cbsorcery 0.8.6

data/spec/rails_app/app/views/sorcery_mailer/reset_password_email.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+  </head>
+  <body>
+    <h1>Hello, <%= @user.username %></h1>
+    <p>
+      You have requested to reset your password.
+    </p>
+    <p>
+      To choose a new password, just follow this link: <%= @url %>.
+    </p>
+    <p>Have a great day!</p>
+  </body>
+</html>

data/spec/rails_app/app/views/sorcery_mailer/reset_password_email.text.erb

@@ -0,0 +1,8 @@
+Hello, <%= @user.username %>
+===============================================
+ 
+You have requested to reset your password.
+ 
+To choose a new password, just follow this link: <%= @url %>.
+ 
+Have a great day!

data/spec/rails_app/app/views/sorcery_mailer/send_unlock_token_email.text.erb

@@ -0,0 +1 @@
+Please visit <%= @url %> for unlock your account.

data/spec/rails_app/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run RailsApp::Application

data/spec/rails_app/config/application.rb

@@ -0,0 +1,56 @@
+require File.expand_path('../boot', __FILE__)
+
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "rails/test_unit/railtie"
+
+Bundler.require :default, SORCERY_ORM
+
+begin
+  require "#{SORCERY_ORM}/railtie"
+rescue LoadError
+end
+
+require "sorcery"
+
+module AppRoot
+  class Application < Rails::Application
+    config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) }
+    config.autoload_paths += [ "#{config.root}/app/#{SORCERY_ORM}" ]
+
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # JavaScript files you want as :defaults (application.js is always included).
+    # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    config.action_mailer.delivery_method = :test
+
+    config.active_support.deprecation = :stderr
+  end
+end

data/spec/rails_app/config/boot.rb

@@ -0,0 +1,4 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

data/spec/rails_app/config/database.yml

@@ -0,0 +1,22 @@
+# SQLite version 3.x
+#   gem install sqlite3-ruby (not necessary on OS X Leopard)
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+  # adapter: sqlite3
+  # database: ":memory:"
+
+production:
+  adapter: sqlite3
+  database: ":memory:"

data/spec/rails_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+AppRoot::Application.initialize!

data/spec/rails_app/config/environments/test.rb

@@ -0,0 +1,37 @@
+AppRoot::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+
+  config.eager_load = false
+end

data/spec/rails_app/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/rails_app/config/initializers/inflections.rb

@@ -0,0 +1,10 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end

data/spec/rails_app/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/rails_app/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+AppRoot::Application.config.secret_token = 'a9789f869a0d0ac2f2b683d6e9410c530696b178bca28a7971f4a652b14ff2da89f2cf4dcbf0355f6bc41f81731aa8e46085674d1acc1980436f61cdba76ff5d'

data/spec/rails_app/config/initializers/session_store.rb

@@ -0,0 +1,12 @@
+# Be sure to restart your server when you modify this file.
+
+AppRoot::Application.config.session_store :cookie_store, :key => '_app_root_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# AppRoot::Application.config.session_store :active_record_store
+
+if AppRoot::Application.config.respond_to?(:secret_key_base=)
+  AppRoot::Application.config.secret_key_base = "foobar"
+end

data/spec/rails_app/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/spec/rails_app/config/routes.rb

@@ -0,0 +1,48 @@
+AppRoot::Application.routes.draw do
+  root :to => "application#index"
+
+  controller :sorcery do
+    get :test_login
+    get :test_logout
+    get :some_action
+    post :test_return_to
+    get :test_auto_login
+    post :test_login_with_remember_in_login
+    get :test_login_from_cookie
+    get :test_login_from
+    get :test_logout_with_remember
+    get :test_should_be_logged_in
+    get :test_create_from_provider
+    get :test_add_second_provider
+    get :test_return_to_with_external
+    get :test_login_from
+    get :test_login_from_twitter
+    get :test_login_from_facebook
+    get :test_login_from_github
+    get :test_login_from_google
+    get :test_login_from_liveid
+    get :test_login_from_vk
+    get :test_login_from_jira
+    get :login_at_test
+    get :login_at_test_twitter
+    get :login_at_test_facebook
+    get :login_at_test_github
+    get :login_at_test_google
+    get :login_at_test_liveid
+    get :login_at_test_vk
+    get :login_at_test_jira
+    get :test_return_to_with_external
+    get :test_return_to_with_external_twitter
+    get :test_return_to_with_external_facebook
+    get :test_return_to_with_external_github
+    get :test_return_to_with_external_google
+    get :test_return_to_with_external_liveid
+    get :test_return_to_with_external_vk
+    get :test_return_to_with_external_jira
+    get :test_http_basic_auth
+    get :some_action_making_a_non_persisted_change_to_the_user
+    post :test_login_with_remember
+    get :test_create_from_provider_with_block
+    get :login_at_test_with_state
+  end
+end

data/spec/rails_app/db/migrate/activation/20101224223622_add_activation_to_users.rb

@@ -0,0 +1,17 @@
+class AddActivationToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :activation_state, :string, :default => nil
+    add_column :users, :activation_token, :string, :default => nil
+    add_column :users, :activation_token_expires_at, :datetime, :default => nil
+
+    add_index :users, :activation_token
+  end
+
+  def self.down
+    remove_index :users, :activation_token
+
+    remove_column :users, :activation_token_expires_at
+    remove_column :users, :activation_token
+    remove_column :users, :activation_state
+  end
+end

data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb

@@ -0,0 +1,19 @@
+class AddActivityLoggingToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :last_login_at,     :datetime, :default => nil
+    add_column :users, :last_logout_at,    :datetime, :default => nil
+    add_column :users, :last_activity_at,  :datetime, :default => nil
+    add_column :users, :last_login_from_ip_address,  :string, :default => nil
+    
+    add_index :users, [:last_logout_at, :last_activity_at]
+  end
+
+  def self.down
+    remove_index :users, [:last_logout_at, :last_activity_at]
+    
+    remove_column :users, :last_activity_at
+    remove_column :users, :last_logout_at
+    remove_column :users, :last_login_at
+    remove_column :users, :last_login_from_ip_address
+  end
+end

data/spec/rails_app/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb

@@ -0,0 +1,13 @@
+class AddBruteForceProtectionToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :failed_logins_count, :integer, :default => 0
+    add_column :users, :lock_expires_at, :datetime, :default => nil
+    add_column :users, :unlock_token, :string, :default => nil
+  end
+
+  def self.down
+    remove_column :users, :unlock_token
+    remove_column :users, :lock_expires_at
+    remove_column :users, :failed_logins_count
+  end
+end

data/spec/rails_app/db/migrate/core/20101224223620_create_users.rb

@@ -0,0 +1,16 @@
+class CreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string :username,         :null => false
+      t.string :email,            :default => nil
+      t.string :crypted_password, :default => nil
+      t.string :salt,             :default => nil
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :users
+  end
+end

data/spec/rails_app/db/migrate/external/20101224223628_create_authentications_and_user_providers.rb

@@ -0,0 +1,22 @@
+class CreateAuthenticationsAndUserProviders < ActiveRecord::Migration
+  def self.up
+    create_table :authentications do |t|
+      t.integer :user_id, null: false
+      t.string :provider, :uid, null: false
+
+      t.timestamps
+    end
+
+    create_table :user_providers do |t|
+      t.integer :user_id, null: false
+      t.string :provider, :uid, null: false
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :authentications
+    drop_table :user_providers
+  end
+end

data/spec/rails_app/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb

@@ -0,0 +1,15 @@
+class AddRememberMeTokenToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :remember_me_token, :string, :default => nil
+    add_column :users, :remember_me_token_expires_at, :datetime, :default => nil
+    
+    add_index :users, :remember_me_token
+  end
+
+  def self.down
+    remove_index :users, :remember_me_token
+    
+    remove_column :users, :remember_me_token_expires_at
+    remove_column :users, :remember_me_token
+  end
+end

