RubyGems - mini_auth - Versions diffs - 0.1.0.pre → 0.1.0.pre2 - Mend

mini_auth 0.1.0.pre → 0.1.0.pre2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

data/CHANGELOG.md +9 -0
data/Gemfile +0 -2
data/MIT-LICENSE +20 -0
data/README.md +36 -4
data/lib/mini_auth/version.rb +1 -1
data/lib/mini_auth.rb +7 -0
data/mini_auth.gemspec +3 -3
data/spec/fake_app.rb +9 -0
data/spec/mini_auth/password_digest_spec.rb +17 -0
data/spec/mini_auth/password_spec.rb +14 -0
metadata +22 -19

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,9 @@
+## 0.1.0.pre2 (2011-12-13)
+* The `password_digest` field is protected against mass-assignment
+## 0.1.0.pre (2011-12-13)
+* MiniAuth#authenticate is implemented using BCrypt::Password
+* Password should not be blank string but can be nil
+* First public release as a gem

data/Gemfile CHANGED Viewed

@@ -1,5 +1,3 @@
 source "http://rubygems.org"
 gemspec
-gem "rails", "~> 3.1.0"

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Tsutomu Kuroda
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md CHANGED Viewed

@@ -38,21 +38,53 @@ Usage
     a.save                              # => true
     a.password_digest                   # => "$2a$10$F5YbEd..."
     a.authenticate("hotyoga)            # => true
-    a.update_attributes :name => "Alice"
-    a.authenticate("hotyoga")           # => true
+    a.authenticate("wrong")             # => false
+Remarks
+-------
+Password can't be blank.
     b = User.new(:name => "bob")
     b.password = ""
     b.valid?                            # => false
     b.errors[:password]                 # => "can't be blank"
+But, password can be nil.
     b.password = nil
     b.valid?                            # => true
+You can save a user whose `password_digest` is nil.
     b.save!
     b.password_digest                   # => nil
+Such a user can't get authenticated.
     b.authenticate(nil)                 # => false
+The `password_digest` field is protected against mass assignment.
     b.update_attributes :password_digest => 'dummy'
     b.password_digest                   # => nil (unchanged)
+The `password_confirmation` field is not created automatically. If you need it, add it for yourself.
+    class User < ActiveRecord::Base
+      include MiniAuth
+      attr_accessor :password_confirmation
+      validates :password, :confirmation => true
+    end
+License
+-------
+`mini_auth` is distributed under the MIT license. ([MIT-LICENSE](https://github.com/kuroda/mini_auth/blob/master/MIT-LICENSE))
+Copyright
+---------
+Copyright (c) 2011 Tsutomu Kuroda.

data/lib/mini_auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module MiniAuth
-  VERSION = "0.1.0.pre"
+  VERSION = "0.1.0.pre2"
 end

data/lib/mini_auth.rb CHANGED Viewed

@@ -6,6 +6,12 @@ module MiniAuth
   included do
     attr_accessor :password
+    if respond_to?(:attributes_protected_by_default)
+      def self.attributes_protected_by_default
+        super + [ 'password_digest' ]
+      end
+    end
     validate do
       if password && password.blank?
@@ -16,6 +22,7 @@ module MiniAuth
     before_save do
       if password
         self.password_digest = BCrypt::Password.create(password)
+        self.password = nil
       end
     end
   end

data/mini_auth.gemspec CHANGED Viewed

@@ -17,8 +17,8 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_development_dependency "sqlite3"
-  s.add_development_dependency "rspec"
-  s.add_development_dependency "rspec-rails"
+  s.add_runtime_dependency "rails", "~> 3.1.0"
   s.add_runtime_dependency "bcrypt-ruby"
+  s.add_development_dependency "rspec-rails", "~> 2.7.0"
+  s.add_development_dependency "sqlite3"
 end

data/spec/fake_app.rb CHANGED Viewed

@@ -11,6 +11,7 @@ ActiveRecord::Base.logger = Logger.new('/dev/null')
 class CreateAllTables < ActiveRecord::Migration
   def change
     create_table(:users) { |t| t.string :name; t.string :password_digest }
+    create_table(:administrators) { |t| t.string :name; t.string :password_digest, :null => false }
   end
 end
@@ -23,3 +24,11 @@ migration.change
 class User < ActiveRecord::Base
   include MiniAuth
 end
+class Administrator < ActiveRecord::Base
+  attr_accessible :name, :password, :password_confirmation
+  include MiniAuth
+  validates :password, :presence => { :on => :create }, :confirmation => true
+end

data/spec/mini_auth/password_digest_spec.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'spec_helper'
+describe "password_digest" do
+  it "should be protected against mass assignment" do
+    u = User.create!(:name => 'alice', :password => 'hotyoga')
+    d = u.password_digest.to_s
+    u.update_attributes :password_digest => 'dummy'
+    u.password_digest.to_s.should == d
+  end
+  it "should be protected against mass assignment also for Administrator" do
+    a = Administrator.create!(:name => 'alice', :password => 'hotyoga', :password_confirmation => 'hotyoga')
+    d = a.password_digest.to_s
+    a.update_attributes :password_digest => 'dummy'
+    a.password_digest.to_s.should == d
+  end
+end

data/spec/mini_auth/password_spec.rb CHANGED Viewed

@@ -12,4 +12,18 @@ describe "password" do
     u.should have(1).error_on(:password)
     u.errors[:password].first.should == "can't be blank"
   end
+  it "should reject nil password for Administrator" do
+    a = Administrator.new(:name => 'alice', :password => nil)
+    a.should_not be_valid
+    a.should have(1).error_on(:password)
+    a.errors[:password].first.should == "can't be blank"
+  end
+  it "should validate password_confirmation for Administrator" do
+    a = Administrator.new(:name => 'alice', :password => 'apple', :password_confirmation => 'almond')
+    a.should_not be_valid
+    a.should have(1).error_on(:password)
+    a.errors[:password].first.should == "doesn't match confirmation"
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mini_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.0.pre
+  version: 0.1.0.pre2
   prerelease: 6
 platform: ruby
 authors:
@@ -12,49 +12,49 @@ cert_chain: []
 date: 2011-12-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: &11513420 !ruby/object:Gem::Requirement
+  name: rails
+  requirement: &20055060 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: 3.1.0
+  type: :runtime
   prerelease: false
-  version_requirements: *11513420
+  version_requirements: *20055060
 - !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: &11512560 !ruby/object:Gem::Requirement
+  name: bcrypt-ruby
+  requirement: &20054420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
-  version_requirements: *11512560
+  version_requirements: *20054420
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &11510640 !ruby/object:Gem::Requirement
+  requirement: &20053460 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.7.0
   type: :development
   prerelease: false
-  version_requirements: *11510640
+  version_requirements: *20053460
 - !ruby/object:Gem::Dependency
-  name: bcrypt-ruby
-  requirement: &11509260 !ruby/object:Gem::Requirement
+  name: sqlite3
+  requirement: &20052960 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
-  version_requirements: *11509260
+  version_requirements: *20052960
 description: A minimal authentication module for Rails
 email:
 - t-kuroda@oiax.jp
@@ -63,7 +63,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- CHANGELOG.md
 - Gemfile
+- MIT-LICENSE
 - README.md
 - Rakefile
 - lib/mini_auth.rb
@@ -71,6 +73,7 @@ files:
 - mini_auth.gemspec
 - spec/fake_app.rb
 - spec/mini_auth/authenticate_spec.rb
+- spec/mini_auth/password_digest_spec.rb
 - spec/mini_auth/password_spec.rb
 - spec/spec_helper.rb
 homepage: ''