kschrader-authlogic 2.1.2

data/test/session_test/params_test.rb

@@ -0,0 +1,53 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module ParamsTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_params_key
+        UserSession.params_key = "my_params_key"
+        assert_equal "my_params_key", UserSession.params_key
+    
+        UserSession.params_key "user_credentials"
+        assert_equal "user_credentials", UserSession.params_key
+      end
+    
+      def test_single_access_allowed_request_types
+        UserSession.single_access_allowed_request_types = ["my request type"]
+        assert_equal ["my request type"], UserSession.single_access_allowed_request_types
+    
+        UserSession.single_access_allowed_request_types ["application/rss+xml", "application/atom+xml"]
+        assert_equal ["application/rss+xml", "application/atom+xml"], UserSession.single_access_allowed_request_types
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_persist_persist_by_params
+        ben = users(:ben)
+        session = UserSession.new
+    
+        assert !session.persisting?
+        set_params_for(ben)
+      
+        assert !session.persisting?
+        assert !session.unauthorized_record
+        assert !session.record
+        assert_nil controller.session["user_credentials"]
+      
+        set_request_content_type("text/plain")
+        assert !session.persisting?
+        assert !session.unauthorized_record
+        assert_nil controller.session["user_credentials"]
+      
+        set_request_content_type("application/atom+xml")
+        assert session.persisting?
+        assert_equal ben, session.record
+        assert_nil controller.session["user_credentials"] # should not persist since this is single access
+      
+        set_request_content_type("application/rss+xml")
+        assert session.persisting?
+        assert_equal ben, session.unauthorized_record
+        assert_nil controller.session["user_credentials"]
+      end
+    end
+  end
+end

data/test/session_test/password_test.rb

@@ -0,0 +1,106 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module PasswordTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_find_by_login_method
+        UserSession.find_by_login_method = "my_login_method"
+        assert_equal "my_login_method", UserSession.find_by_login_method
+    
+        UserSession.find_by_login_method "find_by_login"
+        assert_equal "find_by_login", UserSession.find_by_login_method
+      end
+    
+      def test_verify_password_method
+        UserSession.verify_password_method = "my_login_method"
+        assert_equal "my_login_method", UserSession.verify_password_method
+    
+        UserSession.verify_password_method "valid_password?"
+        assert_equal "valid_password?", UserSession.verify_password_method
+      end
+    
+      def test_generalize_credentials_error_mesages_set_to_false
+        UserSession.generalize_credentials_error_messages false
+        assert !UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Password is not valid"], session.errors.full_messages
+      end
+      
+      def test_generalize_credentials_error_messages_set_to_true
+        UserSession.generalize_credentials_error_messages true
+        assert UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
+      end
+
+      def test_generalize_credentials_error_messages_set_to_string
+        UserSession.generalize_credentials_error_messages= "Custom Error Message"
+        assert UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Custom Error Message"], session.errors.full_messages
+      end
+
+      
+      def test_login_field
+        UserSession.configured_password_methods = false
+        UserSession.login_field = :saweet
+        assert_equal :saweet, UserSession.login_field
+        session = UserSession.new
+        assert session.respond_to?(:saweet)
+    
+        UserSession.login_field :login
+        assert_equal :login, UserSession.login_field
+        session = UserSession.new
+        assert session.respond_to?(:login)
+      end
+    
+      def test_password_field
+        UserSession.configured_password_methods = false
+        UserSession.password_field = :saweet
+        assert_equal :saweet, UserSession.password_field
+        session = UserSession.new
+        assert session.respond_to?(:saweet)
+    
+        UserSession.password_field :password
+        assert_equal :password, UserSession.password_field
+        session = UserSession.new
+        assert session.respond_to?(:password)
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_init
+        session = UserSession.new
+        assert session.respond_to?(:login)
+        assert session.respond_to?(:login=)
+        assert session.respond_to?(:password)
+        assert session.respond_to?(:password=)
+        assert session.respond_to?(:protected_password, true)
+      end
+    
+      def test_credentials
+        session = UserSession.new
+        session.credentials = {:login => "login", :password => "pass"}
+        assert_equal "login", session.login
+        assert_nil session.password
+        assert_equal "pass", session.send(:protected_password)
+        assert_equal({:password => "<protected>", :login => "login"}, session.credentials)
+      end
+    
+      def test_credentials_are_params_safe
+        session = UserSession.new
+        assert_nothing_raised { session.credentials = {:hacker_method => "error!"} }
+      end
+    
+      def test_save_with_credentials
+        ben = users(:ben)
+        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        assert session.save
+        assert !session.new_session?
+        assert_equal 1, session.record.login_count
+        assert Time.zone.now >= session.record.current_login_at
+        assert_equal "1.1.1.1", session.record.current_login_ip
+      end
+    end
+  end
+end

