authlogic 4.4.2 → 5.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (147) hide show
  1. checksums.yaml +5 -5
  2. data/lib/authlogic.rb +4 -28
  3. data/lib/authlogic/acts_as_authentic/base.rb +3 -18
  4. data/lib/authlogic/acts_as_authentic/email.rb +3 -170
  5. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +3 -1
  6. data/lib/authlogic/acts_as_authentic/login.rb +7 -174
  7. data/lib/authlogic/acts_as_authentic/magic_columns.rb +7 -4
  8. data/lib/authlogic/acts_as_authentic/password.rb +54 -253
  9. data/lib/authlogic/acts_as_authentic/perishable_token.rb +8 -5
  10. data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -4
  11. data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb +53 -0
  12. data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +36 -20
  13. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +8 -6
  14. data/lib/authlogic/acts_as_authentic/single_access_token.rb +10 -8
  15. data/lib/authlogic/config.rb +9 -1
  16. data/lib/authlogic/controller_adapters/abstract_adapter.rb +7 -4
  17. data/lib/authlogic/controller_adapters/rack_adapter.rb +2 -0
  18. data/lib/authlogic/controller_adapters/rails_adapter.rb +19 -19
  19. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +6 -0
  20. data/lib/authlogic/cookie_credentials.rb +63 -0
  21. data/lib/authlogic/crypto_providers.rb +5 -20
  22. data/lib/authlogic/crypto_providers/bcrypt.rb +3 -3
  23. data/lib/authlogic/crypto_providers/md5.rb +3 -6
  24. data/lib/authlogic/crypto_providers/scrypt.rb +2 -0
  25. data/lib/authlogic/crypto_providers/sha1.rb +4 -6
  26. data/lib/authlogic/crypto_providers/sha256.rb +2 -0
  27. data/lib/authlogic/crypto_providers/sha512.rb +6 -5
  28. data/lib/authlogic/i18n.rb +3 -1
  29. data/lib/authlogic/i18n/translator.rb +3 -0
  30. data/lib/authlogic/random.rb +2 -0
  31. data/lib/authlogic/session/base.rb +2087 -39
  32. data/lib/authlogic/session/magic_column/assigns_last_request_at.rb +46 -0
  33. data/lib/authlogic/test_case.rb +4 -0
  34. data/lib/authlogic/test_case/mock_controller.rb +2 -0
  35. data/lib/authlogic/test_case/mock_cookie_jar.rb +7 -0
  36. data/lib/authlogic/test_case/mock_logger.rb +2 -0
  37. data/lib/authlogic/test_case/mock_request.rb +2 -0
  38. data/lib/authlogic/test_case/rails_request_adapter.rb +2 -0
  39. data/lib/authlogic/version.rb +2 -1
  40. metadata +136 -182
  41. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -28
  42. data/.github/ISSUE_TEMPLATE/feature_proposal.md +0 -32
  43. data/.github/triage.md +0 -86
  44. data/.gitignore +0 -15
  45. data/.rubocop.yml +0 -133
  46. data/.rubocop_todo.yml +0 -74
  47. data/.travis.yml +0 -24
  48. data/CHANGELOG.md +0 -326
  49. data/CONTRIBUTING.md +0 -91
  50. data/Gemfile +0 -6
  51. data/LICENSE +0 -20
  52. data/README.md +0 -439
  53. data/Rakefile +0 -21
  54. data/UPGRADING.md +0 -22
  55. data/authlogic.gemspec +0 -40
  56. data/doc/use_normal_rails_validation.md +0 -82
  57. data/gemfiles/Gemfile.rails-4.2.x +0 -6
  58. data/gemfiles/Gemfile.rails-5.1.x +0 -6
  59. data/gemfiles/Gemfile.rails-5.2.x +0 -6
  60. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +0 -106
  61. data/lib/authlogic/acts_as_authentic/validations_scope.rb +0 -35
  62. data/lib/authlogic/authenticates_many/association.rb +0 -50
  63. data/lib/authlogic/authenticates_many/base.rb +0 -81
  64. data/lib/authlogic/crypto_providers/aes256.rb +0 -71
  65. data/lib/authlogic/crypto_providers/wordpress.rb +0 -72
  66. data/lib/authlogic/regex.rb +0 -79
  67. data/lib/authlogic/session/activation.rb +0 -73
  68. data/lib/authlogic/session/active_record_trickery.rb +0 -65
  69. data/lib/authlogic/session/brute_force_protection.rb +0 -127
  70. data/lib/authlogic/session/callbacks.rb +0 -153
  71. data/lib/authlogic/session/cookies.rb +0 -296
  72. data/lib/authlogic/session/existence.rb +0 -103
  73. data/lib/authlogic/session/foundation.rb +0 -105
