RubyGems - door_mat - Versions diffs - 0.0.5 - Mend

door_mat 0.0.5

Files changed (176) hide show

checksums.yaml +7 -0
data/.rspec +2 -0
data/Gemfile +3 -0
data/MIT-LICENSE +20 -0
data/README.md +88 -0
data/Rakefile +32 -0
data/app/assets/javascripts/door_mat/application.js +13 -0
data/app/assets/stylesheets/door_mat/application.css +15 -0
data/app/assets/stylesheets/scaffold.css +56 -0
data/app/controllers/door_mat/activities_controller.rb +106 -0
data/app/controllers/door_mat/application_controller.rb +14 -0
data/app/controllers/door_mat/change_password_controller.rb +32 -0
data/app/controllers/door_mat/forgot_passwords_controller.rb +57 -0
data/app/controllers/door_mat/manage_email_controller.rb +61 -0
data/app/controllers/door_mat/password_less_session_controller.rb +121 -0
data/app/controllers/door_mat/reconfirm_password_controller.rb +27 -0
data/app/controllers/door_mat/sessions_controller.rb +17 -0
data/app/controllers/door_mat/sign_in_controller.rb +60 -0
data/app/controllers/door_mat/sign_up_controller.rb +59 -0
data/app/controllers/door_mat/static_controller.rb +5 -0
data/app/mailers/door_mat/activity_mailer.rb +18 -0
data/app/mailers/door_mat/password_less_session_mailer.rb +12 -0
data/app/models/door_mat/access_token.rb +315 -0
data/app/models/door_mat/activity.rb +14 -0
data/app/models/door_mat/activity_confirm_email.rb +45 -0
data/app/models/door_mat/activity_download_recovery_key.rb +30 -0
data/app/models/door_mat/activity_reset_password.rb +47 -0
data/app/models/door_mat/actor.rb +149 -0
data/app/models/door_mat/change_password.rb +12 -0
data/app/models/door_mat/email.rb +58 -0
data/app/models/door_mat/forgot_password.rb +12 -0
data/app/models/door_mat/membership.rb +42 -0
data/app/models/door_mat/session.rb +315 -0
data/app/models/door_mat/sign_in.rb +31 -0
data/app/models/door_mat/sign_up.rb +17 -0
data/app/views/door_mat/activity_mailer/confirm_email.html.erb +11 -0
data/app/views/door_mat/activity_mailer/confirm_email.text.erb +7 -0
data/app/views/door_mat/activity_mailer/reset_password.html.erb +11 -0
data/app/views/door_mat/activity_mailer/reset_password.text.erb +7 -0
data/app/views/door_mat/change_password/new.html.erb +22 -0
data/app/views/door_mat/forgot_passwords/choose_new_password.html.erb +34 -0
data/app/views/door_mat/forgot_passwords/new.html.erb +14 -0
data/app/views/door_mat/helpers/_errors_if_any.html.erb +10 -0
data/app/views/door_mat/manage_email/new.html.erb +14 -0
data/app/views/door_mat/password_less_session/access_token.html.erb +16 -0
data/app/views/door_mat/password_less_session/new.html.erb +34 -0
data/app/views/door_mat/password_less_session_mailer/send_token.html.erb +11 -0
data/app/views/door_mat/password_less_session_mailer/send_token.text.erb +7 -0
data/app/views/door_mat/reconfirm_password/new.html.erb +12 -0
data/app/views/door_mat/sign_in/new.html.erb +30 -0
data/app/views/door_mat/sign_up/new.html.erb +24 -0
data/app/views/door_mat/static/add_email_success.html.erb +5 -0
data/app/views/door_mat/static/change_password_success.html.erb +2 -0
data/app/views/door_mat/static/confirm_email_success.html.erb +2 -0
data/app/views/door_mat/static/email_confirmation_required.html.erb +17 -0
data/app/views/door_mat/static/forgot_password_verification_mail_sent.html.erb +2 -0
data/app/views/door_mat/static/reconfirm_password_success.html.erb +4 -0
data/app/views/door_mat/static/sign_in_success.html.erb +5 -0
data/app/views/door_mat/static/sign_out_success.html.erb +5 -0
data/app/views/door_mat/static/sign_up_success.html.erb +4 -0
data/bin/rails +12 -0
data/config/locales/en.yml +73 -0
data/config/routes.rb +48 -0
data/db/migrate/20140616234935_create_door_mat_actors.rb +23 -0
data/db/migrate/20140617233357_create_door_mat_sessions.rb +17 -0
data/db/migrate/20140630043202_create_door_mat_emails.rb +12 -0
data/db/migrate/20140702045729_create_door_mat_activities.rb +14 -0
data/db/migrate/20141115183045_create_door_mat_access_tokens.rb +17 -0
data/db/migrate/20141121191824_create_door_mat_memberships.rb +14 -0
data/db/migrate/20150910182126_rename_session_guid_column.rb +5 -0
data/db/migrate/20150918210831_add_access_token_rating_column.rb +5 -0
data/door_mat.gemspec +37 -0
data/lib/door_mat.rb +20 -0
data/lib/door_mat/attr_asymmetric_store.rb +82 -0
data/lib/door_mat/attr_symmetric_store.rb +82 -0
data/lib/door_mat/configuration.rb +193 -0
data/lib/door_mat/controller.rb +117 -0
data/lib/door_mat/crypto.rb +49 -0
data/lib/door_mat/crypto/asymmetric_store.rb +77 -0
data/lib/door_mat/crypto/fast_hash.rb +17 -0
data/lib/door_mat/crypto/password_hash.rb +39 -0
data/lib/door_mat/crypto/secure_compare.rb +23 -0
data/lib/door_mat/crypto/symmetric_store.rb +68 -0
data/lib/door_mat/engine.rb +23 -0
data/lib/door_mat/process/actor_password_change.rb +65 -0
data/lib/door_mat/process/actor_sign_in.rb +38 -0
data/lib/door_mat/process/actor_sign_up.rb +39 -0
data/lib/door_mat/process/create_new_anonymous_actor.rb +36 -0
data/lib/door_mat/process/manage_email.rb +42 -0
data/lib/door_mat/process/reset_password.rb +50 -0
data/lib/door_mat/regex.rb +17 -0
data/lib/door_mat/test_helper.rb +58 -0
data/lib/door_mat/url_protocol.rb +9 -0
data/lib/door_mat/version.rb +3 -0
data/lib/tasks/door_mat_tasks.rake +31 -0
data/spec/controllers/door_mat/activities_controller_spec.rb +70 -0
data/spec/controllers/door_mat/forgot_passwords_controller_spec.rb +57 -0
data/spec/controllers/door_mat/manage_email_spec.rb +181 -0
data/spec/controllers/door_mat/password_less_session_controller_spec.rb +344 -0
data/spec/controllers/door_mat/sign_in_controller_spec.rb +211 -0
data/spec/controllers/door_mat/sign_up_controller_spec.rb +90 -0
data/spec/factories/door_mat_access_tokens.rb +6 -0
data/spec/factories/door_mat_activitiess.rb +6 -0
data/spec/factories/door_mat_actors.rb +23 -0
data/spec/factories/door_mat_emails.rb +14 -0
data/spec/factories/door_mat_memberships.rb +6 -0
data/spec/factories/door_mat_sessions.rb +24 -0
data/spec/features/password_less_session_spec.rb +165 -0
data/spec/features/remember_me_spec.rb +672 -0
data/spec/features/session_spec.rb +336 -0
data/spec/lib/attr_store_spec.rb +237 -0
data/spec/lib/crypto_spec.rb +130 -0
data/spec/lib/process_spec.rb +159 -0
data/spec/models/door_mat/access_token_spec.rb +134 -0
data/spec/models/door_mat/activity_spec.rb +38 -0
data/spec/models/door_mat/actor_spec.rb +56 -0
data/spec/models/door_mat/email_spec.rb +25 -0
data/spec/models/door_mat/session_spec.rb +69 -0
data/spec/spec_helper.rb +223 -0
data/spec/support/timecop/timecop_helper.rb +52 -0
data/spec/test_app/README.rdoc +28 -0
data/spec/test_app/Rakefile +6 -0
data/spec/test_app/app/assets/javascripts/application.js +13 -0
data/spec/test_app/app/assets/stylesheets/application.css +15 -0
data/spec/test_app/app/controllers/account_controller.rb +28 -0
data/spec/test_app/app/controllers/application_controller.rb +10 -0
data/spec/test_app/app/controllers/password_less_sample_controller.rb +56 -0
data/spec/test_app/app/controllers/static_controller.rb +7 -0
data/spec/test_app/app/helpers/account_helper.rb +2 -0
data/spec/test_app/app/helpers/application_helper.rb +2 -0
data/spec/test_app/app/models/game.rb +62 -0
data/spec/test_app/app/models/shared_data.rb +4 -0
data/spec/test_app/app/models/shared_key.rb +8 -0
data/spec/test_app/app/models/user_detail.rb +7 -0
data/spec/test_app/app/views/account/show.html.erb +133 -0
data/spec/test_app/app/views/door_mat/static/sign_out_success.html.erb +7 -0
data/spec/test_app/app/views/layouts/application.html.erb +20 -0
data/spec/test_app/app/views/password_less_sample/draw_results.html.erb +6 -0
data/spec/test_app/app/views/password_less_sample/final_result.html.erb +7 -0
data/spec/test_app/app/views/password_less_sample/play_game.html.erb +5 -0
data/spec/test_app/app/views/password_less_sample/show_loosing_door.html.erb +10 -0
data/spec/test_app/app/views/static/index.html.erb +12 -0
data/spec/test_app/app/views/static/only_confirmed_email_allowed.html.erb +10 -0
data/spec/test_app/app/views/static/page_that_require_password_reconfirmation.html.erb +16 -0
data/spec/test_app/app/views/static/session_protected_page.html.erb +32 -0
data/spec/test_app/bin/bundle +3 -0
data/spec/test_app/bin/rails +4 -0
data/spec/test_app/bin/rake +4 -0
data/spec/test_app/config.ru +4 -0
data/spec/test_app/config/application.rb +29 -0
data/spec/test_app/config/boot.rb +5 -0
data/spec/test_app/config/database.yml +25 -0
data/spec/test_app/config/environment.rb +19 -0
data/spec/test_app/config/environments/development.rb +50 -0
data/spec/test_app/config/environments/production.rb +83 -0
data/spec/test_app/config/environments/test.rb +48 -0
data/spec/test_app/config/initializers/backtrace_silencers.rb +7 -0
data/spec/test_app/config/initializers/cookies_serializer.rb +3 -0
data/spec/test_app/config/initializers/door_mat.rb +72 -0
data/spec/test_app/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/test_app/config/initializers/inflections.rb +16 -0
data/spec/test_app/config/initializers/mime_types.rb +4 -0
data/spec/test_app/config/initializers/session_store.rb +3 -0
data/spec/test_app/config/initializers/wrap_parameters.rb +14 -0
data/spec/test_app/config/locales/en.yml +23 -0
data/spec/test_app/config/routes.rb +42 -0
data/spec/test_app/config/secrets.yml +31 -0
data/spec/test_app/db/migrate/20140717182813_create_user_details.rb +10 -0
data/spec/test_app/db/migrate/20140908225256_create_shared_data.rb +10 -0
data/spec/test_app/db/migrate/20140908225604_create_shared_keys.rb +11 -0
data/spec/test_app/db/migrate/20141121190714_create_games.rb +10 -0
data/spec/test_app/public/404.html +67 -0
data/spec/test_app/public/422.html +67 -0
data/spec/test_app/public/500.html +66 -0
data/spec/test_app/public/favicon.ico +0 -0
metadata +552 -0

data/spec/features/session_spec.rb ADDED

@@ -0,0 +1,336 @@
+require 'spec_helper'
+require 'tempfile'
+module DoorMat
+  RSpec.describe 'Actor lifecycle', :type => :feature do
+    include EmailSpec::Helpers
+    include EmailSpec::Matchers
+    let(:user) { {email: 'user@example.com', password: 'k#dkvKfdj38g!', new_password: 'new_k#dkvKfdj38g!'} }
+    it 'shows the signed in user email if leak email address is true' do
+      DoorMat.configuration.leak_email_address_at_reconfirm = true
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      expect(page.find('#sign_in_email').value).to eq('')
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.current_path).to match(/session_protected_page/)
+      wait_less_than_public_computer_session_timeout
+      visit '/account/show'
+      expect(page.body).to have_content('Reconfirm Password')
+      expect(page.body).to have_content(user[:email])
+      DoorMat.configuration.leak_email_address_at_reconfirm = false
+    end
+    it 'does not show the user email if leak email is false' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      expect(page.find('#sign_in_email').value).to eq('')
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.current_path).to match(/session_protected_page/)
+      wait_less_than_public_computer_session_timeout
+      click_link 'Show Account'
+      expect(page.body).to have_content('Reconfirm Password')
+      expect(page.body).not_to have_content(user[:email])
+    end
+    it 'allows the user to change the account password' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      click_link 'Change Password'
+      expect(page.body).to have_content('New password confirmation')
+      fill_in 'change_password_old_password', with: 'wrong_password'
+      fill_in 'change_password_new_password', with: user[:new_password]
+      fill_in 'change_password_new_password_confirmation', with: user[:new_password]
+      click_button 'Change Password'
+      expect(page.body).to have_content('New password confirmation')
+      fill_in 'change_password_old_password', with: user[:password]
+      fill_in 'change_password_new_password', with: user[:new_password]
+      fill_in 'change_password_new_password_confirmation', with: user[:new_password]
+      click_button 'Change Password'
+      expect(page.body).to have_content('You have successfully changed your password')
+      visit '/account/show'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:new_password], false)
+      expect(page.body).to have_content('Static#session_protected_page')
+    end
+    it 'times out a session if the user is not active for too long' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.body).to have_content('Static#session_protected_page')
+      wait_longer_than_public_computer_session_timeout
+      click_link 'Show Account'
+      expect(page.body).not_to have_content('Account#show')
+      expect(page.body).to have_content('Sign In')
+    end
+    it 'does not time out a session if the user if actively used but still require password reconfirm' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      expect(page.body).to have_content('Static#session_protected_page')
+      wait_less_than_public_computer_session_timeout
+      click_link 'Show Account'
+      expect(page.body).to have_content('Reconfirm Password')
+      fill_in 'password', with: 'wrong_password'
+      click_button 'Reconfirm'
+      expect(page.body).not_to have_content('Account#show')
+      fill_in 'password', with: user[:password]
+      click_button 'Reconfirm'
+      expect(page.body).to have_content('Account#show')
+      wait_two_minutes
+      visit '/account/show'
+      expect(page.body).to have_content('Account#show')
+      wait_longer_than_public_computer_session_timeout
+      visit '/account/show'
+      expect(page.body).not_to have_content('Account#show')
+      expect(page.body).to have_content('Sign In')
+    end
+    it 'can terminate other session if logged in from many sessions at the same time' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      Capybara.session_name = 'device_1'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      expect(page).not_to have_button('Terminate')
+      Capybara.session_name = 'device_2'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      Capybara.session_name = 'device_1'
+      visit '/account/show'
+      expect(page.body).to have_content('Account#show')
+      Capybara.session_name = 'device_2'
+      visit '/account/show'
+      expect(page.body).to have_content('Account#show')
+      expect(page).to have_button('Terminate')
+      click_button 'Terminate'
+      reload_page
+      Capybara.session_name = 'device_1'
+      visit '/account/show'
+      expect(page).to have_content('Sign In')
+    end
+    it 'terminates a session where the session key is wrong' do
+      DoorMat::TestHelper.create_signed_up_actor_with_confirmed_email_address(user[:email], user[:password])
+      Capybara.session_name = 'device_1'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      cookie_session_key = get_me_the_cookie('session_key') # steal session key
+      expect(DoorMat::Session.count).to eq(1)
+      Capybara.session_name = 'device_2'
+      visit '/sign_in'
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Account#show')
+      expect(DoorMat::Session.count).to eq(2)
+      create_cookie('session_key', cookie_session_key[:value]) # try to use it with a different session
+      reload_page
+      expect(page).to have_content('Sign In')
+      expect(DoorMat::Session.count).to eq(1)
+    end
+    it 'Sign up, confirm email, download recovery key file and do password recovery' do
+      visit '/sign_up'
+      fill_sign_up_form(user[:email], user[:password])
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      # Obtain the recovery key 'inline' instead of from 'attachment'
+      # http://stackoverflow.com/questions/15739423/downloading-file-to-specific-folder-using-capybara-and-poltergeist-driver
+      # https://github.com/ariya/phantomjs/issues/10052
+      fill_sign_in_form(user[:email], user[:password], false)
+      click_link 'Show Account'
+      set_hidden_input_value('#disposition', 'inline')
+      click_button 'Download'
+      recovery_key = page.find(:css, 'pre').text
+      visit '/account/show'
+      click_link 'Sign Out'
+      click_link 'Sign In'
+      click_link 'Forgot your password?'
+      fill_in 'forgot_password_email', with: user[:email]
+      click_button 'Reset'
+      expect(page.body).to have_content('forgot_password_verification_mail_sent')
+      wait_two_minutes
+      # This new request before forgot_password_link_request_delay does not send a new email
+      visit '/sign_in'
+      click_link 'Forgot your password?'
+      fill_in 'forgot_password_email', with: user[:email]
+      click_button 'Reset'
+      expect(page.body).to have_content('forgot_password_verification_mail_sent')
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /choose_new_password/.match(url)}.first
+      visit confirm_email_url
+      fill_in 'forgot_password_email', with: user[:email]
+      fill_in 'forgot_password_password', with: user[:new_password]
+      fill_in 'forgot_password_password_confirmation', with: user[:new_password]
+      Tempfile.open('prefix', Rails.root.join('tmp') ) do |f|
+        f.print(recovery_key)
+        f.flush
+        f.close
+        attach_file('forgot_password_recovery_key', f.path)
+        click_button 'Reset'
+      end
+      fill_sign_in_form(user[:email], user[:new_password], false)
+      click_link 'Show Account'
+      expect(page.body).to have_content('Click below to download your recovery key')
+    end
+    it 'Sign up, confirm email, download recovery key file and do password recovery but wait too long before using the recovery link' do
+      visit '/sign_up'
+      fill_sign_up_form(user[:email], user[:password])
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      # Obtain the recovery key 'inline' instead of from 'attachment'
+      # http://stackoverflow.com/questions/15739423/downloading-file-to-specific-folder-using-capybara-and-poltergeist-driver
+      # https://github.com/ariya/phantomjs/issues/10052
+      fill_sign_in_form(user[:email], user[:password], false)
+      click_link 'Show Account'
+      set_hidden_input_value('#disposition', 'inline')
+      click_button 'Download'
+      recovery_key = page.find(:css, 'pre').text
+      visit '/account/show'
+      click_link 'Sign Out'
+      click_link 'Sign In'
+      click_link 'Forgot your password?'
+      fill_in 'forgot_password_email', with: user[:email]
+      click_button 'Reset'
+      expect(page.body).to have_content('forgot_password_verification_mail_sent')
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /choose_new_password/.match(url)}.first
+      wait_two_days
+      visit confirm_email_url
+      fill_in 'forgot_password_email', with: user[:email]
+      fill_in 'forgot_password_password', with: user[:new_password]
+      fill_in 'forgot_password_password_confirmation', with: user[:new_password]
+      Tempfile.open('prefix', Rails.root.join('tmp') ) do |f|
+        f.print(recovery_key)
+        f.flush
+        f.close
+        attach_file('forgot_password_recovery_key', f.path)
+        click_button 'Reset'
+      end
+      expect(page.body).to have_content('Please make a new request')
+    end
+    it 'Sign up and request a new email reconfirmation email, add a new email and attempt to use it to visit account/show before it is confirmed' do
+      visit '/sign_up'
+      fill_sign_up_form(user[:email], user[:password])
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      _ = open_last_email_for(user[:email])
+      click_link 'Show Account'
+      wait_longer_than_public_computer_session_timeout
+      click_button 'Resend confirmation email'
+      expect(page.current_path).to match(/sign_in/)
+      fill_sign_in_form(user[:email], user[:password])
+      click_link 'Show Account'
+      click_button 'Resend confirmation email'
+      expect(unread_emails_for(user[:email]).size).to eq(parse_email_count(1))
+      e = open_last_email_for(user[:email])
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      expect(DoorMat::Email.all.first.primary?).to be_truthy
+      expect(page.body).to match(/You are currently logged in as:.*user@example.com.*User Name/m)
+      click_link 'Add new email'
+      fill_in 'email_address', with: 'new_user@example.com'
+      click_button 'Add email'
+      click_link 'Sign Out'
+      visit '/sign_in'
+      fill_sign_in_form('new_user@example.com', user[:password])
+      click_link 'Show Account'
+      expect(page.body).to have_content('Please confirm your email address')
+      expect(unread_emails_for('new_user@example.com').size).to eq(parse_email_count(1))
+      e = open_last_email_for('new_user@example.com')
+      confirm_email_url = links_in_email(e).select {|url| /confirm_email/.match(url)}.first
+      visit confirm_email_url
+      visit '/account/show'
+      expect(DoorMat::Email.all.last.confirmed?).to be_truthy
+      expect(page.body).to match(/You are currently logged in as:.*new_user@example.com.*User Name/m)
+    end
+  end
+end

data/spec/lib/attr_store_spec.rb ADDED

@@ -0,0 +1,237 @@
+require 'spec_helper'
+module DoorMat
+  describe "DoorMat attr_store" do
+    it 'must belong to an Actor' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeRandomClassA < ActiveRecord::Base
+          include DoorMat::AttrSymmetricStore
+          def self.columns()
+            @columns ||= [];
+          end
+          def self.column(name, sql_type = nil, default = nil, null = true)
+            columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+          end
+          column :name, :string
+          attr_symmetric_store :name
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_symmetric_store records must belong to a DoorMat::Actor/)
+    end
+    it 'must be a string or text field' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeRandomClassB < ActiveRecord::Base
+          include DoorMat::AttrSymmetricStore
+          def self.columns()
+            @columns ||= [];
+          end
+          def self.column(name, sql_type = nil, default = nil, null = true)
+            columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+          end
+          column :actor_id, :int
+          column :counter, :int
+          belongs_to :actor, class_name: 'DoorMat::Actor'
+          attr_symmetric_store :counter
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_symmetric_store only support text and string column types/)
+    end
+    it "Encrypt and decrypt data when current session is valid" do
+      actor, session = TestHelper::create_signed_in_actor_with_confirmed_email_address
+      details = UserDetail.new
+      details.name = "Secret User Name"
+      actor.user_detail = details
+      actor.save!
+      confirm_details = UserDetail.all.first
+      expect(details.name).to eq(confirm_details.name)
+      expect(details.__id__).not_to eq(confirm_details.__id__)
+      encrypted_details_name = ''
+      DoorMat::Crypto.skip_crypto_callback { encrypted_details_name = UserDetail.all.first.name }
+      expect(encrypted_details_name).not_to eq("Secret User Name")
+      expect(encrypted_details_name).not_to eq(UserDetail.all.first.name)
+      expect(encrypted_details_name).not_to eq('')
+    end
+    it "Respects string encoding" do
+      actor, _ = TestHelper::create_signed_in_actor_with_confirmed_email_address
+      details = UserDetail.new
+      details.name = "Secret User Name"
+      encoding_before = details.name.encoding.name
+      actor.user_detail = details
+      actor.save!
+      confirm_details = UserDetail.all.first
+      encoding_after = confirm_details.name.encoding.name
+      expect(details.name).to eq(confirm_details.name)
+      expect(details.__id__).not_to eq(confirm_details.__id__)
+      expect(encoding_before).to eq(encoding_after)
+    end
+  end
+  describe "DoorMat attr_asymmetric_store" do
+    it 'must belong to an Actor' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeSharedKeyA < ActiveRecord::Base
+          include DoorMat::AttrAsymmetricStore
+            def self.columns()
+              @columns ||= [];
+            end
+            def self.column(name, sql_type = nil, default = nil, null = true)
+              columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+            end
+            column :key, :string
+          attr_asymmetric_store :key
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_asymmetric_store records must belong to a DoorMat::Actor/)
+    end
+    it 'must be a string or text field' do
+      allow(ActiveRecord::Base).to receive(:table_exists?).and_return(true)
+      expect {
+        class SomeSharedKeyB < ActiveRecord::Base
+          include DoorMat::AttrAsymmetricStore
+          def self.columns()
+            @columns ||= [];
+          end
+          def self.column(name, sql_type = nil, default = nil, null = true)
+            columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+          end
+          column :actor_id, :int
+          column :key, :int
+          belongs_to :actor, class_name: 'DoorMat::Actor'
+          attr_asymmetric_store :key
+        end
+      }.to raise_error(ActiveRecord::ActiveRecordError, /attr_asymmetric_store only support text and string column types/)
+    end
+    it "Encrypt and decrypt data when current session is valid" do
+      alice = TestHelper::create_signed_up_actor_with_confirmed_email_address("alice@example.com", 'pwd_alice_1')
+      bob, _ = TestHelper::create_signed_in_actor_with_confirmed_email_address("bob@example.com", 'pwd_bob_1')
+      random_key = DoorMat::Crypto::SymmetricStore.random_key
+      original_document = "fyi document"
+      original_exp_date = 2.days.from_now.strftime("%Y%m%d")
+      document, exp_date = DoorMat::Crypto.encrypt_shared([original_document, original_exp_date], random_key)
+      shared_data = SharedData.new
+      shared_data.document = document
+      shared_data.expiration_date = exp_date
+      shared_key_alice = SharedKey.new
+      shared_key_alice.actor = alice
+      shared_key_alice.shared_data = shared_data
+      shared_key_alice.key = random_key
+      shared_key_bob = SharedKey.new
+      shared_key_bob.actor = bob
+      shared_key_bob.shared_data = shared_data
+      shared_key_bob.key = random_key
+      shared_key_alice.save!
+      shared_key_bob.save!
+      expect(SharedKey.all.first.key).not_to eq(SharedKey.all.last.key)
+      Session.clear_current_session
+      alice, _ = TestHelper::sign_in_existing_actor("alice@example.com", 'pwd_alice_1')
+      shared_key = alice.shared_keys.first
+      expect(shared_key.key).to eq(random_key)
+      document, exp_date = DoorMat::Crypto.decrypt_shared([shared_key.shared_data.document, shared_key.shared_data.expiration_date], shared_key.key)
+      expect(original_document).to eq(document)
+      expect(original_exp_date).to eq(exp_date)
+      Session.clear_current_session
+      bob, _ = TestHelper::sign_in_existing_actor("bob@example.com", 'pwd_bob_1')
+      new_password = "new_password!"
+      DoorMat::Process::ActorPasswordChange.with(bob, new_password, 'pwd_bob_1')
+      Session.clear_current_session
+      bob, _ = TestHelper::sign_in_existing_actor("bob@example.com", new_password)
+      shared_key = bob.shared_keys.first
+      expect(shared_key.key).to eq(random_key)
+      document, exp_date = DoorMat::Crypto.decrypt_shared([shared_key.shared_data.document, shared_key.shared_data.expiration_date], shared_key.key)
+      expect(original_document).to eq(document)
+      expect(original_exp_date).to eq(exp_date)
+      expect(bob.id).not_to eq(alice.id)
+    end
+    it "leaves the attribute as is if the actor is not set" do
+      alice = TestHelper::create_signed_up_actor_with_confirmed_email_address("alice@example.com")
+      plain_text_message = 'Anybody can read this'
+      first_shared_key = SharedKey.new
+      first_shared_key.key = plain_text_message
+      first_shared_key.save
+      last_shared_key = SharedKey.new
+      last_shared_key.actor = alice
+      last_shared_key.key = plain_text_message
+      last_shared_key.save
+      shared_key_w_no_actor = nil
+      shared_key_w_actor = nil
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_no_actor = SharedKey.first }
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_actor = SharedKey.last }
+      expect(shared_key_w_no_actor.key).to eq(plain_text_message)
+      expect(shared_key_w_no_actor.key).not_to eq(shared_key_w_actor.key)
+      expect(shared_key_w_no_actor.id).not_to eq(shared_key_w_actor.id)
+    end
+    it "leaves the attribute as is if blank" do
+      alice = TestHelper::create_signed_up_actor_with_confirmed_email_address("alice@example.com")
+      blank_text_message = ''
+      first_shared_key = SharedKey.new
+      first_shared_key.key = blank_text_message
+      first_shared_key.save
+      last_shared_key = SharedKey.new
+      last_shared_key.actor = alice
+      last_shared_key.key = blank_text_message
+      last_shared_key.save
+      shared_key_w_no_actor = nil
+      shared_key_w_actor = nil
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_no_actor = SharedKey.first }
+      DoorMat::Crypto.skip_crypto_callback { shared_key_w_actor = SharedKey.last }
+      expect(shared_key_w_no_actor.key.blank?).to be true
+      expect(shared_key_w_actor.key.blank?).to be true
+      expect(shared_key_w_no_actor.id).not_to eq(shared_key_w_actor.id)
+    end
+  end
+end