authpwn_rails 0.16.2 → 0.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +3 -6
- data/Gemfile +7 -8
- data/Gemfile.lock +97 -113
- data/Gemfile.rails4 +8 -9
- data/{Gemfile.rails3 → Gemfile.rails41} +6 -7
- data/Gemfile.rails42 +17 -0
- data/README.rdoc +1 -2
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/app/models/credentials/email.rb +15 -37
- data/app/models/credentials/omni_auth_uid.rb +96 -0
- data/app/models/credentials/password.rb +0 -5
- data/app/models/tokens/base.rb +11 -38
- data/authpwn_rails.gemspec +35 -33
- data/lib/authpwn_rails/credential_model.rb +1 -5
- data/lib/authpwn_rails/generators/all_generator.rb +3 -1
- data/lib/authpwn_rails/generators/templates/001_create_users.rb +3 -3
- data/lib/authpwn_rails/generators/templates/003_create_credentials.rb +7 -7
- data/lib/authpwn_rails/generators/templates/credentials.yml +13 -13
- data/lib/authpwn_rails/generators/templates/omniauth_initializer.rb +13 -0
- data/lib/authpwn_rails/generators/templates/session_controller_test.rb +22 -0
- data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.html.erb +3 -3
- data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.text.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.html.erb +3 -3
- data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.text.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_mailer.rb +1 -1
- data/lib/authpwn_rails/generators/templates/session_mailer_test.rb +14 -4
- data/lib/authpwn_rails/generators/templates/user.rb +40 -5
- data/lib/authpwn_rails/http_basic.rb +6 -5
- data/lib/authpwn_rails/routes.rb +20 -7
- data/lib/authpwn_rails/session.rb +1 -1
- data/lib/authpwn_rails/session_controller.rb +48 -12
- data/lib/authpwn_rails/session_mailer.rb +13 -14
- data/lib/authpwn_rails/session_model.rb +4 -24
- data/lib/authpwn_rails/user_extensions/email_field.rb +5 -21
- data/lib/authpwn_rails/user_extensions/password_field.rb +0 -4
- data/lib/authpwn_rails/user_model.rb +46 -12
- data/lib/authpwn_rails.rb +0 -2
- data/test/cookie_controller_test.rb +1 -7
- data/test/credentials/omni_auth_uid_credential_test.rb +141 -0
- data/test/helpers/action_controller.rb +2 -8
- data/test/helpers/db_setup.rb +8 -16
- data/test/helpers/routes.rb +35 -30
- data/test/helpers/test_order.rb +3 -0
- data/test/http_basic_controller_test.rb +7 -18
- data/test/routes_test.rb +19 -10
- data/test/session_controller_api_test.rb +181 -30
- data/test/session_controller_test.rb +6 -0
- data/test/session_mailer_api_test.rb +18 -13
- data/test/session_mailer_test.rb +6 -0
- data/test/test_helper.rb +3 -3
- data/test/user_test.rb +54 -7
- metadata +65 -64
- data/app/models/credentials/facebook.rb +0 -63
- data/lib/authpwn_rails/facebook_session.rb +0 -33
- data/lib/authpwn_rails/user_extensions/facebook_fields.rb +0 -63
- data/test/credentials/facebook_credential_test.rb +0 -64
- data/test/facebook_controller_test.rb +0 -65
- data/test/user_extensions/facebook_fields_test.rb +0 -61
data/test/routes_test.rb
CHANGED
|
@@ -6,26 +6,35 @@ require 'authpwn_rails/generators/templates/session_controller.rb'
|
|
|
6
6
|
class RoutesTest < ActionController::TestCase
|
|
7
7
|
tests SessionController
|
|
8
8
|
|
|
9
|
-
test
|
|
10
|
-
assert_routing({path:
|
|
9
|
+
test 'authpwn_session routes' do
|
|
10
|
+
assert_routing({path: '/session', method: :get},
