authpwn_rails 0.16.2 → 0.17.0

metadata

@@ -1,181 +1,181 @@
 --- !ruby/object:Gem::Specification
 name: authpwn_rails
 version: !ruby/object:Gem::Version
-  version: 0.16.2
+  version: 0.17.0
 platform: ruby
 authors:
 - Victor Costan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-20 00:00:00.000000000 Z
+date: 2014-11-07 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: fbgraph_rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 0.2.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 0.2.2
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.17
+        version: 4.0.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.17
+        version: 4.0.9
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.5
+        version: 1.7.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.5
+        version: 1.7.3
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.14.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.14.0
 - !ruby/object:Gem::Dependency
   name: jeweler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.8.8
+        version: 2.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.8.8
+        version: 2.0.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mysql2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.16
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.16
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.14
+        version: 1.2.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.14
+        version: 1.2.2
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.0
+        version: 0.17.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.0
+        version: 0.17.1
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.8
+        version: 1.3.9
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.8
+        version: 1.3.9
 - !ruby/object:Gem::Dependency
   name: rubysl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rubysl-bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rubysl-rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Works with Facebook.
@@ -186,20 +186,21 @@ extra_rdoc_files:
 - LICENSE
 - README.rdoc
 files:
-- .document
-- .project
-- .travis.yml
+- ".document"
+- ".project"
+- ".travis.yml"
 - Gemfile
 - Gemfile.lock
-- Gemfile.rails3
 - Gemfile.rails4
+- Gemfile.rails41
+- Gemfile.rails42
 - LICENSE
 - README.rdoc
 - Rakefile
 - VERSION
 - app/helpers/session_helper.rb
 - app/models/credentials/email.rb
-- app/models/credentials/facebook.rb
+- app/models/credentials/omni_auth_uid.rb
 - app/models/credentials/password.rb
 - app/models/tokens/base.rb
 - app/models/tokens/email_verification.rb
@@ -214,13 +215,13 @@ files:
 - lib/authpwn_rails/current_user.rb
 - lib/authpwn_rails/engine.rb
 - lib/authpwn_rails/expires.rb
-- lib/authpwn_rails/facebook_session.rb
 - lib/authpwn_rails/generators/all_generator.rb
 - lib/authpwn_rails/generators/templates/001_create_users.rb
 - lib/authpwn_rails/generators/templates/003_create_credentials.rb
 - lib/authpwn_rails/generators/templates/credential.rb
 - lib/authpwn_rails/generators/templates/credentials.yml
 - lib/authpwn_rails/generators/templates/initializer.rb
+- lib/authpwn_rails/generators/templates/omniauth_initializer.rb
 - lib/authpwn_rails/generators/templates/session.rb
 - lib/authpwn_rails/generators/templates/session/forbidden.html.erb
 - lib/authpwn_rails/generators/templates/session/home.html.erb
@@ -245,19 +246,17 @@ files:
 - lib/authpwn_rails/session_model.rb
 - lib/authpwn_rails/test_extensions.rb
 - lib/authpwn_rails/user_extensions/email_field.rb
-- lib/authpwn_rails/user_extensions/facebook_fields.rb
 - lib/authpwn_rails/user_extensions/password_field.rb
 - lib/authpwn_rails/user_model.rb
 - test/cookie_controller_test.rb
 - test/credentials/email_credential_test.rb
 - test/credentials/email_verification_token_test.rb
-- test/credentials/facebook_credential_test.rb
+- test/credentials/omni_auth_uid_credential_test.rb
 - test/credentials/one_time_token_credential_test.rb
 - test/credentials/password_credential_test.rb
 - test/credentials/password_reset_token_test.rb
 - test/credentials/session_uid_token_test.rb
 - test/credentials/token_crendential_test.rb
-- test/facebook_controller_test.rb
 - test/fixtures/bare_session/forbidden.html.erb
 - test/fixtures/bare_session/home.html.erb
 - test/fixtures/bare_session/new.html.erb
@@ -273,17 +272,19 @@ files:
 - test/helpers/rails.rb
 - test/helpers/rails_undo.rb
 - test/helpers/routes.rb
+- test/helpers/test_order.rb
 - test/helpers/view_helpers.rb
 - test/http_basic_controller_test.rb
 - test/initializer_test.rb
 - test/routes_test.rb
 - test/session_controller_api_test.rb
+- test/session_controller_test.rb
 - test/session_mailer_api_test.rb
+- test/session_mailer_test.rb
 - test/session_test.rb
 - test/test_extensions_test.rb
 - test/test_helper.rb
 - test/user_extensions/email_field_test.rb
-- test/user_extensions/facebook_fields_test.rb
 - test/user_extensions/password_field_test.rb
 - test/user_test.rb
 homepage: http://github.com/pwnall/authpwn_rails
@@ -296,18 +297,18 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
-summary: User authentication for Rails 3 and 4 applications.
+summary: User authentication for Rails 4 applications.
 test_files: []

data/app/models/credentials/facebook.rb

@@ -1,63 +0,0 @@
-# :namespace
-module Credentials
-
-# Associates a Facebook account and OAuth2 token with an account.
-class Facebook < ::Credential
-  # The Graph API object ID of the Facebook account.
-  alias_attribute :facebook_uid, :name
-  validates :name, format: /\A\d+\Z/, presence: true,
-       uniqueness: { scope: [:type],
-       message: 'Your Facebook user is already associated to an account' }
-
-  # A user can be associated to a single Facebook account.
-  validates :user_id, uniqueness: {
-      message: 'Your account is already associated to a Facebook user' }
-
-  # OAuth2 token issued by Facebook.
-  alias_attribute :access_token, :key
-  validates :key, presence: true
-
-  # FBGraph client loaded with this access token.
-  def facebook_client
-    @client ||= FBGraphRails.fbclient(access_token)
-  end
-
-  # Finds or creates the model containing a token.
-  #
-  # If a model for the same user exists, the model is updated with the given
-  # token. Otherwise, a new model will be created, together with a user.
-  def self.for(access_token)
-    uid = uid_from_token access_token
-    credential = self.where(name: uid.to_str).first
-    if credential
-      credential.key = access_token
-      credential.save!
-    else
-      User.transaction do
-        user = User.create!
-        credential = self.new
-        user.credentials << credential
-        credential.facebook_uid = uid
-        credential.access_token = access_token
-        credential.save!
-      end
-    end
-    credential
-  end
-
-  # Extracts the Facebook user ID from a OAuth2 token.
-  #
-  # This used to be a hack that pulled the UID out of an OAuth2 token. The new
-  # encrypted OAuth2 tokens don't have UIDs anymore, so this method is an
-  # interim hack for old code that still depends on it.
-  def self.uid_from_token(access_token)
-    FBGraphRails.fbclient(access_token).selection.me.info![:id].to_s
-  end
-
-  if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
-    # Forms should not be able to touch any attribute.
-    attr_accessible
-  end
-end  # class Credentials::Facebook
-
-end  # namespace Credentials

data/lib/authpwn_rails/facebook_session.rb

@@ -1,33 +0,0 @@
-require 'action_controller'
-
-# :nodoc: add authenticates_using_facebook
-class ActionController::Base  
-  # Authenticates users via Facebook OAuth2, using fbgraph_rails.
-  #
-  # The User model class must implement for_facebook_token. The controller
-  # should obtain the Facebook token, using probes_facebook_access_token or
-  # requires_facebook_access_token.
-  def self.authenticates_using_facebook(options = {})
-    include Authpwn::FacebookControllerInstanceMethods
-    before_filter :authenticate_using_facebook_access_token, options
-  end
-end  # module Authpwn::FacebookExtensions::ControllerClassMethods
-
-# :nodoc: namespace
-module Authpwn
-
-# Included in controllers that call authenticates_using_facebook.
-module FacebookControllerInstanceMethods
-  def authenticate_using_facebook_access_token
-    return true if current_user
-    if access_token = current_facebook_access_token
-      self.current_user = User.for_facebook_token access_token
-      # NOTE: nixing the token from the session so the user won't be logged on
-      #       immediately after logging off
-      self.current_facebook_access_token = nil
-    end
-  end
-  private :authenticate_using_facebook_access_token
-end  # module Authpwn::FacebookControllerInstanceMethods
-
-end  # namespace Authpwn

data/lib/authpwn_rails/user_extensions/facebook_fields.rb

@@ -1,63 +0,0 @@
-require 'active_model'
-require 'active_support'
-
-# :nodoc: namespace
-module Authpwn
-
-# :nodoc: namespace
-module UserExtensions
-  
-# Augments the User model with Facebook-related virtual attributes.
-module FacebookFields
-  extend ActiveSupport::Concern
-  
-  module ClassMethods
-    # The user that owns a given Facebook OAuth2 token.
-    #
-    # A new user will be created if the token doesn't belong to any user. This
-    # is the case for a new visitor.
-    def for_facebook_token(access_token)
-      Credentials::Facebook.for(access_token).user
-    end
-    
-    # The user who has a certain e-mail, or nil if the e-mail is unclaimed.
-    def with_facebook_uid(facebook_uid)
-      credential = Credentials::Facebook.where(name: facebook_uid).
-                                         includes(:user).first
-      credential && credential.user
-    end
-  end
-  
-  # Credentials::Facebook instance associated with this user.
-  def facebook_credential
-    credentials.find { |c| c.instance_of?(Credentials::Facebook) }
-  end
-  
-  # FBGraph client loaded with this access token.
-  #
-  # Returns nil if this user has no Facebook credential.
-  def facebook_client
-    credential = self.facebook_credential
-    credential && credential.facebook_client
-  end
-
-  # The facebook user ID from the user's Facebook credential.
-  #
-  # Returns nil if this user has no Facebook credential.
-  def facebook_uid
-    credential = self.facebook_credential
-    credential && credential.facebook_uid
-  end
-  
-  # The facebook OAuth2 access token from the user's Facebook credential.
-  #
-  # Returns nil if this user has no Facebook credential.
-  def facebook_access_token
-    credential = self.facebook_credential
-    credential && credential.access_token
-  end
-end  # module Authpwn::UserExtensions::FacebookFields
-  
-end  # module Authpwn::UserExtensions
-  
-end  # module Authpwn

data/test/credentials/facebook_credential_test.rb

@@ -1,64 +0,0 @@
-require File.expand_path('../../test_helper', __FILE__)
-
-class FacebookCredentialTest < ActiveSupport::TestCase
-  def setup
-    @code = 'AAAEj8jKX2a8BAA4kNheRhOs6SlECVcZCE9o5pPKMytOjjoiNAoZBGZAwuL4KrrxXWesfJRhzDZCJiqrcQG3UdjRRNtyMJQMZD'
-    @credential = Credentials::Facebook.new
-    @credential.facebook_uid = '1181310542'
-    @credential.key = 'AAAEj8jKX2a8BAOBMZCjxBe4dw7cRoD1JVxUgZAtB6ozJlR4Viazh6OAYcHB5kZAtUwgjpDy7a54ZA1DObLmBT9X99CLWYOj5Stqx8bHwnE7EzyBS1WxY'
-    @credential.user = users(:bill)
-  end
-
-  test 'setup' do
-    assert @credential.valid?
-  end
-
-  test 'key required' do
-    @credential.key = nil
-    assert !@credential.valid?
-  end
-
-  test 'user presence' do
-    @credential.user = nil
-    assert !@credential.valid?
-  end
-
-  test 'user uniqueness' do
-    @credential.user = users(:john)
-    assert !@credential.valid?
-  end
-
-  test 'facebook_uid uniqueness' do
-    @credential.facebook_uid = credentials(:jane_facebook).facebook_uid
-    assert !@credential.valid?
-  end
-
-  test "uid_from_token" do
-    assert_equal '1011950666', Credentials::Facebook.uid_from_token(@code)
-  end
-
-  test "for with existing access token" do
-    Credentials::Facebook.expects(:uid_from_token).with(@code).at_least_once.
-        returns(credentials(:jane_facebook).facebook_uid)
-
-    assert_equal credentials(:jane_facebook), Credentials::Facebook.for(@code),
-                 'Wrong token'
-    assert_equal @code, credentials(:jane_facebook).reload.key,
-                 'Token not refreshed'
-  end
-
-  test "for with new access token" do
-    credential = nil
-    Credentials::Facebook.expects(:uid_from_token).at_least_once.
-        with(@credential.key).returns('123456789')
-    assert_difference 'Credentials::Facebook.count', 1 do
-      credential = Credentials::Facebook.for @credential.key
-    end
-    assert_equal '123456789', credential.facebook_uid
-    assert_equal @credential.key, credential.key
-    assert !credential.new_record?, 'New credential not saved'
-    assert !credential.user.new_record?, "New credential's user not saved"
-    assert_operator credential.user.credentials, :include?, credential,
-        "New user's credentials does not include Facebook credential"
-  end
-end

data/test/facebook_controller_test.rb

@@ -1,65 +0,0 @@
-require File.expand_path('../test_helper', __FILE__)
-
-# Mock controller used for testing session handling.
-class FacebookController < ApplicationController
-  authenticates_using_session
-  probes_facebook_access_token
-  authenticates_using_facebook
-
-  def show
-    if current_user
-      render text: "User: #{current_user.id}"
-    else
-      render text: "No user"
-    end
-  end
-end
-
-class UserWithFb2 < User
-  include Authpwn::UserExtensions::FacebookFields
-end
-
-class FacebookControllerTest < ActionController::TestCase
-  setup do
-    @old_user_class = ::User
-    Object.send :remove_const, :User
-    ::User = UserWithFb2
-
-    @user = users(:john)
-    @new_token = 'facebook:new_token|boom'
-  end
-
-  teardown do
-    Object.send :remove_const, :User
-    ::User = @old_user_class
-  end
-
-  test "no facebook token" do
-    get :show
-    assert_response :success
-    assert_nil assigns(:current_user)
-  end
-
-  test "facebook token for existing user" do
-    Credentials::Facebook.expects(:uid_from_token).at_least_once.
-        with(credentials(:john_facebook).key).
-        returns(credentials(:john_facebook).facebook_uid)
-    set_session_current_facebook_token credentials(:john_facebook).key
-    get :show, {}
-    assert_response :success
-    assert_equal @user, assigns(:current_user)
-  end
-
-  test "new facebook token" do
-    set_session_current_facebook_token @new_token
-    Credentials::Facebook.expects(:uid_from_token).at_least_once.
-        with(@new_token).returns('12345678')
-    get :show, {}
-    assert_response :success
-    assert_not_equal @user, assigns(:current_user)
-  end
-
-  test "auth_controller? is false" do
-    assert_equal false, @controller.auth_controller?
-  end
-end

data/test/user_extensions/facebook_fields_test.rb

@@ -1,61 +0,0 @@
-require File.expand_path('../../test_helper', __FILE__)
-
-class UserWithFb < User
-  include Authpwn::UserExtensions::FacebookFields
-end
-
-class FacebookFieldsTest < ActiveSupport::TestCase
-  def setup
-    @user = UserWithFb.new
-
-    @john = UserWithFb.find_by_id(users(:john).id)
-    @jane = UserWithFb.find_by_id(users(:jane).id)
-    @bill = UserWithFb.find_by_id(users(:bill).id)
-  end
-
-  test 'setup' do
-    assert @user.valid?
-  end
-
-  test 'facebook_credential' do
-    assert_equal credentials(:john_facebook), @john.facebook_credential
-    assert_equal credentials(:jane_facebook), @jane.facebook_credential
-    assert_nil @bill.facebook_credential
-  end
-
-  test 'facebook_uid' do
-    assert_equal credentials(:john_facebook).facebook_uid, @john.facebook_uid
-    assert_equal credentials(:jane_facebook).facebook_uid, @jane.facebook_uid
-    assert_nil @bill.facebook_uid
-  end
-
-  test 'facebook_access_token' do
-    assert_equal credentials(:john_facebook).access_token,
-                 @john.facebook_access_token
-    assert_equal credentials(:jane_facebook).access_token,
-                 @jane.facebook_access_token
-    assert_nil @bill.facebook_access_token
-  end
-
-  test 'facebook_client' do
-    assert_equal credentials(:john_facebook).access_token,
-                 @john.facebook_client.access_token
-    assert_nil @bill.facebook_client
-  end
-
-  test 'with_facebook_uid' do
-    assert_equal users(:john), UserWithFb.with_facebook_uid(
-        credentials(:john_facebook).facebook_uid)
-    assert_equal users(:jane), UserWithFb.with_facebook_uid(
-        credentials(:jane_facebook).facebook_uid)
-    assert_nil UserWithFb.with_facebook_uid('0000000')
-  end
-
-  test 'for_facebook_token' do
-    Credentials::Facebook.expects(:uid_from_token).at_least_once.
-        with(credentials(:john_facebook).key).
-        returns credentials(:john_facebook).facebook_uid
-    assert_equal users(:john),
-        UserWithFb.for_facebook_token(credentials(:john_facebook).access_token)
-  end
-end