authlogic 4.4.2 → 5.0.3

data/test/crypto_provider_test/sha1_test.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module CryptoProviderTest
-  class Sha1Test < ActiveSupport::TestCase
-    def test_encrypt
-      assert Authlogic::CryptoProviders::Sha1.encrypt("mypass")
-    end
-
-    def test_matches
-      hash = Authlogic::CryptoProviders::Sha1.encrypt("mypass")
-      assert Authlogic::CryptoProviders::Sha1.matches?(hash, "mypass")
-    end
-
-    def test_old_restful_authentication_passwords
-      password = "test"
-      salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
-      digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
-      Authlogic::CryptoProviders::Sha1.stretches = 1
-      assert Authlogic::CryptoProviders::Sha1.matches?(digest, nil, salt, password, nil)
-      Authlogic::CryptoProviders::Sha1.stretches = 10
-    end
-  end
-end

data/test/crypto_provider_test/sha256_test.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module CryptoProviderTest
-  class Sha256Test < ActiveSupport::TestCase
-    def test_encrypt
-      assert Authlogic::CryptoProviders::Sha256.encrypt("mypass")
-    end
-
-    def test_matches
-      hash = Authlogic::CryptoProviders::Sha256.encrypt("mypass")
-      assert Authlogic::CryptoProviders::Sha256.matches?(hash, "mypass")
-    end
-  end
-end

data/test/crypto_provider_test/sha512_test.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module CryptoProviderTest
-  class Sha512Test < ActiveSupport::TestCase
-    def test_encrypt
-      assert Authlogic::CryptoProviders::Sha512.encrypt("mypass")
-    end
-
-    def test_matches
-      hash = Authlogic::CryptoProviders::Sha512.encrypt("mypass")
-      assert Authlogic::CryptoProviders::Sha512.matches?(hash, "mypass")
-    end
-  end
-end

data/test/crypto_provider_test/wordpress_test.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-::ActiveSupport::Deprecation.silence do
-  require "authlogic/crypto_providers/wordpress"
-end
-
-module CryptoProviderTest
-  class WordpressTest < ActiveSupport::TestCase
-    def test_matches
-      plain = "banana"
-      salt = "aaa"
-      crypted = "xxx0nope"
-      # I couldn't figure out how to even execute this method without it
-      # crashing. Maybe, when Jeffry wrote it in 2009, `Digest::MD5.digest`
-      # worked differently. He was probably using ruby 1.9 back then.
-      # Given that I can't even figure out how to run it, and for all the other
-      # reasons I've given in `wordpress.rb`, I'm just going to deprecate
-      # the whole file. -Jared 2018-04-09
-      assert_raises(NoMethodError) {
-        Authlogic::CryptoProviders::Wordpress.matches?(crypted, plain, salt)
-      }
-    end
-  end
-end

data/test/fixtures/companies.yml

@@ -1,5 +0,0 @@
-binary_logic:
-  name: Binary Logic
-
-logic_over_data:
-  name: Logic Over Data

data/test/fixtures/employees.yml

@@ -1,17 +0,0 @@
-drew:
-  company: binary_logic
-  email: dgainor@binarylogic.com
-  password_salt: <%= salt = Authlogic::Random.hex_token %>
-  crypted_password: '<%= Employee.crypto_provider.encrypt("drewrocks" + salt) %>'
-  persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
-  first_name: Drew
-  last_name: Gainor
-
-jennifer:
-  company: logic_over_data
-  email: jjohnson@logicoverdata.com
-  password_salt: <%= salt = Authlogic::Random.hex_token %>
-  crypted_password: '<%= Employee.crypto_provider.encrypt("jenniferocks" + salt) %>'
-  persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
-  first_name: Jennifer
-  last_name: Johnson

data/test/fixtures/projects.yml

@@ -1,3 +0,0 @@
-web_services:
-  name: web services
-  users: ben, zack

data/test/fixtures/users.yml

@@ -1,41 +0,0 @@
-# NB :ben and :zack use the legacy crypto provider (Sha512) ... when they're
-# tested for valid_password?() it will transition their password
-# (re: test/libs/user.rb). This could have unintended side-effects (like auto-
-# resetting their persistence token when checking password) -- one solution
-# is to just switch in users(:aaron) for those tests.
-ben:
-  company: binary_logic
-  projects: web_services
-  login: bjohnson
-  password_salt: <%= salt = Authlogic::Random.hex_token %>
-  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
-  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
-  single_access_token: <%= Authlogic::Random.friendly_token %>
-  perishable_token: <%= Authlogic::Random.friendly_token %>
-  email: bjohnson@binarylogic.com
-  first_name: Ben
-  last_name: Johnson
-
-zack:
-  company: logic_over_data
-  projects: web_services
-  login: zackham
-  password_salt: <%= salt = Authlogic::Random.hex_token %>
-  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
-  persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
-  single_access_token: <%= Authlogic::Random.friendly_token %>
-  email: zham@ziggityzack.com
-  first_name: Zack
-  last_name: Ham
-
-aaron:
-  company: cigital
-  projects: web_services
-  login: abedra
-  crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("aaronrocks") %>
-  persistence_token: e3d853f5aa0dacac5c257d03c4e097a3a7f51b182a8fc4f62096d05e939b019855aff0290157ac854e4195f13284ff5223f1996d0fd073e7e360171de54db278
-  single_access_token: <%= Authlogic::Random.friendly_token %>
-  perishable_token: <%= Authlogic::Random.friendly_token %>
-  email: abedra@cigital.com
-  first_name: Aaron
-  last_name: Bedra

