cbsorcery 0.8.6

data/spec/shared_examples/user_activity_logging_shared_examples.rb

@@ -0,0 +1,97 @@
+shared_examples_for "rails_3_activity_logging_model" do
+  context "loaded plugin configuration" do
+    before(:all) do
+      sorcery_reload!([:activity_logging])
+    end
+
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+
+    it "allows configuration option 'last_login_at_attribute_name'" do
+      sorcery_model_property_set(:last_login_at_attribute_name, :login_time)
+
+      expect(User.sorcery_config.last_login_at_attribute_name).to eq :login_time
+    end
+
+    it "allows configuration option 'last_logout_at_attribute_name'" do
+      sorcery_model_property_set(:last_logout_at_attribute_name, :logout_time)
+      expect(User.sorcery_config.last_logout_at_attribute_name).to eq :logout_time
+    end
+
+    it "allows configuration option 'last_activity_at_attribute_name'" do
+      sorcery_model_property_set(:last_activity_at_attribute_name, :activity_time)
+      expect(User.sorcery_config.last_activity_at_attribute_name).to eq :activity_time
+    end
+
+    it "allows configuration option 'last_login_from_ip_adress'" do
+      sorcery_model_property_set(:last_login_from_ip_address_name, :ip_address)
+      expect(User.sorcery_config.last_login_from_ip_address_name).to eq :ip_address
+    end
+
+    describe ".current_users" do
+      let(:user) { create_new_user }
+
+      it "is empty when no users are logged in" do
+        expect(User.current_users).to be_empty
+      end
+
+      it "holds the user object when 1 user is logged in" do
+        user.set_last_activity_at(Time.now.in_time_zone)
+
+        expect(User.current_users).to match([User.sorcery_adapter.find(user.id)])
+      end
+
+      it "'current_users' shows all current_users, whether they have logged out before or not." do
+        User.sorcery_adapter.delete_all
+        user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
+        user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
+        user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
+
+        now = Time.now.in_time_zone
+        [user1, user2, user3].each do |user|
+          user.set_last_login_at(now)
+          user.set_last_activity_at(now)
+        end
+
+        expect(User.current_users.map(&:id)).to match_array([user1, user2, user3].map(&:id))
+        Timecop.travel now + 5
+        user1.set_last_logout_at(Time.now.in_time_zone)
+        expect(User.current_users.map(&:id)).to match_array([user2, user3].map(&:id))
+        Timecop.return
+      end
+
+    end
+
+    it '.set_last_login_at update last_login_at' do
+      user = create_new_user
+      now = Time.now.in_time_zone
+      expect(user.sorcery_adapter).to receive(:update_attribute).with(:last_login_at, now)
+
+      user.set_last_login_at(now)
+    end
+
+    it '.set_last_logout_at update last_logout_at' do
+      user = create_new_user
+      now = Time.now.in_time_zone
+      expect(user.sorcery_adapter).to receive(:update_attribute).with(:last_logout_at, now)
+
+      user.set_last_logout_at(now)
+    end
+
+    it '.set_last_activity_at update last_activity_at' do
+      user = create_new_user
+      now = Time.now.in_time_zone
+      expect(user.sorcery_adapter).to receive(:update_attribute).with(:last_activity_at, now)
+
+      user.set_last_activity_at(now)
+    end
+
+    it '.set_last_ip_addess update last_login_from_ip_address' do
+      user = create_new_user
+      expect(user.sorcery_adapter).to receive(:update_attribute).with(:last_login_from_ip_address, '0.0.0.0')
+
+      user.set_last_ip_addess('0.0.0.0')
+    end
+  end
+end

data/spec/shared_examples/user_brute_force_protection_shared_examples.rb

@@ -0,0 +1,156 @@
+shared_examples_for "rails_3_brute_force_protection_model" do
+  let(:user) { create_new_user }
+  before(:each) do
+    User.sorcery_adapter.delete_all
+  end
+
+
+  context "loaded plugin configuration" do
+
+    let(:config) { User.sorcery_config }
+
+    before(:all) do
+      sorcery_reload!([:brute_force_protection])
+    end
+
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+
+    specify { expect(user).to respond_to(:failed_logins_count) }
+    specify { expect(user).to respond_to(:lock_expires_at) }
+
+    it "enables configuration option 'failed_logins_count_attribute_name'" do
+      sorcery_model_property_set(:failed_logins_count_attribute_name, :my_count)
+      expect(config.failed_logins_count_attribute_name).to eq :my_count
+    end
+
+    it "enables configuration option 'lock_expires_at_attribute_name'" do
+      sorcery_model_property_set(:lock_expires_at_attribute_name, :expires)
+      expect(config.lock_expires_at_attribute_name).to eq :expires
+    end
+
+    it "enables configuration option 'consecutive_login_retries_amount_allowed'" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 34)
+      expect(config.consecutive_login_retries_amount_limit).to eq 34
+    end
+
+    it "enables configuration option 'login_lock_time_period'" do
+      sorcery_model_property_set(:login_lock_time_period, 2.hours)
+      expect(config.login_lock_time_period).to eq 2.hours
+    end
+
+    describe "#locked?" do
+      it "is locked" do
+        user.send("#{config.lock_expires_at_attribute_name}=", Time.now + 5.days)
+        expect(user).to be_locked
+      end
+
+      it "isn't locked" do
+        user.send("#{config.lock_expires_at_attribute_name}=", nil)
+        expect(user).not_to be_locked
+      end
+    end
+  end
+
+  describe "#register_failed_login!" do
+    it "locks user when number of retries reached the limit" do
+      expect(user.lock_expires_at).to be_nil
+
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
+      user.register_failed_login!
+      lock_expires_at = User.sorcery_adapter.find_by_id(user.id).lock_expires_at
+
+      expect(lock_expires_at).not_to be_nil
+    end
+
+    context "unlock_token_mailer_disabled is true" do
+      it "does not automatically send unlock email" do
+        sorcery_model_property_set(:unlock_token_mailer_disabled, true)
+        sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+        sorcery_model_property_set(:login_lock_time_period, 0)
+        sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
+
+        3.times { user.register_failed_login! }
+
+        expect(ActionMailer::Base.deliveries.size).to eq 0
+
+      end
+    end
+
+    context "unlock_token_mailer_disabled is false" do
+      before do
+        sorcery_model_property_set(:unlock_token_mailer_disabled, false)
+        sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+        sorcery_model_property_set(:login_lock_time_period, 0)
+        sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
+      end
+
+      it "does not automatically send unlock email" do
+        3.times { user.register_failed_login! }
+
+        expect(ActionMailer::Base.deliveries.size).to eq 1
+      end
+
+      it "generates unlock token before mail is sent" do
+        3.times { user.register_failed_login! }
+
+        expect(ActionMailer::Base.deliveries.last.body.to_s.match(user.unlock_token)).not_to be_nil
+      end
+    end
+  end
+
+  context ".authenticate" do
+
+    it "unlocks after lock time period passes" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0.2)
+      2.times { user.register_failed_login! }
+
+      lock_expires_at = User.sorcery_adapter.find_by_id(user.id).lock_expires_at
+      expect(lock_expires_at).not_to be_nil
+
+      Timecop.travel(Time.now.in_time_zone + 0.3)
+      User.authenticate('bla@bla.com', 'secret')
+
+      lock_expires_at = User.sorcery_adapter.find_by_id(user.id).lock_expires_at
+      expect(lock_expires_at).to be_nil
+      Timecop.return
+    end
+
+    it "doest not unlock if time period is 0 (permanent lock)" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0)
+
+      2.times { user.register_failed_login! }
+
+      unlock_date = user.lock_expires_at
+      Timecop.travel(Time.now.in_time_zone + 1)
+
+      user.register_failed_login!
+
+      expect(user.lock_expires_at.to_s).to eq unlock_date.to_s
+      Timecop.return
+    end
+
+  end
+
+  describe "#unlock!" do
+    it "unlocks after entering unlock token" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0)
+      sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
+      3.times { user.register_failed_login! }
+
+      expect(user.unlock_token).not_to be_nil
+
+      token = user.unlock_token
+      user = User.load_from_unlock_token(token)
+
+      expect(user).not_to be_nil
+
+      user.unlock!
+      expect(User.load_from_unlock_token(user.unlock_token)).to be_nil
+    end
+  end
+end

data/spec/shared_examples/user_oauth_shared_examples.rb

@@ -0,0 +1,36 @@
+shared_examples_for "rails_3_oauth_model" do
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+
+  let(:external_user) { create_new_external_user :twitter }
+
+  describe "loaded plugin configuration" do
+
+    before(:all) do
+      Authentication.sorcery_adapter.delete_all
+      User.sorcery_adapter.delete_all
+
+      sorcery_reload!([:external])
+      sorcery_controller_property_set(:external_providers, [:twitter])
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_external_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
+    end
+
+    it "responds to 'load_from_provider'" do
+      expect(User).to respond_to(:load_from_provider)
+    end
+
+    it "'load_from_provider' loads user if exists" do
+      external_user
+      expect(User.load_from_provider :twitter, 123).to eq external_user
+    end
+
+    it "'load_from_provider' returns nil if user doesn't exist" do
+      external_user
+      expect(User.load_from_provider :twitter, 980342).to be_nil
+    end
+
+  end
+
+end

data/spec/shared_examples/user_remember_me_shared_examples.rb

@@ -0,0 +1,57 @@
+shared_examples_for "rails_3_remember_me_model" do
+  let(:user) { create_new_user }
+
+  describe "loaded plugin configuration" do
+
+    before(:all) do
+      sorcery_reload!([:remember_me])
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+    
+    it "allows configuration option 'remember_me_token_attribute_name'" do
+      sorcery_model_property_set(:remember_me_token_attribute_name, :my_token)
+
+      expect(User.sorcery_config.remember_me_token_attribute_name).to eq :my_token
+    end
+
+    it "allows configuration option 'remember_me_token_expires_at_attribute_name'" do
+      sorcery_model_property_set(:remember_me_token_expires_at_attribute_name, :my_expires)
+
+      expect(User.sorcery_config.remember_me_token_expires_at_attribute_name).to eq :my_expires
+    end
+    
+    specify { expect(user).to respond_to :remember_me! }
+
+    specify { expect(user).to respond_to :forget_me! }
+    
+    it "generates a new token on 'remember_me!'" do
+      expect(user.remember_me_token).to be_nil
+
+      user.remember_me!
+
+      expect(user.remember_me_token).not_to be_nil
+    end
+    
+    # FIXME: assert on line 37 sometimes fails by a second
+    it "sets an expiration based on 'remember_me_for' attribute" do
+      sorcery_model_property_set(:remember_me_for, 2 * 60 * 60 * 24)
+      user.remember_me!
+
+      expect(user.remember_me_token_expires_at.utc.to_s).to eq (Time.now.in_time_zone + 2 * 60 * 60 * 24).utc.to_s
+    end
+    
+    it "deletes the token and expiration on 'forget_me!'" do
+      user.remember_me!
+
+      expect(user.remember_me_token).not_to be_nil
+
+      user.forget_me!
+
+      expect(user.remember_me_token).to be_nil
+      expect(user.remember_me_token_expires_at).to be_nil
+    end
+  end
+end

data/spec/shared_examples/user_reset_password_shared_examples.rb

@@ -0,0 +1,263 @@
+shared_examples_for "rails_3_reset_password_model" do
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  let(:user) { create_new_user }
+
+  describe "loaded plugin configuration" do
+
+    before(:all) do
+      sorcery_reload!([:reset_password], :reset_password_mailer => ::SorceryMailer)
+    end
+
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+
+    context "API" do
+
+      specify { expect(user).to respond_to :deliver_reset_password_instructions! }
+
+      specify { expect(user).to respond_to :change_password! }
+
+      it "responds to .load_from_reset_password_token" do
+        expect(User).to respond_to :load_from_reset_password_token
+      end
+    end
+
+    it "allows configuration option 'reset_password_token_attribute_name'" do
+      sorcery_model_property_set(:reset_password_token_attribute_name, :my_code)
+
+      expect(User.sorcery_config.reset_password_token_attribute_name).to eq :my_code
+    end
+
+    it "allows configuration option 'reset_password_mailer'" do
+      sorcery_model_property_set(:reset_password_mailer, TestUser)
+
+      expect(User.sorcery_config.reset_password_mailer).to eq TestUser
+    end
+
+    it "enables configuration option 'reset_password_mailer_disabled'" do
+      sorcery_model_property_set(:reset_password_mailer_disabled, :my_reset_password_mailer_disabled)
+
+      expect(User.sorcery_config.reset_password_mailer_disabled).to eq :my_reset_password_mailer_disabled
+    end
+
+    it "if mailer is nil and mailer is enabled, throw exception!" do
+      expect{sorcery_reload!([:reset_password], :reset_password_mailer_disabled => false)}.to raise_error(ArgumentError)
+    end
+
+    it "if mailer is disabled and mailer is nil, do NOT throw exception" do
+      expect{sorcery_reload!([:reset_password], :reset_password_mailer_disabled => true)}.to_not raise_error
+    end
+
+    it "allows configuration option 'reset_password_email_method_name'" do
+      sorcery_model_property_set(:reset_password_email_method_name, :my_mailer_method)
+
+      expect(User.sorcery_config.reset_password_email_method_name).to eq :my_mailer_method
+    end
+
+    it "allows configuration option 'reset_password_expiration_period'" do
+      sorcery_model_property_set(:reset_password_expiration_period, 16)
+
+      expect(User.sorcery_config.reset_password_expiration_period).to eq 16
+    end
+
+    it "allows configuration option 'reset_password_email_sent_at_attribute_name'" do
+      sorcery_model_property_set(:reset_password_email_sent_at_attribute_name, :blabla)
+
+      expect(User.sorcery_config.reset_password_email_sent_at_attribute_name).to eq :blabla
+    end
+
+    it "allows configuration option 'reset_password_time_between_emails'" do
+      sorcery_model_property_set(:reset_password_time_between_emails, 16)
+
+      expect(User.sorcery_config.reset_password_time_between_emails).to eq 16
+    end
+  end
+
+
+  describe "when activated with sorcery" do
+
+    before(:all) do
+      sorcery_reload!([:reset_password], :reset_password_mailer => ::SorceryMailer)
+    end
+
+    before(:each) do
+      User.sorcery_adapter.delete_all
+      user
+    end
+
+    after(:each) do
+      Timecop.return
+    end
+
+    it "load_from_reset_password_token returns user when token is found" do
+      user.generate_reset_password_token!
+      updated_user  = User.sorcery_adapter.find(user.id)
+
+      expect(User.load_from_reset_password_token user.reset_password_token).to eq updated_user
+    end
+
+    it "load_from_reset_password_token does NOT return user when token is NOT found" do
+      user.generate_reset_password_token!
+
+      expect(User.load_from_reset_password_token "a").to be_nil
+    end
+
+    it "load_from_reset_password_token returns user when token is found and not expired" do
+      sorcery_model_property_set(:reset_password_expiration_period, 500)
+      user.generate_reset_password_token!
+      updated_user  = User.sorcery_adapter.find(user.id)
+
+      expect(User.load_from_reset_password_token user.reset_password_token).to eq updated_user
+    end
+
+    it "load_from_reset_password_token does NOT return user when token is found and expired" do
+      sorcery_model_property_set(:reset_password_expiration_period, 0.1)
+      user.generate_reset_password_token!
+      Timecop.travel(Time.now.in_time_zone+0.5)
+
+      expect(User.load_from_reset_password_token user.reset_password_token).to be_nil
