authpwn_rails 0.16.1 → 0.16.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +1 -1
  3. data/VERSION +1 -1
  4. data/app/models/credentials/password.rb +9 -1
  5. data/authpwn_rails.gemspec +2 -2
  6. data/lib/authpwn_rails/generators/templates/session/password_change.html.erb +2 -2
  7. data/lib/authpwn_rails/generators/templates/session_controller_test.rb +2 -2
  8. data/lib/authpwn_rails/session_controller.rb +3 -2
  9. data/test/credentials/password_credential_test.rb +6 -0
  10. data/test/fixtures/bare_session/password_change.html.erb +3 -3
  11. data/test/session_controller_api_test.rb +29 -30
  12. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 55e00431fac95ebeaa4bffd96d5f03a788bc0340
4
- data.tar.gz: 80a15431b638ed0798dd0b22735f8ced99770b4c
3
+ metadata.gz: 38257de1d56ba7c5ea75d7e055fbe62d5a8cf579
4
+ data.tar.gz: 70b9271b0f567bf5c358530371ea9f06bd9f93e0
5
5
  SHA512:
6
- metadata.gz: 4bb61cd308147854a0712247e38678c8d311d9ef145973138218e2b4cae76af334597333e79616f517c9b02fcbfc7bfcaf71d9a6dcc87f3a4a8a3c1a18bce1a8
7
- data.tar.gz: b9b35f7de8f897de9674242e7311f10e1faa57f8ce7c429388aca357cf9ee0c78fece76711579385f2b0e6a2574f008f61e26c104187093ca0edbca16d0d9408
6
+ metadata.gz: 4b89f3ff51230ef53e527075a8fb898e63de72c4276e4d3b3dd5e48dd6aa83312cb16bbfcf629cdb82e5981e24a43bf767f2851d84b2cedf24c65caaaf378017
7
+ data.tar.gz: 86d7b0f0f9a05826fc61d1b41461a20b1a8a65e0bc189b47cb9fbb70bce8cf091104f613d20eb76a8a35e0a65d1541756756a7a0c29ebb6dda0451e997fb3b95
data/Rakefile CHANGED
@@ -16,7 +16,7 @@ Jeweler::Tasks.new do |gem|
16
16
  gem.name = "authpwn_rails"
17
17
  gem.homepage = "http://github.com/pwnall/authpwn_rails"
18
18
  gem.license = "MIT"
19
- gem.summary = %Q{User authentication for Rails 3 applications.}
19
+ gem.summary = %Q{User authentication for Rails 3 and 4 applications.}
20
20
  gem.description = %Q{Works with Facebook.}
21
21
  gem.email = "victor@costan.us"
22
22
  gem.authors = ["Victor Costan"]
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.16.1
1
+ 0.16.2
data/app/models/credentials/password.rb CHANGED
@@ -11,6 +11,14 @@ class Password < ::Credential
11
11
  # Virtual attribute: confirmation for the user's password.
12
12
  attr_accessor :password_confirmation
13
13
 
14
+ # Virtual attribute that lets us have an old_password field on forms.
15
+ def old_password
16
+ nil
17
+ end
18
+ def old_password=(new_old_password)
19
+ new_old_password
20
+ end
21
+
14
22
  # A user can have a single password.
15
23
  validates :user_id, uniqueness: true
16
24
 
@@ -75,7 +83,7 @@ class Password < ::Credential
75
83
 
76
84
  if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
77
85
  # Forms can only change the plain-text password fields.
78
- attr_accessible :password, :password_confirmation
86
+ attr_accessible :old_password, :password, :password_confirmation
79
87
  end
80
88
  end # class Credentials::Password
81
89
 
data/authpwn_rails.gemspec CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "authpwn_rails"
8
- s.version = "0.16.1"
8
+ s.version = "0.16.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Victor Costan"]
@@ -122,7 +122,7 @@ Gem::Specification.new do |s|
122
122
  s.licenses = ["MIT"]
123
123
  s.require_paths = ["lib"]
124
124
  s.rubygems_version = "2.0.14"
125
- s.summary = "User authentication for Rails 3 applications."
125
+ s.summary = "User authentication for Rails 3 and 4 applications."
126
126
 
127
127
  if s.respond_to? :specification_version then
128
128
  s.specification_version = 4
data/lib/authpwn_rails/generators/templates/session/password_change.html.erb CHANGED
@@ -21,9 +21,9 @@
21
21
  <section class="fields">
22
22
  <% unless @credential.new_record? %>
23
23
  <div class="field">
24
- <%= label_tag :old_password, 'Current Password' %><br />
24
+ <%= f.label :old_password, 'Current Password' %><br />
25
25
  <span class="value">
26
- <%= password_field_tag :old_password %>
26
+ <%= f.password_field :old_password %>
27
27
  </span>
28
28
  </div>
29
29
  <% end %>
data/lib/authpwn_rails/generators/templates/session_controller_test.rb CHANGED
@@ -83,7 +83,7 @@ class SessionControllerTest < ActionController::TestCase
83
83
  assert_select 'span[class="password_age"]'
84
84
  assert_select 'form[action=?][method="post"]',
85
85
  change_password_session_path do
86
- assert_select 'input[name="old_password"]'
86
+ assert_select 'input[name=?]', 'credential[old_password]'
87
87
  assert_select 'input[name=?]', 'credential[password]'
88
88
  assert_select 'input[name=?]', 'credential[password_confirmation]'
89
89
  assert_select 'button[type="submit"]'
@@ -98,7 +98,7 @@ class SessionControllerTest < ActionController::TestCase
98
98
  assert_select 'span[class="password_age"]', count: 0
99
99
  assert_select 'form[action=?][method="post"]',
100
100
  change_password_session_path do
101
- assert_select 'input[name="old_password"]', count: 0
101
+ assert_select 'input[name=?]', 'credential[old_password]', count: 0
102
102
  assert_select 'input[name=?]', 'credential[password]'
103
103
  assert_select 'input[name=?]', 'credential[password_confirmation]'
104
104
  assert_select 'button[type="submit"]'
data/lib/authpwn_rails/session_controller.rb CHANGED
@@ -194,7 +194,7 @@ module SessionController
194
194
  find { |c| c.is_a? Credentials::Password }
195
195
  if @credential
196
196
  # An old password is set, must verify it.
197
- if @credential.check_password params[:old_password]
197
+ if @credential.check_password params[:credential][:old_password]
198
198
  success = @credential.update_attributes change_password_params
199
199
  else
200
200
  success = false
@@ -223,7 +223,8 @@ module SessionController
223
223
 
224
224
  # Parameters used to change the user's password.
225
225
  def change_password_params
226
- params.require(:credential).permit :password, :password_confirmation
226
+ params.require(:credential).permit :old_password, :password,
227
+ :password_confirmation
227
228
  end
228
229
  else
229
230
  # Rails 3.
data/test/credentials/password_credential_test.rb CHANGED
@@ -42,6 +42,12 @@ class PasswordCredentialTest < ActiveSupport::TestCase
42
42
  assert !@credential.valid?
43
43
  end
44
44
 
45
+ test 'old_password always returns nil' do
46
+ assert_equal @credential.old_password, nil
47
+ @credential.old_password = 'old password'
48
+ assert_equal @credential.old_password, nil
49
+ end
50
+
45
51
  test 'check_password' do
46
52
  assert_equal true, @credential.check_password('awesome')
47
53
  assert_equal false, @credential.check_password('not awesome'),
data/test/fixtures/bare_session/password_change.html.erb CHANGED
@@ -21,9 +21,9 @@
21
21
  <section class="fields">
22
22
  <% unless @credential.new_record? %>
23
23
  <div class="field">
24
- <%= label_tag :old_password, 'Current Password' %><br />
24
+ <%= f.label :old_password, 'Current Password' %><br />
25
25
  <span class="value">
26
- <%= password_field_tag :old_password %>
26
+ <%= f.password_field :old_password %>
27
27
  </span>
28
28
  </div>
29
29
  <% end %>
@@ -44,6 +44,6 @@
44
44
  </section>
45
45
 
46
46
  <div class="actions">
47
- <%= f.submit 'Change Password' %>
47
+ <%= f.button 'Change Password', type: 'submit' %>
48
48
  </div>
49
49
  <% end %>
data/test/session_controller_api_test.rb CHANGED
@@ -365,16 +365,15 @@ class SessionControllerApiTest < ActionController::TestCase
365
365
  end
366
366
 
367
367
  test "change_password bounces without logged in user" do
368
- post :change_password, old_password: 'pa55w0rd',
369
- credential: { password: 'hacks',
370
- password_confirmation: 'hacks'}
368
+ post :change_password, credential: { old_password: 'pa55w0rd',
369
+ password: 'hacks', password_confirmation: 'hacks' }
371
370
  assert_response :forbidden
372
371
  end
373
372
 
374
373
  test "change_password works with correct input" do
375
374
  set_session_current_user @user
376
- post :change_password, old_password: 'pa55w0rd',
377
- credential: { password: 'hacks', password_confirmation: 'hacks'}
375
+ post :change_password, credential: { old_password: 'pa55w0rd',
376
+ password: 'hacks', password_confirmation: 'hacks'}
378
377
  assert_redirected_to session_url
379
378
  assert_equal @password_credential, assigns(:credential)
380
379
  assert_equal @user, User.authenticate_signin(@email_credential.email,
@@ -383,9 +382,9 @@ class SessionControllerApiTest < ActionController::TestCase
383
382
 
384
383
  test "change_password works with correct input and extra form input" do
385
384
  set_session_current_user @user
386
- post :change_password, old_password: 'pa55w0rd',
387
- credential: { password: 'hacks', password_confirmation: 'hacks'},
388
- utf8: "\u2713", commit: 'Change password'
385
+ post :change_password, credential: { old_password: 'pa55w0rd',
386
+ password: 'hacks', password_confirmation: 'hacks' }, utf8: "\u2713",
387
+ commit: 'Change Password'
389
388
  assert_redirected_to session_url
390
389
  assert_equal @password_credential, assigns(:credential)
391
390
  assert_equal @user, User.authenticate_signin(@email_credential.email,
@@ -394,8 +393,8 @@ class SessionControllerApiTest < ActionController::TestCase
394
393
 
395
394
  test "change_password rejects bad old password" do
396
395
  set_session_current_user @user
397
- post :change_password, old_password: '_pa55w0rd',
398
- credential: { password: 'hacks', password_confirmation: 'hacks'}
396
+ post :change_password, credential: { old_password: '_pa55w0rd',
397
+ password: 'hacks', password_confirmation: 'hacks' }
399
398
  assert_response :ok
400
399
  assert_template :password_change
401
400
  assert_equal @password_credential, assigns(:credential)
@@ -405,8 +404,8 @@ class SessionControllerApiTest < ActionController::TestCase
405
404
 
406
405
  test "change_password rejects un-confirmed password" do
407
406
  set_session_current_user @user
408
- post :change_password, old_password: 'pa55w0rd',
409
- credential: { password: 'hacks', password_confirmation: 'hacks_'}
407
+ post :change_password, credential: { old_password: 'pa55w0rd',
408
+ password: 'hacks', password_confirmation: 'hacks_' }
410
409
  assert_response :ok
411
410
  assert_template :password_change
412
411
  assert_equal @password_credential, assigns(:credential)
@@ -417,9 +416,8 @@ class SessionControllerApiTest < ActionController::TestCase
417
416
  test "change_password works for password recovery" do
418
417
  set_session_current_user @user
419
418
  @password_credential.destroy
420
- post :change_password,
421
- credential: { password: 'hacks',
422
- password_confirmation: 'hacks'}
419
+ post :change_password, credential: { password: 'hacks',
420
+ password_confirmation: 'hacks' }
423
421
  assert_redirected_to session_url
424
422
  assert_equal @user, User.authenticate_signin(@email_credential.email,
425
423
  'hacks'), 'password not changed'
@@ -429,17 +427,17 @@ class SessionControllerApiTest < ActionController::TestCase
429
427
  set_session_current_user @user
430
428
  @password_credential.destroy
431
429
  assert_no_difference 'Credential.count' do
432
- post :change_password,
433
- credential: { password: 'hacks',
434
- password_confirmation: 'hacks_'}
430
+ post :change_password, credential: { password: 'hacks',
431
+ password_confirmation: 'hacks_' }
435
432
  end
436
433
  assert_response :ok
437
434
  assert_template :password_change
438
435
  end
439
436
 
440
437
  test "change_password by json bounces without logged in user" do
441
- post :change_password, format: 'json', old_password: 'pa55w0rd',
442
- credential: { password: 'hacks', password_confirmation: 'hacks'}
438
+ post :change_password, format: 'json',
439
+ credential: { old_password: 'pa55w0rd', password: 'hacks',
440
+ password_confirmation: 'hacks' }
443
441
  assert_response :ok
444
442
  data = ActiveSupport::JSON.decode response.body
445
443
  assert_equal 'Please sign in', data['error']
@@ -447,9 +445,9 @@ class SessionControllerApiTest < ActionController::TestCase
447
445
 
448
446
  test "change_password by json works with correct input" do
449
447
  set_session_current_user @user
450
- post :change_password, format: 'json', old_password: 'pa55w0rd',
451
- credential: { password: 'hacks',
452
- password_confirmation: 'hacks'}
448
+ post :change_password, format: 'json',
449
+ credential: { old_password: 'pa55w0rd', password: 'hacks',
450
+ password_confirmation: 'hacks' }
453
451
  assert_response :ok
454
452
  assert_equal @user, User.authenticate_signin(@email_credential.email,
455
453
  'hacks'), 'password not changed'
@@ -457,8 +455,9 @@ class SessionControllerApiTest < ActionController::TestCase
457
455
 
458
456
  test "change_password by json rejects bad old password" do
459
457
  set_session_current_user @user
460
- post :change_password, format: 'json', old_password: '_pa55w0rd',
461
- credential: { password: 'hacks', password_confirmation: 'hacks'}
458
+ post :change_password, format: 'json',
459
+ credential: { old_password: '_pa55w0rd', password: 'hacks',
460
+ password_confirmation: 'hacks' }
462
461
  assert_response :ok
463
462
  data = ActiveSupport::JSON.decode response.body
464
463
  assert_equal 'invalid', data['error']
@@ -469,8 +468,9 @@ class SessionControllerApiTest < ActionController::TestCase
469
468
 
470
469
  test "change_password by json rejects un-confirmed password" do
471
470
  set_session_current_user @user
472
- post :change_password, format: 'json', old_password: 'pa55w0rd',
473
- credential: { password: 'hacks', password_confirmation: 'hacks_'}
471
+ post :change_password, format: 'json',
472
+ credential: { old_password: 'pa55w0rd', password: 'hacks',
473
+ password_confirmation: 'hacks_' }
474
474
  assert_response :ok
475
475
  data = ActiveSupport::JSON.decode response.body
476
476
  assert_equal 'invalid', data['error']
@@ -482,7 +482,7 @@ class SessionControllerApiTest < ActionController::TestCase
482
482
  set_session_current_user @user
483
483
  @password_credential.destroy
484
484
  post :change_password, format: 'json',
485
- credential: { password: 'hacks', password_confirmation: 'hacks'}
485
+ credential: { password: 'hacks', password_confirmation: 'hacks' }
486
486
  assert_response :ok
487
487
  assert_equal @user, User.authenticate_signin(
488
488
  @email_credential.email, 'hacks'), 'password not changed'
@@ -493,8 +493,7 @@ class SessionControllerApiTest < ActionController::TestCase
493
493
  @password_credential.destroy
494
494
  assert_no_difference 'Credential.count' do
495
495
  post :change_password, format: 'json',
496
- credential: { password: 'hacks',
497
- password_confirmation: 'hacks_'}
496
+ credential: { password: 'hacks', password_confirmation: 'hacks_' }
498
497
  end
499
498
  assert_response :ok
500
499
  data = ActiveSupport::JSON.decode response.body
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authpwn_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.1
4
+ version: 0.16.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Victor Costan
@@ -309,5 +309,5 @@ rubyforge_project:
309
309
  rubygems_version: 2.0.14
310
310
  signing_key:
311
311
  specification_version: 4
312
- summary: User authentication for Rails 3 applications.
312
+ summary: User authentication for Rails 3 and 4 applications.
313
313
  test_files: []