cotweet-authlogic 2.1.6

data/test/acts_as_authentic_test/single_access_test.rb

@@ -0,0 +1,44 @@
+require 'test_helper'
+
+module ActsAsAuthenticTest
+  class SingleAccessTest < ActiveSupport::TestCase
+    def test_change_single_access_token_with_password_config
+      assert !User.change_single_access_token_with_password
+      assert !Employee.change_single_access_token_with_password
+      
+      User.change_single_access_token_with_password = true
+      assert User.change_single_access_token_with_password
+      User.change_single_access_token_with_password false
+      assert !User.change_single_access_token_with_password
+    end
+    
+    def test_validates_uniqueness_of_single_access_token
+      u = User.new
+      u.single_access_token = users(:ben).single_access_token
+      assert !u.valid?
+      assert u.errors[:single_access_token].size > 0
+    end
+    
+    def test_before_validation_reset_single_access_token
+      u = User.new
+      assert !u.valid?
+      assert_not_nil u.single_access_token
+    end
+    
+    def test_after_password_set_reset_single_access_token
+      User.change_single_access_token_with_password = true
+      
+      ben = users(:ben)
+      old_single_access_token = ben.single_access_token
+      ben.password = "new_pass"
+      assert_not_equal old_single_access_token, ben.single_access_token
+      
+      User.change_single_access_token_with_password = false
+    end
+    
+    def test_after_password_set_is_not_called
+      ldaper = Ldaper.new
+      assert ldaper.save
+    end
+  end
+end

data/test/authenticates_many_test.rb

@@ -0,0 +1,16 @@
+require 'test_helper'
+
+class AuthenticatesManyTest < ActiveSupport::TestCase
+  def test_scoping
+    zack = users(:zack)
+    ben = users(:ben)
+    binary_logic = companies(:binary_logic)
+    set_session_for(zack)
+    
+    assert !binary_logic.user_sessions.find
+    
+    set_session_for(ben)
+    
+    assert binary_logic.user_sessions.find
+  end
+end

data/test/crypto_provider_test/aes256_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+module CryptoProviderTest
+  class AES256Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::AES256.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::AES256.encrypt("mypass")
+      assert Authlogic::CryptoProviders::AES256.matches?(hash, "mypass")
+    end
+  end
+end

data/test/crypto_provider_test/bcrypt_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+module CryptoProviderTest
+  class BCrpytTest < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
+      assert Authlogic::CryptoProviders::BCrypt.matches?(hash, "mypass")
+    end
+  end
+end

data/test/crypto_provider_test/sha1_test.rb

@@ -0,0 +1,23 @@
+require 'test_helper'
+
+module CryptoProviderTest
+  class Sha1Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha1.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::Sha1.encrypt("mypass")
+      assert Authlogic::CryptoProviders::Sha1.matches?(hash, "mypass")
+    end
+    
+    def test_old_restful_authentication_passwords
+      password = "test"
+      salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
+      digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
+      Authlogic::CryptoProviders::Sha1.stretches = 1
+      assert Authlogic::CryptoProviders::Sha1.matches?(digest, nil, salt, password, nil)
+      Authlogic::CryptoProviders::Sha1.stretches = 10
+    end
+  end
+end

data/test/crypto_provider_test/sha256_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+module CryptoProviderTest
+  class Sha256Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha256.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::Sha256.encrypt("mypass")
+      assert Authlogic::CryptoProviders::Sha256.matches?(hash, "mypass")
+    end
+  end
+end

data/test/crypto_provider_test/sha512_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+module CryptoProviderTest
+  class Sha512Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha512.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::Sha512.encrypt("mypass")
+      assert Authlogic::CryptoProviders::Sha512.matches?(hash, "mypass")
+    end
+  end
+end

data/test/fixtures/companies.yml

@@ -0,0 +1,5 @@
+binary_logic:
+  name: Binary Logic
+  
+logic_over_data:
+  name: Logic Over Data

data/test/fixtures/employees.yml

@@ -0,0 +1,17 @@
+drew:
+  company: binary_logic
+  email: dgainor@binarylogic.com
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: '<%= Employee.crypto_provider.encrypt("drewrocks" + salt) %>'
+  persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
+  first_name: Drew
+  last_name: Gainor
+  
+jennifer:
+  company: logic_over_data
+  email: jjohnson@logicoverdata.com
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: '<%= Employee.crypto_provider.encrypt("jenniferocks" + salt) %>'
+  persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
+  first_name: Jennifer
+  last_name: Johnson

data/test/fixtures/projects.yml

@@ -0,0 +1,3 @@
+web_services:
+  name: web services
+  users: ben, zack

data/test/fixtures/users.yml

@@ -0,0 +1,24 @@
+ben:
+  company: binary_logic
+  projects: web_services
+  login: bjohnson
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  perishable_token: <%= Authlogic::Random.friendly_token %>
+  email: bjohnson@binarylogic.com
+  first_name: Ben
+  last_name: Johnson
+  
+zack:
+  company: logic_over_data
+  projects: web_services
+  login: zackham
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
+  persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  email: zham@ziggityzack.com
+  first_name: Zack
+  last_name: Ham

data/test/i18n_test.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+class I18nTest < ActiveSupport::TestCase
+  def test_uses_authlogic_as_scope_by_default
+    assert_equal :authlogic, Authlogic::I18n.scope
+  end
+  
+  def test_can_set_scope
+    assert_nothing_raised { Authlogic::I18n.scope = [:a, :b] }
+    assert_equal [:a, :b], Authlogic::I18n.scope
+    Authlogic::I18n.scope = :authlogic
+  end
+  
+  def test_uses_built_in_translator_by_default
+    assert_equal Authlogic::I18n::Translator, Authlogic::I18n.translator.class
+  end
+  
+  def test_can_set_custom_translator
+    old_translator = Authlogic::I18n.translator
+    
+    assert_nothing_raised do
+      Authlogic::I18n.translator = Class.new do
+        def translate(key, options = {})
+          "Translated: #{key}"
+        end
+      end.new
+    end
+
+    assert_equal "Translated: x", Authlogic::I18n.translate(:x)
+    
+    Authlogic::I18n.translator = old_translator
+  end
+end

data/test/libs/affiliate.rb

@@ -0,0 +1,7 @@
+class Affiliate < ActiveRecord::Base
+  acts_as_authentic do |c|
+    c.crypted_password_field = :pw_hash
+  end
+  
+  belongs_to :company
+end

data/test/libs/company.rb

@@ -0,0 +1,6 @@
+class Company < ActiveRecord::Base
+  authenticates_many :employee_sessions
+  authenticates_many :user_sessions
+  has_many :employees, :dependent => :destroy
+  has_many :users, :dependent => :destroy
+end

data/test/libs/employee.rb

@@ -0,0 +1,7 @@
+class Employee < ActiveRecord::Base
+  acts_as_authentic do |c|
+    c.crypto_provider Authlogic::CryptoProviders::AES256
+  end
+  
+  belongs_to :company
+end

data/test/libs/employee_session.rb

@@ -0,0 +1,2 @@
+class EmployeeSession < Authlogic::Session::Base
+end

data/test/libs/ldaper.rb

@@ -0,0 +1,3 @@
+class Ldaper < ActiveRecord::Base
+  acts_as_authentic
+end

data/test/libs/ordered_hash.rb

@@ -0,0 +1,9 @@
+class Hash
+  def each(&block)
+    sorted_keys = keys.sort { |a, b| a.to_s <=> b.to_s }
+    sorted_keys.each do |key|
+      yield key, self[key]
+    end
+    self
+  end
+end

data/test/libs/project.rb

@@ -0,0 +1,3 @@
+class Project < ActiveRecord::Base
+  has_and_belongs_to_many :users
+end

data/test/libs/user.rb

@@ -0,0 +1,5 @@
+class User < ActiveRecord::Base
+  acts_as_authentic
+  belongs_to :company
+  has_and_belongs_to_many :projects
+end

data/test/libs/user_session.rb

@@ -0,0 +1,6 @@
+class UserSession < Authlogic::Session::Base
+end
+
+class BackOfficeUserSession < Authlogic::Session::Base
+  authenticate_with User
+end

data/test/random_test.rb

@@ -0,0 +1,42 @@
+require 'test_helper'
+
+class RandomTest < ActiveSupport::TestCase
+  def test_random_tokens_are_indeed_random
+    # this might fail if you are *really* unlucky :)
+    with_any_random do
+      assert_not_equal Authlogic::Random.hex_token,       Authlogic::Random.hex_token
+      assert_not_equal Authlogic::Random.friendly_token,  Authlogic::Random.friendly_token
+    end
+  end
+
+  private
+    def with_any_random(&block)
+      [true, false].each {|val| with_secure_random_enabled(val, &block)}
+    end
+
+    def with_secure_random_enabled(enabled = true)
+      # can't really test SecureRandom if we don't have an implementation
+      return if enabled && !Authlogic::Random::SecureRandom
+    
+      current_sec_rand = Authlogic::Random::SecureRandom
+      reload_authlogic_with_sec_random!(current_sec_rand, enabled)
+  
+      yield
+    ensure
+      reload_authlogic_with_sec_random!(current_sec_rand)
+    end
+
+    def reload_authlogic_with_sec_random!(secure_random, enabled = true)
+      silence_warnings do
+        secure_random.parent.const_set(secure_random.name.sub("#{secure_random.parent}::", ''), enabled ? secure_random : nil)
+        load(File.dirname(__FILE__) + '/../lib/authlogic/random.rb')
+      end
+    end
+
+    def silence_warnings
+      old_verbose, $VERBOSE = $VERBOSE, nil
+      yield
+    ensure
+      $VERBOSE = old_verbose
+    end
+end

data/test/session_test/activation_test.rb

@@ -0,0 +1,43 @@
+require 'test_helper'
+
+module SessionTest
+  module ActivationTest
+    class ClassMethodsTest < ActiveSupport::TestCase
+      def test_activated
+        assert UserSession.activated?
+        Authlogic::Session::Base.controller = nil
+        assert !UserSession.activated?
+      end
+    
+      def test_controller
+        Authlogic::Session::Base.controller = nil
+        assert_nil Authlogic::Session::Base.controller
+        thread1 = Thread.new do
+          controller = MockController.new
+          Authlogic::Session::Base.controller = controller
+          assert_equal controller, Authlogic::Session::Base.controller
+        end
+        thread1.join
+
+        assert_nil Authlogic::Session::Base.controller
+      
+        thread2 = Thread.new do
+          controller = MockController.new
+          Authlogic::Session::Base.controller = controller
+          assert_equal controller, Authlogic::Session::Base.controller
+        end
+        thread2.join
+      
+        assert_nil Authlogic::Session::Base.controller
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_init
+        UserSession.controller = nil
+        assert_raise(Authlogic::Session::Activation::NotActivatedError) { UserSession.new }
+        UserSession.controller = controller
+      end
+    end
+  end
+end

data/test/session_test/active_record_trickery_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+
+module SessionTest
+  module ActiveRecordTrickeryTest
+    class ClassMethodsTest < ActiveSupport::TestCase
+      def test_human_attribute_name
+        assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
+        assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
+      end
+    
+      def test_human_name
+        assert_equal "Usersession", UserSession.human_name
+      end
+    
+      def test_self_and_descendents_from_active_record
+        assert_equal [UserSession], UserSession.self_and_descendents_from_active_record
+      end
+    
+      def test_self_and_descendants_from_active_record
+        assert_equal [UserSession], UserSession.self_and_descendants_from_active_record
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_new_record
+        session = UserSession.new
+        assert session.new_record?
+      end
+      
+      def test_to_model
+        session = UserSession.new
+        assert_equal session, session.to_model
+      end
+    end
+  end
+end

data/test/session_test/brute_force_protection_test.rb

@@ -0,0 +1,101 @@
+require 'test_helper'
+
+module SessionTest
+  module BruteForceProtectionTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_consecutive_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 10
+        assert_equal 10, UserSession.consecutive_failed_logins_limit
+    
+        UserSession.consecutive_failed_logins_limit 50
+        assert_equal 50, UserSession.consecutive_failed_logins_limit
+      end
+      
+      def test_failed_login_ban_for
+        UserSession.failed_login_ban_for = 10
+        assert_equal 10, UserSession.failed_login_ban_for
+    
+        UserSession.failed_login_ban_for 2.hours
+        assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
+      end
+    end
+    
+    class InstaceMethodsTest < ActiveSupport::TestCase
+      def test_under_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks")
+      end
+
+      def test_exceeded_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        assert UserSession.create(ben).new_session?
+        ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
+        assert !UserSession.create(ben).new_session?
+      end
+    
+      def test_exceeding_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        session = UserSession.new(:login => ben.login, :password => "badpassword2")
+        assert !session.save
+        assert session.errors[:password].size == 0
+        assert_equal 3, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+      
+      def test_exceeded_ban_for
+        UserSession.consecutive_failed_logins_limit = 2
+        UserSession.generalize_credentials_error_messages true
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.invalid_password?
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        assert session.save
+        assert_equal 0, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+        UserSession.generalize_credentials_error_messages false
+      end
+
+      def test_exceeded_ban_and_failed_doesnt_ban_again
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "badpassword1")
+        assert !session.save
+        assert_equal 1, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+    end
+  end
+end