authlogic 4.5.0 → 6.4.2

data/test/session_test/params_test.rb

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module ParamsTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_params_key
-        UserSession.params_key = "my_params_key"
-        assert_equal "my_params_key", UserSession.params_key
-
-        UserSession.params_key "user_credentials"
-        assert_equal "user_credentials", UserSession.params_key
-      end
-
-      def test_single_access_allowed_request_types
-        UserSession.single_access_allowed_request_types = ["my request type"]
-        assert_equal ["my request type"], UserSession.single_access_allowed_request_types
-        UserSession.single_access_allowed_request_types(
-          ["application/rss+xml", "application/atom+xml"]
-        )
-        assert_equal(
-          ["application/rss+xml", "application/atom+xml"],
-          UserSession.single_access_allowed_request_types
-        )
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_params
-        ben = users(:ben)
-        session = UserSession.new
-
-        refute session.persisting?
-        set_params_for(ben)
-
-        refute session.persisting?
-        refute session.unauthorized_record
-        refute session.record
-        assert_nil controller.session["user_credentials"]
-
-        set_request_content_type("text/plain")
-        refute session.persisting?
-        refute session.unauthorized_record
-        assert_nil controller.session["user_credentials"]
-
-        set_request_content_type("application/atom+xml")
-        assert session.persisting?
-        assert_equal ben, session.record
-
-        # should not persist since this is single access
-        assert_nil controller.session["user_credentials"]
-
-        set_request_content_type("application/rss+xml")
-        assert session.persisting?
-        assert_equal ben, session.unauthorized_record
-        assert_nil controller.session["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/password_test.rb

@@ -1,107 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module PasswordTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_find_by_login_method
-        UserSession.find_by_login_method = "my_login_method"
-        assert_equal "my_login_method", UserSession.find_by_login_method
-
-        UserSession.find_by_login_method "find_by_login"
-        assert_equal "find_by_login", UserSession.find_by_login_method
-      end
-
-      def test_verify_password_method
-        UserSession.verify_password_method = "my_login_method"
-        assert_equal "my_login_method", UserSession.verify_password_method
-
-        UserSession.verify_password_method "valid_password?"
-        assert_equal "valid_password?", UserSession.verify_password_method
-      end
-
-      def test_generalize_credentials_error_mesages_set_to_false
-        UserSession.generalize_credentials_error_messages false
-        refute UserSession.generalize_credentials_error_messages
-        session = UserSession.create(login: users(:ben).login, password: "invalud-password")
-        assert_equal ["Password is not valid"], session.errors.full_messages
-      end
-
-      def test_generalize_credentials_error_messages_set_to_true
-        UserSession.generalize_credentials_error_messages true
-        assert UserSession.generalize_credentials_error_messages
-        session = UserSession.create(login: users(:ben).login, password: "invalud-password")
-        assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
-      end
-
-      def test_generalize_credentials_error_messages_set_to_string
-        UserSession.generalize_credentials_error_messages = "Custom Error Message"
-        assert UserSession.generalize_credentials_error_messages
-        session = UserSession.create(login: users(:ben).login, password: "invalud-password")
-        assert_equal ["Custom Error Message"], session.errors.full_messages
-      end
-
-      def test_login_field
-        UserSession.configured_password_methods = false
-        UserSession.login_field = :saweet
-        assert_equal :saweet, UserSession.login_field
-        session = UserSession.new
-        assert session.respond_to?(:saweet)
-
-        UserSession.login_field :login
-        assert_equal :login, UserSession.login_field
-        session = UserSession.new
-        assert session.respond_to?(:login)
-      end
-
-      def test_password_field
-        UserSession.configured_password_methods = false
-        UserSession.password_field = :saweet
-        assert_equal :saweet, UserSession.password_field
-        session = UserSession.new
-        assert session.respond_to?(:saweet)
-
-        UserSession.password_field :password
-        assert_equal :password, UserSession.password_field
-        session = UserSession.new
-        assert session.respond_to?(:password)
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_init
-        session = UserSession.new
-        assert session.respond_to?(:login)
-        assert session.respond_to?(:login=)
-        assert session.respond_to?(:password)
-        assert session.respond_to?(:password=)
-        assert session.respond_to?(:protected_password, true)
-      end
-
-      def test_credentials
-        session = UserSession.new
-        session.credentials = { login: "login", password: "pass" }
-        assert_equal "login", session.login
-        assert_nil session.password
-        assert_equal "pass", session.send(:protected_password)
-        assert_equal({ password: "<protected>", login: "login" }, session.credentials)
-      end
-
-      def test_credentials_are_params_safe
-        session = UserSession.new
-        assert_nothing_raised { session.credentials = { hacker_method: "error!" } }
-      end
-
-      def test_save_with_credentials
-        aaron = users(:aaron)
-        session = UserSession.new(login: aaron.login, password: "aaronrocks")
-        assert session.save
-        refute session.new_session?
-        assert_equal 1, session.record.login_count
-        assert Time.now >= session.record.current_login_at
-        assert_equal "1.1.1.1", session.record.current_login_ip
-      end
-    end
-  end
-end

data/test/session_test/perishability_test.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class PerishabilityTest < ActiveSupport::TestCase
-    def test_after_save
-      ben = users(:ben)
-      old_perishable_token = ben.perishable_token
-      UserSession.create(ben)
-      assert_not_equal old_perishable_token, ben.perishable_token
-
-      drew = employees(:drew)
-      refute UserSession.create(drew).new_session?
-    end
-  end
-end

data/test/session_test/persistence_test.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class PersistenceTest < ActiveSupport::TestCase
-    def test_find
-      aaron = users(:aaron)
-      refute UserSession.find
-      UserSession.allow_http_basic_auth = true
-      http_basic_auth_for(aaron) { assert UserSession.find }
-      set_cookie_for(aaron)
-      assert UserSession.find
-      unset_cookie
-      set_session_for(aaron)
-      session = UserSession.find
-      assert session
-    end
-
-    def test_persisting
-      # tested thoroughly in test_find
-    end
-
-    def test_should_set_remember_me_on_the_next_request
-      aaron = users(:aaron)
-      session = UserSession.new(aaron)
-      session.remember_me = true
-      refute UserSession.remember_me
-      assert session.save
-      assert session.remember_me?
-      session = UserSession.find(aaron)
-      assert session.remember_me?
-    end
-  end
-end

data/test/session_test/scopes_test.rb

@@ -1,68 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class ScopesTest < ActiveSupport::TestCase
-    def test_scope_method
-      assert_nil Authlogic::Session::Base.scope
-
-      thread1 = Thread.new do
-        scope = { id: :scope1 }
-        Authlogic::Session::Base.send(:scope=, scope)
-        assert_equal scope, Authlogic::Session::Base.scope
-      end
-      thread1.join
-
-      assert_nil Authlogic::Session::Base.scope
-
-      thread2 = Thread.new do
-        scope = { id: :scope2 }
-        Authlogic::Session::Base.send(:scope=, scope)
-        assert_equal scope, Authlogic::Session::Base.scope
-      end
-      thread2.join
-
-      assert_nil Authlogic::Session::Base.scope
-    end
-
-    def test_with_scope_method
-      assert_raise(ArgumentError) { UserSession.with_scope }
-
-      UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
-        assert_equal(
-          { find_options: { conditions: "awesome = 1" }, id: "some_id" },
-          UserSession.scope
-        )
-      end
-
-      assert_nil UserSession.scope
-    end
-
-    def test_initialize
-      UserSession.with_scope(find_options: { conditions: "awesome = 1" }, id: "some_id") do
-        session = UserSession.new
-        assert_equal(
-          { find_options: { conditions: "awesome = 1" }, id: "some_id" },
-          session.scope
-        )
-        session.id = :another_id
-        assert_equal "another_id_some_id_test", session.send(:build_key, "test")
-      end
-    end
-
-    def test_search_for_record_with_scopes
-      binary_logic = companies(:binary_logic)
-      ben = users(:ben)
-      zack = users(:zack)
-
-      session = UserSession.new
-      assert_equal zack, session.send(:search_for_record, "find_by_login", zack.login)
-
-      session.scope = { find_options: { conditions: ["company_id = ?", binary_logic.id] } }
-      assert_nil session.send(:search_for_record, "find_by_login", zack.login)
-
-      assert_equal ben, session.send(:search_for_record, "find_by_login", ben.login)
-    end
-  end
-end

data/test/session_test/session_test.rb

@@ -1,80 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module SessionTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_session_key
-        UserSession.session_key = "my_session_key"
-        assert_equal "my_session_key", UserSession.session_key
-
-        UserSession.session_key "user_credentials"
-        assert_equal "user_credentials", UserSession.session_key
-      end
-    end
-
-    class InstanceMethodsTest < ActiveSupport::TestCase
-      def test_persist_persist_by_session
-        ben = users(:ben)
-        set_session_for(ben)
-        assert session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_persist_persist_by_session_with_session_fixation_attack
-        ben = users(:ben)
-        controller.session["user_credentials"] = "neo"
-        controller.session["user_credentials_id"] = {
-          select: " *,'neo' AS persistence_token FROM users WHERE id = #{ben.id} limit 1 -- "
-        }
-        @user_session = UserSession.find
-        assert @user_session.blank?
-      end
-
-      def test_persist_persist_by_session_with_sql_injection_attack
-        controller.session["user_credentials"] = { select: "ABRA CADABRA" }
-        controller.session["user_credentials_id"] = nil
-        assert_nothing_raised do
-          @user_session = UserSession.find
-        end
-        assert @user_session.blank?
-      end
-
-      def test_persist_persist_by_session_with_token_only
-        ben = users(:ben)
-        set_session_for(ben)
-        controller.session["user_credentials_id"] = nil
-        session = UserSession.find
-        assert_equal ben, session.record
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_after_save_update_session
-        ben = users(:ben)
-        session = UserSession.new(ben)
-        assert controller.session["user_credentials"].blank?
-        assert session.save
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-
-      def test_after_destroy_update_session
-        ben = users(:ben)
-        set_session_for(ben)
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-        assert session = UserSession.find
-        assert session.destroy
-        assert controller.session["user_credentials"].blank?
-      end
-
-      def test_after_persisting_update_session
-        ben = users(:ben)
-        set_cookie_for(ben)
-        assert controller.session["user_credentials"].blank?
-        assert UserSession.find
-        assert_equal ben.persistence_token, controller.session["user_credentials"]
-      end
-    end
-  end
-end

data/test/session_test/timeout_test.rb

@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  module TimeoutTest
-    class ConfigTest < ActiveSupport::TestCase
-      def test_logout_on_timeout
-        UserSession.logout_on_timeout = true
-        assert UserSession.logout_on_timeout
-
-        UserSession.logout_on_timeout false
-        refute UserSession.logout_on_timeout
-      end
-    end
-
-    class InstanceMethods < ActiveSupport::TestCase
-      def test_stale_state
-        UserSession.logout_on_timeout = true
-        ben = users(:ben)
-        ben.last_request_at = 3.years.ago
-        ben.save
-        set_session_for(ben)
-
-        session = UserSession.new
-        assert session.persisting?
-        assert session.stale?
-        assert_equal ben, session.stale_record
-        assert_nil session.record
-        assert_nil controller.session["user_credentials_id"]
-
-        set_session_for(ben)
-
-        ben.last_request_at = Time.now
-        ben.save
-
-        assert session.persisting?
-        refute session.stale?
-        assert_nil session.stale_record
-
-        UserSession.logout_on_timeout = false
-      end
-
-      def test_should_be_stale_with_expired_remember_date
-        UserSession.logout_on_timeout = true
-        UserSession.remember_me = true
-        UserSession.remember_me_for = 3.months
-        ben = users(:ben)
-        assert ben.save
-        session = UserSession.new(ben)
-        assert session.save
-        Timecop.freeze(Time.now + 4.month)
-        assert session.persisting?
-        assert session.stale?
-        UserSession.remember_me = false
-      end
-
-      def test_should_not_be_stale_with_valid_remember_date
-        UserSession.logout_on_timeout = true # Default is 10.minutes
-        UserSession.remember_me = true
-        UserSession.remember_me_for = 3.months
-        ben = users(:ben)
-        assert ben.save
-        session = UserSession.new(ben)
-        assert session.save
-        Timecop.freeze(Time.now + 2.months)
-        assert session.persisting?
-        refute session.stale?
-        UserSession.remember_me = false
-      end
-
-      def test_successful_login
-        UserSession.logout_on_timeout = true
-        ben = users(:ben)
-        session = UserSession.create(login: ben.login, password: "benrocks")
-        refute session.new_session?
-        session = UserSession.find
-        assert session
-        assert_equal ben, session.record
-        UserSession.logout_on_timeout = false
-      end
-    end
-  end
-end

data/test/session_test/unauthorized_record_test.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class UnauthorizedRecordTest < ActiveSupport::TestCase
-    def test_credentials
-      ben = users(:ben)
-      session = UserSession.new
-      session.credentials = [ben]
-      assert_equal ben, session.unauthorized_record
-      assert_equal({ unauthorized_record: "<protected>" }, session.credentials)
-    end
-  end
-end

data/test/session_test/validation_test.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module SessionTest
-  class ValidationTest < ActiveSupport::TestCase
-    def test_errors
-      session = UserSession.new
-      assert session.errors.is_a?(Authlogic::Session::Validation::Errors)
-    end
-
-    def test_valid
-      session = UserSession.new
-      refute session.valid?
-      assert_nil session.record
-      assert session.errors.count > 0
-
-      ben = users(:ben)
-      session.unauthorized_record = ben
-      assert session.valid?
-      assert_equal ben, session.attempted_record
-      assert session.errors.empty?
-    end
-  end
-end