authlogic 4.4.3 → 5.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (147) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authlogic.rb +4 -28
  3. data/lib/authlogic/acts_as_authentic/base.rb +3 -18
  4. data/lib/authlogic/acts_as_authentic/email.rb +3 -170
  5. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +3 -1
  6. data/lib/authlogic/acts_as_authentic/login.rb +7 -174
  7. data/lib/authlogic/acts_as_authentic/magic_columns.rb +7 -4
  8. data/lib/authlogic/acts_as_authentic/password.rb +54 -253
  9. data/lib/authlogic/acts_as_authentic/perishable_token.rb +8 -5
  10. data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -4
  11. data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb +53 -0
  12. data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +36 -20
  13. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +8 -6
  14. data/lib/authlogic/acts_as_authentic/single_access_token.rb +10 -8
  15. data/lib/authlogic/config.rb +9 -1
  16. data/lib/authlogic/controller_adapters/abstract_adapter.rb +7 -4
  17. data/lib/authlogic/controller_adapters/rack_adapter.rb +2 -0
  18. data/lib/authlogic/controller_adapters/rails_adapter.rb +6 -29
  19. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +6 -0
  20. data/lib/authlogic/cookie_credentials.rb +63 -0
  21. data/lib/authlogic/crypto_providers.rb +5 -20
  22. data/lib/authlogic/crypto_providers/bcrypt.rb +3 -3
  23. data/lib/authlogic/crypto_providers/md5.rb +3 -6
  24. data/lib/authlogic/crypto_providers/scrypt.rb +2 -0
  25. data/lib/authlogic/crypto_providers/sha1.rb +4 -6
  26. data/lib/authlogic/crypto_providers/sha256.rb +2 -0
  27. data/lib/authlogic/crypto_providers/sha512.rb +6 -5
  28. data/lib/authlogic/i18n.rb +3 -1
  29. data/lib/authlogic/i18n/translator.rb +3 -0
  30. data/lib/authlogic/random.rb +2 -0
  31. data/lib/authlogic/session/base.rb +2087 -39
  32. data/lib/authlogic/session/magic_column/assigns_last_request_at.rb +46 -0
  33. data/lib/authlogic/test_case.rb +4 -0
  34. data/lib/authlogic/test_case/mock_controller.rb +2 -0
  35. data/lib/authlogic/test_case/mock_cookie_jar.rb +7 -35
  36. data/lib/authlogic/test_case/mock_logger.rb +2 -0
  37. data/lib/authlogic/test_case/mock_request.rb +2 -0
  38. data/lib/authlogic/test_case/rails_request_adapter.rb +2 -0
  39. data/lib/authlogic/version.rb +2 -1
  40. metadata +136 -182
  41. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -28
  42. data/.github/ISSUE_TEMPLATE/feature_proposal.md +0 -32
  43. data/.github/triage.md +0 -86
  44. data/.gitignore +0 -15
  45. data/.rubocop.yml +0 -133
  46. data/.rubocop_todo.yml +0 -74
  47. data/.travis.yml +0 -24
  48. data/CHANGELOG.md +0 -336
  49. data/CONTRIBUTING.md +0 -91
  50. data/Gemfile +0 -6
  51. data/LICENSE +0 -20
  52. data/README.md +0 -439
  53. data/Rakefile +0 -21
  54. data/UPGRADING.md +0 -22
  55. data/authlogic.gemspec +0 -40
  56. data/doc/use_normal_rails_validation.md +0 -82
  57. data/gemfiles/Gemfile.rails-4.2.x +0 -6
  58. data/gemfiles/Gemfile.rails-5.1.x +0 -6
  59. data/gemfiles/Gemfile.rails-5.2.x +0 -6
  60. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +0 -106
  61. data/lib/authlogic/acts_as_authentic/validations_scope.rb +0 -35
  62. data/lib/authlogic/authenticates_many/association.rb +0 -50
  63. data/lib/authlogic/authenticates_many/base.rb +0 -81
  64. data/lib/authlogic/crypto_providers/aes256.rb +0 -71
  65. data/lib/authlogic/crypto_providers/wordpress.rb +0 -72
  66. data/lib/authlogic/regex.rb +0 -79
  67. data/lib/authlogic/session/activation.rb +0 -73
  68. data/lib/authlogic/session/active_record_trickery.rb +0 -65
  69. data/lib/authlogic/session/brute_force_protection.rb +0 -127
  70. data/lib/authlogic/session/callbacks.rb +0 -153
  71. data/lib/authlogic/session/cookies.rb +0 -329
  72. data/lib/authlogic/session/existence.rb +0 -103
  73. data/lib/authlogic/session/foundation.rb +0 -105
  74. data/lib/authlogic/session/http_auth.rb +0 -107
  75. data/lib/authlogic/session/id.rb +0 -53
  76. data/lib/authlogic/session/klass.rb +0 -73
  77. data/lib/authlogic/session/magic_columns.rb +0 -119
  78. data/lib/authlogic/session/magic_states.rb +0 -82
  79. data/lib/authlogic/session/params.rb +0 -130
  80. data/lib/authlogic/session/password.rb +0 -318
  81. data/lib/authlogic/session/perishable_token.rb +0 -24
  82. data/lib/authlogic/session/persistence.rb +0 -77
  83. data/lib/authlogic/session/priority_record.rb +0 -38
  84. data/lib/authlogic/session/scopes.rb +0 -138
  85. data/lib/authlogic/session/session.rb +0 -77
  86. data/lib/authlogic/session/timeout.rb +0 -103
  87. data/lib/authlogic/session/unauthorized_record.rb +0 -56
  88. data/lib/authlogic/session/validation.rb +0 -93
  89. data/test/acts_as_authentic_test/base_test.rb +0 -27
  90. data/test/acts_as_authentic_test/email_test.rb +0 -241
  91. data/test/acts_as_authentic_test/logged_in_status_test.rb +0 -64
  92. data/test/acts_as_authentic_test/login_test.rb +0 -153
  93. data/test/acts_as_authentic_test/magic_columns_test.rb +0 -29
  94. data/test/acts_as_authentic_test/password_test.rb +0 -263
  95. data/test/acts_as_authentic_test/perishable_token_test.rb +0 -98
  96. data/test/acts_as_authentic_test/persistence_token_test.rb +0 -62
  97. data/test/acts_as_authentic_test/restful_authentication_test.rb +0 -48
  98. data/test/acts_as_authentic_test/session_maintenance_test.rb +0 -150
  99. data/test/acts_as_authentic_test/single_access_test.rb +0 -46
  100. data/test/adapter_test.rb +0 -23
  101. data/test/authenticates_many_test.rb +0 -33
  102. data/test/config_test.rb +0 -38
  103. data/test/crypto_provider_test/aes256_test.rb +0 -16
  104. data/test/crypto_provider_test/bcrypt_test.rb +0 -16
  105. data/test/crypto_provider_test/scrypt_test.rb +0 -16
  106. data/test/crypto_provider_test/sha1_test.rb +0 -25
  107. data/test/crypto_provider_test/sha256_test.rb +0 -16
  108. data/test/crypto_provider_test/sha512_test.rb +0 -16
  109. data/test/crypto_provider_test/wordpress_test.rb +0 -26
  110. data/test/fixtures/companies.yml +0 -5
  111. data/test/fixtures/employees.yml +0 -17
  112. data/test/fixtures/projects.yml +0 -3
  113. data/test/fixtures/users.yml +0 -41
  114. data/test/i18n/lol.yml +0 -4
  115. data/test/i18n_test.rb +0 -35
  116. data/test/libs/affiliate.rb +0 -9
  117. data/test/libs/company.rb +0 -8
  118. data/test/libs/employee.rb +0 -9
  119. data/test/libs/employee_session.rb +0 -4
  120. data/test/libs/ldaper.rb +0 -5
  121. data/test/libs/project.rb +0 -5
  122. data/test/libs/user.rb +0 -9
  123. data/test/libs/user_session.rb +0 -27
  124. data/test/random_test.rb +0 -15
  125. data/test/session_test/activation_test.rb +0 -45
  126. data/test/session_test/active_record_trickery_test.rb +0 -78
  127. data/test/session_test/brute_force_protection_test.rb +0 -110
  128. data/test/session_test/callbacks_test.rb +0 -42
  129. data/test/session_test/cookies_test.rb +0 -242
