authpwn_rails 0.16.1 → 0.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +1 -1
  3. data/VERSION +1 -1
  4. data/app/models/credentials/password.rb +9 -1
  5. data/authpwn_rails.gemspec +2 -2
  6. data/lib/authpwn_rails/generators/templates/session/password_change.html.erb +2 -2
  7. data/lib/authpwn_rails/generators/templates/session_controller_test.rb +2 -2
  8. data/lib/authpwn_rails/session_controller.rb +3 -2
  9. data/test/credentials/password_credential_test.rb +6 -0
  10. data/test/fixtures/bare_session/password_change.html.erb +3 -3
  11. data/test/session_controller_api_test.rb +29 -30
  12. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 55e00431fac95ebeaa4bffd96d5f03a788bc0340
4
- data.tar.gz: 80a15431b638ed0798dd0b22735f8ced99770b4c
3
+ metadata.gz: 38257de1d56ba7c5ea75d7e055fbe62d5a8cf579
4
+ data.tar.gz: 70b9271b0f567bf5c358530371ea9f06bd9f93e0
5
5
  SHA512:
6
- metadata.gz: 4bb61cd308147854a0712247e38678c8d311d9ef145973138218e2b4cae76af334597333e79616f517c9b02fcbfc7bfcaf71d9a6dcc87f3a4a8a3c1a18bce1a8
7
- data.tar.gz: b9b35f7de8f897de9674242e7311f10e1faa57f8ce7c429388aca357cf9ee0c78fece76711579385f2b0e6a2574f008f61e26c104187093ca0edbca16d0d9408
6
+ metadata.gz: 4b89f3ff51230ef53e527075a8fb898e63de72c4276e4d3b3dd5e48dd6aa83312cb16bbfcf629cdb82e5981e24a43bf767f2851d84b2cedf24c65caaaf378017
7
+ data.tar.gz: 86d7b0f0f9a05826fc61d1b41461a20b1a8a65e0bc189b47cb9fbb70bce8cf091104f613d20eb76a8a35e0a65d1541756756a7a0c29ebb6dda0451e997fb3b95
data/Rakefile CHANGED
@@ -16,7 +16,7 @@ Jeweler::Tasks.new do |gem|
16
16
  gem.name = "authpwn_rails"
17
17
  gem.homepage = "http://github.com/pwnall/authpwn_rails"
18
18
  gem.license = "MIT"
19
- gem.summary = %Q{User authentication for Rails 3 applications.}
19
+ gem.summary = %Q{User authentication for Rails 3 and 4 applications.}
20
20
  gem.description = %Q{Works with Facebook.}
21
21
  gem.email = "victor@costan.us"
22
22
  gem.authors = ["Victor Costan"]
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.16.1
1
+ 0.16.2
data/app/models/credentials/password.rb CHANGED
@@ -11,6 +11,14 @@ class Password < ::Credential
11
11
  # Virtual attribute: confirmation for the user's password.
12
12
  attr_accessor :password_confirmation
13
13
 
14
+ # Virtual attribute that lets us have an old_password field on forms.
15
+ def old_password
16
+ nil
17
+ end
18
+ def old_password=(new_old_password)
19
+ new_old_password
20
+ end
21
+
14
22
  # A user can have a single password.
15
23
  validates :user_id, uniqueness: true
16
24
 
@@ -75,7 +83,7 @@ class Password < ::Credential
75
83
 
76
84
  if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
77
85
  # Forms can only change the plain-text password fields.
78
- attr_accessible :password, :password_confirmation
86
+ attr_accessible :old_password, :password, :password_confirmation
79
87
  end
80
88
  end # class Credentials::Password
81
89
 
data/authpwn_rails.gemspec CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "authpwn_rails"
8
- s.version = "0.16.1"
8
+ s.version = "0.16.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Victor Costan"]
@@ -122,7 +122,7 @@ Gem::Specification.new do |s|
122
122
  s.licenses = ["MIT"]
123
123
  s.require_paths = ["lib"]
124
124
  s.rubygems_version = "2.0.14"
125
- s.summary = "User authentication for Rails 3 applications."
125
+ s.summary = "User authentication for Rails 3 and 4 applications."
126
126
 
127
127
  if s.respond_to? :specification_version then
128
128
  s.specification_version = 4
data/lib/authpwn_rails/generators/templates/session/password_change.html.erb CHANGED
@@ -21,9 +21,9 @@
21
21
  <section class="fields">
22
22
  <% unless @credential.new_record? %>
23
23
  <div class="field">
24
- <%= label_tag :old_password, 'Current Password' %><br />
24
+ <%= f.label :old_password, 'Current Password' %><br />
25
25
  <span class="value">
26
- <%= password_field_tag :old_password %>
26
+ <%= f.password_field :old_password %>
27
27
  </span>
28
28
  </div>
29
29
  <% end %>
data/lib/authpwn_rails/generators/templates/session_controller_test.rb CHANGED
@@ -83,7 +83,7 @@ class SessionControllerTest < ActionController::TestCase
83
83
  assert_select 'span[class="password_age"]'
84
84
  assert_select 'form[action=?][method="post"]',
85
85
  change_password_session_path do
86
- assert_select 'input[name="old_password"]'
86
+ assert_select 'input[name=?]', 'credential[old_password]'
87
87
  assert_select 'input[name=?]', 'credential[password]'
88
88
  assert_select 'input[name=?]', 'credential[password_confirmation]'
89
89
  assert_select 'button[type="submit"]'
@@ -98,7 +98,7 @@ class SessionControllerTest < ActionController::TestCase
98
98
  assert_select 'span[class="password_age"]', count: 0
99
99
  assert_select 'form[action=?][method="post"]',
100
100
  change_password_session_path do
101
- assert_select 'input[name="old_password"]', count: 0
101
+ assert_select 'input[name=?]', 'credential[old_password]', count: 0
102
102
  assert_select 'input[name=?]', 'credential[password]'
103
103
  assert_select 'input[name=?]', 'credential[password_confirmation]'
104
104
  assert_select 'button[type="submit"]'
data/lib/authpwn_rails/session_controller.rb CHANGED
@@ -194,7 +194,7 @@ module SessionController
194
194
  find { |c| c.is_a? Credentials::Password }
195
195
  if @credential
196
196
  # An old password is set, must verify it.
197
- if @credential.check_password params[:old_password]
197
+ if @credential.check_password params[:credential][:old_password]
198
198
  success = @credential.update_attributes change_password_params
199
199
  else
200
200
  success = false
@@ -223,7 +223,8 @@ module SessionController
223
223
 
224
224
  # Parameters used to change the user's password.
225
225
  def change_password_params
226
- params.require(:credential).permit :password, :password_confirmation
226
+ params.require(:credential).permit :old_password, :password,
227
+ :password_confirmation
227
228
  end
228
229
  else
229
230
  # Rails 3.
data/test/credentials/password_credential_test.rb CHANGED
@@ -42,6 +42,12 @@ class PasswordCredentialTest < ActiveSupport::TestCase
42
42
  assert !@credential.valid?
43
43
  end
44
44
 
45
+ test 'old_password always returns nil' do
46
+ assert_equal @credential.old_password, nil
47
+ @credential.old_password = 'old password'
48
+ assert_equal @credential.old_password, nil
49
+ end
50
+
45
51
  test 'check_password' do
46
52
  assert_equal true, @credential.check_password('awesome')
47
53
  assert_equal false, @credential.check_password('not awesome'),
data/test/fixtures/bare_session/password_change.html.erb CHANGED
@@ -21,9 +21,9 @@
21
21
  <section class="fields">
22
22
  <% unless @credential.new_record? %>
23
23
  <div class="field">
24
- <%= label_tag :old_password, 'Current Password' %><br />
24
+ <%= f.label :old_password, 'Current Password' %><br />
25
25
  <span class="value">
26
- <%= password_field_tag :old_password %>
26
+ <%= f.password_field :old_password %>
27
27
  </span>
28
28
  </div>
29
29
  <% end %>
@@ -44,6 +44,6 @@
44
44
  </section>
45
45
 
46
46
  <div class="actions">
47
- <%= f.submit 'Change Password' %>
47
+ <%= f.button 'Change Password', type: 'submit' %>
48
48
  </div>
49
49
  <% end %>
data/test/session_controller_api_test.rb CHANGED
@@ -365,16 +365,15 @@ class SessionControllerApiTest < ActionController::TestCase
365
365
  end
366
366
 
367
367
  test "change_password bounces without logged in user" do
368
- post :change_password, old_password: 'pa55w0rd',
369
- credential: { password: 'hacks',
370
- password_confirmation: 'hacks'}
368
+ post :change_password, credential: { old_password: 'pa55w0rd',
369
+ password: 'hacks', password_confirmation: 'hacks' }
371
370
  assert_response :forbidden
372
371
  end
373
372
 
374
373
  test "change_password works with correct input" do
375
374
  set_session_current_user @user
376
- post :change_password, old_password: 'pa55w0rd',
377
- credential: { password: 'hacks', password_confirmation: 'hacks'}
375
+ post :change_password, credential: { old_password: 'pa55w0rd',
376
+ password: 'hacks', password_confirmation: 'hacks'}
378
377
  assert_redirected_to session_url
379
378
  assert_equal @password_credential, assigns(:credential)
380
379
  assert_equal @user, User.authenticate_signin(@email_credential.email,
@@ -383,9 +382,9 @@ class SessionControllerApiTest < ActionController::TestCase
383
382
 
384
383
  test "change_password works with correct input and extra form input" do
385
384
  set_session_current_user @user
386
- post :change_password, old_password: 'pa55w0rd',
387
- credential: { password: 'hacks', password_confirmation: 'hacks'},
388
- utf8: "\u2713", commit: 'Change password'
385
+ post :change_password, credential: { old_password: 'pa55w0rd',
386
+ password: 'hacks', password_confirmation: 'hacks' }, utf8: "\u2713",
387
+ commit: 'Change Password'
389
388
  assert_redirected_to session_url
390
389
  assert_equal @password_credential, assigns(:credential)
391
390
  assert_equal @user, User.authenticate_signin(@email_credential.email,
@@ -394,8 +393,8 @@ class SessionControllerApiTest < ActionController::TestCase
394
393
 
395
394
  test "change_password rejects bad old password" do
396
395
  set_session_current_user @user
397
- post :change_password, old_password: '_pa55w0rd',
398
- credential: { password: 'hacks', password_confirmation: 'hacks'}
396
+ post :change_password, credential: { old_password: '_pa55w0rd',
397
+ password: 'hacks', password_confirmation: 'hacks' }
399
398
  assert_response :ok
400
399
  assert_template :password_change
401
400
  assert_equal @password_credential, assigns(:credential)
@@ -405,8 +404,8 @@ class SessionControllerApiTest < ActionController::TestCase
405
404
 
406
405
  test "change_password rejects un-confirmed password" do
407
406
  set_session_current_user @user
408
- post :change_password, old_password: 'pa55w0rd',
409
- credential: { password: 'hacks', password_confirmation: 'hacks_'}
407
+ post :change_password, credential: { old_password: 'pa55w0rd',
408
+ password: 'hacks', password_confirmation: 'hacks_' }
410
409
  assert_response :ok
411
410
  assert_template :password_change
412
411
  assert_equal @password_credential, assigns(:credential)
@@ -417,9 +416,8 @@ class SessionControllerApiTest < ActionController::TestCase
417
416
  test "change_password works for password recovery" do
418
417
  set_session_current_user @user
419
418
  @password_credential.destroy
420
- post :change_password,
421
- credential: { password: 'hacks',
422
- password_confirmation: 'hacks'}
419
+ post :change_password, credential: { password: 'hacks',
420
+ password_confirmation: 'hacks' }
423
421
  assert_redirected_to session_url
424
422
  assert_equal @user, User.authenticate_signin(@email_credential.email,
425
423
  'hacks'), 'password not changed'
@@ -429,17 +427,17 @@ class SessionControllerApiTest < ActionController::TestCase
429
427
  set_session_current_user @user
430
428
  @password_credential.destroy
431
429
  assert_no_difference 'Credential.count' do
432
- post :change_password,
433
- credential: { password: 'hacks',
434
- password_confirmation: 'hacks_'}
430
+ post :change_password, credential: { password: 'hacks',
431
+ password_confirmation: 'hacks_' }
435
432
  end
436
433
  assert_response :ok
437
434
  assert_template :password_change
438
435
  end
439
436
 
440
437
  test "change_password by json bounces without logged in user" do
441
- post :change_password, format: 'json', old_password: 'pa55w0rd',
442
- credential: { password: 'hacks', password_confirmation: 'hacks'}
438
+ post :change_password, format: 'json',
439
+ credential: { old_password: 'pa55w0rd', password: 'hacks',
440
+ password_confirmation: 'hacks' }
443
441
  assert_response :ok
444
442
  data = ActiveSupport::JSON.decode response.body
445
443
  assert_equal 'Please sign in', data['error']
@@ -447,9 +445,9 @@ class SessionControllerApiTest < ActionController::TestCase
447
445
 
448
446
  test "change_password by json works with correct input" do
449
447
  set_session_current_user @user
450
- post :change_password, format: 'json', old_password: 'pa55w0rd',
451
- credential: { password: 'hacks',
452
- password_confirmation: 'hacks'}
448
+ post :change_password, format: 'json',
449
+ credential: { old_password: 'pa55w0rd', password: 'hacks',
450
+ password_confirmation: 'hacks' }
453
451
  assert_response :ok
454
452
  assert_equal @user, User.authenticate_signin(@email_credential.email,
455
453
  'hacks'), 'password not changed'
@@ -457,8 +455,9 @@ class SessionControllerApiTest < ActionController::TestCase
457
455
 
458
456
  test "change_password by json rejects bad old password" do
459
457
  set_session_current_user @user
460
- post :change_password, format: 'json', old_password: '_pa55w0rd',
461
- credential: { password: 'hacks', password_confirmation: 'hacks'}
458
+ post :change_password, format: 'json',
459
+ credential: { old_password: '_pa55w0rd', password: 'hacks',
460
+ password_confirmation: 'hacks' }
462
461
  assert_response :ok
463
462
  data = ActiveSupport::JSON.decode response.body
464
463
  assert_equal 'invalid', data['error']
@@ -469,8 +468,9 @@ class SessionControllerApiTest < ActionController::TestCase
469
468
 
470
469
  test "change_password by json rejects un-confirmed password" do
471
470
  set_session_current_user @user
472
- post :change_password, format: 'json', old_password: 'pa55w0rd',
473
- credential: { password: 'hacks', password_confirmation: 'hacks_'}
471
+ post :change_password, format: 'json',
472
+ credential: { old_password: 'pa55w0rd', password: 'hacks',
473
+ password_confirmation: 'hacks_' }
474
474
  assert_response :ok
475
475
  data = ActiveSupport::JSON.decode response.body
476
476
  assert_equal 'invalid', data['error']
@@ -482,7 +482,7 @@ class SessionControllerApiTest < ActionController::TestCase
482
482
  set_session_current_user @user
483
483
  @password_credential.destroy
484
484
  post :change_password, format: 'json',
485
- credential: { password: 'hacks', password_confirmation: 'hacks'}
485
+ credential: { password: 'hacks', password_confirmation: 'hacks' }
486
486
  assert_response :ok
487
487
  assert_equal @user, User.authenticate_signin(
488
488
  @email_credential.email, 'hacks'), 'password not changed'
@@ -493,8 +493,7 @@ class SessionControllerApiTest < ActionController::TestCase
493
493
  @password_credential.destroy
494
494
  assert_no_difference 'Credential.count' do
495
495
  post :change_password, format: 'json',
496
- credential: { password: 'hacks',
497
- password_confirmation: 'hacks_'}
496
+ credential: { password: 'hacks', password_confirmation: 'hacks_' }
498
497
  end
499
498
  assert_response :ok
500
499
  data = ActiveSupport::JSON.decode response.body
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authpwn_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.1
4
+ version: 0.16.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Victor Costan
@@ -309,5 +309,5 @@ rubyforge_project:
309
309
  rubygems_version: 2.0.14
310
310
  signing_key:
311
311
  specification_version: 4
312
- summary: User authentication for Rails 3 applications.
312
+ summary: User authentication for Rails 3 and 4 applications.
313
313
  test_files: []