data/test/i18n/lol.yml

@@ -1,4 +0,0 @@
-lol:
-  authlogic:
-    error_messages:
-      email_invalid: LOL email should be valid.

data/test/i18n_test.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-class I18nTest < ActiveSupport::TestCase
-  def test_uses_authlogic_as_scope_by_default
-    assert_equal :authlogic, Authlogic::I18n.scope
-  end
-
-  def test_can_set_scope
-    assert_nothing_raised { Authlogic::I18n.scope = %i[a b] }
-    assert_equal %i[a b], Authlogic::I18n.scope
-    Authlogic::I18n.scope = :authlogic
-  end
-
-  def test_uses_built_in_translator_by_default
-    assert_equal Authlogic::I18n::Translator, Authlogic::I18n.translator.class
-  end
-
-  def test_can_set_custom_translator
-    old_translator = Authlogic::I18n.translator
-
-    assert_nothing_raised do
-      Authlogic::I18n.translator = Class.new do
-        def translate(key, _options = {})
-          "Translated: #{key}"
-        end
-      end.new
-    end
-
-    assert_equal "Translated: x", Authlogic::I18n.translate(:x)
-
-    Authlogic::I18n.translator = old_translator
-  end
-end

data/test/libs/affiliate.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class Affiliate < ActiveRecord::Base
-  acts_as_authentic do |c|
-    c.crypted_password_field = :pw_hash
-  end
-
-  belongs_to :company
-end

data/test/libs/company.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-class Company < ActiveRecord::Base
-  authenticates_many :employee_sessions
-  authenticates_many :user_sessions, scope_cookies: true
-  has_many :employees, dependent: :destroy
-  has_many :users, dependent: :destroy
-end

data/test/libs/employee.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class Employee < ActiveRecord::Base
-  acts_as_authentic do |c|
-    c.crypto_provider Authlogic::CryptoProviders::AES256
-  end
-
-  belongs_to :company
-end

data/test/libs/employee_session.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-class EmployeeSession < Authlogic::Session::Base
-end

data/test/libs/ldaper.rb

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-class Ldaper < ActiveRecord::Base
-  acts_as_authentic
-end

data/test/libs/project.rb

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-class Project < ActiveRecord::Base
-  has_and_belongs_to_many :users
-end

data/test/libs/user.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class User < ActiveRecord::Base
-  acts_as_authentic do |c|
-    c.transition_from_crypto_providers Authlogic::CryptoProviders::Sha512
-  end
-  belongs_to :company
-  has_and_belongs_to_many :projects
-end

data/test/libs/user_session.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-class UserSession < Authlogic::Session::Base
-end
-
-class BackOfficeUserSession < Authlogic::Session::Base
-end
-
-class WackyUserSession < Authlogic::Session::Base
-  attr_accessor :counter
-  authenticate_with User
-
-  def initialize
-    @counter = 0
-    super
-  end
-
-  def persist_by_false
-    self.counter += 1
-    false
-  end
-
-  def persist_by_true
-    self.counter += 1
-    true
-  end
-end

data/test/random_test.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-class RandomTest < ActiveSupport::TestCase
-  def test_that_hex_tokens_are_unique
-    tokens = Array.new(100) { Authlogic::Random.hex_token }
-    assert_equal tokens.size, tokens.uniq.size
-  end
-
-  def test_that_friendly_tokens_are_unique
-    tokens = Array.new(100) { Authlogic::Random.friendly_token }
-    assert_equal tokens.size, tokens.uniq.size
-  end
-end

data/test/session_test/activation_test.rb

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module ActivationTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      def test_activated
-        assert UserSession.activated?
-        Authlogic::Session::Base.controller = nil
-        refute UserSession.activated?
-      end
-
-      def test_controller
-        Authlogic::Session::Base.controller = nil
-        assert_nil Authlogic::Session::Base.controller
-        thread1 = Thread.new do
-          controller = MockController.new
-          Authlogic::Session::Base.controller = controller
-          assert_equal controller, Authlogic::Session::Base.controller
-        end
-        thread1.join
-
-        assert_nil Authlogic::Session::Base.controller
-
-        thread2 = Thread.new do
-          controller = MockController.new
-          Authlogic::Session::Base.controller = controller
-          assert_equal controller, Authlogic::Session::Base.controller
-        end
-        thread2.join
-
-        assert_nil Authlogic::Session::Base.controller
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_init
-        UserSession.controller = nil
-        assert_raise(Authlogic::Session::Activation::NotActivatedError) { UserSession.new }
-        UserSession.controller = controller
-      end
-    end
-  end
-end

data/test/session_test/active_record_trickery_test.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module ActiveRecordTrickeryTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      # If test_human_name is executed after test_i18n_of_human_name the test will fail.
-      i_suck_and_my_tests_are_order_dependent!
-
-      def test_human_attribute_name
-        assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
-        assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
-      end
-
-      def test_human_name
-        assert_equal "Usersession", UserSession.human_name
-      end
-
-      def test_i18n_of_human_name
-        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
-        assert_equal "MySession", UserSession.human_name
-      end
-
-      def test_i18n_of_model_name_human
-        I18n.backend.store_translations "en", authlogic: { models: { user_session: "MySession" } }
-        assert_equal "MySession", UserSession.model_name.human
-      end
-
-      def test_model_name
-        assert_equal "UserSession", UserSession.model_name.name
-        assert_equal "user_session", UserSession.model_name.singular
-        assert_equal "user_sessions", UserSession.model_name.plural
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_new_record
-        session = UserSession.new
-        assert session.new_record?
-      end
-
-      def test_to_key
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert_nil session.to_key
-
-        session.save
-        assert_not_nil session.to_key
-        assert_equal ben.to_key, session.to_key
-      end
-
-      def test_persisted
-        session = UserSession.new(users(:ben))
-        refute session.persisted?
-
-        session.save
-        assert session.persisted?
-
-        session.destroy
-        refute session.persisted?
-      end
-
-      def test_destroyed?
-        session = UserSession.create(users(:ben))
-        refute session.destroyed?
-
-        session.destroy
-        assert session.destroyed?
-      end
-
-      def test_to_model
-        session = UserSession.new
-        assert_equal session, session.to_model
-      end
-    end
-  end
-end

data/test/session_test/brute_force_protection_test.rb

@@ -1,110 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module BruteForceProtectionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_consecutive_failed_logins_limit
-        UserSession.consecutive_failed_logins_limit = 10
-        assert_equal 10, UserSession.consecutive_failed_logins_limit
-
-        UserSession.consecutive_failed_logins_limit 50
-        assert_equal 50, UserSession.consecutive_failed_logins_limit
-      end
-
-      def test_failed_login_ban_for
-        UserSession.failed_login_ban_for = 10
-        assert_equal 10, UserSession.failed_login_ban_for
-
-        UserSession.failed_login_ban_for 2.hours
-        assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_under_limit
-        ben = users(:ben)
-        ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
-        assert ben.save
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        refute session.new_session?
-      end
-
-      def test_exceeded_limit
-        ben = users(:ben)
-        ben.failed_login_count = UserSession.consecutive_failed_logins_limit
-        assert ben.save
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        assert session.new_session?
-        assert UserSession.create(ben).new_session?
-        ben.reload
-        ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
-        refute UserSession.create(ben).new_session?
-      end
-
-      def test_exceeding_failed_logins_limit
-        UserSession.consecutive_failed_logins_limit = 2
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(login: ben.login, password: "badpassword1")
-          refute session.save
-          refute session.errors[:password].empty?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        session = UserSession.new(login: ben.login, password: "badpassword2")
-        refute session.save
-        assert session.errors[:password].empty?
-        assert_equal 3, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-      end
-
-      def test_exceeded_ban_for
-        UserSession.consecutive_failed_logins_limit = 2
-        UserSession.generalize_credentials_error_messages true
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(login: ben.login, password: "badpassword1")
-          refute session.save
-          assert session.invalid_password?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        ActiveRecord::Base.connection.execute(
-          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
-        )
-        session = UserSession.new(login: ben.login, password: "benrocks")
-        assert session.save
-        assert_equal 0, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-        UserSession.generalize_credentials_error_messages false
-      end
-
-      def test_exceeded_ban_and_failed_doesnt_ban_again
-        UserSession.consecutive_failed_logins_limit = 2
-        ben = users(:ben)
-
-        2.times do |i|
-          session = UserSession.new(login: ben.login, password: "badpassword1")
-          refute session.save
-          refute session.errors[:password].empty?
-          assert_equal i + 1, ben.reload.failed_login_count
-        end
-
-        ActiveRecord::Base.connection.execute(
-          "update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'"
-        )
-        session = UserSession.new(login: ben.login, password: "badpassword1")
-        refute session.save
-        assert_equal 1, ben.reload.failed_login_count
-
-        UserSession.consecutive_failed_logins_limit = 50
-      end
-    end
-  end
-end