janus 0.9.1 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.gitignore +4 -3
- data/.travis.yml +3 -2
- data/CHANGELOG.md +27 -3
- data/VERSION +1 -1
- data/janus.gemspec +1 -0
- data/lib/generators/janus/resource_generator.rb +4 -0
- data/lib/generators/templates/confirmations_controller.erb +1 -1
- data/lib/generators/templates/passwords_controller.erb +1 -1
- data/lib/generators/templates/registrations_controller.erb +1 -1
- data/lib/janus/controllers/confirmations_controller.rb +26 -45
- data/lib/janus/controllers/internal_helpers.rb +24 -0
- data/lib/janus/controllers/passwords_controller.rb +2 -1
- data/lib/janus/controllers/registrations_controller.rb +2 -1
- data/lib/janus/controllers/sessions_controller.rb +43 -41
- data/lib/janus/models/database_authenticatable.rb +3 -1
- data/lib/janus/test_helper.rb +10 -6
- data/test/functional/janus/mailer_test.rb +2 -1
- data/test/functional/janus/manager_test.rb +1 -1
- data/test/functional/users/confirmations_controller_test.rb +4 -4
- data/test/functional/users/passwords_controller_test.rb +2 -2
- data/test/functional/users/sessions_controller_test.rb +7 -7
- data/test/integration/users/rememberable_test.rb +2 -2
- data/test/integration/users/remote_test.rb +4 -4
- data/test/integration/users/token_authenticatable_test.rb +2 -2
- data/test/integration/users/trackable_test.rb +1 -1
- data/test/rails_app/config/application.rb +3 -0
- data/test/rails_app/config/environments/test.rb +2 -0
- data/test/rails_app/db/migrate/20130412104138_create_admins.rb +1 -1
- data/test/test_helper.rb +8 -1
- data/test/unit/confirmable_test.rb +3 -3
- data/test/unit/rememberable_test.rb +3 -3
- data/test/unit/remote_authenticatable_test.rb +1 -1
- data/test/unit/remote_token_test.rb +1 -1
- data/test/unit/reset_password_test.rb +4 -4
- data/test/unit/trackable_test.rb +4 -4
- data/test/unit/user_test.rb +16 -5
- data.tar.gz.sig +0 -0
- metadata +16 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f73008d3812ab8275c869ee2e9abccaecd4133fb
|
|
4
|
+
data.tar.gz: 79ddf846b1d04560c7add204300756a21c1e159c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c781f9e06208ec6eea86da263ee76d89860a910921e458b7e68a64dc003175b49e059d76fb5390b62b55cc904a39b354d828de7678a5cc809aa18b6f9de08079
|
|
7
|
+
data.tar.gz: b66e7f792b3b5698e8a84b0b9c4fa48d904ea467a59489d115d7adbf61826234b8d8216cb024e44b3ead9a37e2ecc32e4c590603788083e4263df3551f346c75
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
|
@@ -3,12 +3,12 @@ script: bundle exec rake test
|
|
|
3
3
|
|
|
4
4
|
rvm:
|
|
5
5
|
- 1.9.3
|
|
6
|
-
- 2.1.
|
|
6
|
+
- 2.1.5
|
|
7
7
|
|
|
8
8
|
gemfile:
|
|
9
9
|
- Gemfile
|
|
10
|
-
- gemfiles/Gemfile.rails-4.0-stable
|
|
11
10
|
- gemfiles/Gemfile.rails-3.2-stable
|
|
11
|
+
- gemfiles/Gemfile.rails-4.1-stable
|
|
12
12
|
- gemfiles/Gemfile.rails-head
|
|
13
13
|
|
|
14
14
|
matrix:
|
|
@@ -21,3 +21,4 @@ matrix:
|
|
|
21
21
|
env:
|
|
22
22
|
global:
|
|
23
23
|
- NOKOGIRI_USE_SYSTEM_LIBRARIES=1
|
|
24
|
+
- CODECLIMATE_REPO_TOKEN=13f6e67dc6be3f749e752a3231502a48ae5e2986a557375da4339fd556031358
|
data/CHANGELOG.md
CHANGED
|
@@ -1,8 +1,32 @@
|
|
|
1
|
-
|
|
1
|
+
# Change Log
|
|
2
|
+
|
|
3
|
+
## Unreleased
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
## v0.10.0 - 2014-12-27
|
|
7
|
+
|
|
8
|
+
### Changed
|
|
9
|
+
|
|
10
|
+
- Rails 4.2.0 compatibility
|
|
11
|
+
- Confirmations controller now returns 400 or 404 HTTP status codes when
|
|
12
|
+
failing to find a valid resource for the token (or missing token).
|
|
13
|
+
- The `janus` instance is now accessible in Janus::TestHelper.
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
|
|
17
|
+
- Login failure when password wasn't set (invalid encrypted password).
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
## v0.9.1 - 2014-08-27
|
|
21
|
+
|
|
22
|
+
### Added
|
|
2
23
|
|
|
3
|
-
- Fixed compatibility with the latest Rails 4.0 and 4.1 releases that fixed a
|
|
4
|
-
bug with strong parameters. See 5b5a7e7
|
|
5
24
|
- `Janus::SessionsController#valid_host?(host)` to interrupt a blind redirection
|
|
6
25
|
when `params[:return_to]` is the current host. See b120010.
|
|
7
26
|
|
|
27
|
+
### Fixed
|
|
28
|
+
|
|
29
|
+
- Compatibility with the latest Rails 4.0 and 4.1 releases that fixed a
|
|
30
|
+
bug with strong parameters. See 5b5a7e7
|
|
31
|
+
|
|
8
32
|
Compare: https://github.com/ysbaddaden/janus/compare/v0.9.0...v0.9.1
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.10.0
|
data/janus.gemspec
CHANGED
|
@@ -20,6 +20,7 @@ Gem::Specification.new do |gem|
|
|
|
20
20
|
gem.add_dependency 'addressable'
|
|
21
21
|
|
|
22
22
|
gem.add_development_dependency 'rails', '>= 3.0.0'
|
|
23
|
+
gem.add_development_dependency 'responders', '~> 2.0'
|
|
23
24
|
gem.add_development_dependency 'sqlite3'
|
|
24
25
|
gem.add_development_dependency 'bcrypt'
|
|
25
26
|
gem.add_development_dependency 'scrypt'
|
|
@@ -71,6 +71,10 @@ module Janus
|
|
|
71
71
|
route "janus :#{plural_name}, " + controllers.map { |ctrl| ":#{ctrl} => true" }.join(', ')
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
def delivery_method
|
|
75
|
+
Rails.version >= "4.2.0" ? "deliver_later" : "deliver"
|
|
76
|
+
end
|
|
77
|
+
|
|
74
78
|
private
|
|
75
79
|
def controllers
|
|
76
80
|
strategies & %w{session registration confirmation password}
|
|
@@ -2,7 +2,7 @@ class <%= class_name.pluralize %>::ConfirmationsController < Janus::Confirmation
|
|
|
2
2
|
respond_to :html
|
|
3
3
|
|
|
4
4
|
# def deliver_confirmation_instructions(<%= singular_name %>)
|
|
5
|
-
# <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>)
|
|
5
|
+
# <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).<%= delivery_method %>
|
|
6
6
|
# end
|
|
7
7
|
|
|
8
8
|
# def after_resending_confirmation_instructions_url(<%= singular_name %>)
|
|
@@ -2,7 +2,7 @@ class <%= class_name.pluralize %>::PasswordsController < Janus::PasswordsControl
|
|
|
2
2
|
respond_to :html
|
|
3
3
|
|
|
4
4
|
# def deliver_reset_password_instructions(<%= singular_name %>)
|
|
5
|
-
# <%= class_name %>Mailer.reset_password_instructions(<%= singular_name %>)
|
|
5
|
+
# <%= class_name %>Mailer.reset_password_instructions(<%= singular_name %>).<%= delivery_method %>
|
|
6
6
|
# end
|
|
7
7
|
|
|
8
8
|
# def after_password_change_url(<%= singular_name %>)
|
|
@@ -2,7 +2,7 @@ class <%= class_name.pluralize %>::RegistrationsController < Janus::Registration
|
|
|
2
2
|
respond_to :html
|
|
3
3
|
|
|
4
4
|
# def deliver_confirmation_instructions(<%= singular_name %>)
|
|
5
|
-
# <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>)
|
|
5
|
+
# <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).<%= delivery_method %>
|
|
6
6
|
# end
|
|
7
7
|
|
|
8
8
|
# def after_sign_up_url(<%= singular_name %>)
|
|
@@ -5,30 +5,15 @@ class Janus::ConfirmationsController < ApplicationController
|
|
|
5
5
|
|
|
6
6
|
helper JanusHelper
|
|
7
7
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
if resource
|
|
12
|
-
resource.confirm!
|
|
8
|
+
before_filter :load_resource_from_confirmation_token, :only => :show
|
|
9
|
+
before_filter :load_resource_from_authentication_params, :only => :create
|
|
13
10
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
redirect_to after_confirmation_url(resource),
|
|
17
|
-
:notice => t('flash.janus.confirmations.edit.confirmed')
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
format.any { head :ok }
|
|
21
|
-
end
|
|
22
|
-
else
|
|
23
|
-
respond_to do |format|
|
|
24
|
-
format.html do
|
|
25
|
-
self.resource = resource_class.new
|
|
26
|
-
resource.errors.add(:base, :invalid_token)
|
|
27
|
-
render 'new'
|
|
28
|
-
end
|
|
11
|
+
def show
|
|
12
|
+
resource.confirm!
|
|
29
13
|
|
|
30
|
-
|
|
31
|
-
|
|
14
|
+
respond_with_success do
|
|
15
|
+
redirect_to after_confirmation_url(resource),
|
|
16
|
+
notice: t('flash.janus.confirmations.edit.confirmed')
|
|
32
17
|
end
|
|
33
18
|
end
|
|
34
19
|
|
|
@@ -38,36 +23,19 @@ class Janus::ConfirmationsController < ApplicationController
|
|
|
38
23
|
end
|
|
39
24
|
|
|
40
25
|
def create
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
if resource
|
|
44
|
-
deliver_confirmation_instructions(resource)
|
|
45
|
-
|
|
46
|
-
respond_to do |format|
|
|
47
|
-
format.html do
|
|
48
|
-
redirect_to after_resending_confirmation_instructions_url(resource),
|
|
49
|
-
:notice => t('flash.janus.confirmations.create.email_sent')
|
|
50
|
-
end
|
|
26
|
+
deliver_confirmation_instructions(resource)
|
|
51
27
|
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
respond_to do |format|
|
|
56
|
-
format.html do
|
|
57
|
-
self.resource = resource_class.new
|
|
58
|
-
resource.errors.add(:base, :not_found)
|
|
59
|
-
render 'new'
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
format.any { head :not_found }
|
|
63
|
-
end
|
|
28
|
+
respond_with_success do
|
|
29
|
+
redirect_to after_resending_confirmation_instructions_url(resource),
|
|
30
|
+
notice: t('flash.janus.confirmations.create.email_sent')
|
|
64
31
|
end
|
|
65
32
|
end
|
|
66
33
|
|
|
67
34
|
# Simple wrapper for Mailer#confirmation_instructions.deliver to
|
|
68
35
|
# allow customization of the email (eg: to pass additional data).
|
|
69
36
|
def deliver_confirmation_instructions(resource)
|
|
70
|
-
mailer_class.confirmation_instructions(resource)
|
|
37
|
+
mail = mailer_class.confirmation_instructions(resource)
|
|
38
|
+
mail.respond_to?(:deliver_later) ? mail.deliver_later : mail.deliver
|
|
71
39
|
end
|
|
72
40
|
|
|
73
41
|
# Where to redirect after the instructions have been sent.
|
|
@@ -79,4 +47,17 @@ class Janus::ConfirmationsController < ApplicationController
|
|
|
79
47
|
def after_confirmation_url(resource)
|
|
80
48
|
root_url
|
|
81
49
|
end
|
|
50
|
+
|
|
51
|
+
private
|
|
52
|
+
|
|
53
|
+
def load_resource_from_confirmation_token
|
|
54
|
+
token = params[resource_class.confirmation_key]
|
|
55
|
+
self.resource = resource_class.find_for_confirmation(token)
|
|
56
|
+
respond_with_failure(:invalid_token, :status => :bad_request) unless resource
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def load_resource_from_authentication_params
|
|
60
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
|
61
|
+
respond_with_failure(:not_found) unless resource
|
|
62
|
+
end
|
|
82
63
|
end
|
|
@@ -56,5 +56,29 @@ module Janus
|
|
|
56
56
|
def mailer_class
|
|
57
57
|
@mailer_class ||= (janus_scope.camelize + 'Mailer').constantize
|
|
58
58
|
end
|
|
59
|
+
|
|
60
|
+
def respond_with_success(&block)
|
|
61
|
+
respond_to do |format|
|
|
62
|
+
format.html(&block)
|
|
63
|
+
format.any { head :ok }
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def respond_with_failure(error, options = {})
|
|
68
|
+
status = options[:status] || error
|
|
69
|
+
|
|
70
|
+
respond_to do |format|
|
|
71
|
+
format.html do
|
|
72
|
+
self.resource = initialize_resource
|
|
73
|
+
resource.errors.add(:base, error)
|
|
74
|
+
render 'new', status: status
|
|
75
|
+
end
|
|
76
|
+
format.any { head status }
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def initialize_resource
|
|
81
|
+
resource_class.new
|
|
82
|
+
end
|
|
59
83
|
end
|
|
60
84
|
end
|
|
@@ -67,7 +67,8 @@ class Janus::PasswordsController < ApplicationController
|
|
|
67
67
|
# Simple wrapper for Mailer#reset_password_instructions.deliver to
|
|
68
68
|
# allow customization of the email (eg: to pass additional data).
|
|
69
69
|
def deliver_reset_password_instructions(resource)
|
|
70
|
-
mailer_class.reset_password_instructions(resource)
|
|
70
|
+
mail = mailer_class.reset_password_instructions(resource)
|
|
71
|
+
mail.respond_to?(:deliver_later) ? mail.deliver_later : mail.deliver
|
|
71
72
|
end
|
|
72
73
|
|
|
73
74
|
# Either redirects the user to after_password_change_url or to
|
|
@@ -48,7 +48,8 @@ class Janus::RegistrationsController < ApplicationController
|
|
|
48
48
|
# Simple wrapper for Mailer#confirmation_instructions.deliver to
|
|
49
49
|
# allow customization of the email (eg: to pass additional data).
|
|
50
50
|
def deliver_confirmation_instructions(resource)
|
|
51
|
-
mailer_class.confirmation_instructions(resource)
|
|
51
|
+
mail = mailer_class.confirmation_instructions(resource)
|
|
52
|
+
mail.respond_to?(:deliver_later) ? mail.deliver_later : mail.deliver
|
|
52
53
|
end
|
|
53
54
|
|
|
54
55
|
# Where to redirect after user has registered.
|
|
@@ -1,19 +1,18 @@
|
|
|
1
1
|
require 'addressable/uri'
|
|
2
2
|
|
|
3
|
-
# This controller is responsible for creating and destroying
|
|
4
|
-
# authenticated user sessions.
|
|
3
|
+
# This controller is responsible for creating and destroying user sessions.
|
|
5
4
|
#
|
|
6
5
|
# The creation uses the DatabaseAuthenticatable strategy, while the destruction
|
|
7
6
|
# simply destroys any session, whatever strategy it was created with. Janus
|
|
8
|
-
# hooks will be called,
|
|
9
|
-
#
|
|
7
|
+
# hooks will be called, allowing to destroy any Rememberable cookies as well as
|
|
8
|
+
# any user defined behavior.
|
|
10
9
|
#
|
|
11
10
|
class Janus::SessionsController < ApplicationController
|
|
12
11
|
include Janus::InternalHelpers
|
|
13
|
-
# include Janus::UrlHelpers
|
|
14
12
|
|
|
15
13
|
helper JanusHelper
|
|
16
|
-
|
|
14
|
+
|
|
15
|
+
before_filter :load_resource_from_authentication_params, :only => :create
|
|
17
16
|
|
|
18
17
|
def new
|
|
19
18
|
params[:return_to] ||= request.env["HTTP_REFERER"]
|
|
@@ -27,35 +26,17 @@ class Janus::SessionsController < ApplicationController
|
|
|
27
26
|
end
|
|
28
27
|
|
|
29
28
|
def create
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
if resource && resource.valid_password?(params[resource_name][:password])
|
|
29
|
+
if valid_resource?
|
|
33
30
|
janus.login(resource, :scope => janus_scope, :rememberable => params[:remember_me])
|
|
34
|
-
|
|
35
|
-
respond_to do |format|
|
|
36
|
-
format.html { redirect_after_sign_in(resource) }
|
|
37
|
-
format.any { head :ok }
|
|
38
|
-
end
|
|
31
|
+
respond_with_success { redirect_after_sign_in(resource) }
|
|
39
32
|
else
|
|
40
|
-
|
|
41
|
-
format.html do
|
|
42
|
-
self.resource ||= resource_class.new(resource_authentication_params)
|
|
43
|
-
resource.clean_up_passwords
|
|
44
|
-
resource.errors.add(:base, :not_found)
|
|
45
|
-
render "new", :status => :unauthorized
|
|
46
|
-
end
|
|
47
|
-
format.any { head :unauthorized }
|
|
48
|
-
end
|
|
33
|
+
respond_with_failure :unauthorized
|
|
49
34
|
end
|
|
50
35
|
end
|
|
51
36
|
|
|
52
37
|
def destroy
|
|
53
38
|
janus.logout(janus_scope)
|
|
54
|
-
|
|
55
|
-
respond_to do |format|
|
|
56
|
-
format.html { redirect_to after_sign_out_url(janus_scope) }
|
|
57
|
-
format.any { head :ok }
|
|
58
|
-
end
|
|
39
|
+
respond_with_success { redirect_to after_sign_out_url(janus_scope) }
|
|
59
40
|
end
|
|
60
41
|
|
|
61
42
|
# An overridable method that returns the default path to return the just
|
|
@@ -93,7 +74,7 @@ class Janus::SessionsController < ApplicationController
|
|
|
93
74
|
# actually returns URL to prevent infinite loops. We must for instance
|
|
94
75
|
# never return to new_sesssion_path.
|
|
95
76
|
#
|
|
96
|
-
# If you ever
|
|
77
|
+
# If you ever need to override this method, don't forget to call `super`.
|
|
97
78
|
# For instance:
|
|
98
79
|
#
|
|
99
80
|
# def never_return_to(scope)
|
|
@@ -103,8 +84,13 @@ class Janus::SessionsController < ApplicationController
|
|
|
103
84
|
def never_return_to(scope)
|
|
104
85
|
scope = Janus.scope_for(scope)
|
|
105
86
|
list = [new_session_path(scope)]
|
|
87
|
+
|
|
106
88
|
begin
|
|
107
|
-
list + [
|
|
89
|
+
list + [
|
|
90
|
+
destroy_session_path(scope),
|
|
91
|
+
new_password_path(scope),
|
|
92
|
+
edit_password_path(scope)
|
|
93
|
+
]
|
|
108
94
|
rescue NoMethodError
|
|
109
95
|
list
|
|
110
96
|
end
|
|
@@ -123,25 +109,41 @@ class Janus::SessionsController < ApplicationController
|
|
|
123
109
|
unless never_return_to(user).include?(return_to.path)
|
|
124
110
|
# path or same host redirection
|
|
125
111
|
if valid_host?(return_to.host || request.host)
|
|
126
|
-
redirect_to params[:return_to]
|
|
127
|
-
return
|
|
112
|
+
redirect_to params[:return_to] and return
|
|
128
113
|
end
|
|
129
114
|
|
|
130
115
|
# external host redirection
|
|
131
116
|
if valid_remote_host?(return_to.host)
|
|
132
|
-
if user.class.include?(Janus::Models::RemoteAuthenticatable)
|
|
133
|
-
|
|
134
|
-
return_to.query_values = query.merge(
|
|
135
|
-
user.class.remote_authentication_key => user.generate_remote_token!
|
|
136
|
-
)
|
|
137
|
-
end
|
|
138
|
-
|
|
139
|
-
redirect_to return_to.to_s
|
|
140
|
-
return
|
|
117
|
+
add_remote_authentication_key(return_to, user) if user.class.include?(Janus::Models::RemoteAuthenticatable)
|
|
118
|
+
redirect_to return_to.to_s and return
|
|
141
119
|
end
|
|
142
120
|
end
|
|
143
121
|
end
|
|
144
122
|
|
|
145
123
|
redirect_to after_sign_in_url(user)
|
|
146
124
|
end
|
|
125
|
+
|
|
126
|
+
def add_remote_authentication_key(return_to, user)
|
|
127
|
+
query = return_to.query_values || {}
|
|
128
|
+
return_to.query_values = query.merge(
|
|
129
|
+
user.class.remote_authentication_key => user.generate_remote_token!
|
|
130
|
+
)
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
private
|
|
134
|
+
|
|
135
|
+
def valid_resource?
|
|
136
|
+
resource && resource.valid_password?(params[resource_name][:password])
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
def initialize_resource
|
|
140
|
+
resource_class
|
|
141
|
+
.new(resource_authentication_params)
|
|
142
|
+
.tap(&:clean_up_passwords)
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
def load_resource_from_authentication_params
|
|
146
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
|
147
|
+
respond_with_failure :unauthorized unless resource
|
|
148
|
+
end
|
|
147
149
|
end
|
|
@@ -57,8 +57,10 @@ module Janus
|
|
|
57
57
|
when :bcrypt
|
|
58
58
|
::BCrypt::Password.new(encrypted_password) == salted_password(password)
|
|
59
59
|
when :scrypt
|
|
60
|
-
::SCrypt::Password.new(encrypted_password) == salted_password(password)
|
|
60
|
+
::SCrypt::Password.new(encrypted_password || "") == salted_password(password)
|
|
61
61
|
end
|
|
62
|
+
rescue BCrypt::Errors::InvalidHash, SCrypt::Errors::InvalidHash
|
|
63
|
+
false
|
|
62
64
|
end
|
|
63
65
|
|
|
64
66
|
# Digests a password using either bcrypt or scrypt (as configured by `config.encryptor`).
|
data/lib/janus/test_helper.rb
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
module Janus
|
|
2
2
|
module TestHelper
|
|
3
|
+
attr_reader :janus
|
|
4
|
+
|
|
3
5
|
def self.included(klass)
|
|
4
6
|
klass.class_eval do
|
|
5
7
|
setup { @janus = Janus::Manager.new(request, cookies) }
|
|
@@ -7,23 +9,25 @@ module Janus
|
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
def sign_in(user, options = {})
|
|
10
|
-
|
|
12
|
+
janus.login(user, options)
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
def sign_out(user_or_scope = nil)
|
|
14
16
|
if user_or_scope
|
|
15
|
-
|
|
17
|
+
janus.logout(Janus.scope_for(user_or_scope))
|
|
16
18
|
else
|
|
17
|
-
|
|
19
|
+
janus.logout
|
|
18
20
|
end
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
def assert_authenticated(scope)
|
|
22
|
-
assert
|
|
24
|
+
assert janus.authenticated?(scope), "Expected #{scope} to be authenticated."
|
|
23
25
|
end
|
|
24
26
|
|
|
25
|
-
def
|
|
26
|
-
|
|
27
|
+
def refute_authenticated(scope)
|
|
28
|
+
refute janus.authenticated?(scope), "Expected #{scope} to not be authenticated."
|
|
27
29
|
end
|
|
30
|
+
|
|
31
|
+
alias_method :assert_not_authenticated, :refute_authenticated
|
|
28
32
|
end
|
|
29
33
|
end
|
|
@@ -4,7 +4,8 @@ class Janus::MailerTest < ActionMailer::TestCase
|
|
|
4
4
|
test "reset_password_instructions" do
|
|
5
5
|
users(:julien).generate_reset_password_token!
|
|
6
6
|
|
|
7
|
-
mail = UserMailer.reset_password_instructions(users(:julien))
|
|
7
|
+
mail = UserMailer.reset_password_instructions(users(:julien))
|
|
8
|
+
mail.respond_to?(:deliver_now) ? mail.deliver_now : mail.deliver
|
|
8
9
|
assert_equal [users(:julien).email], mail.to
|
|
9
10
|
assert !mail.subject.blank?
|
|
10
11
|
|
|
@@ -15,7 +15,7 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
|
|
|
15
15
|
test "should not get show without token" do
|
|
16
16
|
assert_no_difference('User.count(:confirmed_at)') do
|
|
17
17
|
get :show
|
|
18
|
-
assert_response :
|
|
18
|
+
assert_response :bad_request
|
|
19
19
|
assert_template 'new'
|
|
20
20
|
assert_select '#error_explanation'
|
|
21
21
|
end
|
|
@@ -24,7 +24,7 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
|
|
|
24
24
|
test "should not get show with blank token" do
|
|
25
25
|
assert_no_difference('User.count(:confirmed_at)') do
|
|
26
26
|
get :show, :token => ""
|
|
27
|
-
assert_response :
|
|
27
|
+
assert_response :bad_request
|
|
28
28
|
assert_template 'new'
|
|
29
29
|
assert_select '#error_explanation'
|
|
30
30
|
end
|
|
@@ -35,7 +35,7 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
|
|
|
35
35
|
|
|
36
36
|
assert_no_difference('User.count(:confirmed_at)') do
|
|
37
37
|
get :show, :token => "aiorujfqptezjsmdguspfofkn"
|
|
38
|
-
assert_response :
|
|
38
|
+
assert_response :bad_request
|
|
39
39
|
assert_template 'new'
|
|
40
40
|
assert_select '#error_explanation'
|
|
41
41
|
end
|
|
@@ -59,9 +59,9 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
|
|
|
59
59
|
test "should not create" do
|
|
60
60
|
assert_no_email do
|
|
61
61
|
post :create, :user => { :email => 'nobody@example.com' }
|
|
62
|
+
assert_response :not_found
|
|
62
63
|
end
|
|
63
64
|
|
|
64
|
-
assert_response :ok
|
|
65
65
|
assert_template 'new'
|
|
66
66
|
assert_select '#error_explanation'
|
|
67
67
|
end
|
|
@@ -99,8 +99,8 @@ class Users::PasswordsControllerTest < ActionController::TestCase
|
|
|
99
99
|
|
|
100
100
|
users(:julien).reload
|
|
101
101
|
|
|
102
|
-
|
|
103
|
-
|
|
102
|
+
refute_nil users(:julien).reset_password_token
|
|
103
|
+
refute_nil users(:julien).reset_password_sent_at
|
|
104
104
|
assert !users(:julien).valid_password?(@attributes[:password])
|
|
105
105
|
end
|
|
106
106
|
|
|
@@ -19,7 +19,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
|
19
19
|
assert_response :ok
|
|
20
20
|
assert_select '#user_email', 1
|
|
21
21
|
assert_select '#user_password', 1
|
|
22
|
-
assert_select
|
|
22
|
+
assert_select "input[name=return_to][value='/some/path']", 1
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
test "new should pass return_to" do
|
|
@@ -27,7 +27,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
|
27
27
|
assert_response :ok
|
|
28
28
|
assert_select '#user_email', 1
|
|
29
29
|
assert_select '#user_password', 1
|
|
30
|
-
assert_select
|
|
30
|
+
assert_select "input[name=return_to][value='" + root_path + "']", 1
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
test "should create" do
|
|
@@ -68,7 +68,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
|
68
68
|
assert_select "#user_email[value='" + users(:julien).email + "']"
|
|
69
69
|
assert_select "#user_password[value='secret']", 0
|
|
70
70
|
assert_select '#error_explanation'
|
|
71
|
-
|
|
71
|
+
refute_authenticated(:user)
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
test "should fail to create with bad password" do
|
|
@@ -78,7 +78,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
|
78
78
|
assert_select "#user_email[value='" + users(:martha).email + "']"
|
|
79
79
|
assert_select "#user_password[value='force me in']", 0
|
|
80
80
|
assert_select '#error_explanation'
|
|
81
|
-
|
|
81
|
+
refute_authenticated(:user)
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
test "should fail to create with unknown user" do
|
|
@@ -88,7 +88,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
|
88
88
|
assert_select "#user_email[value='nobody@localhost']"
|
|
89
89
|
assert_select "#user_password[value='secret']", 0
|
|
90
90
|
assert_select '#error_explanation'
|
|
91
|
-
|
|
91
|
+
refute_authenticated(:user)
|
|
92
92
|
end
|
|
93
93
|
|
|
94
94
|
test "should destroy" do
|
|
@@ -96,12 +96,12 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
|
96
96
|
|
|
97
97
|
get :destroy
|
|
98
98
|
assert_redirected_to root_url
|
|
99
|
-
|
|
99
|
+
refute_authenticated(:user)
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
test "destroy should silently logout anonymous" do
|
|
103
103
|
get :destroy
|
|
104
104
|
assert_redirected_to root_url
|
|
105
|
-
|
|
105
|
+
refute_authenticated(:user)
|
|
106
106
|
end
|
|
107
107
|
end
|
|
@@ -14,7 +14,7 @@ class Users::RememberableTest < ActionDispatch::IntegrationTest
|
|
|
14
14
|
|
|
15
15
|
sign_out :user
|
|
16
16
|
visit root_url
|
|
17
|
-
|
|
17
|
+
refute_authenticated
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
test "registration should remember user" do
|
|
@@ -27,6 +27,6 @@ class Users::RememberableTest < ActionDispatch::IntegrationTest
|
|
|
27
27
|
|
|
28
28
|
sign_out :user
|
|
29
29
|
visit root_url
|
|
30
|
-
|
|
30
|
+
refute_authenticated
|
|
31
31
|
end
|
|
32
32
|
end
|
|
@@ -6,7 +6,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
|
|
|
6
6
|
test "service login" do
|
|
7
7
|
# user visits a remote site
|
|
8
8
|
visit blog_url(:host => 'test.host')
|
|
9
|
-
|
|
9
|
+
refute_authenticated
|
|
10
10
|
|
|
11
11
|
# user clicks the sign in link
|
|
12
12
|
click_link 'sign_in'
|
|
@@ -31,7 +31,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
|
|
|
31
31
|
|
|
32
32
|
# user visits a remote site
|
|
33
33
|
visit blog_url(:host => 'test.host')
|
|
34
|
-
|
|
34
|
+
refute_authenticated
|
|
35
35
|
|
|
36
36
|
# user clicks the sign in link of remote site which should redirect her back
|
|
37
37
|
click_link 'sign_in'
|
|
@@ -53,7 +53,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
|
|
|
53
53
|
visit root_url(:host => 'test.host')
|
|
54
54
|
|
|
55
55
|
# session should have been invalidated
|
|
56
|
-
|
|
56
|
+
refute_authenticated
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
test "session invalidation should not reset the user session_token" do
|
|
@@ -64,7 +64,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
|
|
|
64
64
|
sign_in users(:julien)
|
|
65
65
|
|
|
66
66
|
visit root_url(:host => 'test.host')
|
|
67
|
-
|
|
67
|
+
refute_authenticated
|
|
68
68
|
|
|
69
69
|
visit root_url
|
|
70
70
|
assert_authenticated
|
|
@@ -15,7 +15,7 @@ class Users::TokenAuthenticatableTest < ActionDispatch::IntegrationTest
|
|
|
15
15
|
|
|
16
16
|
test "should not sign user with invalid token" do
|
|
17
17
|
visit root_url(:auth_token => 'unknown token')
|
|
18
|
-
|
|
18
|
+
refute_authenticated
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
test "should reuse token" do
|
|
@@ -36,7 +36,7 @@ class Users::TokenAuthenticatableTest < ActionDispatch::IntegrationTest
|
|
|
36
36
|
sign_out :user
|
|
37
37
|
|
|
38
38
|
visit root_url(:auth_token => token)
|
|
39
|
-
|
|
39
|
+
refute_authenticated
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
end
|
|
@@ -6,7 +6,7 @@ class Users::TrackableTest < ActionDispatch::IntegrationTest
|
|
|
6
6
|
test "should track user" do
|
|
7
7
|
current_sign_in_at = users(:julien).reload.current_sign_in_at
|
|
8
8
|
sign_in users(:julien)
|
|
9
|
-
|
|
9
|
+
refute_equal current_sign_in_at, users(:julien).reload.current_sign_in_at
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
test "remote authentication should not track user" do
|
|
@@ -39,5 +39,8 @@ module RailsApp
|
|
|
39
39
|
|
|
40
40
|
# Configure sensitive parameters which will be filtered from the log file.
|
|
41
41
|
config.filter_parameters += [:current_password, :password, :password_confirmation]
|
|
42
|
+
|
|
43
|
+
# GlobalId chokes on app names with underscores
|
|
44
|
+
config.global_id.app = "rails-app" if config.respond_to?(:global_id)
|
|
42
45
|
end
|
|
43
46
|
end
|
data/test/test_helper.rb
CHANGED
|
@@ -1,9 +1,16 @@
|
|
|
1
1
|
ENV["RAILS_ENV"] = "test"
|
|
2
2
|
|
|
3
|
+
begin
|
|
4
|
+
require 'codeclimate-test-reporter'
|
|
5
|
+
CodeClimate::TestReporter.start
|
|
6
|
+
rescue LoadError
|
|
7
|
+
end
|
|
8
|
+
|
|
3
9
|
require File.expand_path('../rails_app/config/environment', __FILE__)
|
|
4
10
|
require 'rails/test_help'
|
|
5
11
|
require 'capybara/rails'
|
|
6
12
|
require 'minitest/mock'
|
|
13
|
+
require 'minitest/pride'
|
|
7
14
|
|
|
8
15
|
ActiveRecord::Migration.verbose = false
|
|
9
16
|
ActiveRecord::Migrator.migrate(Rails.root.join('db', 'migrate').to_s)
|
|
@@ -102,7 +109,7 @@ class ActionDispatch::IntegrationTest
|
|
|
102
109
|
assert has_selector?("a#my_page"), "Expected user to be authenticated."
|
|
103
110
|
end
|
|
104
111
|
|
|
105
|
-
def
|
|
112
|
+
def refute_authenticated
|
|
106
113
|
assert has_selector?("a#sign_in"), "Expected user to not be authenticated."
|
|
107
114
|
end
|
|
108
115
|
|
|
@@ -7,8 +7,8 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
7
7
|
|
|
8
8
|
test "generate_confirmation_token" do
|
|
9
9
|
@user.generate_confirmation_token
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
refute_nil @user.confirmation_token
|
|
11
|
+
refute_nil @user.confirmation_sent_at
|
|
12
12
|
assert_nil @user.confirmed_at
|
|
13
13
|
|
|
14
14
|
@user.reload
|
|
@@ -22,7 +22,7 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
22
22
|
@user.confirm!
|
|
23
23
|
assert_nil @user.confirmation_token
|
|
24
24
|
assert_nil @user.confirmation_sent_at
|
|
25
|
-
|
|
25
|
+
refute_nil @user.confirmed_at
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
test "find_for_confirmation" do
|
|
@@ -7,8 +7,8 @@ class RememberableTest < ActiveSupport::TestCase
|
|
|
7
7
|
|
|
8
8
|
test "remember_token" do
|
|
9
9
|
@user.remember_me!
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
refute_nil @user.remember_token
|
|
11
|
+
refute_nil @user.remember_created_at
|
|
12
12
|
|
|
13
13
|
@user.forget_me!
|
|
14
14
|
assert_nil @user.remember_token
|
|
@@ -19,7 +19,7 @@ class RememberableTest < ActiveSupport::TestCase
|
|
|
19
19
|
@user.remember_me!
|
|
20
20
|
token = @user.remember_token
|
|
21
21
|
@user.remember_me!
|
|
22
|
-
|
|
22
|
+
refute_equal token, @user.remember_token
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
test "find_for_remember_authentication" do
|
|
@@ -4,6 +4,6 @@ class RemoteTokenTest < ActiveSupport::TestCase
|
|
|
4
4
|
test "should create" do
|
|
5
5
|
remote_token = RemoteToken.create(:user => users(:julien))
|
|
6
6
|
assert remote_token.persisted?, remote_token.errors.to_xml
|
|
7
|
-
|
|
7
|
+
refute_nil remote_token.token
|
|
8
8
|
end
|
|
9
9
|
end
|
|
@@ -8,8 +8,8 @@ class ResetPasswordTest < ActiveSupport::TestCase
|
|
|
8
8
|
test "generate reset password token" do
|
|
9
9
|
assert @user.generate_reset_password_token!
|
|
10
10
|
assert @user.persisted?
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
refute_nil @user.reset_password_token
|
|
12
|
+
refute_nil @user.reset_password_sent_at
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
test "reset password" do
|
|
@@ -25,8 +25,8 @@ class ResetPasswordTest < ActiveSupport::TestCase
|
|
|
25
25
|
@user.generate_reset_password_token!
|
|
26
26
|
user = User.find_for_password_reset(@user.reset_password_token)
|
|
27
27
|
assert_equal @user, user
|
|
28
|
-
|
|
29
|
-
|
|
28
|
+
refute_nil user.reset_password_token
|
|
29
|
+
refute_nil user.reset_password_sent_at
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
test "should not find user with bad tokens" do
|
data/test/unit/trackable_test.rb
CHANGED
|
@@ -7,15 +7,15 @@ class TrackableTest < ActiveSupport::TestCase
|
|
|
7
7
|
|
|
8
8
|
assert_nil users(:julien).last_sign_in_at
|
|
9
9
|
assert_nil users(:julien).last_sign_in_ip
|
|
10
|
-
|
|
10
|
+
refute_nil users(:julien).current_sign_in_at
|
|
11
11
|
assert_equal '127.0.0.1', users(:julien).current_sign_in_ip
|
|
12
12
|
|
|
13
13
|
users(:julien).track!('127.0.0.2')
|
|
14
14
|
users(:julien).reload
|
|
15
15
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
refute_nil users(:julien).last_sign_in_at
|
|
17
|
+
refute_nil users(:julien).last_sign_in_ip
|
|
18
|
+
refute_nil users(:julien).current_sign_in_at
|
|
19
19
|
assert_equal '127.0.0.2', users(:julien).current_sign_in_ip
|
|
20
20
|
end
|
|
21
21
|
end
|
data/test/unit/user_test.rb
CHANGED
|
@@ -7,6 +7,7 @@ class UserTest < ActiveSupport::TestCase
|
|
|
7
7
|
|
|
8
8
|
test "valid_password?" do
|
|
9
9
|
user = User.new(:password => "azerty")
|
|
10
|
+
refute user.valid_password?("secret")
|
|
10
11
|
assert user.valid_password?("azerty")
|
|
11
12
|
refute user.valid_password?("secret")
|
|
12
13
|
|
|
@@ -22,6 +23,16 @@ class UserTest < ActiveSupport::TestCase
|
|
|
22
23
|
end
|
|
23
24
|
end
|
|
24
25
|
|
|
26
|
+
test "valid_password? without encrypted password" do
|
|
27
|
+
refute User.new.valid_password?("")
|
|
28
|
+
refute User.new.valid_password?("secret")
|
|
29
|
+
|
|
30
|
+
with_encryptor :scrypt do
|
|
31
|
+
refute User.new.valid_password?("")
|
|
32
|
+
refute User.new.valid_password?("some lame guessing")
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
25
36
|
test "should validate current_password on update" do
|
|
26
37
|
@user.update_attributes(:email => 'julien@example.fr', :current_password => 'secret')
|
|
27
38
|
assert @user.persisted?, @user.errors.to_xml
|
|
@@ -33,7 +44,7 @@ class UserTest < ActiveSupport::TestCase
|
|
|
33
44
|
test "password" do
|
|
34
45
|
user = User.new(:password => "my pwd")
|
|
35
46
|
assert_equal "my pwd", user.password
|
|
36
|
-
|
|
47
|
+
refute_nil user.encrypted_password
|
|
37
48
|
end
|
|
38
49
|
|
|
39
50
|
test "should confirm password" do
|
|
@@ -46,12 +57,12 @@ class UserTest < ActiveSupport::TestCase
|
|
|
46
57
|
|
|
47
58
|
test "clean_up_passwords" do
|
|
48
59
|
user = User.new(:email => 'julien@example.com', :password => 'abc', :password_confirmation => 'def')
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
60
|
+
refute_nil user.email
|
|
61
|
+
refute_nil user.password
|
|
62
|
+
refute_nil user.password_confirmation
|
|
52
63
|
|
|
53
64
|
user.clean_up_passwords
|
|
54
|
-
|
|
65
|
+
refute_nil user.email
|
|
55
66
|
assert_nil user.password
|
|
56
67
|
assert_nil user.password_confirmation
|
|
57
68
|
end
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: janus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Julien Portalier
|
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
|
30
30
|
KVqCN//9bevjMk5OiMi9X3Wu/GtVWDwC6OTWFWKd54KgbuWlakO8LC1SMmStnCIF
|
|
31
31
|
W4qpyMWMZMcB4ZN/0mUVzY5xwrislBtsmQVUSw==
|
|
32
32
|
-----END CERTIFICATE-----
|
|
33
|
-
date: 2014-
|
|
33
|
+
date: 2014-12-27 00:00:00.000000000 Z
|
|
34
34
|
dependencies:
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: addressable
|
|
@@ -60,6 +60,20 @@ dependencies:
|
|
|
60
60
|
- - ">="
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
62
|
version: 3.0.0
|
|
63
|
+
- !ruby/object:Gem::Dependency
|
|
64
|
+
name: responders
|
|
65
|
+
requirement: !ruby/object:Gem::Requirement
|
|
66
|
+
requirements:
|
|
67
|
+
- - "~>"
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: '2.0'
|
|
70
|
+
type: :development
|
|
71
|
+
prerelease: false
|
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
+
requirements:
|
|
74
|
+
- - "~>"
|
|
75
|
+
- !ruby/object:Gem::Version
|
|
76
|
+
version: '2.0'
|
|
63
77
|
- !ruby/object:Gem::Dependency
|
|
64
78
|
name: sqlite3
|
|
65
79
|
requirement: !ruby/object:Gem::Requirement
|
metadata.gz.sig
CHANGED
|
Binary file
|