data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb

@@ -0,0 +1,13 @@
+class AddResetPasswordToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :reset_password_token, :string, :default => nil
+    add_column :users, :reset_password_token_expires_at, :datetime, :default => nil
+    add_column :users, :reset_password_email_sent_at, :datetime, :default => nil
+  end
+
+  def self.down
+    remove_column :users, :reset_password_email_sent_at
+    remove_column :users, :reset_password_token_expires_at
+    remove_column :users, :reset_password_token
+  end
+end

data/spec/rails_app/db/schema.rb

@@ -0,0 +1,23 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20101224223620) do
+
+  create_table "users", :force => true do |t|
+    t.string   "username"
+    t.string   "email"
+    t.string   "crypted_password"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+end

data/spec/rails_app/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+#
+# Examples:
+#
+#   cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }])
+#   Mayor.create(:name => 'Daley', :city => cities.first)

data/spec/shared_examples/user_activation_shared_examples.rb

@@ -0,0 +1,242 @@
+shared_examples_for "rails_3_activation_model" do
+  let(:user) { create_new_user }
+  let(:new_user) { build_new_user }
+
+  context "loaded plugin configuration" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+
+    after(:each) do
+      User.sorcery_config.reset!
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+
+    it "enables configuration option 'activation_state_attribute_name'" do
+      sorcery_model_property_set(:activation_state_attribute_name, :status)
+
+      expect(User.sorcery_config.activation_state_attribute_name).to eq :status
+    end
+
+    it "enables configuration option 'activation_token_attribute_name'" do
+      sorcery_model_property_set(:activation_token_attribute_name, :code)
+
+      expect(User.sorcery_config.activation_token_attribute_name).to eql :code
+    end
+
+    it "enables configuration option 'user_activation_mailer'" do
+      sorcery_model_property_set(:user_activation_mailer, TestMailer)
+
+      expect(User.sorcery_config.user_activation_mailer).to equal(TestMailer)
+    end
+
+    it "enables configuration option 'activation_needed_email_method_name'" do
+      sorcery_model_property_set(:activation_needed_email_method_name, :my_activation_email)
+
+      expect(User.sorcery_config.activation_needed_email_method_name).to eq :my_activation_email
+    end
+
+    it "enables configuration option 'activation_success_email_method_name'" do
+      sorcery_model_property_set(:activation_success_email_method_name, :my_activation_email)
+
+      expect(User.sorcery_config.activation_success_email_method_name).to eq :my_activation_email
+    end
+
+    it "enables configuration option 'activation_mailer_disabled'" do
+      sorcery_model_property_set(:activation_mailer_disabled, :my_activation_mailer_disabled)
+
+      expect(User.sorcery_config.activation_mailer_disabled).to eq :my_activation_mailer_disabled
+    end
+
+    it "if mailer is nil and mailer is enabled, throw exception!" do
+      expect{sorcery_reload!([:user_activation], :activation_mailer_disabled => false)}.to raise_error(ArgumentError)
+    end
+
+    it "if mailer is disabled and mailer is nil, do NOT throw exception" do
+      expect{sorcery_reload!([:user_activation], :activation_mailer_disabled => true)}.to_not raise_error
+    end
+  end
+
+
+  context "activation process" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+
+    it "initializes user state to 'pending'" do
+      expect(user.activation_state).to eq "pending"
+    end
+
+    specify { expect(user).to respond_to :activate! }
+
+    it "clears activation code and change state to 'active' on activation" do
+      activation_token = user.activation_token
+      user.activate!
+      user2 = User.sorcery_adapter.find(user.id) # go to db to make sure it was saved and not just in memory
+
+      expect(user2.activation_token).to be_nil
+      expect(user2.activation_state).to eq "active"
+      expect(User.sorcery_adapter.find_by_activation_token activation_token).to be_nil
+    end
+
+
+    context "mailer is enabled" do
+      it "sends the user an activation email" do
+        old_size = ActionMailer::Base.deliveries.size
+        create_new_user
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 1
+      end
+
+      it "calls send_activation_needed_email! method of user" do
+        expect(new_user).to receive(:send_activation_needed_email!).once
+
+        new_user.sorcery_adapter.save(:raise_on_failure => true)
