authpwn_rails 0.12.1 → 0.13.0

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile.lock CHANGED
@@ -47,11 +47,11 @@ GEM
47
47
  json (>= 1.6.1)
48
48
  oauth2 (>= 0.5.0)
49
49
  rails (>= 3.1.0)
50
- flexmock (1.0.3)
50
+ flexmock (1.0.4)
51
51
  git (1.2.5)
52
52
  hashie (1.2.0)
53
53
  hike (1.2.1)
54
- httpauth (0.1)
54
+ httpauth (0.2.0)
55
55
  i18n (0.6.1)
56
56
  jeweler (1.8.4)
57
57
  bundler (~> 1.0)
@@ -83,7 +83,7 @@ GEM
83
83
  rack (>= 0.4)
84
84
  rack-ssl (1.3.2)
85
85
  rack
86
- rack-test (0.6.1)
86
+ rack-test (0.6.2)
87
87
  rack (>= 1.0)
88
88
  rails (3.2.8)
89
89
  actionmailer (= 3.2.8)
@@ -106,10 +106,10 @@ GEM
106
106
  json (~> 1.4)
107
107
  rest-client (1.6.7)
108
108
  mime-types (>= 1.16)
109
- simplecov (0.6.4)
109
+ simplecov (0.7.1)
110
110
  multi_json (~> 1.0)
111
- simplecov-html (~> 0.5.3)
112
- simplecov-html (0.5.3)
111
+ simplecov-html (~> 0.7.1)
112
+ simplecov-html (0.7.1)
113
113
  sprockets (2.1.3)
114
114
  hike (~> 1.2)
115
115
  rack (~> 1.0)
@@ -117,7 +117,7 @@ GEM
117
117
  sqlite3 (1.3.6)
118
118
  thor (0.16.0)
119
119
  tilt (1.3.3)
120
- treetop (1.4.10)
120
+ treetop (1.4.11)
121
121
  polyglot
122
122
  polyglot (>= 0.3.1)
123
123
  tzinfo (0.3.33)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.12.1
1
+ 0.13.0
@@ -15,12 +15,12 @@ unless SecureRandom.respond_to? :urlsafe_base64
15
15
  end
16
16
 
17
17
  # :namespace
18
- module Credentials
18
+ module Tokens
19
19
 
20
- # Associates a secret token code with the account.
20
+ # Credential that associates a secret token code with the account.
21
21
  #
22
22
  # Subclasses of this class are in the tokens namespace.
23
- class Token < ::Credential
23
+ class Base < ::Credential
24
24
  # The secret token code.
25
25
  alias_attribute :code, :name
26
26
  # Token names are random, so we can expect they'll be unique across the
@@ -41,11 +41,11 @@ class Token < ::Credential
41
41
  # Returns the authenticated User instance, or a symbol indicating the reason
42
42
  # why the (potentially valid) token code was rejected.
43
43
  def self.authenticate(code)
44
- credential = self.with_code code
44
+ credential = self.with_code(code).first
45
45
  credential ? credential.authenticate : :invalid
46
46
  end
47
47
 
48
- # The token matching a secret code.
48
+ # Scope that uses a secret code.
49
49
  def self.with_code(code)
50
50
  # NOTE 1: The where query must be performed off the root type, otherwise
51
51
  # Rails will try to guess the right values for the 'type' column,
@@ -54,13 +54,8 @@ class Token < ::Credential
54
54
  # (e.g., email or Facebook OAuth token) will be required, so we
55
55
  # pre-fetch them.
56
56
  credential = Credential.where(:name => code).
57
- includes(:user => :credentials).first
58
-
59
- if credential.is_a? Credentials::Token
60
- credential
61
- else
62
- nil
63
- end
57
+ where(Credential.arel_table[:type].matches('Tokens::%')).
58
+ includes(:user => :credentials)
64
59
  end
65
60
 
66
61
  # Authenticates a user using this token.
@@ -97,7 +92,7 @@ class Token < ::Credential
97
92
  # @param [String] key data associated with the token
98
93
  # @param [Class] klass the ActiveRecord class that will be instantiated;
99
94
  # it should be a subclass of Token
100
- # @return [Credentials::Token] a newly created and saved token with a random
95
+ # @return [Tokens::Base] a newly created and saved token with a random
101
96
  # code
102
97
  def self.random_for(user, key = nil, klass = nil)
103
98
  klass ||= self
@@ -120,9 +115,14 @@ class Token < ::Credential
120
115
  def to_param
121
116
  code
122
117
  end
123
- class <<self
124
- alias_method :find_by_param, :with_code
118
+
119
+ # Scope using the value returned by Token#to_param.
120
+ #
121
+ # @param [String] param value returned by Token#to_param
122
+ # @return [ActiveRecord::Relation]
123
+ def self.with_param(param)
124
+ where(:name => param)
125
125
  end
126
- end # class Credentials::Token
126
+ end # class Tokens::Base
127
127
 
128
- end # namespace Credentials
128
+ end # namespace Tokens
@@ -2,7 +2,7 @@
2
2
  module Tokens
3
3
 
4
4
  # A token that verifies the user's ownership of their e-mail address.
5
- class EmailVerification < OneTime
5
+ class EmailVerification < Tokens::OneTime
6
6
  # The e-mail address verified by this token.
7
7
  #
8
8
  # Note that it's useful to keep track of the exact e-mail address that the
@@ -1,8 +1,8 @@
1
1
  # :namespace
2
2
  module Tokens
3
-
3
+
4
4
  # One-time tokens can only be used once to authenticate an account.
5
- class OneTime < Credentials::Token
5
+ class OneTime < Tokens::Base
6
6
  # Updates the token's state to reflect that it was used for authentication.
7
7
  #
8
8
  # One-time tokens become invalid after they are spent.
@@ -2,7 +2,7 @@
2
2
  module Tokens
3
3
 
4
4
  # Lets the user to change their password without knowing the old one.
5
- class PasswordReset < OneTime
5
+ class PasswordReset < Tokens::OneTime
6
6
  # Decent compromise between convenience and security.
7
7
  self.expires_after = 3.days
8
8
 
@@ -1,7 +1,7 @@
1
1
  # :namespace
2
2
  module Tokens
3
3
 
4
- class SessionUid < Credentials::Token
4
+ class SessionUid < Tokens::Base
5
5
  # The session UID.
6
6
  alias_attribute :suid, :name
7
7
 
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "authpwn_rails"
8
- s.version = "0.12.1"
8
+ s.version = "0.13.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Victor Costan"]
12
- s.date = "2012-10-05"
12
+ s.date = "2012-10-13"
13
13
  s.description = "Works with Facebook."
14
14
  s.email = "victor@costan.us"
15
15
  s.extra_rdoc_files = [
@@ -30,7 +30,7 @@ Gem::Specification.new do |s|
30
30
  "app/models/credentials/email.rb",
31
31
  "app/models/credentials/facebook.rb",
32
32
  "app/models/credentials/password.rb",
33
- "app/models/credentials/token.rb",
33
+ "app/models/tokens/base.rb",
34
34
  "app/models/tokens/email_verification.rb",
35
35
  "app/models/tokens/one_time.rb",
36
36
  "app/models/tokens/password_reset.rb",
@@ -35,8 +35,8 @@ john_facebook:
35
35
 
36
36
  jane_token:
37
37
  user: jane
38
- type: Credentials::Token
39
- name: "6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c"
38
+ type: Tokens::Base
39
+ name: 6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c
40
40
 
41
41
  john_token:
42
42
  user: john
@@ -23,7 +23,7 @@ class SessionControllerTest < ActionController::TestCase
23
23
  post :create, :email => @email_credential.email, :password => 'password'
24
24
  assert_equal @user, session_current_user, 'session'
25
25
  assert_redirected_to session_url
26
- assert_nil Credentials::Token.with_code(old_token.code),
26
+ assert_nil Tokens::Base.with_code(old_token.code).first,
27
27
  'old session not purged'
28
28
  end
29
29
 
@@ -32,7 +32,7 @@ module ControllerInstanceMethods
32
32
  def set_session_current_user(user)
33
33
  # Try to reuse existing sessions.
34
34
  if session[:authpwn_suid]
35
- token = Tokens::SessionUid.with_code session[:authpwn_suid]
35
+ token = Tokens::SessionUid.with_code(session[:authpwn_suid]).first
36
36
  if token
37
37
  if token.user == user
38
38
  token.touch
@@ -119,7 +119,7 @@ module SessionController
119
119
 
120
120
  # GET /session/token/token-code
121
121
  def token
122
- if token = Credentials::Token.with_code(params[:code])
122
+ if token = Tokens::Base.with_code(params[:code]).first
123
123
  auth = token.authenticate
124
124
  else
125
125
  auth = :invalid
@@ -56,7 +56,7 @@ module ControllerTestExtensions
56
56
  # The authenticated user in the test session.
57
57
  def session_current_user
58
58
  return nil unless suid = request.session[:authpwn_suid]
59
- Credentials::Token.with_code(suid).user
59
+ Tokens::Base.with_code(suid).first!.user
60
60
  end
61
61
 
62
62
  # Sets the HTTP Authentication header.
@@ -34,11 +34,20 @@ module UserModel
34
34
 
35
35
  # Class methods on models that include Authpwn::UserModel.
36
36
  module ClassMethods
37
+ # Scope using the value returned by User#to_param.
38
+ #
39
+ # @param [String] param value returned by User#to_param
40
+ # @return [ActiveRecord::Relation]
41
+ def with_param(param)
42
+ where(:exuid => param)
43
+ end
44
+
37
45
  # Queries the database using the value returned by User#to_param.
38
46
  #
39
- # Returns nil if no matching User exists.
47
+ # @deprecated use with_param(param).first or .first! instead
48
+ # @return [User, nil] nil if no matching User exists.
40
49
  def find_by_param(param)
41
- where(:exuid => param).first
50
+ with_param(param).first
42
51
  end
43
52
 
44
53
  # Authenticates a user given the information on a signup form.
@@ -75,7 +75,7 @@ class CookieControllerTest < ActionController::TestCase
75
75
  get :show
76
76
  assert_response :success
77
77
  assert_nil assigns(:current_user), 'current_user set'
78
- assert_nil Credentials::Token.with_code(@token.suid),
78
+ assert_nil Tokens::Base.with_code(@token.suid).first,
79
79
  'session token not destroyed'
80
80
  end
81
81
 
@@ -149,7 +149,7 @@ class CookieControllerTest < ActionController::TestCase
149
149
  put :update, :exuid => @user.exuid
150
150
  end
151
151
  assert_response :success
152
- assert_nil Credentials::Token.with_code(old_token.suid),
152
+ assert_nil Tokens::Base.with_code(old_token.suid).first,
153
153
  "old user's token not destroyed"
154
154
  assert_not_equal @token.suid, request.session[:authpwn_suid]
155
155
 
@@ -1,21 +1,21 @@
1
1
  require File.expand_path('../../test_helper', __FILE__)
2
2
 
3
- class OneTimeTokenCredentialTest < ActiveSupport::TestCase
3
+ class OneTimeTokenCredentialTest < ActiveSupport::TestCase
4
4
  def setup
5
5
  @credential = Tokens::OneTime.new(
6
6
  :code => 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo')
7
7
  @credential.user = users(:bill)
8
8
  end
9
-
9
+
10
10
  test 'setup' do
11
11
  assert @credential.valid?
12
12
  end
13
-
13
+
14
14
  test 'code required' do
15
15
  @credential.code = nil
16
16
  assert !@credential.valid?
17
17
  end
18
-
18
+
19
19
  test 'code uniqueness' do
20
20
  @credential.code = credentials(:john_token).code
21
21
  assert !@credential.valid?
@@ -25,28 +25,28 @@ class OneTimeTokenCredentialTest < ActiveSupport::TestCase
25
25
  @credential.user = nil
26
26
  assert !@credential.valid?
27
27
  end
28
-
28
+
29
29
  test 'spend destroys the token' do
30
30
  credential = credentials(:john_token)
31
31
  assert_equal Tokens::OneTime, credential.class, 'bad setup'
32
-
32
+
33
33
  assert_difference 'Credential.count', -1 do
34
34
  credential.spend
35
35
  end
36
36
  assert credential.frozen?, 'not destroyed'
37
37
  end
38
-
38
+
39
39
  test 'authenticate spends the token' do
40
40
  john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
41
41
  bogus = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
42
42
  assert_difference 'Credential.count', -1, 'token spent' do
43
- assert_equal users(:john), Credentials::Token.authenticate(john)
43
+ assert_equal users(:john), Tokens::Base.authenticate(john)
44
44
  end
45
45
  assert_no_difference 'Credential.count', 'token mistakenly spent' do
46
- assert_equal :invalid, Credentials::Token.authenticate(bogus)
46
+ assert_equal :invalid, Tokens::Base.authenticate(bogus)
47
47
  end
48
48
  end
49
-
49
+
50
50
  test 'authenticate calls User#auth_bounce_reason' do
51
51
  john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
52
52
  jane = '6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c'
@@ -54,17 +54,17 @@ class OneTimeTokenCredentialTest < ActiveSupport::TestCase
54
54
 
55
55
  with_blocked_credential credentials(:john_token), :reason do
56
56
  assert_no_difference 'Credential.count', 'no token spent' do
57
- assert_equal :reason, Credentials::Token.authenticate(john)
57
+ assert_equal :reason, Tokens::Base.authenticate(john)
58
58
  end
59
59
  end
60
60
  end
61
-
61
+
62
62
  test 'instance authenticate spends the token' do
63
63
  assert_difference 'Credential.count', -1, 'token spent' do
64
64
  assert_equal users(:john), credentials(:john_token).authenticate
65
65
  end
66
66
  end
67
-
67
+
68
68
  test 'instance authenticate calls User#auth_bounce_reason' do
69
69
  with_blocked_credential credentials(:john_token), :reason do
70
70
  assert_no_difference 'Credential.count', 'token mistakenly spent' do
@@ -72,7 +72,7 @@ class OneTimeTokenCredentialTest < ActiveSupport::TestCase
72
72
  end
73
73
  end
74
74
  end
75
-
75
+
76
76
  test 'random_for' do
77
77
  token = Tokens::OneTime.random_for users(:john)
78
78
  assert token.valid?, 'valid token'
@@ -78,8 +78,9 @@ class SessionUidTokenTest < ActiveSupport::TestCase
78
78
  assert_difference 'Credential.count', -1 do
79
79
  Tokens::SessionUid.remove_expired
80
80
  end
81
- assert_nil Credentials::Token.with_code(old_token.code)
82
- assert_equal fresh_token, Credentials::Token.with_code(fresh_token.code)
81
+ assert_nil Tokens::Base.with_code(old_token.code).first
82
+ assert_equal fresh_token,
83
+ Tokens::Base.with_code(fresh_token.code).first
83
84
  end
84
85
 
85
86
  test 'random_for' do
@@ -88,7 +89,7 @@ class SessionUidTokenTest < ActiveSupport::TestCase
88
89
  assert_difference 'Credential.count', 1 do
89
90
  credential = Tokens::SessionUid.random_for user, '1.2.3.4', 'Test/UA'
90
91
  end
91
- saved_credential = Credentials::Token.with_code credential.code
92
+ saved_credential = Tokens::Base.with_code(credential.code).first
92
93
  assert saved_credential, 'token was not saved'
93
94
  assert_equal saved_credential, credential, 'wrong token returned'
94
95
  assert_equal user, saved_credential.user
@@ -2,7 +2,7 @@ require File.expand_path('../../test_helper', __FILE__)
2
2
 
3
3
  class TokenCredentialTest < ActiveSupport::TestCase
4
4
  def setup
5
- @credential = Credentials::Token.new(
5
+ @credential = Tokens::Base.new(
6
6
  :code => 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo')
7
7
  @credential.user = users(:bill)
8
8
  end
@@ -28,7 +28,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
28
28
 
29
29
  test 'spend does nothing' do
30
30
  credential = credentials(:jane_token)
31
- assert_equal Credentials::Token, credential.class, 'bad setup'
31
+ assert_equal Tokens::Base, credential.class, 'bad setup'
32
32
 
33
33
  assert_no_difference 'Credential.count' do
34
34
  credential.spend
@@ -36,10 +36,10 @@ class TokenCredentialTest < ActiveSupport::TestCase
36
36
  end
37
37
 
38
38
  test 'random_for' do
39
- token = Credentials::Token.random_for users(:john)
39
+ token = Tokens::Base.random_for users(:john)
40
40
  assert token.valid?, 'valid token'
41
41
  assert_equal users(:john), token.user
42
- assert_equal Credentials::Token, token.class
42
+ assert_equal Tokens::Base, token.class
43
43
  assert !token.new_record?, 'saved token'
44
44
  assert_operator users(:john).credentials, :include?, token
45
45
  end
@@ -49,38 +49,46 @@ class TokenCredentialTest < ActiveSupport::TestCase
49
49
  john2 = 'bDSU4tzfjuob79e3R0ykLcOGTBBYvuBWWJ9V06tQrCE'
50
50
  jane = '6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c'
51
51
  bogus = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
52
- assert_equal credentials(:john_token), Credentials::Token.with_code(john)
53
- assert_equal credentials(:jane_token), Credentials::Token.with_code(jane)
52
+ assert_equal credentials(:john_token),
53
+ Tokens::Base.with_code(john).first
54
+ assert_equal credentials(:jane_token),
55
+ Tokens::Base.with_code(jane).first!
54
56
  assert_equal credentials(:john_email_token),
55
- Credentials::Token.with_code(john2)
56
- assert_nil Credentials::Token.with_code(bogus)
57
- assert_nil Credentials::Token.with_code('john@gmail.com')
58
- assert_nil Credentials::Token.with_code(credentials(:jane_email).name)
57
+ Tokens::Base.with_code(john2).first
58
+ assert_nil Tokens::Base.with_code(bogus).first
59
+ assert_raise ActiveRecord::RecordNotFound do
60
+ Tokens::Base.with_code('john@gmail.com').first!
61
+ end
62
+ assert_raise ActiveRecord::RecordNotFound do
63
+ Tokens::Base.with_code(credentials(:jane_email).name).first!
64
+ end
59
65
  end
60
66
 
61
- test 'find_by_param' do
62
- assert_equal credentials(:john_token), Credentials::Token.
63
- find_by_param(credentials(:john_token).to_param)
64
- assert_equal credentials(:jane_token), Credentials::Token.
65
- find_by_param(credentials(:jane_token).to_param)
66
- assert_equal nil, Credentials::Token.find_by_param('bogus token')
67
- assert_equal nil, Credentials::Token.find_by_param(nil)
67
+ test 'with_param' do
68
+ assert_equal credentials(:john_token), Tokens::Base.
69
+ with_param(credentials(:john_token).to_param).first
70
+ assert_equal credentials(:jane_token), Tokens::Base.
71
+ with_param(credentials(:jane_token).to_param).first!
72
+ assert_nil Tokens::Base.with_param('bogus token').first
73
+ assert_raise ActiveRecord::RecordNotFound do
74
+ Tokens::Base.with_param(nil).first!
75
+ end
68
76
  end
69
77
 
70
78
  test 'class authenticate' do
71
79
  john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
72
80
  jane = '6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c'
73
81
  bogus = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
74
- assert_equal users(:john), Credentials::Token.authenticate(john)
75
- assert_equal users(:jane), Credentials::Token.authenticate(jane)
76
- assert_equal :invalid, Credentials::Token.authenticate(bogus)
82
+ assert_equal users(:john), Tokens::Base.authenticate(john)
83
+ assert_equal users(:jane), Tokens::Base.authenticate(jane)
84
+ assert_equal :invalid, Tokens::Base.authenticate(bogus)
77
85
  end
78
86
 
79
87
  test 'class authenticate on expired tokens' do
80
88
  john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
81
89
  jane = '6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c'
82
90
 
83
- Credentials::Token.all.each do |token|
91
+ Tokens::Base.all.each do |token|
84
92
  token.updated_at = Time.now - 1.year
85
93
  flexmock(token.class).should_receive(:expires_after).zero_or_more_times.
86
94
  and_return 1.week
@@ -88,12 +96,12 @@ class TokenCredentialTest < ActiveSupport::TestCase
88
96
  end
89
97
  assert_difference 'Credential.count', -1,
90
98
  'authenticate deletes expired credential' do
91
- assert_equal :invalid, Credentials::Token.authenticate(john),
99
+ assert_equal :invalid, Tokens::Base.authenticate(john),
92
100
  'expired token'
93
101
  end
94
102
  assert_difference 'Credential.count', -1,
95
103
  'authenticate deletes expired credential' do
96
- assert_equal :invalid, Credentials::Token.authenticate(jane),
104
+ assert_equal :invalid, Tokens::Base.authenticate(jane),
97
105
  'expired token'
98
106
  end
99
107
  end
@@ -104,9 +112,9 @@ class TokenCredentialTest < ActiveSupport::TestCase
104
112
  bogus = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
105
113
 
106
114
  with_blocked_credential credentials(:john_token), :reason do
107
- assert_equal :reason, Credentials::Token.authenticate(john)
108
- assert_equal users(:jane), Credentials::Token.authenticate(jane)
109
- assert_equal :invalid, Credentials::Token.authenticate(bogus)
115
+ assert_equal :reason, Tokens::Base.authenticate(john)
116
+ assert_equal users(:jane), Tokens::Base.authenticate(jane)
117
+ assert_equal :invalid, Tokens::Base.authenticate(bogus)
110
118
  end
111
119
  end
112
120
 
@@ -116,14 +124,14 @@ class TokenCredentialTest < ActiveSupport::TestCase
116
124
  end
117
125
 
118
126
  test 'instance authenticate with expired tokens' do
119
- token = Credentials::Token.with_code credentials(:jane_token).code
127
+ token = Tokens::Base.with_code(credentials(:jane_token).code).first
120
128
  token.updated_at = Time.now - 1.year
121
129
  token.save!
122
130
  flexmock(token.class).should_receive(:expires_after).
123
131
  zero_or_more_times.and_return 1.week
124
132
  assert_equal :invalid, token.authenticate,
125
133
  'expired token'
126
- assert_nil Credentials::Token.with_code(credentials(:jane_token).code),
134
+ assert_nil Tokens::Base.with_code(credentials(:jane_token).code).first,
127
135
  'expired token not destroyed'
128
136
  end
129
137
 
@@ -94,7 +94,7 @@ class SessionControllerApiTest < ActionController::TestCase
94
94
  old_token.save!
95
95
  post :create, :email => @email_credential.email, :password => 'password'
96
96
  assert_equal @user, session_current_user, 'session'
97
- assert_nil Credentials::Token.with_code(old_token.code),
97
+ assert_nil Tokens::Base.with_code(old_token.code).first,
98
98
  'old session not purged'
99
99
  end
100
100
 
