RubyGems - has_editable_password - Versions diffs - 0.0.1 - Mend

has_editable_password 0.0.1

Files changed (6) hide show

checksums.yaml +15 -0
data/lib/has_editable_password.rb +67 -0
data/lib/version.rb +1 -0
data/spec/has_editable_password_spec.rb +225 -0
data/spec/spec_helper.rb +41 -0
metadata +93 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MWNlODUyZGIyZDllODFkYzI3ZGZjMDdmNWVlNjQ1MTFlNzIwYTA3NA==
+  data.tar.gz: !binary |-
+    ZjgxY2E2YjkyMjQ2N2EwMzc5Yzg3MTlhMGEyMDgzZTZmMDVmYjcyYg==
+SHA512:
+  metadata.gz: !binary |-
+    NWM4MTQwNTdmYjIyMzdlMzQyZDU4ODg3NDg1NDM1OGFjNTljYzI4NGEzMWJi
+    ZWE4NjU5NzYyZGY0YzQ3ZTk4NTc5Y2FjM2RkMGE3ZjhlYjlkNzRjODhmM2U3
+    OGRlNWEwYmI3OGEzOGNkNDliZjY1NDQwMjI5MTA3ZGFhYzIyNTA=
+  data.tar.gz: !binary |-
+    YWIxOGNjNDBlN2NkNTI5NDExMmQwZjQzYTIzYjQyMGM4ZDE1YTU0ZjAxMWRi
+    OWYzZTNiYzk3NTJmNDc3NDBkOTBlOWI5OGI3YjU2ZDI5NzE5YTk0MGE4MmU4
+    ZmIyNDAyNGEyNzE2YmYxNGM1MjZlMTFmOTQzNzU4NjFlNjZmOTU=

data/lib/has_editable_password.rb ADDED Viewed

@@ -0,0 +1,67 @@
+require 'active_support/concern'
+require 'active_model/secure_password'
+require 'securerandom'
+module HasEditablePassword
+  extend ActiveSupport::Concern
+  include ActiveModel::SecurePassword
+  included do
+    has_secure_password
+    attr_writer :current_password
+    attr_writer :recovery_token
+    validate :password_change, on: :update, if: :password_digest_changed?
+    def password=(value)
+      @old_password_digest = self.password_digest unless @old_password_digest or self.password_digest.blank?
+      super(value)
+    end
+  end
+  def generate_recovery_token(options = {})
+    token = SecureRandom.urlsafe_base64(options.delete(:length) || 32)
+    self.password_recovery_token = BCrypt::Password.create(token)
+    self.password_recovery_token_creation = Time.now
+    save unless options.delete(:save) == false
+    token
+  end
+  def valid_recovery_token?
+    recovery_token_match? and !recovery_token_expired?
+  end
+  def current_password_match?
+    if @current_password
+      if @old_password_digest
+        BCrypt::Password.new(@old_password_digest) == @current_password
+      else
+        # almost same as #authenticate (returns true instead of the object)
+        BCrypt::Password.new(self.password_digest) == @current_password
+      end
+    else
+      false
+    end
+  end
+  private
+  def recovery_token_expired?
+    # 86400 = seconds in a day
+    (Time.now - self.password_recovery_token_creation).round >= 86400
+  end
+  def recovery_token_match?
+    BCrypt::Password.new(self.password_recovery_token) == @recovery_token
+  rescue
+    false
+  end
+  def allow_password_change?
+    valid_recovery_token? or current_password_match?
+  end
+  def password_change
+    errors[:password] << 'Unauthorized to change the password' unless allow_password_change?
+  end
+end

data/lib/version.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ VERSION = '0.0.1'

data/spec/has_editable_password_spec.rb ADDED Viewed

@@ -0,0 +1,225 @@
+require 'spec_helper.rb'
+describe HasEditablePassword do
+  let(:user) { User.new(password: 'secret', password_confirmation: 'secret') }
+  # Since this is an extension of has_secure_password ensure that all the
+  # methods defined by has_secure_password are still there
+  it 'has an #authenticate method' do
+    expect(user).to respond_to :authenticate
+  end
+  it 'has a #password= method' do
+    expect(user).to respond_to :password=
+  end
+  it 'has a password_confirmation= method' do
+    expect(user).to respond_to :password=
+  end
+  # Additional accessors for current password or password recovery token
+  it 'has a #current_password= method' do
+    expect(user).to respond_to :current_password=
+  end
+  it 'has a #recovery_token= method' do
+    expect(user).to respond_to :recovery_token=
+  end
+  describe '#password=' do
+    it 'sets the password_digest field to the hash of the password' do
+      user.password = 'secret'
+      expect(BCrypt::Password.new(user.password_digest)).to eq 'secret'
+    end
+  end
+  describe '#generate_recovery_token' do
+    it 'returns a url-safe base64 string' do
+      token = user.generate_recovery_token
+      expect(token).to match(/^[a-z0-9\-_]+=*$/i)
+    end
+    it 'returns a 43 bytes token unless specified' do
+      token = user.generate_recovery_token
+      expect(token.size).to eq 43
+    end
+    it 'returns token larger than specified size' do
+      token = user.generate_recovery_token length: 100
+      token.size.should be >= 100
+    end
+    it 'sets the password_recovery_token attribute with the hash of the token' do
+      token = user.generate_recovery_token
+      expect(BCrypt::Password.new(user.password_recovery_token)).to eq token
+    end
+    it 'sets the password_recovery_token_creation to Time.now' do
+      user.generate_recovery_token
+      expect(user.password_recovery_token_creation.round).to eq Time.now.round
+    end
+    it 'calls #save unless specified' do
+      expect(user).to receive(:save)
+      user.generate_recovery_token
+    end
+    it 'does not call #save if specified' do
+      expect(user).to_not receive(:save)
+      user.generate_recovery_token(save: false)
+    end
+  end
+  describe '#valid_recovery_token?' do
+    context 'a token was never generated' do
+      it 'returns false' do
+        user.recovery_token = "deadbeef"
+        expect(user.valid_recovery_token?).to be_false
+      end
+    end
+    context 'the creation is more than 24 hours ago' do
+      it 'returns false' do
+        token = user.generate_recovery_token
+        user.password_recovery_token_creation = Time.now - 86401
+        user.recovery_token = token  # Even if the token is correct
+        expect(user.valid_recovery_token?).to be_false
+      end
+    end
+    context 'the creation is less than 24 hours ago' do
+      it 'returns false if the token is a random string' do
+        user.generate_recovery_token
+        user.recovery_token = "deadbeef"
+        expect(user.valid_recovery_token?).to be_false
+      end
+      context 'the token is a base64 string' do
+        it 'returns false if the token does not match' do
+          user.generate_recovery_token
+          user.recovery_token = SecureRandom.urlsafe_base64
+          expect(user.valid_recovery_token?).to be_false
+        end
+        it 'returns true if the token matches' do
+          token = user.generate_recovery_token
+          user.recovery_token = token
+          expect(user.valid_recovery_token?).to be_true
+        end
+      end
+    end
+  end
+  describe '#current_password_match?' do
+    context 'current_password is not been set' do
+      it 'returns false' do
+        expect(user.current_password_match?).to be_false
+      end
+    end
+    context 'current_password is set' do
+      context 'current_password does not match' do
+        before { user.current_password = 's3cret' }
+        it 'returns false' do
+          expect(user.current_password_match?).to be_false
+        end
+      end
+      context 'current_password does match' do
+        before { user.current_password = 'secret' }
+        it 'returns true' do
+          expect(user.current_password_match?).to be_true
+        end
+      end
+      context 'password_digest has been modified' do
+        before { user.password = 'new_secret' }
+        context 'current_password is set to the previous password' do
+          before { user.current_password = 'secret' }
+          it 'returns true' do
+            expect(user.current_password_match?).to be_true
+          end
+        end
+        context 'current_password is set to the new password' do
+          before { user.current_password = 'new_secret' }
+          it 'returns true' do
+            expect(user.current_password_match?).to be_false
+          end
+        end
+      end
+    end
+  end
+  describe 'password editing validation' do
+    let(:user) { User.new(password: 'banana', password_confirmation: 'banana') }
+    context 'on create' do
+      it 'is valid' do
+        expect(user.valid?).to be_true
+      end
+    end
+    context 'on update' do
+      context 'password_digest was not touched' do
+        before { user.stub(:password_digest_changed?).and_return false }
+        it 'is valid' do
+          expect(user.valid?(:update)).to be_true
+        end
+      end
+      context 'password_digest was modified' do
+        before { user.stub(:password_digest_changed?).and_return true }
+        context 'a valid token is set' do
+          let(:token) { user.generate_recovery_token }
+          it 'is valid' do
+            user.recovery_token = token
+            expect(user.valid?(:update)).to be_true
+          end
+        end
+        context 'an invalid valid token is set' do
+          let(:token) do
+            user.generate_recovery_token
+            "deadbeef"
+          end
+          it 'is not valid' do
+            user.recovery_token = token
+            expect(user.valid?(:update)).to be_false
+          end
+        end
+        context 'the current_password is valid' do
+          it 'is valid' do
+            user.current_password = 'banana'
+            expect(user.valid?(:update)).to be_true
+          end
+        end
+        context 'the current_password is invalid' do
+          it 'is valid' do
+            user.current_password = 'b4n4n4'
+            expect(user.valid?(:update)).to be_false
+          end
+        end
+        context 'neither is set' do
+          it 'is not valid' do
+            expect(user.valid?(:update)).to be_false
+          end
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,41 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
+require 'has_editable_password.rb'
+require 'active_model'
+require 'bcrypt'
+# Mock an ActiveRecord-like class.
+# Not using ActiveRecord because we want this to be ORM-agnostic
+class User
+  extend ActiveModel::Callbacks
+  define_model_callbacks :initialize, :find, :touch, :only => :after
+  define_model_callbacks :save, :create, :update, :destroy
+  include ActiveModel::Validations
+  include ActiveModel::Validations::HelperMethods
+  include HasEditablePassword
+  # we expect the user to define the password_digest field
+  attr_accessor :password_digest
+  attr_accessor :password_recovery_token
+  attr_accessor :password_recovery_token_creation
+  def initialize(hash = {})
+    hash.each do |k, v|
+      send("#{k}=", v)
+    end
+  end
+  def attributes
+    keys = [ 'password', 'password_confirmation' ]
+    values = keys.map do |k|
+      send(k)
+    end
+    Hash[keys.zip(values)]
+  end
+  def save
+    valid?
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification
+name: has_editable_password
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Francesco Boffa
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-12-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  type: :runtime
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  type: :runtime
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt-ruby
+  type: :runtime
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+description: HasEditablePassword extends has_secure_password with updating capabilities.
+  On password update, the old password or a recovery token is asked.
+email: fra.boffa@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/has_editable_password.rb
+- lib/version.rb
+- spec/has_editable_password_spec.rb
+- spec/spec_helper.rb
+homepage: http://rubygems.org/gems/has_editable_password
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.1.10
+signing_key:
+specification_version: 4
+summary: has_secure_password with safe updating capabilities.
+test_files:
+- spec/has_editable_password_spec.rb
+- spec/spec_helper.rb
+has_rdoc: