devise_openid_authenticatable 1.2.1 → 1.3.0

data/rails/config/initializers/inflections.rb

@@ -0,0 +1,2 @@
+ActiveSupport::Inflector.inflections do |inflect|
+end

data/rails/config/initializers/secret_token.rb

@@ -0,0 +1,3 @@
+config = Rails.application.config
+
+config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'

data/rails/config/initializers/session_store.rb

@@ -0,0 +1 @@
+RailsApp::Application.config.session_store :cookie_store, key: '_rails_app_session'

data/rails/config/routes.rb

@@ -0,0 +1,126 @@
+Rails.application.routes.draw do
+  # Resources for testing
+  resources :users, only: [:index] do
+    member do
+      get :expire
+      get :accept
+      get :edit_form
+      put :update_form
+    end
+
+    authenticate do
+      post :exhibit, on: :member
+    end
+  end
+
+  resources :admins, only: [:index]
+
+  # Users scope
+  devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }
+
+  devise_for :user_on_main_apps,
+    class_name: 'UserOnMainApp',
+    router_name: :main_app,
+    module: :devise
+
+  devise_for :user_on_engines,
+    class_name: 'UserOnEngine',
+    router_name: :fake_engine,
+    module: :devise
+
+  devise_for :user_without_email,
+    class_name: 'UserWithoutEmail',
+    router_name: :main_app,
+    module: :devise
+
+  as :user do
+    get "/as/sign_in", to: "devise/sessions#new"
+  end
+
+  get "/sign_in", to: "devise/sessions#new"
+
+  # Routes for custom controller testing
+  devise_for :user, only: [:registrations], controllers: { registrations: "custom/registrations" }, as: :custom, path: :custom
+
+  # Admin scope
+  devise_for :admin, path: "admin_area", controllers: { sessions: :"admins/sessions" }, skip: :passwords
+
+  get "/admin_area/home", to: "admins#index", as: :admin_root
+  get "/anywhere", to: "foo#bar", as: :new_admin_password
+
+  authenticate(:admin) do
+    get "/private", to: "home#private", as: :private
+  end
+
+  authenticate(:admin, lambda { |admin| admin.active? }) do
+    get "/private/active", to: "home#private", as: :private_active
+  end
+
+  authenticated :admin do
+    get "/dashboard", to: "home#admin_dashboard"
+  end
+
+  authenticated :admin, lambda { |admin| admin.active? } do
+    get "/dashboard/active", to: "home#admin_dashboard"
+  end
+
+  authenticated do
+    get "/dashboard", to: "home#user_dashboard"
+  end
+
+  unauthenticated do
+    get "/join", to: "home#join"
+  end
+
+  # Routes for constraints testing
+  devise_for :headquarters_admin, class_name: "Admin", path: "headquarters", constraints: {host: /192\.168\.1\.\d\d\d/}
+
+  constraints(host: /192\.168\.1\.\d\d\d/) do
+    devise_for :homebase_admin, class_name: "Admin", path: "homebase"
+  end
+
+  scope(subdomain: 'sub') do
+    devise_for :subdomain_users, class_name: "User", only: [:sessions]
+  end
+
+  devise_for :skip_admin, class_name: "Admin", skip: :all
+
+  # Routes for format=false testing
+  devise_for :htmlonly_admin, class_name: "Admin", skip: [:confirmations, :unlocks], path: "htmlonly_admin", format: false, skip_helpers: [:confirmations, :unlocks]
+  devise_for :htmlonly_users, class_name: "User", only: [:confirmations, :unlocks], path: "htmlonly_users", format: false, skip_helpers: true
+
+  # Other routes for routing_test.rb
+  devise_for :reader, class_name: "User", only: :passwords
+
+  scope host: "sub.example.com" do
+    devise_for :sub_admin, class_name: "Admin"
+  end
+
+  namespace :publisher, path_names: { sign_in: "i_dont_care", sign_out: "get_out" } do
+    devise_for :accounts, class_name: "Admin", path_names: { sign_in: "get_in" }
+  end
+
+  scope ":locale", module: :invalid do
+    devise_for :accounts, singular: "manager", class_name: "Admin",
+      path_names: {
+        sign_in: "login", sign_out: "logout",
+        password: "secret", confirmation: "verification",
+        unlock: "unblock", sign_up: "register",
+        registration: "management",
+        cancel: "giveup", edit: "edit/profile"
+      }, failure_app: lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }, module: :devise
+  end
+
+  namespace :sign_out_via, module: "devise" do
+    devise_for :deletes, sign_out_via: :delete, class_name: "Admin"
+    devise_for :posts, sign_out_via: :post, class_name: "Admin"
+    devise_for :gets, sign_out_via: :get, class_name: "Admin"
+    devise_for :delete_or_posts, sign_out_via: [:delete, :post], class_name: "Admin"
+  end
+
+  get "/set", to: "home#set"
+  get "/unauthenticated", to: "home#unauthenticated"
+  get "/custom_strategy/new"
+
+  root to: "home#index", via: [:get, :post]
+end

data/rails/db/migrate/20100401102949_create_tables.rb

@@ -0,0 +1,75 @@
+superclass = ActiveRecord::Migration
+# TODO: Inherit from the 5.0 Migration class directly when we drop support for Rails 4.
+superclass = ActiveRecord::Migration[5.0] if superclass.respond_to?(:[])
+
+class CreateTables < superclass
+  def self.up
+    create_table :users do |t|
+      t.string :username
+      t.string :facebook_token
+
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, default: 0
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      t.integer  :failed_attempts, default: 0 # Only if lock strategy is :failed_attempts
+      t.string   :unlock_token # Only if unlock strategy is :email or :both
+      t.datetime :locked_at
+
+      t.timestamps null: false
+    end
+
+    create_table :admins do |t|
+      ## Database authenticatable
+      t.string :email,              null: true
+      t.string :encrypted_password, null: true
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      t.datetime :locked_at
+
+      ## Attribute for testing route blocks
+      t.boolean :active, default: false
+
+      t.timestamps null: false
+    end
+  end
+
+  def self.down
+    drop_table :users
+    drop_table :admins
+  end
+end

data/rails/db/schema.rb

@@ -0,0 +1,55 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20100401102949) do
+
+  create_table "admins", force: true do |t|
+    t.string   "email"
+    t.string   "encrypted_password"
+    t.string   "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "remember_created_at"
+    t.string   "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string   "unconfirmed_email"
+    t.datetime "locked_at"
+    t.boolean  "active",                 default: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  create_table "users", force: true do |t|
+    t.string   "username"
+    t.string   "facebook_token"
+    t.string   "email",                  default: "", null: false
+    t.string   "encrypted_password",     default: "", null: false
+    t.string   "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "remember_created_at"
+    t.integer  "sign_in_count",          default: 0
+    t.datetime "current_sign_in_at"
+    t.datetime "last_sign_in_at"
+    t.string   "current_sign_in_ip"
+    t.string   "last_sign_in_ip"
+    t.string   "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.integer  "failed_attempts",        default: 0
+    t.string   "unlock_token"
+    t.datetime "locked_at"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+end

data/rails/lib/shared_admin.rb

@@ -0,0 +1,17 @@
+module SharedAdmin
+  extend ActiveSupport::Concern
+
+  included do
+    devise :database_authenticatable, :registerable,
+           :timeoutable, :recoverable, :lockable, :confirmable,
+           unlock_strategy: :time, lock_strategy: :none,
+           allow_unconfirmed_access_for: 2.weeks, reconfirmable: true
+
+    validates_length_of     :reset_password_token, minimum: 3, allow_blank: true
+    validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
+  end
+
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+end

data/rails/lib/shared_user.rb

@@ -0,0 +1,30 @@
+module SharedUser
+  extend ActiveSupport::Concern
+
+  included do
+    devise :database_authenticatable, :confirmable, :lockable, :recoverable,
+           :registerable, :rememberable, :timeoutable,
+           :trackable, :validatable, :omniauthable, password_length: 7..72,
+           reconfirmable: false
+
+    attr_accessor :other_key
+
+    # They need to be included after Devise is called.
+    extend ExtendMethods
+  end
+
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+
+  module ExtendMethods
+    def new_with_session(params, session)
+      super.tap do |user|
+        if data = session["devise.facebook_data"]
+          user.email = data["email"]
+          user.confirmed_at = Time.now
+        end
+      end
+    end
+  end
+end

data/rails/lib/shared_user_without_email.rb

@@ -0,0 +1,26 @@
+module SharedUserWithoutEmail
+  extend ActiveSupport::Concern
+
+  included do
+    # NOTE: This is missing :validatable and :confirmable, as they both require
+    # an email field at the moment. It is also missing :omniauthable because that
+    # adds unnecessary complexity to the setup
+    devise :database_authenticatable, :lockable, :recoverable,
+           :registerable, :rememberable, :timeoutable,
+           :trackable
+  end
+
+  # This test stub is a bit rubbish because it's tied very closely to the
+  # implementation where we care about this one case. However, completely
+  # removing the email field breaks "recoverable" tests completely, so we are
+  # just taking the approach here that "email" is something that is a not an
+  # ActiveRecord field.
+  def email_changed?
+    raise NoMethodError
+  end
+
+  def respond_to?(method_name, include_all=false)
+    return false if method_name.to_sym == :email_changed?
+    super(method_name, include_all)
+  end
+end

data/rails/lib/shared_user_without_omniauth.rb

@@ -0,0 +1,13 @@
+module SharedUserWithoutOmniauth
+  extend ActiveSupport::Concern
+
+  included do
+    devise :database_authenticatable, :confirmable, :lockable, :recoverable,
+      :registerable, :rememberable, :timeoutable,
+      :trackable, :validatable, reconfirmable: false
+  end
+
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+end

data/rails/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/rails/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/rails/public/500.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+    <p>We've been notified about this issue and we'll take a look at it shortly.</p>
+  </div>
+</body>
+</html>