expertiza-authlogic 2.1.6.1

data/test/acts_as_authentic_test/perishable_token_test.rb

@@ -0,0 +1,90 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class PerishableTokenTest < ActiveSupport::TestCase
+    def test_perishable_token_valid_for_config
+      assert_equal 10.minutes.to_i, User.perishable_token_valid_for
+      assert_equal 10.minutes.to_i, Employee.perishable_token_valid_for
+      
+      User.perishable_token_valid_for = 1.hour
+      assert_equal 1.hour.to_i, User.perishable_token_valid_for
+      User.perishable_token_valid_for 10.minutes
+      assert_equal 10.minutes.to_i, User.perishable_token_valid_for
+    end
+    
+    def test_disable_perishable_token_maintenance_config
+      assert !User.disable_perishable_token_maintenance
+      assert !Employee.disable_perishable_token_maintenance
+      
+      User.disable_perishable_token_maintenance = true
+      assert User.disable_perishable_token_maintenance
+      User.disable_perishable_token_maintenance false
+      assert !User.disable_perishable_token_maintenance
+    end
+    
+    def test_validates_uniqueness_of_perishable_token
+      u = User.new
+      u.perishable_token = users(:ben).perishable_token
+      assert !u.valid?
+      assert u.errors[:perishable_token].size > 0
+    end
+    
+    def test_before_save_reset_perishable_token
+      ben = users(:ben)
+      old_perishable_token = ben.perishable_token
+      assert ben.save
+      assert_not_equal old_perishable_token, ben.perishable_token
+    end
+    
+    def test_reset_perishable_token
+      ben = users(:ben)
+      old_perishable_token = ben.perishable_token
+      
+      assert ben.reset_perishable_token
+      assert_not_equal old_perishable_token, ben.perishable_token
+      
+      ben.reload
+      assert_equal old_perishable_token, ben.perishable_token
+      
+      assert ben.reset_perishable_token!
+      assert_not_equal old_perishable_token, ben.perishable_token
+      
+      ben.reload
+      assert_not_equal old_perishable_token, ben.perishable_token
+    end
+    
+    def test_find_using_perishable_token
+      ben = users(:ben)
+      assert_equal ben, User.find_using_perishable_token(ben.perishable_token)
+    end
+    
+    def test_find_using_perishable_token_when_perished
+      ben = users(:ben)
+      ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{1.week.ago.to_s(:db)}' where id = #{ben.id}")
+      assert_nil User.find_using_perishable_token(ben.perishable_token)
+    end
+    
+    def test_find_using_perishable_token_when_perished
+      User.perishable_token_valid_for = 1.minute
+      ben = users(:ben)
+      ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{2.minutes.ago.to_s(:db)}' where id = #{ben.id}")
+      assert_nil User.find_using_perishable_token(ben.perishable_token)
+      User.perishable_token_valid_for = 10.minutes
+    end
+    
+    def test_find_using_perishable_token_when_passing_threshold
+      User.perishable_token_valid_for = 1.minute
+      ben = users(:ben)
+      ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{10.minutes.ago.to_s(:db)}' where id = #{ben.id}")
+      assert_nil User.find_using_perishable_token(ben.perishable_token, 5.minutes)
+      assert_equal ben, User.find_using_perishable_token(ben.perishable_token, 20.minutes)
+      User.perishable_token_valid_for = 10.minutes
+    end
+
+    def test_find_perishable_token_with_bang
+      assert_raises ActiveRecord::RecordNotFound do
+        User.find_using_perishable_token!('some_bad_value')
+      end
+    end
+  end
+end

data/test/acts_as_authentic_test/persistence_token_test.rb

@@ -0,0 +1,55 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class PersistenceTokenTest < ActiveSupport::TestCase
+    def test_after_password_set_reset_persistence_token
+      ben = users(:ben)
+      old_persistence_token = ben.persistence_token
+      ben.password = "newpass"
+      assert_not_equal old_persistence_token, ben.persistence_token
+    end
+    
+    def test_after_password_verification_reset_persistence_token
+      ben = users(:ben)
+      old_persistence_token = ben.persistence_token
+      assert ben.valid_password?(password_for(ben))
+      assert_equal old_persistence_token, ben.persistence_token
+      
+      # only update it if it is nil
+      assert ben.update_attribute(:persistence_token, nil)
+      assert ben.valid_password?(password_for(ben))
+      assert_not_equal old_persistence_token, ben.persistence_token
+    end
+    
+    def test_before_validate_reset_persistence_token
+      u = User.new
+      assert !u.valid?
+      assert_not_nil u.persistence_token
+    end
+    
+    def test_forget_all
+      http_basic_auth_for(users(:ben)) { UserSession.find }
+      http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
+      assert UserSession.find
+      assert UserSession.find(:ziggity_zack)
+      User.forget_all
+      assert !UserSession.find
+      assert !UserSession.find(:ziggity_zack)
+    end
+    
+    def test_forget
+      ben = users(:ben)
+      zack = users(:zack)
+      http_basic_auth_for(ben) { UserSession.find }
+      http_basic_auth_for(zack) { UserSession.find(:ziggity_zack) }
+
+      assert ben.reload.logged_in?
+      assert zack.reload.logged_in?
+
+      ben.forget!
+
+      assert !UserSession.find
+      assert UserSession.find(:ziggity_zack)
+    end
+  end
+end

data/test/acts_as_authentic_test/restful_authentication_test.rb

@@ -0,0 +1,40 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class RestfulAuthenticationTest < ActiveSupport::TestCase
+    def test_act_like_restful_authentication_config
+      assert !User.act_like_restful_authentication
+      assert !Employee.act_like_restful_authentication
+  
+      User.act_like_restful_authentication = true
+      assert User.act_like_restful_authentication
+      assert_equal Authlogic::CryptoProviders::Sha1, User.crypto_provider
+      assert defined?(::REST_AUTH_SITE_KEY)
+      assert_equal '', ::REST_AUTH_SITE_KEY
+      assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
+
+      User.act_like_restful_authentication false
+      assert !User.act_like_restful_authentication
+  
+      User.crypto_provider = Authlogic::CryptoProviders::Sha512
+      User.transition_from_crypto_providers = []
+    end
+
+    def test_transition_from_restful_authentication_config
+      assert !User.transition_from_restful_authentication
+      assert !Employee.transition_from_restful_authentication
+      
+      User.transition_from_restful_authentication = true
+      assert User.transition_from_restful_authentication
+      assert defined?(::REST_AUTH_SITE_KEY)
+      assert_equal '', ::REST_AUTH_SITE_KEY
+      assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
+  
+      User.transition_from_restful_authentication false
+      assert !User.transition_from_restful_authentication
+  
+      User.crypto_provider = Authlogic::CryptoProviders::Sha512
+      User.transition_from_crypto_providers = []
+    end
+  end
+end

data/test/acts_as_authentic_test/session_maintenance_test.rb

@@ -0,0 +1,84 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class SessionMaintenanceTest < ActiveSupport::TestCase
+    def test_maintain_sessions_config
+      assert User.maintain_sessions
+      User.maintain_sessions = false
+      assert !User.maintain_sessions
+      User.maintain_sessions true
+      assert User.maintain_sessions
+    end
+    
+    def test_login_after_create
+      assert User.create(:login => "awesome", :password => "saweet", :password_confirmation => "saweet", :email => "awesome@awesome.com")
+      assert UserSession.find
+    end
+    
+    def test_updating_session_with_failed_magic_state
+      ben = users(:ben)
+      ben.confirmed = false
+      ben.password = "newpass"
+      ben.password_confirmation = "newpass"
+      assert ben.save
+    end
+
+    def test_update_session_after_password_modify
+      ben = users(:ben)
+      UserSession.create(ben)
+      old_session_key = controller.session["user_credentials"]
+      old_cookie_key = controller.cookies["user_credentials"]
+      ben.password = "newpass"
+      ben.password_confirmation = "newpass"
+      assert ben.save
+      assert controller.session["user_credentials"]
+      assert controller.cookies["user_credentials"]
+      assert_not_equal controller.session["user_credentials"], old_session_key
+      assert_not_equal controller.cookies["user_credentials"], old_cookie_key
+    end
+
+    def test_no_session_update_after_modify
+      ben = users(:ben)
+      UserSession.create(ben)
+      old_session_key = controller.session["user_credentials"]
+      old_cookie_key = controller.cookies["user_credentials"]
+      ben.first_name = "Ben"
+      assert ben.save
+      assert_equal controller.session["user_credentials"], old_session_key
+      assert_equal controller.cookies["user_credentials"], old_cookie_key
+    end
+    
+    def test_creating_other_user
+      ben = users(:ben)
+      UserSession.create(ben)
+      old_session_key = controller.session["user_credentials"]
+      old_cookie_key = controller.cookies["user_credentials"]
+      assert User.create(:login => "awesome", :password => "saweet", :password_confirmation => "saweet", :email => "awesome@saweet.com")
+      assert_equal controller.session["user_credentials"], old_session_key
+      assert_equal controller.cookies["user_credentials"], old_cookie_key
+    end
+
+    def test_updating_other_user
+      ben = users(:ben)
+      UserSession.create(ben)
+      old_session_key = controller.session["user_credentials"]
+      old_cookie_key = controller.cookies["user_credentials"]
+      zack = users(:zack)
+      zack.password = "newpass"
+      zack.password_confirmation = "newpass"
+      assert zack.save
+      assert_equal controller.session["user_credentials"], old_session_key
+      assert_equal controller.cookies["user_credentials"], old_cookie_key
+    end
+
+    def test_resetting_password_when_logged_out
+      ben = users(:ben)
+      assert !UserSession.find
+      ben.password = "newpass"
+      ben.password_confirmation = "newpass"
+      assert ben.save
+      assert UserSession.find
+      assert_equal ben, UserSession.find.record
+    end
+  end
+end

data/test/acts_as_authentic_test/single_access_test.rb

@@ -0,0 +1,44 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module ActsAsAuthenticTest
+  class SingleAccessTest < ActiveSupport::TestCase
+    def test_change_single_access_token_with_password_config
+      assert !User.change_single_access_token_with_password
+      assert !Employee.change_single_access_token_with_password
+      
+      User.change_single_access_token_with_password = true
+      assert User.change_single_access_token_with_password
+      User.change_single_access_token_with_password false
+      assert !User.change_single_access_token_with_password
+    end
+    
+    def test_validates_uniqueness_of_single_access_token
+      u = User.new
+      u.single_access_token = users(:ben).single_access_token
+      assert !u.valid?
+      assert u.errors[:single_access_token].size > 0
+    end
+    
+    def test_before_validation_reset_single_access_token
+      u = User.new
+      assert !u.valid?
+      assert_not_nil u.single_access_token
+    end
+    
+    def test_after_password_set_reset_single_access_token
+      User.change_single_access_token_with_password = true
+      
+      ben = users(:ben)
+      old_single_access_token = ben.single_access_token
+      ben.password = "new_pass"
+      assert_not_equal old_single_access_token, ben.single_access_token
+      
+      User.change_single_access_token_with_password = false
+    end
+    
+    def test_after_password_set_is_not_called
+      ldaper = Ldaper.new
+      assert ldaper.save
+    end
+  end
+end

data/test/authenticates_many_test.rb

@@ -0,0 +1,16 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class AuthenticatesManyTest < ActiveSupport::TestCase
+  def test_scoping
+    zack = users(:zack)
+    ben = users(:ben)
+    binary_logic = companies(:binary_logic)
+    set_session_for(zack)
+    
+    assert !binary_logic.user_sessions.find
+    
+    set_session_for(ben)
+    
+    assert binary_logic.user_sessions.find
+  end
+end

data/test/crypto_provider_test/aes256_test.rb

@@ -0,0 +1,14 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTest
+  class AES256Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::AES256.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::AES256.encrypt("mypass")
+      assert Authlogic::CryptoProviders::AES256.matches?(hash, "mypass")
+    end
+  end
+end

data/test/crypto_provider_test/bcrypt_test.rb

@@ -0,0 +1,14 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTest
+  class BCrpytTest < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
+      assert Authlogic::CryptoProviders::BCrypt.matches?(hash, "mypass")
+    end
+  end
+end

data/test/crypto_provider_test/sha1_test.rb

@@ -0,0 +1,23 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTest
+  class Sha1Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha1.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::Sha1.encrypt("mypass")
+      assert Authlogic::CryptoProviders::Sha1.matches?(hash, "mypass")
+    end
+    
+    def test_old_restful_authentication_passwords
+      password = "test"
+      salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
+      digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
+      Authlogic::CryptoProviders::Sha1.stretches = 1
+      assert Authlogic::CryptoProviders::Sha1.matches?(digest, nil, salt, password, nil)
+      Authlogic::CryptoProviders::Sha1.stretches = 10
+    end
+  end
+end

data/test/crypto_provider_test/sha256_test.rb

@@ -0,0 +1,14 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTest
+  class Sha256Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha256.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::Sha256.encrypt("mypass")
+      assert Authlogic::CryptoProviders::Sha256.matches?(hash, "mypass")
+    end
+  end
+end

data/test/crypto_provider_test/sha512_test.rb

@@ -0,0 +1,14 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTest
+  class Sha512Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha512.encrypt("mypass")
+    end
+    
+    def test_matches
+      hash = Authlogic::CryptoProviders::Sha512.encrypt("mypass")
+      assert Authlogic::CryptoProviders::Sha512.matches?(hash, "mypass")
+    end
+  end
+end

data/test/fixtures/companies.yml

@@ -0,0 +1,5 @@
+binary_logic:
+  name: Binary Logic
+  
+logic_over_data:
+  name: Logic Over Data

data/test/fixtures/employees.yml

@@ -0,0 +1,17 @@
+drew:
+  company: binary_logic
+  email: dgainor@binarylogic.com
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: '<%= Employee.crypto_provider.encrypt("drewrocks" + salt) %>'
+  persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
+  first_name: Drew
+  last_name: Gainor
+  
+jennifer:
+  company: logic_over_data
+  email: jjohnson@logicoverdata.com
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: '<%= Employee.crypto_provider.encrypt("jenniferocks" + salt) %>'
+  persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
+  first_name: Jennifer
+  last_name: Johnson