authpwn_rails 0.11.0 → 0.11.1

data/VERSION

@@ -1 +1 @@
-0.11.0
+0.11.1

data/app/models/credentials/email.rb

@@ -33,7 +33,8 @@ class Email < ::Credential
   #
   # Presenting the correct e-mail is almost never sufficient for authentication
   # purposes. This method will most likely used to kick off an authentication
-  # process, such as in Password#authenticate_email.
+  # process, such as in User#authenticate_signin and
+  # Password#authenticate_email.
   #
   # Returns the authenticated User instance, or a symbol indicating the reason
   # why the (potentially valid) password was rejected.

data/authpwn_rails.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = "authpwn_rails"
-  s.version = "0.11.0"
+  s.version = "0.11.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]

data/lib/authpwn_rails/generators/templates/user.rb

@@ -9,6 +9,14 @@ class User < ActiveRecord::Base
   # Convenience Facebook accessors.
   # include Authpwn::UserExtensions::FacebookFields
 
+  # Change this method to change the way users are looked up when signing in.
+  #
+  # For example, to implement Facebook / Twitter's ability to log in using
+  # either an e-mail address or a username, look up the user by the username,
+  # and pass their e-mail to super.
+  def self.authenticate_signin(email, password)
+    super
+  end
 
   # Add your extensions to the User class here.
 end

data/lib/authpwn_rails/http_basic.rb

@@ -29,7 +29,7 @@ module HttpBasicControllerInstanceMethods
   def authenticate_using_http_basic
     return if current_user
     authenticate_with_http_basic do |email, password|
-      auth = Credentials::Password.authenticate_email email, password
+      auth = User.authenticate_signin email, password
       self.current_user = auth unless auth.kind_of? Symbol
     end
   end

data/lib/authpwn_rails/session_controller.rb

@@ -56,7 +56,7 @@ module SessionController
     
     @redirect_url = params[:redirect_url] || session_url
     @email = params[:email]
-    auth = Credentials::Password.authenticate_email @email, params[:password]
+    auth = User.authenticate_signin @email, params[:password]
     self.current_user = auth unless auth.kind_of? Symbol
         
     respond_to do |format|

data/lib/authpwn_rails/user_model.rb

@@ -40,6 +40,20 @@ module UserModel
     def find_by_param(param)
       where(:exuid => param).first
     end
+
+    # Authenticates a user given the information on a signup form.
+    #
+    # The method's parameter names are an acknowledgement to the email and
+    # password fields on automatically-generated forms.
+    #
+    # The easiest method of accepting other login information is to override this
+    # method, locate the user's email, and supply it in a call to super.
+    #
+    # Returns an authenticated user, or a symbol indicating the reason why the
+    # authentication failed.
+    def authenticate_signin(email, password)
+      Credentials::Password.authenticate_email email, password
+    end
   end  # module Authpwn::UserModel::ClassMethods
   
   # Checks if a credential is acceptable for authenticating a user.

data/test/http_basic_controller_test.rb

@@ -46,12 +46,23 @@ class HttpBasicControllerTest < ActionController::TestCase
   end
 
   test "invalid user credentials in header" do
-    set_http_basic_user @user, 'password'
+    set_http_basic_user @user, 'fail'
     get :show
     assert_nil assigns(:current_user)
     assert_equal 'No user', response.body
   end
 
+  test "uses User.authenticate_signin" do
+    flexmock(User).should_receive(:authenticate_signin).
+        with('jane@gmail.com', 'fail').and_return @user
+    set_http_basic_user @user, 'fail'
+    get :show
+    assert_equal @user, assigns(:current_user)
+    assert_equal "User: #{ActiveRecord::Fixtures.identify(:jane)}",
+                 response.body
+  end
+  
+
   test "reset user credentials in header" do
     set_http_basic_user @user, 'pa55w0rd'
     set_http_basic_user nil

data/test/session_controller_api_test.rb

@@ -118,6 +118,15 @@ class SessionControllerApiTest < ActionController::TestCase
     assert_match(/ blocked/, flash[:alert])
   end
 
