RubyGems - has_editable_password - Versions diffs - 0.0.1 - Mend

has_editable_password 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +15 -0
data/lib/has_editable_password.rb +67 -0
data/lib/version.rb +1 -0
data/spec/has_editable_password_spec.rb +225 -0
data/spec/spec_helper.rb +41 -0
metadata +93 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MWNlODUyZGIyZDllODFkYzI3ZGZjMDdmNWVlNjQ1MTFlNzIwYTA3NA==
+  data.tar.gz: !binary |-
+    ZjgxY2E2YjkyMjQ2N2EwMzc5Yzg3MTlhMGEyMDgzZTZmMDVmYjcyYg==
+SHA512:
+  metadata.gz: !binary |-
+    NWM4MTQwNTdmYjIyMzdlMzQyZDU4ODg3NDg1NDM1OGFjNTljYzI4NGEzMWJi
+    ZWE4NjU5NzYyZGY0YzQ3ZTk4NTc5Y2FjM2RkMGE3ZjhlYjlkNzRjODhmM2U3
+    OGRlNWEwYmI3OGEzOGNkNDliZjY1NDQwMjI5MTA3ZGFhYzIyNTA=
+  data.tar.gz: !binary |-
+    YWIxOGNjNDBlN2NkNTI5NDExMmQwZjQzYTIzYjQyMGM4ZDE1YTU0ZjAxMWRi
+    OWYzZTNiYzk3NTJmNDc3NDBkOTBlOWI5OGI3YjU2ZDI5NzE5YTk0MGE4MmU4
+    ZmIyNDAyNGEyNzE2YmYxNGM1MjZlMTFmOTQzNzU4NjFlNjZmOTU=

data/lib/has_editable_password.rb ADDED Viewed

@@ -0,0 +1,67 @@
+require 'active_support/concern'
+require 'active_model/secure_password'
+require 'securerandom'
+module HasEditablePassword
+  extend ActiveSupport::Concern
+  include ActiveModel::SecurePassword
+  included do
+    has_secure_password
+    attr_writer :current_password
+    attr_writer :recovery_token
+    validate :password_change, on: :update, if: :password_digest_changed?
+    def password=(value)
+      @old_password_digest = self.password_digest unless @old_password_digest or self.password_digest.blank?
+      super(value)
+    end
+  end
+  def generate_recovery_token(options = {})
+    token = SecureRandom.urlsafe_base64(options.delete(:length) || 32)
+    self.password_recovery_token = BCrypt::Password.create(token)
+    self.password_recovery_token_creation = Time.now
+    save unless options.delete(:save) == false
+    token
+  end
+  def valid_recovery_token?
+    recovery_token_match? and !recovery_token_expired?
+  end
+  def current_password_match?
+    if @current_password
+      if @old_password_digest
+        BCrypt::Password.new(@old_password_digest) == @current_password
+      else
+        # almost same as #authenticate (returns true instead of the object)
+        BCrypt::Password.new(self.password_digest) == @current_password
+      end
+    else
+      false
+    end
+  end
+  private
+  def recovery_token_expired?
+    # 86400 = seconds in a day
+    (Time.now - self.password_recovery_token_creation).round >= 86400
+  end
+  def recovery_token_match?
+    BCrypt::Password.new(self.password_recovery_token) == @recovery_token
+  rescue
+    false
+  end
+  def allow_password_change?
+    valid_recovery_token? or current_password_match?
+  end
+  def password_change
+    errors[:password] << 'Unauthorized to change the password' unless allow_password_change?
+  end
+end

data/lib/version.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ VERSION = '0.0.1'

data/spec/has_editable_password_spec.rb ADDED Viewed

@@ -0,0 +1,225 @@
+require 'spec_helper.rb'
+describe HasEditablePassword do
+  let(:user) { User.new(password: 'secret', password_confirmation: 'secret') }
+  # Since this is an extension of has_secure_password ensure that all the
+  # methods defined by has_secure_password are still there
+  it 'has an #authenticate method' do
+    expect(user).to respond_to :authenticate
+  end
+  it 'has a #password= method' do
+    expect(user).to respond_to :password=
+  end
+  it 'has a password_confirmation= method' do
+    expect(user).to respond_to :password=
+  end
+  # Additional accessors for current password or password recovery token
+  it 'has a #current_password= method' do
+    expect(user).to respond_to :current_password=
+  end
+  it 'has a #recovery_token= method' do
+    expect(user).to respond_to :recovery_token=
+  end
+  describe '#password=' do
+    it 'sets the password_digest field to the hash of the password' do
+      user.password = 'secret'
+      expect(BCrypt::Password.new(user.password_digest)).to eq 'secret'
+    end
+  end
+  describe '#generate_recovery_token' do
+    it 'returns a url-safe base64 string' do
+      token = user.generate_recovery_token
+      expect(token).to match(/^[a-z0-9\-_]+=*$/i)
+    end
+    it 'returns a 43 bytes token unless specified' do
+      token = user.generate_recovery_token
+      expect(token.size).to eq 43
+    end
+    it 'returns token larger than specified size' do
+      token = user.generate_recovery_token length: 100
+      token.size.should be >= 100
+    end
+    it 'sets the password_recovery_token attribute with the hash of the token' do
+      token = user.generate_recovery_token
+      expect(BCrypt::Password.new(user.password_recovery_token)).to eq token
+    end
+    it 'sets the password_recovery_token_creation to Time.now' do
+      user.generate_recovery_token
+      expect(user.password_recovery_token_creation.round).to eq Time.now.round
+    end
+    it 'calls #save unless specified' do
+      expect(user).to receive(:save)
+      user.generate_recovery_token
+    end
+    it 'does not call #save if specified' do
+      expect(user).to_not receive(:save)
+      user.generate_recovery_token(save: false)
+    end
+  end
+  describe '#valid_recovery_token?' do
+    context 'a token was never generated' do
+      it 'returns false' do
+        user.recovery_token = "deadbeef"
+        expect(user.valid_recovery_token?).to be_false
+      end
+    end
+    context 'the creation is more than 24 hours ago' do
+      it 'returns false' do
+        token = user.generate_recovery_token
+        user.password_recovery_token_creation = Time.now - 86401
+        user.recovery_token = token  # Even if the token is correct
+        expect(user.valid_recovery_token?).to be_false
+      end
+    end
+    context 'the creation is less than 24 hours ago' do
+      it 'returns false if the token is a random string' do
+        user.generate_recovery_token
+        user.recovery_token = "deadbeef"
+        expect(user.valid_recovery_token?).to be_false
+      end
+      context 'the token is a base64 string' do
+        it 'returns false if the token does not match' do
+          user.generate_recovery_token
+          user.recovery_token = SecureRandom.urlsafe_base64
+          expect(user.valid_recovery_token?).to be_false
+        end
+        it 'returns true if the token matches' do
+          token = user.generate_recovery_token
+          user.recovery_token = token
+          expect(user.valid_recovery_token?).to be_true
+        end
+      end
+    end
+  end
+  describe '#current_password_match?' do
+    context 'current_password is not been set' do
+      it 'returns false' do
+        expect(user.current_password_match?).to be_false
+      end
+    end
+    context 'current_password is set' do
+      context 'current_password does not match' do
+        before { user.current_password = 's3cret' }
+        it 'returns false' do
+          expect(user.current_password_match?).to be_false
+        end
+      end
+      context 'current_password does match' do
+        before { user.current_password = 'secret' }
+        it 'returns true' do
+          expect(user.current_password_match?).to be_true
+        end
+      end
+      context 'password_digest has been modified' do
+        before { user.password = 'new_secret' }
+        context 'current_password is set to the previous password' do
+          before { user.current_password = 'secret' }
+          it 'returns true' do
+            expect(user.current_password_match?).to be_true
+          end
+        end
+        context 'current_password is set to the new password' do
+          before { user.current_password = 'new_secret' }
+          it 'returns true' do
+            expect(user.current_password_match?).to be_false
+          end
+        end
+      end
+    end
+  end
+  describe 'password editing validation' do
+    let(:user) { User.new(password: 'banana', password_confirmation: 'banana') }
+    context 'on create' do
+      it 'is valid' do
+        expect(user.valid?).to be_true
+      end
+    end
+    context 'on update' do
+      context 'password_digest was not touched' do
+        before { user.stub(:password_digest_changed?).and_return false }
+        it 'is valid' do
+          expect(user.valid?(:update)).to be_true
+        end
+      end
+      context 'password_digest was modified' do
+        before { user.stub(:password_digest_changed?).and_return true }
+        context 'a valid token is set' do
+          let(:token) { user.generate_recovery_token }
+          it 'is valid' do
+            user.recovery_token = token
+            expect(user.valid?(:update)).to be_true
+          end
+        end
+        context 'an invalid valid token is set' do
+          let(:token) do
+            user.generate_recovery_token
+            "deadbeef"
+          end
+          it 'is not valid' do
+            user.recovery_token = token
+            expect(user.valid?(:update)).to be_false
+          end
+        end
+        context 'the current_password is valid' do
+          it 'is valid' do
+            user.current_password = 'banana'
+            expect(user.valid?(:update)).to be_true
+          end
+        end
+        context 'the current_password is invalid' do
+          it 'is valid' do
+            user.current_password = 'b4n4n4'
+            expect(user.valid?(:update)).to be_false
+          end
+        end
+        context 'neither is set' do
+          it 'is not valid' do
+            expect(user.valid?(:update)).to be_false
+          end
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,41 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
+require 'has_editable_password.rb'
+require 'active_model'
+require 'bcrypt'
+# Mock an ActiveRecord-like class.
+# Not using ActiveRecord because we want this to be ORM-agnostic
+class User
+  extend ActiveModel::Callbacks
+  define_model_callbacks :initialize, :find, :touch, :only => :after
+  define_model_callbacks :save, :create, :update, :destroy
+  include ActiveModel::Validations
+  include ActiveModel::Validations::HelperMethods
+  include HasEditablePassword
+  # we expect the user to define the password_digest field
+  attr_accessor :password_digest
+  attr_accessor :password_recovery_token
+  attr_accessor :password_recovery_token_creation
+  def initialize(hash = {})
+    hash.each do |k, v|
+      send("#{k}=", v)
+    end
+  end
+  def attributes
+    keys = [ 'password', 'password_confirmation' ]
+    values = keys.map do |k|
+      send(k)
+    end
+    Hash[keys.zip(values)]
+  end
+  def save
+    valid?
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification
+name: has_editable_password
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Francesco Boffa
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-12-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  type: :runtime
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  type: :runtime
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt-ruby
+  type: :runtime
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+description: HasEditablePassword extends has_secure_password with updating capabilities.
+  On password update, the old password or a recovery token is asked.
+email: fra.boffa@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/has_editable_password.rb
+- lib/version.rb
+- spec/has_editable_password_spec.rb
+- spec/spec_helper.rb
+homepage: http://rubygems.org/gems/has_editable_password
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.1.10
+signing_key:
+specification_version: 4
+summary: has_secure_password with safe updating capabilities.
+test_files:
+- spec/has_editable_password_spec.rb
+- spec/spec_helper.rb
+has_rdoc: