jeremydurham-restful_authentication 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +68 -0
- data/LICENSE +20 -0
- data/README.textile +224 -0
- data/Rakefile +54 -0
- data/TODO +15 -0
- data/generators/authenticated/USAGE +1 -0
- data/generators/authenticated/authenticated_generator.rb +481 -0
- data/generators/authenticated/lib/insert_routes.rb +54 -0
- data/generators/authenticated/templates/_model_partial.html.erb +8 -0
- data/generators/authenticated/templates/activation.erb +3 -0
- data/generators/authenticated/templates/authenticated_system.rb +189 -0
- data/generators/authenticated/templates/authenticated_test_helper.rb +12 -0
- data/generators/authenticated/templates/controller.rb +43 -0
- data/generators/authenticated/templates/features/accounts.feature +63 -0
- data/generators/authenticated/templates/features/sessions.feature +77 -0
- data/generators/authenticated/templates/features/step_definitions/ra_env.rb +7 -0
- data/generators/authenticated/templates/features/step_definitions/user_steps.rb +31 -0
- data/generators/authenticated/templates/helper.rb +2 -0
- data/generators/authenticated/templates/login.html.erb +14 -0
- data/generators/authenticated/templates/machinist_spec.rb +5 -0
- data/generators/authenticated/templates/machinist_test.rb +5 -0
- data/generators/authenticated/templates/mailer.rb +25 -0
- data/generators/authenticated/templates/migration.rb +26 -0
- data/generators/authenticated/templates/model.rb +83 -0
- data/generators/authenticated/templates/model_controller.rb +85 -0
- data/generators/authenticated/templates/model_helper.rb +93 -0
- data/generators/authenticated/templates/model_helper_spec.rb +157 -0
- data/generators/authenticated/templates/observer.rb +11 -0
- data/generators/authenticated/templates/signup.html.erb +19 -0
- data/generators/authenticated/templates/signup_notification.erb +8 -0
- data/generators/authenticated/templates/site_keys.rb +38 -0
- data/generators/authenticated/templates/spec/blueprints/user.rb +6 -0
- data/generators/authenticated/templates/spec/controllers/access_control_spec.rb +89 -0
- data/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb +107 -0
- data/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb +138 -0
- data/generators/authenticated/templates/spec/controllers/users_controller_spec.rb +196 -0
- data/generators/authenticated/templates/spec/fixtures/users.yml +60 -0
- data/generators/authenticated/templates/spec/helpers/users_helper_spec.rb +141 -0
- data/generators/authenticated/templates/spec/models/user_spec.rb +298 -0
- data/generators/authenticated/templates/test/functional_test.rb +84 -0
- data/generators/authenticated/templates/test/mailer_test.rb +31 -0
- data/generators/authenticated/templates/test/model_functional_test.rb +91 -0
- data/generators/authenticated/templates/test/unit_test.rb +177 -0
- data/lib/authentication.rb +40 -0
- data/lib/authentication/by_cookie_token.rb +82 -0
- data/lib/authentication/by_password.rb +64 -0
- data/lib/authorization.rb +14 -0
- data/lib/authorization/aasm_roles.rb +63 -0
- data/lib/authorization/stateful_roles.rb +62 -0
- data/lib/restful_authentication.rb +3 -0
- data/lib/trustification.rb +14 -0
- data/lib/trustification/email_validation.rb +20 -0
- data/notes/AccessControl.txt +2 -0
- data/notes/Authentication.txt +5 -0
- data/notes/Authorization.txt +154 -0
- data/notes/RailsPlugins.txt +78 -0
- data/notes/SecurityFramework.graffle +0 -0
- data/notes/SecurityFramework.png +0 -0
- data/notes/SecurityPatterns.txt +163 -0
- data/notes/Tradeoffs.txt +126 -0
- data/notes/Trustification.txt +49 -0
- data/restful_authentication.gemspec +32 -0
- data/tasks/auth.rake +33 -0
- metadata +128 -0
@@ -0,0 +1,60 @@
|
|
1
|
+
<%
|
2
|
+
## this code must match that in templates/model.rb
|
3
|
+
require 'digest/sha1'
|
4
|
+
def make_fake_token
|
5
|
+
@fake_token_counter ||= 0
|
6
|
+
@fake_token_counter += 1
|
7
|
+
Digest::SHA1.hexdigest(@fake_token_counter.to_s)
|
8
|
+
end
|
9
|
+
salts = (1..2).map{ make_fake_token }
|
10
|
+
passwds = salts.map{ |salt| password_digest('monkey', salt) }
|
11
|
+
-%>
|
12
|
+
|
13
|
+
quentin:
|
14
|
+
id: 1
|
15
|
+
login: quentin
|
16
|
+
email: quentin@example.com
|
17
|
+
salt: <%= salts[0] %> # SHA1('0')
|
18
|
+
crypted_password: <%= passwds[0] %> # 'monkey'
|
19
|
+
created_at: <%%= 5.days.ago.to_s :db %>
|
20
|
+
remember_token_expires_at: <%%= 1.days.from_now.to_s %>
|
21
|
+
remember_token: <%= make_fake_token %>
|
22
|
+
<% if options[:include_activation] -%>
|
23
|
+
activation_code:
|
24
|
+
activated_at: <%%= 5.days.ago.to_s :db %>
|
25
|
+
<% end -%>
|
26
|
+
<% if options[:stateful] -%>
|
27
|
+
state: active
|
28
|
+
<% end -%>
|
29
|
+
|
30
|
+
aaron:
|
31
|
+
id: 2
|
32
|
+
login: aaron
|
33
|
+
email: aaron@example.com
|
34
|
+
salt: <%= salts[1] %> # SHA1('1')
|
35
|
+
crypted_password: <%= passwds[1] %> # 'monkey'
|
36
|
+
created_at: <%%= 1.days.ago.to_s :db %>
|
37
|
+
remember_token_expires_at:
|
38
|
+
remember_token:
|
39
|
+
<% if options[:include_activation] -%>
|
40
|
+
activation_code: <%= make_fake_token %>
|
41
|
+
activated_at:
|
42
|
+
<% end -%>
|
43
|
+
<% if options[:stateful] %>
|
44
|
+
state: pending
|
45
|
+
<% end -%>
|
46
|
+
|
47
|
+
|
48
|
+
old_password_holder:
|
49
|
+
id: 3
|
50
|
+
login: old_password_holder
|
51
|
+
email: salty_dog@example.com
|
52
|
+
salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
|
53
|
+
crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
|
54
|
+
created_at: <%%= 1.days.ago.to_s :db %>
|
55
|
+
<% if options[:include_activation] %>
|
56
|
+
activation_code:
|
57
|
+
activated_at: <%%= 5.days.ago.to_s :db %>
|
58
|
+
<% end %>
|
59
|
+
<% if options[:stateful] %>
|
60
|
+
state: active<% end %>
|
@@ -0,0 +1,141 @@
|
|
1
|
+
require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>'
|
2
|
+
include ApplicationHelper
|
3
|
+
include <%= model_controller_class_name %>Helper
|
4
|
+
include AuthenticatedTestHelper
|
5
|
+
|
6
|
+
describe <%= model_controller_class_name %>Helper do
|
7
|
+
before do
|
8
|
+
@<%= file_name %> = <%= class_name %>.make
|
9
|
+
end
|
10
|
+
|
11
|
+
describe "if_authorized" do
|
12
|
+
it "yields if authorized" do
|
13
|
+
should_receive(:authorized?).with('a','r').and_return(true)
|
14
|
+
if_authorized?('a','r'){|action,resource| [action,resource,'hi'] }.should == ['a','r','hi']
|
15
|
+
end
|
16
|
+
it "does nothing if not authorized" do
|
17
|
+
should_receive(:authorized?).with('a','r').and_return(false)
|
18
|
+
if_authorized?('a','r'){ 'hi' }.should be_nil
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
describe "link_to_<%= file_name %>" do
|
23
|
+
it "should give an error on a nil <%= file_name %>" do
|
24
|
+
lambda { link_to_<%= file_name %>(nil) }.should raise_error('Invalid <%= file_name %>')
|
25
|
+
end
|
26
|
+
it "should link to the given <%= file_name %>" do
|
27
|
+
should_receive(:<%= model_controller_routing_name.singularize %>_path).at_least(:once).and_return('/<%= model_controller_file_path %>/1')
|
28
|
+
link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[href='/<%= model_controller_file_path %>/1']")
|
29
|
+
end
|
30
|
+
it "should use given link text if :content_text is specified" do
|
31
|
+
link_to_<%= file_name %>(@<%= file_name %>, :content_text => 'Hello there!').should have_tag("a", 'Hello there!')
|
32
|
+
end
|
33
|
+
it "should use the login as link text with no :content_method specified" do
|
34
|
+
link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a", @<%= file_name %>.login)
|
35
|
+
end
|
36
|
+
it "should use the name as link text with :content_method => :name" do
|
37
|
+
link_to_<%= file_name %>(@<%= file_name %>, :content_method => :name).should have_tag("a", @<%= file_name %>.name)
|
38
|
+
end
|
39
|
+
it "should use the login as title with no :title_method specified" do
|
40
|
+
link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[title='#{@<%= file_name %>.login}']")
|
41
|
+
end
|
42
|
+
it "should use the name as link title with :content_method => :name" do
|
43
|
+
link_to_<%= file_name %>(@<%= file_name %>, :title_method => :name).should have_tag("a[title='#{@<%= file_name %>.name}']")
|
44
|
+
end
|
45
|
+
it "should have nickname as a class by default" do
|
46
|
+
link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a.nickname")
|
47
|
+
end
|
48
|
+
it "should take other classes and no longer have the nickname class" do
|
49
|
+
result = link_to_<%= file_name %>(@<%= file_name %>, :class => 'foo bar')
|
50
|
+
result.should have_tag("a.foo")
|
51
|
+
result.should have_tag("a.bar")
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
describe "link_to_login_with_IP" do
|
56
|
+
it "should link to the login_path" do
|
57
|
+
link_to_login_with_IP().should have_tag("a[href='/login']")
|
58
|
+
end
|
59
|
+
it "should use given link text if :content_text is specified" do
|
60
|
+
link_to_login_with_IP('Hello there!').should have_tag("a", 'Hello there!')
|
61
|
+
end
|
62
|
+
it "should use the login as link text with no :content_method specified" do
|
63
|
+
link_to_login_with_IP().should have_tag("a", '0.0.0.0')
|
64
|
+
end
|
65
|
+
it "should use the ip address as title" do
|
66
|
+
link_to_login_with_IP().should have_tag("a[title='0.0.0.0']")
|
67
|
+
end
|
68
|
+
it "should by default be like school in summer and have no class" do
|
69
|
+
link_to_login_with_IP().should_not have_tag("a.nickname")
|
70
|
+
end
|
71
|
+
it "should have some class if you tell it to" do
|
72
|
+
result = link_to_login_with_IP(nil, :class => 'foo bar')
|
73
|
+
result.should have_tag("a.foo")
|
74
|
+
result.should have_tag("a.bar")
|
75
|
+
end
|
76
|
+
it "should have some class if you tell it to" do
|
77
|
+
result = link_to_login_with_IP(nil, :tag => 'abbr')
|
78
|
+
result.should have_tag("abbr[title='0.0.0.0']")
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
describe "link_to_current_<%= file_name %>, When logged in" do
|
83
|
+
before do
|
84
|
+
stub!(:current_<%= file_name %>).and_return(@<%= file_name %>)
|
85
|
+
end
|
86
|
+
it "should link to the given <%= file_name %>" do
|
87
|
+
should_receive(:<%= model_controller_routing_name.singularize %>_path).at_least(:once).and_return('/<%= model_controller_file_path %>/1')
|
88
|
+
link_to_current_<%= file_name %>().should have_tag("a[href='/<%= model_controller_file_path %>/1']")
|
89
|
+
end
|
90
|
+
it "should use given link text if :content_text is specified" do
|
91
|
+
link_to_current_<%= file_name %>(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
|
92
|
+
end
|
93
|
+
it "should use the login as link text with no :content_method specified" do
|
94
|
+
link_to_current_<%= file_name %>().should have_tag("a", @<%= file_name %>.login)
|
95
|
+
end
|
96
|
+
it "should use the name as link text with :content_method => :name" do
|
97
|
+
link_to_current_<%= file_name %>(:content_method => :name).should have_tag("a", @<%= file_name %>.name)
|
98
|
+
end
|
99
|
+
it "should use the login as title with no :title_method specified" do
|
100
|
+
link_to_current_<%= file_name %>().should have_tag("a[title='#{@<%= file_name %>.login}']")
|
101
|
+
end
|
102
|
+
it "should use the name as link title with :content_method => :name" do
|
103
|
+
link_to_current_<%= file_name %>(:title_method => :name).should have_tag("a[title='#{@<%= file_name %>.name}']")
|
104
|
+
end
|
105
|
+
it "should have nickname as a class" do
|
106
|
+
link_to_current_<%= file_name %>().should have_tag("a.nickname")
|
107
|
+
end
|
108
|
+
it "should take other classes and no longer have the nickname class" do
|
109
|
+
result = link_to_current_<%= file_name %>(:class => 'foo bar')
|
110
|
+
result.should have_tag("a.foo")
|
111
|
+
result.should have_tag("a.bar")
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
describe "link_to_current_<%= file_name %>, When logged out" do
|
116
|
+
before do
|
117
|
+
stub!(:current_<%= file_name %>).and_return(nil)
|
118
|
+
end
|
119
|
+
it "should link to the login_path" do
|
120
|
+
link_to_current_<%= file_name %>().should have_tag("a[href='/login']")
|
121
|
+
end
|
122
|
+
it "should use given link text if :content_text is specified" do
|
123
|
+
link_to_current_<%= file_name %>(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
|
124
|
+
end
|
125
|
+
it "should use 'not signed in' as link text with no :content_method specified" do
|
126
|
+
link_to_current_<%= file_name %>().should have_tag("a", 'not signed in')
|
127
|
+
end
|
128
|
+
it "should use the ip address as title" do
|
129
|
+
link_to_current_<%= file_name %>().should have_tag("a[title='0.0.0.0']")
|
130
|
+
end
|
131
|
+
it "should by default be like school in summer and have no class" do
|
132
|
+
link_to_current_<%= file_name %>().should_not have_tag("a.nickname")
|
133
|
+
end
|
134
|
+
it "should have some class if you tell it to" do
|
135
|
+
result = link_to_current_<%= file_name %>(:class => 'foo bar')
|
136
|
+
result.should have_tag("a.foo")
|
137
|
+
result.should have_tag("a.bar")
|
138
|
+
end
|
139
|
+
end
|
140
|
+
|
141
|
+
end
|
@@ -0,0 +1,298 @@
|
|
1
|
+
# -*- coding: utf-8 -*-
|
2
|
+
require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>'
|
3
|
+
|
4
|
+
# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead.
|
5
|
+
# Then, you can remove it from this and the functional test.
|
6
|
+
include AuthenticatedTestHelper
|
7
|
+
|
8
|
+
describe <%= class_name %> do
|
9
|
+
describe 'being created' do
|
10
|
+
before do
|
11
|
+
@<%= file_name %> = nil
|
12
|
+
@creating_<%= file_name %> = lambda do
|
13
|
+
@<%= file_name %> = create_<%= file_name %>
|
14
|
+
violated "#{@<%= file_name %>.errors.full_messages.to_sentence}" if @<%= file_name %>.new_record?
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
it 'increments <%= class_name %>#count' do
|
19
|
+
@creating_<%= file_name %>.should change(<%= class_name %>, :count).by(1)
|
20
|
+
end
|
21
|
+
<% if options[:include_activation] %>
|
22
|
+
it 'initializes #activation_code' do
|
23
|
+
@creating_<%= file_name %>.call
|
24
|
+
@<%= file_name %>.reload
|
25
|
+
@<%= file_name %>.activation_code.should_not be_nil
|
26
|
+
end
|
27
|
+
<% end %><% if options[:stateful] %>
|
28
|
+
it 'starts in pending state' do
|
29
|
+
@creating_<%= file_name %>.call
|
30
|
+
@<%= file_name %>.reload
|
31
|
+
@<%= file_name %>.should be_pending
|
32
|
+
end
|
33
|
+
<% end %> end
|
34
|
+
|
35
|
+
#
|
36
|
+
# Validations
|
37
|
+
#
|
38
|
+
|
39
|
+
it 'requires login' do
|
40
|
+
lambda do
|
41
|
+
u = create_<%= file_name %>(:login => nil)
|
42
|
+
u.errors.on(:login).should_not be_nil
|
43
|
+
end.should_not change(<%= class_name %>, :count)
|
44
|
+
end
|
45
|
+
|
46
|
+
describe 'allows legitimate logins:' do
|
47
|
+
['123', '1234567890_234567890_234567890_234567890',
|
48
|
+
'hello.-_there@funnychar.com'].each do |login_str|
|
49
|
+
it "'#{login_str}'" do
|
50
|
+
lambda do
|
51
|
+
u = create_<%= file_name %>(:login => login_str)
|
52
|
+
u.errors.on(:login).should be_nil
|
53
|
+
end.should change(<%= class_name %>, :count).by(1)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
describe 'disallows illegitimate logins:' do
|
58
|
+
['12', '1234567890_234567890_234567890_234567890_', "tab\t", "newline\n",
|
59
|
+
"Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet",
|
60
|
+
'semicolon;', 'quote"', 'tick\'', 'backtick`', 'percent%', 'plus+', 'space '].each do |login_str|
|
61
|
+
it "'#{login_str}'" do
|
62
|
+
lambda do
|
63
|
+
u = create_<%= file_name %>(:login => login_str)
|
64
|
+
u.errors.on(:login).should_not be_nil
|
65
|
+
end.should_not change(<%= class_name %>, :count)
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'requires password' do
|
71
|
+
lambda do
|
72
|
+
u = create_<%= file_name %>(:password => nil)
|
73
|
+
u.errors.on(:password).should_not be_nil
|
74
|
+
end.should_not change(<%= class_name %>, :count)
|
75
|
+
end
|
76
|
+
|
77
|
+
it 'requires password confirmation' do
|
78
|
+
lambda do
|
79
|
+
u = create_<%= file_name %>(:password_confirmation => nil)
|
80
|
+
u.errors.on(:password_confirmation).should_not be_nil
|
81
|
+
end.should_not change(<%= class_name %>, :count)
|
82
|
+
end
|
83
|
+
|
84
|
+
it 'requires email' do
|
85
|
+
lambda do
|
86
|
+
u = create_<%= file_name %>(:email => nil)
|
87
|
+
u.errors.on(:email).should_not be_nil
|
88
|
+
end.should_not change(<%= class_name %>, :count)
|
89
|
+
end
|
90
|
+
|
91
|
+
describe 'allows legitimate emails:' do
|
92
|
+
['foo@bar.com', 'foo@newskool-tld.museum', 'foo@twoletter-tld.de', 'foo@nonexistant-tld.qq',
|
93
|
+
'r@a.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail.com',
|
94
|
+
'hello.-_there@funnychar.com', 'uucp%addr@gmail.com', 'hello+routing-str@gmail.com',
|
95
|
+
'domain@can.haz.many.sub.doma.in', 'student.name@university.edu'
|
96
|
+
].each do |email_str|
|
97
|
+
it "'#{email_str}'" do
|
98
|
+
lambda do
|
99
|
+
u = create_<%= file_name %>(:email => email_str)
|
100
|
+
u.errors.on(:email).should be_nil
|
101
|
+
end.should change(<%= class_name %>, :count).by(1)
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
describe 'disallows illegitimate emails' do
|
106
|
+
['!!@nobadchars.com', 'foo@no-rep-dots..com', 'foo@badtld.xxx', 'foo@toolongtld.abcdefg',
|
107
|
+
'Iñtërnâtiônàlizætiøn@hasnt.happened.to.email', 'need.domain.and.tld@de', "tab\t", "newline\n",
|
108
|
+
'r@.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail2.com',
|
109
|
+
# these are technically allowed but not seen in practice:
|
110
|
+
'uucp!addr@gmail.com', 'semicolon;@gmail.com', 'quote"@gmail.com', 'tick\'@gmail.com', 'backtick`@gmail.com', 'space @gmail.com', 'bracket<@gmail.com', 'bracket>@gmail.com'
|
111
|
+
].each do |email_str|
|
112
|
+
it "'#{email_str}'" do
|
113
|
+
lambda do
|
114
|
+
u = create_<%= file_name %>(:email => email_str)
|
115
|
+
u.errors.on(:email).should_not be_nil
|
116
|
+
end.should_not change(<%= class_name %>, :count)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
describe 'allows legitimate names:' do
|
122
|
+
['Andre The Giant (7\'4", 520 lb.) -- has a posse',
|
123
|
+
'', '1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890',
|
124
|
+
].each do |name_str|
|
125
|
+
it "'#{name_str}'" do
|
126
|
+
lambda do
|
127
|
+
u = create_<%= file_name %>(:name => name_str)
|
128
|
+
u.errors.on(:name).should be_nil
|
129
|
+
end.should change(<%= class_name %>, :count).by(1)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
end
|
133
|
+
describe "disallows illegitimate names" do
|
134
|
+
["tab\t", "newline\n",
|
135
|
+
'1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_',
|
136
|
+
].each do |name_str|
|
137
|
+
it "'#{name_str}'" do
|
138
|
+
lambda do
|
139
|
+
u = create_<%= file_name %>(:name => name_str)
|
140
|
+
u.errors.on(:name).should_not be_nil
|
141
|
+
end.should_not change(<%= class_name %>, :count)
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
it 'resets password' do
|
147
|
+
<%= file_name %> = <%= class_name %>.make
|
148
|
+
<%= file_name %>.update_attributes(:password => 'new password', :password_confirmation => 'new password')
|
149
|
+
<%= class_name %>.authenticate(<%= file_name %>.login, 'new password').should == <%= file_name %>
|
150
|
+
end
|
151
|
+
|
152
|
+
it 'does not rehash password' do
|
153
|
+
<%= file_name %> = <%= class_name %>.make
|
154
|
+
<%= file_name %>.update_attributes(:login => 'quentin2')
|
155
|
+
<%= class_name %>.authenticate('quentin2', <%= file_name %>.password).should == <%= file_name %>
|
156
|
+
end
|
157
|
+
|
158
|
+
#
|
159
|
+
# Authentication
|
160
|
+
#
|
161
|
+
|
162
|
+
it 'authenticates <%= file_name %>' do
|
163
|
+
<%= file_name %> = <%= class_name %>.make
|
164
|
+
<%= class_name %>.authenticate(<%= file_name %>.login, <%= file_name %>.password).should == <%= file_name %>
|
165
|
+
end
|
166
|
+
|
167
|
+
it "doesn't authenticate <%= file_name %> with bad password" do
|
168
|
+
<%= class_name %>.authenticate('quentin', 'invalid_password').should be_nil
|
169
|
+
end
|
170
|
+
|
171
|
+
if REST_AUTH_SITE_KEY.blank?
|
172
|
+
# old-school passwords
|
173
|
+
it "authenticates a <%= file_name %> against a hard-coded old-style password" do
|
174
|
+
<%= class_name %>.authenticate('old_password_holder', 'test').should == <%= table_name %>(:old_password_holder)
|
175
|
+
end
|
176
|
+
else
|
177
|
+
it "doesn't authenticate a <%= file_name %> against a hard-coded old-style password" do
|
178
|
+
<%= class_name %>.authenticate('old_password_holder', 'test').should be_nil
|
179
|
+
end
|
180
|
+
|
181
|
+
# New installs should bump this up and set REST_AUTH_DIGEST_STRETCHES to give a 10ms encrypt time or so
|
182
|
+
desired_encryption_expensiveness_ms = 0.1
|
183
|
+
it "takes longer than #{desired_encryption_expensiveness_ms}ms to encrypt a password" do
|
184
|
+
test_reps = 100
|
185
|
+
start_time = Time.now; test_reps.times{ <%= class_name %>.authenticate('quentin', 'monkey'+rand.to_s) }; end_time = Time.now
|
186
|
+
auth_time_ms = 1000 * (end_time - start_time)/test_reps
|
187
|
+
auth_time_ms.should > desired_encryption_expensiveness_ms
|
188
|
+
end
|
189
|
+
end
|
190
|
+
|
191
|
+
#
|
192
|
+
# Authentication
|
193
|
+
#
|
194
|
+
|
195
|
+
it 'sets remember token' do
|
196
|
+
<%= file_name %> = <%= class_name %>.make
|
197
|
+
<%= file_name %>.remember_me
|
198
|
+
<%= file_name %>.remember_token.should_not be_nil
|
199
|
+
<%= file_name %>.remember_token_expires_at.should_not be_nil
|
200
|
+
end
|
201
|
+
|
202
|
+
it 'unsets remember token' do
|
203
|
+
<%= file_name %> = <%= class_name %>.make
|
204
|
+
<%= file_name %>.remember_me
|
205
|
+
<%= file_name %>.remember_token.should_not be_nil
|
206
|
+
<%= file_name %>.forget_me
|
207
|
+
<%= file_name %>.remember_token.should be_nil
|
208
|
+
end
|
209
|
+
|
210
|
+
it 'remembers me for one week' do
|
211
|
+
<%= file_name %> = <%= class_name %>.make
|
212
|
+
before = 1.week.from_now.utc
|
213
|
+
<%= file_name %>.remember_me_for 1.week
|
214
|
+
after = 1.week.from_now.utc
|
215
|
+
<%= file_name %>.remember_token.should_not be_nil
|
216
|
+
<%= file_name %>.remember_token_expires_at.should_not be_nil
|
217
|
+
<%= file_name %>.remember_token_expires_at.between?(before, after).should be_true
|
218
|
+
end
|
219
|
+
|
220
|
+
it 'remembers me until one week' do
|
221
|
+
<%= file_name %> = <%= class_name %>.make
|
222
|
+
time = 1.week.from_now.utc
|
223
|
+
<%= file_name %>.remember_me_until time
|
224
|
+
<%= file_name %>.remember_token.should_not be_nil
|
225
|
+
<%= file_name %>.remember_token_expires_at.should_not be_nil
|
226
|
+
<%= file_name %>.remember_token_expires_at.should == time
|
227
|
+
end
|
228
|
+
|
229
|
+
it 'remembers me default two weeks' do
|
230
|
+
<%= file_name %> = <%= class_name %>.make
|
231
|
+
before = 2.weeks.from_now.utc
|
232
|
+
<%= file_name %>.remember_me
|
233
|
+
after = 2.weeks.from_now.utc
|
234
|
+
<%= file_name %>.remember_token.should_not be_nil
|
235
|
+
<%= file_name %>.remember_token_expires_at.should_not be_nil
|
236
|
+
<%= file_name %>.remember_token_expires_at.between?(before, after).should be_true
|
237
|
+
end
|
238
|
+
<% if options[:stateful] %>
|
239
|
+
it 'registers passive <%= file_name %>' do
|
240
|
+
<%= file_name %> = create_<%= file_name %>(:password => nil, :password_confirmation => nil)
|
241
|
+
<%= file_name %>.should be_passive
|
242
|
+
<%= file_name %>.update_attributes(:password => 'new password', :password_confirmation => 'new password')
|
243
|
+
<%= file_name %>.register!
|
244
|
+
<%= file_name %>.should be_pending
|
245
|
+
end
|
246
|
+
|
247
|
+
it 'suspends <%= file_name %>' do
|
248
|
+
<%= file_name %> = <%= class_name %>.make
|
249
|
+
<%= file_name %>.suspend!
|
250
|
+
<%= file_name %>.should be_suspended
|
251
|
+
end
|
252
|
+
|
253
|
+
it 'does not authenticate suspended <%= file_name %>' do
|
254
|
+
<%= file_name %> = <%= class_name %>.make
|
255
|
+
<%= file_name %>.suspend!
|
256
|
+
<%= class_name %>.authenticate('quentin', 'monkey').should_not == <%= file_name %>
|
257
|
+
end
|
258
|
+
|
259
|
+
it 'deletes <%= file_name %>' do
|
260
|
+
<%= file_name %> = <%= class_name %>.make
|
261
|
+
<%= file_name %>.deleted_at.should be_nil
|
262
|
+
<%= file_name %>.delete!
|
263
|
+
<%= file_name %>.deleted_at.should_not be_nil
|
264
|
+
<%= file_name %>.should be_deleted
|
265
|
+
end
|
266
|
+
|
267
|
+
describe "being unsuspended" do
|
268
|
+
|
269
|
+
before do
|
270
|
+
@<%= file_name %> = <%= class_name %>.make
|
271
|
+
@<%= file_name %>.suspend!
|
272
|
+
end
|
273
|
+
|
274
|
+
it 'reverts to active state' do
|
275
|
+
@<%= file_name %>.unsuspend!
|
276
|
+
@<%= file_name %>.should be_active
|
277
|
+
end
|
278
|
+
|
279
|
+
it 'reverts to passive state if activation_code and activated_at are nil' do
|
280
|
+
<%= class_name %>.update_all :activation_code => nil, :activated_at => nil
|
281
|
+
@<%= file_name %>.reload.unsuspend!
|
282
|
+
@<%= file_name %>.should be_passive
|
283
|
+
end
|
284
|
+
|
285
|
+
it 'reverts to pending state if activation_code is set and activated_at is nil' do
|
286
|
+
<%= class_name %>.update_all :activation_code => 'foo-bar', :activated_at => nil
|
287
|
+
@<%= file_name %>.reload.unsuspend!
|
288
|
+
@<%= file_name %>.should be_pending
|
289
|
+
end
|
290
|
+
end
|
291
|
+
<% end %>
|
292
|
+
protected
|
293
|
+
def create_<%= file_name %>(options = {})
|
294
|
+
record = <%= class_name %>.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options))
|
295
|
+
record.<% if options[:stateful] %>register! if record.valid?<% else %>save<% end %>
|
296
|
+
record
|
297
|
+
end
|
298
|
+
end
|