authpwn_rails 0.13.0 → 0.13.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +2 -1
- data/Gemfile.lock +1 -1
- data/VERSION +1 -1
- data/app/models/tokens/base.rb +3 -5
- data/authpwn_rails.gemspec +2 -2
- data/lib/authpwn_rails/credential_model.rb +2 -0
- data/lib/authpwn_rails/user_model.rb +0 -2
- data/test/credentials/email_credential_test.rb +14 -13
- data/test/credentials/email_verification_token_test.rb +3 -3
- data/test/credentials/one_time_token_credential_test.rb +2 -2
- data/test/credentials/password_credential_test.rb +3 -2
- data/test/credentials/password_reset_token_test.rb +12 -12
- data/test/credentials/session_uid_token_test.rb +5 -5
- data/test/credentials/token_crendential_test.rb +2 -2
- data/test/helpers/db_setup.rb +8 -1
- data/test/user_test.rb +0 -7
- metadata +3 -3
data/.travis.yml
CHANGED
data/Gemfile.lock
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.13.
|
1
|
+
0.13.1
|
data/app/models/tokens/base.rb
CHANGED
@@ -96,11 +96,9 @@ class Base < ::Credential
|
|
96
96
|
# code
|
97
97
|
def self.random_for(user, key = nil, klass = nil)
|
98
98
|
klass ||= self
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
token = self.new(:code => random_code, :key => key)
|
103
|
-
end
|
99
|
+
token = self.new
|
100
|
+
token.code = random_code
|
101
|
+
token.key = key unless key.nil?
|
104
102
|
user.credentials << token
|
105
103
|
token.save!
|
106
104
|
token
|
data/authpwn_rails.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "authpwn_rails"
|
8
|
-
s.version = "0.13.
|
8
|
+
s.version = "0.13.1"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Victor Costan"]
|
12
|
-
s.date = "2012-10-
|
12
|
+
s.date = "2012-10-17"
|
13
13
|
s.description = "Works with Facebook."
|
14
14
|
s.email = "victor@costan.us"
|
15
15
|
s.extra_rdoc_files = [
|
@@ -20,6 +20,8 @@ module CredentialModel
|
|
20
20
|
|
21
21
|
# Secret information associated with the token.
|
22
22
|
validates :key, :length => { :in => 1..2.kilobytes, :allow_nil => true }
|
23
|
+
|
24
|
+
attr_accessible
|
23
25
|
end
|
24
26
|
|
25
27
|
# Included in the metaclass of models that call pwnauth_facebook_token_model.
|
@@ -22,8 +22,6 @@ module UserModel
|
|
22
22
|
# Credentials used to authenticate the user.
|
23
23
|
has_many :credentials, :dependent => :destroy, :inverse_of => :user
|
24
24
|
validates_associated :credentials
|
25
|
-
# This is safe, because credentials use attr_accessible.
|
26
|
-
accepts_nested_attributes_for :credentials, :allow_destroy => true
|
27
25
|
|
28
26
|
# Automatically assign exuid.
|
29
27
|
before_validation :set_default_exuid, :on => :create
|
@@ -1,15 +1,16 @@
|
|
1
1
|
require File.expand_path('../../test_helper', __FILE__)
|
2
2
|
|
3
|
-
class EmailCredentialTest < ActiveSupport::TestCase
|
3
|
+
class EmailCredentialTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
|
-
@credential = Credentials::Email.new
|
5
|
+
@credential = Credentials::Email.new
|
6
|
+
@credential.email = 'dvdjohn@mit.edu'
|
6
7
|
@credential.user = users(:bill)
|
7
8
|
end
|
8
|
-
|
9
|
+
|
9
10
|
test 'setup' do
|
10
11
|
assert @credential.valid?
|
11
12
|
end
|
12
|
-
|
13
|
+
|
13
14
|
test 'key required' do
|
14
15
|
@credential.key = ''
|
15
16
|
assert !@credential.valid?
|
@@ -19,19 +20,19 @@ class EmailCredentialTest < ActiveSupport::TestCase
|
|
19
20
|
@credential.key = 'xoxo'
|
20
21
|
assert !@credential.valid?
|
21
22
|
end
|
22
|
-
|
23
|
+
|
23
24
|
test 'verified set to true' do
|
24
25
|
@credential.verified = true
|
25
26
|
assert_equal '1', @credential.key, 'key'
|
26
27
|
assert_equal true, @credential.verified?, 'verified?'
|
27
28
|
end
|
28
|
-
|
29
|
+
|
29
30
|
test 'verified set to false' do
|
30
31
|
@credential.verified = false
|
31
32
|
assert_equal '0', @credential.key, 'key'
|
32
33
|
assert_equal false, @credential.verified?, 'verified?'
|
33
34
|
end
|
34
|
-
|
35
|
+
|
35
36
|
test 'user presence' do
|
36
37
|
@credential.user = nil
|
37
38
|
assert !@credential.valid?
|
@@ -41,30 +42,30 @@ class EmailCredentialTest < ActiveSupport::TestCase
|
|
41
42
|
@credential.email = nil
|
42
43
|
assert !@credential.valid?
|
43
44
|
end
|
44
|
-
|
45
|
+
|
45
46
|
test 'email length' do
|
46
47
|
@credential.email = 'abcde' * 25 + '@mit.edu'
|
47
48
|
assert !@credential.valid?, 'Overly long email'
|
48
49
|
end
|
49
|
-
|
50
|
+
|
50
51
|
test 'email format' do
|
51
52
|
['cos tan@gmail.com', 'costan@x@mit.edu'].each do |email|
|
52
53
|
@credential.email = email
|
53
54
|
assert !@credential.valid?, "Bad email format - #{email}"
|
54
|
-
end
|
55
|
+
end
|
55
56
|
end
|
56
|
-
|
57
|
+
|
57
58
|
test 'email uniqueness' do
|
58
59
|
@credential.email = credentials(:john_email).email
|
59
60
|
assert !@credential.valid?
|
60
61
|
end
|
61
|
-
|
62
|
+
|
62
63
|
test 'authenticate' do
|
63
64
|
assert_equal users(:john), Credentials::Email.authenticate('john@gmail.com')
|
64
65
|
assert_equal users(:jane), Credentials::Email.authenticate('jane@gmail.com')
|
65
66
|
assert_equal :invalid, Credentials::Email.authenticate('bill@gmail.com')
|
66
67
|
end
|
67
|
-
|
68
|
+
|
68
69
|
test 'authenticate calls User#auth_bounce_reason' do
|
69
70
|
with_blocked_credential credentials(:john_email), :reason do
|
70
71
|
assert_equal :reason, Credentials::Email.authenticate('john@gmail.com')
|
@@ -2,9 +2,9 @@ require File.expand_path('../../test_helper', __FILE__)
|
|
2
2
|
|
3
3
|
class EmailVerificationTokenTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
|
-
@credential = Tokens::EmailVerification.new
|
6
|
-
|
7
|
-
|
5
|
+
@credential = Tokens::EmailVerification.new
|
6
|
+
@credential.code = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
|
7
|
+
@credential.key = 'jane@gmail.com'
|
8
8
|
@credential.user = users(:jane)
|
9
9
|
end
|
10
10
|
|
@@ -2,8 +2,8 @@ require File.expand_path('../../test_helper', __FILE__)
|
|
2
2
|
|
3
3
|
class OneTimeTokenCredentialTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
|
-
@credential = Tokens::OneTime.new
|
6
|
-
|
5
|
+
@credential = Tokens::OneTime.new
|
6
|
+
@credential.code = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
|
7
7
|
@credential.user = users(:bill)
|
8
8
|
end
|
9
9
|
|
@@ -2,8 +2,9 @@ require File.expand_path('../../test_helper', __FILE__)
|
|
2
2
|
|
3
3
|
class PasswordCredentialTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
|
-
@credential = Credentials::Password.new
|
6
|
-
|
5
|
+
@credential = Credentials::Password.new
|
6
|
+
@credential.password = 'awesome'
|
7
|
+
@credential.password_confirmation = 'awesome'
|
7
8
|
@credential.user = users(:bill)
|
8
9
|
@_password_expires = Credentials::Password.expires_after
|
9
10
|
end
|
@@ -1,21 +1,21 @@
|
|
1
1
|
require File.expand_path('../../test_helper', __FILE__)
|
2
2
|
|
3
|
-
class PasswordVerificationTokenTest < ActiveSupport::TestCase
|
3
|
+
class PasswordVerificationTokenTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
|
-
@credential = Tokens::PasswordReset.new
|
6
|
-
|
5
|
+
@credential = Tokens::PasswordReset.new
|
6
|
+
@credential.code = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
|
7
7
|
@credential.user = users(:john)
|
8
8
|
end
|
9
|
-
|
9
|
+
|
10
10
|
test 'setup' do
|
11
11
|
assert @credential.valid?
|
12
12
|
end
|
13
|
-
|
13
|
+
|
14
14
|
test 'code required' do
|
15
15
|
@credential.code = nil
|
16
16
|
assert !@credential.valid?
|
17
17
|
end
|
18
|
-
|
18
|
+
|
19
19
|
test 'code uniqueness' do
|
20
20
|
@credential.code = credentials(:john_token).code
|
21
21
|
assert !@credential.valid?
|
@@ -25,21 +25,21 @@ class PasswordVerificationTokenTest < ActiveSupport::TestCase
|
|
25
25
|
@credential.user = nil
|
26
26
|
assert !@credential.valid?
|
27
27
|
end
|
28
|
-
|
28
|
+
|
29
29
|
test 'password_credential' do
|
30
30
|
assert_equal credentials(:john_password), @credential.password_credential
|
31
31
|
assert_equal credentials(:jane_password),
|
32
32
|
credentials(:jane_password_token).password_credential
|
33
|
-
|
33
|
+
|
34
34
|
@credential.user = users(:bill)
|
35
35
|
assert_nil @credential.password_credential
|
36
36
|
end
|
37
|
-
|
37
|
+
|
38
38
|
test 'spend blanks out the password and destroys the token' do
|
39
39
|
password_credential = credentials(:jane_password)
|
40
40
|
credential = credentials(:jane_password_token)
|
41
41
|
assert_equal Tokens::PasswordReset, credential.class, 'bad setup'
|
42
|
-
|
42
|
+
|
43
43
|
assert_difference 'Credential.count', -2 do
|
44
44
|
assert_difference 'Credentials::Password.count', -1 do
|
45
45
|
credential.spend
|
@@ -54,13 +54,13 @@ class PasswordVerificationTokenTest < ActiveSupport::TestCase
|
|
54
54
|
password_credential = credentials(:jane_password)
|
55
55
|
password_credential.destroy
|
56
56
|
credential = credentials(:jane_password_token)
|
57
|
-
|
57
|
+
|
58
58
|
assert_difference 'Credential.count', -1 do
|
59
59
|
credential.spend
|
60
60
|
end
|
61
61
|
assert credential.frozen?, 'not destroyed'
|
62
62
|
end
|
63
|
-
|
63
|
+
|
64
64
|
test 'random_for' do
|
65
65
|
token = Tokens::PasswordReset.random_for users(:john)
|
66
66
|
assert token.valid?, 'valid token'
|
@@ -2,11 +2,11 @@ require File.expand_path('../../test_helper', __FILE__)
|
|
2
2
|
|
3
3
|
class SessionUidTokenTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
|
-
@credential = Tokens::SessionUid.new
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
5
|
+
@credential = Tokens::SessionUid.new
|
6
|
+
@credential.code = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
|
7
|
+
@credential.browser_ip = '18.70.0.160'
|
8
|
+
@credential.browser_ua =
|
9
|
+
'Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1'
|
10
10
|
@credential.user = users(:jane)
|
11
11
|
@_expires_after = Tokens::SessionUid.expires_after
|
12
12
|
end
|
@@ -2,8 +2,8 @@ require File.expand_path('../../test_helper', __FILE__)
|
|
2
2
|
|
3
3
|
class TokenCredentialTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
|
-
@credential = Tokens::Base.new
|
6
|
-
|
5
|
+
@credential = Tokens::Base.new
|
6
|
+
@credential.code = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
|
7
7
|
@credential.user = users(:bill)
|
8
8
|
end
|
9
9
|
|
data/test/helpers/db_setup.rb
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
case ENV['DB']
|
2
2
|
when /mysql/i
|
3
|
-
|
3
|
+
create_sql = 'CREATE DATABASE plugin_dev DEFAULT CHARACTER SET utf8;'
|
4
|
+
if /:(.*)$/ =~ ENV['DB']
|
5
|
+
create_sql.sub! ';', " DEFAULT COLLATE #{$1};"
|
6
|
+
end
|
7
|
+
|
8
|
+
`mysql -u root -e "DROP DATABASE IF EXISTS plugin_dev; #{create_sql}"`
|
4
9
|
ActiveRecord::Base.establish_connection :adapter => 'mysql2',
|
5
10
|
:database => 'plugin_dev', :username => 'root', :password => ''
|
6
11
|
when /pg/i
|
@@ -14,6 +19,8 @@ else
|
|
14
19
|
:database => ':memory:'
|
15
20
|
end
|
16
21
|
ActiveRecord::Base.configurations = true
|
22
|
+
ActiveRecord::Base.mass_assignment_sanitizer = :strict
|
23
|
+
# ActiveRecord::Base.whitelist_attributes = true
|
17
24
|
|
18
25
|
ActiveRecord::Migration.verbose = false
|
19
26
|
require 'authpwn_rails/generators/templates/001_create_users.rb'
|
data/test/user_test.rb
CHANGED
@@ -56,13 +56,6 @@ class UserTest < ActiveSupport::TestCase
|
|
56
56
|
assert_equal nil, User.find_by_param(nil)
|
57
57
|
end
|
58
58
|
|
59
|
-
test 'nested attributes' do
|
60
|
-
@user = User.new :credentials_attributes => { 0 =>
|
61
|
-
{:name => 'test@email.com', :type => 'Credentials::Password'}}
|
62
|
-
assert_equal 1, @user.credentials.length
|
63
|
-
assert_equal 'test@email.com', @user.credentials.first.name
|
64
|
-
end
|
65
|
-
|
66
59
|
test 'authenticate_email' do
|
67
60
|
assert_equal users(:john),
|
68
61
|
User.authenticate_signin('john@gmail.com', 'password')
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authpwn_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.13.
|
4
|
+
version: 0.13.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-10-
|
12
|
+
date: 2012-10-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fbgraph_rails
|
@@ -285,7 +285,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
285
285
|
version: '0'
|
286
286
|
segments:
|
287
287
|
- 0
|
288
|
-
hash: -
|
288
|
+
hash: -2039679637570681553
|
289
289
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
290
290
|
none: false
|
291
291
|
requirements:
|