cbsorcery 0.8.6

data/lib/sorcery/providers/twitter.rb

@@ -0,0 +1,59 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with Twitter.com.
+    #
+    #   config.twitter.key = <key>
+    #   config.twitter.secret = <secret>
+    #   ...
+    #
+    class Twitter < Base
+
+      include Protocols::Oauth
+
+      attr_accessor :state, :user_info_path
+
+      def initialize
+        super
+
+        @site           = 'https://api.twitter.com'
+        @user_info_path = '/1.1/account/verify_credentials.json'
+      end
+
+      # Override included get_consumer method to provide authorize_path
+      def get_consumer
+        ::OAuth::Consumer.new(@key, secret, site: site, authorize_path: '/oauth/authenticate')
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+
+        {}.tap do |h|
+          h[:user_info] = JSON.parse(response.body)
+          h[:uid] = h[:user_info]['id'].to_s
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(params, session)
+        req_token = self.get_request_token
+        session[:request_token]         = req_token.token
+        session[:request_token_secret]  = req_token.secret
+        self.authorize_url({ request_token: req_token.token, request_token_secret: req_token.secret })
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, session)
+        args = {
+          oauth_verifier:       params[:oauth_verifier],
+          request_token:        session[:request_token],
+          request_token_secret: session[:request_token_secret]
+        }
+
+        args.merge!({ code: params[:code] }) if params[:code]
+        get_access_token(args)
+      end
+
+    end
+  end
+end

data/lib/sorcery/providers/vk.rb

@@ -0,0 +1,63 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with vk.com.
+    #
+    #   config.vk.key = <key>
+    #   config.vk.secret = <secret>
+    #   ...
+    #
+    class Vk < Base
+
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :token_path, :user_info_url, :scope
+
+      def initialize
+        super
+
+        @site           = 'https://oauth.vk.com/'
+        @user_info_url  = 'https://api.vk.com/method/getProfiles'
+        @auth_path      = '/authorize'
+        @token_path     = '/access_token'
+        @scope          = 'email'
+      end
+
+      def get_user_hash(access_token)
+        user_hash = {}
+
+        params = {
+          access_token: access_token.token,
+          uids:         access_token.params['user_id'],
+          fields:       user_info_mapping.values.join(','),
+          scope:        scope
+        }
+
+        response = access_token.get(user_info_url, params: params)
+        if user_hash[:user_info] = JSON.parse(response.body)
+          user_hash[:user_info] = user_hash[:user_info]['response'][0]
+          user_hash[:user_info]['full_name'] = [user_hash[:user_info]['first_name'], user_hash[:user_info]['last_name']].join(' ')
+
+          user_hash[:uid] = user_hash[:user_info]['uid']
+          user_hash[:user_info]['email'] = access_token.params['email']
+        end
+        user_hash
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(params, session)
+        self.authorize_url({ authorize_url: auth_path })
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+
+        get_access_token(args, token_url: token_path, token_method: :post)
+      end
+
+    end
+  end
+end

data/lib/sorcery/providers/xing.rb

@@ -0,0 +1,64 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with xing.com.
+    #
+    #   config.xing.key = <key>
+    #   config.xing.secret = <secret>
+    #   ...
+    #
+    class Xing < Base
+
+      include Protocols::Oauth
+
+      attr_accessor :access_token_path, :authorize_path, :request_token_path,
+                    :user_info_path
+
+
+      def initialize
+        @configuration = {
+            site: 'https://api.xing.com/v1',
+            authorize_path: '/authorize',
+            request_token_path: '/request_token',
+            access_token_path: '/access_token'
+        }
+        @user_info_path = '/users/me'
+      end
+
+      # Override included get_consumer method to provide authorize_path
+      def get_consumer
+        ::OAuth::Consumer.new(@key, @secret, @configuration)
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+
+        {}.tap do |h|
+          h[:user_info] = JSON.parse(response.body)['users'].first
+          h[:uid] = user_hash[:user_info]['id'].to_s
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(params, session)
+        req_token = get_request_token
+        session[:request_token]         = req_token.token
+        session[:request_token_secret]  = req_token.secret
+        authorize_url({ request_token: req_token.token, request_token_secret: req_token.secret })
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, session)
+        args = {
+          oauth_verifier:       params[:oauth_verifier],
+          request_token:        session[:request_token],
+          request_token_secret: session[:request_token_secret]
+        }
+
+        args.merge!({ code: params[:code] }) if params[:code]
+        get_access_token(args)
+      end
+
+    end
+  end
+end