  74. data/lib/authlogic/session/http_auth.rb +0 -107
  75. data/lib/authlogic/session/id.rb +0 -53
  76. data/lib/authlogic/session/klass.rb +0 -73
  77. data/lib/authlogic/session/magic_columns.rb +0 -119
  78. data/lib/authlogic/session/magic_states.rb +0 -82
  79. data/lib/authlogic/session/params.rb +0 -130
  80. data/lib/authlogic/session/password.rb +0 -318
  81. data/lib/authlogic/session/perishable_token.rb +0 -24
  82. data/lib/authlogic/session/persistence.rb +0 -77
  83. data/lib/authlogic/session/priority_record.rb +0 -38
  84. data/lib/authlogic/session/scopes.rb +0 -138
  85. data/lib/authlogic/session/session.rb +0 -77
  86. data/lib/authlogic/session/timeout.rb +0 -103
  87. data/lib/authlogic/session/unauthorized_record.rb +0 -56
  88. data/lib/authlogic/session/validation.rb +0 -93
  89. data/test/acts_as_authentic_test/base_test.rb +0 -27
  90. data/test/acts_as_authentic_test/email_test.rb +0 -241
  91. data/test/acts_as_authentic_test/logged_in_status_test.rb +0 -64
  92. data/test/acts_as_authentic_test/login_test.rb +0 -153
  93. data/test/acts_as_authentic_test/magic_columns_test.rb +0 -29
  94. data/test/acts_as_authentic_test/password_test.rb +0 -263
  95. data/test/acts_as_authentic_test/perishable_token_test.rb +0 -98
  96. data/test/acts_as_authentic_test/persistence_token_test.rb +0 -62
  97. data/test/acts_as_authentic_test/restful_authentication_test.rb +0 -48
  98. data/test/acts_as_authentic_test/session_maintenance_test.rb +0 -150
  99. data/test/acts_as_authentic_test/single_access_test.rb +0 -46
  100. data/test/adapter_test.rb +0 -23
  101. data/test/authenticates_many_test.rb +0 -33
  102. data/test/config_test.rb +0 -38
  103. data/test/crypto_provider_test/aes256_test.rb +0 -16
  104. data/test/crypto_provider_test/bcrypt_test.rb +0 -16
  105. data/test/crypto_provider_test/scrypt_test.rb +0 -16
  106. data/test/crypto_provider_test/sha1_test.rb +0 -25
  107. data/test/crypto_provider_test/sha256_test.rb +0 -16
  108. data/test/crypto_provider_test/sha512_test.rb +0 -16
  109. data/test/crypto_provider_test/wordpress_test.rb +0 -26
  110. data/test/fixtures/companies.yml +0 -5
  111. data/test/fixtures/employees.yml +0 -17
  112. data/test/fixtures/projects.yml +0 -3
  113. data/test/fixtures/users.yml +0 -41
  114. data/test/i18n/lol.yml +0 -4
  115. data/test/i18n_test.rb +0 -35
  116. data/test/libs/affiliate.rb +0 -9
  117. data/test/libs/company.rb +0 -8
  118. data/test/libs/employee.rb +0 -9
  119. data/test/libs/employee_session.rb +0 -4
  120. data/test/libs/ldaper.rb +0 -5
  121. data/test/libs/project.rb +0 -5
  122. data/test/libs/user.rb +0 -9
  123. data/test/libs/user_session.rb +0 -27
  124. data/test/random_test.rb +0 -15
  125. data/test/session_test/activation_test.rb +0 -45
  126. data/test/session_test/active_record_trickery_test.rb +0 -78
  127. data/test/session_test/brute_force_protection_test.rb +0 -110
  128. data/test/session_test/callbacks_test.rb +0 -42
  129. data/test/session_test/cookies_test.rb +0 -226
  130. data/test/session_test/credentials_test.rb +0 -0
  131. data/test/session_test/existence_test.rb +0 -88
  132. data/test/session_test/foundation_test.rb +0 -24
  133. data/test/session_test/http_auth_test.rb +0 -60
  134. data/test/session_test/id_test.rb +0 -19
  135. data/test/session_test/klass_test.rb +0 -42
  136. data/test/session_test/magic_columns_test.rb +0 -62
  137. data/test/session_test/magic_states_test.rb +0 -60
  138. data/test/session_test/params_test.rb +0 -61
  139. data/test/session_test/password_test.rb +0 -107
  140. data/test/session_test/perishability_test.rb +0 -17
  141. data/test/session_test/persistence_test.rb +0 -35
  142. data/test/session_test/scopes_test.rb +0 -68
  143. data/test/session_test/session_test.rb +0 -80
  144. data/test/session_test/timeout_test.rb +0 -84
  145. data/test/session_test/unauthorized_record_test.rb +0 -15
  146. data/test/session_test/validation_test.rb +0 -25
  147. data/test/test_helper.rb +0 -272
@@ -1,25 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module CryptoProviderTest
6
- class Sha1Test < ActiveSupport::TestCase
7
- def test_encrypt
8
- assert Authlogic::CryptoProviders::Sha1.encrypt("mypass")
9
- end
10
-
11
- def test_matches
12
- hash = Authlogic::CryptoProviders::Sha1.encrypt("mypass")
13
- assert Authlogic::CryptoProviders::Sha1.matches?(hash, "mypass")
14
- end
15
-
16
- def test_old_restful_authentication_passwords
17
- password = "test"
18
- salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
19
- digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
20
- Authlogic::CryptoProviders::Sha1.stretches = 1
21
- assert Authlogic::CryptoProviders::Sha1.matches?(digest, nil, salt, password, nil)
22
- Authlogic::CryptoProviders::Sha1.stretches = 10
23
- end
24
- end
25
- end
@@ -1,16 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module CryptoProviderTest
6
- class Sha256Test < ActiveSupport::TestCase
7
- def test_encrypt
8
- assert Authlogic::CryptoProviders::Sha256.encrypt("mypass")
9
- end
10
-
11
- def test_matches
12
- hash = Authlogic::CryptoProviders::Sha256.encrypt("mypass")
13
- assert Authlogic::CryptoProviders::Sha256.matches?(hash, "mypass")
14
- end
15
- end
16
- end
@@ -1,16 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module CryptoProviderTest
6
- class Sha512Test < ActiveSupport::TestCase
7
- def test_encrypt
8
- assert Authlogic::CryptoProviders::Sha512.encrypt("mypass")
9
- end
10
-
11
- def test_matches
12
- hash = Authlogic::CryptoProviders::Sha512.encrypt("mypass")
13
- assert Authlogic::CryptoProviders::Sha512.matches?(hash, "mypass")
14
- end
15
- end
16
- end
@@ -1,26 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- ::ActiveSupport::Deprecation.silence do
6
- require "authlogic/crypto_providers/wordpress"
7
- end
8
-
9
- module CryptoProviderTest
10
- class WordpressTest < ActiveSupport::TestCase
11
- def test_matches
12
- plain = "banana"
13
- salt = "aaa"
14
- crypted = "xxx0nope"
15
- # I couldn't figure out how to even execute this method without it
16
- # crashing. Maybe, when Jeffry wrote it in 2009, `Digest::MD5.digest`
17
- # worked differently. He was probably using ruby 1.9 back then.
18
- # Given that I can't even figure out how to run it, and for all the other
19
- # reasons I've given in `wordpress.rb`, I'm just going to deprecate
20
- # the whole file. -Jared 2018-04-09
21
- assert_raises(NoMethodError) {
22
- Authlogic::CryptoProviders::Wordpress.matches?(crypted, plain, salt)
23
- }
24
- end
25
- end
26
- end
@@ -1,5 +0,0 @@
1
- binary_logic:
2
- name: Binary Logic
3
-
4
- logic_over_data:
5
- name: Logic Over Data
@@ -1,17 +0,0 @@
1
- drew:
2
- company: binary_logic
3
- email: dgainor@binarylogic.com
4
- password_salt: <%= salt = Authlogic::Random.hex_token %>
5
- crypted_password: '<%= Employee.crypto_provider.encrypt("drewrocks" + salt) %>'
6
- persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
7
- first_name: Drew
8
- last_name: Gainor
9
-
10
- jennifer:
11
- company: logic_over_data
12
- email: jjohnson@logicoverdata.com
13
- password_salt: <%= salt = Authlogic::Random.hex_token %>
14
- crypted_password: '<%= Employee.crypto_provider.encrypt("jenniferocks" + salt) %>'
15
- persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
16
- first_name: Jennifer
17
- last_name: Johnson
@@ -1,3 +0,0 @@
1
- web_services:
2
- name: web services
3
- users: ben, zack
@@ -1,41 +0,0 @@
1
- # NB :ben and :zack use the legacy crypto provider (Sha512) ... when they're
2
- # tested for valid_password?() it will transition their password
3
- # (re: test/libs/user.rb). This could have unintended side-effects (like auto-
4
- # resetting their persistence token when checking password) -- one solution
5
- # is to just switch in users(:aaron) for those tests.
