authpwn_rails 0.13.4 → 0.14.0

data/test/cookie_controller_test.rb

@@ -2,13 +2,13 @@ require File.expand_path('../test_helper', __FILE__)
 
 # Mock controller used for testing session handling.
 class CookieController < ApplicationController
-  authenticates_using_session :except => :update
+  authenticates_using_session except: :update
 
   def show
     if current_user
-      render :text => "User: #{current_user.id}"
+      render text: "User: #{current_user.id}"
     else
-      render :text => "No user"
+      render text: "No user"
     end
   end
 
@@ -18,7 +18,7 @@ class CookieController < ApplicationController
     else
       set_session_current_user User.find_by_param(params[:exuid])
     end
-    render :text => ''
+    render text: ''
   end
 
   def bouncer
@@ -44,8 +44,14 @@ class CookieControllerTest < ActionController::TestCase
     get :show
     assert_response :success
     assert_equal @user, assigns(:current_user)
-    assert_equal "User: #{ActiveRecord::Fixtures.identify(:john)}",
-                 response.body
+    john_id = if defined? ActiveRecord::FixtureSet
+      # Rails 4
+      ActiveRecord::FixtureSet.identify :john
+    else
+      # Rails 3
+      ActiveRecord::Fixtures.identify :john
+    end
+    assert_equal "User: #{john_id}", response.body
   end
 
   test "valid suid in session does not refresh very recent session" do
@@ -89,7 +95,7 @@ class CookieControllerTest < ActionController::TestCase
 
   test "set_session_current_user creates new token by default" do
     assert_difference 'Credential.count', 1 do
-      put :update, :exuid => @user.exuid
+      put :update, exuid: @user.exuid
     end
     assert_response :success
     assert_not_equal @token.suid, request.session[:authpwn_suid]
@@ -102,7 +108,7 @@ class CookieControllerTest < ActionController::TestCase
   test "set_session_current_user reuses existing token when suitable" do
     request.session[:authpwn_suid] = @token.suid
     assert_no_difference 'Credential.count', 'existing token not reused' do
-      put :update, :exuid => @user.exuid
+      put :update, exuid: @user.exuid
     end
     assert_response :success
     assert_equal @token.suid, request.session[:authpwn_suid]
@@ -117,7 +123,7 @@ class CookieControllerTest < ActionController::TestCase
     @token.updated_at = Time.now - 1.day
     request.session[:authpwn_suid] = @token.suid
     assert_no_difference 'Credential.count', 'existing token not reused' do
-      put :update, :exuid => @user.exuid
+      put :update, exuid: @user.exuid
     end
     assert_response :success
     assert_operator @token.reload.updated_at, :>=, Time.now - 1.hour,
@@ -133,7 +139,7 @@ class CookieControllerTest < ActionController::TestCase
     @token.destroy
     request.session[:authpwn_suid] = @token.suid
     assert_difference 'Credential.count', 1, 'session token not created' do
-      put :update, :exuid => @user.exuid
+      put :update, exuid: @user.exuid
     end
     assert_response :success
     assert_not_equal @token.suid, request.session[:authpwn_suid]
@@ -148,7 +154,7 @@ class CookieControllerTest < ActionController::TestCase
     request.session[:authpwn_suid] = old_token.suid
     assert_no_difference 'Credential.count',
         "old user's token not destroyed or no new token created" do
-      put :update, :exuid => @user.exuid
+      put :update, exuid: @user.exuid
     end
     assert_response :success
     assert_nil Tokens::Base.with_code(old_token.suid).first,
@@ -166,7 +172,7 @@ class CookieControllerTest < ActionController::TestCase
     request.session[:authpwn_suid] = credentials(:jane_session_token).suid
     assert_no_difference 'Credential.count',
         "old user's token not destroyed or new user's token not created" do
-      put :update, :exuid => @user.exuid
+      put :update, exuid: @user.exuid
     end
     assert_response :success
     assert_equal @user, assigns(:current_user)
@@ -179,7 +185,7 @@ class CookieControllerTest < ActionController::TestCase
   test "set_session_current_user logs off a user correctly" do
     request.session[:authpwn_suid] = @token.suid
     assert_difference 'Credential.count', -1, 'token not destroyed' do
-      put :update, :exuid => ''
+      put :update, exuid: ''
     end
     assert_response :success
     assert_nil request.session[:authpwn_suid]
@@ -192,7 +198,7 @@ class CookieControllerTest < ActionController::TestCase
 
   test "set_session_current_user behaves when no user is logged off" do
     assert_no_difference 'Credential.count' do
-      put :update, :exuid => ''
+      put :update, exuid: ''
     end
     assert_response :success
     assert_nil request.session[:authpwn_suid]
@@ -209,7 +215,7 @@ class CookieControllerTest < ActionController::TestCase
 
   test "valid user_id bounced in json" do
     request.session[:authpwn_suid] = @token.suid
-    get :bouncer, :format => 'json'
+    get :bouncer, format: 'json'
     assert_response :ok
     data = ActiveSupport::JSON.decode response.body
     assert_match(/not allowed/i, data['error'])
@@ -225,7 +231,7 @@ class CookieControllerTest < ActionController::TestCase
   end
 
   test "no user_id bounced in json" do
-    get :bouncer, :format => 'json'
+    get :bouncer, format: 'json'
     assert_response :ok
     data = ActiveSupport::JSON.decode response.body
     assert_match(/sign in/i, data['error'])

data/test/credentials/facebook_credential_test.rb

@@ -1,6 +1,6 @@
 require File.expand_path('../../test_helper', __FILE__)
 
-class FacebookCredentialTest < ActiveSupport::TestCase  
+class FacebookCredentialTest < ActiveSupport::TestCase
   def setup
     @code = 'AAAEj8jKX2a8BAA4kNheRhOs6SlECVcZCE9o5pPKMytOjjoiNAoZBGZAwuL4KrrxXWesfJRhzDZCJiqrcQG3UdjRRNtyMJQMZD'
     @credential = Credentials::Facebook.new
@@ -8,57 +8,57 @@ class FacebookCredentialTest < ActiveSupport::TestCase
     @credential.key = 'AAAEj8jKX2a8BAOBMZCjxBe4dw7cRoD1JVxUgZAtB6ozJlR4Viazh6OAYcHB5kZAtUwgjpDy7a54ZA1DObLmBT9X99CLWYOj5Stqx8bHwnE7EzyBS1WxY'
     @credential.user = users(:bill)
   end
-  
+
   test 'setup' do
     assert @credential.valid?
   end
-  
+
   test 'key required' do
     @credential.key = nil
     assert !@credential.valid?
   end
-  
+
   test 'user presence' do
     @credential.user = nil
     assert !@credential.valid?
   end
-  
+
   test 'user uniqueness' do
     @credential.user = users(:john)
     assert !@credential.valid?
   end
-  
+
   test 'facebook_uid uniqueness' do
     @credential.facebook_uid = credentials(:jane_facebook).facebook_uid
     assert !@credential.valid?
   end
-  
+
   test "uid_from_token" do
     assert_equal '1011950666', Credentials::Facebook.uid_from_token(@code)
   end
 
   test "for with existing access token" do
-    flexmock(Credentials::Facebook).should_receive(:uid_from_token).with(@code).
-        and_return(credentials(:jane_facebook).facebook_uid)
-        
+    Credentials::Facebook.expects(:uid_from_token).with(@code).at_least_once.
+        returns(credentials(:jane_facebook).facebook_uid)
+
     assert_equal credentials(:jane_facebook), Credentials::Facebook.for(@code),
                  'Wrong token'
     assert_equal @code, credentials(:jane_facebook).reload.key,
                  'Token not refreshed'
   end
-  
+
   test "for with new access token" do
     credential = nil
-    flexmock(Credentials::Facebook).should_receive(:uid_from_token).
-        with(@credential.key).and_return('123456789')
-    assert_difference 'Credentials::Facebook.count', 1 do      
+    Credentials::Facebook.expects(:uid_from_token).at_least_once.
+        with(@credential.key).returns('123456789')
+    assert_difference 'Credentials::Facebook.count', 1 do
       credential = Credentials::Facebook.for @credential.key
     end
-    assert_equal '123456789', credential.facebook_uid 
+    assert_equal '123456789', credential.facebook_uid
     assert_equal @credential.key, credential.key
     assert !credential.new_record?, 'New credential not saved'
     assert !credential.user.new_record?, "New credential's user not saved"
     assert_operator credential.user.credentials, :include?, credential,
-        "New user's credentials does not include Facebook credential"    
-  end  
+        "New user's credentials does not include Facebook credential"
+  end
 end

data/test/credentials/password_credential_test.rb

@@ -70,7 +70,7 @@ class PasswordCredentialTest < ActiveSupport::TestCase
 
   test 'authenticate calls User#auth_bounce_reason' do
     user = @credential.user
-    flexmock(user).should_receive(:auth_bounce_reason).and_return(:reason)
+    user.expects(:auth_bounce_reason).at_least_once.returns(:reason)
     @credential.updated_at = Time.now
     assert_equal :reason, @credential.authenticate('awesome')
     assert_equal :invalid, @credential.authenticate('not awesome')

data/test/credentials/password_reset_token_test.rb

@@ -46,7 +46,7 @@ class PasswordVerificationTokenTest < ActiveSupport::TestCase
       end
     end
     assert credential.frozen?, 'not destroyed'
-    assert_nil Credential.where(:id => password_credential.id).first,
+    assert_nil Credential.where(id: password_credential.id).first,
                'password not blanked out'
   end
 

data/test/credentials/session_uid_token_test.rb

@@ -57,6 +57,7 @@ class SessionUidTokenTest < ActiveSupport::TestCase
 
   test 'spend updates old token' do
     @credential.updated_at = Time.now - 1.day
+    @credential.save!
     @credential.spend
     assert_operator @credential.updated_at, :>=, Time.now - 1.minute
   end

data/test/credentials/token_crendential_test.rb

@@ -90,8 +90,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
 
     Tokens::Base.all.each do |token|
       token.updated_at = Time.now - 1.year
-      flexmock(token.class).should_receive(:expires_after).zero_or_more_times.
-                            and_return 1.week
+      token.class.stubs(:expires_after).returns 1.week
       token.save!
     end
     assert_difference 'Credential.count', -1,
@@ -127,8 +126,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
     token = Tokens::Base.with_code(credentials(:jane_token).code).first
     token.updated_at = Time.now - 1.year
     token.save!
-    flexmock(token.class).should_receive(:expires_after).
-        zero_or_more_times.and_return 1.week
+    token.class.stubs(:expires_after).returns 1.week
     assert_equal :invalid, token.authenticate,
                  'expired token'
     assert_nil Tokens::Base.with_code(credentials(:jane_token).code).first,

data/test/facebook_controller_test.rb

@@ -5,12 +5,12 @@ class FacebookController < ApplicationController
   authenticates_using_session
   probes_facebook_access_token
   authenticates_using_facebook
-  
+
   def show
     if current_user
-      render :text => "User: #{current_user.id}"
+      render text: "User: #{current_user.id}"
     else
-      render :text => "No user"
+      render text: "No user"
     end
   end
 end
@@ -24,11 +24,11 @@ class FacebookControllerTest < ActionController::TestCase
     @old_user_class = ::User
     Object.send :remove_const, :User
     ::User = UserWithFb2
-    
+
     @user = users(:john)
     @new_token = 'facebook:new_token|boom'
   end
-  
+
   teardown do
     Object.send :remove_const, :User
     ::User = @old_user_class
@@ -39,27 +39,27 @@ class FacebookControllerTest < ActionController::TestCase
     assert_response :success
     assert_nil assigns(:current_user)
   end
-  
+
   test "facebook token for existing user" do
-    flexmock(Credentials::Facebook).should_receive(:uid_from_token).
+    Credentials::Facebook.expects(:uid_from_token).at_least_once.
         with(credentials(:john_facebook).key).
-        and_return(credentials(:john_facebook).facebook_uid)
+        returns(credentials(:john_facebook).facebook_uid)
     set_session_current_facebook_token credentials(:john_facebook).key
     get :show, {}
     assert_response :success
     assert_equal @user, assigns(:current_user)
   end
-  
-  test "new facebook token" do    
+
+  test "new facebook token" do
     set_session_current_facebook_token @new_token
-    flexmock(Credentials::Facebook).should_receive(:uid_from_token).
-        with(@new_token).and_return('12345678')
+    Credentials::Facebook.expects(:uid_from_token).at_least_once.
+        with(@new_token).returns('12345678')
     get :show, {}
     assert_response :success
     assert_not_equal @user, assigns(:current_user)
   end
-  
+
   test "auth_controller? is false" do
     assert_equal false, @controller.auth_controller?
-  end  
+  end
 end

data/test/helpers/action_controller.rb

@@ -0,0 +1,8 @@
+if defined?(ActionController::Parameters) &&
+    ActionController::Parameters.respond_to?(
+    :action_on_unpermitted_parameters=)
+  # Rails 4.
+
+  # Raise exceptions so we can test against them.
+  ActionController::Parameters.action_on_unpermitted_parameters = :raise
+end

data/test/helpers/db_setup.rb

@@ -6,25 +6,27 @@ when /mysql/i
   end
 
   `mysql -u root -e "DROP DATABASE IF EXISTS plugin_dev; #{create_sql}"`
-  ActiveRecord::Base.establish_connection :adapter => 'mysql2',
-      :database => 'plugin_dev', :username => 'root', :password => ''
+  ActiveRecord::Base.establish_connection adapter: 'mysql2',
+      database: 'plugin_dev', username: 'root', password: ''
 when /pg/i
   pg_user = ENV['DB_USER'] || ENV['USER']
   `psql -U #{pg_user} -d postgres -c "DROP DATABASE IF EXISTS plugin_dev;"`
   `psql -U #{pg_user} -d postgres -c "CREATE DATABASE plugin_dev;"`
-  ActiveRecord::Base.establish_connection :adapter => 'postgresql',
-      :database => 'plugin_dev', :username => pg_user, :password => ''
+  ActiveRecord::Base.establish_connection adapter: 'postgresql',
+      database: 'plugin_dev', username: pg_user, password: ''
 else
-  ActiveRecord::Base.establish_connection :adapter => 'sqlite3',
-                                          :database => ':memory:'
+  ActiveRecord::Base.establish_connection adapter: 'sqlite3',
+                                          database: ':memory:'
 end
 
 class ActiveRecord::Base
   self.configurations = true
-  self.mass_assignment_sanitizer = :strict
+  if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
+    self.mass_assignment_sanitizer = :strict
 
-  # Hacky equivalent to config.active_record.whitelist_attributes = true
-  attr_accessible
+    # Hacky equivalent to config.active_record.whitelist_attributes = true
+    attr_accessible
+  end
 end
 
 ActiveRecord::Migration.verbose = false

data/test/helpers/routes.rb

@@ -1,23 +1,28 @@
 # :nodoc: the routes used in all tests
 class ActionController::TestCase
   def setup_routes
-    @routes = ActionController::Routing::RouteSet.new
+    if defined? ActionDispatch::Routing
+      # Rails 4.
+      @routes = ActionDispatch::Routing::RouteSet.new
+    else
+      # Rails 3.
+      @routes = ActionController::Routing::RouteSet.new
+    end
     @routes.draw do
-      resource :cookie, :controller => 'cookie' do
+      resource :cookie, controller: 'cookie' do
         collection do
           get :bouncer
           put :update
         end
       end
-      resource :http_basic, :controller => 'http_basic' do
+      resource :http_basic, controller: 'http_basic' do
         collection { get :bouncer }
       end
-      resource :facebook, :controller => 'facebook'
-      authpwn_session :controller => 'bare_session',
-                      :method_names => 'bare_session'
-      authpwn_session :controller => 'bare_session2',
-                      :method_names => 'bare_session2'
-      root :to => 'session#index'
+      resource :facebook, controller: 'facebook'
+      authpwn_session controller: 'bare_session', method_names: 'bare_session'
+      authpwn_session controller: 'bare_session2',
+                      method_names: 'bare_session2'
+      root to: 'session#index'
 
       # NOTE: this route should be kept in sync with the session template.
       authpwn_session

data/test/http_basic_controller_test.rb

@@ -3,15 +3,15 @@ require File.expand_path('../test_helper', __FILE__)
 # Mock controller used for testing session handling.
 class HttpBasicController < ApplicationController
   authenticates_using_http_basic
-    
+
   def show
     if current_user
-      render :text => "User: #{current_user.id}"
+      render text: "User: #{current_user.id}"
     else
-      render :text => "No user"
+      render text: "No user"
     end
   end
-  
+
   def bouncer
     bounce_to_http_basic
   end
@@ -28,7 +28,7 @@ class HttpBasicControllerTest < ActionController::TestCase
     assert_nil assigns(:current_user)
     assert_equal 'No user', response.body
   end
-  
+
   test "valid user_id in session cookie" do
     set_session_current_user @user
     get :show
@@ -41,8 +41,13 @@ class HttpBasicControllerTest < ActionController::TestCase
     set_http_basic_user @user, 'pa55w0rd'
     get :show
     assert_equal @user, assigns(:current_user)
-    assert_equal "User: #{ActiveRecord::Fixtures.identify(:jane)}",
-                 response.body
+    
+    jane_id = if defined? ActiveRecord::FixtureSet
+      ActiveRecord::FixtureSet.identify :jane
+    else
+      ActiveRecord::Fixtures.identify :jane
+    end
+    assert_equal "User: #{jane_id}", response.body
   end
 
   test "invalid user credentials in header" do
@@ -53,15 +58,20 @@ class HttpBasicControllerTest < ActionController::TestCase
   end
 
   test "uses User.authenticate_signin" do
-    flexmock(User).should_receive(:authenticate_signin).
-        with('jane@gmail.com', 'fail').and_return @user
+    User.expects(:authenticate_signin).at_least_once.
+        with('jane@gmail.com', 'fail').returns @user
     set_http_basic_user @user, 'fail'
     get :show
     assert_equal @user, assigns(:current_user)
-    assert_equal "User: #{ActiveRecord::Fixtures.identify(:jane)}",
-                 response.body
+
+    jane_id = if defined? ActiveRecord::FixtureSet
+      ActiveRecord::FixtureSet.identify :jane
+    else
+      ActiveRecord::Fixtures.identify :jane
+    end
+    assert_equal "User: #{jane_id}", response.body
   end
-  
+
 
   test "reset user credentials in header" do
     set_http_basic_user @user, 'pa55w0rd'
@@ -75,16 +85,21 @@ class HttpBasicControllerTest < ActionController::TestCase
     set_http_basic_user @user
     get :show
     assert_equal @user, assigns(:current_user)
-    assert_equal "User: #{ActiveRecord::Fixtures.identify(:jane)}",
-                 response.body
+
+    jane_id = if defined? ActiveRecord::FixtureSet
+      ActiveRecord::FixtureSet.identify :jane
+    else
+      ActiveRecord::Fixtures.identify :jane
+    end
+    assert_equal "User: #{jane_id}", response.body
   end
-  
+
   test "invalid user_pid in session" do
-    get :show, {}, :current_user_pid => 'random@user.com'
+    get :show, {}, current_user_pid: 'random@user.com'
     assert_response :success
     assert_nil assigns(:current_user)
   end
-  
+
   test "valid user bounced to http authentication" do
     set_http_basic_user @user
     get :bouncer
@@ -95,12 +110,12 @@ class HttpBasicControllerTest < ActionController::TestCase
 
   test "valid user bounced in json" do
     set_http_basic_user @user
-    get :bouncer, :format => 'json'
+    get :bouncer, format: 'json'
     assert_response :ok
     data = ActiveSupport::JSON.decode response.body
     assert_match(/not allowed/i, data['error'])
   end
-  
+
   test "no user_id bounced to http authentication" do
     get :bouncer
     assert_response :unauthorized
@@ -109,7 +124,7 @@ class HttpBasicControllerTest < ActionController::TestCase
   end
 
   test "no user_id bounced in json" do
-    get :bouncer, :format => 'json'
+    get :bouncer, format: 'json'
     assert_response :unauthorized
     assert_equal 'Basic realm="Application"',
                  response.headers['WWW-Authenticate']

data/test/routes_test.rb

@@ -7,25 +7,25 @@ class RoutesTest < ActionController::TestCase
   tests SessionController
 
   test "authpwn_session routes" do
-    assert_routing({:path => "/session", :method => :get},
-                   {:controller => 'session', :action => 'show'})
-    assert_routing({:path => "/session/new", :method => :get},
-                   {:controller => 'session', :action => 'new'})
-    assert_routing({:path => "/session", :method => :post},
-                   {:controller => 'session', :action => 'create'})
-    assert_routing({:path => "/session", :method => :delete},
-                   {:controller => 'session', :action => 'destroy'})
-    assert_routing({:path => "/session", :method => :delete},
-                   {:controller => 'session', :action => 'destroy'})
-    assert_routing({:path => "/session/change_password", :method => :get},
-                   {:controller => 'session', :action => 'password_change'})
-    assert_routing({:path => "/session/change_password", :method => :post},
-                   {:controller => 'session', :action => 'change_password'})
-    assert_routing({:path => "/session/reset_password", :method => :post},
-                   {:controller => 'session', :action => 'reset_password'})
+    assert_routing({path: "/session", method: :get},
+                   {controller: 'session', action: 'show'})
+    assert_routing({path: "/session/new", method: :get},
+                   {controller: 'session', action: 'new'})
+    assert_routing({path: "/session", method: :post},
+                   {controller: 'session', action: 'create'})
+    assert_routing({path: "/session", method: :delete},
+                   {controller: 'session', action: 'destroy'})
+    assert_routing({path: "/session", method: :delete},
+                   {controller: 'session', action: 'destroy'})
+    assert_routing({path: "/session/change_password", method: :get},
+                   {controller: 'session', action: 'password_change'})
+    assert_routing({path: "/session/change_password", method: :post},
+                   {controller: 'session', action: 'change_password'})
+    assert_routing({path: "/session/reset_password", method: :post},
+                   {controller: 'session', action: 'reset_password'})
     
     code = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
-    assert_routing({:path => "/session/token/#{code}", :method => :get},
-        {:controller => 'session', :action => 'token', :code => code})
+    assert_routing({path: "/session/token/#{code}", method: :get},
+        {controller: 'session', action: 'token', code: code})
   end
 end