authlogic 4.5.0 → 6.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authlogic/acts_as_authentic/base.rb +19 -19
- data/lib/authlogic/acts_as_authentic/email.rb +3 -170
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +3 -1
- data/lib/authlogic/acts_as_authentic/login.rb +7 -174
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +7 -4
- data/lib/authlogic/acts_as_authentic/password.rb +67 -256
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +8 -5
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -4
- data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb +53 -0
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +36 -20
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +12 -8
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +10 -8
- data/lib/authlogic/config.rb +9 -1
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +28 -4
- data/lib/authlogic/controller_adapters/rack_adapter.rb +2 -0
- data/lib/authlogic/controller_adapters/rails_adapter.rb +7 -30
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +6 -0
- data/lib/authlogic/cookie_credentials.rb +63 -0
- data/lib/authlogic/crypto_providers/bcrypt.rb +3 -3
- data/lib/authlogic/crypto_providers/md5/v2.rb +35 -0
- data/lib/authlogic/crypto_providers/md5.rb +6 -6
- data/lib/authlogic/crypto_providers/scrypt.rb +2 -0
- data/lib/authlogic/crypto_providers/sha1/v2.rb +41 -0
- data/lib/authlogic/crypto_providers/sha1.rb +7 -6
- data/lib/authlogic/crypto_providers/sha256/v2.rb +58 -0
- data/lib/authlogic/crypto_providers/sha256.rb +5 -0
- data/lib/authlogic/crypto_providers/sha512/v2.rb +39 -0
- data/lib/authlogic/crypto_providers/sha512.rb +9 -5
- data/lib/authlogic/crypto_providers.rb +5 -20
- data/lib/authlogic/errors.rb +50 -0
- data/lib/authlogic/i18n/translator.rb +4 -1
- data/lib/authlogic/i18n.rb +3 -1
- data/lib/authlogic/random.rb +2 -0
- data/lib/authlogic/session/base.rb +2197 -39
- data/lib/authlogic/session/magic_column/assigns_last_request_at.rb +46 -0
- data/lib/authlogic/test_case/mock_api_controller.rb +52 -0
- data/lib/authlogic/test_case/mock_controller.rb +3 -1
- data/lib/authlogic/test_case/mock_cookie_jar.rb +32 -6
- data/lib/authlogic/test_case/mock_logger.rb +2 -0
- data/lib/authlogic/test_case/mock_request.rb +12 -0
- data/lib/authlogic/test_case/rails_request_adapter.rb +9 -1
- data/lib/authlogic/test_case.rb +5 -0
- data/lib/authlogic/version.rb +2 -1
- data/lib/authlogic.rb +5 -28
- metadata +175 -200
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -28
- data/.github/ISSUE_TEMPLATE/feature_proposal.md +0 -32
- data/.github/triage.md +0 -86
- data/.gitignore +0 -15
- data/.rubocop.yml +0 -133
- data/.rubocop_todo.yml +0 -74
- data/.travis.yml +0 -24
- data/CHANGELOG.md +0 -348
- data/CONTRIBUTING.md +0 -91
- data/Gemfile +0 -6
- data/LICENSE +0 -20
- data/README.md +0 -448
- data/Rakefile +0 -21
- data/UPGRADING.md +0 -22
- data/authlogic.gemspec +0 -40
- data/doc/use_normal_rails_validation.md +0 -82
- data/gemfiles/Gemfile.rails-4.2.x +0 -6
- data/gemfiles/Gemfile.rails-5.1.x +0 -6
- data/gemfiles/Gemfile.rails-5.2.x +0 -6
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +0 -106
