authpwn_rails 0.16.2 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +3 -6
  3. data/Gemfile +7 -8
  4. data/Gemfile.lock +97 -113
  5. data/Gemfile.rails4 +8 -9
  6. data/{Gemfile.rails3 → Gemfile.rails41} +6 -7
  7. data/Gemfile.rails42 +17 -0
  8. data/README.rdoc +1 -2
  9. data/Rakefile +1 -1
  10. data/VERSION +1 -1
  11. data/app/models/credentials/email.rb +15 -37
  12. data/app/models/credentials/omni_auth_uid.rb +96 -0
  13. data/app/models/credentials/password.rb +0 -5
  14. data/app/models/tokens/base.rb +11 -38
  15. data/authpwn_rails.gemspec +35 -33
  16. data/lib/authpwn_rails/credential_model.rb +1 -5
  17. data/lib/authpwn_rails/generators/all_generator.rb +3 -1
  18. data/lib/authpwn_rails/generators/templates/001_create_users.rb +3 -3
  19. data/lib/authpwn_rails/generators/templates/003_create_credentials.rb +7 -7
  20. data/lib/authpwn_rails/generators/templates/credentials.yml +13 -13
  21. data/lib/authpwn_rails/generators/templates/omniauth_initializer.rb +13 -0
  22. data/lib/authpwn_rails/generators/templates/session_controller_test.rb +22 -0
  23. data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.html.erb +3 -3
  24. data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.text.erb +1 -1
  25. data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.html.erb +3 -3
  26. data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.text.erb +1 -1
  27. data/lib/authpwn_rails/generators/templates/session_mailer.rb +1 -1
  28. data/lib/authpwn_rails/generators/templates/session_mailer_test.rb +14 -4
  29. data/lib/authpwn_rails/generators/templates/user.rb +40 -5
  30. data/lib/authpwn_rails/http_basic.rb +6 -5
  31. data/lib/authpwn_rails/routes.rb +20 -7
  32. data/lib/authpwn_rails/session.rb +1 -1
  33. data/lib/authpwn_rails/session_controller.rb +48 -12
  34. data/lib/authpwn_rails/session_mailer.rb +13 -14
  35. data/lib/authpwn_rails/session_model.rb +4 -24
  36. data/lib/authpwn_rails/user_extensions/email_field.rb +5 -21
  37. data/lib/authpwn_rails/user_extensions/password_field.rb +0 -4
  38. data/lib/authpwn_rails/user_model.rb +46 -12
  39. data/lib/authpwn_rails.rb +0 -2
  40. data/test/cookie_controller_test.rb +1 -7
  41. data/test/credentials/omni_auth_uid_credential_test.rb +141 -0
  42. data/test/helpers/action_controller.rb +2 -8
  43. data/test/helpers/db_setup.rb +8 -16
  44. data/test/helpers/routes.rb +35 -30
  45. data/test/helpers/test_order.rb +3 -0
  46. data/test/http_basic_controller_test.rb +7 -18
  47. data/test/routes_test.rb +19 -10
  48. data/test/session_controller_api_test.rb +181 -30
  49. data/test/session_controller_test.rb +6 -0
  50. data/test/session_mailer_api_test.rb +18 -13
  51. data/test/session_mailer_test.rb +6 -0
  52. data/test/test_helper.rb +3 -3
  53. data/test/user_test.rb +54 -7
  54. metadata +65 -64
  55. data/app/models/credentials/facebook.rb +0 -63
  56. data/lib/authpwn_rails/facebook_session.rb +0 -33
  57. data/lib/authpwn_rails/user_extensions/facebook_fields.rb +0 -63
  58. data/test/credentials/facebook_credential_test.rb +0 -64
  59. data/test/facebook_controller_test.rb +0 -65
  60. data/test/user_extensions/facebook_fields_test.rb +0 -61
@@ -59,7 +59,7 @@ module SessionController
59
59
 
60
60
  @redirect_url = params[:redirect_url] || session_url
61
61
  @session = Session.from_params params
62
- auth = User.authenticate_signin @session.email, @session.password
62
+ auth = User.authenticate_signin @session
63
63
  unless auth.kind_of? Symbol
64
64
  set_session_current_user auth
65
65
  Tokens::SessionUid.remove_expired if auto_purge_sessions
@@ -97,7 +97,13 @@ module SessionController
97
97
 
98
98
  if user = (credential && credential.user)
99
99
  token = Tokens::PasswordReset.random_for user
100
- ::SessionMailer.reset_password_email(email, token, root_url).deliver
100
+ email = ::SessionMailer.reset_password_email(email, token, root_url)
101
+ if email.respond_to? :deliver_now
102
+ # TODO(pwnall): fix the serialization errors blocking deliver_later
103
+ email.deliver_now
104
+ else
105
+ email.deliver
106
+ end
101
107
  end
102
108
 
103
109
  respond_to do |format|
@@ -218,18 +224,48 @@ module SessionController
218
224
  end
219
225
  end
220
226
 
221
- if defined? ActiveModel::ForbiddenAttributesProtection
222
- # Rails 4.
227
+ # Parameters used to change the user's password.
228
+ def change_password_params
229
+ params.require(:credential).permit :old_password, :password,
230
+ :password_confirmation
231
+ end
232
+ private :change_password_params
233
+
234
+ # GET /auth/twitter/callback
235
+ # POST /auth/twitter/callback
236
+ def omniauth
237
+ @redirect_url = params[:redirect_url] || session_url
238
+ omni_auth = request.env['omniauth.auth']
239
+ auth = Credentials::OmniAuthUid.authenticate omni_auth
240
+ unless auth.kind_of? Symbol
241
+ set_session_current_user auth
242
+ Tokens::SessionUid.remove_expired if auto_purge_sessions
243
+ end
223
244
 
224
- # Parameters used to change the user's password.
225
- def change_password_params
226
- params.require(:credential).permit :old_password, :password,
227
- :password_confirmation
245
+ respond_to do |format|
246
+ if current_user
247
+ format.html { redirect_to @redirect_url }
248
+ else
249
+ error_text = bounce_notice_text auth
250
+ format.html do
251
+ if params[:redirect_url]
252
+ redirect_to new_session_url, flash: { alert: error_text,
253
+ auth_redirect_url: @redirect_url }
254
+ else
255
+ redirect_to new_session_url, alert: error_text
256
+ end
257
+ end
258
+ end
228
259
  end
229
- else
230
- # Rails 3.
231
- def change_password_params
232
- params[:credential]
260
+ end
261
+
262
+ # GET /auth/failure
263
+ def omniauth_failure
264
+ respond_to do |format|
265
+ format.html do
266
+ redirect_to new_session_url,
267
+ alert: 'Authentication failed. Please try again.'
268
+ end
233
269
  end
234
270
  end
235
271
 
@@ -7,15 +7,14 @@ module Authpwn
7
7
  module SessionMailer
8
8
  # Creates an e-mail containing a verification token for the e-mail address.
9
9
  #
10
- # Params:
11
- # token:: the e-mail confirmation token
12
- # root_url:: the application's root URL (e.g. "https://localhost:3000/")
10
+ # @param [String] token the e-mail confirmation token
11
+ # @param [String] the application's root URL (e.g. "https://localhost:3000/")
13
12
  def email_verification_email(token, root_url)
14
13
  @token = token
15
14
  @protocol, @host = *root_url.split('://', 2)
16
- @host.slice! -1 if @host[-1] == ?/
15
+ @host.slice!(-1) if @host[-1] == ?/
17
16
  hostname = @host.split(':', 2).first # Strip out any port.
18
-
17
+
19
18
  mail to: @token.email,
20
19
  subject: email_verification_subject(token, hostname, @protocol),
21
20
  from: email_verification_from(token, hostname, @protocol)
@@ -27,38 +26,38 @@ module SessionMailer
27
26
  def email_verification_subject(token, server_hostname, protocol)
28
27
  "#{server_hostname} e-mail verification"
29
28
  end
30
-
29
+
31
30
  # The sender e-mail address for an e-mail verification e-mail.
32
31
  #
33
32
  # The authpwn generator encourages applications to override this method.
34
33
  def email_verification_from(token, server_hostname, protocol)
35
34
  %Q|"#{server_hostname} staff" <admin@#{server_hostname}>|
36
- end
35
+ end
37
36
 
38
37
  # Creates an e-mail containing a password reset token.
39
38
  #
40
- # Params:
41
- # email:: the email to send the token to
42
- # token:: the password reset token
43
- # root_url:: the application's root URL (e.g. "https://localhost:3000/")
39
+ # @param [String] email the email to send the token to
40
+ # @param [String] token the password reset token
41
+ # @param [String] root_url the application's root URL
42
+ # (e.g. "https://localhost:3000/")
44
43
  def reset_password_email(email, token, root_url)
45
44
  @email, @token, @host, @protocol = email, token
46
45
  @token = token
47
46
  @protocol, @host = *root_url.split('://', 2)
48
- @host.slice! -1 if @host[-1] == ?/
47
+ @host.slice!(-1) if @host[-1] == ?/
49
48
 
50
49
  hostname = @host.split(':', 2).first # Strip out any port.
51
50
  mail to: email, from: reset_password_from(token, hostname, @protocol),
52
51
  subject: reset_password_subject(token, hostname, @protocol)
53
52
  end
54
-
53
+
55
54
  # The subject line in a password reset e-mail.
56
55
  #
57
56
  # The authpwn generator encourages applications to override this method.
58
57
  def reset_password_subject(token, server_hostname, protocol)
59
58
  "#{server_hostname} password reset"
60
59
  end
61
-
60
+
62
61
  # The sender e-mail address for a password reset e-mail.
63
62
  #
64
63
  # The authpwn generator encourages applications to override this method.
@@ -4,39 +4,19 @@ require 'active_model'
4
4
  # :nodoc: namespace
5
5
  module Authpwn
6
6
 
7
- # Included by the model class that collects sign-up information.
7
+ # Included by the model class that collects signin information.
8
8
  #
9
9
  # Parts of the codebase assume the model will be named Session.
10
10
  module SessionModel
11
11
  extend ActiveSupport::Concern
12
12
 
13
13
  included do
14
- if defined? ActiveModel::Model
15
- # Rails 4.
16
- include ActiveModel::Model
17
- else
18
- # Rails 3.
19
- include ActiveModel::Conversion
20
- extend ActiveModel::Naming
21
- extend ActiveModel::Translation
22
- include ActiveModel::Validations
23
-
24
- def initialize(params={})
25
- params.each do |attr, value|
26
- self.public_send("#{attr}=", value)
27
- end if params
28
-
29
- super()
30
- end
31
- def persisted?
32
- false
33
- end
34
- end
14
+ include ActiveModel::Model
35
15
 
36
- # The e-mail used to sign up.
16
+ # The e-mail used to sign in.
37
17
  attr_accessor :email
38
18
 
39
- # The password used to sign up.
19
+ # The password used to sign in.
40
20
  attr_accessor :password
41
21
  end
42
22
 
@@ -24,30 +24,14 @@ module EmailField
24
24
  record.errors.add attr, :blank
25
25
  end
26
26
  end
27
- if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
28
- attr_accessible :email
29
- end
30
27
  end
31
28
 
32
29
  module ClassMethods
33
- begin
34
- ActiveRecord::QueryMethods.instance_method :references
35
- # Rails 4.
36
-
37
- # The user who has a certain e-mail, or nil if the e-mail is unclaimed.
38
- def with_email(email)
39
- credential = Credentials::Email.where(name: email).
40
- includes(:user).references(:user).first
41
- credential && credential.user
42
- end
43
- rescue NameError
44
- # Rails 3.
45
-
46
- def with_email(email)
47
- credential = Credentials::Email.where(name: email).includes(:user).
48
- first
49
- credential && credential.user
50
- end
30
+ # The user who has a certain e-mail, or nil if the e-mail is unclaimed.
31
+ def with_email(email)
32
+ credential = Credentials::Email.where(name: email).includes(:user).
33
+ references(:user).first
34
+ credential && credential.user
51
35
  end
52
36
  end
53
37
 
@@ -14,10 +14,6 @@ module PasswordField
14
14
  included do
15
15
  validates :password, presence: { on: :create },
16
16
  confirmation: { allow_nil: true }
17
-
18
- if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
19
- attr_accessible :password, :password_confirmation
20
- end
21
17
  end
22
18
 
23
19
  module ClassMethods
@@ -26,11 +26,6 @@ module UserModel
26
26
 
27
27
  # Automatically assign exuid.
28
28
  before_validation :set_default_exuid, on: :create
29
-
30
- if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
31
- # Forms should not be able to touch any attribute.
32
- attr_accessible :credentials_attributes
33
- end
34
29
  end
35
30
 
36
31
  # Class methods on models that include Authpwn::UserModel.
@@ -53,16 +48,55 @@ module UserModel
53
48
 
54
49
  # Authenticates a user given the information on a signup form.
55
50
  #
56
- # The method's parameter names are an acknowledgement to the email and
57
- # password fields on automatically-generated forms.
58
- #
59
51
  # The easiest method of accepting other login information is to override
60
52
  # this method, locate the user's email, and supply it in a call to super.
61
53
  #
62
- # Returns an authenticated user, or a symbol indicating the reason why the
63
- # authentication failed.
64
- def authenticate_signin(email, password)
65
- Credentials::Password.authenticate_email email, password
54
+ # @param [Session] signin the information entered in the sign-in form
55
+ # @return [User, Symbol] the authenticated user, or a symbol indicating the
56
+ # reason why the authentication failed
57
+ def authenticate_signin(signin)
58
+ Credentials::Password.authenticate_email signin.email, signin.password
59
+ end
60
+
61
+ # Looks up the User tat may be related to an OmniAuth sign-in.
62
+ #
63
+ # This method is called when there is no Credential matching the OmniAuth
64
+ # information, but before {User#create_from_omniauth}. It is an opportunity
65
+ # to identify an existing user who uses a new sign-in method.
66
+ #
67
+ # The default implementation finds an user whose e-mail matches the 'email'
68
+ # value in the OmniAuth hash.
69
+ #
70
+ # @param [Hash] omniauth_hash the hash provided by OmniAuth
71
+ # @return [User] the user who should be signed in, or nil if no such user
72
+ # exists
73
+ def related_to_omniauth(omniauth_hash)
74
+ info_hash = omniauth_hash['info']
75
+ return nil unless email = info_hash && info_hash['email']
76
+ credential = Credentials::Email.with email
77
+ credential and credential.user
78
+ end
79
+
80
+ # Change this to customize on-demand user creation on OmniAuth signup.
81
+ #
82
+ # This method is called when there is no existing user matching the
83
+ # OmniAuth information, and is responsible for creating a user. It is an
84
+ # opportunity to collect the OmniAuth information to populate the user's
85
+ # account.
86
+ #
87
+ # The default implementation creates a user with the e-mail matching the
88
+ # 'email' key in the OmniAuth hash. If no e-mail key is present, no User is
89
+ # created.
90
+ #
91
+ # @param [Hash] omniauth_hash the hash provided by OmniAuth
92
+ # @return [User] a saved User, or nil if the OmniAuth sign-in information
93
+ # should not be used to create a user
94
+ def create_from_omniauth(omniauth_hash)
95
+ info_hash = omniauth_hash['info']
96
+ return nil unless email = info_hash && info_hash['email']
97
+ user = User.create!
98
+ Credentials::Email.create! user: user, email: email, verified: true
99
+ user
66
100
  end
67
101
  end # module Authpwn::UserModel::ClassMethods
68
102
 
data/lib/authpwn_rails.rb CHANGED
@@ -15,12 +15,10 @@ module Authpwn
15
15
  # Contains extensions to the User model.
16
16
  module UserExtensions
17
17
  autoload :EmailField, 'authpwn_rails/user_extensions/email_field.rb'
18
- autoload :FacebookFields, 'authpwn_rails/user_extensions/facebook_fields.rb'
19
18
  autoload :PasswordField, 'authpwn_rails/user_extensions/password_field.rb'
20
19
  end
21
20
  end
22
21
 
23
- require 'authpwn_rails/facebook_session.rb'
24
22
  require 'authpwn_rails/http_basic.rb'
25
23
  require 'authpwn_rails/routes.rb'
26
24
  require 'authpwn_rails/session.rb'
@@ -44,13 +44,7 @@ class CookieControllerTest < ActionController::TestCase
44
44
  get :show
45
45
  assert_response :success
46
46
  assert_equal @user, assigns(:current_user)
47
- john_id = if defined? ActiveRecord::FixtureSet
48
- # Rails 4
49
- ActiveRecord::FixtureSet.identify :john
50
- else
51
- # Rails 3
52
- ActiveRecord::Fixtures.identify :john
53
- end
47
+ john_id = ActiveRecord::FixtureSet.identify :john
54
48
  assert_equal "User: #{john_id}", response.body
55
49
  end
56
50
 
@@ -0,0 +1,141 @@
1
+ require File.expand_path('../../test_helper', __FILE__)
2
+
3
+ class OmniAuthUidCredentialTest < ActiveSupport::TestCase
4
+ def setup
5
+ @credential = Credentials::OmniAuthUid.new
6
+ @credential.provider = 'developer'
7
+ @credential.uid = 'dvdjohn@mit.edu'
8
+ @credential.user = users(:bill)
9
+ end
10
+
11
+ test 'setup' do
12
+ assert @credential.valid?
13
+ end
14
+
15
+ test 'provider required' do
16
+ @credential.provider = ''
17
+ assert !@credential.valid?
18
+ end
19
+
20
+ test 'uid required' do
21
+ @credential.uid = ''
22
+ assert !@credential.valid?
23
+ end
24
+
25
+ test 'blocked set to true' do
26
+ @credential.blocked = true
27
+ assert_equal '0', @credential.key, 'key'
28
+ assert_equal true, @credential.blocked?, 'blocked?'
29
+ end
30
+
31
+ test 'blocked set to false' do
32
+ @credential.blocked = false
33
+ assert_equal '1', @credential.key, 'key'
34
+ assert_equal false, @credential.blocked?, 'blocked?'
35
+ end
36
+
37
+ test 'user required' do
38
+ @credential.user = nil
39
+ assert !@credential.valid?
40
+ end
41
+
42
+ test 'uid length' do
43
+ @credential.uid = 'abcde' * 25 + '@mit.edu'
44
+ assert !@credential.valid?, 'Overly long uid'
45
+ assert @credential.errors[:name].any? { |m| /too long/i =~ m },
46
+ 'Validation errors include length error'
47
+ end
48
+
49
+ test 'provider+uid uniqueness' do
50
+ @credential.uid = credentials(:john_omniauth_developer).uid
51
+ assert !@credential.valid?
52
+ assert @credential.errors[:name].any? { |m| m == 'has already been taken' }
53
+ end
54
+
55
+ test 'name_from_omniauth' do
56
+ assert_equal 'developer,dvdjohn@mit.edu',
57
+ Credentials::OmniAuthUid.name_from_omniauth('provider' => 'developer',
58
+ 'uid' => 'dvdjohn@mit.edu')
59
+ assert_equal 'twitter,dvdjohn',
60
+ Credentials::OmniAuthUid.name_from_omniauth('provider' => 'twitter',
61
+ 'uid' => 'dvdjohn')
62
+ assert_equal ',dvdjohn',
63
+ Credentials::OmniAuthUid.name_from_omniauth('uid' => 'dvdjohn')
64
+ assert_equal 'twitter,',
65
+ Credentials::OmniAuthUid.name_from_omniauth('provider' => 'twitter')
66
+ end
67
+
68
+ test 'authenticate with existing credential' do
69
+ assert_equal users(:jane), Credentials::OmniAuthUid.authenticate(
70
+ 'provider' => 'developer', 'uid' => 'jane@gmail.com')
71
+ end
72
+
73
+ test 'authenticate with blocked existing credential' do
74
+ omniauth_hash = { 'provider' => 'developer', 'uid' => 'john@gmail.com' }
75
+ assert_equal :blocked, Credentials::OmniAuthUid.authenticate(omniauth_hash)
76
+
77
+ john_omniauth_developer = credentials(:john_omniauth_developer)
78
+ john_omniauth_developer.blocked = false
79
+ john_omniauth_developer.save!
80
+ assert_equal users(:john),
81
+ Credentials::OmniAuthUid.authenticate(omniauth_hash)
82
+ end
83
+
84
+ test 'authenticate calls User#related_to_omniauth' do
85
+ jane = users(:jane)
86
+ credentials(:jane_omniauth_developer).destroy
87
+
88
+ omniauth_hash = { 'provider' => 'developer', 'uid' => 'jane@gmail.com' }
89
+ User.expects(:related_to_omniauth).with(omniauth_hash).returns jane
90
+ User.expects(:create_from_omniauth).never
91
+
92
+ assert_nil Credentials::OmniAuthUid.with(omniauth_hash)
93
+ assert_difference 'Credentials::OmniAuthUid.count' do
94
+ assert_equal jane, Credentials::OmniAuthUid.authenticate(omniauth_hash)
95
+ end
96
+ assert_not_nil Credentials::OmniAuthUid.with(omniauth_hash)
97
+ assert_equal jane, Credentials::OmniAuthUid.with(omniauth_hash).user
98
+ end
99
+
100
+ test 'authenticate calls User#create_from_omniauth' do
101
+ user = User.create!
102
+ omniauth_hash = { 'provider' => 'developer', 'uid' => 'new_user@gmail.com',
103
+ 'email' => 'new_user@gmail.com' }
104
+ User.expects(:related_to_omniauth).with(omniauth_hash).returns nil
105
+ User.expects(:create_from_omniauth).with(omniauth_hash).returns user
106
+
107
+ assert_nil Credentials::OmniAuthUid.with(omniauth_hash)
108
+ assert_difference 'Credentials::OmniAuthUid.count' do
109
+ assert_equal user, Credentials::OmniAuthUid.authenticate(omniauth_hash)
110
+ end
111
+ assert_not_nil Credentials::OmniAuthUid.with(omniauth_hash)
112
+ assert_equal user, Credentials::OmniAuthUid.with(omniauth_hash).user
113
+ end
114
+
115
+ test 'authenticate fails if User#create_from_omniauth returns nil' do
116
+ omniauth_hash = { 'provider' => 'developer', 'uid' => 'new_user@gmail.com',
117
+ 'email' => 'new_user@gmail.com' }
118
+ User.expects(:related_to_omniauth).with(omniauth_hash).returns nil
119
+ User.expects(:create_from_omniauth).with(omniauth_hash).returns nil
120
+
121
+ assert_nil Credentials::OmniAuthUid.with(omniauth_hash)
122
+ assert_no_difference 'Credentials::OmniAuthUid.count' do
123
+ assert_equal :invalid,
124
+ Credentials::OmniAuthUid.authenticate(omniauth_hash)
125
+ end
126
+ end
127
+
128
+ test 'authenticate calls User#auth_bounce_reason' do
129
+ with_blocked_credential credentials(:jane_omniauth_developer), :reason do
130
+ assert_equal :reason, Credentials::OmniAuthUid.authenticate(
131
+ 'provider' => 'developer', 'uid' => 'jane@gmail.com')
132
+
133
+ john_omniauth = credentials(:john_omniauth_developer)
134
+ john_omniauth.blocked = false
135
+ john_omniauth.save!
136
+ assert_equal users(:john), Credentials::OmniAuthUid.authenticate(
137
+ 'provider' => 'developer', 'uid' => 'john@gmail.com')
138
+ end
139
+ end
140
+ end
141
+
@@ -1,8 +1,2 @@
1
- if defined?(ActionController::Parameters) &&
2
- ActionController::Parameters.respond_to?(
3
- :action_on_unpermitted_parameters=)
4
- # Rails 4.
5
-
6
- # Raise exceptions so we can test against them.
7
- ActionController::Parameters.action_on_unpermitted_parameters = :raise
8
- end
1
+ # Raise exceptions so we can test require / permit on params.
2
+ ActionController::Parameters.action_on_unpermitted_parameters = :raise
@@ -1,3 +1,5 @@
1
+ ar_config = { adapter: 'sqlite3', database: ':memory:'}
2
+
1
3
  case ENV['DB']
2
4
  when /mysql/i
3
5
  create_sql = 'CREATE DATABASE plugin_dev DEFAULT CHARACTER SET utf8;'
@@ -6,28 +8,18 @@ when /mysql/i
6
8
  end
7
9
 
8
10
  `mysql -u root -e "DROP DATABASE IF EXISTS plugin_dev; #{create_sql}"`
9
- ActiveRecord::Base.establish_connection adapter: 'mysql2',
10
- database: 'plugin_dev', username: 'root', password: ''
11
+ ar_config = { adapter: 'mysql2', database: 'plugin_dev',
12
+ username: 'root', password: '' }
11
13
  when /pg/i
12
14
  pg_user = ENV['DB_USER'] || ENV['USER']
13
15
  `psql -U #{pg_user} -d postgres -c "DROP DATABASE IF EXISTS plugin_dev;"`
14
16
  `psql -U #{pg_user} -d postgres -c "CREATE DATABASE plugin_dev;"`
15
- ActiveRecord::Base.establish_connection adapter: 'postgresql',
16
- database: 'plugin_dev', username: pg_user, password: ''
17
- else
18
- ActiveRecord::Base.establish_connection adapter: 'sqlite3',
19
- database: ':memory:'
17
+ ar_config = { adapter: 'postgresql', database: 'plugin_dev',
18
+ username: pg_user, password: '' }
20
19
  end
21
20
 
22
- class ActiveRecord::Base
23
- self.configurations = true
24
- if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
25
- self.mass_assignment_sanitizer = :strict
26
-
27
- # Hacky equivalent to config.active_record.whitelist_attributes = true
28
- attr_accessible
29
- end
30
- end
21
+ ActiveRecord::Base.configurations = { 'test' => ar_config }
22
+ ActiveRecord::Base.establish_connection :test
31
23
 
32
24
  ActiveRecord::Migration.verbose = false
33
25
  require 'authpwn_rails/generators/templates/001_create_users.rb'
@@ -1,35 +1,40 @@
1
- # :nodoc: the routes used in all tests
2
- class ActionController::TestCase
3
- def setup_routes
4
- if defined? ActionDispatch::Routing
5
- # Rails 4.
6
- @routes = ActionDispatch::Routing::RouteSet.new
7
- else
8
- # Rails 3.
9
- @routes = ActionController::Routing::RouteSet.new
10
- end
11
- @routes.draw do
12
- resource :cookie, controller: 'cookie' do
13
- collection do
14
- get :bouncer
15
- put :update
16
- end
17
- end
18
- resource :http_basic, controller: 'http_basic' do
19
- collection { get :bouncer }
1
+ def setup_authpwn_routes
2
+ # The routes used in all the tests.
3
+ routes = ActionDispatch::Routing::RouteSet.new
4
+ routes.draw do
5
+ resource :cookie, controller: 'cookie' do
6
+ collection do
7
+ get :bouncer
8
+ put :update
20
9
  end
21
- resource :facebook, controller: 'facebook'
22
- authpwn_session controller: 'bare_session', method_names: 'bare_session'
23
- authpwn_session controller: 'bare_session2',
24
- method_names: 'bare_session2'
25
- root to: 'session#index'
26
-
27
- # NOTE: this route should be kept in sync with the session template.
28
- authpwn_session
29
10
  end
30
- ApplicationController.send :include, @routes.url_helpers
31
- ActionMailer::Base.send :include, @routes.url_helpers
11
+ resource :http_basic, controller: 'http_basic' do
12
+ collection { get :bouncer }
13
+ end
14
+
15
+ authpwn_session controller: 'bare_session', method_names: 'bare_session',
16
+ omniauth_path_prefix: '/bare_auth'
17
+ authpwn_session controller: 'bare_session2',
18
+ method_names: 'bare_session2',
19
+ omniauth_path_prefix: '/bare_auth2'
20
+ root to: 'session#index'
21
+
22
+ # NOTE: this route should be kept in sync with the session template.
23
+ authpwn_session
32
24
  end
33
25
 
34
- setup :setup_routes
26
+ # NOTE: this must happen before any ActionController or ActionMailer tests
27
+ # run
28
+ ApplicationController.send :include, routes.url_helpers
29
+ ActionMailer::Base.send :include, routes.url_helpers
30
+
31
+ # NOTE: ActionController tests expect @routes to be set to the drawn routes.
32
+ # We use the block form of define_method to capture the routes local
33
+ # variable.
34
+ ActionController::TestCase.send :define_method, :setup_authpwn_routes do
35
+ @routes = routes
36
+ end
37
+ ActionController::TestCase.setup :setup_authpwn_routes
35
38
  end
39
+
40
+ setup_authpwn_routes
@@ -0,0 +1,3 @@
1
+ if ActiveSupport.respond_to? :test_order
2
+ ActiveSupport.test_order = :sorted
3
+ end
@@ -42,11 +42,7 @@ class HttpBasicControllerTest < ActionController::TestCase
42
42
  get :show
43
43
  assert_equal @user, assigns(:current_user)
44
44
 
45
- jane_id = if defined? ActiveRecord::FixtureSet
46
- ActiveRecord::FixtureSet.identify :jane
47
- else
48
- ActiveRecord::Fixtures.identify :jane
49
- end
45
+ jane_id = ActiveRecord::FixtureSet.identify :jane
50
46
  assert_equal "User: #{jane_id}", response.body
51
47
  end
52
48
 
@@ -58,21 +54,18 @@ class HttpBasicControllerTest < ActionController::TestCase
58
54
  end
59
55
 
60
56
  test "uses User.authenticate_signin" do
61
- User.expects(:authenticate_signin).at_least_once.
62
- with('jane@gmail.com', 'fail').returns @user
57
+ signin = Session.new email: 'jane@gmail.com', password: 'fail'
58
+ Session.expects(:new).at_least_once.with(
59
+ email: 'jane@gmail.com', password: 'fail').returns signin
60
+ User.expects(:authenticate_signin).at_least_once.with(signin).returns @user
63
61
  set_http_basic_user @user, 'fail'
64
62
  get :show
65
63
  assert_equal @user, assigns(:current_user)
66
64
 
67
- jane_id = if defined? ActiveRecord::FixtureSet
68
- ActiveRecord::FixtureSet.identify :jane
69
- else
70
- ActiveRecord::Fixtures.identify :jane
71
- end
65
+ jane_id = ActiveRecord::FixtureSet.identify :jane
72
66
  assert_equal "User: #{jane_id}", response.body
73
67
  end
74
68
 
75
-
76
69
  test "reset user credentials in header" do
77
70
  set_http_basic_user @user, 'pa55w0rd'
78
71
  set_http_basic_user nil
@@ -86,11 +79,7 @@ class HttpBasicControllerTest < ActionController::TestCase
86
79
  get :show
87
80
  assert_equal @user, assigns(:current_user)
88
81
 
89
- jane_id = if defined? ActiveRecord::FixtureSet
90
- ActiveRecord::FixtureSet.identify :jane
91
- else
92
- ActiveRecord::Fixtures.identify :jane
93
- end
82
+ jane_id = ActiveRecord::FixtureSet.identify :jane
94
83
  assert_equal "User: #{jane_id}", response.body
95
84
  end
96
85