|
|
11
11
|
{controller: 'session', action: 'show'})
|
|
12
|
-
assert_routing({path:
|
|
12
|
+
assert_routing({path: '/session/new', method: :get},
|
|
13
13
|
{controller: 'session', action: 'new'})
|
|
14
|
-
assert_routing({path:
|
|
14
|
+
assert_routing({path: '/session', method: :post},
|
|
15
15
|
{controller: 'session', action: 'create'})
|
|
16
|
-
assert_routing({path:
|
|
16
|
+
assert_routing({path: '/session', method: :delete},
|
|
17
17
|
{controller: 'session', action: 'destroy'})
|
|
18
|
-
assert_routing({path:
|
|
18
|
+
assert_routing({path: '/session', method: :delete},
|
|
19
19
|
{controller: 'session', action: 'destroy'})
|
|
20
|
-
assert_routing({path:
|
|
20
|
+
assert_routing({path: '/session/change_password', method: :get},
|
|
21
21
|
{controller: 'session', action: 'password_change'})
|
|
22
|
-
assert_routing({path:
|
|
22
|
+
assert_routing({path: '/session/change_password', method: :post},
|
|
23
23
|
{controller: 'session', action: 'change_password'})
|
|
24
|
-
assert_routing({path:
|
|
24
|
+
assert_routing({path: '/session/reset_password', method: :post},
|
|
25
25
|
{controller: 'session', action: 'reset_password'})
|
|
26
|
-
|
|
26
|
+
|
|
27
27
|
code = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
|
|
28
28
|
assert_routing({path: "/session/token/#{code}", method: :get},
|
|
29
29
|
{controller: 'session', action: 'token', code: code})
|
|
30
|
+
|
|
31
|
+
assert_routing({path: '/auth/failure', method: :get},
|
|
32
|
+
{controller: 'session', action: 'omniauth_failure'})
|
|
33
|
+
assert_routing({path: '/auth/twitter/callback', method: :get},
|
|
34
|
+
{controller: 'session', action: 'omniauth',
|
|
35
|
+
provider: 'twitter'})
|
|
36
|
+
assert_routing({path: '/auth/twitter/callback', method: :post},
|
|
37
|
+
{controller: 'session', action: 'omniauth',
|
|
38
|
+
provider: 'twitter'})
|
|
30
39
|
end
|
|
31
40
|
end
|
|
@@ -1,10 +1,5 @@
|
|
|
1
1
|
require File.expand_path('../test_helper', __FILE__)
|
|
2
2
|
|
|
3
|
-
require 'authpwn_rails/generators/templates/session_controller.rb'
|
|
4
|
-
|
|
5
|
-
# Run the tests in the generator, to make sure they pass.
|
|
6
|
-
require 'authpwn_rails/generators/templates/session_controller_test.rb'
|
|
7
|
-
|
|
8
3
|
class BareSessionController < ApplicationController
|
|
9
4
|
include Authpwn::SessionController
|
|
10
5
|
self.append_view_path File.expand_path('../fixtures', __FILE__)
|
|
@@ -19,6 +14,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
19
14
|
@email_credential = credentials(:jane_email)
|
|
20
15
|
@password_credential = credentials(:jane_password)
|
|
21
16
|
@token_credential = credentials(:jane_token)
|
|
17
|
+
@omniauth_credential = credentials(:jane_omniauth_developer)
|
|
22
18
|
@_auto_purge_sessions = BareSessionController.auto_purge_sessions
|
|
23
19
|
end
|
|
24
20
|
|
|
@@ -55,7 +51,15 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
55
51
|
assert_response :ok
|
|
56
52
|
data = ActiveSupport::JSON.decode response.body
|
|
57
53
|
assert_equal @user.exuid, data['user']['exuid']
|
|
58
|
-
|
|
54
|
+
|
|
55
|
+
if @controller.respond_to? :valid_authenticity_token?, true
|
|
56
|
+
# Rails 4.2+ uses variable CSRF tokens.
|
|
57
|
+
assert @controller.send(:valid_authenticity_token?, session,
|
|
58
|
+
data['csrf'])
|
|
59
|
+
else
|
|
60
|
+
# Rails 4.0 and 4.1 store the CSRF token in the session.
|
|
61
|
+
assert_equal session[:_csrf_token], data['csrf']
|
|
62
|
+
end
|
|
59
63
|
end
|
|
60
64
|
|
|
61
65
|
test "new redirects to session#show when a user is logged in" do
|
|
@@ -75,7 +79,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
75
79
|
get :new, {}, {}, { auth_redirect_url: url }
|
|
76
80
|
assert_template :new
|
|
77
81
|
assert_select 'form' do
|
|
78
|
-
assert_select "input[name
|
|
82
|
+
assert_select "input[name=\"redirect_url\"][value=\"#{url}\"]"
|
|
79
83
|
end
|
|
80
84
|
end
|
|
81
85
|
|
|
@@ -98,6 +102,18 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
98
102
|
assert_redirected_to session_url
|
|
99
103
|
end
|
|
100
104
|
|
|
105
|
+
test "create logs in with good account details and no User-Agent" do
|
|
106
|
+
request.headers['User-Agent'] = nil
|
|
107
|
+
|
|
108
|
+
post :create, session: { email: @email_credential.email,
|
|
109
|
+
password: 'pa55w0rd' }
|
|
110
|
+
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
111
|
+
assert_equal @user, session_current_user, 'session'
|
|
112
|
+
assert_nil flash[:alert], 'no alert'
|
|
113
|
+
assert_nil flash[:auth_redirect_url], 'no redirect URL in flash'
|
|
114
|
+
assert_redirected_to session_url
|
|
115
|
+
end
|
|
116
|
+
|
|
101
117
|
test "create purges sessions when logging in" do
|
|
102
118
|
BareSessionController.auto_purge_sessions = true
|
|
103
119
|
old_token = credentials(:jane_session_token)
|
|
@@ -127,9 +143,17 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
127
143
|
assert_response :ok
|
|
128
144
|
data = ActiveSupport::JSON.decode response.body
|
|
129
145
|
assert_equal @user.exuid, data['user']['exuid']
|
|
130
|
-
assert_equal session[:_csrf_token], data['csrf']
|
|
131
146
|
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
132
147
|
assert_equal @user, session_current_user, 'session'
|
|
148
|
+
|
|
149
|
+
if @controller.respond_to? :valid_authenticity_token?, true
|
|
150
|
+
# Rails 4.2+ uses variable CSRF tokens.
|
|
151
|
+
assert @controller.send(:valid_authenticity_token?, session,
|
|
152
|
+
data['csrf'])
|
|
153
|
+
else
|
|
154
|
+
# Rails 4.0 and 4.1 store the CSRF token in the session.
|
|
155
|
+
assert_equal session[:_csrf_token], data['csrf']
|
|
156
|
+
end
|
|
133
157
|
end
|
|
134
158
|
|
|
135
159
|
test "create by json purges sessions when logging in" do
|
|
@@ -199,8 +223,11 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
199
223
|
end
|
|
200
224
|
|
|
201
225
|
test "create uses User.authenticate_signin" do
|
|
202
|
-
|
|
203
|
-
|
|
226
|
+
signin = Session.new email: 'em@ail.com', password: 'fail'
|
|
227
|
+
Session.expects(:new).at_least_once.with(
|
|
228
|
+
email: 'em@ail.com', password: 'fail').returns signin
|
|
229
|
+
User.expects(:authenticate_signin).at_least_once.with(signin).
|
|
230
|
+
returns @email_credential.user
|
|
204
231
|
post :create, email: 'em@ail.com', password: 'fail'
|
|
205
232
|
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
206
233
|
assert_equal @user, session_current_user, 'session'
|
|
@@ -273,6 +300,19 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
273
300
|
'one-time credential is spent'
|
|
274
301
|
end
|
|
275
302
|
|
|
303
|
+
test "token logs in with good token and no user-agent" do
|
|
304
|
+
request.headers['User-Agent'] = nil
|
|
305
|
+
|
|
306
|
+
@controller.expects(:home_with_token).once.with(@token_credential).
|
|
307
|
+
returns(nil)
|
|
308
|
+
get :token, code: @token_credential.code
|
|
309
|
+
assert_redirected_to session_url
|
|
310
|
+
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
311
|
+
assert_equal @user, session_current_user, 'session'
|
|
312
|
+
assert_nil Tokens::Base.with_code(@token_credential.code).first,
|
|
313
|
+
'one-time credential is spent'
|
|
314
|
+
end
|
|
315
|
+
|
|
276
316
|
test "token by json logs in with good token" do
|
|
277
317
|
@controller.expects(:home_with_token).once.with(@token_credential).
|
|
278
318
|
returns(nil)
|
|
@@ -280,11 +320,19 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
280
320
|
assert_response :ok
|
|
281
321
|
data = ActiveSupport::JSON.decode response.body
|
|
282
322
|
assert_equal @user.exuid, data['user']['exuid']
|
|
283
|
-
assert_equal session[:_csrf_token], data['csrf']
|
|
284
323
|
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
285
324
|
assert_equal @user, session_current_user, 'session'
|
|
286
325
|
assert_nil Tokens::Base.with_code(@token_credential.code).first,
|
|
287
326
|
'one-time credential is spent'
|
|
327
|
+
|
|
328
|
+
if @controller.respond_to? :valid_authenticity_token?, true
|
|
329
|
+
# Rails 4.2+ uses variable CSRF tokens.
|
|
330
|
+
assert @controller.send(:valid_authenticity_token?, session,
|
|
331
|
+
data['csrf'])
|
|
332
|
+
else
|
|
333
|
+
# Rails 4.0 and 4.1 store the CSRF token in the session.
|
|
334
|
+
assert_equal session[:_csrf_token], data['csrf']
|
|
335
|
+
end
|
|
288
336
|
end
|
|
289
337
|
|
|
290
338
|
test "token does not log in with random token" do
|
|
@@ -376,8 +424,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
376
424
|
password: 'hacks', password_confirmation: 'hacks'}
|
|
377
425
|
assert_redirected_to session_url
|
|
378
426
|
assert_equal @password_credential, assigns(:credential)
|
|
379
|
-
assert_equal @user, User.authenticate_signin(
|
|
380
|
-
'hacks'), 'password not changed'
|
|
427
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
428
|
+
@email_credential.email, password: 'hacks')), 'password not changed'
|
|
381
429
|
end
|
|
382
430
|
|
|
383
431
|
test "change_password works with correct input and extra form input" do
|
|
@@ -387,8 +435,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
387
435
|
commit: 'Change Password'
|
|
388
436
|
assert_redirected_to session_url
|
|
389
437
|
assert_equal @password_credential, assigns(:credential)
|
|
390
|
-
assert_equal @user, User.authenticate_signin(
|
|
391
|
-
'hacks'), 'password not changed'
|
|
438
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
439
|
+
@email_credential.email, password: 'hacks')), 'password not changed'
|
|
392
440
|
end
|
|
393
441
|
|
|
394
442
|
test "change_password rejects bad old password" do
|
|
@@ -398,8 +446,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
398
446
|
assert_response :ok
|
|
399
447
|
assert_template :password_change
|
|
400
448
|
assert_equal @password_credential, assigns(:credential)
|
|
401
|
-
assert_equal @user, User.authenticate_signin(
|
|
402
|
-
'pa55w0rd'),
|
|
449
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
450
|
+
@email_credential.email, password: 'pa55w0rd')),
|
|
451
|
+
'password wrongly changed'
|
|
403
452
|
end
|
|
404
453
|
|
|
405
454
|
test "change_password rejects un-confirmed password" do
|
|
@@ -409,8 +458,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
409
458
|
assert_response :ok
|
|
410
459
|
assert_template :password_change
|
|
411
460
|
assert_equal @password_credential, assigns(:credential)
|
|
412
|
-
assert_equal @user, User.authenticate_signin(
|
|
413
|
-
'pa55w0rd'),
|
|
461
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
462
|
+
@email_credential.email, password: 'pa55w0rd')),
|
|
463
|
+
'password wrongly changed'
|
|
414
464
|
end
|
|
415
465
|
|
|
416
466
|
test "change_password works for password recovery" do
|
|
@@ -419,8 +469,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
419
469
|
post :change_password, credential: { password: 'hacks',
|
|
420
470
|
password_confirmation: 'hacks' }
|
|
421
471
|
assert_redirected_to session_url
|
|
422
|
-
assert_equal @user, User.authenticate_signin(
|
|
423
|
-
'hacks'), 'password not changed'
|
|
472
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
473
|
+
@email_credential.email, password: 'hacks')), 'password not changed'
|
|
424
474
|
end
|
|
425
475
|
|
|
426
476
|
test "change_password rejects un-confirmed password on recovery" do
|
|
@@ -449,8 +499,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
449
499
|
credential: { old_password: 'pa55w0rd', password: 'hacks',
|
|
450
500
|
password_confirmation: 'hacks' }
|
|
451
501
|
assert_response :ok
|
|
452
|
-
assert_equal @user, User.authenticate_signin(
|
|
453
|
-
'hacks'), 'password not changed'
|
|
502
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
503
|
+
@email_credential.email, password: 'hacks')), 'password not changed'
|
|
454
504
|
end
|
|
455
505
|
|
|
456
506
|
test "change_password by json rejects bad old password" do
|
|
@@ -462,8 +512,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
462
512
|
data = ActiveSupport::JSON.decode response.body
|
|
463
513
|
assert_equal 'invalid', data['error']
|
|
464
514
|
assert_equal @password_credential, assigns(:credential)
|
|
465
|
-
assert_equal @user, User.authenticate_signin(
|
|
466
|
-
'pa55w0rd'),
|
|
515
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
516
|
+
@email_credential.email, password: 'pa55w0rd')),
|
|
517
|
+
'password wrongly changed'
|
|
467
518
|
end
|
|
468
519
|
|
|
469
520
|
test "change_password by json rejects un-confirmed password" do
|
|
@@ -474,8 +525,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
474
525
|
assert_response :ok
|
|
475
526
|
data = ActiveSupport::JSON.decode response.body
|
|
476
527
|
assert_equal 'invalid', data['error']
|
|
477
|
-
assert_equal @user, User.authenticate_signin(
|
|
478
|
-
'pa55w0rd'),
|
|
528
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
529
|
+
@email_credential.email, password: 'pa55w0rd')),
|
|
530
|
+
'password wrongly changed'
|
|
479
531
|
end
|
|
480
532
|
|
|
481
533
|
test "change_password by json works for password recovery" do
|
|
@@ -484,8 +536,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
484
536
|
post :change_password, format: 'json',
|
|
485
537
|
credential: { password: 'hacks', password_confirmation: 'hacks' }
|
|
486
538
|
assert_response :ok
|
|
487
|
-
assert_equal @user, User.authenticate_signin(
|
|
488
|
-
|
|
539
|
+
assert_equal @user, User.authenticate_signin(Session.new(email:
|
|
540
|
+
@email_credential.email, password: 'hacks')), 'password not changed'
|
|
489
541
|
end
|
|
490
542
|
|
|
491
543
|
test "change_password by json rejects un-confirmed password on recovery" do
|
|
@@ -502,7 +554,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
502
554
|
|
|
503
555
|
test "reset_password for good e-mail" do
|
|
504
556
|
ActionMailer::Base.deliveries = []
|
|
505
|
-
|
|
557
|
+
request.host = 'mail.test.host:1234'
|
|
506
558
|
|
|
507
559
|
assert_difference 'Credential.count', 1 do
|
|
508
560
|
post :reset_password, session: { email: @email_credential.email }
|
|
@@ -578,6 +630,105 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
578
630
|
assert_equal @user, token.user, 'password reset token user'
|
|
579
631
|
end
|
|
580
632
|
|
|
633
|
+
test "OmniAuth failure" do
|
|
634
|
+
get :omniauth_failure
|
|
635
|
+
|
|
636
|
+
assert_redirected_to new_session_url
|
|
637
|
+
assert_match(/failed/, flash[:alert])
|
|
638
|
+
end
|
|
639
|
+
|
|
640
|
+
test "omniauth logs in with good account details" do
|
|
641
|
+
request.env['omniauth.auth'] =
|
|
642
|
+
{ 'provider' => @omniauth_credential.provider,
|
|
643
|
+
'uid' => @omniauth_credential.uid }
|
|
644
|
+
post :omniauth, provider: @omniauth_credential.provider
|
|
645
|
+
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
646
|
+
assert_equal @user, session_current_user, 'session'
|
|
647
|
+
assert_nil flash[:alert], 'no alert'
|
|
648
|
+
assert_nil flash[:auth_redirect_url], 'no redirect URL in flash'
|
|
649
|
+
assert_redirected_to session_url
|
|
650
|
+
end
|
|
651
|
+
|
|
652
|
+
test "omniauth logs in with good account details and no User-Agent" do
|
|
653
|
+
request.headers['User-Agent'] = nil
|
|
654
|
+
|
|
655
|
+
request.env['omniauth.auth'] =
|
|
656
|
+
{ 'provider' => @omniauth_credential.provider,
|
|
657
|
+
'uid' => @omniauth_credential.uid }
|
|
658
|
+
post :omniauth, provider: @omniauth_credential.provider
|
|
659
|
+
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
660
|
+
assert_equal @user, session_current_user, 'session'
|
|
661
|
+
assert_nil flash[:alert], 'no alert'
|
|
662
|
+
assert_nil flash[:auth_redirect_url], 'no redirect URL in flash'
|
|
663
|
+
assert_redirected_to session_url
|
|
664
|
+
end
|
|
665
|
+
|
|
666
|
+
test "omniauth purges sessions when logging in" do
|
|
667
|
+
BareSessionController.auto_purge_sessions = true
|
|
668
|
+
old_token = credentials(:jane_session_token)
|
|
669
|
+
old_token.updated_at = Time.now - 1.year
|
|
670
|
+
old_token.save!
|
|
671
|
+
request.env['omniauth.auth'] =
|
|
672
|
+
{ 'provider' => @omniauth_credential.provider,
|
|
673
|
+
'uid' => @omniauth_credential.uid }
|
|
674
|
+
post :omniauth, provider: @omniauth_credential.provider
|
|
675
|
+
assert_equal @user, session_current_user, 'session'
|
|
676
|
+
assert_nil Tokens::Base.with_code(old_token.code).first,
|
|
677
|
+
'old session not purged'
|
|
678
|
+
end
|
|
679
|
+
|
|
680
|
+
test "omniauth does not purge sessions if auto_purge_sessions is false" do
|
|
681
|
+
BareSessionController.auto_purge_sessions = false
|
|
682
|
+
old_token = credentials(:jane_session_token)
|
|
683
|
+
old_token.updated_at = Time.now - 1.year
|
|
684
|
+
old_token.save!
|
|
685
|
+
request.env['omniauth.auth'] =
|
|
686
|
+
{ 'provider' => @omniauth_credential.provider,
|
|
687
|
+
'uid' => @omniauth_credential.uid }
|
|
688
|
+
post :omniauth, provider: @omniauth_credential.provider
|
|
689
|
+
assert_equal @user, session_current_user, 'session'
|
|
690
|
+
assert_equal old_token, Tokens::Base.with_code(old_token.code).first,
|
|
691
|
+
'old session purged'
|
|
692
|
+
end
|
|
693
|
+
|
|
694
|
+
test "omniauth does not purge sessions if not logged in" do
|
|
695
|
+
BareSessionController.auto_purge_sessions = true
|
|
696
|
+
old_token = credentials(:jane_session_token)
|
|
697
|
+
old_token.updated_at = Time.now - 1.year
|
|
698
|
+
old_token.save!
|
|
699
|
+
request.env['omniauth.auth'] =
|
|
700
|
+
{ 'provider' => @omniauth_credential.provider, 'uid' => 'fail' }
|
|
701
|
+
post :omniauth, provider: @omniauth_credential.provider
|
|
702
|
+
assert_nil session_current_user, 'session'
|
|
703
|
+
assert_equal old_token, Tokens::Base.with_code(old_token.code).first,
|
|
704
|
+
'old session purged'
|
|
705
|
+
end
|
|
706
|
+
|
|
707
|
+
test "omniauth does not log in blocked accounts" do
|
|
708
|
+
request.env['omniauth.auth'] =
|
|
709
|
+
{ 'provider' => @omniauth_credential.provider,
|
|
710
|
+
'uid' => @omniauth_credential.uid }
|
|
711
|
+
with_blocked_credential @omniauth_credential do
|
|
712
|
+
post :omniauth, provider: @omniauth_credential.provider
|
|
713
|
+
end
|
|
714
|
+
assert_redirected_to new_session_url
|
|
715
|
+
assert_nil assigns(:current_user), 'instance variable'
|
|
716
|
+
assert_nil session_current_user, 'session'
|
|
717
|
+
assert_match(/ blocked/, flash[:alert])
|
|
718
|
+
assert_nil flash[:auth_redirect_url], 'no redirect URL in flash'
|
|
719
|
+
end
|
|
720
|
+
|
|
721
|
+
test "omniauth uses Credentials::OmniAuthUid.authenticate" do
|
|
722
|
+
omniauth_hash = { 'provider' => 'fail', 'uid' => 'fail' }
|
|
723
|
+
request.env['omniauth.auth'] = omniauth_hash
|
|
724
|
+
Credentials::OmniAuthUid.expects(:authenticate).at_least_once.
|
|
725
|
+
with(omniauth_hash).returns @omniauth_credential.user
|
|
726
|
+
post :omniauth, provider: @omniauth_credential.provider
|
|
727
|
+
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
728
|
+
assert_equal @user, session_current_user, 'session'
|
|
729
|
+
assert_redirected_to session_url
|
|
730
|
+
end
|
|
731
|
+
|
|
581
732
|
test "auth_controller? is true" do
|
|
582
733
|
assert_equal true, @controller.auth_controller?
|
|
583
734
|
end
|
|
@@ -1,10 +1,5 @@
|
|
|
1
1
|
require File.expand_path('../test_helper', __FILE__)
|
|
2
2
|
|
|
3
|
-
require 'authpwn_rails/generators/templates/session_mailer.rb'
|
|
4
|
-
|
|
5
|
-
# Run the tests in the generator, to make sure they pass.
|
|
6
|
-
require 'authpwn_rails/generators/templates/session_mailer_test.rb'
|
|
7
|
-
|
|
8
3
|
class SessionMailerApiTest < ActionMailer::TestCase
|
|
9
4
|
setup do
|
|
10
5
|
@reset_email = credentials(:jane_email).email
|
|
@@ -30,7 +25,7 @@ class SessionMailerApiTest < ActionMailer::TestCase
|
|
|
30
25
|
end
|
|
31
26
|
end
|
|
32
27
|
end
|
|
33
|
-
|
|
28
|
+
|
|
34
29
|
teardown do
|
|
35
30
|
SessionMailer.class_eval do
|
|
36
31
|
undef :email_verification_from
|
|
@@ -44,10 +39,15 @@ class SessionMailerApiTest < ActionMailer::TestCase
|
|
|
44
39
|
end
|
|
45
40
|
|
|
46
41
|
test 'email verification email contents' do
|
|
47
|
-
|
|
48
|
-
|
|
42
|
+
email_draft = SessionMailer.email_verification_email @verification_token,
|
|
43
|
+
@root_url
|
|
44
|
+
if email_draft.respond_to? :deliver_now
|
|
45
|
+
email = email_draft.deliver_now
|
|
46
|
+
else
|
|
47
|
+
email = email_draft.deliver
|
|
48
|
+
end
|
|
49
49
|
assert !ActionMailer::Base.deliveries.empty?
|
|
50
|
-
|
|
50
|
+
|
|
51
51
|
assert_equal 'test.host e-mail verification', email.subject
|
|
52
52
|
assert_equal ['email_check@test.host'], email.from
|
|
53
53
|
assert_equal [@verification_email], email.to
|
|
@@ -56,14 +56,19 @@ class SessionMailerApiTest < ActionMailer::TestCase
|
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
test 'password reset email contents' do
|
|
59
|
-
|
|
60
|
-
|
|
59
|
+
email_draft = SessionMailer.reset_password_email @reset_email,
|
|
60
|
+
@reset_token, @root_url
|
|
61
|
+
if email_draft.respond_to? :deliver_now
|
|
62
|
+
email = email_draft.deliver_now
|
|
63
|
+
else
|
|
64
|
+
email = email_draft.deliver
|
|
65
|
+
end
|
|
61
66
|
assert !ActionMailer::Base.deliveries.empty?
|
|
62
|
-
|
|
67
|
+
|
|
63
68
|
assert_equal 'test.host password reset', email.subject
|
|
64
69
|
assert_equal ['reset@test.host'], email.from
|
|
65
70
|
assert_equal [@reset_email], email.to
|
|
66
|
-
assert_match @reset_token.code, email.encoded
|
|
71
|
+
assert_match @reset_token.code, email.encoded
|
|
67
72
|
assert_match 'hxxp://test.host:8808/session/token/', email.encoded
|
|
68
73
|
end
|
|
69
74
|
end
|
data/test/test_helper.rb
CHANGED
|
@@ -1,13 +1,12 @@
|
|
|
1
1
|
require 'rubygems'
|
|
2
|
-
require '
|
|
2
|
+
require 'minitest/autorun'
|
|
3
3
|
|
|
4
4
|
require 'action_controller'
|
|
5
5
|
require 'action_mailer'
|
|
6
6
|
require 'active_record'
|
|
7
|
+
require 'active_support/core_ext'
|
|
7
8
|
require 'rails'
|
|
8
9
|
|
|
9
|
-
require 'fbgraph_rails'
|
|
10
|
-
require 'fbgraph_rails/controller'
|
|
11
10
|
require 'sqlite3'
|
|
12
11
|
|
|
13
12
|
require 'mocha/setup'
|
|
@@ -25,6 +24,7 @@ require 'helpers/fbgraph.rb'
|
|
|
25
24
|
require 'helpers/i18n.rb'
|
|
26
25
|
require 'helpers/rails.rb'
|
|
27
26
|
require 'helpers/routes.rb'
|
|
27
|
+
require 'helpers/test_order.rb'
|
|
28
28
|
|
|
29
29
|
# Simulate Rails' initializer loading.
|
|
30
30
|
require 'authpwn_rails/generators/templates/initializer.rb'
|
data/test/user_test.rb
CHANGED
|
@@ -56,14 +56,61 @@ class UserTest < ActiveSupport::TestCase
|
|
|
56
56
|
assert_equal nil, User.find_by_param(nil)
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
-
test 'authenticate_signin' do
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
59
|
+
test 'authenticate_signin with valid data' do
|
|
60
|
+
signin = Session.new email: 'jane@gmail.com', password: 'pa55w0rd'
|
|
61
|
+
assert_equal users(:jane), User.authenticate_signin(signin)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
test 'authenticate_signin with wrong password' do
|
|
65
|
+
signin = Session.new email: 'jane@gmail.com', password: 'password'
|
|
66
|
+
assert_equal :invalid, User.authenticate_signin(signin),
|
|
64
67
|
"John's password on Jane's account"
|
|
65
|
-
|
|
66
|
-
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
test 'authenticate_signin on blocked e-mail' do
|
|
71
|
+
signin = Session.new email: 'john@gmail.com', password: 'pa55w0rd'
|
|
72
|
+
assert_equal :blocked, User.authenticate_signin(signin)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
test 'related_to_omniauth without e-mail' do
|
|
76
|
+
assert_equal nil, User.related_to_omniauth('provider' => 'developer',
|
|
77
|
+
'uid' => 'john@gmail.com')
|
|
78
|
+
assert_equal nil, User.related_to_omniauth('provider' => 'developer',
|
|
79
|
+
'uid' => 'john@gmail.com',
|
|
80
|
+
'info' => {})
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
test 'related_to_omniauth with existing e-mail' do
|
|
84
|
+
Credentials::OmniAuthUid.destroy_all
|
|
85
|
+
assert_equal users(:john), User.related_to_omniauth(
|
|
86
|
+
'provider' => 'developer', 'uid' => 'john_gmail_com_uid',
|
|
87
|
+
'info' => { 'email' => 'john@gmail.com' })
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
test 'related_to_omniauth with non-existing e-mail' do
|
|
91
|
+
assert_equal nil, User.related_to_omniauth('provider' => 'developer',
|
|
92
|
+
'uid' => 'new_user@gmail.com',
|
|
93
|
+
'info' => { 'email' => 'new_user@gmail.com' })
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
test 'create_from_omniauth without e-mail' do
|
|
97
|
+
assert_equal nil, User.create_from_omniauth('provider' => 'developer',
|
|
98
|
+
'uid' => 'newuser@gmail.com')
|
|
99
|
+
assert_equal nil, User.create_from_omniauth('provider' => 'developer',
|
|
100
|
+
'uid' => 'newuser@gmail.com',
|
|
101
|
+
'info' => {})
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
test 'create_from_omniauth with e-mail' do
|
|
105
|
+
omniauth_hash = { 'provider' => 'developer',
|
|
106
|
+
'uid' => 'newuser_gmail_com_uid',
|
|
107
|
+
'info' => { 'email' => 'newuser@gmail.com' } }
|
|
108
|
+
user = User.create_from_omniauth omniauth_hash
|
|
109
|
+
assert_not_nil user
|
|
110
|
+
email_credential = Credentials::Email.where(user: user).first
|
|
111
|
+
assert_not_nil email_credential
|
|
112
|
+
assert_equal 'newuser@gmail.com', email_credential.email
|
|
113
|
+
assert_equal true, email_credential.valid?
|
|
67
114
|
end
|
|
68
115
|
|
|
69
116
|
test 'autosaves credentials' do
|