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +0 -35
- data/lib/authlogic/authenticates_many/association.rb +0 -50
- data/lib/authlogic/authenticates_many/base.rb +0 -81
- data/lib/authlogic/crypto_providers/aes256.rb +0 -71
- data/lib/authlogic/crypto_providers/wordpress.rb +0 -72
- data/lib/authlogic/regex.rb +0 -79
- data/lib/authlogic/session/activation.rb +0 -73
- data/lib/authlogic/session/active_record_trickery.rb +0 -65
- data/lib/authlogic/session/brute_force_protection.rb +0 -127
- data/lib/authlogic/session/callbacks.rb +0 -153
- data/lib/authlogic/session/cookies.rb +0 -329
- data/lib/authlogic/session/existence.rb +0 -103
- data/lib/authlogic/session/foundation.rb +0 -105
- data/lib/authlogic/session/http_auth.rb +0 -107
- data/lib/authlogic/session/id.rb +0 -53
- data/lib/authlogic/session/klass.rb +0 -73
- data/lib/authlogic/session/magic_columns.rb +0 -119
- data/lib/authlogic/session/magic_states.rb +0 -82
- data/lib/authlogic/session/params.rb +0 -130
- data/lib/authlogic/session/password.rb +0 -318
- data/lib/authlogic/session/perishable_token.rb +0 -24
- data/lib/authlogic/session/persistence.rb +0 -77
- data/lib/authlogic/session/priority_record.rb +0 -38
- data/lib/authlogic/session/scopes.rb +0 -138
- data/lib/authlogic/session/session.rb +0 -77
- data/lib/authlogic/session/timeout.rb +0 -103
- data/lib/authlogic/session/unauthorized_record.rb +0 -56
- data/lib/authlogic/session/validation.rb +0 -93
- data/test/acts_as_authentic_test/base_test.rb +0 -27
- data/test/acts_as_authentic_test/email_test.rb +0 -241
- data/test/acts_as_authentic_test/logged_in_status_test.rb +0 -64
- data/test/acts_as_authentic_test/login_test.rb +0 -153
- data/test/acts_as_authentic_test/magic_columns_test.rb +0 -29
- data/test/acts_as_authentic_test/password_test.rb +0 -263
- data/test/acts_as_authentic_test/perishable_token_test.rb +0 -98
- data/test/acts_as_authentic_test/persistence_token_test.rb +0 -62
- data/test/acts_as_authentic_test/restful_authentication_test.rb +0 -48
- data/test/acts_as_authentic_test/session_maintenance_test.rb +0 -150
- data/test/acts_as_authentic_test/single_access_test.rb +0 -46
- data/test/adapter_test.rb +0 -23
- data/test/authenticates_many_test.rb +0 -33
- data/test/config_test.rb +0 -38
- data/test/crypto_provider_test/aes256_test.rb +0 -16
- data/test/crypto_provider_test/bcrypt_test.rb +0 -16
- data/test/crypto_provider_test/scrypt_test.rb +0 -16
- data/test/crypto_provider_test/sha1_test.rb +0 -25
- data/test/crypto_provider_test/sha256_test.rb +0 -16
- data/test/crypto_provider_test/sha512_test.rb +0 -16
- data/test/crypto_provider_test/wordpress_test.rb +0 -26
- data/test/fixtures/companies.yml +0 -5
- data/test/fixtures/employees.yml +0 -17
- data/test/fixtures/projects.yml +0 -3
- data/test/fixtures/users.yml +0 -41
- data/test/i18n/lol.yml +0 -4
- data/test/i18n_test.rb +0 -35
- data/test/libs/affiliate.rb +0 -9
- data/test/libs/company.rb +0 -8
- data/test/libs/employee.rb +0 -9
- data/test/libs/employee_session.rb +0 -4
- data/test/libs/ldaper.rb +0 -5
- data/test/libs/project.rb +0 -5
- data/test/libs/user.rb +0 -9
- data/test/libs/user_session.rb +0 -27
- data/test/random_test.rb +0 -15
- data/test/session_test/activation_test.rb +0 -45
- data/test/session_test/active_record_trickery_test.rb +0 -78
- data/test/session_test/brute_force_protection_test.rb +0 -110
- data/test/session_test/callbacks_test.rb +0 -42
- data/test/session_test/cookies_test.rb +0 -244
- data/test/session_test/credentials_test.rb +0 -0
- data/test/session_test/existence_test.rb +0 -88
- data/test/session_test/foundation_test.rb +0 -24
- data/test/session_test/http_auth_test.rb +0 -60
- data/test/session_test/id_test.rb +0 -19
- data/test/session_test/klass_test.rb +0 -42
- data/test/session_test/magic_columns_test.rb +0 -62
- data/test/session_test/magic_states_test.rb +0 -60
- data/test/session_test/params_test.rb +0 -61
- data/test/session_test/password_test.rb +0 -107
- data/test/session_test/perishability_test.rb +0 -17
- data/test/session_test/persistence_test.rb +0 -35
- data/test/session_test/scopes_test.rb +0 -68
- data/test/session_test/session_test.rb +0 -80
- data/test/session_test/timeout_test.rb +0 -84
- data/test/session_test/unauthorized_record_test.rb +0 -15
- data/test/session_test/validation_test.rb +0 -25
- data/test/test_helper.rb +0 -272
data/test/test_helper.rb
DELETED
@@ -1,272 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "byebug"
|
4
|
-
require "rubygems"
|
5
|
-
require "minitest/autorun"
|
6
|
-
require "active_record"
|
7
|
-
require "active_record/fixtures"
|
8
|
-
require "timecop"
|
9
|
-
require "i18n"
|
10
|
-
require "minitest/reporters"
|
11
|
-
|
12
|
-
Minitest::Reporters.use!(Minitest::Reporters::SpecReporter.new)
|
13
|
-
|
14
|
-
I18n.load_path << File.dirname(__FILE__) + "/i18n/lol.yml"
|
15
|
-
|
16
|
-
# ActiveRecord::Schema.verbose = false
|
17
|
-
ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: ":memory:")
|
18
|
-
logger = Logger.new(STDOUT)
|
19
|
-
logger.level = Logger::FATAL
|
20
|
-
ActiveRecord::Base.logger = logger
|
21
|
-
|
22
|
-
if ActiveRecord::VERSION::STRING < "4.1"
|
23
|
-
ActiveRecord::Base.configurations = true
|
24
|
-
end
|
25
|
-
|
26
|
-
if ActiveSupport.respond_to?(:test_order)
|
27
|
-
ActiveSupport.test_order = :sorted
|
28
|
-
end
|
29
|
-
|
30
|
-
ActiveRecord::Base.default_timezone = :local
|
31
|
-
ActiveRecord::Schema.define(version: 1) do
|
32
|
-
create_table :companies do |t|
|
33
|
-
t.datetime :created_at
|
34
|
-
t.datetime :updated_at
|
35
|
-
t.string :name
|
36
|
-
t.boolean :active
|
37
|
-
end
|
38
|
-
|
39
|
-
create_table :projects do |t|
|
40
|
-
t.datetime :created_at
|
41
|
-
t.datetime :updated_at
|
42
|
-
t.string :name
|
43
|
-
end
|
44
|
-
|
45
|
-
create_table :projects_users, id: false do |t|
|
46
|
-
t.integer :project_id
|
47
|
-
t.integer :user_id
|
48
|
-
end
|
49
|
-
|
50
|
-
create_table :users do |t|
|
51
|
-
t.datetime :created_at
|
52
|
-
t.datetime :updated_at
|
53
|
-
t.integer :lock_version, default: 0
|
54
|
-
t.integer :company_id
|
55
|
-
t.string :login
|
56
|
-
t.string :crypted_password
|
57
|
-
t.string :password_salt
|
58
|
-
t.string :persistence_token
|
59
|
-
t.string :single_access_token
|
60
|
-
t.string :perishable_token
|
61
|
-
t.string :email
|
62
|
-
t.string :first_name
|
63
|
-
t.string :last_name
|
64
|
-
t.integer :login_count, default: 0, null: false
|
65
|
-
t.integer :failed_login_count, default: 0, null: false
|
66
|
-
t.datetime :last_request_at
|
67
|
-
t.datetime :current_login_at
|
68
|
-
t.datetime :last_login_at
|
69
|
-
t.string :current_login_ip
|
70
|
-
t.string :last_login_ip
|
71
|
-
t.boolean :active, default: true
|
72
|
-
t.boolean :approved, default: true
|
73
|
-
t.boolean :confirmed, default: true
|
74
|
-
end
|
75
|
-
|
76
|
-
create_table :employees do |t|
|
77
|
-
t.datetime :created_at
|
78
|
-
t.datetime :updated_at
|
79
|
-
t.integer :company_id
|
80
|
-
t.string :email
|
81
|
-
t.string :crypted_password
|
82
|
-
t.string :password_salt
|
83
|
-
t.string :persistence_token
|
84
|
-
t.string :first_name
|
85
|
-
t.string :last_name
|
86
|
-
t.integer :login_count, default: 0, null: false
|
87
|
-
t.datetime :last_request_at
|
88
|
-
t.datetime :current_login_at
|
89
|
-
t.datetime :last_login_at
|
90
|
-
t.string :current_login_ip
|
91
|
-
t.string :last_login_ip
|
92
|
-
end
|
93
|
-
|
94
|
-
create_table :affiliates do |t|
|
95
|
-
t.datetime :created_at
|
96
|
-
t.datetime :updated_at
|
97
|
-
t.integer :company_id
|
98
|
-
t.string :username
|
99
|
-
t.string :pw_hash
|
100
|
-
t.string :pw_salt
|
101
|
-
t.string :persistence_token
|
102
|
-
end
|
103
|
-
|
104
|
-
create_table :ldapers do |t|
|
105
|
-
t.datetime :created_at
|
106
|
-
t.datetime :updated_at
|
107
|
-
t.string :ldap_login
|
108
|
-
t.string :persistence_token
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
require "English"
|
113
|
-
$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
|
114
|
-
require "authlogic"
|
115
|
-
require "authlogic/test_case"
|
116
|
-
|
117
|
-
# Configure SCrypt to be as fast as possible. This is desirable for a test
|
118
|
-
# suite, and would be the opposite of desirable for production.
|
119
|
-
Authlogic::CryptoProviders::SCrypt.max_time = 0.001 # 1ms
|
120
|
-
Authlogic::CryptoProviders::SCrypt.max_mem = 1024 * 1024 # 1MB, the minimum SCrypt allows
|
121
|
-
|
122
|
-
require "libs/project"
|
123
|
-
require "libs/affiliate"
|
124
|
-
require "libs/employee"
|
125
|
-
require "libs/employee_session"
|
126
|
-
require "libs/ldaper"
|
127
|
-
require "libs/user"
|
128
|
-
require "libs/user_session"
|
129
|
-
require "libs/company"
|
130
|
-
|
131
|
-
# Recent change, 2017-10-23: We had used a 54-letter string here. In the default
|
132
|
-
# encoding, UTF-8, that's 54 bytes, which is clearly incorrect for an algorithm
|
133
|
-
# with a 256-bit key, but I guess it worked. With the release of ruby 2.4 (and
|
134
|
-
# thus openssl gem 2.0), it is more strict, and must be exactly 32 bytes.
|
135
|
-
Authlogic::CryptoProviders::AES256.key = ::OpenSSL::Random.random_bytes(32)
|
136
|
-
|
137
|
-
module ActiveSupport
|
138
|
-
class TestCase
|
139
|
-
include ActiveRecord::TestFixtures
|
140
|
-
self.fixture_path = File.dirname(__FILE__) + "/fixtures"
|
141
|
-
|
142
|
-
# use_transactional_fixtures= is deprecated and will be removed from Rails 5.1
|
143
|
-
# (use use_transactional_tests= instead)
|
144
|
-
if respond_to?(:use_transactional_tests=)
|
145
|
-
self.use_transactional_tests = false
|
146
|
-
else
|
147
|
-
self.use_transactional_fixtures = false
|
148
|
-
end
|
149
|
-
|
150
|
-
self.use_instantiated_fixtures = false
|
151
|
-
self.pre_loaded_fixtures = false
|
152
|
-
fixtures :all
|
153
|
-
setup :activate_authlogic
|
154
|
-
setup :config_setup
|
155
|
-
teardown :config_teardown
|
156
|
-
teardown { Timecop.return } # for tests that need to freeze the time
|
157
|
-
|
158
|
-
private
|
159
|
-
|
160
|
-
# Many of the tests change Authlogic config for the test models. Some tests
|
161
|
-
# were not resetting the config after tests, which didn't surface as broken
|
162
|
-
# tests until Rails 4.1 was added for testing. This ensures that all the
|
163
|
-
# models start tests with their original config.
|
164
|
-
def config_setup
|
165
|
-
[
|
166
|
-
Project,
|
167
|
-
Affiliate,
|
168
|
-
Employee,
|
169
|
-
EmployeeSession,
|
170
|
-
Ldaper,
|
171
|
-
User,
|
172
|
-
UserSession,
|
173
|
-
Company
|
174
|
-
].each do |model|
|
175
|
-
unless model.respond_to?(:original_acts_as_authentic_config)
|
176
|
-
model.class_attribute :original_acts_as_authentic_config
|
177
|
-
end
|
178
|
-
model.original_acts_as_authentic_config = model.acts_as_authentic_config
|
179
|
-
end
|
180
|
-
end
|
181
|
-
|
182
|
-
def config_teardown
|
183
|
-
[
|
184
|
-
Project,
|
185
|
-
Affiliate,
|
186
|
-
Employee,
|
187
|
-
EmployeeSession,
|
188
|
-
Ldaper,
|
189
|
-
User,
|
190
|
-
UserSession,
|
191
|
-
Company
|
192
|
-
].each do |model|
|
193
|
-
model.acts_as_authentic_config = model.original_acts_as_authentic_config
|
194
|
-
end
|
195
|
-
end
|
196
|
-
|
197
|
-
def password_for(user)
|
198
|
-
case user
|
199
|
-
when users(:ben)
|
200
|
-
"benrocks"
|
201
|
-
when users(:zack)
|
202
|
-
"zackrocks"
|
203
|
-
when users(:aaron)
|
204
|
-
"aaronrocks"
|
205
|
-
end
|
206
|
-
end
|
207
|
-
|
208
|
-
def http_basic_auth_for(user = nil)
|
209
|
-
unless user.blank?
|
210
|
-
controller.http_user = user.login
|
211
|
-
controller.http_password = password_for(user)
|
212
|
-
end
|
213
|
-
yield
|
214
|
-
controller.http_user = controller.http_password = controller.realm = nil
|
215
|
-
end
|
216
|
-
|
217
|
-
def set_cookie_for(user)
|
218
|
-
controller.cookies["user_credentials"] = {
|
219
|
-
value: "#{user.persistence_token}::#{user.id}",
|
220
|
-
expires: nil
|
221
|
-
}
|
222
|
-
end
|
223
|
-
|
224
|
-
def unset_cookie
|
225
|
-
controller.cookies["user_credentials"] = nil
|
226
|
-
end
|
227
|
-
|
228
|
-
def set_params_for(user)
|
229
|
-
controller.params["user_credentials"] = user.single_access_token
|
230
|
-
end
|
231
|
-
|
232
|
-
def unset_params
|
233
|
-
controller.params["user_credentials"] = nil
|
234
|
-
end
|
235
|
-
|
236
|
-
def set_request_content_type(type)
|
237
|
-
controller.request_content_type = type
|
238
|
-
end
|
239
|
-
|
240
|
-
def unset_request_content_type
|
241
|
-
controller.request_content_type = nil
|
242
|
-
end
|
243
|
-
|
244
|
-
def session_credentials_prefix(scope_record)
|
245
|
-
if scope_record.nil?
|
246
|
-
""
|
247
|
-
else
|
248
|
-
format(
|
249
|
-
"%s_%d_",
|
250
|
-
scope_record.class.model_name.name.underscore,
|
251
|
-
scope_record.id
|
252
|
-
)
|
253
|
-
end
|
254
|
-
end
|
255
|
-
|
256
|
-
# Sets the session variables that `record` (eg. a `User`) would have after
|
257
|
-
# logging in.
|
258
|
-
#
|
259
|
-
# If `record` belongs to an `authenticates_many` association that uses the
|
260
|
-
# `scope_cookies` option, then a `scope_record` can be provided.
|
261
|
-
def set_session_for(record, scope_record = nil)
|
262
|
-
prefix = session_credentials_prefix(scope_record)
|
263
|
-
record_class_name = record.class.model_name.name.underscore
|
264
|
-
controller.session["#{prefix}#{record_class_name}_credentials"] = record.persistence_token
|
265
|
-
controller.session["#{prefix}#{record_class_name}_credentials_id"] = record.id
|
266
|
-
end
|
267
|
-
|
268
|
-
def unset_session
|
269
|
-
controller.session["user_credentials"] = controller.session["user_credentials_id"] = nil
|
270
|
-
end
|
271
|
-
end
|
272
|
-
end
|