+      end
+
+      it "subsequent saves do not send activation email" do
+        user
+        old_size = ActionMailer::Base.deliveries.size
+        user.email = "Shauli"
+        user.sorcery_adapter.save(:raise_on_failure => true)
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "sends the user an activation success email on successful activation" do
+        user
+        old_size = ActionMailer::Base.deliveries.size
+        user.activate!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 1
+      end
+
+      it "calls send_activation_success_email! method of user on activation" do
+        expect(user).to receive(:send_activation_success_email!).once
+
+        user.activate!
+      end
+
+      it "subsequent saves do not send activation success email" do
+        user.activate!
+        old_size = ActionMailer::Base.deliveries.size
+        user.email = "Shauli"
+        user.sorcery_adapter.save(:raise_on_failure => true)
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "activation needed email is optional" do
+        sorcery_model_property_set(:activation_needed_email_method_name, nil)
+        old_size = ActionMailer::Base.deliveries.size
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "activation success email is optional" do
+        sorcery_model_property_set(:activation_success_email_method_name, nil)
+        old_size = ActionMailer::Base.deliveries.size
+        user.activate!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+    end
+
+    context "mailer has been disabled" do
+      before(:each) do
+        sorcery_reload!([:user_activation], :activation_mailer_disabled => true, :user_activation_mailer => ::SorceryMailer)
+      end
+
+      it "does not send the user an activation email" do
+        old_size = ActionMailer::Base.deliveries.size
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "does not call send_activation_needed_email! method of user" do
+        user = build_new_user
+
+        expect(user).to receive(:send_activation_needed_email!).never
+
+        user.sorcery_adapter.save(:raise_on_failure => true)
+      end
+
+      it "does not send the user an activation success email on successful activation" do
+        old_size = ActionMailer::Base.deliveries.size
+        user.activate!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "calls send_activation_success_email! method of user on activation" do
+        expect(user).to receive(:send_activation_success_email!).never
+
+        user.activate!
+      end
+    end
+  end
+
+  describe "prevent non-active login feature" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+
+    before(:each) do
+      User.sorcery_adapter.delete_all
+    end
+
+    it "does not allow a non-active user to authenticate" do
+      expect(User.authenticate user.email, 'secret').to be_falsy
+    end
+
+    it "allows a non-active user to authenticate if configured so" do
+      sorcery_model_property_set(:prevent_non_active_users_to_login, false)
+
+      expect(User.authenticate user.email, 'secret').to be_truthy
+    end
+  end
+
+  describe "load_from_activation_token" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+
+    after(:each) do
+      Timecop.return
+    end
+
+    it "load_from_activation_token returns user when token is found" do
+      expect(User.load_from_activation_token user.activation_token).to eq user
+    end
+
+    it "load_from_activation_token does NOT return user when token is NOT found" do
+      expect(User.load_from_activation_token "a").to be_nil
+    end
+
+    it "load_from_activation_token returas user when token is found and not expired" do
+      sorcery_model_property_set(:activation_token_expiration_period, 500)
+
+      expect(User.load_from_activation_token user.activation_token).to eq user
+    end
+
+    it "load_from_activation_token does NOT return user when token is found and expired" do
+      sorcery_model_property_set(:activation_token_expiration_period, 0.1)
+      user
+
+      Timecop.travel(Time.now.in_time_zone+0.5)
+
+      expect(User.load_from_activation_token user.activation_token).to be_nil
+    end
+
+    it "load_from_activation_token returns nil if token is blank" do
+      expect(User.load_from_activation_token nil).to be_nil
+      expect(User.load_from_activation_token "").to be_nil
+    end
+
+    it "load_from_activation_token is always valid if expiration period is nil" do
+      sorcery_model_property_set(:activation_token_expiration_period, nil)
+
+      expect(User.load_from_activation_token user.activation_token).to eq user
+    end
+  end
+end