+    end
+
+    it "load_from_reset_password_token is always valid if expiration period is nil" do
+      sorcery_model_property_set(:reset_password_expiration_period, nil)
+      user.generate_reset_password_token!
+      updated_user  = User.sorcery_adapter.find(user.id)
+
+      expect(User.load_from_reset_password_token user.reset_password_token).to eq updated_user
+    end
+
+    it "load_from_reset_password_token returns nil if token is blank" do
+      expect(User.load_from_reset_password_token nil).to be_nil
+      expect(User.load_from_reset_password_token "").to be_nil
+    end
+
+    it "'deliver_reset_password_instructions!' generates a reset_password_token" do
+      expect(user.reset_password_token).to be_nil
+
+      user.deliver_reset_password_instructions!
+
+      expect(user.reset_password_token).not_to be_nil
+    end
+
+    it "the reset_password_token is random" do
+      sorcery_model_property_set(:reset_password_time_between_emails, 0)
+      user.deliver_reset_password_instructions!
+      old_password_code = user.reset_password_token
+      user.deliver_reset_password_instructions!
+
+      expect(user.reset_password_token).not_to eq old_password_code
+    end
+
+    context "mailer is enabled" do
+      it "sends an email on reset" do
+        old_size = ActionMailer::Base.deliveries.size
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 1
+      end
+
+      it "calls send_reset_password_email! on reset" do
+        expect(user).to receive(:send_reset_password_email!).once
+
+        user.deliver_reset_password_instructions!
+      end
+
+      it "does not send an email if time between emails has not passed since last email" do
+        sorcery_model_property_set(:reset_password_time_between_emails, 10000)
+        old_size = ActionMailer::Base.deliveries.size
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 1
+
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 1
+      end
+
+      it "sends an email if time between emails has passed since last email" do
+        sorcery_model_property_set(:reset_password_time_between_emails, 0.5)
+        old_size = ActionMailer::Base.deliveries.size
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 1
+
+        Timecop.travel(Time.now.in_time_zone+0.5)
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 2
+      end
+    end
+
+    context "mailer is disabled" do
+
+      before(:all) do
+        sorcery_reload!([:reset_password], :reset_password_mailer_disabled => true, :reset_password_mailer => ::SorceryMailer)
+      end
+
+      it "sends an email on reset" do
+        old_size = ActionMailer::Base.deliveries.size
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "does not call send_reset_password_email! on reset" do
+        expect(user).to receive(:send_reset_password_email!).never
+
+        user.deliver_reset_password_instructions!
+      end
+
+      it "does not send an email if time between emails has not passed since last email" do
+        sorcery_model_property_set(:reset_password_time_between_emails, 10000)
+        old_size = ActionMailer::Base.deliveries.size
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "sends an email if time between emails has passed since last email" do
+        sorcery_model_property_set(:reset_password_time_between_emails, 0.5)
+        old_size = ActionMailer::Base.deliveries.size
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+
+        Timecop.travel(Time.now.in_time_zone+0.5)
+        user.deliver_reset_password_instructions!
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+    end
+
+    it "when change_password! is called, deletes reset_password_token" do
+      user.deliver_reset_password_instructions!
+
+      expect(user.reset_password_token).not_to be_nil
+
+      user.change_password!("blabulsdf")
+      user.save!
+
+      expect(user.reset_password_token).to be_nil
+    end
+
+    it "returns false if time between emails has not passed since last email" do
+      sorcery_model_property_set(:reset_password_time_between_emails, 10000)
+      user.deliver_reset_password_instructions!
+
+      expect(user.deliver_reset_password_instructions!).to be false
+    end
+
+    it "encrypts properly on reset" do
+      user.deliver_reset_password_instructions!
+      user.change_password!("blagu")
+
+      expect(Sorcery::CryptoProviders::BCrypt.matches? user.crypted_password, "blagu", user.salt).to be true
+    end
+
+  end
+end