data/lib/sorcery/railties/tasks.rake

@@ -0,0 +1,6 @@
+namespace :sorcery do
+  desc "Adds sorcery's initializer file"
+  task :bootstrap do
+    warn "This task is obsolete.\nUse \"rails g sorcery:install\" now.\nSee README for more information."
+  end
+end

data/lib/sorcery/test_helpers/internal.rb

@@ -0,0 +1,78 @@
+module Sorcery
+  module TestHelpers
+    # Internal TestHelpers are used to test the gem, internally, and should not be used to test apps *using* sorcery.
+    # This file will be included in the spec_helper file.
+    module Internal
+      def self.included(base)
+        # reducing default cost for specs speed
+        CryptoProviders::BCrypt.class_eval do
+          class << self
+            def cost
+              1
+            end
+          end
+        end
+      end
+
+      # a patch to fix a bug in testing that happens when you 'destroy' a session twice.
+      # After the first destroy, the session is an ordinary hash, and then when destroy
+      # is called again there's an exception.
+      class ::Hash
+        def destroy
+          clear
+        end
+      end
+
+      def build_new_user(attributes_hash = nil)
+        user_attributes_hash = attributes_hash || {:username => 'gizmo', :email => "bla@bla.com", :password => 'secret'}
+        @user = User.new(user_attributes_hash)
+      end
+
+      def create_new_user(attributes_hash = nil)
+        @user = build_new_user(attributes_hash)
+        @user.sorcery_adapter.save(:raise_on_failure => true)
+        @user
+      end
+
+      def create_new_external_user(provider, attributes_hash = nil)
+        user_attributes_hash = attributes_hash || {:username => 'gizmo'}
+        @user = User.new(user_attributes_hash)
+        @user.sorcery_adapter.save(:raise_on_failure => true)
+        @user.authentications.create!({:provider => provider, :uid => 123})
+        @user
+      end
+
+      def custom_create_new_external_user(provider, authentication_class, attributes_hash = nil)
+        authentication_association = authentication_class.name.underscore.pluralize
+
+        user_attributes_hash = attributes_hash || {:username => 'gizmo'}
+        @user = User.new(user_attributes_hash)
+        @user.sorcery_adapter.save(:raise_on_failure => true)
+        @user.send(authentication_association).create!({:provider => provider, :uid => 123})
+        @user
+      end
+
+      def sorcery_model_property_set(property, *values)
+        User.class_eval do
+          sorcery_config.send(:"#{property}=", *values)
+        end
+      end
+
+      def update_model(&block)
+        User.class_exec(&block)
+      end
+
+      private
+
+      # reload user class between specs
+      # so it will be possible to test the different submodules in isolation
+      def reload_user_class
+        Object.send(:remove_const, "User")
+        load 'user.rb'
+        if User.respond_to?(:reset_column_information)
+          User.reset_column_information
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/test_helpers/internal/rails.rb

@@ -0,0 +1,68 @@
+module Sorcery
+  module TestHelpers
+    module Internal
+      module Rails
+        include ::Sorcery::TestHelpers::Rails::Controller
+
+        SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS = [
+          :register_last_activity_time_to_db,
+          :deny_banned_user,
+          :validate_session
+        ]
+
+        def sorcery_reload!(submodules = [], options = {})
+          reload_user_class
+
+          # return to no-module configuration
+          ::Sorcery::Controller::Config.init!
+          ::Sorcery::Controller::Config.reset!
+
+          # remove all plugin before_filters so they won't fail other tests.
+          # I don't like this way, but I didn't find another.
+          # hopefully it won't break until Rails 4.
+          chain = if Gem::Version.new(::Rails::VERSION::STRING) >= Gem::Version.new("4.1.0")
+                    SorceryController._process_action_callbacks.send :chain
+                  else
+                    SorceryController._process_action_callbacks
+                  end
+
+          chain.delete_if {|c| SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
+
+          # configure
+          ::Sorcery::Controller::Config.submodules = submodules
+          ::Sorcery::Controller::Config.user_class = nil
+          ActionController::Base.send(:include,::Sorcery::Controller)
+          ::Sorcery::Controller::Config.user_class = "User"
+
+          ::Sorcery::Controller::Config.user_config do |user|
+            options.each do |property,value|
+              user.send(:"#{property}=", value)
+            end
+          end
+          User.authenticates_with_sorcery!
+          if defined?(DataMapper) and User.ancestors.include?(DataMapper::Resource)
+            DataMapper.auto_migrate!
+            User.finalize
+            Authentication.finalize
+          end
+        end
+
+        def sorcery_controller_property_set(property, value)
+          ::Sorcery::Controller::Config.send(:"#{property}=", value)
+        end
+
+        def sorcery_controller_external_property_set(provider, property, value)
+          ::Sorcery::Controller::Config.send(provider).send(:"#{property}=", value)
+        end
+
+        # This helper is used to fake multiple users signing in in tests.
+        # It does so by clearing @current_user, thus allowing a new user to login,
+        # all this without calling the :logout action explicitly.
+        # A dirty dirty hack.
+        def clear_user_without_logout
+          subject.instance_variable_set(:@current_user,nil)
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/test_helpers/rails/controller.rb

@@ -0,0 +1,21 @@
+module Sorcery
+  module TestHelpers
+    module Rails
+      module Controller
+        def login_user(user = nil, test_context = {})
+          user ||= @user
+          @controller.send(:auto_login, user)
+          @controller.send(:after_login!, user, [user.send(user.sorcery_config.username_attribute_names.first), 'secret'])
+        end
+
+        def logout_user
+          @controller.send(:logout)
+        end
+
+        def logged_in?
+          @controller.send(:logged_in?)
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/test_helpers/rails/integration.rb

@@ -0,0 +1,26 @@
+module Sorcery
+  module TestHelpers
+    module Rails
+      module Integration
+        
+        #Accepts arguments for user to login, route to use and HTTP method
+        #Defaults - @user, 'sessions_url' and POST
+        def login_user(user = nil, route = nil, http_method = :post)
+          user ||= @user
+          route ||= sessions_url
+
+          username_attr = user.sorcery_config.username_attribute_names.first
+          username = user.send(username_attr)
+          page.driver.send(http_method, route, { :"#{username_attr}" => username, :password => 'secret' })
+        end
+
+        #Accepts route and HTTP method arguments
+        #Default - 'logout_url' and GET
+        def logout_user(route = nil, http_method = :get)
+          route ||= logout_url
+          page.driver.send(http_method, route)
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/version.rb

@@ -0,0 +1,3 @@
+module Sorcery
+  VERSION = "0.8.6"
+end

data/sorcery.gemspec

@@ -0,0 +1,34 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sorcery/version'
+
+Gem::Specification.new do |s|
+  s.name = "cbsorcery"
+  s.version = Sorcery::VERSION
+  s.authors = ["Noam Ben Ari", "Kir Shatrov", "Grzegorz Witek"]
+  s.email = "nbenari@gmail.com"
+  s.description = "Provides common authentication needs such as signing in/out, activating by email and resetting password."
+  s.summary = "Magical authentication for Rails 3 & 4 applications"
+  s.homepage = "http://github.com/NoamB/sorcery"
+
+  s.files         = `git ls-files`.split($/)
+  s.require_paths = ["lib"]
+
+  s.licenses = ["MIT"]
+
+  s.required_ruby_version = '>= 1.9.3'
+
+  s.add_dependency "oauth", "~> 0.4", ">= 0.4.4"
+  s.add_dependency "oauth2", ">= 0.8.0"
+  s.add_dependency "bcrypt", "~> 3.1"
+
+  s.add_development_dependency "abstract", ">= 1.0.0"
+  s.add_development_dependency "json", ">= 1.7.7"
+  s.add_development_dependency "yard", "~> 0.6.0"
+
+  s.add_development_dependency "timecop"
+  s.add_development_dependency "simplecov", ">= 0.3.8"
+  s.add_development_dependency "rspec", "~> 3.0.0"
+  s.add_development_dependency "rspec-rails", "~> 3.0.0"
+end
+

data/spec/active_record/user_activation_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+require 'rails_app/app/mailers/sorcery_mailer'
+require 'shared_examples/user_activation_shared_examples'
+
+describe User, "with activation submodule", :active_record => true do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
+    User.reset_column_information
+  end
+
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
+  end
+
+  it_behaves_like "rails_3_activation_model"
+
+end