authpwn_rails 0.16.2 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -6
- data/Gemfile +7 -8
- data/Gemfile.lock +97 -113
- data/Gemfile.rails4 +8 -9
- data/{Gemfile.rails3 → Gemfile.rails41} +6 -7
- data/Gemfile.rails42 +17 -0
- data/README.rdoc +1 -2
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/app/models/credentials/email.rb +15 -37
- data/app/models/credentials/omni_auth_uid.rb +96 -0
- data/app/models/credentials/password.rb +0 -5
- data/app/models/tokens/base.rb +11 -38
- data/authpwn_rails.gemspec +35 -33
- data/lib/authpwn_rails/credential_model.rb +1 -5
- data/lib/authpwn_rails/generators/all_generator.rb +3 -1
- data/lib/authpwn_rails/generators/templates/001_create_users.rb +3 -3
- data/lib/authpwn_rails/generators/templates/003_create_credentials.rb +7 -7
- data/lib/authpwn_rails/generators/templates/credentials.yml +13 -13
- data/lib/authpwn_rails/generators/templates/omniauth_initializer.rb +13 -0
- data/lib/authpwn_rails/generators/templates/session_controller_test.rb +22 -0
- data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.html.erb +3 -3
- data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.text.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.html.erb +3 -3
- data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.text.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_mailer.rb +1 -1
- data/lib/authpwn_rails/generators/templates/session_mailer_test.rb +14 -4
- data/lib/authpwn_rails/generators/templates/user.rb +40 -5
- data/lib/authpwn_rails/http_basic.rb +6 -5
- data/lib/authpwn_rails/routes.rb +20 -7
- data/lib/authpwn_rails/session.rb +1 -1
- data/lib/authpwn_rails/session_controller.rb +48 -12
- data/lib/authpwn_rails/session_mailer.rb +13 -14
- data/lib/authpwn_rails/session_model.rb +4 -24
- data/lib/authpwn_rails/user_extensions/email_field.rb +5 -21
- data/lib/authpwn_rails/user_extensions/password_field.rb +0 -4
- data/lib/authpwn_rails/user_model.rb +46 -12
- data/lib/authpwn_rails.rb +0 -2
- data/test/cookie_controller_test.rb +1 -7
- data/test/credentials/omni_auth_uid_credential_test.rb +141 -0
- data/test/helpers/action_controller.rb +2 -8
- data/test/helpers/db_setup.rb +8 -16
- data/test/helpers/routes.rb +35 -30
- data/test/helpers/test_order.rb +3 -0
- data/test/http_basic_controller_test.rb +7 -18
- data/test/routes_test.rb +19 -10
- data/test/session_controller_api_test.rb +181 -30
- data/test/session_controller_test.rb +6 -0
- data/test/session_mailer_api_test.rb +18 -13
- data/test/session_mailer_test.rb +6 -0
- data/test/test_helper.rb +3 -3
- data/test/user_test.rb +54 -7
- metadata +65 -64
- data/app/models/credentials/facebook.rb +0 -63
- data/lib/authpwn_rails/facebook_session.rb +0 -33
- data/lib/authpwn_rails/user_extensions/facebook_fields.rb +0 -63
- data/test/credentials/facebook_credential_test.rb +0 -64
- data/test/facebook_controller_test.rb +0 -65
- data/test/user_extensions/facebook_fields_test.rb +0 -61
@@ -59,7 +59,7 @@ module SessionController
|
|
59
59
|
|
60
60
|
@redirect_url = params[:redirect_url] || session_url
|
61
61
|
@session = Session.from_params params
|
62
|
-
auth = User.authenticate_signin @session
|
62
|
+
auth = User.authenticate_signin @session
|
63
63
|
unless auth.kind_of? Symbol
|
64
64
|
set_session_current_user auth
|
65
65
|
Tokens::SessionUid.remove_expired if auto_purge_sessions
|
@@ -97,7 +97,13 @@ module SessionController
|
|
97
97
|
|
98
98
|
if user = (credential && credential.user)
|
99
99
|
token = Tokens::PasswordReset.random_for user
|
100
|
-
::SessionMailer.reset_password_email(email, token, root_url)
|
100
|
+
email = ::SessionMailer.reset_password_email(email, token, root_url)
|
101
|
+
if email.respond_to? :deliver_now
|
102
|
+
# TODO(pwnall): fix the serialization errors blocking deliver_later
|
103
|
+
email.deliver_now
|
104
|
+
else
|
105
|
+
email.deliver
|
106
|
+
end
|
101
107
|
end
|
102
108
|
|
103
109
|
respond_to do |format|
|
@@ -218,18 +224,48 @@ module SessionController
|
|
218
224
|
end
|
219
225
|
end
|
220
226
|
|
221
|
-
|
222
|
-
|
227
|
+
# Parameters used to change the user's password.
|
228
|
+
def change_password_params
|
229
|
+
params.require(:credential).permit :old_password, :password,
|
230
|
+
:password_confirmation
|
231
|
+
end
|
232
|
+
private :change_password_params
|
233
|
+
|
234
|
+
# GET /auth/twitter/callback
|
235
|
+
# POST /auth/twitter/callback
|
236
|
+
def omniauth
|
237
|
+
@redirect_url = params[:redirect_url] || session_url
|
238
|
+
omni_auth = request.env['omniauth.auth']
|
239
|
+
auth = Credentials::OmniAuthUid.authenticate omni_auth
|
240
|
+
unless auth.kind_of? Symbol
|
241
|
+
set_session_current_user auth
|
242
|
+
Tokens::SessionUid.remove_expired if auto_purge_sessions
|
243
|
+
end
|
223
244
|
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
245
|
+
respond_to do |format|
|
246
|
+
if current_user
|
247
|
+
format.html { redirect_to @redirect_url }
|
248
|
+
else
|
249
|
+
error_text = bounce_notice_text auth
|
250
|
+
format.html do
|
251
|
+
if params[:redirect_url]
|
252
|
+
redirect_to new_session_url, flash: { alert: error_text,
|
253
|
+
auth_redirect_url: @redirect_url }
|
254
|
+
else
|
255
|
+
redirect_to new_session_url, alert: error_text
|
256
|
+
end
|
257
|
+
end
|
258
|
+
end
|
228
259
|
end
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
260
|
+
end
|
261
|
+
|
262
|
+
# GET /auth/failure
|
263
|
+
def omniauth_failure
|
264
|
+
respond_to do |format|
|
265
|
+
format.html do
|
266
|
+
redirect_to new_session_url,
|
267
|
+
alert: 'Authentication failed. Please try again.'
|
268
|
+
end
|
233
269
|
end
|
234
270
|
end
|
235
271
|
|
@@ -7,15 +7,14 @@ module Authpwn
|
|
7
7
|
module SessionMailer
|
8
8
|
# Creates an e-mail containing a verification token for the e-mail address.
|
9
9
|
#
|
10
|
-
#
|
11
|
-
#
|
12
|
-
# root_url:: the application's root URL (e.g. "https://localhost:3000/")
|
10
|
+
# @param [String] token the e-mail confirmation token
|
11
|
+
# @param [String] the application's root URL (e.g. "https://localhost:3000/")
|
13
12
|
def email_verification_email(token, root_url)
|
14
13
|
@token = token
|
15
14
|
@protocol, @host = *root_url.split('://', 2)
|
16
|
-
@host.slice!
|
15
|
+
@host.slice!(-1) if @host[-1] == ?/
|
17
16
|
hostname = @host.split(':', 2).first # Strip out any port.
|
18
|
-
|
17
|
+
|
19
18
|
mail to: @token.email,
|
20
19
|
subject: email_verification_subject(token, hostname, @protocol),
|
21
20
|
from: email_verification_from(token, hostname, @protocol)
|
@@ -27,38 +26,38 @@ module SessionMailer
|
|
27
26
|
def email_verification_subject(token, server_hostname, protocol)
|
28
27
|
"#{server_hostname} e-mail verification"
|
29
28
|
end
|
30
|
-
|
29
|
+
|
31
30
|
# The sender e-mail address for an e-mail verification e-mail.
|
32
31
|
#
|
33
32
|
# The authpwn generator encourages applications to override this method.
|
34
33
|
def email_verification_from(token, server_hostname, protocol)
|
35
34
|
%Q|"#{server_hostname} staff" <admin@#{server_hostname}>|
|
36
|
-
end
|
35
|
+
end
|
37
36
|
|
38
37
|
# Creates an e-mail containing a password reset token.
|
39
38
|
#
|
40
|
-
#
|
41
|
-
#
|
42
|
-
#
|
43
|
-
#
|
39
|
+
# @param [String] email the email to send the token to
|
40
|
+
# @param [String] token the password reset token
|
41
|
+
# @param [String] root_url the application's root URL
|
42
|
+
# (e.g. "https://localhost:3000/")
|
44
43
|
def reset_password_email(email, token, root_url)
|
45
44
|
@email, @token, @host, @protocol = email, token
|
46
45
|
@token = token
|
47
46
|
@protocol, @host = *root_url.split('://', 2)
|
48
|
-
@host.slice!
|
47
|
+
@host.slice!(-1) if @host[-1] == ?/
|
49
48
|
|
50
49
|
hostname = @host.split(':', 2).first # Strip out any port.
|
51
50
|
mail to: email, from: reset_password_from(token, hostname, @protocol),
|
52
51
|
subject: reset_password_subject(token, hostname, @protocol)
|
53
52
|
end
|
54
|
-
|
53
|
+
|
55
54
|
# The subject line in a password reset e-mail.
|
56
55
|
#
|
57
56
|
# The authpwn generator encourages applications to override this method.
|
58
57
|
def reset_password_subject(token, server_hostname, protocol)
|
59
58
|
"#{server_hostname} password reset"
|
60
59
|
end
|
61
|
-
|
60
|
+
|
62
61
|
# The sender e-mail address for a password reset e-mail.
|
63
62
|
#
|
64
63
|
# The authpwn generator encourages applications to override this method.
|
@@ -4,39 +4,19 @@ require 'active_model'
|
|
4
4
|
# :nodoc: namespace
|
5
5
|
module Authpwn
|
6
6
|
|
7
|
-
# Included by the model class that collects
|
7
|
+
# Included by the model class that collects signin information.
|
8
8
|
#
|
9
9
|
# Parts of the codebase assume the model will be named Session.
|
10
10
|
module SessionModel
|
11
11
|
extend ActiveSupport::Concern
|
12
12
|
|
13
13
|
included do
|
14
|
-
|
15
|
-
# Rails 4.
|
16
|
-
include ActiveModel::Model
|
17
|
-
else
|
18
|
-
# Rails 3.
|
19
|
-
include ActiveModel::Conversion
|
20
|
-
extend ActiveModel::Naming
|
21
|
-
extend ActiveModel::Translation
|
22
|
-
include ActiveModel::Validations
|
23
|
-
|
24
|
-
def initialize(params={})
|
25
|
-
params.each do |attr, value|
|
26
|
-
self.public_send("#{attr}=", value)
|
27
|
-
end if params
|
28
|
-
|
29
|
-
super()
|
30
|
-
end
|
31
|
-
def persisted?
|
32
|
-
false
|
33
|
-
end
|
34
|
-
end
|
14
|
+
include ActiveModel::Model
|
35
15
|
|
36
|
-
# The e-mail used to sign
|
16
|
+
# The e-mail used to sign in.
|
37
17
|
attr_accessor :email
|
38
18
|
|
39
|
-
# The password used to sign
|
19
|
+
# The password used to sign in.
|
40
20
|
attr_accessor :password
|
41
21
|
end
|
42
22
|
|
@@ -24,30 +24,14 @@ module EmailField
|
|
24
24
|
record.errors.add attr, :blank
|
25
25
|
end
|
26
26
|
end
|
27
|
-
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
28
|
-
attr_accessible :email
|
29
|
-
end
|
30
27
|
end
|
31
28
|
|
32
29
|
module ClassMethods
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
def with_email(email)
|
39
|
-
credential = Credentials::Email.where(name: email).
|
40
|
-
includes(:user).references(:user).first
|
41
|
-
credential && credential.user
|
42
|
-
end
|
43
|
-
rescue NameError
|
44
|
-
# Rails 3.
|
45
|
-
|
46
|
-
def with_email(email)
|
47
|
-
credential = Credentials::Email.where(name: email).includes(:user).
|
48
|
-
first
|
49
|
-
credential && credential.user
|
50
|
-
end
|
30
|
+
# The user who has a certain e-mail, or nil if the e-mail is unclaimed.
|
31
|
+
def with_email(email)
|
32
|
+
credential = Credentials::Email.where(name: email).includes(:user).
|
33
|
+
references(:user).first
|
34
|
+
credential && credential.user
|
51
35
|
end
|
52
36
|
end
|
53
37
|
|
@@ -14,10 +14,6 @@ module PasswordField
|
|
14
14
|
included do
|
15
15
|
validates :password, presence: { on: :create },
|
16
16
|
confirmation: { allow_nil: true }
|
17
|
-
|
18
|
-
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
19
|
-
attr_accessible :password, :password_confirmation
|
20
|
-
end
|
21
17
|
end
|
22
18
|
|
23
19
|
module ClassMethods
|
@@ -26,11 +26,6 @@ module UserModel
|
|
26
26
|
|
27
27
|
# Automatically assign exuid.
|
28
28
|
before_validation :set_default_exuid, on: :create
|
29
|
-
|
30
|
-
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
31
|
-
# Forms should not be able to touch any attribute.
|
32
|
-
attr_accessible :credentials_attributes
|
33
|
-
end
|
34
29
|
end
|
35
30
|
|
36
31
|
# Class methods on models that include Authpwn::UserModel.
|
@@ -53,16 +48,55 @@ module UserModel
|
|
53
48
|
|
54
49
|
# Authenticates a user given the information on a signup form.
|
55
50
|
#
|
56
|
-
# The method's parameter names are an acknowledgement to the email and
|
57
|
-
# password fields on automatically-generated forms.
|
58
|
-
#
|
59
51
|
# The easiest method of accepting other login information is to override
|
60
52
|
# this method, locate the user's email, and supply it in a call to super.
|
61
53
|
#
|
62
|
-
#
|
63
|
-
#
|
64
|
-
|
65
|
-
|
54
|
+
# @param [Session] signin the information entered in the sign-in form
|
55
|
+
# @return [User, Symbol] the authenticated user, or a symbol indicating the
|
56
|
+
# reason why the authentication failed
|
57
|
+
def authenticate_signin(signin)
|
58
|
+
Credentials::Password.authenticate_email signin.email, signin.password
|
59
|
+
end
|
60
|
+
|
61
|
+
# Looks up the User tat may be related to an OmniAuth sign-in.
|
62
|
+
#
|
63
|
+
# This method is called when there is no Credential matching the OmniAuth
|
64
|
+
# information, but before {User#create_from_omniauth}. It is an opportunity
|
65
|
+
# to identify an existing user who uses a new sign-in method.
|
66
|
+
#
|
67
|
+
# The default implementation finds an user whose e-mail matches the 'email'
|
68
|
+
# value in the OmniAuth hash.
|
69
|
+
#
|
70
|
+
# @param [Hash] omniauth_hash the hash provided by OmniAuth
|
71
|
+
# @return [User] the user who should be signed in, or nil if no such user
|
72
|
+
# exists
|
73
|
+
def related_to_omniauth(omniauth_hash)
|
74
|
+
info_hash = omniauth_hash['info']
|
75
|
+
return nil unless email = info_hash && info_hash['email']
|
76
|
+
credential = Credentials::Email.with email
|
77
|
+
credential and credential.user
|
78
|
+
end
|
79
|
+
|
80
|
+
# Change this to customize on-demand user creation on OmniAuth signup.
|
81
|
+
#
|
82
|
+
# This method is called when there is no existing user matching the
|
83
|
+
# OmniAuth information, and is responsible for creating a user. It is an
|
84
|
+
# opportunity to collect the OmniAuth information to populate the user's
|
85
|
+
# account.
|
86
|
+
#
|
87
|
+
# The default implementation creates a user with the e-mail matching the
|
88
|
+
# 'email' key in the OmniAuth hash. If no e-mail key is present, no User is
|
89
|
+
# created.
|
90
|
+
#
|
91
|
+
# @param [Hash] omniauth_hash the hash provided by OmniAuth
|
92
|
+
# @return [User] a saved User, or nil if the OmniAuth sign-in information
|
93
|
+
# should not be used to create a user
|
94
|
+
def create_from_omniauth(omniauth_hash)
|
95
|
+
info_hash = omniauth_hash['info']
|
96
|
+
return nil unless email = info_hash && info_hash['email']
|
97
|
+
user = User.create!
|
98
|
+
Credentials::Email.create! user: user, email: email, verified: true
|
99
|
+
user
|
66
100
|
end
|
67
101
|
end # module Authpwn::UserModel::ClassMethods
|
68
102
|
|
data/lib/authpwn_rails.rb
CHANGED
@@ -15,12 +15,10 @@ module Authpwn
|
|
15
15
|
# Contains extensions to the User model.
|
16
16
|
module UserExtensions
|
17
17
|
autoload :EmailField, 'authpwn_rails/user_extensions/email_field.rb'
|
18
|
-
autoload :FacebookFields, 'authpwn_rails/user_extensions/facebook_fields.rb'
|
19
18
|
autoload :PasswordField, 'authpwn_rails/user_extensions/password_field.rb'
|
20
19
|
end
|
21
20
|
end
|
22
21
|
|
23
|
-
require 'authpwn_rails/facebook_session.rb'
|
24
22
|
require 'authpwn_rails/http_basic.rb'
|
25
23
|
require 'authpwn_rails/routes.rb'
|
26
24
|
require 'authpwn_rails/session.rb'
|
@@ -44,13 +44,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
44
44
|
get :show
|
45
45
|
assert_response :success
|
46
46
|
assert_equal @user, assigns(:current_user)
|
47
|
-
john_id =
|
48
|
-
# Rails 4
|
49
|
-
ActiveRecord::FixtureSet.identify :john
|
50
|
-
else
|
51
|
-
# Rails 3
|
52
|
-
ActiveRecord::Fixtures.identify :john
|
53
|
-
end
|
47
|
+
john_id = ActiveRecord::FixtureSet.identify :john
|
54
48
|
assert_equal "User: #{john_id}", response.body
|
55
49
|
end
|
56
50
|
|
@@ -0,0 +1,141 @@
|
|
1
|
+
require File.expand_path('../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
class OmniAuthUidCredentialTest < ActiveSupport::TestCase
|
4
|
+
def setup
|
5
|
+
@credential = Credentials::OmniAuthUid.new
|
6
|
+
@credential.provider = 'developer'
|
7
|
+
@credential.uid = 'dvdjohn@mit.edu'
|
8
|
+
@credential.user = users(:bill)
|
9
|
+
end
|
10
|
+
|
11
|
+
test 'setup' do
|
12
|
+
assert @credential.valid?
|
13
|
+
end
|
14
|
+
|
15
|
+
test 'provider required' do
|
16
|
+
@credential.provider = ''
|
17
|
+
assert !@credential.valid?
|
18
|
+
end
|
19
|
+
|
20
|
+
test 'uid required' do
|
21
|
+
@credential.uid = ''
|
22
|
+
assert !@credential.valid?
|
23
|
+
end
|
24
|
+
|
25
|
+
test 'blocked set to true' do
|
26
|
+
@credential.blocked = true
|
27
|
+
assert_equal '0', @credential.key, 'key'
|
28
|
+
assert_equal true, @credential.blocked?, 'blocked?'
|
29
|
+
end
|
30
|
+
|
31
|
+
test 'blocked set to false' do
|
32
|
+
@credential.blocked = false
|
33
|
+
assert_equal '1', @credential.key, 'key'
|
34
|
+
assert_equal false, @credential.blocked?, 'blocked?'
|
35
|
+
end
|
36
|
+
|
37
|
+
test 'user required' do
|
38
|
+
@credential.user = nil
|
39
|
+
assert !@credential.valid?
|
40
|
+
end
|
41
|
+
|
42
|
+
test 'uid length' do
|
43
|
+
@credential.uid = 'abcde' * 25 + '@mit.edu'
|
44
|
+
assert !@credential.valid?, 'Overly long uid'
|
45
|
+
assert @credential.errors[:name].any? { |m| /too long/i =~ m },
|
46
|
+
'Validation errors include length error'
|
47
|
+
end
|
48
|
+
|
49
|
+
test 'provider+uid uniqueness' do
|
50
|
+
@credential.uid = credentials(:john_omniauth_developer).uid
|
51
|
+
assert !@credential.valid?
|
52
|
+
assert @credential.errors[:name].any? { |m| m == 'has already been taken' }
|
53
|
+
end
|
54
|
+
|
55
|
+
test 'name_from_omniauth' do
|
56
|
+
assert_equal 'developer,dvdjohn@mit.edu',
|
57
|
+
Credentials::OmniAuthUid.name_from_omniauth('provider' => 'developer',
|
58
|
+
'uid' => 'dvdjohn@mit.edu')
|
59
|
+
assert_equal 'twitter,dvdjohn',
|
60
|
+
Credentials::OmniAuthUid.name_from_omniauth('provider' => 'twitter',
|
61
|
+
'uid' => 'dvdjohn')
|
62
|
+
assert_equal ',dvdjohn',
|
63
|
+
Credentials::OmniAuthUid.name_from_omniauth('uid' => 'dvdjohn')
|
64
|
+
assert_equal 'twitter,',
|
65
|
+
Credentials::OmniAuthUid.name_from_omniauth('provider' => 'twitter')
|
66
|
+
end
|
67
|
+
|
68
|
+
test 'authenticate with existing credential' do
|
69
|
+
assert_equal users(:jane), Credentials::OmniAuthUid.authenticate(
|
70
|
+
'provider' => 'developer', 'uid' => 'jane@gmail.com')
|
71
|
+
end
|
72
|
+
|
73
|
+
test 'authenticate with blocked existing credential' do
|
74
|
+
omniauth_hash = { 'provider' => 'developer', 'uid' => 'john@gmail.com' }
|
75
|
+
assert_equal :blocked, Credentials::OmniAuthUid.authenticate(omniauth_hash)
|
76
|
+
|
77
|
+
john_omniauth_developer = credentials(:john_omniauth_developer)
|
78
|
+
john_omniauth_developer.blocked = false
|
79
|
+
john_omniauth_developer.save!
|
80
|
+
assert_equal users(:john),
|
81
|
+
Credentials::OmniAuthUid.authenticate(omniauth_hash)
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'authenticate calls User#related_to_omniauth' do
|
85
|
+
jane = users(:jane)
|
86
|
+
credentials(:jane_omniauth_developer).destroy
|
87
|
+
|
88
|
+
omniauth_hash = { 'provider' => 'developer', 'uid' => 'jane@gmail.com' }
|
89
|
+
User.expects(:related_to_omniauth).with(omniauth_hash).returns jane
|
90
|
+
User.expects(:create_from_omniauth).never
|
91
|
+
|
92
|
+
assert_nil Credentials::OmniAuthUid.with(omniauth_hash)
|
93
|
+
assert_difference 'Credentials::OmniAuthUid.count' do
|
94
|
+
assert_equal jane, Credentials::OmniAuthUid.authenticate(omniauth_hash)
|
95
|
+
end
|
96
|
+
assert_not_nil Credentials::OmniAuthUid.with(omniauth_hash)
|
97
|
+
assert_equal jane, Credentials::OmniAuthUid.with(omniauth_hash).user
|
98
|
+
end
|
99
|
+
|
100
|
+
test 'authenticate calls User#create_from_omniauth' do
|
101
|
+
user = User.create!
|
102
|
+
omniauth_hash = { 'provider' => 'developer', 'uid' => 'new_user@gmail.com',
|
103
|
+
'email' => 'new_user@gmail.com' }
|
104
|
+
User.expects(:related_to_omniauth).with(omniauth_hash).returns nil
|
105
|
+
User.expects(:create_from_omniauth).with(omniauth_hash).returns user
|
106
|
+
|
107
|
+
assert_nil Credentials::OmniAuthUid.with(omniauth_hash)
|
108
|
+
assert_difference 'Credentials::OmniAuthUid.count' do
|
109
|
+
assert_equal user, Credentials::OmniAuthUid.authenticate(omniauth_hash)
|
110
|
+
end
|
111
|
+
assert_not_nil Credentials::OmniAuthUid.with(omniauth_hash)
|
112
|
+
assert_equal user, Credentials::OmniAuthUid.with(omniauth_hash).user
|
113
|
+
end
|
114
|
+
|
115
|
+
test 'authenticate fails if User#create_from_omniauth returns nil' do
|
116
|
+
omniauth_hash = { 'provider' => 'developer', 'uid' => 'new_user@gmail.com',
|
117
|
+
'email' => 'new_user@gmail.com' }
|
118
|
+
User.expects(:related_to_omniauth).with(omniauth_hash).returns nil
|
119
|
+
User.expects(:create_from_omniauth).with(omniauth_hash).returns nil
|
120
|
+
|
121
|
+
assert_nil Credentials::OmniAuthUid.with(omniauth_hash)
|
122
|
+
assert_no_difference 'Credentials::OmniAuthUid.count' do
|
123
|
+
assert_equal :invalid,
|
124
|
+
Credentials::OmniAuthUid.authenticate(omniauth_hash)
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
test 'authenticate calls User#auth_bounce_reason' do
|
129
|
+
with_blocked_credential credentials(:jane_omniauth_developer), :reason do
|
130
|
+
assert_equal :reason, Credentials::OmniAuthUid.authenticate(
|
131
|
+
'provider' => 'developer', 'uid' => 'jane@gmail.com')
|
132
|
+
|
133
|
+
john_omniauth = credentials(:john_omniauth_developer)
|
134
|
+
john_omniauth.blocked = false
|
135
|
+
john_omniauth.save!
|
136
|
+
assert_equal users(:john), Credentials::OmniAuthUid.authenticate(
|
137
|
+
'provider' => 'developer', 'uid' => 'john@gmail.com')
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
@@ -1,8 +1,2 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
:action_on_unpermitted_parameters=)
|
4
|
-
# Rails 4.
|
5
|
-
|
6
|
-
# Raise exceptions so we can test against them.
|
7
|
-
ActionController::Parameters.action_on_unpermitted_parameters = :raise
|
8
|
-
end
|
1
|
+
# Raise exceptions so we can test require / permit on params.
|
2
|
+
ActionController::Parameters.action_on_unpermitted_parameters = :raise
|
data/test/helpers/db_setup.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
ar_config = { adapter: 'sqlite3', database: ':memory:'}
|
2
|
+
|
1
3
|
case ENV['DB']
|
2
4
|
when /mysql/i
|
3
5
|
create_sql = 'CREATE DATABASE plugin_dev DEFAULT CHARACTER SET utf8;'
|
@@ -6,28 +8,18 @@ when /mysql/i
|
|
6
8
|
end
|
7
9
|
|
8
10
|
`mysql -u root -e "DROP DATABASE IF EXISTS plugin_dev; #{create_sql}"`
|
9
|
-
|
10
|
-
|
11
|
+
ar_config = { adapter: 'mysql2', database: 'plugin_dev',
|
12
|
+
username: 'root', password: '' }
|
11
13
|
when /pg/i
|
12
14
|
pg_user = ENV['DB_USER'] || ENV['USER']
|
13
15
|
`psql -U #{pg_user} -d postgres -c "DROP DATABASE IF EXISTS plugin_dev;"`
|
14
16
|
`psql -U #{pg_user} -d postgres -c "CREATE DATABASE plugin_dev;"`
|
15
|
-
|
16
|
-
|
17
|
-
else
|
18
|
-
ActiveRecord::Base.establish_connection adapter: 'sqlite3',
|
19
|
-
database: ':memory:'
|
17
|
+
ar_config = { adapter: 'postgresql', database: 'plugin_dev',
|
18
|
+
username: pg_user, password: '' }
|
20
19
|
end
|
21
20
|
|
22
|
-
|
23
|
-
|
24
|
-
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
25
|
-
self.mass_assignment_sanitizer = :strict
|
26
|
-
|
27
|
-
# Hacky equivalent to config.active_record.whitelist_attributes = true
|
28
|
-
attr_accessible
|
29
|
-
end
|
30
|
-
end
|
21
|
+
ActiveRecord::Base.configurations = { 'test' => ar_config }
|
22
|
+
ActiveRecord::Base.establish_connection :test
|
31
23
|
|
32
24
|
ActiveRecord::Migration.verbose = false
|
33
25
|
require 'authpwn_rails/generators/templates/001_create_users.rb'
|
data/test/helpers/routes.rb
CHANGED
@@ -1,35 +1,40 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
@routes = ActionController::Routing::RouteSet.new
|
10
|
-
end
|
11
|
-
@routes.draw do
|
12
|
-
resource :cookie, controller: 'cookie' do
|
13
|
-
collection do
|
14
|
-
get :bouncer
|
15
|
-
put :update
|
16
|
-
end
|
17
|
-
end
|
18
|
-
resource :http_basic, controller: 'http_basic' do
|
19
|
-
collection { get :bouncer }
|
1
|
+
def setup_authpwn_routes
|
2
|
+
# The routes used in all the tests.
|
3
|
+
routes = ActionDispatch::Routing::RouteSet.new
|
4
|
+
routes.draw do
|
5
|
+
resource :cookie, controller: 'cookie' do
|
6
|
+
collection do
|
7
|
+
get :bouncer
|
8
|
+
put :update
|
20
9
|
end
|
21
|
-
resource :facebook, controller: 'facebook'
|
22
|
-
authpwn_session controller: 'bare_session', method_names: 'bare_session'
|
23
|
-
authpwn_session controller: 'bare_session2',
|
24
|
-
method_names: 'bare_session2'
|
25
|
-
root to: 'session#index'
|
26
|
-
|
27
|
-
# NOTE: this route should be kept in sync with the session template.
|
28
|
-
authpwn_session
|
29
10
|
end
|
30
|
-
|
31
|
-
|
11
|
+
resource :http_basic, controller: 'http_basic' do
|
12
|
+
collection { get :bouncer }
|
13
|
+
end
|
14
|
+
|
15
|
+
authpwn_session controller: 'bare_session', method_names: 'bare_session',
|
16
|
+
omniauth_path_prefix: '/bare_auth'
|
17
|
+
authpwn_session controller: 'bare_session2',
|
18
|
+
method_names: 'bare_session2',
|
19
|
+
omniauth_path_prefix: '/bare_auth2'
|
20
|
+
root to: 'session#index'
|
21
|
+
|
22
|
+
# NOTE: this route should be kept in sync with the session template.
|
23
|
+
authpwn_session
|
32
24
|
end
|
33
25
|
|
34
|
-
|
26
|
+
# NOTE: this must happen before any ActionController or ActionMailer tests
|
27
|
+
# run
|
28
|
+
ApplicationController.send :include, routes.url_helpers
|
29
|
+
ActionMailer::Base.send :include, routes.url_helpers
|
30
|
+
|
31
|
+
# NOTE: ActionController tests expect @routes to be set to the drawn routes.
|
32
|
+
# We use the block form of define_method to capture the routes local
|
33
|
+
# variable.
|
34
|
+
ActionController::TestCase.send :define_method, :setup_authpwn_routes do
|
35
|
+
@routes = routes
|
36
|
+
end
|
37
|
+
ActionController::TestCase.setup :setup_authpwn_routes
|
35
38
|
end
|
39
|
+
|
40
|
+
setup_authpwn_routes
|
@@ -42,11 +42,7 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
42
42
|
get :show
|
43
43
|
assert_equal @user, assigns(:current_user)
|
44
44
|
|
45
|
-
jane_id =
|
46
|
-
ActiveRecord::FixtureSet.identify :jane
|
47
|
-
else
|
48
|
-
ActiveRecord::Fixtures.identify :jane
|
49
|
-
end
|
45
|
+
jane_id = ActiveRecord::FixtureSet.identify :jane
|
50
46
|
assert_equal "User: #{jane_id}", response.body
|
51
47
|
end
|
52
48
|
|
@@ -58,21 +54,18 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
58
54
|
end
|
59
55
|
|
60
56
|
test "uses User.authenticate_signin" do
|
61
|
-
|
62
|
-
|
57
|
+
signin = Session.new email: 'jane@gmail.com', password: 'fail'
|
58
|
+
Session.expects(:new).at_least_once.with(
|
59
|
+
email: 'jane@gmail.com', password: 'fail').returns signin
|
60
|
+
User.expects(:authenticate_signin).at_least_once.with(signin).returns @user
|
63
61
|
set_http_basic_user @user, 'fail'
|
64
62
|
get :show
|
65
63
|
assert_equal @user, assigns(:current_user)
|
66
64
|
|
67
|
-
jane_id =
|
68
|
-
ActiveRecord::FixtureSet.identify :jane
|
69
|
-
else
|
70
|
-
ActiveRecord::Fixtures.identify :jane
|
71
|
-
end
|
65
|
+
jane_id = ActiveRecord::FixtureSet.identify :jane
|
72
66
|
assert_equal "User: #{jane_id}", response.body
|
73
67
|
end
|
74
68
|
|
75
|
-
|
76
69
|
test "reset user credentials in header" do
|
77
70
|
set_http_basic_user @user, 'pa55w0rd'
|
78
71
|
set_http_basic_user nil
|
@@ -86,11 +79,7 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
86
79
|
get :show
|
87
80
|
assert_equal @user, assigns(:current_user)
|
88
81
|
|
89
|
-
jane_id =
|
90
|
-
ActiveRecord::FixtureSet.identify :jane
|
91
|
-
else
|
92
|
-
ActiveRecord::Fixtures.identify :jane
|
93
|
-
end
|
82
|
+
jane_id = ActiveRecord::FixtureSet.identify :jane
|
94
83
|
assert_equal "User: #{jane_id}", response.body
|
95
84
|
end
|
96
85
|
|