authlogic 4.4.2 → 5.0.3

data/test/session_test/session_test.rb

@@ -1,80 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module SessionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_session_key
-        UserSession.session_key = "my_session_key"
-        assert_equal "my_session_key", UserSession.session_key
-
-        UserSession.session_key "user_credentials"
-        assert_equal "user_credentials", UserSession.session_key
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_session
-        ben = users(:ben)
-        set_session_for(ben)
-        assert session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_persist_persist_by_session_with_session_fixation_attack
-        ben = users(:ben)
-        controller.session["user_credentials"] = "neo"
-        controller.session["user_credentials_id"] = {
-          select: " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
-        }
-        @user_session = UserSession.find
-        assert @user_session.blank?
-      end
-
-      def test_persist_persist_by_session_with_sql_injection_attack
-        controller.session["user_credentials"] = { select: "ABRA CADABRA" }
-        controller.session["user_credentials_id"] = nil
-        assert_nothing_raised do
-          @user_session = UserSession.find
-        end
-        assert @user_session.blank?
-      end
-
-      def test_persist_persist_by_session_with_token_only
-        ben = users(:ben)
-        set_session_for(ben)
-        controller.session["user_credentials_id"] = nil
-        session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_after_save_update_session
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert controller.session["user_credentials"].blank?
-        assert session.save
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_after_destroy_update_session
-        ben = users(:ben)
-        set_session_for(ben)
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-        assert session = UserSession.find
-        assert session.destroy
-        assert controller.session["user_credentials"].blank?
-      end
-
-      def test_after_persisting_update_session
-        ben = users(:ben)
-        set_cookie_for(ben)
-        assert controller.session["user_credentials"].blank?
-        assert UserSession.find
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/timeout_test.rb

@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module TimeoutTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_logout_on_timeout
-        UserSession.logout_on_timeout = true
-        assert UserSession.logout_on_timeout
-
-        UserSession.logout_on_timeout false
-        refute UserSession.logout_on_timeout
-      end
-    end
-
-    class InstanceMethods < ActiveSupport::TestCase
-      def test_stale_state
-        UserSession.logout_on_timeout = true
-        ben = users(:ben)
-        ben.last_request_at = 3.years.ago
-        ben.save
-        set_session_for(ben)
-
-        session = UserSession.new
-        assert session.persisting?
-        assert session.stale?
-        assert_equal ben, session.stale_record
-        assert_nil session.record
-        assert_nil controller.session["user_credentials_id"]
-
-        set_session_for(ben)
-
-        ben.last_request_at = Time.now
-        ben.save
-
-        assert session.persisting?
-        refute session.stale?
-        assert_nil session.stale_record
-
-        UserSession.logout_on_timeout = false
-      end
-
-      def test_should_be_stale_with_expired_remember_date
-        UserSession.logout_on_timeout = true
-        UserSession.remember_me = true
-        UserSession.remember_me_for = 3.months
-        ben = users(:ben)
-        assert ben.save
-        session = UserSession.new(ben)
-        assert session.save
-        Timecop.freeze(Time.now + 4.month)
-        assert session.persisting?
-        assert session.stale?
-        UserSession.remember_me = false
-      end
-
-      def test_should_not_be_stale_with_valid_remember_date
-        UserSession.logout_on_timeout = true # Default is 10.minutes
-        UserSession.remember_me = true
-        UserSession.remember_me_for = 3.months
-        ben = users(:ben)
-        assert ben.save
-        session = UserSession.new(ben)
-        assert session.save
-        Timecop.freeze(Time.now + 2.months)
-        assert session.persisting?
-        refute session.stale?
-        UserSession.remember_me = false
-      end
-
-      def test_successful_login
-        UserSession.logout_on_timeout = true
-        ben = users(:ben)
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        refute session.new_session?
-        session = UserSession.find
-        assert session
-        assert_equal ben, session.record
-        UserSession.logout_on_timeout = false
-      end
-    end
-  end
-end

data/test/session_test/unauthorized_record_test.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class UnauthorizedRecordTest < ActiveSupport::TestCase
-    def test_credentials
-      ben = users(:ben)
-      session = UserSession.new
-      session.credentials = [ben]
-      assert_equal ben, session.unauthorized_record
-      assert_equal({ unauthorized_record: "<protected>" }, session.credentials)
-    end
-  end
-end

data/test/session_test/validation_test.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class ValidationTest < ActiveSupport::TestCase
-    def test_errors
-      session = UserSession.new
-      assert session.errors.is_a?(Authlogic::Session::Validation::Errors)
-    end
-
-    def test_valid
-      session = UserSession.new
-      refute session.valid?
-      assert_nil session.record
-      assert session.errors.count > 0
-
-      ben = users(:ben)
-      session.unauthorized_record = ben
-      assert session.valid?
-      assert_equal ben, session.attempted_record
-      assert session.errors.empty?
-    end
-  end
-end

data/test/test_helper.rb

@@ -1,272 +0,0 @@
-# frozen_string_literal: true
-
-require "byebug"
-require "rubygems"
-require "minitest/autorun"
-require "active_record"
-require "active_record/fixtures"
-require "timecop"
-require "i18n"
-require "minitest/reporters"
-
-Minitest::Reporters.use!(Minitest::Reporters::SpecReporter.new)
-
-I18n.load_path << File.dirname(__FILE__) + "/i18n/lol.yml"
-
-# ActiveRecord::Schema.verbose = false
-ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: ":memory:")
-logger = Logger.new(STDOUT)
-logger.level = Logger::FATAL
-ActiveRecord::Base.logger = logger
-
-if ActiveRecord::VERSION::STRING < "4.1"
-  ActiveRecord::Base.configurations = true
-end
-
-if ActiveSupport.respond_to?(:test_order)
-  ActiveSupport.test_order = :sorted
-end
-
-ActiveRecord::Base.default_timezone = :local
-ActiveRecord::Schema.define(version: 1) do
-  create_table :companies do |t|
-    t.datetime  :created_at
-    t.datetime  :updated_at
-    t.string    :name
-    t.boolean   :active
-  end
-
-  create_table :projects do |t|
-    t.datetime  :created_at
-    t.datetime  :updated_at
-    t.string    :name
-  end
-
-  create_table :projects_users, id: false do |t|
-    t.integer :project_id
-    t.integer :user_id
-  end
-
-  create_table :users do |t|
-    t.datetime  :created_at
-    t.datetime  :updated_at
-    t.integer   :lock_version, default: 0
-    t.integer   :company_id
-    t.string    :login
-    t.string    :crypted_password
-    t.string    :password_salt
-    t.string    :persistence_token
-    t.string    :single_access_token
-    t.string    :perishable_token
-    t.string    :email
-    t.string    :first_name
-    t.string    :last_name
-    t.integer   :login_count, default: 0, null: false
-    t.integer   :failed_login_count, default: 0, null: false
-    t.datetime  :last_request_at
-    t.datetime  :current_login_at
-    t.datetime  :last_login_at
-    t.string    :current_login_ip
-    t.string    :last_login_ip
-    t.boolean   :active, default: true
-    t.boolean   :approved, default: true
-    t.boolean   :confirmed, default: true
-  end
-
-  create_table :employees do |t|
-    t.datetime  :created_at
-    t.datetime  :updated_at
-    t.integer   :company_id
-    t.string    :email
-    t.string    :crypted_password
-    t.string    :password_salt
-    t.string    :persistence_token
-    t.string    :first_name
-    t.string    :last_name
-    t.integer   :login_count, default: 0, null: false
-    t.datetime  :last_request_at
-    t.datetime  :current_login_at
-    t.datetime  :last_login_at
-    t.string    :current_login_ip
-    t.string    :last_login_ip
-  end
-
-  create_table :affiliates do |t|
-    t.datetime  :created_at
-    t.datetime  :updated_at
-    t.integer   :company_id
-    t.string    :username
-    t.string    :pw_hash
-    t.string    :pw_salt
-    t.string    :persistence_token
-  end
-
-  create_table :ldapers do |t|
-    t.datetime  :created_at
-    t.datetime  :updated_at
-    t.string    :ldap_login
-    t.string    :persistence_token
-  end
-end
-
-require "English"
-$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
-require "authlogic"
-require "authlogic/test_case"
-
-# Configure SCrypt to be as fast as possible. This is desirable for a test
-# suite, and would be the opposite of desirable for production.
-Authlogic::CryptoProviders::SCrypt.max_time = 0.001 # 1ms
-Authlogic::CryptoProviders::SCrypt.max_mem = 1024 * 1024 # 1MB, the minimum SCrypt allows
-
-require "libs/project"
-require "libs/affiliate"
-require "libs/employee"
-require "libs/employee_session"
-require "libs/ldaper"
-require "libs/user"
-require "libs/user_session"
-require "libs/company"
-
-# Recent change, 2017-10-23: We had used a 54-letter string here. In the default
-# encoding, UTF-8, that's 54 bytes, which is clearly incorrect for an algorithm
-# with a 256-bit key, but I guess it worked. With the release of ruby 2.4 (and
-# thus openssl gem 2.0), it is more strict, and must be exactly 32 bytes.
-Authlogic::CryptoProviders::AES256.key = ::OpenSSL::Random.random_bytes(32)
-
-module ActiveSupport
-  class TestCase
-    include ActiveRecord::TestFixtures
-    self.fixture_path = File.dirname(__FILE__) + "/fixtures"
-
-    # use_transactional_fixtures= is deprecated and will be removed from Rails 5.1
-    # (use use_transactional_tests= instead)
-    if respond_to?(:use_transactional_tests=)
-      self.use_transactional_tests = false
-    else
-      self.use_transactional_fixtures = false
-    end
-
-    self.use_instantiated_fixtures = false
-    self.pre_loaded_fixtures = false
-    fixtures :all
-    setup :activate_authlogic
-    setup :config_setup
-    teardown :config_teardown
-    teardown { Timecop.return } # for tests that need to freeze the time
-
-    private
-
-    # Many of the tests change Authlogic config for the test models. Some tests
-    # were not resetting the config after tests, which didn't surface as broken
-    # tests until Rails 4.1 was added for testing. This ensures that all the
-    # models start tests with their original config.
-    def config_setup
-      [
-        Project,
-        Affiliate,
-        Employee,
-        EmployeeSession,
-        Ldaper,
-        User,
-        UserSession,
-        Company
-      ].each do |model|
-        unless model.respond_to?(:original_acts_as_authentic_config)
-          model.class_attribute :original_acts_as_authentic_config
-        end
-        model.original_acts_as_authentic_config = model.acts_as_authentic_config
-      end
-    end
-
-    def config_teardown
-      [
-        Project,
-        Affiliate,
-        Employee,
-        EmployeeSession,
-        Ldaper,
-        User,
-        UserSession,
-        Company
-      ].each do |model|
-        model.acts_as_authentic_config = model.original_acts_as_authentic_config
-      end
-    end
-
-    def password_for(user)
-      case user
-      when users(:ben)
-        "benrocks"
-      when users(:zack)
-        "zackrocks"
-      when users(:aaron)
-        "aaronrocks"
-      end
-    end
-
-    def http_basic_auth_for(user = nil)
-      unless user.blank?
-        controller.http_user = user.login
-        controller.http_password = password_for(user)
-      end
-      yield
-      controller.http_user = controller.http_password = controller.realm = nil
-    end
-
-    def set_cookie_for(user)
-      controller.cookies["user_credentials"] = {
-        value: "#{user.persistence_token}::#{user.id}",
-        expires: nil
-      }
-    end
-
-    def unset_cookie
-      controller.cookies["user_credentials"] = nil
-    end
-
-    def set_params_for(user)
-      controller.params["user_credentials"] = user.single_access_token
-    end
-
-    def unset_params
-      controller.params["user_credentials"] = nil
-    end
-
-    def set_request_content_type(type)
-      controller.request_content_type = type
-    end
-
-    def unset_request_content_type
-      controller.request_content_type = nil
-    end
-
-    def session_credentials_prefix(scope_record)
-      if scope_record.nil?
-        ""
-      else
-        format(
-          "%s_%d_",
-          scope_record.class.model_name.name.underscore,
-          scope_record.id
-        )
-      end
-    end
-
-    # Sets the session variables that `record` (eg. a `User`) would have after
-    # logging in.
-    #
-    # If `record` belongs to an `authenticates_many` association that uses the
-    # `scope_cookies` option, then a `scope_record` can be provided.
-    def set_session_for(record, scope_record = nil)
-      prefix = session_credentials_prefix(scope_record)
-      record_class_name = record.class.model_name.name.underscore
-      controller.session["#{prefix}#{record_class_name}_credentials"] = record.persistence_token
-      controller.session["#{prefix}#{record_class_name}_credentials_id"] = record.id
-    end
-
-    def unset_session
-      controller.session["user_credentials"] = controller.session["user_credentials_id"] = nil
-    end
-  end
-end