@@ -105,7 +105,7 @@ class SessionControllerApiTest < ActionController::TestCase
105
105
  old_token.save!
106
106
  post :create, :email => @email_credential.email, :password => 'password'
107
107
  assert_equal @user, session_current_user, 'session'
108
- assert_equal old_token, Credentials::Token.with_code(old_token.code),
108
+ assert_equal old_token, Tokens::Base.with_code(old_token.code).first,
109
109
  'old session purged'
110
110
  end
111
111
 
@@ -129,7 +129,7 @@ class SessionControllerApiTest < ActionController::TestCase
129
129
  :format => 'json'
130
130
  assert_response :ok
131
131
  assert_equal @user, session_current_user, 'session'
132
- assert_nil Credentials::Token.with_code(old_token.code),
132
+ assert_nil Tokens::Base.with_code(old_token.code).first,
133
133
  'old session not purged'
134
134
  end
135
135
 
@@ -165,7 +165,7 @@ class SessionControllerApiTest < ActionController::TestCase
165
165
  old_token.save!
166
166
  post :create, :email => @email_credential.email, :password => 'fail'
167
167
  assert_nil session_current_user, 'session'
168
- assert_equal old_token, Credentials::Token.with_code(old_token.code),
168
+ assert_equal old_token, Tokens::Base.with_code(old_token.code).first,
169
169
  'old session purged'
170
170
  end
171
171
 
@@ -249,7 +249,7 @@ class SessionControllerApiTest < ActionController::TestCase
249
249
  assert_redirected_to session_url
250
250
  assert_equal @user, assigns(:current_user), 'instance variable'
251
251
  assert_equal @user, session_current_user, 'session'
252
- assert_nil Credentials::Token.with_code(@token_credential.code),
252
+ assert_nil Tokens::Base.with_code(@token_credential.code).first,
253
253
  'one-time credential is spent'
254
254
  end
255
255
 
@@ -263,7 +263,7 @@ class SessionControllerApiTest < ActionController::TestCase
263
263
  assert_equal session[:_csrf_token], data['csrf']
264
264
  assert_equal @user, assigns(:current_user), 'instance variable'
265
265
  assert_equal @user, session_current_user, 'session'
266
- assert_nil Credentials::Token.with_code(@token_credential.code),
266
+ assert_nil Tokens::Base.with_code(@token_credential.code).first,
267
267
  'one-time credential is spent'
268
268
  end
269
269
 
data/test/user_test.rb CHANGED
@@ -40,6 +40,15 @@ class UserTest < ActiveSupport::TestCase
40
40
  assert_equal '56789', users(:john).to_param
41
41
  end
42
42
 
43
+ test 'with_param' do
44
+ assert_equal users(:john), User.with_param(users(:john).to_param).first
45
+ assert_equal users(:jane), User.with_param(users(:jane).to_param).first!
46
+ assert_equal nil, User.with_param('bogus id').first
47
+ assert_raise ActiveRecord::RecordNotFound do
48
+ User.with_param(nil).first!
49
+ end
50
+ end
51
+
43
52
  test 'find_by_param' do
44
53
  assert_equal users(:john), User.find_by_param(users(:john).to_param)
45
54
  assert_equal users(:jane), User.find_by_param(users(:jane).to_param)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authpwn_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.1
4
+ version: 0.13.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-10-05 00:00:00.000000000 Z
12
+ date: 2012-10-13 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fbgraph_rails
@@ -192,7 +192,7 @@ files:
192
192
  - app/models/credentials/email.rb
193
193
  - app/models/credentials/facebook.rb
194
194
  - app/models/credentials/password.rb
195
- - app/models/credentials/token.rb
195
+ - app/models/tokens/base.rb
196
196
  - app/models/tokens/email_verification.rb
197
197
  - app/models/tokens/one_time.rb
198
198
  - app/models/tokens/password_reset.rb
@@ -285,7 +285,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
285
285
  version: '0'
286
286
  segments:
287
287
  - 0
288
- hash: 4464495416488992138
288
+ hash: -1259066968914269566
289
289
  required_rubygems_version: !ruby/object:Gem::Requirement
290
290
  none: false
291
291
  requirements: