authpwn_rails 0.13.2 → 0.13.3

data/Gemfile

@@ -1,11 +1,11 @@
 source :rubygems
 
 gem 'fbgraph_rails', '>= 0.2.2'
-gem 'rails', '>= 3.2.8'
+gem 'rails', '>= 3.2.9'
 
 group :development do
-  gem 'bundler', '>= 1.2.1'
-  gem 'flexmock', '>= 1.0.3'
+  gem 'bundler', '>= 1.2.3'
+  gem 'flexmock', '>= 1.2.0'
   gem 'jeweler', '>= 1.8.4'
   gem 'rcov', '>= 0', :platform => :mri_18
   gem 'simplecov', '>= 0', :platform => :mri_19

data/Gemfile.lock

@@ -1,31 +1,31 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.2.8)
-      actionpack (= 3.2.8)
+    actionmailer (3.2.9)
+      actionpack (= 3.2.9)
       mail (~> 2.4.4)
-    actionpack (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
+    actionpack (3.2.9)
+      activemodel (= 3.2.9)
+      activesupport (= 3.2.9)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
       rack (~> 1.4.0)
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.8)
-      activesupport (= 3.2.8)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.9)
+      activesupport (= 3.2.9)
       builder (~> 3.0.0)
-    activerecord (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
+    activerecord (3.2.9)
+      activemodel (= 3.2.9)
+      activesupport (= 3.2.9)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-    activesupport (3.2.8)
+    activeresource (3.2.9)
+      activemodel (= 3.2.9)
+      activesupport (= 3.2.9)
+    activesupport (3.2.9)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     arel (3.0.2)
@@ -47,7 +47,7 @@ GEM
       json (>= 1.6.1)
       oauth2 (>= 0.5.0)
       rails (>= 3.1.0)
-    flexmock (1.0.4)
+    flexmock (1.2.0)
     git (1.2.5)
     hashie (1.2.0)
     hike (1.2.1)
@@ -67,7 +67,7 @@ GEM
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     mime-types (1.19)
-    multi_json (1.3.6)
+    multi_json (1.5.0)
     multipart-post (1.1.5)
     mysql2 (0.3.11)
     oauth2 (0.8.0)
@@ -85,22 +85,22 @@ GEM
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.8)
-      actionmailer (= 3.2.8)
-      actionpack (= 3.2.8)
-      activerecord (= 3.2.8)
-      activeresource (= 3.2.8)
-      activesupport (= 3.2.8)
+    rails (3.2.9)
+      actionmailer (= 3.2.9)
+      actionpack (= 3.2.9)
+      activerecord (= 3.2.9)
+      activeresource (= 3.2.9)
+      activesupport (= 3.2.9)
       bundler (~> 1.0)
-      railties (= 3.2.8)
-    railties (3.2.8)
-      actionpack (= 3.2.8)
-      activesupport (= 3.2.8)
+      railties (= 3.2.9)
+    railties (3.2.9)
+      actionpack (= 3.2.9)
+      activesupport (= 3.2.9)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
-    rake (0.9.2.2)
+    rake (10.0.3)
     rcov (1.0.0)
     rdoc (3.12)
       json (~> 1.4)
@@ -110,29 +110,30 @@ GEM
       multi_json (~> 1.0)
       simplecov-html (~> 0.7.1)
     simplecov-html (0.7.1)
-    sprockets (2.1.3)
+    sprockets (2.2.2)
       hike (~> 1.2)
+      multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
     sqlite3 (1.3.6)
     thor (0.16.0)
     tilt (1.3.3)
-    treetop (1.4.11)
+    treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.33)
+    tzinfo (0.3.35)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (>= 1.2.1)
+  bundler (>= 1.2.3)
   fbgraph_rails (>= 0.2.2)
-  flexmock (>= 1.0.3)
+  flexmock (>= 1.2.0)
   jeweler (>= 1.8.4)
   mysql2 (>= 0.3.11)
   pg (>= 0.14.1)
-  rails (>= 3.2.8)
+  rails (>= 3.2.9)
   rcov
   simplecov
   sqlite3 (>= 1.3.6)

data/VERSION

@@ -1 +1 @@
-0.13.2
+0.13.3

data/app/models/credentials/facebook.rb

@@ -1,6 +1,6 @@
 # :namespace
 module Credentials
-  
+
 # Associates a Facebook account and OAuth2 token with an account.
 class Facebook < ::Credential
   # The Graph API object ID of the Facebook account.
@@ -20,7 +20,7 @@ class Facebook < ::Credential
   # FBGraph client loaded with this access token.
   def facebook_client
     @client ||= FBGraphRails.fbclient(access_token)
-  end  
+  end
 
   # Finds or creates the model containing a token.
   #
@@ -44,7 +44,7 @@ class Facebook < ::Credential
     end
     credential
   end
-  
+
   # Extracts the Facebook user ID from a OAuth2 token.
   #
   # This used to be a hack that pulled the UID out of an OAuth2 token. The new
@@ -53,9 +53,9 @@ class Facebook < ::Credential
   def self.uid_from_token(access_token)
     FBGraphRails.fbclient(access_token).selection.me.info![:id].to_s
   end
-  
+
   # Forms should not be able to touch any attribute.
   attr_accessible
-end  # class Credentials::Facebook 
+end  # class Credentials::Facebook
 
 end  # namespace Credentials

data/app/models/credentials/password.rb

@@ -19,7 +19,7 @@ class Password < ::Credential
   # Passwords don't expire by default, because it is non-trivial to get e-mail
   # delivery working in Rails, which is necessary for recovering from expired
   # passwords.
-  self.expires_after = nil
+  self.expires_after = Authpwn::Engine.config.authpwn.password_expiration
 
   # Compares a plain-text password against the password hash in this credential.
   #

data/app/models/tokens/email_verification.rb

@@ -12,8 +12,9 @@ class EmailVerification < Tokens::OneTime
   alias_attribute :email, :key
   validates :email, :presence => true
 
-  # Decent compromise between convenience and security.
-  self.expires_after = 3.days
+  # Verification tokens only work this much time after they have been issued.
+  self.expires_after =
+      Authpwn::Engine.config.authpwn.email_verification_expiration
 
   # Creates a token with a random code that verifies the given e-mail address.
   def self.random_for(email_credential)

data/app/models/tokens/password_reset.rb

@@ -3,8 +3,8 @@ module Tokens
 
 # Lets the user to change their password without knowing the old one.
 class PasswordReset < Tokens::OneTime
-  # Decent compromise between convenience and security.
-  self.expires_after = 3.days
+  # Password reset tokens only work this much time after they've been issued.
+  self.expires_after = Authpwn::Engine.config.authpwn.password_reset_expiration
 
   # Blanks the user's old password, so the new password form won't ask for it.
   #

data/app/models/tokens/session_uid.rb

@@ -14,8 +14,8 @@ class SessionUid < Tokens::Base
   # The IP of the computer that received this suid.
   validates :browser_ip, :presence => true
 
-  # Decent compromise between convenience and security.
-  self.expires_after = 14.days
+  # Browser users are logged out if they don't hit the app in this much time.
+  self.expires_after = Authpwn::Engine.config.authpwn.session_expiration
 
   # Creates a new session UID token for a user.
   #
@@ -34,7 +34,7 @@ class SessionUid < Tokens::Base
   # When a session UID is used to authenticate a user, its updated_at time is
   # refreshed if it differs from the current time by this much.
   class_attribute :updates_after, :instance_writer => false
-  self.updates_after = 1.hour
+  self.updates_after = Authpwn::Engine.config.authpwn.session_precision
 
   # Updates the time associated with the session.
   def spend

data/authpwn_rails.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "authpwn_rails"
-  s.version = "0.13.2"
+  s.version = "0.13.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = "2012-10-19"
+  s.date = "2012-12-19"
   s.description = "Works with Facebook."
   s.email = "victor@costan.us"
   s.extra_rdoc_files = [
@@ -95,6 +95,8 @@ Gem::Specification.new do |s|
     "test/helpers/autoload_path.rb",
     "test/helpers/db_setup.rb",
     "test/helpers/fbgraph.rb",
+    "test/helpers/rails.rb",
+    "test/helpers/rails_undo.rb",
     "test/helpers/routes.rb",
     "test/helpers/view_helpers.rb",
     "test/http_basic_controller_test.rb",
@@ -120,9 +122,9 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
-      s.add_runtime_dependency(%q<rails>, [">= 3.2.8"])
-      s.add_development_dependency(%q<bundler>, [">= 1.2.1"])
-      s.add_development_dependency(%q<flexmock>, [">= 1.0.3"])
+      s.add_runtime_dependency(%q<rails>, [">= 3.2.9"])
+      s.add_development_dependency(%q<bundler>, [">= 1.2.3"])
+      s.add_development_dependency(%q<flexmock>, [">= 1.2.0"])
       s.add_development_dependency(%q<jeweler>, [">= 1.8.4"])
       s.add_development_dependency(%q<rcov>, [">= 0"])
       s.add_development_dependency(%q<simplecov>, [">= 0"])
@@ -131,9 +133,9 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<sqlite3>, [">= 1.3.6"])
     else
       s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
-      s.add_dependency(%q<rails>, [">= 3.2.8"])
-      s.add_dependency(%q<bundler>, [">= 1.2.1"])
-      s.add_dependency(%q<flexmock>, [">= 1.0.3"])
+      s.add_dependency(%q<rails>, [">= 3.2.9"])
+      s.add_dependency(%q<bundler>, [">= 1.2.3"])
+      s.add_dependency(%q<flexmock>, [">= 1.2.0"])
       s.add_dependency(%q<jeweler>, [">= 1.8.4"])
       s.add_dependency(%q<rcov>, [">= 0"])
       s.add_dependency(%q<simplecov>, [">= 0"])
@@ -143,9 +145,9 @@ Gem::Specification.new do |s|
     end
   else
     s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
-    s.add_dependency(%q<rails>, [">= 3.2.8"])
-    s.add_dependency(%q<bundler>, [">= 1.2.1"])
-    s.add_dependency(%q<flexmock>, [">= 1.0.3"])
+    s.add_dependency(%q<rails>, [">= 3.2.9"])
+    s.add_dependency(%q<bundler>, [">= 1.2.3"])
+    s.add_dependency(%q<flexmock>, [">= 1.2.0"])
     s.add_dependency(%q<jeweler>, [">= 1.8.4"])
     s.add_dependency(%q<rcov>, [">= 0"])
     s.add_dependency(%q<simplecov>, [">= 0"])

data/lib/authpwn_rails/engine.rb

@@ -1,10 +1,25 @@
 require 'authpwn_rails'
+
+require 'active_support/core_ext/numeric/time.rb'
 require 'rails'
 
 # :nodoc: namespace
 module Authpwn
 
 class Engine < Rails::Engine
+  config.authpwn = ActiveSupport::OrderedOptions.new
+
+  # Credentials::Password.expires_after
+  config.authpwn.password_expiration = nil
+  # Tokens::EmailVerification.expires_after
+  config.authpwn.email_verification_expiration = 3.days
+  # Tokens::PasswordReset.expires_after
+  config.authpwn.password_reset_expiration = 3.days
+  # Tokens::SessionUid.expires_after
+  config.authpwn.session_expiration = 14.days
+  # Tokens::SessionUid.updates_after
+  config.authpwn.session_precision = 14.days
+
   generators do
     require 'authpwn_rails/generators/all_generator.rb'
   end

data/lib/authpwn_rails/generators/templates/initializer.rb

@@ -5,14 +5,14 @@
 # flow, which relies on e-mail delivery. If your application doesn't implement
 # password reset, or doesn't have working e-mail delivery, disable password
 # expiration.
-Credentials::Password.expires_after = 1.year
+Rails.application.config.authpwn.password_expiration = 1.year
 
 # These codes are sent in plaintext in e-mails, be somewhat aggressive.
-Tokens::EmailVerification.expires_after = 3.days
-Tokens::PasswordReset.expires_after = 3.days
+Rails.application.config.authpwn.email_verification_expiration = 3.days
+Rails.application.config.authpwn.password_reset_expiration = 3.days
 
 # Users are identified by cookies whose codes are looked up in the database.
-Tokens::SessionUid.expires_after = 14.days
+Rails.application.config.authpwn.session_expiration = 14.days
 # This knob is a compromise between accurate session expiration and write
 # workload on the database. Keep it below 1% of expires_after.
-Tokens::SessionUid.updates_after = 1.hour
+Rails.application.config.authpwn.session_precision = 1.hour

data/test/helpers/rails.rb

@@ -0,0 +1,24 @@
+# Fake application.
+module AuthpwnApp
+  class Application
+    def config
+      @_config ||= Authpwn::Engine.config
+    end
+  end
+end
+
+# Mock Rails.application.
+module Rails
+  class <<self
+    # Used by the initializer.
+    alias_method :_real_application, :application
+    def application
+      @_app ||= AuthpwnApp::Application.new
+    end
+
+    # Used by fbgraph.
+    def root
+      File.expand_path '../..', File.dirname(__FILE__)
+    end
+  end
+end

data/test/helpers/rails_undo.rb

@@ -0,0 +1,7 @@
+module Rails
+  class <<self
+    remove_method :application
+    alias_method :application, :_real_application
+    remove_method :_real_application
+  end
+end

data/test/test_helper.rb

@@ -2,9 +2,8 @@ require 'rubygems'
 require 'test/unit'
 
 require 'action_mailer'
-require 'action_pack'
 require 'active_record'
-require 'active_support'
+require 'rails'
 
 require 'fbgraph_rails'
 require 'fbgraph_rails/controller'
@@ -20,7 +19,11 @@ require 'helpers/action_mailer.rb'
 require 'helpers/autoload_path.rb'
 require 'helpers/db_setup.rb'
 require 'helpers/fbgraph.rb'
+require 'helpers/rails.rb'
 require 'helpers/routes.rb'
 
 # Simulate Rails' initializer loading.
 require 'authpwn_rails/generators/templates/initializer.rb'
+
+# Rails stubbing is only needed by the initializer, and breaks tests.
+require 'helpers/rails_undo.rb'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authpwn_rails
 version: !ruby/object:Gem::Version
-  version: 0.13.2
+  version: 0.13.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-19 00:00:00.000000000 Z
+date: 2012-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fbgraph_rails
@@ -34,7 +34,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.2.8
+        version: 3.2.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -42,7 +42,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.2.8
+        version: 3.2.9
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -50,7 +50,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.2.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -58,7 +58,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.2.3
 - !ruby/object:Gem::Dependency
   name: flexmock
   requirement: !ruby/object:Gem::Requirement
@@ -66,7 +66,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: jeweler
   requirement: !ruby/object:Gem::Requirement
@@ -257,6 +257,8 @@ files:
 - test/helpers/autoload_path.rb
 - test/helpers/db_setup.rb
 - test/helpers/fbgraph.rb
+- test/helpers/rails.rb
+- test/helpers/rails_undo.rb
 - test/helpers/routes.rb
 - test/helpers/view_helpers.rb
 - test/http_basic_controller_test.rb
@@ -285,7 +287,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -724367736535056714
+      hash: 2295447293099975132
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: