RubyGems - door_mat - Versions diffs - 0.0.5 - Mend

door_mat 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (176) hide show

checksums.yaml +7 -0
data/.rspec +2 -0
data/Gemfile +3 -0
data/MIT-LICENSE +20 -0
data/README.md +88 -0
data/Rakefile +32 -0
data/app/assets/javascripts/door_mat/application.js +13 -0
data/app/assets/stylesheets/door_mat/application.css +15 -0
data/app/assets/stylesheets/scaffold.css +56 -0
data/app/controllers/door_mat/activities_controller.rb +106 -0
data/app/controllers/door_mat/application_controller.rb +14 -0
data/app/controllers/door_mat/change_password_controller.rb +32 -0
data/app/controllers/door_mat/forgot_passwords_controller.rb +57 -0
data/app/controllers/door_mat/manage_email_controller.rb +61 -0
data/app/controllers/door_mat/password_less_session_controller.rb +121 -0
data/app/controllers/door_mat/reconfirm_password_controller.rb +27 -0
data/app/controllers/door_mat/sessions_controller.rb +17 -0
data/app/controllers/door_mat/sign_in_controller.rb +60 -0
data/app/controllers/door_mat/sign_up_controller.rb +59 -0
data/app/controllers/door_mat/static_controller.rb +5 -0
data/app/mailers/door_mat/activity_mailer.rb +18 -0
data/app/mailers/door_mat/password_less_session_mailer.rb +12 -0
data/app/models/door_mat/access_token.rb +315 -0
data/app/models/door_mat/activity.rb +14 -0
data/app/models/door_mat/activity_confirm_email.rb +45 -0
data/app/models/door_mat/activity_download_recovery_key.rb +30 -0
data/app/models/door_mat/activity_reset_password.rb +47 -0
data/app/models/door_mat/actor.rb +149 -0
data/app/models/door_mat/change_password.rb +12 -0
data/app/models/door_mat/email.rb +58 -0
data/app/models/door_mat/forgot_password.rb +12 -0
data/app/models/door_mat/membership.rb +42 -0
data/app/models/door_mat/session.rb +315 -0
data/app/models/door_mat/sign_in.rb +31 -0
data/app/models/door_mat/sign_up.rb +17 -0
data/app/views/door_mat/activity_mailer/confirm_email.html.erb +11 -0
data/app/views/door_mat/activity_mailer/confirm_email.text.erb +7 -0
data/app/views/door_mat/activity_mailer/reset_password.html.erb +11 -0
data/app/views/door_mat/activity_mailer/reset_password.text.erb +7 -0
data/app/views/door_mat/change_password/new.html.erb +22 -0
data/app/views/door_mat/forgot_passwords/choose_new_password.html.erb +34 -0
data/app/views/door_mat/forgot_passwords/new.html.erb +14 -0
data/app/views/door_mat/helpers/_errors_if_any.html.erb +10 -0
data/app/views/door_mat/manage_email/new.html.erb +14 -0
data/app/views/door_mat/password_less_session/access_token.html.erb +16 -0
data/app/views/door_mat/password_less_session/new.html.erb +34 -0
data/app/views/door_mat/password_less_session_mailer/send_token.html.erb +11 -0
data/app/views/door_mat/password_less_session_mailer/send_token.text.erb +7 -0
data/app/views/door_mat/reconfirm_password/new.html.erb +12 -0
data/app/views/door_mat/sign_in/new.html.erb +30 -0
data/app/views/door_mat/sign_up/new.html.erb +24 -0
data/app/views/door_mat/static/add_email_success.html.erb +5 -0
data/app/views/door_mat/static/change_password_success.html.erb +2 -0
data/app/views/door_mat/static/confirm_email_success.html.erb +2 -0
data/app/views/door_mat/static/email_confirmation_required.html.erb +17 -0
data/app/views/door_mat/static/forgot_password_verification_mail_sent.html.erb +2 -0
data/app/views/door_mat/static/reconfirm_password_success.html.erb +4 -0
data/app/views/door_mat/static/sign_in_success.html.erb +5 -0
data/app/views/door_mat/static/sign_out_success.html.erb +5 -0
data/app/views/door_mat/static/sign_up_success.html.erb +4 -0
data/bin/rails +12 -0
data/config/locales/en.yml +73 -0
data/config/routes.rb +48 -0
data/db/migrate/20140616234935_create_door_mat_actors.rb +23 -0
data/db/migrate/20140617233357_create_door_mat_sessions.rb +17 -0
data/db/migrate/20140630043202_create_door_mat_emails.rb +12 -0
data/db/migrate/20140702045729_create_door_mat_activities.rb +14 -0
data/db/migrate/20141115183045_create_door_mat_access_tokens.rb +17 -0
data/db/migrate/20141121191824_create_door_mat_memberships.rb +14 -0
