devise-jdguyot 1.2.rc2 → 1.2.rc3
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +1 -0
- data/CHANGELOG.rdoc +15 -0
- data/Gemfile +3 -3
- data/Gemfile.lock +49 -40
- data/app/controllers/devise/omniauth_callbacks_controller.rb +3 -3
- data/app/helpers/devise_helper.rb +6 -0
- data/config/locales/en.yml +2 -0
- data/lib/devise.rb +4 -4
- data/lib/devise/controllers/rememberable.rb +52 -0
- data/lib/devise/hooks/forgetable.rb +1 -4
- data/lib/devise/hooks/rememberable.rb +5 -47
- data/lib/devise/models/authenticatable.rb +13 -3
- data/lib/devise/models/database_authenticatable.rb +1 -1
- data/lib/devise/models/lockable.rb +8 -6
- data/lib/devise/models/rememberable.rb +2 -5
- data/lib/devise/models/validatable.rb +1 -1
- data/lib/devise/omniauth.rb +3 -18
- data/lib/devise/omniauth/config.rb +0 -12
- data/lib/devise/omniauth/url_helpers.rb +6 -2
- data/lib/devise/rails/routes.rb +5 -2
- data/lib/devise/strategies/authenticatable.rb +15 -1
- data/lib/devise/strategies/database_authenticatable.rb +1 -1
- data/lib/devise/strategies/rememberable.rb +6 -5
- data/lib/devise/strategies/token_authenticatable.rb +1 -1
- data/lib/devise/version.rb +1 -1
- data/lib/generators/devise/devise_generator.rb +3 -1
- data/test/devise_test.rb +10 -0
- data/test/generators/devise_generator_test.rb +33 -0
- data/test/integration/omniauthable_test.rb +55 -24
- data/test/integration/rememberable_test.rb +2 -3
- data/test/integration/token_authenticatable_test.rb +18 -1
- data/test/models/lockable_test.rb +27 -6
- data/test/models/token_authenticatable_test.rb +19 -2
- data/test/omniauth/url_helpers_test.rb +7 -0
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -0
- data/test/test_helper.rb +1 -3
- metadata +6 -3
- data/lib/devise/omniauth/test_helpers.rb +0 -57
data/.travis.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
script: "rake test"
|
data/CHANGELOG.rdoc
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
* bug fix
|
2
|
+
* Properly ignore path prefix on omniauthable
|
3
|
+
* Faster uniqueness queries
|
4
|
+
|
5
|
+
== 1.2.rc2
|
6
|
+
|
1
7
|
* enhancements
|
2
8
|
* Make friendly_token 20 chars long
|
3
9
|
* Use secure_compare
|
@@ -12,10 +18,19 @@
|
|
12
18
|
* When using database_authenticatable Devise will now only create an email field when appropriate (if using default authentication_keys or custom authentication_keys with email included)
|
13
19
|
* Ensure stateless token does not trigger timeout (by github.com/pixelauthority)
|
14
20
|
* Implement handle_unverified_request for Rails 3.0.4 compatibility and improve FailureApp reliance on symbols
|
21
|
+
* Consider namespaces while generating routes
|
22
|
+
* Custom failure apps no longer ignored in test mode (by github.com/jaghion)
|
23
|
+
* Do not depend on ActiveModel::Dirty
|
24
|
+
* Manual sign_in now triggers remember token
|
25
|
+
* Be sure to halt strategies on failures
|
26
|
+
* Consider SCRIPT_NAME on Omniauth paths
|
27
|
+
* Reset failed attempts when lock is expired
|
28
|
+
* Ensure there is no Mongoid injection
|
15
29
|
|
16
30
|
* deprecations
|
17
31
|
* Deprecated anybody_signed_in? in favor of signed_in? (by github.com/gavinhughes)
|
18
32
|
* Removed --haml and --slim view templates
|
33
|
+
* Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode
|
19
34
|
|
20
35
|
== 1.2.rc
|
21
36
|
|
data/Gemfile
CHANGED
@@ -3,8 +3,8 @@ source "http://rubygems.org"
|
|
3
3
|
gemspec
|
4
4
|
|
5
5
|
gem "rails", "~> 3.0.4"
|
6
|
-
gem "oa-oauth", :require => "omniauth/oauth"
|
7
|
-
gem "oa-openid", :require => "omniauth/openid"
|
6
|
+
gem "oa-oauth", '~> 0.2.0', :require => "omniauth/oauth"
|
7
|
+
gem "oa-openid", '~> 0.2.0', :require => "omniauth/openid"
|
8
8
|
|
9
9
|
group :test do
|
10
10
|
gem "webrat", "0.7.2", :require => false
|
@@ -24,6 +24,6 @@ platforms :ruby do
|
|
24
24
|
group :mongoid do
|
25
25
|
gem "mongo", "1.1.2"
|
26
26
|
gem "mongoid", "2.0.0.beta.20"
|
27
|
-
gem "bson_ext", "1.1
|
27
|
+
gem "bson_ext", "1.2.1"
|
28
28
|
end
|
29
29
|
end
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
devise-jdguyot (1.2.
|
4
|
+
devise-jdguyot (1.2.rc3)
|
5
5
|
bcrypt-ruby (~> 2.1.2)
|
6
6
|
orm_adapter (~> 0.0.3)
|
7
7
|
warden (~> 1.0.3)
|
@@ -10,12 +10,12 @@ GEM
|
|
10
10
|
remote: http://rubygems.org/
|
11
11
|
specs:
|
12
12
|
abstract (1.0.0)
|
13
|
-
actionmailer (3.0.
|
14
|
-
actionpack (= 3.0.
|
13
|
+
actionmailer (3.0.5)
|
14
|
+
actionpack (= 3.0.5)
|
15
15
|
mail (~> 2.2.15)
|
16
|
-
actionpack (3.0.
|
17
|
-
activemodel (= 3.0.
|
18
|
-
activesupport (= 3.0.
|
16
|
+
actionpack (3.0.5)
|
17
|
+
activemodel (= 3.0.5)
|
18
|
+
activesupport (= 3.0.5)
|
19
19
|
builder (~> 2.1.2)
|
20
20
|
erubis (~> 2.6.6)
|
21
21
|
i18n (~> 0.4)
|
@@ -23,32 +23,37 @@ GEM
|
|
23
23
|
rack-mount (~> 0.6.13)
|
24
24
|
rack-test (~> 0.5.7)
|
25
25
|
tzinfo (~> 0.3.23)
|
26
|
-
activemodel (3.0.
|
27
|
-
activesupport (= 3.0.
|
26
|
+
activemodel (3.0.5)
|
27
|
+
activesupport (= 3.0.5)
|
28
28
|
builder (~> 2.1.2)
|
29
29
|
i18n (~> 0.4)
|
30
|
-
activerecord (3.0.
|
31
|
-
activemodel (= 3.0.
|
32
|
-
activesupport (= 3.0.
|
30
|
+
activerecord (3.0.5)
|
31
|
+
activemodel (= 3.0.5)
|
32
|
+
activesupport (= 3.0.5)
|
33
33
|
arel (~> 2.0.2)
|
34
34
|
tzinfo (~> 0.3.23)
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
35
|
+
activerecord-jdbc-adapter (1.1.1)
|
36
|
+
activerecord-jdbcsqlite3-adapter (1.1.1)
|
37
|
+
activerecord-jdbc-adapter (= 1.1.1)
|
38
|
+
jdbc-sqlite3 (~> 3.6.0)
|
39
|
+
activeresource (3.0.5)
|
40
|
+
activemodel (= 3.0.5)
|
41
|
+
activesupport (= 3.0.5)
|
42
|
+
activesupport (3.0.5)
|
39
43
|
addressable (2.2.4)
|
40
|
-
arel (2.0.
|
44
|
+
arel (2.0.9)
|
41
45
|
bcrypt-ruby (2.1.4)
|
42
|
-
bson (1.2.
|
43
|
-
bson_ext (1.1
|
46
|
+
bson (1.2.4)
|
47
|
+
bson_ext (1.2.1)
|
44
48
|
builder (2.1.2)
|
45
49
|
erubis (2.6.6)
|
46
50
|
abstract (>= 1.0.0)
|
47
|
-
faraday (0.5.
|
51
|
+
faraday (0.5.7)
|
48
52
|
addressable (~> 2.2.4)
|
49
53
|
multipart-post (~> 1.1.0)
|
50
54
|
rack (>= 1.1.0, < 2)
|
51
55
|
i18n (0.5.0)
|
56
|
+
jdbc-sqlite3 (3.6.14.2.056-java)
|
52
57
|
mail (2.2.15)
|
53
58
|
activesupport (>= 2.3.6)
|
54
59
|
i18n (>= 0.4.0)
|
@@ -66,16 +71,18 @@ GEM
|
|
66
71
|
multi_json (0.0.5)
|
67
72
|
multipart-post (1.1.0)
|
68
73
|
nokogiri (1.4.4)
|
69
|
-
|
74
|
+
nokogiri (1.4.4-java)
|
75
|
+
weakling (>= 0.0.3)
|
76
|
+
oa-core (0.2.0)
|
70
77
|
rack (~> 1.1)
|
71
|
-
oa-oauth (0.
|
78
|
+
oa-oauth (0.2.0)
|
72
79
|
multi_json (~> 0.0.2)
|
73
80
|
nokogiri (~> 1.4.2)
|
74
|
-
oa-core (= 0.
|
81
|
+
oa-core (= 0.2.0)
|
75
82
|
oauth (~> 0.4.0)
|
76
|
-
oauth2 (~> 0.1.
|
77
|
-
oa-openid (0.
|
78
|
-
oa-core (= 0.
|
83
|
+
oauth2 (~> 0.1.1)
|
84
|
+
oa-openid (0.2.0)
|
85
|
+
oa-core (= 0.2.0)
|
79
86
|
rack-openid (~> 1.2.0)
|
80
87
|
ruby-openid-apps-discovery
|
81
88
|
oauth (0.4.4)
|
@@ -84,7 +91,7 @@ GEM
|
|
84
91
|
multi_json (~> 0.0.4)
|
85
92
|
orm_adapter (0.0.4)
|
86
93
|
polyglot (0.3.1)
|
87
|
-
rack (1.2.
|
94
|
+
rack (1.2.2)
|
88
95
|
rack-mount (0.6.13)
|
89
96
|
rack (>= 1.0.0)
|
90
97
|
rack-openid (1.2.0)
|
@@ -92,17 +99,17 @@ GEM
|
|
92
99
|
ruby-openid (>= 2.1.8)
|
93
100
|
rack-test (0.5.7)
|
94
101
|
rack (>= 1.0)
|
95
|
-
rails (3.0.
|
96
|
-
actionmailer (= 3.0.
|
97
|
-
actionpack (= 3.0.
|
98
|
-
activerecord (= 3.0.
|
99
|
-
activeresource (= 3.0.
|
100
|
-
activesupport (= 3.0.
|
102
|
+
rails (3.0.5)
|
103
|
+
actionmailer (= 3.0.5)
|
104
|
+
actionpack (= 3.0.5)
|
105
|
+
activerecord (= 3.0.5)
|
106
|
+
activeresource (= 3.0.5)
|
107
|
+
activesupport (= 3.0.5)
|
101
108
|
bundler (~> 1.0)
|
102
|
-
railties (= 3.0.
|
103
|
-
railties (3.0.
|
104
|
-
actionpack (= 3.0.
|
105
|
-
activesupport (= 3.0.
|
109
|
+
railties (= 3.0.5)
|
110
|
+
railties (3.0.5)
|
111
|
+
actionpack (= 3.0.5)
|
112
|
+
activesupport (= 3.0.5)
|
106
113
|
rake (>= 0.8.7)
|
107
114
|
thor (~> 0.14.4)
|
108
115
|
rake (0.8.7)
|
@@ -115,9 +122,10 @@ GEM
|
|
115
122
|
thor (0.14.6)
|
116
123
|
treetop (1.4.9)
|
117
124
|
polyglot (>= 0.3.1)
|
118
|
-
tzinfo (0.3.
|
125
|
+
tzinfo (0.3.25)
|
119
126
|
warden (1.0.3)
|
120
127
|
rack (>= 1.0.0)
|
128
|
+
weakling (0.0.4-java)
|
121
129
|
webrat (0.7.2)
|
122
130
|
nokogiri (>= 1.2.0)
|
123
131
|
rack (>= 1.0)
|
@@ -125,17 +133,18 @@ GEM
|
|
125
133
|
will_paginate (3.0.pre2)
|
126
134
|
|
127
135
|
PLATFORMS
|
136
|
+
java
|
128
137
|
ruby
|
129
138
|
|
130
139
|
DEPENDENCIES
|
131
140
|
activerecord-jdbcsqlite3-adapter
|
132
|
-
bson_ext (= 1.1
|
141
|
+
bson_ext (= 1.2.1)
|
133
142
|
devise-jdguyot!
|
134
143
|
mocha
|
135
144
|
mongo (= 1.1.2)
|
136
145
|
mongoid (= 2.0.0.beta.20)
|
137
|
-
oa-oauth
|
138
|
-
oa-openid
|
146
|
+
oa-oauth (~> 0.2.0)
|
147
|
+
oa-openid (~> 0.2.0)
|
139
148
|
rails (~> 3.0.4)
|
140
149
|
sqlite3-ruby
|
141
150
|
webrat (= 0.7.2)
|
@@ -9,18 +9,18 @@ class Devise::OmniauthCallbacksController < ApplicationController
|
|
9
9
|
protected
|
10
10
|
|
11
11
|
def failed_strategy
|
12
|
-
env["omniauth.
|
12
|
+
env["omniauth.error.strategy"]
|
13
13
|
end
|
14
14
|
|
15
15
|
def failure_message
|
16
16
|
exception = env["omniauth.error"]
|
17
17
|
error = exception.error_reason if exception.respond_to?(:error_reason)
|
18
18
|
error ||= exception.error if exception.respond_to?(:error)
|
19
|
-
error ||= env["omniauth.
|
19
|
+
error ||= env["omniauth.error.type"].to_s
|
20
20
|
error.to_s.humanize if error
|
21
21
|
end
|
22
22
|
|
23
23
|
def after_omniauth_failure_path_for(scope)
|
24
24
|
new_session_path(scope)
|
25
25
|
end
|
26
|
-
end
|
26
|
+
end
|
@@ -1,4 +1,10 @@
|
|
1
1
|
module DeviseHelper
|
2
|
+
# A simple way to show error messages for the current devise resource. If you need
|
3
|
+
# to customize this method, you can either overwrite it in your application helpers or
|
4
|
+
# copy the views to your application.
|
5
|
+
#
|
6
|
+
# This method is intended to stay simple and it is unlikely that we are going to change
|
7
|
+
# it to add more behavior or options.
|
2
8
|
def devise_error_messages!
|
3
9
|
return "" if resource.errors.empty?
|
4
10
|
|
data/config/locales/en.yml
CHANGED
data/lib/devise.rb
CHANGED
@@ -14,6 +14,7 @@ module Devise
|
|
14
14
|
module Controllers
|
15
15
|
autoload :Helpers, 'devise/controllers/helpers'
|
16
16
|
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
|
17
|
+
autoload :Rememberable, 'devise/controllers/rememberable'
|
17
18
|
autoload :ScopedViews, 'devise/controllers/scoped_views'
|
18
19
|
autoload :UrlHelpers, 'devise/controllers/url_helpers'
|
19
20
|
end
|
@@ -69,9 +70,9 @@ module Devise
|
|
69
70
|
@@request_keys = []
|
70
71
|
|
71
72
|
# Keys that should be case-insensitive.
|
72
|
-
#
|
73
|
+
# False by default for backwards compatibility.
|
73
74
|
mattr_accessor :case_insensitive_keys
|
74
|
-
@@case_insensitive_keys =
|
75
|
+
@@case_insensitive_keys = false
|
75
76
|
|
76
77
|
# If http authentication is enabled by default.
|
77
78
|
mattr_accessor :http_authenticatable
|
@@ -381,8 +382,7 @@ module Devise
|
|
381
382
|
|
382
383
|
# constant-time comparison algorithm to prevent timing attacks
|
383
384
|
def self.secure_compare(a, b)
|
384
|
-
return false
|
385
|
-
return false unless a.bytesize == b.bytesize
|
385
|
+
return false if a.blank? || b.blank? || a.bytesize != b.bytesize
|
386
386
|
l = a.unpack "C#{a.bytesize}"
|
387
387
|
|
388
388
|
res = 0
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module Devise
|
2
|
+
module Controllers
|
3
|
+
# A module that may be optionally included in a controller in order
|
4
|
+
# to provide remember me behavior.
|
5
|
+
module Rememberable
|
6
|
+
# Return default cookie values retrieved from session options.
|
7
|
+
def self.cookie_values
|
8
|
+
Rails.configuration.session_options.slice(:path, :domain, :secure)
|
9
|
+
end
|
10
|
+
|
11
|
+
# A small warden proxy so we can remember and forget uses from hooks.
|
12
|
+
class Proxy #:nodoc:
|
13
|
+
include Devise::Controllers::Rememberable
|
14
|
+
|
15
|
+
delegate :cookies, :env, :to => :@warden
|
16
|
+
|
17
|
+
def initialize(warden)
|
18
|
+
@warden = warden
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
# Remembers the given resource by setting up a cookie
|
23
|
+
def remember_me(resource)
|
24
|
+
scope = Devise::Mapping.find_scope!(resource)
|
25
|
+
resource.remember_me!(resource.extend_remember_period)
|
26
|
+
cookies.signed["remember_#{scope}_token"] = remember_cookie_values(resource)
|
27
|
+
end
|
28
|
+
|
29
|
+
# Forgets the given resource by deleting a cookie
|
30
|
+
def forget_me(resource)
|
31
|
+
scope = Devise::Mapping.find_scope!(resource)
|
32
|
+
resource.forget_me! unless resource.frozen?
|
33
|
+
cookies.delete("remember_#{scope}_token", forget_cookie_values(resource))
|
34
|
+
end
|
35
|
+
|
36
|
+
protected
|
37
|
+
|
38
|
+
def forget_cookie_values(resource)
|
39
|
+
Devise::Controllers::Rememberable.cookie_values.merge!(resource.cookie_options)
|
40
|
+
end
|
41
|
+
|
42
|
+
def remember_cookie_values(resource)
|
43
|
+
options = { :httponly => true }
|
44
|
+
options.merge!(forget_cookie_values(resource))
|
45
|
+
options.merge!(
|
46
|
+
:value => resource.class.serialize_into_cookie(resource),
|
47
|
+
:expires => resource.remember_expires_at
|
48
|
+
)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -4,9 +4,6 @@
|
|
4
4
|
# This avoids forgetting deleted users.
|
5
5
|
Warden::Manager.before_logout do |record, warden, options|
|
6
6
|
if record.respond_to?(:forget_me!)
|
7
|
-
|
8
|
-
cookie_options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
9
|
-
cookie_options.merge!(record.cookie_options)
|
10
|
-
warden.cookies.delete("remember_#{options[:scope]}_token", cookie_options)
|
7
|
+
Devise::Controllers::Rememberable::Proxy.new(warden).forget_me(record)
|
11
8
|
end
|
12
9
|
end
|
@@ -1,48 +1,6 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
# strategy (like token authenticatable or facebook authenticatable) to turn off remember_me?
|
6
|
-
# cookies.
|
7
|
-
module Rememberable #:nodoc:
|
8
|
-
def success!(resource)
|
9
|
-
super
|
10
|
-
|
11
|
-
if succeeded? && resource.respond_to?(:remember_me!) && remember_me?
|
12
|
-
resource.remember_me!(extend_remember_period?)
|
13
|
-
cookies.signed["remember_#{scope}_token"] = cookie_values(resource)
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
protected
|
18
|
-
|
19
|
-
def cookie_values(resource)
|
20
|
-
options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
21
|
-
options[:httponly] = true
|
22
|
-
|
23
|
-
options.merge!(resource.cookie_options)
|
24
|
-
options.merge!(
|
25
|
-
:value => resource.class.serialize_into_cookie(resource),
|
26
|
-
:expires => resource.remember_expires_at
|
27
|
-
)
|
28
|
-
|
29
|
-
options
|
30
|
-
end
|
31
|
-
|
32
|
-
def succeeded?
|
33
|
-
@result == :success
|
34
|
-
end
|
35
|
-
|
36
|
-
def extend_remember_period?
|
37
|
-
false
|
38
|
-
end
|
39
|
-
|
40
|
-
def remember_me?
|
41
|
-
valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
|
42
|
-
end
|
43
|
-
end
|
1
|
+
Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
|
2
|
+
scope = options[:scope]
|
3
|
+
if record.respond_to?(:remember_me) && record.remember_me && warden.authenticated?(scope)
|
4
|
+
Devise::Controllers::Rememberable::Proxy.new(warden).remember_me(record)
|
44
5
|
end
|
45
|
-
end
|
46
|
-
|
47
|
-
Devise::Strategies::Authenticatable.send :include, Devise::Hooks::Rememberable
|
48
|
-
|
6
|
+
end
|
@@ -100,7 +100,8 @@ module Devise
|
|
100
100
|
# end
|
101
101
|
#
|
102
102
|
def find_for_authentication(conditions)
|
103
|
-
|
103
|
+
filter_auth_params(conditions)
|
104
|
+
(case_insensitive_keys || []).each { |k| conditions[k].try(:downcase!) }
|
104
105
|
to_adapter.find_first(conditions)
|
105
106
|
end
|
106
107
|
|
@@ -111,13 +112,13 @@ module Devise
|
|
111
112
|
|
112
113
|
# Find an initialize a group of attributes based on a list of required attributes.
|
113
114
|
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
|
114
|
-
case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }
|
115
|
+
(case_insensitive_keys || []).each { |k| attributes[k].try(:downcase!) }
|
115
116
|
|
116
117
|
attributes = attributes.slice(*required_attributes)
|
117
118
|
attributes.delete_if { |key, value| value.blank? }
|
118
119
|
|
119
120
|
if attributes.size == required_attributes.size
|
120
|
-
record = to_adapter.find_first(attributes)
|
121
|
+
record = to_adapter.find_first(filter_auth_params(attributes))
|
121
122
|
end
|
122
123
|
|
123
124
|
unless record
|
@@ -133,6 +134,15 @@ module Devise
|
|
133
134
|
record
|
134
135
|
end
|
135
136
|
|
137
|
+
protected
|
138
|
+
|
139
|
+
# Force keys to be string to avoid injection on mongoid related database.
|
140
|
+
def filter_auth_params(conditions)
|
141
|
+
conditions.each do |k, v|
|
142
|
+
conditions[k] = v.to_s
|
143
|
+
end if conditions.is_a?(Hash)
|
144
|
+
end
|
145
|
+
|
136
146
|
# Generate a token by looping and ensuring does not already exist.
|
137
147
|
def generate_token(column)
|
138
148
|
loop do
|
@@ -78,7 +78,7 @@ module Devise
|
|
78
78
|
|
79
79
|
# Downcase case-insensitive keys
|
80
80
|
def downcase_keys
|
81
|
-
self.class.case_insensitive_keys.each { |k| self[k].try(:downcase!) }
|
81
|
+
(self.class.case_insensitive_keys || []).each { |k| self[k].try(:downcase!) }
|
82
82
|
end
|
83
83
|
|
84
84
|
# Digests the password using bcrypt.
|
@@ -36,12 +36,10 @@ module Devise
|
|
36
36
|
|
37
37
|
# Unlock a user by cleaning locket_at and failed_attempts.
|
38
38
|
def unlock_access!
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
save(:validate => false)
|
44
|
-
end
|
39
|
+
self.locked_at = nil
|
40
|
+
self.failed_attempts = 0 if respond_to?(:failed_attempts=)
|
41
|
+
self.unlock_token = nil if respond_to?(:unlock_token=)
|
42
|
+
save(:validate => false)
|
45
43
|
end
|
46
44
|
|
47
45
|
# Verifies whether a user is locked or not.
|
@@ -77,6 +75,10 @@ module Devise
|
|
77
75
|
def valid_for_authentication?
|
78
76
|
return super unless persisted? && lock_strategy_enabled?(:failed_attempts)
|
79
77
|
|
78
|
+
# Unlock the user if the lock is expired, no matter
|
79
|
+
# if the user can login or not (wrong password, etc)
|
80
|
+
unlock_access! if lock_expired?
|
81
|
+
|
80
82
|
case (result = super)
|
81
83
|
when Symbol
|
82
84
|
return result
|
@@ -44,10 +44,7 @@ module Devise
|
|
44
44
|
module Rememberable
|
45
45
|
extend ActiveSupport::Concern
|
46
46
|
|
47
|
-
|
48
|
-
# Remember me option available in after_authentication hook.
|
49
|
-
attr_accessor :remember_me
|
50
|
-
end
|
47
|
+
attr_accessor :remember_me, :extend_remember_period
|
51
48
|
|
52
49
|
# Generate a new remember token and save the record without validations
|
53
50
|
# unless remember_across_browsers is true and the user already has a valid token.
|
@@ -60,7 +57,7 @@ module Devise
|
|
60
57
|
# Removes the remember token only if it exists, and save the record
|
61
58
|
# without validations.
|
62
59
|
def forget_me!
|
63
|
-
self.remember_token = nil if respond_to?(:remember_token)
|
60
|
+
self.remember_token = nil if respond_to?(:remember_token=)
|
64
61
|
self.remember_created_at = nil
|
65
62
|
save(:validate => false)
|
66
63
|
end
|
@@ -24,7 +24,7 @@ module Devise
|
|
24
24
|
base.class_eval do
|
25
25
|
validates_presence_of :email, :if => :email_required?
|
26
26
|
validates_uniqueness_of :email, :scope => authentication_keys[1..-1],
|
27
|
-
:case_sensitive => case_insensitive_keys
|
27
|
+
:case_sensitive => (case_insensitive_keys != false), :allow_blank => true
|
28
28
|
validates_format_of :email, :with => email_regexp, :allow_blank => true
|
29
29
|
|
30
30
|
with_options :if => :password_required? do |v|
|
data/lib/devise/omniauth.rb
CHANGED
@@ -5,29 +5,14 @@ rescue LoadError => e
|
|
5
5
|
raise
|
6
6
|
end
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
module Strategy #:nodoc:
|
11
|
-
def initialize(app, name, *args)
|
12
|
-
@app = app
|
13
|
-
@name = name.to_sym
|
14
|
-
@options = args.last.is_a?(Hash) ? args.pop : {}
|
15
|
-
yield self if block_given?
|
16
|
-
end
|
17
|
-
|
18
|
-
def fail!(message_key, exception = nil)
|
19
|
-
self.env['omniauth.error'] = exception
|
20
|
-
self.env['omniauth.failure_key'] = message_key
|
21
|
-
self.env['omniauth.failed_strategy'] = self
|
22
|
-
OmniAuth.config.on_failure.call(self.env, message_key.to_sym)
|
23
|
-
end
|
24
|
-
end
|
8
|
+
unless OmniAuth.config.respond_to? :test_mode
|
9
|
+
raise "You are using an old OmniAuth version, please ensure you have 0.2.0.beta version or later installed."
|
25
10
|
end
|
26
11
|
|
27
12
|
# Clean up the default path_prefix. It will be automatically set by Devise.
|
28
13
|
OmniAuth.config.path_prefix = nil
|
29
14
|
|
30
|
-
OmniAuth.config.on_failure = Proc.new do |env
|
15
|
+
OmniAuth.config.on_failure = Proc.new do |env|
|
31
16
|
env['devise.mapping'] = Devise::Mapping.find_by_path!(env['PATH_INFO'], :path)
|
32
17
|
controller_klass = "#{env['devise.mapping'].controllers[:omniauth_callbacks].camelize}Controller"
|
33
18
|
controller_klass.constantize.action(:failure).call(env)
|
@@ -13,18 +13,6 @@ module Devise
|
|
13
13
|
def strategy_class
|
14
14
|
::OmniAuth::Strategies.const_get("#{::OmniAuth::Utils.camelize(@provider.to_s)}")
|
15
15
|
end
|
16
|
-
|
17
|
-
def check_if_allow_stubs!
|
18
|
-
raise "OmniAuth strategy for #{@provider} does not allow stubs, only OAuth2 ones do." unless allow_stubs?
|
19
|
-
end
|
20
|
-
|
21
|
-
def allow_stubs?
|
22
|
-
defined?(::OmniAuth::Strategies::OAuth2) && strategy.is_a?(::OmniAuth::Strategies::OAuth2)
|
23
|
-
end
|
24
|
-
|
25
|
-
def build_connection(&block)
|
26
|
-
strategy.client.connection.build(&block)
|
27
|
-
end
|
28
16
|
end
|
29
17
|
end
|
30
18
|
end
|
@@ -7,7 +7,11 @@ module Devise
|
|
7
7
|
class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
|
8
8
|
def #{mapping.name}_omniauth_authorize_path(provider, params = {})
|
9
9
|
if Devise.omniauth_configs[provider.to_sym]
|
10
|
-
|
10
|
+
script_name = request.env["SCRIPT_NAME"]
|
11
|
+
|
12
|
+
path = "\#{script_name}/#{mapping.path}/auth/\#{provider}\".squeeze("/")
|
13
|
+
path << '?' + params.to_param if params.present?
|
14
|
+
path
|
11
15
|
else
|
12
16
|
raise ArgumentError, "Could not find omniauth provider \#{provider.inspect}"
|
13
17
|
end
|
@@ -26,4 +30,4 @@ module Devise
|
|
26
30
|
end
|
27
31
|
end
|
28
32
|
end
|
29
|
-
end
|
33
|
+
end
|
data/lib/devise/rails/routes.rb
CHANGED
@@ -263,7 +263,8 @@ module ActionDispatch::Routing
|
|
263
263
|
end
|
264
264
|
|
265
265
|
def devise_omniauth_callback(mapping, controllers) #:nodoc:
|
266
|
-
|
266
|
+
path, @scope[:path] = @scope[:path], nil
|
267
|
+
path_prefix = "/#{mapping.path}/auth".squeeze("/")
|
267
268
|
|
268
269
|
if ::OmniAuth.config.path_prefix && ::OmniAuth.config.path_prefix != path_prefix
|
269
270
|
warn "[DEVISE] You can only add :omniauthable behavior to one model."
|
@@ -271,8 +272,10 @@ module ActionDispatch::Routing
|
|
271
272
|
::OmniAuth.config.path_prefix = path_prefix
|
272
273
|
end
|
273
274
|
|
274
|
-
match "
|
275
|
+
match "#{path_prefix}/:action/callback", :action => Regexp.union(mapping.to.omniauth_providers.map(&:to_s)),
|
275
276
|
:to => controllers[:omniauth_callbacks], :as => :omniauth_callback
|
277
|
+
ensure
|
278
|
+
@scope[:path] = path
|
276
279
|
end
|
277
280
|
|
278
281
|
def with_devise_exclusive_scope(new_path, new_as) #:nodoc:
|
@@ -19,13 +19,27 @@ module Devise
|
|
19
19
|
result = resource && resource.valid_for_authentication?(&block)
|
20
20
|
|
21
21
|
case result
|
22
|
-
when
|
22
|
+
when String, Symbol
|
23
23
|
fail!(result)
|
24
|
+
false
|
25
|
+
when TrueClass
|
26
|
+
decorate(resource)
|
27
|
+
true
|
24
28
|
else
|
25
29
|
result
|
26
30
|
end
|
27
31
|
end
|
28
32
|
|
33
|
+
# Get values from params and set in the resource.
|
34
|
+
def decorate(resource)
|
35
|
+
resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
|
36
|
+
end
|
37
|
+
|
38
|
+
# Should this resource be marked to be remembered?
|
39
|
+
def remember_me?
|
40
|
+
valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
|
41
|
+
end
|
42
|
+
|
29
43
|
# Check if this is strategy is valid for http authentication by:
|
30
44
|
#
|
31
45
|
# * Validating if the model allows params authentication;
|
@@ -20,7 +20,7 @@ module Devise
|
|
20
20
|
|
21
21
|
if validate(resource)
|
22
22
|
success!(resource)
|
23
|
-
|
23
|
+
elsif !halted?
|
24
24
|
cookies.delete(remember_key)
|
25
25
|
pass
|
26
26
|
end
|
@@ -28,6 +28,11 @@ module Devise
|
|
28
28
|
|
29
29
|
private
|
30
30
|
|
31
|
+
def decorate(resource)
|
32
|
+
super
|
33
|
+
resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=)
|
34
|
+
end
|
35
|
+
|
31
36
|
def remember_me?
|
32
37
|
true
|
33
38
|
end
|
@@ -36,10 +41,6 @@ module Devise
|
|
36
41
|
"remember_#{scope}_token"
|
37
42
|
end
|
38
43
|
|
39
|
-
def extend_remember_period?
|
40
|
-
mapping.to.extend_remember_period
|
41
|
-
end
|
42
|
-
|
43
44
|
# Accessor for remember cookie
|
44
45
|
def remember_cookie
|
45
46
|
@remember_cookie ||= cookies.signed[remember_key]
|
data/lib/devise/version.rb
CHANGED
@@ -10,7 +10,9 @@ module Devise
|
|
10
10
|
hook_for :orm
|
11
11
|
|
12
12
|
def add_devise_routes
|
13
|
-
|
13
|
+
devise_route = "devise_for :#{plural_name}"
|
14
|
+
devise_route += %Q(, :class_name => "#{class_name}") if class_name.include?("::")
|
15
|
+
route devise_route
|
14
16
|
end
|
15
17
|
end
|
16
18
|
end
|
data/test/devise_test.rb
CHANGED
@@ -62,4 +62,14 @@ class DeviseTest < ActiveSupport::TestCase
|
|
62
62
|
assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
|
63
63
|
assert defined?(Devise::Models::AuthenticatableAgain)
|
64
64
|
end
|
65
|
+
|
66
|
+
test 'should complain when comparing empty or different sized passes' do
|
67
|
+
[nil, ""].each do |empty|
|
68
|
+
assert_not Devise.secure_compare(empty, "something")
|
69
|
+
assert_not Devise.secure_compare("something", empty)
|
70
|
+
assert_not Devise.secure_compare(empty, empty)
|
71
|
+
end
|
72
|
+
assert_not Devise.secure_compare("size_1", "size_four")
|
73
|
+
end
|
74
|
+
|
65
75
|
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
require "generators/devise/devise_generator"
|
4
|
+
|
5
|
+
class DeviseGeneratorTest < Rails::Generators::TestCase
|
6
|
+
tests Devise::Generators::DeviseGenerator
|
7
|
+
destination File.expand_path("../../tmp", __FILE__)
|
8
|
+
|
9
|
+
setup do
|
10
|
+
prepare_destination
|
11
|
+
copy_routes
|
12
|
+
end
|
13
|
+
|
14
|
+
test "route generation for simple model names" do
|
15
|
+
run_generator %w(monster name:string)
|
16
|
+
assert_file "config/routes.rb", /devise_for :monsters/
|
17
|
+
end
|
18
|
+
|
19
|
+
test "route generation for namespaced model names" do
|
20
|
+
run_generator %w(monster/goblin name:string)
|
21
|
+
match = /devise_for :goblins, :class_name => "Monster::Goblin"/
|
22
|
+
assert_file "config/routes.rb", match
|
23
|
+
end
|
24
|
+
|
25
|
+
def copy_routes
|
26
|
+
routes = File.expand_path("../../rails_app/config/routes.rb", __FILE__)
|
27
|
+
destination = File.join(destination_root, "config")
|
28
|
+
|
29
|
+
FileUtils.mkdir_p(destination)
|
30
|
+
FileUtils.cp routes, destination
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
@@ -2,32 +2,42 @@ require 'test_helper'
|
|
2
2
|
|
3
3
|
class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
4
4
|
FACEBOOK_INFO = {
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
}
|
12
|
-
|
13
|
-
ACCESS_TOKEN = {
|
14
|
-
:access_token => "plataformatec"
|
5
|
+
"id" => '12345',
|
6
|
+
"link" => 'http://facebook.com/josevalim',
|
7
|
+
"email" => 'user@example.com',
|
8
|
+
"first_name" => 'Jose',
|
9
|
+
"last_name" => 'Valim',
|
10
|
+
"website" => 'http://blog.plataformatec.com.br'
|
15
11
|
}
|
16
12
|
|
17
13
|
setup do
|
14
|
+
OmniAuth.config.test_mode = true
|
18
15
|
stub_facebook!
|
19
|
-
Devise::OmniAuth.short_circuit_authorizers!
|
20
16
|
end
|
21
17
|
|
22
18
|
teardown do
|
23
|
-
|
24
|
-
Devise::OmniAuth.reset_stubs!
|
19
|
+
OmniAuth.config.test_mode = false
|
25
20
|
end
|
26
21
|
|
27
22
|
def stub_facebook!
|
28
|
-
|
29
|
-
|
30
|
-
|
23
|
+
OmniAuth.config.mock_auth[:facebook] = {
|
24
|
+
"uid" => '12345',
|
25
|
+
"provider" => 'facebook',
|
26
|
+
"user_info" => {"nickname" => 'josevalim'},
|
27
|
+
"credentials" => {"token" => 'plataformatec'},
|
28
|
+
"extra" => {"user_hash" => FACEBOOK_INFO}
|
29
|
+
}
|
30
|
+
end
|
31
|
+
|
32
|
+
def stub_action!(name)
|
33
|
+
Users::OmniauthCallbacksController.class_eval do
|
34
|
+
alias_method :__old_facebook, :facebook
|
35
|
+
alias_method :facebook, name
|
36
|
+
end
|
37
|
+
yield
|
38
|
+
ensure
|
39
|
+
Users::OmniauthCallbacksController.class_eval do
|
40
|
+
alias_method :facebook, :__old_facebook
|
31
41
|
end
|
32
42
|
end
|
33
43
|
|
@@ -40,11 +50,11 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
40
50
|
assert_equal "12345", json["uid"]
|
41
51
|
assert_equal "facebook", json["provider"]
|
42
52
|
assert_equal "josevalim", json["user_info"]["nickname"]
|
43
|
-
assert_equal FACEBOOK_INFO, json["extra"]["user_hash"]
|
53
|
+
assert_equal FACEBOOK_INFO, json["extra"]["user_hash"]
|
44
54
|
assert_equal "plataformatec", json["credentials"]["token"]
|
45
55
|
end
|
46
56
|
|
47
|
-
test "cleans up session on sign up" do
|
57
|
+
test "cleans up session on sign up" do
|
48
58
|
assert_no_difference "User.count" do
|
49
59
|
visit "/users/sign_in"
|
50
60
|
click_link "Sign in with Facebook"
|
@@ -65,7 +75,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
65
75
|
assert_not session["devise.facebook_data"]
|
66
76
|
end
|
67
77
|
|
68
|
-
test "cleans up session on cancel" do
|
78
|
+
test "cleans up session on cancel" do
|
69
79
|
assert_no_difference "User.count" do
|
70
80
|
visit "/users/sign_in"
|
71
81
|
click_link "Sign in with Facebook"
|
@@ -76,7 +86,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
76
86
|
assert !session["devise.facebook_data"]
|
77
87
|
end
|
78
88
|
|
79
|
-
test "cleans up session on sign in" do
|
89
|
+
test "cleans up session on sign in" do
|
80
90
|
assert_no_difference "User.count" do
|
81
91
|
visit "/users/sign_in"
|
82
92
|
click_link "Sign in with Facebook"
|
@@ -87,16 +97,37 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
87
97
|
assert !session["devise.facebook_data"]
|
88
98
|
end
|
89
99
|
|
100
|
+
test "sign in and send remember token if configured" do
|
101
|
+
visit "/users/sign_in"
|
102
|
+
click_link "Sign in with Facebook"
|
103
|
+
assert_nil warden.cookies["remember_user_token"]
|
104
|
+
|
105
|
+
stub_action!(:sign_in_facebook) do
|
106
|
+
create_user
|
107
|
+
visit "/users/sign_in"
|
108
|
+
click_link "Sign in with Facebook"
|
109
|
+
assert warden.authenticated?(:user)
|
110
|
+
assert warden.cookies["remember_user_token"]
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
test "generates a proper link when SCRIPT_NAME is set" do
|
115
|
+
header 'SCRIPT_NAME', '/q'
|
116
|
+
visit "/users/sign_in"
|
117
|
+
click_link "Sign in with Facebook"
|
118
|
+
|
119
|
+
assert_equal '/q/users/auth/facebook', current_url
|
120
|
+
end
|
121
|
+
|
90
122
|
test "handles callback error parameter according to the specification" do
|
123
|
+
OmniAuth.config.mock_auth[:facebook] = :access_denied
|
91
124
|
visit "/users/auth/facebook/callback?error=access_denied"
|
92
125
|
assert_current_url "/users/sign_in"
|
93
126
|
assert_contain 'Could not authorize you from Facebook because "Access denied".'
|
94
127
|
end
|
95
128
|
|
96
129
|
test "handles other exceptions from omniauth" do
|
97
|
-
|
98
|
-
b.post('/oauth/access_token') { [401, {}, {}.to_json] }
|
99
|
-
end
|
130
|
+
OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
|
100
131
|
|
101
132
|
visit "/users/sign_in"
|
102
133
|
click_link "Sign in with facebook"
|
@@ -104,4 +135,4 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
104
135
|
assert_current_url "/users/sign_in"
|
105
136
|
assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
|
106
137
|
end
|
107
|
-
end
|
138
|
+
end
|
@@ -30,7 +30,7 @@ class RememberMeTest < ActionController::IntegrationTest
|
|
30
30
|
def cookie_expires(key)
|
31
31
|
cookie = response.headers["Set-Cookie"].split("\n").grep(/^#{key}/).first
|
32
32
|
expires = cookie.split(";").map(&:strip).grep(/^expires=/).first
|
33
|
-
Time.parse(expires)
|
33
|
+
Time.parse(expires).utc
|
34
34
|
end
|
35
35
|
|
36
36
|
test 'do not remember the user if he has not checked remember me option' do
|
@@ -161,7 +161,6 @@ class RememberMeTest < ActionController::IntegrationTest
|
|
161
161
|
|
162
162
|
get users_path
|
163
163
|
assert_not warden.authenticated?(:user)
|
164
|
-
assert_nil warden.cookies['remember_user_token']
|
165
164
|
end
|
166
165
|
|
167
166
|
test 'do not remember the admin anymore after forget' do
|
@@ -171,11 +170,11 @@ class RememberMeTest < ActionController::IntegrationTest
|
|
171
170
|
|
172
171
|
get destroy_admin_session_path
|
173
172
|
assert_not warden.authenticated?(:admin)
|
173
|
+
assert_nil admin.reload.remember_token
|
174
174
|
assert_nil warden.cookies['remember_admin_token']
|
175
175
|
|
176
176
|
get root_path
|
177
177
|
assert_not warden.authenticated?(:admin)
|
178
|
-
assert_nil warden.cookies['remember_admin_token']
|
179
178
|
end
|
180
179
|
|
181
180
|
test 'changing user password expires remember me token' do
|
@@ -89,6 +89,22 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
89
89
|
end
|
90
90
|
end
|
91
91
|
|
92
|
+
test 'should not be subject to injection' do
|
93
|
+
swap Devise, :token_authentication_key => :secret_token do
|
94
|
+
user1 = create_user_with_authentication_token()
|
95
|
+
|
96
|
+
# Clean up user cache
|
97
|
+
@user = nil
|
98
|
+
|
99
|
+
user2 = create_user_with_authentication_token(:email => "another@test.com")
|
100
|
+
user2.update_attribute(:authentication_token, "ANOTHERTOKEN")
|
101
|
+
|
102
|
+
assert_not_equal user1, user2
|
103
|
+
visit users_path(Devise.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
|
104
|
+
assert_nil warden.user(:user)
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
92
108
|
private
|
93
109
|
|
94
110
|
def sign_in_as_new_user_with_token(options = {})
|
@@ -107,7 +123,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
107
123
|
user
|
108
124
|
end
|
109
125
|
|
110
|
-
def create_user_with_authentication_token(options)
|
126
|
+
def create_user_with_authentication_token(options={})
|
111
127
|
user = create_user(options)
|
112
128
|
user.authentication_token = VALID_AUTHENTICATION_TOKEN
|
113
129
|
user.save
|
@@ -117,4 +133,5 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
117
133
|
def get_users_path_as_existing_user(user)
|
118
134
|
sign_in_as_new_user_with_token(:user => user)
|
119
135
|
end
|
136
|
+
|
120
137
|
end
|
@@ -67,12 +67,6 @@ class LockableTest < ActiveSupport::TestCase
|
|
67
67
|
assert_equal 0, user.reload.failed_attempts
|
68
68
|
end
|
69
69
|
|
70
|
-
test 'should not unlock an unlocked user' do
|
71
|
-
user = create_user
|
72
|
-
assert_not user.unlock_access!
|
73
|
-
assert_match "was not locked", user.errors[:email].join
|
74
|
-
end
|
75
|
-
|
76
70
|
test "new user should not be locked and should have zero failed_attempts" do
|
77
71
|
assert_not new_user.access_locked?
|
78
72
|
assert_equal 0, create_user.failed_attempts
|
@@ -201,4 +195,31 @@ class LockableTest < ActiveSupport::TestCase
|
|
201
195
|
assert_not user.access_locked?
|
202
196
|
assert_equal 'was not locked', user.errors[:email].join
|
203
197
|
end
|
198
|
+
|
199
|
+
test 'should unlock account if lock has expired and increase attempts on failure' do
|
200
|
+
swap Devise, :unlock_in => 1.minute do
|
201
|
+
user = create_user
|
202
|
+
user.confirm!
|
203
|
+
|
204
|
+
user.failed_attempts = 2
|
205
|
+
user.locked_at = 2.minutes.ago
|
206
|
+
|
207
|
+
user.valid_for_authentication? { false }
|
208
|
+
assert_equal 1, user.failed_attempts
|
209
|
+
end
|
210
|
+
end
|
211
|
+
|
212
|
+
test 'should unlock account if lock has expired on success' do
|
213
|
+
swap Devise, :unlock_in => 1.minute do
|
214
|
+
user = create_user
|
215
|
+
user.confirm!
|
216
|
+
|
217
|
+
user.failed_attempts = 2
|
218
|
+
user.locked_at = 2.minutes.ago
|
219
|
+
|
220
|
+
user.valid_for_authentication? { true }
|
221
|
+
assert_equal 0, user.failed_attempts
|
222
|
+
assert_nil user.locked_at
|
223
|
+
end
|
224
|
+
end
|
204
225
|
end
|
@@ -27,7 +27,12 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
|
|
27
27
|
end
|
28
28
|
|
29
29
|
test 'should return nil when authenticating an invalid user by authentication token' do
|
30
|
-
|
30
|
+
if DEVISE_ORM == :mongoid
|
31
|
+
raise 'There is an incompatibility between Devise and Mongoid' <<
|
32
|
+
' that makes this test break. For more information, check' <<
|
33
|
+
' this issue: https://github.com/mongoid/mongoid/issues/725'
|
34
|
+
end
|
35
|
+
|
31
36
|
user = create_user
|
32
37
|
user.ensure_authentication_token!
|
33
38
|
user.confirm!
|
@@ -35,4 +40,16 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
|
|
35
40
|
assert_nil authenticated_user
|
36
41
|
end
|
37
42
|
|
38
|
-
|
43
|
+
test 'should not be subject to injection' do
|
44
|
+
user1 = create_user
|
45
|
+
user1.ensure_authentication_token!
|
46
|
+
user1.confirm!
|
47
|
+
|
48
|
+
user2 = create_user
|
49
|
+
user2.ensure_authentication_token!
|
50
|
+
user2.confirm!
|
51
|
+
|
52
|
+
user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})
|
53
|
+
assert_nil user
|
54
|
+
end
|
55
|
+
end
|
@@ -44,4 +44,11 @@ class OmniAuthRoutesTest < ActionController::TestCase
|
|
44
44
|
assert_equal "/users/auth/open_id",
|
45
45
|
@controller.omniauth_authorize_path(:user, :open_id)
|
46
46
|
end
|
47
|
+
|
48
|
+
test 'should set script name in the path if present' do
|
49
|
+
@request.env['SCRIPT_NAME'] = '/q'
|
50
|
+
|
51
|
+
assert_equal "/q/users/auth/facebook",
|
52
|
+
@controller.omniauth_authorize_path(:user, :facebook)
|
53
|
+
end
|
47
54
|
end
|
@@ -4,4 +4,11 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
4
4
|
session["devise.facebook_data"] = data["extra"]["user_hash"]
|
5
5
|
render :json => data
|
6
6
|
end
|
7
|
+
|
8
|
+
def sign_in_facebook
|
9
|
+
user = User.find_by_email('user@test.com')
|
10
|
+
user.remember_me = true
|
11
|
+
sign_in user
|
12
|
+
render :text => ""
|
13
|
+
end
|
7
14
|
end
|
data/test/test_helper.rb
CHANGED
@@ -17,8 +17,6 @@ Webrat.configure do |config|
|
|
17
17
|
config.open_error_files = false
|
18
18
|
end
|
19
19
|
|
20
|
-
Devise::OmniAuth.test_mode!
|
21
|
-
|
22
20
|
# Add support to load paths so we can overwrite broken webrat setup
|
23
21
|
$:.unshift File.expand_path('../support', __FILE__)
|
24
22
|
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
|
@@ -26,4 +24,4 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
|
|
26
24
|
# For generators
|
27
25
|
require "rails/generators/test_case"
|
28
26
|
require "generators/devise/install_generator"
|
29
|
-
require "generators/devise/views_generator"
|
27
|
+
require "generators/devise/views_generator"
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: devise-jdguyot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease: 4
|
5
|
-
version: 1.2.
|
5
|
+
version: 1.2.rc3
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- "Jos\xC3\xA9 Valim"
|
@@ -11,7 +11,7 @@ autorequire:
|
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
13
|
|
14
|
-
date: 2011-
|
14
|
+
date: 2011-03-16 00:00:00 +01:00
|
15
15
|
default_executable:
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
@@ -57,6 +57,7 @@ extra_rdoc_files: []
|
|
57
57
|
|
58
58
|
files:
|
59
59
|
- .gitignore
|
60
|
+
- .travis.yml
|
60
61
|
- CHANGELOG.rdoc
|
61
62
|
- Gemfile
|
62
63
|
- Gemfile.lock
|
@@ -88,6 +89,7 @@ files:
|
|
88
89
|
- lib/devise.rb
|
89
90
|
- lib/devise/controllers/helpers.rb
|
90
91
|
- lib/devise/controllers/internal_helpers.rb
|
92
|
+
- lib/devise/controllers/rememberable.rb
|
91
93
|
- lib/devise/controllers/scoped_views.rb
|
92
94
|
- lib/devise/controllers/url_helpers.rb
|
93
95
|
- lib/devise/encryptors/authlogic_sha512.rb
|
@@ -120,7 +122,6 @@ files:
|
|
120
122
|
- lib/devise/modules.rb
|
121
123
|
- lib/devise/omniauth.rb
|
122
124
|
- lib/devise/omniauth/config.rb
|
123
|
-
- lib/devise/omniauth/test_helpers.rb
|
124
125
|
- lib/devise/omniauth/url_helpers.rb
|
125
126
|
- lib/devise/orm/active_record.rb
|
126
127
|
- lib/devise/orm/mongoid.rb
|
@@ -152,6 +153,7 @@ files:
|
|
152
153
|
- test/encryptors_test.rb
|
153
154
|
- test/failure_app_test.rb
|
154
155
|
- test/generators/active_record_generator_test.rb
|
156
|
+
- test/generators/devise_generator_test.rb
|
155
157
|
- test/generators/install_generator_test.rb
|
156
158
|
- test/generators/mongoid_generator_test.rb
|
157
159
|
- test/generators/views_generator_test.rb
|
@@ -277,6 +279,7 @@ test_files:
|
|
277
279
|
- test/encryptors_test.rb
|
278
280
|
- test/failure_app_test.rb
|
279
281
|
- test/generators/active_record_generator_test.rb
|
282
|
+
- test/generators/devise_generator_test.rb
|
280
283
|
- test/generators/install_generator_test.rb
|
281
284
|
- test/generators/mongoid_generator_test.rb
|
282
285
|
- test/generators/views_generator_test.rb
|
@@ -1,57 +0,0 @@
|
|
1
|
-
module Devise
|
2
|
-
module OmniAuth
|
3
|
-
module TestHelpers
|
4
|
-
def self.test_mode!
|
5
|
-
Faraday.default_adapter = :test if defined?(Faraday)
|
6
|
-
ActiveSupport.on_load(:action_controller) { include Devise::OmniAuth::TestHelpers }
|
7
|
-
ActiveSupport.on_load(:action_view) { include Devise::OmniAuth::TestHelpers }
|
8
|
-
end
|
9
|
-
|
10
|
-
def self.stub!(provider, stubs=nil, &block)
|
11
|
-
raise "You either need to pass stubs as a block or as a parameter" unless block_given? || stubs
|
12
|
-
|
13
|
-
config = Devise.omniauth_configs[provider]
|
14
|
-
raise "Could not find configuration for #{provider.to_s} omniauth provider" unless config
|
15
|
-
|
16
|
-
config.check_if_allow_stubs!
|
17
|
-
stubs ||= Faraday::Adapter::Test::Stubs.new(&block)
|
18
|
-
|
19
|
-
config.build_connection do |b|
|
20
|
-
b.adapter :test, stubs
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
def self.reset_stubs!(*providers)
|
25
|
-
target = providers.any? ? Devise.omniauth_configs.slice(*providers) : Devise.omniauth_configs
|
26
|
-
target.each_value do |config|
|
27
|
-
next unless config.allow_stubs?
|
28
|
-
config.build_connection { |b| b.adapter Faraday.default_adapter }
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
def self.short_circuit_authorizers!
|
33
|
-
module_eval <<-ALIASES, __FILE__, __LINE__ + 1
|
34
|
-
def omniauth_authorize_path(*args)
|
35
|
-
omniauth_callback_path(*args)
|
36
|
-
end
|
37
|
-
ALIASES
|
38
|
-
|
39
|
-
Devise.mappings.each_value do |m|
|
40
|
-
next unless m.omniauthable?
|
41
|
-
|
42
|
-
module_eval <<-ALIASES, __FILE__, __LINE__ + 1
|
43
|
-
def #{m.name}_omniauth_authorize_path(provider, params = {})
|
44
|
-
#{m.name}_omniauth_callback_path(provider, params)
|
45
|
-
end
|
46
|
-
ALIASES
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def self.unshort_circuit_authorizers!
|
51
|
-
module_eval do
|
52
|
-
instance_methods.each { |m| remove_method(m) }
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|