expertiza-authlogic 2.1.6.1

data/test/fixtures/projects.yml

@@ -0,0 +1,3 @@
+web_services:
+  name: web services
+  users: ben, zack

data/test/fixtures/users.yml

@@ -0,0 +1,24 @@
+ben:
+  company: binary_logic
+  projects: web_services
+  login: bjohnson
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  perishable_token: <%= Authlogic::Random.friendly_token %>
+  email: bjohnson@binarylogic.com
+  first_name: Ben
+  last_name: Johnson
+  
+zack:
+  company: logic_over_data
+  projects: web_services
+  login: zackham
+  password_salt: <%= salt = Authlogic::Random.hex_token %>
+  crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
+  persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  email: zham@ziggityzack.com
+  first_name: Zack
+  last_name: Ham

data/test/i18n_test.rb

@@ -0,0 +1,33 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class I18nTest < ActiveSupport::TestCase
+  def test_uses_authlogic_as_scope_by_default
+    assert_equal :authlogic, Authlogic::I18n.scope
+  end
+  
+  def test_can_set_scope
+    assert_nothing_raised { Authlogic::I18n.scope = [:a, :b] }
+    assert_equal [:a, :b], Authlogic::I18n.scope
+    Authlogic::I18n.scope = :authlogic
+  end
+  
+  def test_uses_built_in_translator_by_default
+    assert_equal Authlogic::I18n::Translator, Authlogic::I18n.translator.class
+  end
+  
+  def test_can_set_custom_translator
+    old_translator = Authlogic::I18n.translator
+    
+    assert_nothing_raised do
+      Authlogic::I18n.translator = Class.new do
+        def translate(key, options = {})
+          "Translated: #{key}"
+        end
+      end.new
+    end
+
+    assert_equal "Translated: x", Authlogic::I18n.translate(:x)
+    
+    Authlogic::I18n.translator = old_translator
+  end
+end

data/test/libs/affiliate.rb

@@ -0,0 +1,7 @@
+class Affiliate < ActiveRecord::Base
+  acts_as_authentic do |c|
+    c.crypted_password_field = :pw_hash
+  end
+  
+  belongs_to :company
+end

data/test/libs/company.rb

@@ -0,0 +1,6 @@
+class Company < ActiveRecord::Base
+  authenticates_many :employee_sessions
+  authenticates_many :user_sessions
+  has_many :employees, :dependent => :destroy
+  has_many :users, :dependent => :destroy
+end

data/test/libs/employee.rb

@@ -0,0 +1,7 @@
+class Employee < ActiveRecord::Base
+  acts_as_authentic do |c|
+    c.crypto_provider Authlogic::CryptoProviders::AES256
+  end
+  
+  belongs_to :company
+end

data/test/libs/employee_session.rb

@@ -0,0 +1,2 @@
+class EmployeeSession < Authlogic::Session::Base
+end

data/test/libs/ldaper.rb

@@ -0,0 +1,3 @@
+class Ldaper < ActiveRecord::Base
+  acts_as_authentic
+end

data/test/libs/ordered_hash.rb

@@ -0,0 +1,9 @@
+class Hash
+  def each(&block)
+    sorted_keys = keys.sort { |a, b| a.to_s <=> b.to_s }
+    sorted_keys.each do |key|
+      yield key, self[key]
+    end
+    self
+  end
+end

data/test/libs/project.rb

@@ -0,0 +1,3 @@
+class Project < ActiveRecord::Base
+  has_and_belongs_to_many :users
+end

data/test/libs/user.rb

@@ -0,0 +1,5 @@
+class User < ActiveRecord::Base
+  acts_as_authentic
+  belongs_to :company
+  has_and_belongs_to_many :projects
+end

data/test/libs/user_session.rb

@@ -0,0 +1,6 @@
+class UserSession < Authlogic::Session::Base
+end
+
+class BackOfficeUserSession < Authlogic::Session::Base
+  authenticate_with User
+end

data/test/random_test.rb

@@ -0,0 +1,42 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class RandomTest < ActiveSupport::TestCase
+  def test_random_tokens_are_indeed_random
+    # this might fail if you are *really* unlucky :)
+    with_any_random do
+      assert_not_equal Authlogic::Random.hex_token,       Authlogic::Random.hex_token
+      assert_not_equal Authlogic::Random.friendly_token,  Authlogic::Random.friendly_token
+    end
+  end
+
+  private
+    def with_any_random(&block)
+      [true, false].each {|val| with_secure_random_enabled(val, &block)}
+    end
+
+    def with_secure_random_enabled(enabled = true)
+      # can't really test SecureRandom if we don't have an implementation
+      return if enabled && !Authlogic::Random::SecureRandom
+    
+      current_sec_rand = Authlogic::Random::SecureRandom
+      reload_authlogic_with_sec_random!(current_sec_rand, enabled)
+  
+      yield
+    ensure
+      reload_authlogic_with_sec_random!(current_sec_rand)
+    end
+
+    def reload_authlogic_with_sec_random!(secure_random, enabled = true)
+      silence_warnings do
+        secure_random.parent.const_set(secure_random.name.sub("#{secure_random.parent}::", ''), enabled ? secure_random : nil)
+        load(File.dirname(__FILE__) + '/../lib/authlogic/random.rb')
+      end
+    end
+
+    def silence_warnings
+      old_verbose, $VERBOSE = $VERBOSE, nil
+      yield
+    ensure
+      $VERBOSE = old_verbose
+    end
+end

data/test/session_test/activation_test.rb

@@ -0,0 +1,43 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module ActivationTest
+    class ClassMethodsTest < ActiveSupport::TestCase
+      def test_activated
+        assert UserSession.activated?
+        Authlogic::Session::Base.controller = nil
+        assert !UserSession.activated?
+      end
+    
+      def test_controller
+        Authlogic::Session::Base.controller = nil
+        assert_nil Authlogic::Session::Base.controller
+        thread1 = Thread.new do
+          controller = MockController.new
+          Authlogic::Session::Base.controller = controller
+          assert_equal controller, Authlogic::Session::Base.controller
+        end
+        thread1.join
+
+        assert_nil Authlogic::Session::Base.controller
+      
+        thread2 = Thread.new do
+          controller = MockController.new
+          Authlogic::Session::Base.controller = controller
+          assert_equal controller, Authlogic::Session::Base.controller
+        end
+        thread2.join
+      
+        assert_nil Authlogic::Session::Base.controller
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_init
+        UserSession.controller = nil
+        assert_raise(Authlogic::Session::Activation::NotActivatedError) { UserSession.new }
+        UserSession.controller = controller
+      end
+    end
+  end
+end

data/test/session_test/active_record_trickery_test.rb

@@ -0,0 +1,36 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module ActiveRecordTrickeryTest
+    class ClassMethodsTest < ActiveSupport::TestCase
+      def test_human_attribute_name
+        assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
+        assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
+      end
+    
+      def test_human_name
+        assert_equal "Usersession", UserSession.human_name
+      end
+    
+      def test_self_and_descendents_from_active_record
+        assert_equal [UserSession], UserSession.self_and_descendents_from_active_record
+      end
+    
+      def test_self_and_descendants_from_active_record
+        assert_equal [UserSession], UserSession.self_and_descendants_from_active_record
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_new_record
+        session = UserSession.new
+        assert session.new_record?
+      end
+      
+      def test_to_model
+        session = UserSession.new
+        assert session, session.to_model
+      end
+    end
+  end
+end

data/test/session_test/brute_force_protection_test.rb

@@ -0,0 +1,101 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module BruteForceProtectionTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_consecutive_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 10
+        assert_equal 10, UserSession.consecutive_failed_logins_limit
+    
+        UserSession.consecutive_failed_logins_limit 50
+        assert_equal 50, UserSession.consecutive_failed_logins_limit
+      end
+      
+      def test_failed_login_ban_for
+        UserSession.failed_login_ban_for = 10
+        assert_equal 10, UserSession.failed_login_ban_for
+    
+        UserSession.failed_login_ban_for 2.hours
+        assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
+      end
+    end
+    
+    class InstaceMethodsTest < ActiveSupport::TestCase
+      def test_under_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks")
+      end
+
+      def test_exceeded_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        assert UserSession.create(ben).new_session?
+        ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
+        assert !UserSession.create(ben).new_session?
+      end
+    
+      def test_exceeding_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        session = UserSession.new(:login => ben.login, :password => "badpassword2")
+        assert !session.save
+        assert session.errors[:password].size == 0
+        assert_equal 3, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+      
+      def test_exceeded_ban_for
+        UserSession.consecutive_failed_logins_limit = 2
+        UserSession.generalize_credentials_error_messages true
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.invalid_password?
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        assert session.save
+        assert_equal 0, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+        UserSession.generalize_credentials_error_messages false
+      end
+
+      def test_exceeded_ban_and_failed_doesnt_ban_again
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "badpassword1")
+        assert !session.save
+        assert_equal 1, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+    end
+  end
+end

data/test/session_test/callbacks_test.rb

@@ -0,0 +1,6 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class CallbacksTest < ActiveSupport::TestCase
+  end
+end

data/test/session_test/cookies_test.rb

@@ -0,0 +1,112 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module CookiesTest
+    class ConfiTest < ActiveSupport::TestCase
+      def test_cookie_key
+        UserSession.cookie_key = "my_cookie_key"
+        assert_equal "my_cookie_key", UserSession.cookie_key
+    
+        UserSession.cookie_key "user_credentials"
+        assert_equal "user_credentials", UserSession.cookie_key
+      end
+    
+      def test_default_cookie_key
+        assert_equal "user_credentials", UserSession.cookie_key
+        assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
+      end
+    
+      def test_remember_me
+        UserSession.remember_me = true
+        assert_equal true, UserSession.remember_me
+        session = UserSession.new
+        assert_equal true, session.remember_me
+    
+        UserSession.remember_me false
+        assert_equal false, UserSession.remember_me
+        session = UserSession.new
+        assert_equal false, session.remember_me
+      end
+  
+      def test_remember_me_for
+        UserSession.remember_me_for = 3.years
+        assert_equal 3.years, UserSession.remember_me_for
+        session = UserSession.new
+        session.remember_me = true
+        assert_equal 3.years, session.remember_me_for
+    
+        UserSession.remember_me_for 3.months
+        assert_equal 3.months, UserSession.remember_me_for
+        session = UserSession.new
+        session.remember_me = true
+        assert_equal 3.months, session.remember_me_for
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_credentials
+        session = UserSession.new
+        session.credentials = {:remember_me => true}
+        assert_equal true, session.remember_me
+      end
+    
+      def test_remember_me
+        session = UserSession.new
+        assert_equal false, session.remember_me
+        assert !session.remember_me?
+      
+        session.remember_me = false
+        assert_equal false, session.remember_me
+        assert !session.remember_me?
+      
+        session.remember_me = true
+        assert_equal true, session.remember_me
+        assert session.remember_me?
+      
+        session.remember_me = nil
+        assert_nil session.remember_me
+        assert !session.remember_me?
+      
+        session.remember_me = "1"
+        assert_equal "1", session.remember_me
+        assert session.remember_me?
+      
+        session.remember_me = "true"
+        assert_equal "true", session.remember_me
+        assert session.remember_me?
+      end
+    
+      def test_remember_me_until
+        session = UserSession.new
+        assert_nil session.remember_me_until
+      
+        session.remember_me = true
+        assert 3.months.from_now <= session.remember_me_until
+      end
+    
+      def test_persist_persist_by_cookie
+        ben = users(:ben)
+        assert !UserSession.find
+        set_cookie_for(ben)
+        assert session = UserSession.find
+        assert_equal ben, session.record
+      end
+    
+      def test_after_save_save_cookie
+        ben = users(:ben)
+        session = UserSession.new(ben)
+        assert session.save
+        assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+      end
+    
+      def test_after_destroy_destroy_cookie
+        ben = users(:ben)
+        set_cookie_for(ben)
+        session = UserSession.find
+        assert controller.cookies["user_credentials"]
+        assert session.destroy
+        assert !controller.cookies["user_credentials"]
+      end
+    end
+  end
+end