  130. data/test/session_test/credentials_test.rb +0 -0
  131. data/test/session_test/existence_test.rb +0 -88
  132. data/test/session_test/foundation_test.rb +0 -24
  133. data/test/session_test/http_auth_test.rb +0 -60
  134. data/test/session_test/id_test.rb +0 -19
  135. data/test/session_test/klass_test.rb +0 -42
  136. data/test/session_test/magic_columns_test.rb +0 -62
  137. data/test/session_test/magic_states_test.rb +0 -60
  138. data/test/session_test/params_test.rb +0 -61
  139. data/test/session_test/password_test.rb +0 -107
  140. data/test/session_test/perishability_test.rb +0 -17
  141. data/test/session_test/persistence_test.rb +0 -35
  142. data/test/session_test/scopes_test.rb +0 -68
  143. data/test/session_test/session_test.rb +0 -80
  144. data/test/session_test/timeout_test.rb +0 -84
  145. data/test/session_test/unauthorized_record_test.rb +0 -15
  146. data/test/session_test/validation_test.rb +0 -25
  147. data/test/test_helper.rb +0 -272
@@ -1,42 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- class CallbacksTest < ActiveSupport::TestCase
7
- def setup
8
- WackyUserSession.reset_callbacks(:persist)
9
- end
10
-
11
- def test_no_callbacks
12
- assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
13
- session = WackyUserSession.new
14
- session.send(:persist)
15
- assert_equal 0, session.counter
16
- end
17
-
18
- def test_true_callback_cancelling_later_callbacks
19
- WackyUserSession.persist :persist_by_true, :persist_by_false
20
- assert_equal(
21
- %i[persist_by_true persist_by_false],
22
- WackyUserSession._persist_callbacks.map(&:filter)
23
- )
24
-
25
- session = WackyUserSession.new
26
- session.send(:persist)
27
- assert_equal 1, session.counter
28
- end
29
-
30
- def test_false_callback_continuing_to_later_callbacks
31
- WackyUserSession.persist :persist_by_false, :persist_by_true
32
- assert_equal(
33
- %i[persist_by_false persist_by_true],
34
- WackyUserSession._persist_callbacks.map(&:filter)
35
- )
36
-
37
- session = WackyUserSession.new
38
- session.send(:persist)
39
- assert_equal 2, session.counter
40
- end
41
- end
42
- end
@@ -1,242 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- module CookiesTest
7
- class ConfigTest < ActiveSupport::TestCase
8
- def test_cookie_key
9
- UserSession.cookie_key = "my_cookie_key"
10
- assert_equal "my_cookie_key", UserSession.cookie_key
11
-
12
- UserSession.cookie_key "user_credentials"
13
- assert_equal "user_credentials", UserSession.cookie_key
14
- end
15
-
16
- def test_default_cookie_key
17
- assert_equal "user_credentials", UserSession.cookie_key
18
- assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
19
- end
20
-
21
- def test_remember_me
22
- UserSession.remember_me = true
23
- assert_equal true, UserSession.remember_me
24
- session = UserSession.new
25
- assert_equal true, session.remember_me
26
-
27
- UserSession.remember_me false
28
- assert_equal false, UserSession.remember_me
29
- session = UserSession.new
30
- assert_equal false, session.remember_me
31
- end
32
-
33
- def test_remember_me_for
34
- UserSession.remember_me_for = 3.years
35
- assert_equal 3.years, UserSession.remember_me_for
36
- session = UserSession.new
37
- session.remember_me = true
38
- assert_equal 3.years, session.remember_me_for
39
-
40
- UserSession.remember_me_for 3.months
41
- assert_equal 3.months, UserSession.remember_me_for
42
- session = UserSession.new
43
- session.remember_me = true
44
- assert_equal 3.months, session.remember_me_for
45
- end
46
-
47
- def test_secure
48
- assert_equal true, UserSession.secure
49
- session = UserSession.new
50
- assert_equal true, session.secure
51
-
52
- UserSession.secure false
53
- assert_equal false, UserSession.secure
54
- session = UserSession.new
55
- assert_equal false, session.secure
56
- end
57
-
58
- def test_httponly
59
- assert_equal true, UserSession.httponly
60
- session = UserSession.new
61
- assert_equal true, session.httponly
62
-
63
- UserSession.httponly false
64
- assert_equal false, UserSession.httponly
65
- session = UserSession.new
66
- assert_equal false, session.httponly
67
- end
68
-
69
- def test_same_site
70
- assert_nil UserSession.same_site
71
- assert_nil UserSession.new.same_site
72
-
73
- UserSession.same_site "Strict"
74
- assert_equal "Strict", UserSession.same_site
75
- session = UserSession.new
76
- assert_equal "Strict", session.same_site
77
- session.same_site = "Lax"
78
- assert_equal "Lax", session.same_site
79
-
80
- assert_raise(ArgumentError) { UserSession.same_site "foo" }
81
- assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
82
- end
83
-
84
- def test_sign_cookie
85
- UserSession.sign_cookie = true
86
- assert_equal true, UserSession.sign_cookie
87
- session = UserSession.new
88
- assert_equal true, session.sign_cookie
89
-
90
- UserSession.sign_cookie false
91
- assert_equal false, UserSession.sign_cookie
92
- session = UserSession.new
93
- assert_equal false, session.sign_cookie
94
- end
95
- end
96
-
97
- class InstanceMethodsTest < ActiveSupport::TestCase
98
- def test_credentials
99
- session = UserSession.new
100
- session.credentials = { remember_me: true }
101
- assert_equal true, session.remember_me
102
- end
103
-
104
- def test_remember_me
105
- session = UserSession.new
106
- assert_equal false, session.remember_me
107
- refute session.remember_me?
108
-
109
- session.remember_me = false
110
- assert_equal false, session.remember_me
111
- refute session.remember_me?
112
-
113
- session.remember_me = true
114
- assert_equal true, session.remember_me
115
- assert session.remember_me?
116
-
117
- session.remember_me = nil
118
- assert_nil session.remember_me
119
- refute session.remember_me?
120
-
121
- session.remember_me = "1"
122
- assert_equal "1", session.remember_me
123
- assert session.remember_me?
124
-
125
- session.remember_me = "true"
126
- assert_equal "true", session.remember_me
127
- assert session.remember_me?
128
- end
129
-
130
- def test_remember_me_until
131
- session = UserSession.new
132
- assert_nil session.remember_me_until
133
-
134
- session.remember_me = true
135
- assert 3.months.from_now <= session.remember_me_until
136
- end
137
-
138
- def test_persist_persist_by_cookie
139
- ben = users(:ben)
140
- refute UserSession.find
141
- set_cookie_for(ben)
142
- assert session = UserSession.find
143
- assert_equal ben, session.record
144
- end
145
-
146
- def test_persist_persist_by_cookie_with_blank_persistence_token
147
- ben = users(:ben)
148
- ben.update_column(:persistence_token, "")
149
- refute UserSession.find
150
- set_cookie_for(ben)
151
- refute UserSession.find
152
- end
153
-
154
- def test_remember_me_expired
155
- ben = users(:ben)
156
- session = UserSession.new(ben)
157
- session.remember_me = true
158
- assert session.save
159
- refute session.remember_me_expired?
160
-
161
- session = UserSession.new(ben)
162
- session.remember_me = false
163
- assert session.save
164
- refute session.remember_me_expired?
165
- end
166
-
167
- def test_after_save_save_cookie
168
- ben = users(:ben)
169
- session = UserSession.new(ben)
170
- assert session.save
171
- assert_equal(
172
- "#{ben.persistence_token}::#{ben.id}",
173
- controller.cookies["user_credentials"]
174
- )
175
- end
176
-
177
- def test_after_save_save_cookie_encrypted
178
- ben = users(:ben)
179
-
180
- assert_nil controller.cookies["user_credentials"]
181
- payload = "#{ben.persistence_token}::#{ben.id}"
182
-
183
- session = UserSession.new(ben)
184
- session.encrypt_cookie = true
185
- assert session.save
186
- assert_equal payload, controller.cookies.encrypted["user_credentials"]
187
- assert_equal(
188
- Authlogic::TestCase::MockEncryptedCookieJar.encrypt(payload),
189
- controller.cookies.encrypted.parent_jar["user_credentials"]
190
- )
191
- end
192
-
193
- def test_after_save_save_cookie_signed
194
- ben = users(:ben)
195
-
196
- assert_nil controller.cookies["user_credentials"]
197
- payload = "#{ben.persistence_token}::#{ben.id}"
198
-
199
- session = UserSession.new(ben)
200
- session.sign_cookie = true
201
- assert session.save
202
- assert_equal payload, controller.cookies.signed["user_credentials"]
203
- assert_equal(
204
- "#{payload}--#{Digest::SHA1.hexdigest payload}",
205
- controller.cookies.signed.parent_jar["user_credentials"]
206
- )
207
- end
208
-
209
- def test_after_save_save_cookie_with_remember_me
210
- Timecop.freeze do
211
- ben = users(:ben)
212
- session = UserSession.new(ben)
213
- session.remember_me = true
214
- assert session.save
215
- assert_equal(
216
- "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
217
- controller.cookies["user_credentials"]
218
- )
219
- end
220
- end
221
-
222
- def test_after_save_save_cookie_with_same_site
223
- session = UserSession.new(users(:ben))
224
- session.same_site = "Strict"
225
- assert session.save
226
- assert_equal(
227
- "Strict",
228
- controller.cookies.set_cookies["user_credentials"][:same_site]
229
- )
230
- end
231
-
232
- def test_after_destroy_destroy_cookie
233
- ben = users(:ben)
234
- set_cookie_for(ben)
235
- session = UserSession.find
236
- assert controller.cookies["user_credentials"]
237
- assert session.destroy
238
- refute controller.cookies["user_credentials"]
239
- end
240
- end
241
- end
242
- end
File without changes
@@ -1,88 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- module ExistenceTest
7
- class ClassMethodsTest < ActiveSupport::TestCase
8
- def test_create_with_good_credentials
9
- ben = users(:ben)
10
- session = UserSession.create(login: ben.login, password: "benrocks")
11
- refute session.new_session?
12
- end
13
-
14
- def test_create_with_bad_credentials
15
- session = UserSession.create(login: "somelogin", password: "badpw2")
16
- assert session.new_session?
17
- end
18
-
19
- def test_create_bang
20
- ben = users(:ben)
21
- err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
22
- UserSession.create!(login: ben.login, password: "badpw")
23
- end
24
- assert_includes err.message, "Password is not valid"
25
- refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
26
- end
27
- end
28
-
29
- class InstanceMethodsTest < ActiveSupport::TestCase
30
- def test_new_session
31
- session = UserSession.new
32
- assert session.new_session?
33
-
34
- set_session_for(users(:ben))
35
- session = UserSession.find
36
- refute session.new_session?
37
- end
38
-
39
- def test_save_with_nothing
40
- session = UserSession.new
41
- refute session.save
42
- assert session.new_session?
43
- end
44
-
45
- def test_save_with_block
46
- session = UserSession.new
47
- block_result = session.save do |result|
48
- refute result
49
- end
50
- refute block_result
51
- assert session.new_session?
52
- end
53
-
54
- def test_save_with_bang
55
- session = UserSession.new
56
- assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
57
-
58
- session.unauthorized_record = users(:ben)
59
- assert_nothing_raised { session.save! }
60
- end
61
-
62
- def test_destroy
63
- ben = users(:ben)
64
- session = UserSession.new
65
- refute session.valid?
66
- refute session.errors.empty?
67
- assert session.destroy
68
- assert session.errors.empty?
69
- session.unauthorized_record = ben
70
- assert session.save
71
- assert session.record
72
- assert session.destroy
73
- refute session.record
74
- end
75
- end
76
-
77
- class SessionInvalidErrorTest < ActiveSupport::TestCase
78
- def test_message
79
- session = UserSession.new
80
- assert !session.valid?
81
- error = Authlogic::Session::Existence::SessionInvalidError.new(session)
82
- message = "Your session is invalid and has the following errors: " +
83
- session.errors.full_messages.to_sentence
84
- assert_equal message, error.message
85
- end
86
- end
87
- end
88
- end
@@ -1,24 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- # We forbid the use of AC::Parameters, and we have a test to that effect, but we
6
- # do not want a development dependency on `actionpack`, so we define it here.
7
- module ActionController
8
- class Parameters; end
9
- end
10
-
11
- module SessionTest
12
- class FoundationTest < ActiveSupport::TestCase
13
- def test_credentials_raise_if_not_a_hash
14
- session = UserSession.new
15
- e = assert_raises(TypeError) {
16
- session.credentials = ActionController::Parameters.new
17
- }
18
- assert_equal(
19
- ::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
20
- e.message
21
- )
22
- end
23
- end
24
- end
@@ -1,60 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "test_helper"
4
-
5
- module SessionTest
6
- class HttpAuthTest < ActiveSupport::TestCase
7
- class ConfigTest < ActiveSupport::TestCase
8
- def test_allow_http_basic_auth
9
- UserSession.allow_http_basic_auth = false
10
- assert_equal false, UserSession.allow_http_basic_auth
11
-
12
- UserSession.allow_http_basic_auth true
13
- assert_equal true, UserSession.allow_http_basic_auth
14
- end
15
-
16
- def test_request_http_basic_auth
17
- UserSession.request_http_basic_auth = true
18
- assert_equal true, UserSession.request_http_basic_auth
19
-
20
- UserSession.request_http_basic_auth = false
21
- assert_equal false, UserSession.request_http_basic_auth
22
- end
23
-
24
- def test_http_basic_auth_realm
25
- assert_equal "Application", UserSession.http_basic_auth_realm
26
- UserSession.http_basic_auth_realm = "TestRealm"
27
- assert_equal "TestRealm", UserSession.http_basic_auth_realm
28
- end
29
- end
30
-
31
- class InstanceMethodsTest < ActiveSupport::TestCase
32
- def test_persist_persist_by_http_auth
33
- UserSession.allow_http_basic_auth = true
34
-
35
- aaron = users(:aaron)
36
- http_basic_auth_for do
37
- refute UserSession.find
38
- end
39
- http_basic_auth_for(aaron) do
40
- assert session = UserSession.find
41
- assert_equal aaron, session.record
42
- assert_equal aaron.login, session.login
43
- assert_equal "aaronrocks", session.send(:protected_password)
44
- refute controller.http_auth_requested?
45
- end
46
- unset_session
47
- UserSession.request_http_basic_auth = true
48
- UserSession.http_basic_auth_realm = "PersistTestRealm"
49
- http_basic_auth_for(aaron) do
50
- assert session = UserSession.find
51
- assert_equal aaron, session.record
52
- assert_equal aaron.login, session.login
53
- assert_equal "aaronrocks", session.send(:protected_password)
54
- assert_equal "PersistTestRealm", controller.realm
55
- assert controller.http_auth_requested?
56
- end
57
- end
58
- end
59
- end
60
- end