6
- ben:
7
- company: binary_logic
8
- projects: web_services
9
- login: bjohnson
10
- password_salt: <%= salt = Authlogic::Random.hex_token %>
11
- crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
12
- persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
13
- single_access_token: <%= Authlogic::Random.friendly_token %>
14
- perishable_token: <%= Authlogic::Random.friendly_token %>
15
- email: bjohnson@binarylogic.com
16
- first_name: Ben
17
- last_name: Johnson
18
-
19
- zack:
20
- company: logic_over_data
21
- projects: web_services
22
- login: zackham
23
- password_salt: <%= salt = Authlogic::Random.hex_token %>
24
- crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
25
- persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
26
- single_access_token: <%= Authlogic::Random.friendly_token %>
27
- email: zham@ziggityzack.com
28
- first_name: Zack
29
- last_name: Ham
30
-
31
- aaron:
32
- company: cigital
33
- projects: web_services
34
- login: abedra
35
- crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("aaronrocks") %>
36
- persistence_token: e3d853f5aa0dacac5c257d03c4e097a3a7f51b182a8fc4f62096d05e939b019855aff0290157ac854e4195f13284ff5223f1996d0fd073e7e360171de54db278
37
- single_access_token: <%= Authlogic::Random.friendly_token %>
38
- perishable_token: <%= Authlogic::Random.friendly_token %>
39
- email: abedra@cigital.com
40
- first_name: Aaron
41
- last_name: Bedra
data/test/i18n/lol.yml DELETED
@@ -1,4 +0,0 @@
1
- lol:
2
- authlogic:
3
- error_messages:
4
- email_invalid: LOL email should be valid.
data/test/i18n_test.rb DELETED
@@ -1,35 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- class I18nTest < ActiveSupport::TestCase
6
- def test_uses_authlogic_as_scope_by_default
7
- assert_equal :authlogic, Authlogic::I18n.scope
8
- end
9
-
10
- def test_can_set_scope
11
- assert_nothing_raised { Authlogic::I18n.scope = %i[a b] }
12
- assert_equal %i[a b], Authlogic::I18n.scope
13
- Authlogic::I18n.scope = :authlogic
14
- end
15
-
16
- def test_uses_built_in_translator_by_default
17
- assert_equal Authlogic::I18n::Translator, Authlogic::I18n.translator.class
18
- end
19
-
20
- def test_can_set_custom_translator
21
- old_translator = Authlogic::I18n.translator
22
-
23
- assert_nothing_raised do
24
- Authlogic::I18n.translator = Class.new do
25
- def translate(key, _options = {})
26
- "Translated: #{key}"
27
- end
28
- end.new
29
- end
30
-
31
- assert_equal "Translated: x", Authlogic::I18n.translate(:x)
32
-
33
- Authlogic::I18n.translator = old_translator
34
- end
35
- end
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Affiliate < ActiveRecord::Base
4
- acts_as_authentic do |c|
5
- c.crypted_password_field = :pw_hash
6
- end
7
-
8
- belongs_to :company
9
- end
data/test/libs/company.rb DELETED
@@ -1,8 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Company < ActiveRecord::Base
4
- authenticates_many :employee_sessions
5
- authenticates_many :user_sessions, scope_cookies: true
6
- has_many :employees, dependent: :destroy
7
- has_many :users, dependent: :destroy
8
- end
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Employee < ActiveRecord::Base
4
- acts_as_authentic do |c|
5
- c.crypto_provider Authlogic::CryptoProviders::AES256
6
- end
7
-
8
- belongs_to :company
9
- end
@@ -1,4 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class EmployeeSession < Authlogic::Session::Base
4
- end
data/test/libs/ldaper.rb DELETED
@@ -1,5 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Ldaper < ActiveRecord::Base
4
- acts_as_authentic
5
- end
data/test/libs/project.rb DELETED
@@ -1,5 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Project < ActiveRecord::Base
4
- has_and_belongs_to_many :users
5
- end
data/test/libs/user.rb DELETED
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class User < ActiveRecord::Base
4
- acts_as_authentic do |c|
5
- c.transition_from_crypto_providers Authlogic::CryptoProviders::Sha512
6
- end
7
- belongs_to :company
8
- has_and_belongs_to_many :projects
9
- end
@@ -1,27 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class UserSession < Authlogic::Session::Base
4
- end
5
-
6
- class BackOfficeUserSession < Authlogic::Session::Base
7
- end
8
-
9
- class WackyUserSession < Authlogic::Session::Base
10
- attr_accessor :counter
11
- authenticate_with User
12
-
13
- def initialize
14
- @counter = 0
15
- super
16
- end
17
-
18
- def persist_by_false
19
- self.counter += 1
20
- false
21
- end
22
-
23
- def persist_by_true
24
- self.counter += 1
25
- true
26
- end
27
- end
data/test/random_test.rb DELETED
@@ -1,15 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- class RandomTest < ActiveSupport::TestCase
6
- def test_that_hex_tokens_are_unique
7
- tokens = Array.new(100) { Authlogic::Random.hex_token }
8
- assert_equal tokens.size, tokens.uniq.size
9
- end
10
-
11
- def test_that_friendly_tokens_are_unique
12
- tokens = Array.new(100) { Authlogic::Random.friendly_token }
13
- assert_equal tokens.size, tokens.uniq.size
14
- end
15
- end
@@ -1,45 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- module ActivationTest
7
- class ClassMethodsTest < ActiveSupport::TestCase
8
- def test_activated
9
- assert UserSession.activated?
10
- Authlogic::Session::Base.controller = nil
11
- refute UserSession.activated?
12
- end
13
-
14
- def test_controller
15
- Authlogic::Session::Base.controller = nil
16
- assert_nil Authlogic::Session::Base.controller
17
- thread1 = Thread.new do
18
- controller = MockController.new
19
- Authlogic::Session::Base.controller = controller
20
- assert_equal controller, Authlogic::Session::Base.controller
21
- end
22
- thread1.join
23
-
24
- assert_nil Authlogic::Session::Base.controller
25
-
26
- thread2 = Thread.new do
27
- controller = MockController.new
28
- Authlogic::Session::Base.controller = controller
29
- assert_equal controller, Authlogic::Session::Base.controller
30
- end
31
- thread2.join
32
-
33
- assert_nil Authlogic::Session::Base.controller
34
- end
35
- end
36
-
37
- class InstanceMethodsTest < ActiveSupport::TestCase
38
- def test_init
39
- UserSession.controller = nil
40
- assert_raise(Authlogic::Session::Activation::NotActivatedError) { UserSession.new }
41
- UserSession.controller = controller
42
- end
43
- end
44
- end
45
- end
@@ -1,78 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- module ActiveRecordTrickeryTest
7
- class ClassMethodsTest < ActiveSupport::TestCase
8
- # If test_human_name is executed after test_i18n_of_human_name the test will fail.
9
- i_suck_and_my_tests_are_order_dependent!
10
-
11
- def test_human_attribute_name
12
- assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
13
- assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
14
- end
15
-
16
- def test_human_name
17
- assert_equal "Usersession", UserSession.human_name
18
- end
19
-
20
- def test_i18n_of_human_name
21
- I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
22
- assert_equal "MySession", UserSession.human_name
23
- end
24
-
25
- def test_i18n_of_model_name_human
26
- I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
27
- assert_equal "MySession", UserSession.model_name.human
28
- end
29
-
30
- def test_model_name
31
- assert_equal "UserSession", UserSession.model_name.name
32
- assert_equal "user_session", UserSession.model_name.singular
33
- assert_equal "user_sessions", UserSession.model_name.plural
34
- end
35
- end
36
-
37
- class InstanceMethodsTest < ActiveSupport::TestCase
38
- def test_new_record
39
- session = UserSession.new
40
- assert session.new_record?
41
- end
42
-
43
- def test_to_key
44
- ben = users(:ben)
45
- session = UserSession.new(ben)
46
- assert_nil session.to_key
47
-
48
- session.save
49
- assert_not_nil session.to_key
50
- assert_equal ben.to_key, session.to_key
51
- end
52
-
53
- def test_persisted
54
- session = UserSession.new(users(:ben))
55
- refute session.persisted?