data/db/migrate/20150910182126_rename_session_guid_column.rb +5 -0
data/db/migrate/20150918210831_add_access_token_rating_column.rb +5 -0
data/door_mat.gemspec +37 -0
data/lib/door_mat.rb +20 -0
data/lib/door_mat/attr_asymmetric_store.rb +82 -0
data/lib/door_mat/attr_symmetric_store.rb +82 -0
data/lib/door_mat/configuration.rb +193 -0
data/lib/door_mat/controller.rb +117 -0
data/lib/door_mat/crypto.rb +49 -0
data/lib/door_mat/crypto/asymmetric_store.rb +77 -0
data/lib/door_mat/crypto/fast_hash.rb +17 -0
data/lib/door_mat/crypto/password_hash.rb +39 -0
data/lib/door_mat/crypto/secure_compare.rb +23 -0
data/lib/door_mat/crypto/symmetric_store.rb +68 -0
data/lib/door_mat/engine.rb +23 -0
data/lib/door_mat/process/actor_password_change.rb +65 -0
data/lib/door_mat/process/actor_sign_in.rb +38 -0
data/lib/door_mat/process/actor_sign_up.rb +39 -0
data/lib/door_mat/process/create_new_anonymous_actor.rb +36 -0
data/lib/door_mat/process/manage_email.rb +42 -0
data/lib/door_mat/process/reset_password.rb +50 -0
data/lib/door_mat/regex.rb +17 -0
data/lib/door_mat/test_helper.rb +58 -0
data/lib/door_mat/url_protocol.rb +9 -0
data/lib/door_mat/version.rb +3 -0
data/lib/tasks/door_mat_tasks.rake +31 -0
data/spec/controllers/door_mat/activities_controller_spec.rb +70 -0
data/spec/controllers/door_mat/forgot_passwords_controller_spec.rb +57 -0
data/spec/controllers/door_mat/manage_email_spec.rb +181 -0
data/spec/controllers/door_mat/password_less_session_controller_spec.rb +344 -0
data/spec/controllers/door_mat/sign_in_controller_spec.rb +211 -0
data/spec/controllers/door_mat/sign_up_controller_spec.rb +90 -0
data/spec/factories/door_mat_access_tokens.rb +6 -0
data/spec/factories/door_mat_activitiess.rb +6 -0
data/spec/factories/door_mat_actors.rb +23 -0
data/spec/factories/door_mat_emails.rb +14 -0
data/spec/factories/door_mat_memberships.rb +6 -0
data/spec/factories/door_mat_sessions.rb +24 -0
data/spec/features/password_less_session_spec.rb +165 -0
data/spec/features/remember_me_spec.rb +672 -0
data/spec/features/session_spec.rb +336 -0
data/spec/lib/attr_store_spec.rb +237 -0
data/spec/lib/crypto_spec.rb +130 -0
data/spec/lib/process_spec.rb +159 -0
data/spec/models/door_mat/access_token_spec.rb +134 -0
data/spec/models/door_mat/activity_spec.rb +38 -0
data/spec/models/door_mat/actor_spec.rb +56 -0
data/spec/models/door_mat/email_spec.rb +25 -0
data/spec/models/door_mat/session_spec.rb +69 -0
data/spec/spec_helper.rb +223 -0
data/spec/support/timecop/timecop_helper.rb +52 -0
data/spec/test_app/README.rdoc +28 -0
data/spec/test_app/Rakefile +6 -0
data/spec/test_app/app/assets/javascripts/application.js +13 -0
data/spec/test_app/app/assets/stylesheets/application.css +15 -0
data/spec/test_app/app/controllers/account_controller.rb +28 -0
data/spec/test_app/app/controllers/application_controller.rb +10 -0
data/spec/test_app/app/controllers/password_less_sample_controller.rb +56 -0
data/spec/test_app/app/controllers/static_controller.rb +7 -0
data/spec/test_app/app/helpers/account_helper.rb +2 -0
data/spec/test_app/app/helpers/application_helper.rb +2 -0
data/spec/test_app/app/models/game.rb +62 -0
data/spec/test_app/app/models/shared_data.rb +4 -0
data/spec/test_app/app/models/shared_key.rb +8 -0
data/spec/test_app/app/models/user_detail.rb +7 -0
data/spec/test_app/app/views/account/show.html.erb +133 -0
data/spec/test_app/app/views/door_mat/static/sign_out_success.html.erb +7 -0
data/spec/test_app/app/views/layouts/application.html.erb +20 -0
data/spec/test_app/app/views/password_less_sample/draw_results.html.erb +6 -0
data/spec/test_app/app/views/password_less_sample/final_result.html.erb +7 -0
data/spec/test_app/app/views/password_less_sample/play_game.html.erb +5 -0
data/spec/test_app/app/views/password_less_sample/show_loosing_door.html.erb +10 -0
data/spec/test_app/app/views/static/index.html.erb +12 -0
data/spec/test_app/app/views/static/only_confirmed_email_allowed.html.erb +10 -0
data/spec/test_app/app/views/static/page_that_require_password_reconfirmation.html.erb +16 -0
data/spec/test_app/app/views/static/session_protected_page.html.erb +32 -0
data/spec/test_app/bin/bundle +3 -0
data/spec/test_app/bin/rails +4 -0
data/spec/test_app/bin/rake +4 -0
data/spec/test_app/config.ru +4 -0
data/spec/test_app/config/application.rb +29 -0
data/spec/test_app/config/boot.rb +5 -0
data/spec/test_app/config/database.yml +25 -0
data/spec/test_app/config/environment.rb +19 -0
data/spec/test_app/config/environments/development.rb +50 -0
data/spec/test_app/config/environments/production.rb +83 -0
data/spec/test_app/config/environments/test.rb +48 -0
data/spec/test_app/config/initializers/backtrace_silencers.rb +7 -0
data/spec/test_app/config/initializers/cookies_serializer.rb +3 -0
data/spec/test_app/config/initializers/door_mat.rb +72 -0
data/spec/test_app/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/test_app/config/initializers/inflections.rb +16 -0
data/spec/test_app/config/initializers/mime_types.rb +4 -0
data/spec/test_app/config/initializers/session_store.rb +3 -0
data/spec/test_app/config/initializers/wrap_parameters.rb +14 -0
data/spec/test_app/config/locales/en.yml +23 -0
data/spec/test_app/config/routes.rb +42 -0
data/spec/test_app/config/secrets.yml +31 -0
data/spec/test_app/db/migrate/20140717182813_create_user_details.rb +10 -0
data/spec/test_app/db/migrate/20140908225256_create_shared_data.rb +10 -0
data/spec/test_app/db/migrate/20140908225604_create_shared_keys.rb +11 -0
data/spec/test_app/db/migrate/20141121190714_create_games.rb +10 -0
data/spec/test_app/public/404.html +67 -0
data/spec/test_app/public/422.html +67 -0
data/spec/test_app/public/500.html +66 -0
data/spec/test_app/public/favicon.ico +0 -0
metadata +552 -0

data/spec/features/session_spec.rb ADDED

@@ -0,0 +1,336 @@
+require 'spec_helper'
+require 'tempfile'
+module DoorMat
+  RSpec.describe 'Actor lifecycle', :type => :feature do
+    include EmailSpec::Helpers
+    include EmailSpec::Matchers
+    let(:user) { {email: 'user@example.com', password: 'k#dkvKfdj38g!', new_password: 'new_k#dkvKfdj38g!'} }
+    it 'shows the signed in user email if leak email address is true' do
+      DoorMat.configuration.leak_email_address_at_reconfirm = true
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      expect(page.find('#sign_in_email').value).to eq('')
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.current_path).to match(/session_protected_page/)
+      wait_less_than_public_computer_session_timeout
+      visit '/account/show'
+      expect(page.body).to have_content('Reconfirm Password')
+      expect(page.body).to have_content(user[:email])
+      DoorMat.configuration.leak_email_address_at_reconfirm = false
+    end
+    it 'does not show the user email if leak email is false' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      expect(page.find('#sign_in_email').value).to eq('')
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.current_path).to match(/session_protected_page/)
+      wait_less_than_public_computer_session_timeout
+      click_link 'Show Account'
+      expect(page.body).to have_content('Reconfirm Password')
+      expect(page.body).not_to have_content(user[:email])
+    end
+    it 'allows the user to change the account password' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      click_link 'Change Password'
+      expect(page.body).to have_content('New password confirmation')
+      fill_in 'change_password_old_password', with: 'wrong_password'
+      fill_in 'change_password_new_password', with: user[:new_password]
+      fill_in 'change_password_new_password_confirmation', with: user[:new_password]
+      click_button 'Change Password'
+      expect(page.body).to have_content('New password confirmation')
+      fill_in 'change_password_old_password', with: user[:password]
+      fill_in 'change_password_new_password', with: user[:new_password]
+      fill_in 'change_password_new_password_confirmation', with: user[:new_password]
+      click_button 'Change Password'
+      expect(page.body).to have_content('You have successfully changed your password')
+      visit '/account/show'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:new_password], false)
+      expect(page.body).to have_content('Static#session_protected_page')
+    end
+    it 'times out a session if the user is not active for too long' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.body).to have_content('Static#session_protected_page')
+      wait_longer_than_public_computer_session_timeout
+      click_link 'Show Account'
+      expect(page.body).not_to have_content('Account#show')
+      expect(page.body).to have_content('Sign In')
+    end
+    it 'does not time out a session if the user if actively used but still require password reconfirm' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.body).to have_content('Static#session_protected_page')
+      wait_less_than_public_computer_session_timeout
+      click_link 'Show Account'
+      expect(page.body).to have_content('Reconfirm Password')
+      fill_in 'password', with: 'wrong_password'
+      click_button 'Reconfirm'
+      expect(page.body).not_to have_content('Account#show')
+      fill_in 'password', with: user[:password]
+      click_button 'Reconfirm'
+      expect(page.body).to have_content('Account#show')
+      wait_two_minutes
+      visit '/account/show'
+      expect(page.body).to have_content('Account#show')
+      wait_longer_than_public_computer_session_timeout
+      visit '/account/show'
+      expect(page.body).not_to have_content('Account#show')
+      expect(page.body).to have_content('Sign In')
+    end
+    it 'can terminate other session if logged in from many sessions at the same time' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      Capybara.session_name = 'device_1'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      expect(page).not_to have_button('Terminate')
+      Capybara.session_name = 'device_2'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      Capybara.session_name = 'device_1'
+      visit '/account/show'
+      expect(page.body).to have_content('Account#show')
+      Capybara.session_name = 'device_2'
+      visit '/account/show'
+      expect(page.body).to have_content('Account#show')
+      expect(page).to have_button('Terminate')
+      click_button 'Terminate'
+      reload_page
+      Capybara.session_name = 'device_1'
+      visit '/account/show'
+      expect(page).to have_content('Sign In')
+    end
+    it 'terminates a session where the session key is wrong' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      Capybara.session_name = 'device_1'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      cookie_session_key = get_me_the_cookie('session_key') # steal session key
+      expect(DoorMat::Session.count).to eq(1)
+      Capybara.session_name = 'device_2'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      expect(DoorMat::Session.count).to eq(2)
+      create_cookie('session_key', cookie_session_key[:value]) # try to use it with a different session
+      reload_page
+      expect(page).to have_content('Sign In')
+      expect(DoorMat::Session.count).to eq(1)
+    end
+    it 'Sign up, confirm email, download recovery key file and do password recovery' do
+      visit '/sign_up'
+      fill_sign_up_form(user[:email], user[:password])
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      # Obtain the recovery key 'inline' instead of from 'attachment'
+      # http://stackoverflow.com/questions/15739423/downloading-file-to-specific-folder-using-capybara-and-poltergeist-driver
+      # https://github.com/ariya/phantomjs/issues/10052
+      fill_sign_in_form(user[:email], user[:password], false)
+      click_link 'Show Account'
+      set_hidden_input_value('#disposition', 'inline')
+      click_button 'Download'
+      recovery_key = page.find(:css, 'pre').text
+      visit '/account/show'
+      click_link 'Sign Out'
+      click_link 'Sign In'
+      click_link 'Forgot your password?'
+      fill_in 'forgot_password_email', with: user[:email]
+      click_button 'Reset'
+      expect(page.body).to have_content('forgot_password_verification_mail_sent')
+      wait_two_minutes
+      # This new request before forgot_password_link_request_delay does not send a new email
+      visit '/sign_in'
+      click_link 'Forgot your password?'
+      fill_in 'forgot_password_email', with: user[:email]
+      click_button 'Reset'
+      expect(page.body).to have_content('forgot_password_verification_mail_sent')
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /choose_new_password/.match(url)}.first
+      visit confirm_email_url
+      fill_in 'forgot_password_email', with: user[:email]
+      fill_in 'forgot_password_password', with: user[:new_password]
+      fill_in 'forgot_password_password_confirmation', with: user[:new_password]
+      Tempfile.open('prefix', Rails.root.join('tmp') ) do |f|
+        f.print(recovery_key)
+        f.flush
+        f.close
+        attach_file('forgot_password_recovery_key', f.path)
+        click_button 'Reset'
+      end
+      fill_sign_in_form(user[:email], user[:new_password], false)
+      click_link 'Show Account'
+      expect(page.body).to have_content('Click below to download your recovery key')
+    end
+    it 'Sign up, confirm email, download recovery key file and do password recovery but wait too long before using the recovery link' do
+      visit '/sign_up'
+      fill_sign_up_form(user[:email], user[:password])
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      # Obtain the recovery key 'inline' instead of from 'attachment'
+      # http://stackoverflow.com/questions/15739423/downloading-file-to-specific-folder-using-capybara-and-poltergeist-driver
+      # https://github.com/ariya/phantomjs/issues/10052
+      fill_sign_in_form(user[:email], user[:password], false)
+      click_link 'Show Account'
+      set_hidden_input_value('#disposition', 'inline')
+      click_button 'Download'
+      recovery_key = page.find(:css, 'pre').text
+      visit '/account/show'
+      click_link 'Sign Out'
+      click_link 'Sign In'
+      click_link 'Forgot your password?'
+      fill_in 'forgot_password_email', with: user[:email]
+      click_button 'Reset'
+      expect(page.body).to have_content('forgot_password_verification_mail_sent')
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /choose_new_password/.match(url)}.first
+      wait_two_days
+      visit confirm_email_url
+      fill_in 'forgot_password_email', with: user[:email]
+      fill_in 'forgot_password_password', with: user[:new_password]
+      fill_in 'forgot_password_password_confirmation', with: user[:new_password]
+      Tempfile.open('prefix', Rails.root.join('tmp') ) do |f|
+        f.print(recovery_key)
+        f.flush
+        f.close
+        attach_file('forgot_password_recovery_key', f.path)
+        click_button 'Reset'
+      end
+      expect(page.body).to have_content('Please make a new request')
+    end
+    it 'Sign up and request a new email reconfirmation email, add a new email and attempt to use it to visit account/show before it is confirmed' do
+      visit '/sign_up'
+      fill_sign_up_form(user[:email], user[:password])
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      _ = open_last_email_for(user[:email])
+      click_link 'Show Account'
+      wait_longer_than_public_computer_session_timeout
+      click_button 'Resend confirmation email'
+      expect(page.current_path).to match(/sign_in/)
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      click_button 'Resend confirmation email'
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      expect(DoorMat::Email.all.first.primary?).to be_truthy
+      expect(page.body).to match(/You are currently logged in as:.*user@example.com.*User Name/m)
+      click_link 'Add new email'
+      fill_in 'email_address', with: 'new_user@example.com'
+      click_button 'Add email'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      fill_sign_in_form('new_user@example.com', user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Please confirm your email address')
+      expect(unread_emails_for('new_user@example.com').size).to eq(parse_email_count(1))
+      e = open_last_email_for('new_user@example.com')
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      expect(DoorMat::Email.all.last.confirmed?).to be_truthy
+      expect(page.body).to match(/You are currently logged in as:.*new_user@example.com.*User Name/m)
+    end
+  end
+end

data/spec/lib/attr_store_spec.rb ADDED

@@ -0,0 +1,237 @@
+require 'spec_helper'
+module DoorMat
+  describe "DoorMat attr_store" do
+    it 'must belong to an Actor' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeRandomClassA < ActiveRecord::Base
+          include DoorMat::AttrSymmetricStore
+          def self.columns()
+            @columns ||= [];
+          end
+          def self.column(name, sql_type = nil, default = nil, null = true)
+            columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+          end
+          column :name, :string
+          attr_symmetric_store :name
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_symmetric_store records must belong to a DoorMat::Actor/)
+    end
+    it 'must be a string or text field' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeRandomClassB < ActiveRecord::Base
+          include DoorMat::AttrSymmetricStore
+          def self.columns()
+            @columns ||= [];
+          end
+          def self.column(name, sql_type = nil, default = nil, null = true)
+            columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+          end
+          column :actor_id, :int
+          column :counter, :int
+          belongs_to :actor, class_name: 'DoorMat::Actor'
+          attr_symmetric_store :counter
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_symmetric_store only support text and string column types/)
+    end
+    it "Encrypt and decrypt data when current session is valid" do
+      actor, session = TestHelper::create_signed_in_actor_with_confirmed_email_address
+      details = UserDetail.new
+      details.name = "Secret User Name"
+      actor.user_detail = details
+      actor.save!
+      confirm_details = UserDetail.all.first
+      expect(details.name).to eq(confirm_details.name)
+      expect(details.__id__).not_to eq(confirm_details.__id__)
+      encrypted_details_name = ''
+      DoorMat::Crypto.skip_crypto_callback { encrypted_details_name = UserDetail.all.first.name }
+      expect(encrypted_details_name).not_to eq("Secret User Name")
+      expect(encrypted_details_name).not_to eq(UserDetail.all.first.name)
+      expect(encrypted_details_name).not_to eq('')
+    end
+    it "Respects string encoding" do
+      actor, _ = TestHelper::create_signed_in_actor_with_confirmed_email_address
+      details = UserDetail.new
+      details.name = "Secret User Name"
+      encoding_before = details.name.encoding.name
+      actor.user_detail = details
+      actor.save!
+      confirm_details = UserDetail.all.first
+      encoding_after = confirm_details.name.encoding.name
+      expect(details.name).to eq(confirm_details.name)
+      expect(details.__id__).not_to eq(confirm_details.__id__)
+      expect(encoding_before).to eq(encoding_after)
+    end
+  end
+  describe "DoorMat attr_asymmetric_store" do
+    it 'must belong to an Actor' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeSharedKeyA < ActiveRecord::Base
+          include DoorMat::AttrAsymmetricStore
+            def self.columns()
+              @columns ||= [];
+            end
+            def self.column(name, sql_type = nil, default = nil, null = true)
+              columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+            end
+            column :key, :string
+          attr_asymmetric_store :key
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_asymmetric_store records must belong to a DoorMat::Actor/)
+    end
+    it 'must be a string or text field' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeSharedKeyB < ActiveRecord::Base
+          include DoorMat::AttrAsymmetricStore
+          def self.columns()
+            @columns ||= [];
+          end
+          def self.column(name, sql_type = nil, default = nil, null = true)
+            columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+          end
+          column :actor_id, :int
+          column :key, :int
+          belongs_to :actor, class_name: 'DoorMat::Actor'
+          attr_asymmetric_store :key
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_asymmetric_store only support text and string column types/)
+    end
+    it "Encrypt and decrypt data when current session is valid" do
+      alice = TestHelper::create_signed_up_actor_with_confirmed_email_address("alice@example.com", 'pwd_alice_1')
+      bob, _ = TestHelper::create_signed_in_actor_with_confirmed_email_address("bob@example.com", 'pwd_bob_1')
+      random_key = DoorMat::Crypto::SymmetricStore.random_key
+      original_document = "fyi document"
+      original_exp_date = 2.days.from_now.strftime("%Y%m%d")
+      document, exp_date = DoorMat::Crypto.encrypt_shared([original_document, original_exp_date], random_key)
+      shared_data = SharedData.new
+      shared_data.document = document
+      shared_data.expiration_date = exp_date
+      shared_key_alice = SharedKey.new
+      shared_key_alice.actor = alice
+      shared_key_alice.shared_data = shared_data
+      shared_key_alice.key = random_key
+      shared_key_bob = SharedKey.new
+      shared_key_bob.actor = bob
+      shared_key_bob.shared_data = shared_data
+      shared_key_bob.key = random_key
+      shared_key_alice.save!
+      shared_key_bob.save!
+      expect(SharedKey.all.first.key).not_to eq(SharedKey.all.last.key)
+      Session.clear_current_session
+      alice, _ = TestHelper::sign_in_existing_actor("alice@example.com", 'pwd_alice_1')
+      shared_key = alice.shared_keys.first
+      expect(shared_key.key).to eq(random_key)
+      document, exp_date = DoorMat::Crypto.decrypt_shared([shared_key.shared_data.document, shared_key.shared_data.expiration_date], shared_key.key)
+      expect(original_document).to eq(document)
+      expect(original_exp_date).to eq(exp_date)
+      Session.clear_current_session
+      bob, _ = TestHelper::sign_in_existing_actor("bob@example.com", 'pwd_bob_1')
+      new_password = "new_password!"
+      DoorMat::Process::ActorPasswordChange.with(bob, new_password, 'pwd_bob_1')
+      Session.clear_current_session
+      bob, _ = TestHelper::sign_in_existing_actor("bob@example.com", new_password)
+      shared_key = bob.shared_keys.first
+      expect(shared_key.key).to eq(random_key)
+      document, exp_date = DoorMat::Crypto.decrypt_shared([shared_key.shared_data.document, shared_key.shared_data.expiration_date], shared_key.key)
+      expect(original_document).to eq(document)
+      expect(original_exp_date).to eq(exp_date)
+      expect(bob.id).not_to eq(alice.id)
+    end
+    it "leaves the attribute as is if the actor is not set" do
+      alice = TestHelper::create_signed_up_actor_with_confirmed_email_address("alice@example.com")
+      plain_text_message = 'Anybody can read this'
+      first_shared_key = SharedKey.new
+      first_shared_key.key = plain_text_message
+      first_shared_key.save
+      last_shared_key = SharedKey.new
+      last_shared_key.actor = alice
+      last_shared_key.key = plain_text_message
+      last_shared_key.save
+      shared_key_w_no_actor = nil
+      shared_key_w_actor = nil
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_no_actor = SharedKey.first }
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_actor = SharedKey.last }
+      expect(shared_key_w_no_actor.key).to eq(plain_text_message)
+      expect(shared_key_w_no_actor.key).not_to eq(shared_key_w_actor.key)
+      expect(shared_key_w_no_actor.id).not_to eq(shared_key_w_actor.id)
+    end
+    it "leaves the attribute as is if blank" do
+      alice = TestHelper::create_signed_up_actor_with_confirmed_email_address("alice@example.com")
+      blank_text_message = ''
+      first_shared_key = SharedKey.new
+      first_shared_key.key = blank_text_message
+      first_shared_key.save
+      last_shared_key = SharedKey.new
+      last_shared_key.actor = alice
+      last_shared_key.key = blank_text_message
+      last_shared_key.save
+      shared_key_w_no_actor = nil
+      shared_key_w_actor = nil
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_no_actor = SharedKey.first }
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_actor = SharedKey.last }
+      expect(shared_key_w_no_actor.key.blank?).to be true
+      expect(shared_key_w_actor.key.blank?).to be true
+      expect(shared_key_w_no_actor.id).not_to eq(shared_key_w_actor.id)
+    end
+  end
+end