+  test "create uses User.authenticate_signin" do
+    flexmock(User).should_receive(:authenticate_signin).
+        with('em@ail.com', 'fail').and_return @email_credential.user
+    post :create, :email => 'em@ail.com', :password => 'fail'
+    assert_equal @user, assigns(:current_user), 'instance variable'
+    assert_equal @user, session_current_user, 'session'
+    assert_redirected_to session_url
+  end
+  
   test "create by json does not log in with bad password" do
     post :create, :email => @email_credential.email, :password => 'fail',
                   :format => 'json'
@@ -275,8 +284,8 @@ class SessionControllerApiTest < ActionController::TestCase
                           :password_confirmation => 'hacks'} 
     assert_redirected_to session_url
     assert_equal @password_credential, assigns(:credential)
-    assert_equal @user, Credentials::Password.authenticate_email(
-         @email_credential.email, 'hacks'), 'password not changed'
+    assert_equal @user, User.authenticate_signin(@email_credential.email,
+        'hacks'), 'password not changed'
   end
 
   test "change_password rejects bad old password" do
@@ -287,8 +296,8 @@ class SessionControllerApiTest < ActionController::TestCase
     assert_response :ok
     assert_template :password_change
     assert_equal @password_credential, assigns(:credential)
-    assert_equal @user, Credentials::Password.authenticate_email(
-         @email_credential.email, 'password'), 'password wrongly changed'
+    assert_equal @user, User.authenticate_signin(@email_credential.email,
+        'password'), 'password wrongly changed'
   end
 
   test "change_password rejects un-confirmed password" do
@@ -299,8 +308,8 @@ class SessionControllerApiTest < ActionController::TestCase
     assert_response :ok
     assert_template :password_change
     assert_equal @password_credential, assigns(:credential)
-    assert_equal @user, Credentials::Password.authenticate_email(
-         @email_credential.email, 'password'), 'password wrongly changed'
+    assert_equal @user, User.authenticate_signin( @email_credential.email,
+        'password'), 'password wrongly changed'
   end
 
   test "change_password works for password recovery" do
@@ -310,8 +319,8 @@ class SessionControllerApiTest < ActionController::TestCase
          :credential => { :password => 'hacks',
                           :password_confirmation => 'hacks'} 
     assert_redirected_to session_url
-    assert_equal @user, Credentials::Password.authenticate_email(
-         @email_credential.email, 'hacks'), 'password not changed'
+    assert_equal @user, User.authenticate_signin(@email_credential.email,
+        'hacks'), 'password not changed'
   end
 
   test "change_password rejects un-confirmed password on recovery" do
@@ -341,8 +350,8 @@ class SessionControllerApiTest < ActionController::TestCase
          :credential => { :password => 'hacks',
                           :password_confirmation => 'hacks'} 
     assert_response :ok
-    assert_equal @user, Credentials::Password.authenticate_email(
-         @email_credential.email, 'hacks'), 'password not changed'
+    assert_equal @user, User.authenticate_signin(@email_credential.email,
+        'hacks'), 'password not changed'
   end
 
   test "change_password by json rejects bad old password" do
@@ -354,8 +363,8 @@ class SessionControllerApiTest < ActionController::TestCase
     data = ActiveSupport::JSON.decode response.body
     assert_equal 'invalid', data['error']
     assert_equal @password_credential, assigns(:credential)
-    assert_equal @user, Credentials::Password.authenticate_email(
-         @email_credential.email, 'password'), 'password wrongly changed'
+    assert_equal @user, User.authenticate_signin(@email_credential.email,
+        'password'), 'password wrongly changed'
   end
 
   test "change_password by json rejects un-confirmed password" do
@@ -366,8 +375,8 @@ class SessionControllerApiTest < ActionController::TestCase
     assert_response :ok
     data = ActiveSupport::JSON.decode response.body
     assert_equal 'invalid', data['error']
-    assert_equal @user, Credentials::Password.authenticate_email(
-         @email_credential.email, 'password'), 'password wrongly changed'
+    assert_equal @user, User.authenticate_signin( @email_credential.email,
+        'password'), 'password wrongly changed'
   end
 
   test "change_password by json works for password recovery" do
@@ -377,7 +386,7 @@ class SessionControllerApiTest < ActionController::TestCase
          :credential => { :password => 'hacks',
                           :password_confirmation => 'hacks'} 
     assert_response :ok
-    assert_equal @user, Credentials::Password.authenticate_email(
+    assert_equal @user, User.authenticate_signin(
          @email_credential.email, 'hacks'), 'password not changed'
   end
 

data/test/user_test.rb

@@ -52,4 +52,12 @@ class UserTest < ActiveSupport::TestCase
     assert_equal 1, @user.credentials.length
     assert_equal 'test@email.com', @user.credentials.first.name
   end
+
+  test 'authenticate_email' do
+    assert_equal users(:john),
+        User.authenticate_signin('john@gmail.com', 'password')
+    assert_equal :invalid,
+        User.authenticate_signin('john@gmail.com', 'pa55w0rd'),
+        "Jane's password on John's account"
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authpwn_rails
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.11.1
   prerelease: 
 platform: ruby
 authors:
@@ -278,7 +278,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 903064775847745508
+      hash: 1446133306816314856
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: