mini_auth 0.1.0.pre → 0.1.0.pre2

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG.md ADDED
@@ -0,0 +1,9 @@
1
+ ## 0.1.0.pre2 (2011-12-13)
2
+
3
+ * The `password_digest` field is protected against mass-assignment
4
+
5
+ ## 0.1.0.pre (2011-12-13)
6
+
7
+ * MiniAuth#authenticate is implemented using BCrypt::Password
8
+ * Password should not be blank string but can be nil
9
+ * First public release as a gem
data/Gemfile CHANGED
@@ -1,5 +1,3 @@
1
1
  source "http://rubygems.org"
2
2
 
3
3
  gemspec
4
-
5
- gem "rails", "~> 3.1.0"
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2011 Tsutomu Kuroda
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md CHANGED
@@ -38,21 +38,53 @@ Usage
38
38
  a.save # => true
39
39
  a.password_digest # => "$2a$10$F5YbEd..."
40
40
  a.authenticate("hotyoga) # => true
41
-
42
- a.update_attributes :name => "Alice"
43
- a.authenticate("hotyoga") # => true
44
-
41
+ a.authenticate("wrong") # => false
42
+
43
+ Remarks
44
+ -------
45
+
46
+ Password can't be blank.
47
+
45
48
  b = User.new(:name => "bob")
46
49
 
47
50
  b.password = ""
48
51
  b.valid? # => false
49
52
  b.errors[:password] # => "can't be blank"
50
53
 
54
+ But, password can be nil.
55
+
51
56
  b.password = nil
52
57
  b.valid? # => true
58
+
59
+ You can save a user whose `password_digest` is nil.
60
+
53
61
  b.save!
54
62
  b.password_digest # => nil
63
+
64
+ Such a user can't get authenticated.
65
+
55
66
  b.authenticate(nil) # => false
56
67
 
68
+ The `password_digest` field is protected against mass assignment.
69
+
57
70
  b.update_attributes :password_digest => 'dummy'
58
71
  b.password_digest # => nil (unchanged)
72
+
73
+ The `password_confirmation` field is not created automatically. If you need it, add it for yourself.
74
+
75
+ class User < ActiveRecord::Base
76
+ include MiniAuth
77
+
78
+ attr_accessor :password_confirmation
79
+ validates :password, :confirmation => true
80
+ end
81
+
82
+ License
83
+ -------
84
+
85
+ `mini_auth` is distributed under the MIT license. ([MIT-LICENSE](https://github.com/kuroda/mini_auth/blob/master/MIT-LICENSE))
86
+
87
+ Copyright
88
+ ---------
89
+
90
+ Copyright (c) 2011 Tsutomu Kuroda.
@@ -1,3 +1,3 @@
1
1
  module MiniAuth
2
- VERSION = "0.1.0.pre"
2
+ VERSION = "0.1.0.pre2"
3
3
  end
data/lib/mini_auth.rb CHANGED
@@ -6,6 +6,12 @@ module MiniAuth
6
6
 
7
7
  included do
8
8
  attr_accessor :password
9
+
10
+ if respond_to?(:attributes_protected_by_default)
11
+ def self.attributes_protected_by_default
12
+ super + [ 'password_digest' ]
13
+ end
14
+ end
9
15
 
10
16
  validate do
11
17
  if password && password.blank?
@@ -16,6 +22,7 @@ module MiniAuth
16
22
  before_save do
17
23
  if password
18
24
  self.password_digest = BCrypt::Password.create(password)
25
+ self.password = nil
19
26
  end
20
27
  end
21
28
  end
data/mini_auth.gemspec CHANGED
@@ -17,8 +17,8 @@ Gem::Specification.new do |s|
17
17
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
18
18
  s.require_paths = ["lib"]
19
19
 
20
- s.add_development_dependency "sqlite3"
21
- s.add_development_dependency "rspec"
22
- s.add_development_dependency "rspec-rails"
20
+ s.add_runtime_dependency "rails", "~> 3.1.0"
23
21
  s.add_runtime_dependency "bcrypt-ruby"
22
+ s.add_development_dependency "rspec-rails", "~> 2.7.0"
23
+ s.add_development_dependency "sqlite3"
24
24
  end
data/spec/fake_app.rb CHANGED
@@ -11,6 +11,7 @@ ActiveRecord::Base.logger = Logger.new('/dev/null')
11
11
  class CreateAllTables < ActiveRecord::Migration
12
12
  def change
13
13
  create_table(:users) { |t| t.string :name; t.string :password_digest }
14
+ create_table(:administrators) { |t| t.string :name; t.string :password_digest, :null => false }
14
15
  end
15
16
  end
16
17
 
@@ -23,3 +24,11 @@ migration.change
23
24
  class User < ActiveRecord::Base
24
25
  include MiniAuth
25
26
  end
27
+
28
+ class Administrator < ActiveRecord::Base
29
+ attr_accessible :name, :password, :password_confirmation
30
+
31
+ include MiniAuth
32
+
33
+ validates :password, :presence => { :on => :create }, :confirmation => true
34
+ end
@@ -0,0 +1,17 @@
1
+ require 'spec_helper'
2
+
3
+ describe "password_digest" do
4
+ it "should be protected against mass assignment" do
5
+ u = User.create!(:name => 'alice', :password => 'hotyoga')
6
+ d = u.password_digest.to_s
7
+ u.update_attributes :password_digest => 'dummy'
8
+ u.password_digest.to_s.should == d
9
+ end
10
+
11
+ it "should be protected against mass assignment also for Administrator" do
12
+ a = Administrator.create!(:name => 'alice', :password => 'hotyoga', :password_confirmation => 'hotyoga')
13
+ d = a.password_digest.to_s
14
+ a.update_attributes :password_digest => 'dummy'
15
+ a.password_digest.to_s.should == d
16
+ end
17
+ end
@@ -12,4 +12,18 @@ describe "password" do
12
12
  u.should have(1).error_on(:password)
13
13
  u.errors[:password].first.should == "can't be blank"
14
14
  end
15
+
16
+ it "should reject nil password for Administrator" do
17
+ a = Administrator.new(:name => 'alice', :password => nil)
18
+ a.should_not be_valid
19
+ a.should have(1).error_on(:password)
20
+ a.errors[:password].first.should == "can't be blank"
21
+ end
22
+
23
+ it "should validate password_confirmation for Administrator" do
24
+ a = Administrator.new(:name => 'alice', :password => 'apple', :password_confirmation => 'almond')
25
+ a.should_not be_valid
26
+ a.should have(1).error_on(:password)
27
+ a.errors[:password].first.should == "doesn't match confirmation"
28
+ end
15
29
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mini_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0.pre
4
+ version: 0.1.0.pre2
5
5
  prerelease: 6
6
6
  platform: ruby
7
7
  authors:
@@ -12,49 +12,49 @@ cert_chain: []
12
12
  date: 2011-12-13 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
- name: sqlite3
16
- requirement: &11513420 !ruby/object:Gem::Requirement
15
+ name: rails
16
+ requirement: &20055060 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
- - - ! '>='
19
+ - - ~>
20
20
  - !ruby/object:Gem::Version
21
- version: '0'
22
- type: :development
21
+ version: 3.1.0
22
+ type: :runtime
23
23
  prerelease: false
24
- version_requirements: *11513420
24
+ version_requirements: *20055060
25
25
  - !ruby/object:Gem::Dependency
26
- name: rspec
27
- requirement: &11512560 !ruby/object:Gem::Requirement
26
+ name: bcrypt-ruby
27
+ requirement: &20054420 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
31
31
  - !ruby/object:Gem::Version
32
32
  version: '0'
33
- type: :development
33
+ type: :runtime
34
34
  prerelease: false
35
- version_requirements: *11512560
35
+ version_requirements: *20054420
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: rspec-rails
38
- requirement: &11510640 !ruby/object:Gem::Requirement
38
+ requirement: &20053460 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
- - - ! '>='
41
+ - - ~>
42
42
  - !ruby/object:Gem::Version
43
- version: '0'
43
+ version: 2.7.0
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *11510640
46
+ version_requirements: *20053460
47
47
  - !ruby/object:Gem::Dependency
48
- name: bcrypt-ruby
49
- requirement: &11509260 !ruby/object:Gem::Requirement
48
+ name: sqlite3
49
+ requirement: &20052960 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ! '>='
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
- type: :runtime
55
+ type: :development
56
56
  prerelease: false
57
- version_requirements: *11509260
57
+ version_requirements: *20052960
58
58
  description: A minimal authentication module for Rails
59
59
  email:
60
60
  - t-kuroda@oiax.jp
@@ -63,7 +63,9 @@ extensions: []
63
63
  extra_rdoc_files: []
64
64
  files:
65
65
  - .gitignore
66
+ - CHANGELOG.md
66
67
  - Gemfile
68
+ - MIT-LICENSE
67
69
  - README.md
68
70
  - Rakefile
69
71
  - lib/mini_auth.rb
@@ -71,6 +73,7 @@ files:
71
73
  - mini_auth.gemspec
72
74
  - spec/fake_app.rb
73
75
  - spec/mini_auth/authenticate_spec.rb
76
+ - spec/mini_auth/password_digest_spec.rb
74
77
  - spec/mini_auth/password_spec.rb
75
78
  - spec/spec_helper.rb
76
79
  homepage: ''