56
-
57
- session.save
58
- assert session.persisted?
59
-
60
- session.destroy
61
- refute session.persisted?
62
- end
63
-
64
- def test_destroyed?
65
- session = UserSession.create(users(:ben))
66
- refute session.destroyed?
67
-
68
- session.destroy
69
- assert session.destroyed?
70
- end
71
-
72
- def test_to_model
73
- session = UserSession.new
74
- assert_equal session, session.to_model
75
- end
76
- end
77
- end
78
- end
@@ -1,110 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- module BruteForceProtectionTest
7
- class ConfigTest < ActiveSupport::TestCase
8
- def test_consecutive_failed_logins_limit
9
- UserSession.consecutive_failed_logins_limit = 10
10
- assert_equal 10, UserSession.consecutive_failed_logins_limit
11
-
12
- UserSession.consecutive_failed_logins_limit 50
13
- assert_equal 50, UserSession.consecutive_failed_logins_limit
14
- end
15
-
16
- def test_failed_login_ban_for
17
- UserSession.failed_login_ban_for = 10
18
- assert_equal 10, UserSession.failed_login_ban_for
19
-
20
- UserSession.failed_login_ban_for 2.hours
21
- assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
22
- end
23
- end
24
-
25
- class InstanceMethodsTest < ActiveSupport::TestCase
26
- def test_under_limit
27
- ben = users(:ben)
28
- ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
29
- assert ben.save
30
- session = UserSession.create(login: ben.login, password: "benrocks")
31
- refute session.new_session?
32
- end
33
-
34
- def test_exceeded_limit
35
- ben = users(:ben)
36
- ben.failed_login_count = UserSession.consecutive_failed_logins_limit
37
- assert ben.save
38
- session = UserSession.create(login: ben.login, password: "benrocks")
39
- assert session.new_session?
40
- assert UserSession.create(ben).new_session?
41
- ben.reload
42
- ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
43
- refute UserSession.create(ben).new_session?
44
- end
45
-
46
- def test_exceeding_failed_logins_limit
47
- UserSession.consecutive_failed_logins_limit = 2
48
- ben = users(:ben)
49
-
50
- 2.times do |i|
51
- session = UserSession.new(login: ben.login, password: "badpassword1")
52
- refute session.save
53
- refute session.errors[:password].empty?
54
- assert_equal i + 1, ben.reload.failed_login_count
55
- end
56
-
57
- session = UserSession.new(login: ben.login, password: "badpassword2")
58
- refute session.save
59
- assert session.errors[:password].empty?
60
- assert_equal 3, ben.reload.failed_login_count
61
-
62
- UserSession.consecutive_failed_logins_limit = 50
63
- end
64
-
65
- def test_exceeded_ban_for
66
- UserSession.consecutive_failed_logins_limit = 2
67
- UserSession.generalize_credentials_error_messages true
68
- ben = users(:ben)
69
-
70
- 2.times do |i|
71
- session = UserSession.new(login: ben.login, password: "badpassword1")
72
- refute session.save
73
- assert session.invalid_password?
74
- assert_equal i + 1, ben.reload.failed_login_count
75
- end
76
-
77
- ActiveRecord::Base.connection.execute(
78
- "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
79
- )
80
- session = UserSession.new(login: ben.login, password: "benrocks")
81
- assert session.save
82
- assert_equal 0, ben.reload.failed_login_count
83
-
84
- UserSession.consecutive_failed_logins_limit = 50
85
- UserSession.generalize_credentials_error_messages false
86
- end
87
-
88
- def test_exceeded_ban_and_failed_doesnt_ban_again
89
- UserSession.consecutive_failed_logins_limit = 2
90
- ben = users(:ben)
91
-
92
- 2.times do |i|
93
- session = UserSession.new(login: ben.login, password: "badpassword1")
94
- refute session.save
95
- refute session.errors[:password].empty?
96
- assert_equal i + 1, ben.reload.failed_login_count
97
- end
98
-
99
- ActiveRecord::Base.connection.execute(
100
- "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
101
- )
102
- session = UserSession.new(login: ben.login, password: "badpassword1")
103
- refute session.save
104
- assert_equal 1, ben.reload.failed_login_count
105
-
106
- UserSession.consecutive_failed_logins_limit = 50
107
- end
108
- end
109
- end
110
- end