entrance 0.3.2 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- data/examples/sinatra-app/README.md +1 -0
- data/lib/entrance/addons/omniauth.rb +1 -1
- data/lib/entrance/ciphers.rb +2 -2
- data/lib/entrance/controller.rb +7 -15
- data/lib/entrance/model.rb +5 -5
- data/lib/entrance/version.rb +1 -1
- data/lib/entrance.rb +1 -1
- data/spec/controller_spec.rb +332 -0
- data/spec/fake_model.rb +52 -0
- metadata +3 -1
@@ -7,6 +7,7 @@ To run:
|
|
7
7
|
git clone https://github.com/tomas/entrance
|
8
8
|
cd entrance/examples/sinatra-app
|
9
9
|
bundle install
|
10
|
+
# (start mongo, eg 'mongodb --dbpath=/var/lib/mongodb')
|
10
11
|
bundle exec puma
|
11
12
|
|
12
13
|
And ready-o. Then point your browser to localhost:9292 and sign up, then sign in using your credentials.
|
data/lib/entrance/ciphers.rb
CHANGED
@@ -14,7 +14,7 @@ module Entrance
|
|
14
14
|
# same logic as restful authentication
|
15
15
|
def self.encrypt(password, salt)
|
16
16
|
digest = Entrance.config.secret
|
17
|
-
raise "Secret not set!" if digest.
|
17
|
+
raise "Secret not set!" if digest.nil? or digest.strip == ''
|
18
18
|
|
19
19
|
Entrance.config.stretches.times do
|
20
20
|
str = [digest, salt, password, Entrance.config.secret].join(JOIN_STRING)
|
@@ -43,4 +43,4 @@ module Entrance
|
|
43
43
|
|
44
44
|
end
|
45
45
|
|
46
|
-
end
|
46
|
+
end
|
data/lib/entrance/controller.rb
CHANGED
@@ -130,19 +130,11 @@ module Entrance
|
|
130
130
|
# compat stuff between rails & sinatra
|
131
131
|
|
132
132
|
def set_cookie!(name, cookie)
|
133
|
-
|
134
|
-
cookies[name] = cookie
|
135
|
-
else
|
136
|
-
response.set_cookie(name, cookie)
|
137
|
-
end
|
133
|
+
response.set_cookie(name, cookie)
|
138
134
|
end
|
139
135
|
|
140
136
|
def delete_cookie!(name)
|
141
|
-
|
142
|
-
cookies.delete(name)
|
143
|
-
else
|
144
|
-
response.delete_cookie(name)
|
145
|
-
end
|
137
|
+
response.delete_cookie(name)
|
146
138
|
end
|
147
139
|
|
148
140
|
def return_401
|
@@ -153,11 +145,6 @@ module Entrance
|
|
153
145
|
end
|
154
146
|
end
|
155
147
|
|
156
|
-
def redirect_with(url, type, message)
|
157
|
-
flash[type] = message if respond_to?(:flash)
|
158
|
-
common_redirect(url)
|
159
|
-
end
|
160
|
-
|
161
148
|
def set_flash_message
|
162
149
|
return unless respond_to?(:flash)
|
163
150
|
|
@@ -168,6 +155,11 @@ module Entrance
|
|
168
155
|
end
|
169
156
|
end
|
170
157
|
|
158
|
+
def redirect_with(url, type, message)
|
159
|
+
flash[type] = message if respond_to?(:flash)
|
160
|
+
common_redirect(url)
|
161
|
+
end
|
162
|
+
|
171
163
|
# when redirecting to stored_path
|
172
164
|
def common_redirect(url, with_base = false)
|
173
165
|
if respond_to?(:redirect)
|
data/lib/entrance/model.rb
CHANGED
@@ -61,7 +61,7 @@ module Entrance
|
|
61
61
|
end
|
62
62
|
|
63
63
|
def authenticate(username, password)
|
64
|
-
return if username.
|
64
|
+
return if [username, password].any? { |v| v.nil? || v.strip == '' }
|
65
65
|
|
66
66
|
query = {}
|
67
67
|
query[Entrance.config.username_attr] = username.to_s.downcase.strip
|
@@ -72,7 +72,7 @@ module Entrance
|
|
72
72
|
|
73
73
|
def with_password_reset_token(token)
|
74
74
|
Entrance.config.permit!(:reset)
|
75
|
-
return if token.
|
75
|
+
return if token.nil?
|
76
76
|
|
77
77
|
query = {}
|
78
78
|
query[Entrance.config.reset_token_attr] = token.to_s.strip
|
@@ -130,14 +130,14 @@ module Entrance
|
|
130
130
|
end
|
131
131
|
|
132
132
|
def password=(new_password)
|
133
|
-
return if new_password.
|
133
|
+
return if new_password.nil?
|
134
134
|
|
135
135
|
@password = new_password # for validation
|
136
136
|
@password_changed = true
|
137
137
|
|
138
138
|
# if we're using salt and it is empty, generate one
|
139
139
|
if Entrance.config.salt_attr \
|
140
|
-
and send(Entrance.config.salt_attr).
|
140
|
+
and send(Entrance.config.salt_attr).nil?
|
141
141
|
self.send(Entrance.config.salt_attr + '=', Entrance.generate_token)
|
142
142
|
end
|
143
143
|
|
@@ -159,7 +159,7 @@ module Entrance
|
|
159
159
|
end
|
160
160
|
|
161
161
|
def password_required?
|
162
|
-
password.
|
162
|
+
password.nil? || @password_changed
|
163
163
|
end
|
164
164
|
|
165
165
|
end
|
data/lib/entrance/version.rb
CHANGED
data/lib/entrance.rb
CHANGED
@@ -0,0 +1,332 @@
|
|
1
|
+
require './lib/entrance/controller'
|
2
|
+
require './spec/fake_model'
|
3
|
+
require 'rspec/mocks'
|
4
|
+
|
5
|
+
describe 'Controller' do
|
6
|
+
|
7
|
+
class TestController
|
8
|
+
include Entrance::Controller
|
9
|
+
|
10
|
+
def session
|
11
|
+
@session ||= {}
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
let(:controller) { TestController.new }
|
16
|
+
|
17
|
+
describe 'when included' do
|
18
|
+
|
19
|
+
describe 'if receiver does not respond_to #helper_method' do
|
20
|
+
|
21
|
+
class EmptyClass; end
|
22
|
+
|
23
|
+
it 'does not explode' do
|
24
|
+
EmptyClass.should_not_receive(:helper_method).once
|
25
|
+
|
26
|
+
class EmptyClass
|
27
|
+
include Entrance::Controller
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
|
33
|
+
describe 'if received responds_to #helper_method' do
|
34
|
+
|
35
|
+
class FooClass
|
36
|
+
def helper_method(list)
|
37
|
+
# puts 'received'
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'calls that method' do
|
42
|
+
FooClass.should_receive(:helper_method).once
|
43
|
+
|
44
|
+
class FooClass
|
45
|
+
include Entrance::Controller
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
|
53
|
+
# authenticate_and_login(username, password, remember_me = false)
|
54
|
+
describe '.authenticate_and_login' do
|
55
|
+
|
56
|
+
describe 'blank username' do
|
57
|
+
|
58
|
+
it 'does not call login!' do
|
59
|
+
controller.should_not_receive(:login!)
|
60
|
+
controller.authenticate_and_login('', 'test')
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
64
|
+
|
65
|
+
describe 'valid username' do
|
66
|
+
|
67
|
+
describe 'blank password' do
|
68
|
+
|
69
|
+
it 'does not call login!' do
|
70
|
+
controller.should_not_receive(:login!)
|
71
|
+
controller.authenticate_and_login('test@test.com', '')
|
72
|
+
end
|
73
|
+
|
74
|
+
end
|
75
|
+
|
76
|
+
describe 'invalid password' do
|
77
|
+
|
78
|
+
it 'does not call login!' do
|
79
|
+
controller.should_not_receive(:login!)
|
80
|
+
controller.authenticate_and_login('test@test.com', 'invalid')
|
81
|
+
end
|
82
|
+
|
83
|
+
end
|
84
|
+
|
85
|
+
describe 'valid password' do
|
86
|
+
|
87
|
+
it 'calls login!' do
|
88
|
+
controller.should_receive(:login!).and_return(FakeUser.new)
|
89
|
+
controller.authenticate_and_login('test@test.com', 'test')
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'returns user' do
|
93
|
+
controller.should_receive(:login!).and_return(FakeUser.new)
|
94
|
+
res = controller.authenticate_and_login('test@test.com', 'test')
|
95
|
+
res.should be_a FakeUser
|
96
|
+
end
|
97
|
+
|
98
|
+
describe 'no remember_me' do
|
99
|
+
|
100
|
+
it 'does not set remember cookie' do
|
101
|
+
FakeUser.any_instance.should_not_receive('remember_me!')
|
102
|
+
controller.should_not_receive(:set_remember_cookie)
|
103
|
+
controller.authenticate_and_login('test@test.com', 'test')
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
|
108
|
+
describe 'remember_me = false' do
|
109
|
+
|
110
|
+
it 'does not call user.set_remember_token' do
|
111
|
+
FakeUser.any_instance.should_not_receive('remember_me!')
|
112
|
+
controller.should_not_receive(:set_remember_cookie)
|
113
|
+
controller.authenticate_and_login('test@test.com', 'test')
|
114
|
+
end
|
115
|
+
|
116
|
+
end
|
117
|
+
|
118
|
+
describe 'remember_me = true' do
|
119
|
+
|
120
|
+
describe 'if remember option is disabled' do
|
121
|
+
|
122
|
+
it 'does not set remember cookie' do
|
123
|
+
FakeUser.any_instance.should_not_receive('remember_me!')
|
124
|
+
controller.should_not_receive(:set_remember_cookie)
|
125
|
+
controller.authenticate_and_login('test@test.com', 'test')
|
126
|
+
end
|
127
|
+
|
128
|
+
end
|
129
|
+
|
130
|
+
describe 'if remember option is enabled' do
|
131
|
+
|
132
|
+
before do
|
133
|
+
Entrance.config.stub(:can?).and_return(true)
|
134
|
+
end
|
135
|
+
|
136
|
+
it 'calls set_remember_cookie' do
|
137
|
+
FakeUser.any_instance.should_receive('remember_me!').and_return('foobar')
|
138
|
+
controller.should_receive(:set_remember_cookie)
|
139
|
+
controller.authenticate_and_login('test@test.com', 'test', true)
|
140
|
+
end
|
141
|
+
|
142
|
+
end
|
143
|
+
|
144
|
+
end
|
145
|
+
|
146
|
+
end
|
147
|
+
|
148
|
+
end
|
149
|
+
|
150
|
+
end
|
151
|
+
|
152
|
+
# login!(user, remember_me = false)
|
153
|
+
describe 'login!' do
|
154
|
+
|
155
|
+
describe 'with invalid user' do
|
156
|
+
|
157
|
+
it 'raises error' do
|
158
|
+
expect do
|
159
|
+
controller.login! 'foobar'
|
160
|
+
end.to raise_error(RuntimeError)
|
161
|
+
end
|
162
|
+
|
163
|
+
end
|
164
|
+
|
165
|
+
describe 'with valid user' do
|
166
|
+
|
167
|
+
let(:user) {
|
168
|
+
user = FakeUser.new
|
169
|
+
user.email = 'aaa@bbb.com'
|
170
|
+
user
|
171
|
+
}
|
172
|
+
|
173
|
+
it 'calls current_user setter' do
|
174
|
+
controller.should_receive(:current_user=).with(user).and_return(true)
|
175
|
+
controller.login!(user)
|
176
|
+
end
|
177
|
+
|
178
|
+
it 'sets user_id in session' do
|
179
|
+
controller.login!(user)
|
180
|
+
controller.session[:user_id].should == 'aaa@bbb.com'
|
181
|
+
end
|
182
|
+
|
183
|
+
describe 'with remember_me true' do
|
184
|
+
|
185
|
+
# this is basically tested above so we can skip it
|
186
|
+
|
187
|
+
end
|
188
|
+
|
189
|
+
end
|
190
|
+
|
191
|
+
end
|
192
|
+
|
193
|
+
# logout!
|
194
|
+
describe 'logout!' do
|
195
|
+
|
196
|
+
describe 'with empty session' do
|
197
|
+
|
198
|
+
before do
|
199
|
+
controller.session.should be_empty
|
200
|
+
end
|
201
|
+
|
202
|
+
it 'leaves session as it is' do
|
203
|
+
controller.logout!
|
204
|
+
controller.session.should be_empty
|
205
|
+
end
|
206
|
+
|
207
|
+
end
|
208
|
+
|
209
|
+
describe 'with existing user_id in session' do
|
210
|
+
|
211
|
+
before do
|
212
|
+
controller.session[:user_id] = '1234'
|
213
|
+
end
|
214
|
+
|
215
|
+
it 'sets user_id to nil' do
|
216
|
+
controller.logout!
|
217
|
+
controller.session[:user_id].should be_nil
|
218
|
+
end
|
219
|
+
|
220
|
+
end
|
221
|
+
|
222
|
+
end
|
223
|
+
|
224
|
+
describe 'current_user' do
|
225
|
+
|
226
|
+
describe 'with @current_user instance var not set' do
|
227
|
+
|
228
|
+
before do
|
229
|
+
controller.instance_variable_get('@current_user').should be_nil
|
230
|
+
end
|
231
|
+
|
232
|
+
it 'calls login_from_session' do
|
233
|
+
controller.should_receive(:login_from_session)
|
234
|
+
controller.current_user
|
235
|
+
end
|
236
|
+
|
237
|
+
describe 'login_from_session succeeds' do
|
238
|
+
|
239
|
+
it 'returns user' do
|
240
|
+
controller.should_receive(:login_from_session).and_return(FakeUser.new)
|
241
|
+
res = controller.current_user
|
242
|
+
res.should be_a FakeUser
|
243
|
+
end
|
244
|
+
|
245
|
+
it 'does not call login_with_cookie' do
|
246
|
+
controller.should_receive(:login_from_session).and_return(FakeUser.new)
|
247
|
+
controller.should_not_receive(:login_from_cookie)
|
248
|
+
controller.current_user
|
249
|
+
end
|
250
|
+
|
251
|
+
end
|
252
|
+
|
253
|
+
describe 'login_from_session fails' do
|
254
|
+
|
255
|
+
it 'calls login_with_cookie' do
|
256
|
+
controller.should_receive(:login_from_session).and_return(nil)
|
257
|
+
controller.should_receive(:login_from_cookie)
|
258
|
+
controller.current_user
|
259
|
+
end
|
260
|
+
|
261
|
+
describe 'login_from_cookie succeeds' do
|
262
|
+
|
263
|
+
it 'returns user' do
|
264
|
+
controller.should_receive(:login_from_session).and_return(nil)
|
265
|
+
controller.should_receive(:login_from_cookie).and_return(FakeUser.new)
|
266
|
+
res = controller.current_user
|
267
|
+
res.should be_a FakeUser
|
268
|
+
end
|
269
|
+
|
270
|
+
end
|
271
|
+
|
272
|
+
end
|
273
|
+
|
274
|
+
end
|
275
|
+
|
276
|
+
describe 'with @current_user instance var set' do
|
277
|
+
|
278
|
+
before do
|
279
|
+
@user = FakeUser.new
|
280
|
+
controller.instance_variable_set('@current_user', @user)
|
281
|
+
end
|
282
|
+
|
283
|
+
it 'does not call login_from_session' do
|
284
|
+
controller.should_not_receive(:login_from_session)
|
285
|
+
controller.current_user
|
286
|
+
end
|
287
|
+
|
288
|
+
end
|
289
|
+
|
290
|
+
end
|
291
|
+
|
292
|
+
|
293
|
+
describe 'logged_in?' do
|
294
|
+
|
295
|
+
end
|
296
|
+
|
297
|
+
describe 'logged_out?' do
|
298
|
+
|
299
|
+
end
|
300
|
+
|
301
|
+
describe 'login_required' do
|
302
|
+
|
303
|
+
describe 'if logged in' do
|
304
|
+
|
305
|
+
before do
|
306
|
+
controller.stub(:logged_in?).and_return(true)
|
307
|
+
end
|
308
|
+
|
309
|
+
it 'does not call access_denied' do
|
310
|
+
controller.should_not_receive(:access_denied)
|
311
|
+
controller.login_required
|
312
|
+
end
|
313
|
+
|
314
|
+
end
|
315
|
+
|
316
|
+
describe 'if logged out' do
|
317
|
+
|
318
|
+
before do
|
319
|
+
controller.stub(:logged_in?).and_return(false)
|
320
|
+
end
|
321
|
+
|
322
|
+
it 'calls access_denied' do
|
323
|
+
controller.should_receive(:access_denied)
|
324
|
+
controller.login_required
|
325
|
+
end
|
326
|
+
|
327
|
+
end
|
328
|
+
|
329
|
+
end
|
330
|
+
|
331
|
+
|
332
|
+
end
|
data/spec/fake_model.rb
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'entrance'
|
2
|
+
|
3
|
+
Entrance.configure do |config|
|
4
|
+
config.model = 'FakeUser'
|
5
|
+
config.unique_key = 'email'
|
6
|
+
config.username_attr = 'email'
|
7
|
+
config.password_attr = 'password'
|
8
|
+
|
9
|
+
# disabling reset password and remember options
|
10
|
+
config.reset_token_attr = nil
|
11
|
+
config.remember_token_attr = nil
|
12
|
+
# config.cookie_secure = false
|
13
|
+
|
14
|
+
config.access_denied_redirect_to = '/login'
|
15
|
+
end
|
16
|
+
|
17
|
+
############################################################
|
18
|
+
# admin user model
|
19
|
+
|
20
|
+
class FakeUser
|
21
|
+
attr_accessor :email, :password #, :remember_token
|
22
|
+
|
23
|
+
USERS = {
|
24
|
+
'test@test.com' => 'test',
|
25
|
+
'foo@test.com' => 'foo'
|
26
|
+
}
|
27
|
+
|
28
|
+
def self.where(query)
|
29
|
+
email = query['email']
|
30
|
+
# puts "User logging in: #{email}"
|
31
|
+
return [] unless USERS[email]
|
32
|
+
|
33
|
+
user = new
|
34
|
+
user.email = email
|
35
|
+
user.password = USERS[email]
|
36
|
+
|
37
|
+
# puts "Initialized user: #{user.inspect}"
|
38
|
+
[user]
|
39
|
+
end
|
40
|
+
|
41
|
+
def update_attribute(key, val)
|
42
|
+
# puts "Updating #{key} -> #{val}"
|
43
|
+
send("#{key}=", val)
|
44
|
+
end
|
45
|
+
|
46
|
+
def authenticated?(string)
|
47
|
+
password == string
|
48
|
+
end
|
49
|
+
|
50
|
+
include Entrance::Model # ensure after we declare the .where method
|
51
|
+
|
52
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: entrance
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -119,6 +119,8 @@ files:
|
|
119
119
|
- lib/entrance/controller.rb
|
120
120
|
- lib/entrance/model.rb
|
121
121
|
- lib/entrance/version.rb
|
122
|
+
- spec/controller_spec.rb
|
123
|
+
- spec/fake_model.rb
|
122
124
|
homepage: https://github.com/tomas/entrance
|
123
125
|
licenses: []
|
124
126
|
post_install_message:
|