|
49
|
-
|
50
|
-
2.times do |i|
|
51
|
-
session = UserSession.new(login: ben.login, password: "badpassword1")
|
52
|
-
refute session.save
|
53
|
-
refute session.errors[:password].empty?
|
54
|
-
assert_equal i + 1, ben.reload.failed_login_count
|
55
|
-
end
|
56
|
-
|
57
|
-
session = UserSession.new(login: ben.login, password: "badpassword2")
|
58
|
-
refute session.save
|
59
|
-
assert session.errors[:password].empty?
|
60
|
-
assert_equal 3, ben.reload.failed_login_count
|
61
|
-
|
62
|
-
UserSession.consecutive_failed_logins_limit = 50
|
63
|
-
end
|
64
|
-
|
65
|
-
def test_exceeded_ban_for
|
66
|
-
UserSession.consecutive_failed_logins_limit = 2
|
67
|
-
UserSession.generalize_credentials_error_messages true
|
68
|
-
ben = users(:ben)
|
69
|
-
|
70
|
-
2.times do |i|
|
71
|
-
session = UserSession.new(login: ben.login, password: "badpassword1")
|
72
|
-
refute session.save
|
73
|
-
assert session.invalid_password?
|
74
|
-
assert_equal i + 1, ben.reload.failed_login_count
|
75
|
-
end
|
76
|
-
|
77
|
-
ActiveRecord::Base.connection.execute(
|
78
|
-
"update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
|
79
|
-
)
|
80
|
-
session = UserSession.new(login: ben.login, password: "benrocks")
|
81
|
-
assert session.save
|
82
|
-
assert_equal 0, ben.reload.failed_login_count
|
83
|
-
|
84
|
-
UserSession.consecutive_failed_logins_limit = 50
|
85
|
-
UserSession.generalize_credentials_error_messages false
|
86
|
-
end
|
87
|
-
|
88
|
-
def test_exceeded_ban_and_failed_doesnt_ban_again
|
89
|
-
UserSession.consecutive_failed_logins_limit = 2
|
90
|
-
ben = users(:ben)
|
91
|
-
|
92
|
-
2.times do |i|
|
93
|
-
session = UserSession.new(login: ben.login, password: "badpassword1")
|
94
|
-
refute session.save
|
95
|
-
refute session.errors[:password].empty?
|
96
|
-
assert_equal i + 1, ben.reload.failed_login_count
|
97
|
-
end
|
98
|
-
|
99
|
-
ActiveRecord::Base.connection.execute(
|
100
|
-
"update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
|
101
|
-
)
|
102
|
-
session = UserSession.new(login: ben.login, password: "badpassword1")
|
103
|
-
refute session.save
|
104
|
-
assert_equal 1, ben.reload.failed_login_count
|
105
|
-
|
106
|
-
UserSession.consecutive_failed_logins_limit = 50
|
107
|
-
end
|
108
|
-
end
|
109
|
-
end
|
110
|
-
end
|