authlogic 4.4.2 → 5.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (147) hide show
  1. checksums.yaml +5 -5
  2. data/lib/authlogic.rb +4 -28
  3. data/lib/authlogic/acts_as_authentic/base.rb +3 -18
  4. data/lib/authlogic/acts_as_authentic/email.rb +3 -170
  5. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +3 -1
  6. data/lib/authlogic/acts_as_authentic/login.rb +7 -174
  7. data/lib/authlogic/acts_as_authentic/magic_columns.rb +7 -4
  8. data/lib/authlogic/acts_as_authentic/password.rb +54 -253
  9. data/lib/authlogic/acts_as_authentic/perishable_token.rb +8 -5
  10. data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -4
  11. data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb +53 -0
  12. data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +36 -20
  13. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +8 -6
  14. data/lib/authlogic/acts_as_authentic/single_access_token.rb +10 -8
  15. data/lib/authlogic/config.rb +9 -1
  16. data/lib/authlogic/controller_adapters/abstract_adapter.rb +7 -4
  17. data/lib/authlogic/controller_adapters/rack_adapter.rb +2 -0
  18. data/lib/authlogic/controller_adapters/rails_adapter.rb +19 -19
  19. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +6 -0
  20. data/lib/authlogic/cookie_credentials.rb +63 -0
  21. data/lib/authlogic/crypto_providers.rb +5 -20
  22. data/lib/authlogic/crypto_providers/bcrypt.rb +3 -3
  23. data/lib/authlogic/crypto_providers/md5.rb +3 -6
  24. data/lib/authlogic/crypto_providers/scrypt.rb +2 -0
  25. data/lib/authlogic/crypto_providers/sha1.rb +4 -6
  26. data/lib/authlogic/crypto_providers/sha256.rb +2 -0
  27. data/lib/authlogic/crypto_providers/sha512.rb +6 -5
  28. data/lib/authlogic/i18n.rb +3 -1
  29. data/lib/authlogic/i18n/translator.rb +3 -0
  30. data/lib/authlogic/random.rb +2 -0
  31. data/lib/authlogic/session/base.rb +2087 -39
  32. data/lib/authlogic/session/magic_column/assigns_last_request_at.rb +46 -0
  33. data/lib/authlogic/test_case.rb +4 -0
  34. data/lib/authlogic/test_case/mock_controller.rb +2 -0
  35. data/lib/authlogic/test_case/mock_cookie_jar.rb +7 -0
  36. data/lib/authlogic/test_case/mock_logger.rb +2 -0
  37. data/lib/authlogic/test_case/mock_request.rb +2 -0
  38. data/lib/authlogic/test_case/rails_request_adapter.rb +2 -0
  39. data/lib/authlogic/version.rb +2 -1
  40. metadata +136 -182
  41. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -28
  42. data/.github/ISSUE_TEMPLATE/feature_proposal.md +0 -32
  43. data/.github/triage.md +0 -86
  44. data/.gitignore +0 -15
  45. data/.rubocop.yml +0 -133
  46. data/.rubocop_todo.yml +0 -74
  47. data/.travis.yml +0 -24
  48. data/CHANGELOG.md +0 -326
  49. data/CONTRIBUTING.md +0 -91
  50. data/Gemfile +0 -6
  51. data/LICENSE +0 -20
  52. data/README.md +0 -439
  53. data/Rakefile +0 -21
  54. data/UPGRADING.md +0 -22
  55. data/authlogic.gemspec +0 -40
  56. data/doc/use_normal_rails_validation.md +0 -82
  57. data/gemfiles/Gemfile.rails-4.2.x +0 -6
  58. data/gemfiles/Gemfile.rails-5.1.x +0 -6
  59. data/gemfiles/Gemfile.rails-5.2.x +0 -6
  60. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +0 -106
  61. data/lib/authlogic/acts_as_authentic/validations_scope.rb +0 -35
  62. data/lib/authlogic/authenticates_many/association.rb +0 -50
  63. data/lib/authlogic/authenticates_many/base.rb +0 -81
  64. data/lib/authlogic/crypto_providers/aes256.rb +0 -71
  65. data/lib/authlogic/crypto_providers/wordpress.rb +0 -72
  66. data/lib/authlogic/regex.rb +0 -79
  67. data/lib/authlogic/session/activation.rb +0 -73
  68. data/lib/authlogic/session/active_record_trickery.rb +0 -65
  69. data/lib/authlogic/session/brute_force_protection.rb +0 -127
  70. data/lib/authlogic/session/callbacks.rb +0 -153
  71. data/lib/authlogic/session/cookies.rb +0 -296
  72. data/lib/authlogic/session/existence.rb +0 -103
  73. data/lib/authlogic/session/foundation.rb +0 -105
  74. data/lib/authlogic/session/http_auth.rb +0 -107
  75. data/lib/authlogic/session/id.rb +0 -53
  76. data/lib/authlogic/session/klass.rb +0 -73
  77. data/lib/authlogic/session/magic_columns.rb +0 -119
  78. data/lib/authlogic/session/magic_states.rb +0 -82
  79. data/lib/authlogic/session/params.rb +0 -130
  80. data/lib/authlogic/session/password.rb +0 -318
  81. data/lib/authlogic/session/perishable_token.rb +0 -24
  82. data/lib/authlogic/session/persistence.rb +0 -77
  83. data/lib/authlogic/session/priority_record.rb +0 -38
  84. data/lib/authlogic/session/scopes.rb +0 -138
  85. data/lib/authlogic/session/session.rb +0 -77
  86. data/lib/authlogic/session/timeout.rb +0 -103
  87. data/lib/authlogic/session/unauthorized_record.rb +0 -56
  88. data/lib/authlogic/session/validation.rb +0 -93
  89. data/test/acts_as_authentic_test/base_test.rb +0 -27
  90. data/test/acts_as_authentic_test/email_test.rb +0 -241
  91. data/test/acts_as_authentic_test/logged_in_status_test.rb +0 -64
  92. data/test/acts_as_authentic_test/login_test.rb +0 -153
  93. data/test/acts_as_authentic_test/magic_columns_test.rb +0 -29
  94. data/test/acts_as_authentic_test/password_test.rb +0 -263
  95. data/test/acts_as_authentic_test/perishable_token_test.rb +0 -98
  96. data/test/acts_as_authentic_test/persistence_token_test.rb +0 -62
  97. data/test/acts_as_authentic_test/restful_authentication_test.rb +0 -48
  98. data/test/acts_as_authentic_test/session_maintenance_test.rb +0 -150
  99. data/test/acts_as_authentic_test/single_access_test.rb +0 -46
  100. data/test/adapter_test.rb +0 -23
  101. data/test/authenticates_many_test.rb +0 -33
  102. data/test/config_test.rb +0 -38
  103. data/test/crypto_provider_test/aes256_test.rb +0 -16
  104. data/test/crypto_provider_test/bcrypt_test.rb +0 -16
  105. data/test/crypto_provider_test/scrypt_test.rb +0 -16
  106. data/test/crypto_provider_test/sha1_test.rb +0 -25
  107. data/test/crypto_provider_test/sha256_test.rb +0 -16
  108. data/test/crypto_provider_test/sha512_test.rb +0 -16
  109. data/test/crypto_provider_test/wordpress_test.rb +0 -26
  110. data/test/fixtures/companies.yml +0 -5
  111. data/test/fixtures/employees.yml +0 -17
  112. data/test/fixtures/projects.yml +0 -3
  113. data/test/fixtures/users.yml +0 -41
  114. data/test/i18n/lol.yml +0 -4
  115. data/test/i18n_test.rb +0 -35
  116. data/test/libs/affiliate.rb +0 -9
  117. data/test/libs/company.rb +0 -8
  118. data/test/libs/employee.rb +0 -9
  119. data/test/libs/employee_session.rb +0 -4
  120. data/test/libs/ldaper.rb +0 -5
  121. data/test/libs/project.rb +0 -5
  122. data/test/libs/user.rb +0 -9
  123. data/test/libs/user_session.rb +0 -27
  124. data/test/random_test.rb +0 -15
  125. data/test/session_test/activation_test.rb +0 -45
  126. data/test/session_test/active_record_trickery_test.rb +0 -78
  127. data/test/session_test/brute_force_protection_test.rb +0 -110
  128. data/test/session_test/callbacks_test.rb +0 -42
  129. data/test/session_test/cookies_test.rb +0 -226
  130. data/test/session_test/credentials_test.rb +0 -0
  131. data/test/session_test/existence_test.rb +0 -88
  132. data/test/session_test/foundation_test.rb +0 -24
  133. data/test/session_test/http_auth_test.rb +0 -60
  134. data/test/session_test/id_test.rb +0 -19
  135. data/test/session_test/klass_test.rb +0 -42
  136. data/test/session_test/magic_columns_test.rb +0 -62
  137. data/test/session_test/magic_states_test.rb +0 -60
  138. data/test/session_test/params_test.rb +0 -61
  139. data/test/session_test/password_test.rb +0 -107
  140. data/test/session_test/perishability_test.rb +0 -17
  141. data/test/session_test/persistence_test.rb +0 -35
  142. data/test/session_test/scopes_test.rb +0 -68
  143. data/test/session_test/session_test.rb +0 -80
  144. data/test/session_test/timeout_test.rb +0 -84
  145. data/test/session_test/unauthorized_record_test.rb +0 -15
  146. data/test/session_test/validation_test.rb +0 -25
  147. data/test/test_helper.rb +0 -272
@@ -1,42 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- class CallbacksTest < ActiveSupport::TestCase
7
- def setup
8
- WackyUserSession.reset_callbacks(:persist)
9
- end
10
-
11
- def test_no_callbacks
12
- assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
13
- session = WackyUserSession.new
14
- session.send(:persist)
15
- assert_equal 0, session.counter
16
- end
17
-
18
- def test_true_callback_cancelling_later_callbacks
19
- WackyUserSession.persist :persist_by_true, :persist_by_false
20
- assert_equal(
21
- %i[persist_by_true persist_by_false],
22
- WackyUserSession._persist_callbacks.map(&:filter)
23
- )
24
-
25
- session = WackyUserSession.new
26
- session.send(:persist)
27
- assert_equal 1, session.counter
28
- end
29
-
30
- def test_false_callback_continuing_to_later_callbacks
31
- WackyUserSession.persist :persist_by_false, :persist_by_true
32
- assert_equal(
33
- %i[persist_by_false persist_by_true],
34
- WackyUserSession._persist_callbacks.map(&:filter)
35
- )
36
-
37
- session = WackyUserSession.new
38
- session.send(:persist)
39
- assert_equal 2, session.counter
40
- end
41
- end
42
- end
@@ -1,226 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- module CookiesTest
7
- class ConfigTest < ActiveSupport::TestCase
8
- def test_cookie_key
9
- UserSession.cookie_key = "my_cookie_key"
10
- assert_equal "my_cookie_key", UserSession.cookie_key
11
-
12
- UserSession.cookie_key "user_credentials"
13
- assert_equal "user_credentials", UserSession.cookie_key
14
- end
15
-
16
- def test_default_cookie_key
17
- assert_equal "user_credentials", UserSession.cookie_key
18
- assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
19
- end
20
-
21
- def test_remember_me
22
- UserSession.remember_me = true
23
- assert_equal true, UserSession.remember_me
24
- session = UserSession.new
25
- assert_equal true, session.remember_me
26
-
27
- UserSession.remember_me false
28
- assert_equal false, UserSession.remember_me
29
- session = UserSession.new
30
- assert_equal false, session.remember_me
31
- end
32
-
33
- def test_remember_me_for
34
- UserSession.remember_me_for = 3.years
35
- assert_equal 3.years, UserSession.remember_me_for
36
- session = UserSession.new
37
- session.remember_me = true
38
- assert_equal 3.years, session.remember_me_for
39
-
40
- UserSession.remember_me_for 3.months
41
- assert_equal 3.months, UserSession.remember_me_for
42
- session = UserSession.new
43
- session.remember_me = true
44
- assert_equal 3.months, session.remember_me_for
45
- end
46
-
47
- def test_secure
48
- assert_equal true, UserSession.secure
49
- session = UserSession.new
50
- assert_equal true, session.secure
51
-
52
- UserSession.secure false
53
- assert_equal false, UserSession.secure
54
- session = UserSession.new
55
- assert_equal false, session.secure
56
- end
57
-
58
- def test_httponly
59
- assert_equal true, UserSession.httponly
60
- session = UserSession.new
61
- assert_equal true, session.httponly
62
-
63
- UserSession.httponly false
64
- assert_equal false, UserSession.httponly
65
- session = UserSession.new
66
- assert_equal false, session.httponly
67
- end
68
-
69
- def test_same_site
70
- assert_nil UserSession.same_site
71
- assert_nil UserSession.new.same_site
72
-
73
- UserSession.same_site "Strict"
74
- assert_equal "Strict", UserSession.same_site
75
- session = UserSession.new
76
- assert_equal "Strict", session.same_site
77
- session.same_site = "Lax"
78
- assert_equal "Lax", session.same_site
79
-
80
- assert_raise(ArgumentError) { UserSession.same_site "foo" }
81
- assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
82
- end
83
-
84
- def test_sign_cookie
85
- UserSession.sign_cookie = true
86
- assert_equal true, UserSession.sign_cookie
87
- session = UserSession.new
88
- assert_equal true, session.sign_cookie
89
-
90
- UserSession.sign_cookie false
91
- assert_equal false, UserSession.sign_cookie
92
- session = UserSession.new
93
- assert_equal false, session.sign_cookie
94
- end
95
- end
96
-
97
- class InstanceMethodsTest < ActiveSupport::TestCase
98
- def test_credentials
99
- session = UserSession.new
100
- session.credentials = { remember_me: true }
101
- assert_equal true, session.remember_me
102
- end
103
-
104
- def test_remember_me
105
- session = UserSession.new
106
- assert_equal false, session.remember_me
107
- refute session.remember_me?
108
-
109
- session.remember_me = false
110
- assert_equal false, session.remember_me
111
- refute session.remember_me?
112
-
113
- session.remember_me = true
114
- assert_equal true, session.remember_me
115
- assert session.remember_me?
116
-
117
- session.remember_me = nil
118
- assert_nil session.remember_me
119
- refute session.remember_me?
120
-
121
- session.remember_me = "1"
122
- assert_equal "1", session.remember_me
123
- assert session.remember_me?
124
-
125
- session.remember_me = "true"
126
- assert_equal "true", session.remember_me
127
- assert session.remember_me?
128
- end
129
-
130
- def test_remember_me_until
131
- session = UserSession.new
132
- assert_nil session.remember_me_until
133
-
134
- session.remember_me = true
135
- assert 3.months.from_now <= session.remember_me_until
136
- end
137
-
138
- def test_persist_persist_by_cookie
139
- ben = users(:ben)
140
- refute UserSession.find
141
- set_cookie_for(ben)
142
- assert session = UserSession.find
143
- assert_equal ben, session.record
144
- end
145
-
146
- def test_persist_persist_by_cookie_with_blank_persistence_token
147
- ben = users(:ben)
148
- ben.update_column(:persistence_token, "")
149
- refute UserSession.find
150
- set_cookie_for(ben)
151
- refute UserSession.find
152
- end
153
-
154
- def test_remember_me_expired
155
- ben = users(:ben)
156
- session = UserSession.new(ben)
157
- session.remember_me = true
158
- assert session.save
159
- refute session.remember_me_expired?
160
-
161
- session = UserSession.new(ben)
162
- session.remember_me = false
163
- assert session.save
164
- refute session.remember_me_expired?
165
- end
166
-
167
- def test_after_save_save_cookie
168
- ben = users(:ben)
169
- session = UserSession.new(ben)
170
- assert session.save
171
- assert_equal(
172
- "#{ben.persistence_token}::#{ben.id}",
173
- controller.cookies["user_credentials"]
174
- )
175
- end
176
-
177
- def test_after_save_save_cookie_signed
178
- ben = users(:ben)
179
-
180
- assert_nil controller.cookies["user_credentials"]
181
- payload = "#{ben.persistence_token}::#{ben.id}"
182
-
183
- session = UserSession.new(ben)
184
- session.sign_cookie = true
185
- assert session.save
186
- assert_equal payload, controller.cookies.signed["user_credentials"]
187
- assert_equal(
188
- "#{payload}--#{Digest::SHA1.hexdigest payload}",
189
- controller.cookies.signed.parent_jar["user_credentials"]
190
- )
191
- end
192
-
193
- def test_after_save_save_cookie_with_remember_me
194
- Timecop.freeze do
195
- ben = users(:ben)
196
- session = UserSession.new(ben)
197
- session.remember_me = true
198
- assert session.save
199
- assert_equal(
200
- "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
201
- controller.cookies["user_credentials"]
202
- )
203
- end
204
- end
205
-
206
- def test_after_save_save_cookie_with_same_site
207
- session = UserSession.new(users(:ben))
208
- session.same_site = "Strict"
209
- assert session.save
210
- assert_equal(
211
- "Strict",
212
- controller.cookies.set_cookies["user_credentials"][:same_site]
213
- )
214
- end
215
-
216
- def test_after_destroy_destroy_cookie
217
- ben = users(:ben)
218
- set_cookie_for(ben)
219
- session = UserSession.find
220
- assert controller.cookies["user_credentials"]
221
- assert session.destroy
222
- refute controller.cookies["user_credentials"]
223
- end
224
- end
225
- end
226
- end
File without changes
@@ -1,88 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- module ExistenceTest
7
- class ClassMethodsTest < ActiveSupport::TestCase
8
- def test_create_with_good_credentials
9
- ben = users(:ben)
10
- session = UserSession.create(login: ben.login, password: "benrocks")
11
- refute session.new_session?
12
- end
13
-
14
- def test_create_with_bad_credentials
15
- session = UserSession.create(login: "somelogin", password: "badpw2")
16
- assert session.new_session?
17
- end
18
-
19
- def test_create_bang
20
- ben = users(:ben)
21
- err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
22
- UserSession.create!(login: ben.login, password: "badpw")
23
- end
24
- assert_includes err.message, "Password is not valid"
25
- refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
26
- end
27
- end
28
-
29
- class InstanceMethodsTest < ActiveSupport::TestCase
30
- def test_new_session
31
- session = UserSession.new
32
- assert session.new_session?
33
-
34
- set_session_for(users(:ben))
35
- session = UserSession.find
36
- refute session.new_session?
37
- end
38
-
39
- def test_save_with_nothing
40
- session = UserSession.new
41
- refute session.save
42
- assert session.new_session?
43
- end
44
-
45
- def test_save_with_block
46
- session = UserSession.new
47
- block_result = session.save do |result|
48
- refute result
49
- end
50
- refute block_result
51
- assert session.new_session?
52
- end
53
-
54
- def test_save_with_bang
55
- session = UserSession.new
56
- assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
57
-
58
- session.unauthorized_record = users(:ben)
59
- assert_nothing_raised { session.save! }
60
- end
61
-
62
- def test_destroy
63
- ben = users(:ben)
64
- session = UserSession.new
65
- refute session.valid?
66
- refute session.errors.empty?
67
- assert session.destroy
68
- assert session.errors.empty?
69
- session.unauthorized_record = ben
70
- assert session.save
71
- assert session.record
72
- assert session.destroy
73
- refute session.record
74
- end
75
- end
76
-
77
- class SessionInvalidErrorTest < ActiveSupport::TestCase
78
- def test_message
79
- session = UserSession.new
80
- assert !session.valid?
81
- error = Authlogic::Session::Existence::SessionInvalidError.new(session)
82
- message = "Your session is invalid and has the following errors: " +
83
- session.errors.full_messages.to_sentence
84
- assert_equal message, error.message
85
- end
86
- end
87
- end
88
- end
@@ -1,24 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- # We forbid the use of AC::Parameters, and we have a test to that effect, but we
6
- # do not want a development dependency on `actionpack`, so we define it here.
7
- module ActionController
8
- class Parameters; end
9
- end
10
-
11
- module SessionTest
12
- class FoundationTest < ActiveSupport::TestCase
13
- def test_credentials_raise_if_not_a_hash
14
- session = UserSession.new
15
- e = assert_raises(TypeError) {
16
- session.credentials = ActionController::Parameters.new
17
- }
18
- assert_equal(
19
- ::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
20
- e.message
21
- )
22
- end
23
- end
24
- end
@@ -1,60 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- class HttpAuthTest < ActiveSupport::TestCase
7
- class ConfigTest < ActiveSupport::TestCase
8
- def test_allow_http_basic_auth
9
- UserSession.allow_http_basic_auth = false
10
- assert_equal false, UserSession.allow_http_basic_auth
11
-
12
- UserSession.allow_http_basic_auth true
13
- assert_equal true, UserSession.allow_http_basic_auth
14
- end
15
-
16
- def test_request_http_basic_auth
17
- UserSession.request_http_basic_auth = true
18
- assert_equal true, UserSession.request_http_basic_auth
19
-
20
- UserSession.request_http_basic_auth = false
21
- assert_equal false, UserSession.request_http_basic_auth
22
- end
23
-
24
- def test_http_basic_auth_realm
25
- assert_equal "Application", UserSession.http_basic_auth_realm
26
- UserSession.http_basic_auth_realm = "TestRealm"
27
- assert_equal "TestRealm", UserSession.http_basic_auth_realm
28
- end
29
- end
30
-
31
- class InstanceMethodsTest < ActiveSupport::TestCase
32
- def test_persist_persist_by_http_auth
33
- UserSession.allow_http_basic_auth = true
34
-
35
- aaron = users(:aaron)
36
- http_basic_auth_for do
37
- refute UserSession.find
38
- end
39
- http_basic_auth_for(aaron) do
40
- assert session = UserSession.find
41
- assert_equal aaron, session.record
42
- assert_equal aaron.login, session.login
43
- assert_equal "aaronrocks", session.send(:protected_password)
44
- refute controller.http_auth_requested?
45
- end
46
- unset_session
47
- UserSession.request_http_basic_auth = true
48
- UserSession.http_basic_auth_realm = "PersistTestRealm"
49
- http_basic_auth_for(aaron) do
50
- assert session = UserSession.find
51
- assert_equal aaron, session.record
52
- assert_equal aaron.login, session.login
53
- assert_equal "aaronrocks", session.send(:protected_password)
54
- assert_equal "PersistTestRealm", controller.realm
55
- assert controller.http_auth_requested?
56
- end
57
- end
58
- end
59
- end
60
- end