data/test/session_test/perishability_test.rb

@@ -0,0 +1,15 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class PerishabilityTest < ActiveSupport::TestCase
+    def test_after_save
+      ben = users(:ben)
+      old_perishable_token = ben.perishable_token
+      session = UserSession.create(ben)
+      assert_not_equal old_perishable_token, ben.perishable_token
+      
+      drew = employees(:drew)
+      assert UserSession.create(drew)
+    end
+  end
+end

data/test/session_test/persistence_test.rb

@@ -0,0 +1,21 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class PersistenceTest < ActiveSupport::TestCase
+    def test_find
+      ben = users(:ben)
+      assert !UserSession.find
+      http_basic_auth_for(ben) { assert UserSession.find }
+      set_cookie_for(ben)
+      assert UserSession.find
+      unset_cookie
+      set_session_for(ben)
+      session = UserSession.find
+      assert session
+    end
+    
+    def test_persisting
+      # tested thoroughly in test_find
+    end
+  end
+end

data/test/session_test/scopes_test.rb

@@ -0,0 +1,60 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class ScopesTest < ActiveSupport::TestCase
+    def test_scope_method
+      assert_nil Authlogic::Session::Base.scope
+      
+      thread1 = Thread.new do
+        scope = {:id => :scope1}
+        Authlogic::Session::Base.send(:scope=, scope)
+        assert_equal scope, Authlogic::Session::Base.scope
+      end
+      thread1.join
+      
+      assert_nil Authlogic::Session::Base.scope
+      
+      thread2 = Thread.new do
+        scope = {:id => :scope2}
+        Authlogic::Session::Base.send(:scope=, scope)
+        assert_equal scope, Authlogic::Session::Base.scope
+      end
+      thread2.join
+
+      assert_nil Authlogic::Session::Base.scope
+    end
+  
+    def test_with_scope_method
+      assert_raise(ArgumentError) { UserSession.with_scope }
+      
+      UserSession.with_scope(:find_options => {:conditions => "awesome = 1"}, :id => "some_id") do
+        assert_equal({:find_options => {:conditions => "awesome = 1"}, :id => "some_id"}, UserSession.scope)
+      end
+      
+      assert_nil UserSession.scope
+    end
+  
+    def test_initialize
+      UserSession.with_scope(:find_options => {:conditions => "awesome = 1"}, :id => "some_id") do
+        session = UserSession.new
+        assert_equal({:find_options => {:conditions => "awesome = 1"}, :id => "some_id"}, session.scope)
+        session.id = :another_id
+        assert_equal "another_id_some_id_test", session.send(:build_key, "test")
+      end
+    end
+    
+    def test_search_for_record_with_scopes
+      binary_logic = companies(:binary_logic)
+      ben = users(:ben)
+      zack = users(:zack)
+      
+      session = UserSession.new
+      assert_equal zack, session.send(:search_for_record, "find_by_login", zack.login)
+      
+      session.scope = {:find_options => {:conditions => ["company_id = ?", binary_logic.id]}}
+      assert_nil session.send(:search_for_record, "find_by_login", zack.login)
+      
+      assert_equal ben, session.send(:search_for_record, "find_by_login", ben.login)
+    end
+  end
+end

data/test/session_test/session_test.rb

@@ -0,0 +1,59 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module SessionTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_session_key
+        UserSession.session_key = "my_session_key"
+        assert_equal "my_session_key", UserSession.session_key
+    
+        UserSession.session_key "user_credentials"
+        assert_equal "user_credentials", UserSession.session_key
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_persist_persist_by_session
+        ben = users(:ben)
+        set_session_for(ben)
+        assert session = UserSession.find
+        assert_equal ben, session.record
+        assert_equal ben.persistence_token, controller.session["user_credentials"]
+      end
+      
+      def test_persist_persist_by_session_with_token_only
+        ben = users(:ben)
+        set_session_for(ben)
+        controller.session["user_credentials_id"] = nil
+        assert session = UserSession.find
+        assert_equal ben, session.record
+        assert_equal ben.persistence_token, controller.session["user_credentials"]
+      end
+    
+      def test_after_save_update_session
+        ben = users(:ben)
+        session = UserSession.new(ben)
+        assert controller.session["user_credentials"].blank?
+        assert session.save
+        assert_equal ben.persistence_token, controller.session["user_credentials"]
+      end
+    
+      def test_after_destroy_update_session
+        ben = users(:ben)
+        set_session_for(ben)
+        assert_equal ben.persistence_token, controller.session["user_credentials"]
+        assert session = UserSession.find
+        assert session.destroy
+        assert controller.session["user_credentials"].blank?
+      end
+    
+      def test_after_persisting_update_session
+        ben = users(:ben)
+        set_cookie_for(ben)
+        assert controller.session["user_credentials"].blank?
+        assert UserSession.find
+        assert_equal ben.persistence_token, controller.session["user_credentials"]
+      end
+    end
+  end
+end

data/test/session_test/timeout_test.rb

@@ -0,0 +1,52 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  module TimeoutTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_logout_on_timeout
+        UserSession.logout_on_timeout = true
+        assert UserSession.logout_on_timeout
+    
+        UserSession.logout_on_timeout false
+        assert !UserSession.logout_on_timeout
+      end
+    end
+    
+    class InstanceMethods < ActiveSupport::TestCase
+      def test_stale_state
+        UserSession.logout_on_timeout = true
+        ben = users(:ben)
+        ben.last_request_at = 3.years.ago
+        ben.save
+        set_session_for(ben)
+      
+        session = UserSession.new
+        assert session.persisting?
+        assert session.stale?
+        assert_equal ben, session.stale_record
+        assert_nil session.record
+        assert_nil controller.session["user_credentials_id"]
+      
+        set_session_for(ben)
+      
+        ben.last_request_at = Time.zone.now
+        ben.save
+      
+        assert session.persisting?
+        assert !session.stale?
+        assert_nil session.stale_record
+      
+        UserSession.logout_on_timeout = false
+      end
+      
+      def test_successful_login
+        UserSession.logout_on_timeout = true
+        ben = users(:ben)
+        assert UserSession.create(:login => ben.login, :password => "benrocks")
+        assert session = UserSession.find
+        assert_equal ben, session.record
+        UserSession.logout_on_timeout = false
+      end
+    end
+  end
+end

data/test/session_test/unauthorized_record_test.rb

@@ -0,0 +1,13 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class UnauthorizedRecordTest < ActiveSupport::TestCase
+    def test_credentials
+      ben = users(:ben)
+      session = UserSession.new
+      session.credentials = [ben]
+      assert_equal ben, session.unauthorized_record
+      assert_equal({:unauthorized_record => "<protected>"}, session.credentials)
+    end
+  end
+end

data/test/session_test/validation_test.rb

@@ -0,0 +1,23 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module SessionTest
+  class ValidationTest < ActiveSupport::TestCase
+    def test_errors
+      session = UserSession.new
+      assert session.errors.is_a?(Authlogic::Session::Validation::Errors)
+    end
+    
+    def test_valid
+      session = UserSession.new
+      assert !session.valid?
+      assert_nil session.record
+      assert session.errors.count > 0
+      
+      ben = users(:ben)
+      session.unauthorized_record = ben
+      assert session.valid?
+      assert_equal ben, session.attempted_record
+      assert session.errors.empty?
+    end
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,174 @@
+require "test/unit"
+require "rubygems"
+require "ruby-debug"
+require "active_record"
+require "active_record/fixtures"
+
+# A temporary fix to bring active record errors up to speed with rails edge.
+# I need to remove this once the new gem is released. This is only here so my tests pass.
+class ActiveRecord::Errors
+  def [](key)
+    value = on(key)
+    value.is_a?(Array) ? value : [value].compact
+  end
+end
+
+
+ActiveRecord::Schema.verbose = false
+ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
+ActiveRecord::Base.configurations = true
+ActiveRecord::Schema.define(:version => 1) do
+  create_table :companies do |t|
+    t.datetime  :created_at    
+    t.datetime  :updated_at
+    t.string    :name
+    t.boolean   :active
+  end
+
+  create_table :projects do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.string    :name
+  end
+  
+  create_table :projects_users, :id => false do |t|
+    t.integer :project_id
+    t.integer :user_id
+  end
+  
+  create_table :users do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.integer   :lock_version, :default => 0
+    t.integer   :company_id
+    t.string    :login
+    t.string    :crypted_password
+    t.string    :password_salt
+    t.string    :persistence_token
+    t.string    :single_access_token
+    t.string    :perishable_token
+    t.string    :email
+    t.string    :first_name
+    t.string    :last_name
+    t.integer   :login_count, :default => 0, :null => false
+    t.integer   :failed_login_count, :default => 0, :null => false
+    t.datetime  :last_request_at
+    t.datetime  :current_login_at
+    t.datetime  :last_login_at
+    t.string    :current_login_ip
+    t.string    :last_login_ip
+    t.boolean   :active, :default => true
+    t.boolean   :approved, :default => true
+    t.boolean   :confirmed, :default => true
+  end
+  
+  create_table :employees do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.integer   :company_id
+    t.string    :email
+    t.string    :crypted_password
+    t.string    :password_salt
+    t.string    :persistence_token
+    t.string    :first_name
+    t.string    :last_name
+    t.integer   :login_count, :default => 0, :null => false
+    t.datetime  :last_request_at
+    t.datetime  :current_login_at
+    t.datetime  :last_login_at
+    t.string    :current_login_ip
+    t.string    :last_login_ip
+  end
+  
+  create_table :affiliates do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.integer   :company_id
+    t.string    :username
+    t.string    :pw_hash
+    t.string    :pw_salt
+    t.string    :persistence_token
+  end
+  
+  create_table :ldapers do |t|
+    t.datetime  :created_at      
+    t.datetime  :updated_at
+    t.string    :ldap_login
+    t.string    :persistence_token
+  end
+end
+
+require File.dirname(__FILE__) + '/../lib/authlogic' unless defined?(Authlogic)
+require File.dirname(__FILE__) + '/../lib/authlogic/test_case'
+require File.dirname(__FILE__) + '/libs/project'
+require File.dirname(__FILE__) + '/libs/affiliate'
+require File.dirname(__FILE__) + '/libs/employee'
+require File.dirname(__FILE__) + '/libs/employee_session'
+require File.dirname(__FILE__) + '/libs/ldaper'
+require File.dirname(__FILE__) + '/libs/user'
+require File.dirname(__FILE__) + '/libs/user_session'
+require File.dirname(__FILE__) + '/libs/company'
+
+Authlogic::CryptoProviders::AES256.key = "myafdsfddddddddddddddddddddddddddddddddddddddddddddddd"
+
+class ActiveSupport::TestCase
+  include ActiveRecord::TestFixtures
+  self.fixture_path = File.dirname(__FILE__) + "/fixtures"
+  self.use_transactional_fixtures = false
+  self.use_instantiated_fixtures  = false
+  self.pre_loaded_fixtures = false
+  fixtures :all
+  setup :activate_authlogic
+  
+  private
+    def password_for(user)
+      case user
+      when users(:ben)
+        "benrocks"
+      when users(:zack)
+        "zackrocks"
+      end
+    end
+    
+    def http_basic_auth_for(user = nil, &block)
+      unless user.blank?
+        controller.http_user = user.login
+        controller.http_password = password_for(user)
+      end
+      yield
+      controller.http_user = controller.http_password = nil
+    end
+    
+    def set_cookie_for(user, id = nil)
+      controller.cookies["user_credentials"] = {:value => user.persistence_token, :expires => nil}
+    end
+    
+    def unset_cookie
+      controller.cookies["user_credentials"] = nil
+    end
+    
+    def set_params_for(user, id = nil)
+      controller.params["user_credentials"] = user.single_access_token
+    end
+    
+    def unset_params
+      controller.params["user_credentials"] = nil
+    end
+    
+    def set_request_content_type(type)
+      controller.request_content_type = type
+    end
+    
+    def unset_request_content_type
+      controller.request_content_type = nil
+    end
+    
+    def set_session_for(user, id = nil)
+      controller.session["user_credentials"] = user.persistence_token
+      controller.session["user_credentials_id"] = user.id
+    end
+    
+    def unset_session
+      controller.session["user_credentials"] = controller.session["user_credentials_id"] = nil
+    end
+end