authlogic 4.5.0 → 6.4.2

data/test/session_test/callbacks_test.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class CallbacksTest < ActiveSupport::TestCase
-    def setup
-      WackyUserSession.reset_callbacks(:persist)
-    end
-
-    def test_no_callbacks
-      assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 0, session.counter
-    end
-
-    def test_true_callback_cancelling_later_callbacks
-      WackyUserSession.persist :persist_by_true, :persist_by_false
-      assert_equal(
-        %i[persist_by_true persist_by_false],
-        WackyUserSession._persist_callbacks.map(&:filter)
-      )
-
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 1, session.counter
-    end
-
-    def test_false_callback_continuing_to_later_callbacks
-      WackyUserSession.persist :persist_by_false, :persist_by_true
-      assert_equal(
-        %i[persist_by_false persist_by_true],
-        WackyUserSession._persist_callbacks.map(&:filter)
-      )
-
-      session = WackyUserSession.new
-      session.send(:persist)
-      assert_equal 2, session.counter
-    end
-  end
-end

data/test/session_test/cookies_test.rb

@@ -1,244 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module CookiesTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_cookie_key
-        UserSession.cookie_key = "my_cookie_key"
-        assert_equal "my_cookie_key", UserSession.cookie_key
-
-        UserSession.cookie_key "user_credentials"
-        assert_equal "user_credentials", UserSession.cookie_key
-      end
-
-      def test_default_cookie_key
-        assert_equal "user_credentials", UserSession.cookie_key
-        assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
-      end
-
-      def test_remember_me
-        UserSession.remember_me = true
-        assert_equal true, UserSession.remember_me
-        session = UserSession.new
-        assert_equal true, session.remember_me
-
-        UserSession.remember_me false
-        assert_equal false, UserSession.remember_me
-        session = UserSession.new
-        assert_equal false, session.remember_me
-      end
-
-      def test_remember_me_for
-        UserSession.remember_me_for = 3.years
-        assert_equal 3.years, UserSession.remember_me_for
-        session = UserSession.new
-        session.remember_me = true
-        assert_equal 3.years, session.remember_me_for
-
-        UserSession.remember_me_for 3.months
-        assert_equal 3.months, UserSession.remember_me_for
-        session = UserSession.new
-        session.remember_me = true
-        assert_equal 3.months, session.remember_me_for
-      end
-
-      def test_secure
-        assert_equal true, UserSession.secure
-        session = UserSession.new
-        assert_equal true, session.secure
-
-        UserSession.secure false
-        assert_equal false, UserSession.secure
-        session = UserSession.new
-        assert_equal false, session.secure
-      end
-
-      def test_httponly
-        assert_equal true, UserSession.httponly
-        session = UserSession.new
-        assert_equal true, session.httponly
-
-        UserSession.httponly false
-        assert_equal false, UserSession.httponly
-        session = UserSession.new
-        assert_equal false, session.httponly
-      end
-
-      def test_same_site
-        assert_nil UserSession.same_site
-        assert_nil UserSession.new.same_site
-
-        UserSession.same_site "Strict"
-        assert_equal "Strict", UserSession.same_site
-        session = UserSession.new
-        assert_equal "Strict", session.same_site
-        session.same_site = "Lax"
-        assert_equal "Lax", session.same_site
-        session.same_site = "None"
-        assert_equal "None", session.same_site
-
-        assert_raise(ArgumentError) { UserSession.same_site "foo" }
-        assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
-      end
-
-      def test_sign_cookie
-        UserSession.sign_cookie = true
-        assert_equal true, UserSession.sign_cookie
-        session = UserSession.new
-        assert_equal true, session.sign_cookie
-
-        UserSession.sign_cookie false
-        assert_equal false, UserSession.sign_cookie
-        session = UserSession.new
-        assert_equal false, session.sign_cookie
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_credentials
-        session = UserSession.new
-        session.credentials = { remember_me: true }
-        assert_equal true, session.remember_me
-      end
-
-      def test_remember_me
-        session = UserSession.new
-        assert_equal false, session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = false
-        assert_equal false, session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = true
-        assert_equal true, session.remember_me
-        assert session.remember_me?
-
-        session.remember_me = nil
-        assert_nil session.remember_me
-        refute session.remember_me?
-
-        session.remember_me = "1"
-        assert_equal "1", session.remember_me
-        assert session.remember_me?
-
-        session.remember_me = "true"
-        assert_equal "true", session.remember_me
-        assert session.remember_me?
-      end
-
-      def test_remember_me_until
-        session = UserSession.new
-        assert_nil session.remember_me_until
-
-        session.remember_me = true
-        assert 3.months.from_now <= session.remember_me_until
-      end
-
-      def test_persist_persist_by_cookie
-        ben = users(:ben)
-        refute UserSession.find
-        set_cookie_for(ben)
-        assert session = UserSession.find
-        assert_equal ben, session.record
-      end
-
-      def test_persist_persist_by_cookie_with_blank_persistence_token
-        ben = users(:ben)
-        ben.update_column(:persistence_token, "")
-        refute UserSession.find
-        set_cookie_for(ben)
-        refute UserSession.find
-      end
-
-      def test_remember_me_expired
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        session.remember_me = true
-        assert session.save
-        refute session.remember_me_expired?
-
-        session = UserSession.new(ben)
-        session.remember_me = false
-        assert session.save
-        refute session.remember_me_expired?
-      end
-
-      def test_after_save_save_cookie
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert session.save
-        assert_equal(
-          "#{ben.persistence_token}::#{ben.id}",
-          controller.cookies["user_credentials"]
-        )
-      end
-
-      def test_after_save_save_cookie_encrypted
-        ben = users(:ben)
-
-        assert_nil controller.cookies["user_credentials"]
-        payload = "#{ben.persistence_token}::#{ben.id}"
-
-        session = UserSession.new(ben)
-        session.encrypt_cookie = true
-        assert session.save
-        assert_equal payload, controller.cookies.encrypted["user_credentials"]
-        assert_equal(
-          Authlogic::TestCase::MockEncryptedCookieJar.encrypt(payload),
-          controller.cookies.encrypted.parent_jar["user_credentials"]
-        )
-      end
-
-      def test_after_save_save_cookie_signed
-        ben = users(:ben)
-
-        assert_nil controller.cookies["user_credentials"]
-        payload = "#{ben.persistence_token}::#{ben.id}"
-
-        session = UserSession.new(ben)
-        session.sign_cookie = true
-        assert session.save
-        assert_equal payload, controller.cookies.signed["user_credentials"]
-        assert_equal(
-          "#{payload}--#{Digest::SHA1.hexdigest payload}",
-          controller.cookies.signed.parent_jar["user_credentials"]
-        )
-      end
-
-      def test_after_save_save_cookie_with_remember_me
-        Timecop.freeze do
-          ben = users(:ben)
-          session = UserSession.new(ben)
-          session.remember_me = true
-          assert session.save
-          assert_equal(
-            "#{ben.persistence_token}::#{ben.id}::#{session.remember_me_until.iso8601}",
-            controller.cookies["user_credentials"]
-          )
-        end
-      end
-
-      def test_after_save_save_cookie_with_same_site
-        session = UserSession.new(users(:ben))
-        session.same_site = "Strict"
-        assert session.save
-        assert_equal(
-          "Strict",
-          controller.cookies.set_cookies["user_credentials"][:same_site]
-        )
-      end
-
-      def test_after_destroy_destroy_cookie
-        ben = users(:ben)
-        set_cookie_for(ben)
-        session = UserSession.find
-        assert controller.cookies["user_credentials"]
-        assert session.destroy
-        refute controller.cookies["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/existence_test.rb

@@ -1,88 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module ExistenceTest
-    class ClassMethodsTest < ActiveSupport::TestCase
-      def test_create_with_good_credentials
-        ben = users(:ben)
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        refute session.new_session?
-      end
-
-      def test_create_with_bad_credentials
-        session = UserSession.create(login: "somelogin", password: "badpw2")
-        assert session.new_session?
-      end
-
-      def test_create_bang
-        ben = users(:ben)
-        err = assert_raise(Authlogic::Session::Existence::SessionInvalidError) do
-          UserSession.create!(login: ben.login, password: "badpw")
-        end
-        assert_includes err.message, "Password is not valid"
-        refute UserSession.create!(login: ben.login, password: "benrocks").new_session?
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_new_session
-        session = UserSession.new
-        assert session.new_session?
-
-        set_session_for(users(:ben))
-        session = UserSession.find
-        refute session.new_session?
-      end
-
-      def test_save_with_nothing
-        session = UserSession.new
-        refute session.save
-        assert session.new_session?
-      end
-
-      def test_save_with_block
-        session = UserSession.new
-        block_result = session.save do |result|
-          refute result
-        end
-        refute block_result
-        assert session.new_session?
-      end
-
-      def test_save_with_bang
-        session = UserSession.new
-        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
-
-        session.unauthorized_record = users(:ben)
-        assert_nothing_raised { session.save! }
-      end
-
-      def test_destroy
-        ben = users(:ben)
-        session = UserSession.new
-        refute session.valid?
-        refute session.errors.empty?
-        assert session.destroy
-        assert session.errors.empty?
-        session.unauthorized_record = ben
-        assert session.save
-        assert session.record
-        assert session.destroy
-        refute session.record
-      end
-    end
-
-    class SessionInvalidErrorTest < ActiveSupport::TestCase
-      def test_message
-        session = UserSession.new
-        assert !session.valid?
-        error = Authlogic::Session::Existence::SessionInvalidError.new(session)
-        message = "Your session is invalid and has the following errors: " +
-          session.errors.full_messages.to_sentence
-        assert_equal message, error.message
-      end
-    end
-  end
-end

data/test/session_test/foundation_test.rb

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-# We forbid the use of AC::Parameters, and we have a test to that effect, but we
-# do not want a development dependency on `actionpack`, so we define it here.
-module ActionController
-  class Parameters; end
-end
-
-module SessionTest
-  class FoundationTest < ActiveSupport::TestCase
-    def test_credentials_raise_if_not_a_hash
-      session = UserSession.new
-      e = assert_raises(TypeError) {
-        session.credentials = ActionController::Parameters.new
-      }
-      assert_equal(
-        ::Authlogic::Session::Foundation::InstanceMethods::E_AC_PARAMETERS,
-        e.message
-      )
-    end
-  end
-end

data/test/session_test/http_auth_test.rb

@@ -1,60 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class HttpAuthTest < ActiveSupport::TestCase
-    class ConfigTest < ActiveSupport::TestCase
-      def test_allow_http_basic_auth
-        UserSession.allow_http_basic_auth = false
-        assert_equal false, UserSession.allow_http_basic_auth
-
-        UserSession.allow_http_basic_auth true
-        assert_equal true, UserSession.allow_http_basic_auth
-      end
-
-      def test_request_http_basic_auth
-        UserSession.request_http_basic_auth = true
-        assert_equal true, UserSession.request_http_basic_auth
-
-        UserSession.request_http_basic_auth = false
-        assert_equal false, UserSession.request_http_basic_auth
-      end
-
-      def test_http_basic_auth_realm
-        assert_equal "Application", UserSession.http_basic_auth_realm
-        UserSession.http_basic_auth_realm = "TestRealm"
-        assert_equal "TestRealm", UserSession.http_basic_auth_realm
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_http_auth
-        UserSession.allow_http_basic_auth = true
-
-        aaron = users(:aaron)
-        http_basic_auth_for do
-          refute UserSession.find
-        end
-        http_basic_auth_for(aaron) do
-          assert session = UserSession.find
-          assert_equal aaron, session.record
-          assert_equal aaron.login, session.login
-          assert_equal "aaronrocks", session.send(:protected_password)
-          refute controller.http_auth_requested?
-        end
-        unset_session
-        UserSession.request_http_basic_auth = true
-        UserSession.http_basic_auth_realm = "PersistTestRealm"
-        http_basic_auth_for(aaron) do
-          assert session = UserSession.find
-          assert_equal aaron, session.record
-          assert_equal aaron.login, session.login
-          assert_equal "aaronrocks", session.send(:protected_password)
-          assert_equal "PersistTestRealm", controller.realm
-          assert controller.http_auth_requested?
-        end
-      end
-    end
-  end
-end

data/test/session_test/id_test.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class IdTest < ActiveSupport::TestCase
-    def test_credentials
-      session = UserSession.new
-      session.credentials = [:my_id]
-      assert_equal :my_id, session.id
-    end
-
-    def test_id
-      session = UserSession.new
-      session.id = :my_id
-      assert_equal :my_id, session.id
-    end
-  end
-end

data/test/session_test/klass_test.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module KlassTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_authenticate_with
-        UserSession.authenticate_with = Employee
-        assert_equal "Employee", UserSession.klass_name
-        assert_equal Employee, UserSession.klass
-
-        UserSession.authenticate_with User
-        assert_equal "User", UserSession.klass_name
-        assert_equal User, UserSession.klass
-      end
-
-      def test_klass
-        assert_equal User, UserSession.klass
-      end
-
-      def test_klass_name
-        assert_equal "User", UserSession.klass_name
-      end
-
-      def test_klass_name_uses_custom_name
-        assert_equal "User", UserSession.klass_name
-        assert_equal "BackOfficeUser", BackOfficeUserSession.klass_name
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_record_method
-        ben = users(:ben)
-        set_session_for(ben)
-        session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben, session.user
-      end
-    end
-  end
-end

data/test/session_test/magic_columns_test.rb

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module MagicColumnsTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_last_request_at_threshold_config
-        UserSession.last_request_at_threshold = 2.minutes
-        assert_equal 2.minutes, UserSession.last_request_at_threshold
-
-        UserSession.last_request_at_threshold 0
-        assert_equal 0, UserSession.last_request_at_threshold
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_after_persisting_set_last_request_at
-        ben = users(:ben)
-        refute UserSession.create(ben).new_session?
-
-        set_cookie_for(ben)
-        old_last_request_at = ben.last_request_at
-        assert UserSession.find
-        ben.reload
-        assert ben.last_request_at != old_last_request_at
-      end
-
-      def test_valid_increase_failed_login_count
-        ben = users(:ben)
-        old_failed_login_count = ben.failed_login_count
-        session = UserSession.create(login: ben.login, password: "wrong")
-        assert session.new_session?
-        ben.reload
-        assert_equal old_failed_login_count + 1, ben.failed_login_count
-      end
-
-      def test_before_save_update_info
-        aaron = users(:aaron)
-
-        # increase failed login count
-        session = UserSession.create(login: aaron.login, password: "wrong")
-        assert session.new_session?
-        aaron.reload
-        assert_equal 0, aaron.login_count
-        assert_nil aaron.current_login_at
-        assert_nil aaron.current_login_ip
-
-        session = UserSession.create(login: aaron.login, password: "aaronrocks")
-        assert session.valid?
-
-        aaron.reload
-        assert_equal 1, aaron.login_count
-        assert_equal 0, aaron.failed_login_count
-        assert_nil aaron.last_login_at
-        assert_not_nil aaron.current_login_at
-        assert_nil aaron.last_login_ip
-        assert_equal "1.1.1.1", aaron.current_login_ip
-      end
-    end
-  end
-end

data/test/session_test/magic_states_test.rb

@@ -1,60 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module SessionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_disable_magic_states_config
-        UserSession.disable_magic_states = true
-        assert_equal true, UserSession.disable_magic_states
-
-        UserSession.disable_magic_states false
-        assert_equal false, UserSession.disable_magic_states
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_disabling_magic_states
-        UserSession.disable_magic_states = true
-        ben = users(:ben)
-        ben.update_attribute(:active, false)
-        refute UserSession.create(ben).new_session?
-        UserSession.disable_magic_states = false
-      end
-
-      def test_validate_validate_magic_states_active
-        session = UserSession.new
-        ben = users(:ben)
-        session.unauthorized_record = ben
-        assert session.valid?
-
-        ben.update_attribute(:active, false)
-        refute session.valid?
-        refute session.errors[:base].empty?
-      end
-
-      def test_validate_validate_magic_states_approved
-        session = UserSession.new
-        ben = users(:ben)
-        session.unauthorized_record = ben
-        assert session.valid?
-
-        ben.update_attribute(:approved, false)
-        refute session.valid?
-        refute session.errors[:base].empty?
-      end
-
-      def test_validate_validate_magic_states_confirmed
-        session = UserSession.new
-        ben = users(:ben)
-        session.unauthorized_record = ben
-        assert session.valid?
-
-        ben.update_attribute(:confirmed, false)
-        refute session.valid?
-        refute session.errors[:base].empty?
-      end
-    end
-  end
-end