janus 0.5.0

data/test/functional/users_controller_test.rb

@@ -0,0 +1,22 @@
+require 'test_helper'
+
+class UsersControllerTest < ActionController::TestCase
+  [:julien, :martha].each do |name|
+    test "#{name} should get show" do
+      sign_in users(name)
+      get :show
+      assert_response :ok
+      assert_select 'h1', 'Welcome ' + users(name).email
+    end
+  end
+
+  test "should not get show" do
+    get :show
+    assert_redirected_to new_user_session_url
+  end
+
+  test "should not get show as xml" do
+    get :show, :format => 'xml'
+    assert_response :unauthorized
+  end
+end

data/test/integration/users/rememberable_test.rb

@@ -0,0 +1,32 @@
+require 'test_helper'
+
+class Users::RememberableTest < ActionDispatch::IntegrationTest
+  fixtures :all
+
+  test "should remember user across sessions" do
+    sign_in users(:julien), :remember_me => true
+    assert_authenticated
+    
+    close_user_session
+    
+    visit root_url
+    assert_authenticated
+    
+    sign_out :user
+    visit root_url
+    assert_not_authenticated
+  end
+
+  test "registration should remember user" do
+    sign_up({ :email => 'toto@example.com', :password => 'my password' }, :scope => :user)
+    assert_authenticated
+    close_user_session
+    
+    visit root_url
+    assert_authenticated
+    
+    sign_out :user
+    visit root_url
+    assert_not_authenticated
+  end
+end

data/test/integration/users/remote_test.rb

@@ -0,0 +1,72 @@
+require 'test_helper'
+
+class Users::RemoteTest < ActionDispatch::IntegrationTest
+  fixtures :all
+
+  test "service login" do
+    # user visits a remote site
+    visit blog_url(:host => 'test.host')
+    assert_not_authenticated
+    
+    # user clicks the sign in link
+    click_link 'sign_in'
+    assert_match Regexp.new('^' + Regexp.quote(new_user_session_url(:return_to => '')) + '.+'), current_url
+    assert_select 'input[name=return_to]'
+    assert_select '#user_email'
+    assert_select '#user_password'
+    
+    # user signs in and should be redirected to remote site
+    fill_in 'user_email', :with => users(:julien).email
+    fill_in 'user_password', :with => 'secret'
+    find('input[name=commit]').click
+    assert_match Regexp.new('^' + Regexp.quote(blog_url(:host => 'test.host', :remote_token => '')) + '.+'), current_url
+    
+    # user should be authenticated on remote site
+    assert_authenticated
+  end
+
+  test "service login with signed in user" do
+    # user signs in on main site
+    sign_in users(:julien)
+    
+    # user visits a remote site
+    visit blog_url(:host => 'test.host')
+    assert_not_authenticated
+    
+    # user clicks the sign in link of remote site which should redirect her back
+    click_link 'sign_in'
+    assert_match Regexp.new('^' + Regexp.quote(blog_url(:host => 'test.host', :remote_token => '')) + '.+'), current_url
+    
+    # user should have been transparently logged in
+    assert_authenticated
+  end
+
+  test "single sign out" do
+    # user signs in on main and remote site
+    sign_in users(:julien)
+    service_login :user, :return_to => root_url(:host => 'test.host')
+    
+    # user signs out from main site
+    sign_out :user
+    
+    # somebody visits the remote site using the user session
+    visit root_url(:host => 'test.host')
+    
+    # session should have been invalidated
+    assert_not_authenticated
+  end
+
+  test "session invalidation should not reset the user session_token" do
+    sign_in users(:julien)
+    service_login :user, :return_to => root_url(:host => 'test.host')
+    
+    sign_out :user
+    sign_in users(:julien)
+    
+    visit root_url(:host => 'test.host')
+    assert_not_authenticated
+    
+    visit root_url
+    assert_authenticated
+  end
+end

data/test/integration/users/sessions_test.rb

@@ -0,0 +1,18 @@
+require 'test_helper'
+
+class Users::SessionsTest < ActionDispatch::IntegrationTest
+  fixtures :all
+
+  test "sign in and out" do
+    visit new_user_session_path
+    fill_in 'user_email', :with => users(:julien).email
+    fill_in 'user_password', :with => 'secret'
+    find('input[name=commit]').click
+    
+    assert_equal user_path, page.current_path
+    find('h1').has_content?('Welcome ' + users(:julien).email)
+    
+    visit destroy_user_session_path
+    assert_equal root_path, page.current_path
+  end
+end

data/test/integration/users/trackable_test.rb

@@ -0,0 +1,22 @@
+require 'test_helper'
+
+class Users::TrackableTest < ActionDispatch::IntegrationTest
+  fixtures :all
+
+  test "should track user" do
+    current_sign_in_at = users(:julien).reload.current_sign_in_at
+    sign_in users(:julien)
+    assert_not_equal current_sign_in_at, users(:julien).reload.current_sign_in_at
+  end
+
+  test "remote authentication should not track user" do
+    sign_in users(:julien)
+    
+    current_sign_in_at = users(:julien).reload.current_sign_in_at
+    
+    visit root_url(:host => 'test.host')
+    click_link 'sign_in'
+    
+    assert_equal current_sign_in_at, users(:julien).reload.current_sign_in_at
+  end
+end

data/test/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,9 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+
+  helper_method :main_site_host
+
+  def main_site_host
+    'www.example.com'
+  end
+end

data/test/rails_app/app/controllers/blogs_controller.rb

@@ -0,0 +1,6 @@
+class BlogsController < ApplicationController
+  respond_to :html
+
+  def show
+  end
+end

data/test/rails_app/app/controllers/home_controller.rb

@@ -0,0 +1,4 @@
+class HomeController < ApplicationController
+  def index
+  end
+end

data/test/rails_app/app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,3 @@
+class Users::ConfirmationsController < Janus::ConfirmationsController
+  respond_to :html
+end

data/test/rails_app/app/controllers/users/passwords_controller.rb

@@ -0,0 +1,3 @@
+class Users::PasswordsController < Janus::PasswordsController
+  respond_to :html
+end

data/test/rails_app/app/controllers/users/registrations_controller.rb

@@ -0,0 +1,7 @@
+class Users::RegistrationsController < Janus::RegistrationsController
+  respond_to :html
+
+  def after_sign_up_url(user)
+    user_url
+  end
+end

data/test/rails_app/app/controllers/users/sessions_controller.rb

@@ -0,0 +1,11 @@
+class Users::SessionsController < Janus::SessionsController
+  respond_to :html
+
+  def after_sign_in_url(user)
+    user_url
+  end
+
+  def valid_remote_host?(host)
+    ['www.example.com', 'test.host'].include?(host)
+  end
+end

data/test/rails_app/app/controllers/users_controller.rb

@@ -0,0 +1,9 @@
+class UsersController < ApplicationController
+  before_filter :authenticate_user!
+
+  respond_to :html, :xml
+
+  def show
+    respond_with(current_user)
+  end
+end

data/test/rails_app/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/test/rails_app/app/mailers/janus_mailer.rb

@@ -0,0 +1,2 @@
+class JanusMailer < Janus::Mailer
+end

data/test/rails_app/app/models/remote_token.rb

@@ -0,0 +1,6 @@
+class RemoteToken < ActiveRecord::Base
+  include Janus::Models::RemoteToken
+
+  belongs_to :user
+  validates_presence_of :user
+end

data/test/rails_app/app/models/user.rb

@@ -0,0 +1,8 @@
+class User < ActiveRecord::Base
+  include Janus::Models::Base
+  include Janus::Models::DatabaseAuthenticatable
+  include Janus::Models::Confirmable
+  include Janus::Models::Rememberable
+  include Janus::Models::RemoteAuthenticatable
+  include Janus::Models::Trackable
+end

data/test/rails_app/config/application.rb

@@ -0,0 +1,42 @@
+require File.expand_path('../boot', __FILE__)
+
+require "rails/all"
+
+# If you have a Gemfile, require the gems listed there, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(:default, Rails.env) if defined?(Bundler)
+
+module RailsApp
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # JavaScript files you want as :defaults (application.js is always included).
+    # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+  end
+end

data/test/rails_app/config/boot.rb

@@ -0,0 +1,6 @@
+require 'rubygems'
+
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

data/test/rails_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+RailsApp::Application.initialize!

data/test/rails_app/config/environments/development.rb

@@ -0,0 +1,26 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the webserver when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+end
+

data/test/rails_app/config/environments/production.rb

@@ -0,0 +1,49 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The production environment is meant for finished, "live" apps.
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Specifies the header that your server uses for sending files
+  config.action_dispatch.x_sendfile_header = "X-Sendfile"
+
+  # For nginx:
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'
+
+  # If you have no front-end server that supports something like X-Sendfile,
+  # just comment this out and Rails will serve the files
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Use a different logger for distributed setups
+  # config.logger = SyslogLogger.new
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Disable Rails's static asset server
+  # In production, Apache or nginx will already do this
+  config.serve_static_assets = false
+
+  # Enable serving of images, stylesheets, and javascripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+end

data/test/rails_app/config/environments/test.rb

@@ -0,0 +1,36 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+  config.action_mailer.default_url_options = { :host => 'www.example.com' }
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/test/rails_app/config/initializers/janus.rb

@@ -0,0 +1,11 @@
+Janus.config do |config|
+  config.contact_email = "contact@example.com"
+  
+  # DatabaseAuthenticatable
+  config.authentication_keys = [:email]
+  config.stretches = 10
+  config.pepper = "db5ef161873f4b4cd966ff042c448282e8243a0a4e090347370360796ecc769f384d898badda1881bc7ed4483f20f6809b39a54f6671cc35cda18bfe554cd8e0"
+
+  # RemoteAuthenticatable
+  # ...
+end

data/test/rails_app/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+RailsApp::Application.config.secret_token = 'c6a67697877c66be70cdcc4680f37593045a721cf757de4110f9749877cb32f94fe4ddaa5e816af4555d91c4f6142a401972474d50fe620d41ede300d3143d4a'

data/test/rails_app/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+RailsApp::Application.config.session_store :cookie_store, :key => '_rails_app_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# RailsApp::Application.config.session_store :active_record_store

data/test/rails_app/config/routes.rb

@@ -0,0 +1,12 @@
+RailsApp::Application.routes.draw do
+  janus :users,
+    :session      => true,
+    :registration => true,
+    :confirmation => true,
+    :password     => true
+  
+  resource :user, :only => :show
+  resource :blog, :only => :show
+  
+  root :to => 'home#index'
+end

data/test/rails_app/db/migrate/20110323153820_create_users.rb

@@ -0,0 +1,34 @@
+class CreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string   :email
+      t.string   :encrypted_password
+      
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      
+      t.string   :remember_token
+      t.datetime :remember_created_at
+      
+      t.string   :confirmation_token
+      t.datetime :confirmation_sent_at
+      t.datetime :confirmed_at
+      
+      t.string   :session_token
+      
+      t.integer :sign_in_count, :default => 0
+      t.string  :last_sign_in_at
+      t.string  :last_sign_in_ip
+      t.string  :current_sign_in_at
+      t.string  :current_sign_in_ip
+    end
+    
+    add_index :users, :email,                :unique => true
+    add_index :users, :remember_token,       :unique => true
+    add_index :users, :reset_password_token, :unique => true
+  end
+
+  def self.down
+    drop_table :users
+  end
+end

data/test/rails_app/db/migrate/20110331153546_create_remote_tokens.rb

@@ -0,0 +1,15 @@
+class CreateRemoteTokens < ActiveRecord::Migration
+  def self.up
+    create_table :remote_tokens do |t|
+      t.references :user
+      t.string     :token
+      t.datetime   :created_at
+    end
+    
+    add_index :remote_tokens, :token, :unique => true
+  end
+
+  def self.down
+    drop_table :remote_tokens
+  end
+end

data/test/rails_app/db/schema.rb

@@ -0,0 +1,45 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20110331153546) do
+
+  create_table "remote_tokens", :force => true do |t|
+    t.integer  "user_id"
+    t.string   "token"
+    t.datetime "created_at"
+  end
+
+  add_index "remote_tokens", ["token"], :name => "index_remote_tokens_on_token", :unique => true
+
+  create_table "users", :force => true do |t|
+    t.string   "email"
+    t.string   "encrypted_password"
+    t.string   "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.string   "remember_token"
+    t.datetime "remember_created_at"
+    t.string   "confirmation_token"
+    t.datetime "confirmation_sent_at"
+    t.datetime "confirmed_at"
+    t.string   "session_token"
+    t.integer  "sign_in_count",          :default => 0
+    t.string   "last_sign_in_at"
+    t.string   "last_sign_in_ip"
+    t.string   "current_sign_in_at"
+    t.string   "current_sign_in_ip"
+  end
+
+  add_index "users", ["email"], :name => "index_users_on_email", :unique => true
+  add_index "users", ["remember_token"], :name => "index_users_on_remember_token", :unique => true
+  add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
+
+end

data/test/rails_app/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+#
+# Examples:
+#
+#   cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }])
+#   Mayor.create(:name => 'Daley', :city => cities.first)