authpwn_rails 0.13.4 → 0.14.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +4 -2
- data/Gemfile +5 -5
- data/Gemfile.lock +47 -45
- data/Gemfile.rails3 +15 -0
- data/Gemfile.rails4 +15 -0
- data/VERSION +1 -1
- data/app/models/credentials/email.rb +35 -19
- data/app/models/credentials/facebook.rb +11 -9
- data/app/models/credentials/password.rb +7 -5
- data/app/models/tokens/base.rb +27 -14
- data/app/models/tokens/email_verification.rb +1 -1
- data/app/models/tokens/session_uid.rb +5 -5
- data/authpwn_rails.gemspec +15 -15
- data/lib/authpwn_rails/credential_model.rb +8 -6
- data/lib/authpwn_rails/expires.rb +1 -1
- data/lib/authpwn_rails/generators/templates/001_create_users.rb +4 -4
- data/lib/authpwn_rails/generators/templates/003_create_credentials.rb +8 -10
- data/lib/authpwn_rails/generators/templates/session/password_change.html.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller.rb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller_test.rb +9 -9
- data/lib/authpwn_rails/http_basic.rb +2 -2
- data/lib/authpwn_rails/routes.rb +18 -18
- data/lib/authpwn_rails/session.rb +3 -3
- data/lib/authpwn_rails/session_controller.rb +39 -25
- data/lib/authpwn_rails/session_mailer.rb +5 -5
- data/lib/authpwn_rails/test_extensions.rb +6 -6
- data/lib/authpwn_rails/user_extensions/email_field.rb +33 -16
- data/lib/authpwn_rails/user_extensions/facebook_fields.rb +1 -1
- data/lib/authpwn_rails/user_extensions/password_field.rb +17 -14
- data/lib/authpwn_rails/user_model.rb +9 -7
- data/test/cookie_controller_test.rb +22 -16
- data/test/credentials/facebook_credential_test.rb +17 -17
- data/test/credentials/password_credential_test.rb +1 -1
- data/test/credentials/password_reset_token_test.rb +1 -1
- data/test/credentials/session_uid_token_test.rb +1 -0
- data/test/credentials/token_crendential_test.rb +2 -4
- data/test/facebook_controller_test.rb +14 -14
- data/test/helpers/action_controller.rb +8 -0
- data/test/helpers/db_setup.rb +11 -9
- data/test/helpers/routes.rb +14 -9
- data/test/http_basic_controller_test.rb +35 -20
- data/test/routes_test.rb +18 -18
- data/test/session_controller_api_test.rb +76 -83
- data/test/test_helper.rb +4 -1
- data/test/user_extensions/email_field_test.rb +1 -1
- data/test/user_extensions/facebook_fields_test.rb +5 -5
- data/test/user_extensions/password_field_test.rb +2 -2
- metadata +14 -27
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
source :rubygems
|
2
2
|
|
3
3
|
gem 'fbgraph_rails', '>= 0.2.2'
|
4
|
-
|
4
|
+
|
5
|
+
gem 'rails', '>= 3.2.12'
|
5
6
|
|
6
7
|
group :development do
|
7
|
-
gem 'bundler', '>= 1.
|
8
|
-
gem '
|
8
|
+
gem 'bundler', '>= 1.3.3'
|
9
|
+
gem 'mocha', '>= 0.13.3'
|
9
10
|
gem 'jeweler', '>= 1.8.4'
|
10
|
-
gem '
|
11
|
-
gem 'simplecov', '>= 0', :platform => :mri_19
|
11
|
+
gem 'simplecov', '>= 0'
|
12
12
|
gem 'mysql2', '>= 0.3.11'
|
13
13
|
gem 'pg', '>= 0.14.1'
|
14
14
|
gem 'sqlite3', '>= 1.3.7'
|
data/Gemfile.lock
CHANGED
@@ -1,37 +1,37 @@
|
|
1
1
|
GEM
|
2
2
|
remote: http://rubygems.org/
|
3
3
|
specs:
|
4
|
-
actionmailer (3.2.
|
5
|
-
actionpack (= 3.2.
|
4
|
+
actionmailer (3.2.12)
|
5
|
+
actionpack (= 3.2.12)
|
6
6
|
mail (~> 2.4.4)
|
7
|
-
actionpack (3.2.
|
8
|
-
activemodel (= 3.2.
|
9
|
-
activesupport (= 3.2.
|
7
|
+
actionpack (3.2.12)
|
8
|
+
activemodel (= 3.2.12)
|
9
|
+
activesupport (= 3.2.12)
|
10
10
|
builder (~> 3.0.0)
|
11
11
|
erubis (~> 2.7.0)
|
12
12
|
journey (~> 1.0.4)
|
13
|
-
rack (~> 1.4.
|
13
|
+
rack (~> 1.4.5)
|
14
14
|
rack-cache (~> 1.2)
|
15
15
|
rack-test (~> 0.6.1)
|
16
16
|
sprockets (~> 2.2.1)
|
17
|
-
activemodel (3.2.
|
18
|
-
activesupport (= 3.2.
|
17
|
+
activemodel (3.2.12)
|
18
|
+
activesupport (= 3.2.12)
|
19
19
|
builder (~> 3.0.0)
|
20
|
-
activerecord (3.2.
|
21
|
-
activemodel (= 3.2.
|
22
|
-
activesupport (= 3.2.
|
20
|
+
activerecord (3.2.12)
|
21
|
+
activemodel (= 3.2.12)
|
22
|
+
activesupport (= 3.2.12)
|
23
23
|
arel (~> 3.0.2)
|
24
24
|
tzinfo (~> 0.3.29)
|
25
|
-
activeresource (3.2.
|
26
|
-
activemodel (= 3.2.
|
27
|
-
activesupport (= 3.2.
|
28
|
-
activesupport (3.2.
|
25
|
+
activeresource (3.2.12)
|
26
|
+
activemodel (= 3.2.12)
|
27
|
+
activesupport (= 3.2.12)
|
28
|
+
activesupport (3.2.12)
|
29
29
|
i18n (~> 0.6)
|
30
30
|
multi_json (~> 1.0)
|
31
31
|
arel (3.0.2)
|
32
32
|
builder (3.0.4)
|
33
33
|
erubis (2.7.0)
|
34
|
-
faraday (0.8.
|
34
|
+
faraday (0.8.6)
|
35
35
|
multipart-post (~> 1.1)
|
36
36
|
fbgraph (1.10.0)
|
37
37
|
activesupport
|
@@ -47,62 +47,65 @@ GEM
|
|
47
47
|
json (>= 1.6.1)
|
48
48
|
oauth2 (>= 0.5.0)
|
49
49
|
rails (>= 3.1.0)
|
50
|
-
flexmock (1.3.0)
|
51
50
|
git (1.2.5)
|
52
|
-
hashie (
|
51
|
+
hashie (2.0.2)
|
53
52
|
hike (1.2.1)
|
54
53
|
httpauth (0.2.0)
|
55
|
-
i18n (0.6.
|
54
|
+
i18n (0.6.4)
|
56
55
|
jeweler (1.8.4)
|
57
56
|
bundler (~> 1.0)
|
58
57
|
git (>= 1.2.5)
|
59
58
|
rake
|
60
59
|
rdoc
|
61
60
|
journey (1.0.4)
|
62
|
-
json (1.7.
|
63
|
-
jwt (0.1.
|
64
|
-
multi_json (>= 1.
|
61
|
+
json (1.7.7)
|
62
|
+
jwt (0.1.7)
|
63
|
+
multi_json (>= 1.5)
|
65
64
|
mail (2.4.4)
|
66
65
|
i18n (>= 0.4.0)
|
67
66
|
mime-types (~> 1.16)
|
68
67
|
treetop (~> 1.4.8)
|
69
|
-
|
70
|
-
|
71
|
-
|
68
|
+
metaclass (0.0.1)
|
69
|
+
mime-types (1.21)
|
70
|
+
mocha (0.13.3)
|
71
|
+
metaclass (~> 0.0.1)
|
72
|
+
multi_json (1.6.1)
|
73
|
+
multi_xml (0.5.3)
|
74
|
+
multipart-post (1.2.0)
|
72
75
|
mysql2 (0.3.11)
|
73
|
-
oauth2 (0.
|
76
|
+
oauth2 (0.9.1)
|
74
77
|
faraday (~> 0.8)
|
75
78
|
httpauth (~> 0.1)
|
76
79
|
jwt (~> 0.1.4)
|
77
80
|
multi_json (~> 1.0)
|
81
|
+
multi_xml (~> 0.5)
|
78
82
|
rack (~> 1.2)
|
79
83
|
pg (0.14.1)
|
80
84
|
polyglot (0.3.3)
|
81
|
-
rack (1.4.
|
85
|
+
rack (1.4.5)
|
82
86
|
rack-cache (1.2)
|
83
87
|
rack (>= 0.4)
|
84
88
|
rack-ssl (1.3.3)
|
85
89
|
rack
|
86
90
|
rack-test (0.6.2)
|
87
91
|
rack (>= 1.0)
|
88
|
-
rails (3.2.
|
89
|
-
actionmailer (= 3.2.
|
90
|
-
actionpack (= 3.2.
|
91
|
-
activerecord (= 3.2.
|
92
|
-
activeresource (= 3.2.
|
93
|
-
activesupport (= 3.2.
|
92
|
+
rails (3.2.12)
|
93
|
+
actionmailer (= 3.2.12)
|
94
|
+
actionpack (= 3.2.12)
|
95
|
+
activerecord (= 3.2.12)
|
96
|
+
activeresource (= 3.2.12)
|
97
|
+
activesupport (= 3.2.12)
|
94
98
|
bundler (~> 1.0)
|
95
|
-
railties (= 3.2.
|
96
|
-
railties (3.2.
|
97
|
-
actionpack (= 3.2.
|
98
|
-
activesupport (= 3.2.
|
99
|
+
railties (= 3.2.12)
|
100
|
+
railties (3.2.12)
|
101
|
+
actionpack (= 3.2.12)
|
102
|
+
activesupport (= 3.2.12)
|
99
103
|
rack-ssl (~> 1.3.2)
|
100
104
|
rake (>= 0.8.7)
|
101
105
|
rdoc (~> 3.4)
|
102
106
|
thor (>= 0.14.6, < 2.0)
|
103
107
|
rake (10.0.3)
|
104
|
-
|
105
|
-
rdoc (3.12)
|
108
|
+
rdoc (3.12.2)
|
106
109
|
json (~> 1.4)
|
107
110
|
rest-client (1.6.7)
|
108
111
|
mime-types (>= 1.16)
|
@@ -117,23 +120,22 @@ GEM
|
|
117
120
|
tilt (~> 1.1, != 1.3.0)
|
118
121
|
sqlite3 (1.3.7)
|
119
122
|
thor (0.17.0)
|
120
|
-
tilt (1.3.
|
123
|
+
tilt (1.3.5)
|
121
124
|
treetop (1.4.12)
|
122
125
|
polyglot
|
123
126
|
polyglot (>= 0.3.1)
|
124
|
-
tzinfo (0.3.
|
127
|
+
tzinfo (0.3.37)
|
125
128
|
|
126
129
|
PLATFORMS
|
127
130
|
ruby
|
128
131
|
|
129
132
|
DEPENDENCIES
|
130
|
-
bundler (>= 1.
|
133
|
+
bundler (>= 1.3.3)
|
131
134
|
fbgraph_rails (>= 0.2.2)
|
132
|
-
flexmock (>= 1.3.0)
|
133
135
|
jeweler (>= 1.8.4)
|
136
|
+
mocha (>= 0.13.3)
|
134
137
|
mysql2 (>= 0.3.11)
|
135
138
|
pg (>= 0.14.1)
|
136
|
-
rails (>= 3.2.
|
137
|
-
rcov
|
139
|
+
rails (>= 3.2.12)
|
138
140
|
simplecov
|
139
141
|
sqlite3 (>= 1.3.7)
|
data/Gemfile.rails3
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
source :rubygems
|
2
|
+
|
3
|
+
gem 'fbgraph_rails', '>= 0.2.2'
|
4
|
+
|
5
|
+
gem 'rails', '>= 3.2.12'
|
6
|
+
|
7
|
+
group :development do
|
8
|
+
gem 'bundler', '>= 1.3.2'
|
9
|
+
gem 'mocha', '>= 0.13.3'
|
10
|
+
gem 'jeweler', '>= 1.8.4'
|
11
|
+
gem 'simplecov', '>= 0'
|
12
|
+
gem 'mysql2', '>= 0.3.11'
|
13
|
+
gem 'pg', '>= 0.14.1'
|
14
|
+
gem 'sqlite3', '>= 1.3.7'
|
15
|
+
end
|
data/Gemfile.rails4
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
source :rubygems
|
2
|
+
|
3
|
+
gem 'fbgraph_rails', '>= 0.2.2'
|
4
|
+
|
5
|
+
gem 'rails', '>= 4.0.0.beta1'
|
6
|
+
|
7
|
+
group :development do
|
8
|
+
gem 'bundler', '>= 1.3.2'
|
9
|
+
gem 'mocha', '>= 0.13.3'
|
10
|
+
gem 'jeweler', '>= 1.8.4'
|
11
|
+
gem 'simplecov', '>= 0'
|
12
|
+
gem 'mysql2', '>= 0.3.11'
|
13
|
+
gem 'pg', '>= 0.14.1'
|
14
|
+
gem 'sqlite3', '>= 1.3.7'
|
15
|
+
end
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.14.0
|
@@ -1,23 +1,23 @@
|
|
1
1
|
# :namespace
|
2
2
|
module Credentials
|
3
|
-
|
3
|
+
|
4
4
|
# Associates an e-mail address with the user account.
|
5
5
|
class Email < ::Credential
|
6
6
|
# The e-mail address.
|
7
7
|
alias_attribute :email, :name
|
8
|
-
validates :name, :
|
9
|
-
:
|
10
|
-
:
|
8
|
+
validates :name, format: /\A[A-Za-z0-9.+_]+@[^@]*\.(\w+)\Z/,
|
9
|
+
presence: true, uniqueness: { scope: [:type],
|
10
|
+
message: 'This e-mail address is already claimed by an account' }
|
11
11
|
|
12
12
|
# '1' if the user proved ownership of the e-mail address.
|
13
|
-
validates :key, :
|
13
|
+
validates :key, presence: true, inclusion: { in: ['0', '1'] }
|
14
14
|
|
15
|
-
before_validation :set_verified_to_false, :
|
15
|
+
before_validation :set_verified_to_false, on: :create
|
16
16
|
# :nodoc: by default, e-mail addresses are not verified
|
17
17
|
def set_verified_to_false
|
18
18
|
self.key ||= '0' if self.key.nil?
|
19
19
|
end
|
20
|
-
|
20
|
+
|
21
21
|
# True if the e-mail has been verified via a token URL.
|
22
22
|
def verified?
|
23
23
|
key == '1'
|
@@ -44,20 +44,36 @@ class Email < ::Credential
|
|
44
44
|
user = credential.user
|
45
45
|
user.auth_bounce_reason(credential) || user
|
46
46
|
end
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
#
|
54
|
-
#
|
55
|
-
|
56
|
-
|
47
|
+
|
48
|
+
begin
|
49
|
+
ActiveRecord::QueryMethods.instance_method :references
|
50
|
+
# Rails 4.
|
51
|
+
|
52
|
+
# Locates the credential holding an e-mail address.
|
53
|
+
#
|
54
|
+
# Returns the User matching the given e-mail, or nil if the e-mail is not
|
55
|
+
# associated with any user.
|
56
|
+
def self.with(email)
|
57
|
+
# This method is likely to be used to kick off a complex authentication
|
58
|
+
# process, so it makes sense to pre-fetch the user's other credentials.
|
59
|
+
Credentials::Email.includes(user: :credentials).where(name: email).
|
60
|
+
references(:credential).first
|
61
|
+
end
|
62
|
+
rescue NameError
|
63
|
+
# Rails 3.
|
64
|
+
|
65
|
+
def self.with(email)
|
66
|
+
# This method is likely to be used to kick off a complex authentication
|
67
|
+
# process, so it makes sense to pre-fetch the user's other credentials.
|
68
|
+
Credentials::Email.includes(user: :credentials).where(name: email).
|
69
|
+
first
|
70
|
+
end
|
57
71
|
end
|
58
72
|
|
59
|
-
|
60
|
-
|
73
|
+
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
74
|
+
# Forms can only change the e-mail in the credential.
|
75
|
+
attr_accessible :email
|
76
|
+
end
|
61
77
|
end # class Credentials::Email
|
62
78
|
|
63
79
|
end # namespace Credentials
|
@@ -5,17 +5,17 @@ module Credentials
|
|
5
5
|
class Facebook < ::Credential
|
6
6
|
# The Graph API object ID of the Facebook account.
|
7
7
|
alias_attribute :facebook_uid, :name
|
8
|
-
validates :name, :
|
9
|
-
:
|
10
|
-
:
|
8
|
+
validates :name, format: /\A\d+\Z/, presence: true,
|
9
|
+
uniqueness: { scope: [:type],
|
10
|
+
message: 'Your Facebook user is already associated to an account' }
|
11
11
|
|
12
12
|
# A user can be associated to a single Facebook account.
|
13
|
-
validates :user_id, :
|
14
|
-
:
|
13
|
+
validates :user_id, uniqueness: {
|
14
|
+
message: 'Your account is already associated to a Facebook user' }
|
15
15
|
|
16
16
|
# OAuth2 token issued by Facebook.
|
17
17
|
alias_attribute :access_token, :key
|
18
|
-
validates :key, :
|
18
|
+
validates :key, presence: true
|
19
19
|
|
20
20
|
# FBGraph client loaded with this access token.
|
21
21
|
def facebook_client
|
@@ -28,7 +28,7 @@ class Facebook < ::Credential
|
|
28
28
|
# token. Otherwise, a new model will be created, together with a user.
|
29
29
|
def self.for(access_token)
|
30
30
|
uid = uid_from_token access_token
|
31
|
-
credential = self.where(:
|
31
|
+
credential = self.where(name: uid.to_str).first
|
32
32
|
if credential
|
33
33
|
credential.key = access_token
|
34
34
|
credential.save!
|
@@ -54,8 +54,10 @@ class Facebook < ::Credential
|
|
54
54
|
FBGraphRails.fbclient(access_token).selection.me.info![:id].to_s
|
55
55
|
end
|
56
56
|
|
57
|
-
|
58
|
-
|
57
|
+
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
58
|
+
# Forms should not be able to touch any attribute.
|
59
|
+
attr_accessible
|
60
|
+
end
|
59
61
|
end # class Credentials::Facebook
|
60
62
|
|
61
63
|
end # namespace Credentials
|
@@ -5,14 +5,14 @@ module Credentials
|
|
5
5
|
class Password < ::Credential
|
6
6
|
# Virtual attribute: the user's password.
|
7
7
|
attr_accessor :password
|
8
|
-
validates :password, :
|
9
|
-
:
|
8
|
+
validates :password, presence: { on: :create },
|
9
|
+
confirmation: { allow_nil: true }
|
10
10
|
|
11
11
|
# Virtual attribute: confirmation for the user's password.
|
12
12
|
attr_accessor :password_confirmation
|
13
13
|
|
14
14
|
# A user can have a single password.
|
15
|
-
validates :user_id, :
|
15
|
+
validates :user_id, uniqueness: true
|
16
16
|
|
17
17
|
# Passwords can expire, if users don't change them often enough.
|
18
18
|
include Authpwn::Expires
|
@@ -73,8 +73,10 @@ class Password < ::Credential
|
|
73
73
|
[(0...12).map { |i| 1 + rand(255) }.pack('C*')].pack('m').strip
|
74
74
|
end
|
75
75
|
|
76
|
-
|
77
|
-
|
76
|
+
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
77
|
+
# Forms can only change the plain-text password fields.
|
78
|
+
attr_accessible :password, :password_confirmation
|
79
|
+
end
|
78
80
|
end # class Credentials::Password
|
79
81
|
|
80
82
|
end # namespace Credentials
|
data/app/models/tokens/base.rb
CHANGED
@@ -26,8 +26,8 @@ class Base < ::Credential
|
|
26
26
|
# Token names are random, so we can expect they'll be unique across the
|
27
27
|
# entire namespace. We need this check to enforce name uniqueness across
|
28
28
|
# different token types.
|
29
|
-
validates :name, :
|
30
|
-
:
|
29
|
+
validates :name, format: /\A[A-Za-z0-9\_\-]+\Z/, presence: true,
|
30
|
+
uniqueness: true
|
31
31
|
|
32
32
|
# Tokens can expire. This is a good idea most of the time, because token
|
33
33
|
# codes are supposed to be used quickly.
|
@@ -45,17 +45,30 @@ class Base < ::Credential
|
|
45
45
|
credential ? credential.authenticate : :invalid
|
46
46
|
end
|
47
47
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
#
|
52
|
-
|
53
|
-
#
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
48
|
+
|
49
|
+
begin
|
50
|
+
ActiveRecord::QueryMethods.instance_method :references
|
51
|
+
# Rails 4.
|
52
|
+
|
53
|
+
# Scope that uses a secret code.
|
54
|
+
def self.with_code(code)
|
55
|
+
# NOTE 1: The where query must be performed off the root type, otherwise
|
56
|
+
# Rails will try to guess the right values for the 'type' column,
|
57
|
+
# and will sometimes get them wrong.
|
58
|
+
# NOTE 2: After using this method, it's likely that the user's other
|
59
|
+
# tokens (e.g., email or Facebook OAuth token) will be required,
|
60
|
+
# so we pre-fetch them.
|
61
|
+
Credential.where(name: code).includes(user: :credentials).
|
62
|
+
where(Credential.arel_table[:type].matches('Tokens::%')).
|
63
|
+
references(:credential)
|
64
|
+
end
|
65
|
+
rescue NameError
|
66
|
+
# Rails 3.
|
67
|
+
|
68
|
+
def self.with_code(code)
|
69
|
+
Credential.where(name: code).includes(user: :credentials).
|
70
|
+
where(Credential.arel_table[:type].matches('Tokens::%'))
|
71
|
+
end
|
59
72
|
end
|
60
73
|
|
61
74
|
# Authenticates a user using this token.
|
@@ -119,7 +132,7 @@ class Base < ::Credential
|
|
119
132
|
# @param [String] param value returned by Token#to_param
|
120
133
|
# @return [ActiveRecord::Relation]
|
121
134
|
def self.with_param(param)
|
122
|
-
where(:
|
135
|
+
where(name: param)
|
123
136
|
end
|
124
137
|
end # class Tokens::Base
|
125
138
|
|
@@ -10,7 +10,7 @@ class EmailVerification < Tokens::OneTime
|
|
10
10
|
# user. Otherwise, a user might be able to change their e-mail address and
|
11
11
|
# then use the token to verify the ownership of the wrong address.
|
12
12
|
alias_attribute :email, :key
|
13
|
-
validates :email, :
|
13
|
+
validates :email, presence: true
|
14
14
|
|
15
15
|
# Verification tokens only work this much time after they have been issued.
|
16
16
|
self.expires_after =
|
@@ -6,13 +6,13 @@ class SessionUid < Tokens::Base
|
|
6
6
|
alias_attribute :suid, :name
|
7
7
|
|
8
8
|
# The IP address and User-Agent string of the browser using this session.
|
9
|
-
store :key, :
|
9
|
+
store :key, accessors: [:browser_ip, :browser_ua]
|
10
10
|
|
11
11
|
# The User-Agent header of the browser that received this suid.
|
12
|
-
validates :browser_ua, :
|
12
|
+
validates :browser_ua, presence: true
|
13
13
|
|
14
14
|
# The IP of the computer that received this suid.
|
15
|
-
validates :browser_ip, :
|
15
|
+
validates :browser_ip, presence: true
|
16
16
|
|
17
17
|
# Browser users are logged out if they don't hit the app in this much time.
|
18
18
|
self.expires_after = Authpwn::Engine.config.authpwn.session_expiration
|
@@ -25,7 +25,7 @@ class SessionUid < Tokens::Base
|
|
25
25
|
# session
|
26
26
|
def self.random_for(user, browser_ip, browser_ua)
|
27
27
|
browser_ua = browser_ua[0, 1536] if browser_ua.length > 1536
|
28
|
-
key = { :
|
28
|
+
key = { browser_ip: browser_ip, browser_ua: browser_ua }
|
29
29
|
super user, key, self
|
30
30
|
end
|
31
31
|
|
@@ -33,7 +33,7 @@ class SessionUid < Tokens::Base
|
|
33
33
|
#
|
34
34
|
# When a session UID is used to authenticate a user, its updated_at time is
|
35
35
|
# refreshed if it differs from the current time by this much.
|
36
|
-
class_attribute :updates_after, :
|
36
|
+
class_attribute :updates_after, instance_writer: false
|
37
37
|
self.updates_after = Authpwn::Engine.config.authpwn.session_precision
|
38
38
|
|
39
39
|
# Updates the time associated with the session.
|
data/authpwn_rails.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "authpwn_rails"
|
8
|
-
s.version = "0.
|
8
|
+
s.version = "0.14.0"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Victor Costan"]
|
12
|
-
s.date = "2013-
|
12
|
+
s.date = "2013-03-14"
|
13
13
|
s.description = "Works with Facebook."
|
14
14
|
s.email = "victor@costan.us"
|
15
15
|
s.extra_rdoc_files = [
|
@@ -22,6 +22,8 @@ Gem::Specification.new do |s|
|
|
22
22
|
".travis.yml",
|
23
23
|
"Gemfile",
|
24
24
|
"Gemfile.lock",
|
25
|
+
"Gemfile.rails3",
|
26
|
+
"Gemfile.rails4",
|
25
27
|
"LICENSE",
|
26
28
|
"README.rdoc",
|
27
29
|
"Rakefile",
|
@@ -90,6 +92,7 @@ Gem::Specification.new do |s|
|
|
90
92
|
"test/fixtures/bare_session/new.html.erb",
|
91
93
|
"test/fixtures/bare_session/password_change.html.erb",
|
92
94
|
"test/fixtures/bare_session/welcome.html.erb",
|
95
|
+
"test/helpers/action_controller.rb",
|
93
96
|
"test/helpers/action_mailer.rb",
|
94
97
|
"test/helpers/application_controller.rb",
|
95
98
|
"test/helpers/autoload_path.rb",
|
@@ -114,7 +117,7 @@ Gem::Specification.new do |s|
|
|
114
117
|
s.homepage = "http://github.com/pwnall/authpwn_rails"
|
115
118
|
s.licenses = ["MIT"]
|
116
119
|
s.require_paths = ["lib"]
|
117
|
-
s.rubygems_version = "1.8.
|
120
|
+
s.rubygems_version = "1.8.25"
|
118
121
|
s.summary = "User authentication for Rails 3 applications."
|
119
122
|
|
120
123
|
if s.respond_to? :specification_version then
|
@@ -122,22 +125,20 @@ Gem::Specification.new do |s|
|
|
122
125
|
|
123
126
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
124
127
|
s.add_runtime_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
|
125
|
-
s.add_runtime_dependency(%q<rails>, [">= 3.2.
|
126
|
-
s.add_development_dependency(%q<bundler>, [">= 1.
|
127
|
-
s.add_development_dependency(%q<
|
128
|
+
s.add_runtime_dependency(%q<rails>, [">= 3.2.12"])
|
129
|
+
s.add_development_dependency(%q<bundler>, [">= 1.3.3"])
|
130
|
+
s.add_development_dependency(%q<mocha>, [">= 0.13.3"])
|
128
131
|
s.add_development_dependency(%q<jeweler>, [">= 1.8.4"])
|
129
|
-
s.add_development_dependency(%q<rcov>, [">= 0"])
|
130
132
|
s.add_development_dependency(%q<simplecov>, [">= 0"])
|
131
133
|
s.add_development_dependency(%q<mysql2>, [">= 0.3.11"])
|
132
134
|
s.add_development_dependency(%q<pg>, [">= 0.14.1"])
|
133
135
|
s.add_development_dependency(%q<sqlite3>, [">= 1.3.7"])
|
134
136
|
else
|
135
137
|
s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
|
136
|
-
s.add_dependency(%q<rails>, [">= 3.2.
|
137
|
-
s.add_dependency(%q<bundler>, [">= 1.
|
138
|
-
s.add_dependency(%q<
|
138
|
+
s.add_dependency(%q<rails>, [">= 3.2.12"])
|
139
|
+
s.add_dependency(%q<bundler>, [">= 1.3.3"])
|
140
|
+
s.add_dependency(%q<mocha>, [">= 0.13.3"])
|
139
141
|
s.add_dependency(%q<jeweler>, [">= 1.8.4"])
|
140
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
141
142
|
s.add_dependency(%q<simplecov>, [">= 0"])
|
142
143
|
s.add_dependency(%q<mysql2>, [">= 0.3.11"])
|
143
144
|
s.add_dependency(%q<pg>, [">= 0.14.1"])
|
@@ -145,11 +146,10 @@ Gem::Specification.new do |s|
|
|
145
146
|
end
|
146
147
|
else
|
147
148
|
s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
|
148
|
-
s.add_dependency(%q<rails>, [">= 3.2.
|
149
|
-
s.add_dependency(%q<bundler>, [">= 1.
|
150
|
-
s.add_dependency(%q<
|
149
|
+
s.add_dependency(%q<rails>, [">= 3.2.12"])
|
150
|
+
s.add_dependency(%q<bundler>, [">= 1.3.3"])
|
151
|
+
s.add_dependency(%q<mocha>, [">= 0.13.3"])
|
151
152
|
s.add_dependency(%q<jeweler>, [">= 1.8.4"])
|
152
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
153
153
|
s.add_dependency(%q<simplecov>, [">= 0"])
|
154
154
|
s.add_dependency(%q<mysql2>, [">= 0.3.11"])
|
155
155
|
s.add_dependency(%q<pg>, [">= 0.14.1"])
|
@@ -11,17 +11,19 @@ module CredentialModel
|
|
11
11
|
|
12
12
|
included do
|
13
13
|
# The user whose token this is.
|
14
|
-
belongs_to :user, :
|
15
|
-
validates :user, :
|
14
|
+
belongs_to :user, inverse_of: :credentials
|
15
|
+
validates :user, presence: true
|
16
16
|
|
17
17
|
# Name that can be used to find the token.
|
18
|
-
validates :name, :
|
19
|
-
:
|
18
|
+
validates :name, length: { in: 1..128, allow_nil: true },
|
19
|
+
uniqueness: { scope: [:type], allow_nil: true }
|
20
20
|
|
21
21
|
# Secret information associated with the token.
|
22
|
-
validates :key, :
|
22
|
+
validates :key, length: { in: 1..2.kilobytes, allow_nil: true }
|
23
23
|
|
24
|
-
|
24
|
+
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
25
|
+
attr_accessible
|
26
|
+
end
|
25
27
|
end
|
26
28
|
|
27
29
|
# Included in the metaclass of models that call pwnauth_facebook_token_model.
|
@@ -10,7 +10,7 @@ module Expires
|
|
10
10
|
#
|
11
11
|
# Users can reset this timer by updating their credentials, e.g. changing
|
12
12
|
# their password.
|
13
|
-
class_attribute :expires_after, :
|
13
|
+
class_attribute :expires_after, instance_writer: false
|
14
14
|
end
|
15
15
|
|
16
16
|
# True if this password is too old and should not be used for authentication.
|
@@ -1,11 +1,11 @@
|
|
1
1
|
class CreateUsers < ActiveRecord::Migration
|
2
2
|
def change
|
3
3
|
create_table :users do |t|
|
4
|
-
t.string :exuid, :
|
5
|
-
|
4
|
+
t.string :exuid, limit: 32, null: false
|
5
|
+
|
6
6
|
t.timestamps
|
7
7
|
end
|
8
|
-
|
9
|
-
add_index :users, :exuid, :
|
8
|
+
|
9
|
+
add_index :users, :exuid, unique: true
|
10
10
|
end
|
11
11
|
end
|