authpwn_rails 0.14.3 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.rails3 +1 -1
- data/Gemfile.rails4 +1 -1
- data/VERSION +1 -1
- data/authpwn_rails.gemspec +4 -1
- data/lib/authpwn_rails/generators/all_generator.rb +8 -1
- data/lib/authpwn_rails/generators/templates/session/new.html.erb +10 -11
- data/lib/authpwn_rails/generators/templates/session.rb +6 -0
- data/lib/authpwn_rails/generators/templates/session_controller_test.rb +4 -3
- data/lib/authpwn_rails/session_controller.rb +6 -6
- data/lib/authpwn_rails/session_model.rb +60 -0
- data/lib/authpwn_rails.rb +1 -0
- data/test/helpers/db_setup.rb +1 -0
- data/test/session_controller_api_test.rb +22 -9
- data/test/session_test.rb +26 -0
- metadata +4 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 33ed7937ffde31b3f49807f105a9ea828280a526
|
4
|
+
data.tar.gz: 8dc7fe902fcbb1a0c8d5c6146efae92ba8479414
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ff0e51ef128c6f72beaa411a6fdfab85a57c133a16d921042771dec63233cadf8acb2ed85b31b108b673abe890d9a797e13df57573d70ca4d5ad5047e906dae2
|
7
|
+
data.tar.gz: 41cdaf58878aa68500b1f7bc1d774fa7cfabea328fea7b90d896e043ade2d6c15a01142a4617d0ec842d3127046aee27064a8121813e8c91d56614b7784bcd42
|
data/Gemfile.rails3
CHANGED
data/Gemfile.rails4
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.15.0
|
data/authpwn_rails.gemspec
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "authpwn_rails"
|
8
|
-
s.version = "0.
|
8
|
+
s.version = "0.15.0"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Victor Costan"]
|
@@ -52,6 +52,7 @@ Gem::Specification.new do |s|
|
|
52
52
|
"lib/authpwn_rails/generators/templates/credential.rb",
|
53
53
|
"lib/authpwn_rails/generators/templates/credentials.yml",
|
54
54
|
"lib/authpwn_rails/generators/templates/initializer.rb",
|
55
|
+
"lib/authpwn_rails/generators/templates/session.rb",
|
55
56
|
"lib/authpwn_rails/generators/templates/session/forbidden.html.erb",
|
56
57
|
"lib/authpwn_rails/generators/templates/session/home.html.erb",
|
57
58
|
"lib/authpwn_rails/generators/templates/session/new.html.erb",
|
@@ -72,6 +73,7 @@ Gem::Specification.new do |s|
|
|
72
73
|
"lib/authpwn_rails/session.rb",
|
73
74
|
"lib/authpwn_rails/session_controller.rb",
|
74
75
|
"lib/authpwn_rails/session_mailer.rb",
|
76
|
+
"lib/authpwn_rails/session_model.rb",
|
75
77
|
"lib/authpwn_rails/test_extensions.rb",
|
76
78
|
"lib/authpwn_rails/user_extensions/email_field.rb",
|
77
79
|
"lib/authpwn_rails/user_extensions/facebook_fields.rb",
|
@@ -107,6 +109,7 @@ Gem::Specification.new do |s|
|
|
107
109
|
"test/routes_test.rb",
|
108
110
|
"test/session_controller_api_test.rb",
|
109
111
|
"test/session_mailer_api_test.rb",
|
112
|
+
"test/session_test.rb",
|
110
113
|
"test/test_extensions_test.rb",
|
111
114
|
"test/test_helper.rb",
|
112
115
|
"test/user_extensions/email_field_test.rb",
|
@@ -21,13 +21,14 @@ class AllGenerator < Rails::Generators::Base
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def create_session_controller
|
24
|
+
copy_file 'session.rb', File.join('app', 'models', 'session.rb')
|
24
25
|
copy_file 'session_controller.rb',
|
25
26
|
File.join('app', 'controllers', 'session_controller.rb')
|
26
27
|
copy_file File.join('session_controller_test.rb'),
|
27
28
|
File.join('test', 'functional', 'session_controller_test.rb')
|
28
29
|
|
29
30
|
route "authpwn_session"
|
30
|
-
route "root :
|
31
|
+
route "root to: 'session#show'"
|
31
32
|
end
|
32
33
|
|
33
34
|
def create_session_views
|
@@ -51,6 +52,12 @@ class AllGenerator < Rails::Generators::Base
|
|
51
52
|
end
|
52
53
|
|
53
54
|
def create_session_mailer_views
|
55
|
+
copy_file File.join('session_mailer', 'email_verification_email.html.erb'),
|
56
|
+
File.join('app', 'views', 'session_mailer',
|
57
|
+
'email_verification_email.html.erb')
|
58
|
+
copy_file File.join('session_mailer', 'email_verification_email.text.erb'),
|
59
|
+
File.join('app', 'views', 'session_mailer',
|
60
|
+
'email_verification_email.text.erb')
|
54
61
|
copy_file File.join('session_mailer', 'reset_password_email.html.erb'),
|
55
62
|
File.join('app', 'views', 'session_mailer',
|
56
63
|
'reset_password_email.html.erb')
|
@@ -12,29 +12,28 @@
|
|
12
12
|
</p>
|
13
13
|
<% end %>
|
14
14
|
|
15
|
-
<%=
|
15
|
+
<%= form_for @session, url: session_path do |f| %>
|
16
16
|
<div class="field">
|
17
|
-
<%=
|
17
|
+
<%= f.label :email, 'Email Address' %><br />
|
18
18
|
<span class="value">
|
19
|
-
<%=
|
19
|
+
<%= f.email_field :email, autofocus: true, required: true,
|
20
20
|
placeholder: 'your@email.com' %>
|
21
21
|
</span>
|
22
22
|
</div>
|
23
23
|
|
24
24
|
<div class="field">
|
25
|
-
<%=
|
25
|
+
<%= f.label :password %><br />
|
26
26
|
<span class="value">
|
27
|
-
<%=
|
27
|
+
<%= f.password_field :password %>
|
28
28
|
</span>
|
29
29
|
</div>
|
30
30
|
|
31
31
|
<div class="actions">
|
32
|
-
<%=
|
33
|
-
<%=
|
32
|
+
<%= f.button 'Log in', name: 'login', value: 'requested' %>
|
33
|
+
<%= f.button 'Reset Password', name: 'reset_password',
|
34
34
|
value: 'requested', formaction: reset_password_session_path %>
|
35
|
-
|
36
|
-
<% if @redirect_url %>
|
37
|
-
<%= hidden_field_tag :redirect_url, @redirect_url %>
|
38
|
-
<% end %>
|
39
35
|
</div>
|
36
|
+
<% if @redirect_url %>
|
37
|
+
<%= hidden_field_tag :redirect_url, @redirect_url %>
|
38
|
+
<% end %>
|
40
39
|
<% end %>
|
@@ -20,7 +20,8 @@ class SessionControllerTest < ActionController::TestCase
|
|
20
20
|
old_token = credentials(:jane_session_token)
|
21
21
|
old_token.updated_at = Time.now - 1.year
|
22
22
|
old_token.save!
|
23
|
-
post :create, email: @email_credential.email,
|
23
|
+
post :create, session: { email: @email_credential.email,
|
24
|
+
password: 'password' }
|
24
25
|
assert_equal @user, session_current_user, 'session'
|
25
26
|
assert_redirected_to session_url
|
26
27
|
assert_nil Tokens::Base.with_code(old_token.code).first,
|
@@ -53,8 +54,8 @@ class SessionControllerTest < ActionController::TestCase
|
|
53
54
|
assert_template :new
|
54
55
|
|
55
56
|
assert_select 'form[action=?]', session_path do
|
56
|
-
assert_select 'input[name
|
57
|
-
assert_select 'input[name
|
57
|
+
assert_select 'input[name=?]', 'session[email]'
|
58
|
+
assert_select 'input[name=?]', 'session[password]'
|
58
59
|
assert_select 'button[name="login"]'
|
59
60
|
assert_select 'button[name="reset_password"]'
|
60
61
|
end
|
@@ -21,7 +21,7 @@ module SessionController
|
|
21
21
|
|
22
22
|
# GET /session/new
|
23
23
|
def new
|
24
|
-
@
|
24
|
+
@session = Session.from_params params
|
25
25
|
@redirect_url = flash[:auth_redirect_url]
|
26
26
|
redirect_to session_url if current_user
|
27
27
|
end
|
@@ -58,8 +58,8 @@ module SessionController
|
|
58
58
|
return reset_password if params[:reset_password]
|
59
59
|
|
60
60
|
@redirect_url = params[:redirect_url] || session_url
|
61
|
-
@
|
62
|
-
auth = User.authenticate_signin @email,
|
61
|
+
@session = Session.from_params params
|
62
|
+
auth = User.authenticate_signin @session.email, @session.password
|
63
63
|
unless auth.kind_of? Symbol
|
64
64
|
set_session_current_user auth
|
65
65
|
Tokens::SessionUid.remove_expired if auto_purge_sessions
|
@@ -92,12 +92,12 @@ module SessionController
|
|
92
92
|
|
93
93
|
# POST /session/reset_password
|
94
94
|
def reset_password
|
95
|
-
|
96
|
-
credential = Credentials::Email.with
|
95
|
+
email = params[:email]
|
96
|
+
credential = Credentials::Email.with email
|
97
97
|
|
98
98
|
if user = (credential && credential.user)
|
99
99
|
token = Tokens::PasswordReset.random_for user
|
100
|
-
::SessionMailer.reset_password_email(
|
100
|
+
::SessionMailer.reset_password_email(email, token, root_url).deliver
|
101
101
|
end
|
102
102
|
|
103
103
|
respond_to do |format|
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'active_model'
|
2
|
+
|
3
|
+
|
4
|
+
# :nodoc: namespace
|
5
|
+
module Authpwn
|
6
|
+
|
7
|
+
# Included by the model class that collects sign-up information.
|
8
|
+
#
|
9
|
+
# Parts of the codebase assume the model will be named Session.
|
10
|
+
module SessionModel
|
11
|
+
extend ActiveSupport::Concern
|
12
|
+
|
13
|
+
included do
|
14
|
+
if defined? ActiveModel::Model
|
15
|
+
# Rails 4.
|
16
|
+
include ActiveModel::Model
|
17
|
+
else
|
18
|
+
# Rails 3.
|
19
|
+
include ActiveModel::Conversion
|
20
|
+
extend ActiveModel::Naming
|
21
|
+
extend ActiveModel::Translation
|
22
|
+
include ActiveModel::Validations
|
23
|
+
|
24
|
+
def initialize(params={})
|
25
|
+
params.each do |attr, value|
|
26
|
+
self.public_send("#{attr}=", value)
|
27
|
+
end if params
|
28
|
+
|
29
|
+
super()
|
30
|
+
end
|
31
|
+
def persisted?
|
32
|
+
false
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
# The e-mail used to sign up.
|
37
|
+
attr_accessor :email
|
38
|
+
|
39
|
+
# The password used to sign up.
|
40
|
+
attr_accessor :password
|
41
|
+
end
|
42
|
+
|
43
|
+
# Class methods on models that include Authpwn::SessionModel.
|
44
|
+
module ClassMethods
|
45
|
+
# Extracts signup information from a controller's params hash.
|
46
|
+
#
|
47
|
+
# @param [Hash] params the parameters received by a controller action
|
48
|
+
# @return [Session] new Session instance containing the signup information
|
49
|
+
def from_params(params)
|
50
|
+
if params[:session]
|
51
|
+
self.new email: params[:session][:email],
|
52
|
+
password: params[:session][:password]
|
53
|
+
else
|
54
|
+
self.new email: params[:email], password: params[:password]
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end # module Authpwn::SessionModel::ClassMethods
|
58
|
+
end # namespace Authpwn::SessionModel
|
59
|
+
|
60
|
+
end # namespace Authpwn
|
data/lib/authpwn_rails.rb
CHANGED
@@ -9,6 +9,7 @@ module Authpwn
|
|
9
9
|
autoload :Expires, 'authpwn_rails/expires.rb'
|
10
10
|
autoload :SessionController, 'authpwn_rails/session_controller.rb'
|
11
11
|
autoload :SessionMailer, 'authpwn_rails/session_mailer.rb'
|
12
|
+
autoload :SessionModel, 'authpwn_rails/session_model.rb'
|
12
13
|
autoload :UserModel, 'authpwn_rails/user_model.rb'
|
13
14
|
|
14
15
|
# Contains extensions to the User model.
|
data/test/helpers/db_setup.rb
CHANGED
@@ -37,6 +37,7 @@ CreateCredentials.migrate :up
|
|
37
37
|
|
38
38
|
require 'authpwn_rails/generators/templates/user.rb'
|
39
39
|
require 'authpwn_rails/generators/templates/credential.rb'
|
40
|
+
require 'authpwn_rails/generators/templates/session.rb'
|
40
41
|
|
41
42
|
class ActiveSupport::TestCase
|
42
43
|
include ActiveRecord::TestFixtures
|
@@ -80,6 +80,16 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
80
80
|
end
|
81
81
|
|
82
82
|
test "create logs in with good account details" do
|
83
|
+
post :create, session: { email: @email_credential.email,
|
84
|
+
password: 'password' }
|
85
|
+
assert_equal @user, assigns(:current_user), 'instance variable'
|
86
|
+
assert_equal @user, session_current_user, 'session'
|
87
|
+
assert_nil flash[:alert], 'no alert'
|
88
|
+
assert_nil flash[:auth_redirect_url], 'no redirect URL in flash'
|
89
|
+
assert_redirected_to session_url
|
90
|
+
end
|
91
|
+
|
92
|
+
test "create logs in with good raw account details" do
|
83
93
|
post :create, email: @email_credential.email, password: 'password'
|
84
94
|
assert_equal @user, assigns(:current_user), 'instance variable'
|
85
95
|
assert_equal @user, session_current_user, 'session'
|
@@ -93,7 +103,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
93
103
|
old_token = credentials(:jane_session_token)
|
94
104
|
old_token.updated_at = Time.now - 1.year
|
95
105
|
old_token.save!
|
96
|
-
post :create, email: @email_credential.email,
|
106
|
+
post :create, session: { email: @email_credential.email,
|
107
|
+
password: 'password' }
|
97
108
|
assert_equal @user, session_current_user, 'session'
|
98
109
|
assert_nil Tokens::Base.with_code(old_token.code).first,
|
99
110
|
'old session not purged'
|
@@ -136,15 +147,15 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
136
147
|
|
137
148
|
test "create redirects properly with good account details" do
|
138
149
|
url = 'http://authpwn.redirect.url'
|
139
|
-
post :create, email: @email_credential.email,
|
140
|
-
|
150
|
+
post :create, session: { email: @email_credential.email,
|
151
|
+
password: 'password' }, redirect_url: url
|
141
152
|
assert_redirected_to url
|
142
153
|
assert_nil flash[:alert], 'no alert'
|
143
154
|
assert_nil flash[:auth_redirect_url], 'no redirect URL in flash'
|
144
155
|
end
|
145
156
|
|
146
157
|
test "create does not log in with bad password" do
|
147
|
-
post :create, email: @email_credential.email, password: 'fail'
|
158
|
+
post :create, session: { email: @email_credential.email, password: 'fail' }
|
148
159
|
assert_redirected_to new_session_url
|
149
160
|
assert_nil assigns(:current_user), 'instance variable'
|
150
161
|
assert_nil session_current_user, 'session'
|
@@ -155,7 +166,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
155
166
|
test "create does not log in with expired password" do
|
156
167
|
@password_credential.updated_at = Time.now - 2.years
|
157
168
|
@password_credential.save!
|
158
|
-
post :create, email: @email_credential.email,
|
169
|
+
post :create, session: { email: @email_credential.email,
|
170
|
+
password: 'password' }
|
159
171
|
assert_redirected_to new_session_url
|
160
172
|
assert_nil assigns(:current_user), 'instance variable'
|
161
173
|
assert_nil session_current_user, 'session'
|
@@ -168,7 +180,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
168
180
|
old_token = credentials(:jane_session_token)
|
169
181
|
old_token.updated_at = Time.now - 1.year
|
170
182
|
old_token.save!
|
171
|
-
post :create, email: @email_credential.email, password: 'fail'
|
183
|
+
post :create, session: { email: @email_credential.email, password: 'fail' }
|
172
184
|
assert_nil session_current_user, 'session'
|
173
185
|
assert_equal old_token, Tokens::Base.with_code(old_token.code).first,
|
174
186
|
'old session purged'
|
@@ -176,7 +188,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
176
188
|
|
177
189
|
test "create does not log in blocked accounts" do
|
178
190
|
with_blocked_credential @email_credential do
|
179
|
-
post :create, email: @email_credential.email,
|
191
|
+
post :create, session: { email: @email_credential.email,
|
192
|
+
password: 'password' }
|
180
193
|
end
|
181
194
|
assert_redirected_to new_session_url
|
182
195
|
assert_nil assigns(:current_user), 'instance variable'
|
@@ -233,8 +246,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
233
246
|
|
234
247
|
test "create maintains redirect_url for bad logins" do
|
235
248
|
url = 'http://authpwn.redirect.url'
|
236
|
-
post :create, email: @email_credential.email,
|
237
|
-
|
249
|
+
post :create, session: { email: @email_credential.email,
|
250
|
+
password: 'fail' }, redirect_url: url
|
238
251
|
assert_redirected_to new_session_url
|
239
252
|
assert_match(/Invalid /, flash[:alert])
|
240
253
|
assert_equal url, flash[:auth_redirect_url]
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require File.expand_path('../test_helper', __FILE__)
|
2
|
+
|
3
|
+
class SessionTest < ActiveSupport::TestCase
|
4
|
+
def setup
|
5
|
+
@session = Session.new email: 'costan@gmail.com', password: 'secret'
|
6
|
+
end
|
7
|
+
|
8
|
+
test 'setup' do
|
9
|
+
assert @session.valid?
|
10
|
+
end
|
11
|
+
|
12
|
+
test 'from_params with raw values' do
|
13
|
+
session = Session.from_params email: 'costan@gmail.com', password: 'secret'
|
14
|
+
|
15
|
+
assert_equal 'costan@gmail.com', session.email
|
16
|
+
assert_equal 'secret', session.password
|
17
|
+
end
|
18
|
+
|
19
|
+
test 'from_params with object' do
|
20
|
+
session = Session.from_params session: { email: 'costan@gmail.com',
|
21
|
+
password: 'secret' }
|
22
|
+
|
23
|
+
assert_equal 'costan@gmail.com', session.email
|
24
|
+
assert_equal 'secret', session.password
|
25
|
+
end
|
26
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authpwn_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.15.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Victor Costan
|
@@ -179,6 +179,7 @@ files:
|
|
179
179
|
- lib/authpwn_rails/generators/templates/credential.rb
|
180
180
|
- lib/authpwn_rails/generators/templates/credentials.yml
|
181
181
|
- lib/authpwn_rails/generators/templates/initializer.rb
|
182
|
+
- lib/authpwn_rails/generators/templates/session.rb
|
182
183
|
- lib/authpwn_rails/generators/templates/session/forbidden.html.erb
|
183
184
|
- lib/authpwn_rails/generators/templates/session/home.html.erb
|
184
185
|
- lib/authpwn_rails/generators/templates/session/new.html.erb
|
@@ -199,6 +200,7 @@ files:
|
|
199
200
|
- lib/authpwn_rails/session.rb
|
200
201
|
- lib/authpwn_rails/session_controller.rb
|
201
202
|
- lib/authpwn_rails/session_mailer.rb
|
203
|
+
- lib/authpwn_rails/session_model.rb
|
202
204
|
- lib/authpwn_rails/test_extensions.rb
|
203
205
|
- lib/authpwn_rails/user_extensions/email_field.rb
|
204
206
|
- lib/authpwn_rails/user_extensions/facebook_fields.rb
|
@@ -234,6 +236,7 @@ files:
|
|
234
236
|
- test/routes_test.rb
|
235
237
|
- test/session_controller_api_test.rb
|
236
238
|
- test/session_mailer_api_test.rb
|
239
|
+
- test/session_test.rb
|
237
240
|
- test/test_extensions_test.rb
|
238
241
|
- test/test_helper.rb
|
239
242
|
- test/user_extensions/email_field_test.rb
|