mini_auth 0.2.0 → 0.3.0.beta
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +5 -0
- data/README.md +27 -0
- data/lib/mini_auth.rb +30 -10
- data/lib/mini_auth/version.rb +1 -1
- data/mini_auth.gemspec +1 -0
- data/spec/fake_app.rb +7 -2
- data/spec/mini_auth/change_password_spec.rb +3 -1
- data/spec/mini_auth/token_spec.rb +35 -0
- data/spec/spec_helper.rb +14 -0
- metadata +25 -13
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -233,6 +233,33 @@ If your class has a _role_ such as :admin, you should enumerate the accessible a
|
|
|
233
233
|
For more information about mass assignment security, please refer to the
|
|
234
234
|
[Mass Assignment](http://guides.rubyonrails.org/security.html#mass-assignment) section of Rails Guides.
|
|
235
235
|
|
|
236
|
+
|
|
237
|
+
### Random token
|
|
238
|
+
|
|
239
|
+
`MiniAuth` module provides an easy way to generate a random token and verify it.
|
|
240
|
+
|
|
241
|
+
The class method `token` takes a list of names and defines "generate\_#{name}\_token" and "verify\_#{name}\_token" methods dynamically.
|
|
242
|
+
|
|
243
|
+
class User < ActiveRecord::Base
|
|
244
|
+
include MiniAuth
|
|
245
|
+
|
|
246
|
+
attr_accessible :name, :address, :phone
|
|
247
|
+
token :auto_login, :mail_confirmation
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
By calling `generate_auto_login_token`, you can generate a random hex string of 32 letters and set it to the `auto_login_token` column.
|
|
251
|
+
|
|
252
|
+
d = User.new(:name => "david")
|
|
253
|
+
d.generate_auto_login_token
|
|
254
|
+
d.auto_login_token # => "8d21d3830a3ef2aafe8a7c0388493883"
|
|
255
|
+
|
|
256
|
+
Call `verify_auto_login_token` to verify it. For example,
|
|
257
|
+
|
|
258
|
+
d.verify_auto_login_token(params[:token])
|
|
259
|
+
|
|
260
|
+
returns `true` if `params[:token]` equals to the generated token. Otherwise it returns `false`.
|
|
261
|
+
|
|
262
|
+
|
|
236
263
|
License
|
|
237
264
|
-------
|
|
238
265
|
|
data/lib/mini_auth.rb
CHANGED
|
@@ -52,19 +52,39 @@ module MiniAuth
|
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
55
|
+
module InstanceMethods
|
|
56
|
+
def authenticate(raw_password)
|
|
57
|
+
if password_digest && BCrypt::Password.new(password_digest) == raw_password
|
|
58
|
+
self
|
|
59
|
+
else
|
|
60
|
+
false
|
|
61
|
+
end
|
|
60
62
|
end
|
|
61
|
-
end
|
|
62
63
|
|
|
63
|
-
|
|
64
|
-
|
|
64
|
+
def changing_password?
|
|
65
|
+
!!changing_password
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def setting_password?
|
|
69
|
+
!!setting_password
|
|
70
|
+
end
|
|
65
71
|
end
|
|
66
72
|
|
|
67
|
-
|
|
68
|
-
|
|
73
|
+
module ClassMethods
|
|
74
|
+
def token(*names)
|
|
75
|
+
names.each do |name|
|
|
76
|
+
self.class_eval <<-METHOD, __FILE__, __LINE__ + 1
|
|
77
|
+
def generate_#{name}_token
|
|
78
|
+
send("#{name}_token=", SecureRandom.hex)
|
|
79
|
+
end
|
|
80
|
+
METHOD
|
|
81
|
+
|
|
82
|
+
self.class_eval <<-METHOD, __FILE__, __LINE__ + 1
|
|
83
|
+
def verify_#{name}_token(token)
|
|
84
|
+
token && token == self.send("#{name}_token")
|
|
85
|
+
end
|
|
86
|
+
METHOD
|
|
87
|
+
end
|
|
88
|
+
end
|
|
69
89
|
end
|
|
70
90
|
end
|
data/lib/mini_auth/version.rb
CHANGED
data/mini_auth.gemspec
CHANGED
data/spec/fake_app.rb
CHANGED
|
@@ -10,8 +10,12 @@ ActiveRecord::Base.logger = Logger.new('/dev/null')
|
|
|
10
10
|
# Define migration class
|
|
11
11
|
class CreateAllTables < ActiveRecord::Migration
|
|
12
12
|
def change
|
|
13
|
-
create_table(:users)
|
|
14
|
-
|
|
13
|
+
create_table(:users) do |t|
|
|
14
|
+
t.string :name
|
|
15
|
+
t.string :password_digest
|
|
16
|
+
t.string :auto_login_token
|
|
17
|
+
t.string :mail_confirmation_token
|
|
18
|
+
end
|
|
15
19
|
end
|
|
16
20
|
end
|
|
17
21
|
|
|
@@ -25,4 +29,5 @@ class User < ActiveRecord::Base
|
|
|
25
29
|
include MiniAuth
|
|
26
30
|
|
|
27
31
|
attr_accessible :name
|
|
32
|
+
token :auto_login, :mail_confirmation
|
|
28
33
|
end
|
|
@@ -2,7 +2,9 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe "change_password" do
|
|
4
4
|
let(:user) do
|
|
5
|
-
u = User.
|
|
5
|
+
u = User.new(:name => 'alice', :password => 'password')
|
|
6
|
+
u.setting_password = true
|
|
7
|
+
u.save!
|
|
6
8
|
u.changing_password = true
|
|
7
9
|
u
|
|
8
10
|
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe "MiniAuth.token" do
|
|
4
|
+
let(:user) do
|
|
5
|
+
User.create!(:name => 'alice')
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
it "should generate auto_login_token" do
|
|
9
|
+
expect {
|
|
10
|
+
user.generate_auto_login_token
|
|
11
|
+
}.to change { user.auto_login_token }
|
|
12
|
+
|
|
13
|
+
user.auto_login_token.should_not be_nil
|
|
14
|
+
user.auto_login_token.length.should == 32
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it "should generate mail_confirmation_token" do
|
|
18
|
+
expect {
|
|
19
|
+
user.generate_mail_confirmation_token
|
|
20
|
+
}.to change { user.mail_confirmation_token }
|
|
21
|
+
|
|
22
|
+
user.mail_confirmation_token.should_not be_nil
|
|
23
|
+
user.mail_confirmation_token.length.should == 32
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
it "should verify auto_login_token" do
|
|
27
|
+
user.generate_auto_login_token
|
|
28
|
+
|
|
29
|
+
user.verify_auto_login_token(user.auto_login_token).should be_true
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it "should reject wrong token" do
|
|
33
|
+
user.verify_auto_login_token('z' * 32).should be_false
|
|
34
|
+
end
|
|
35
|
+
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -3,6 +3,7 @@ ENV["RAILS_ENV"] = "test"
|
|
|
3
3
|
|
|
4
4
|
require "rails/all"
|
|
5
5
|
require "rspec/rails"
|
|
6
|
+
require 'database_cleaner'
|
|
6
7
|
require "mini_auth"
|
|
7
8
|
|
|
8
9
|
# Pull in the fake rails app
|
|
@@ -16,4 +17,17 @@ RSpec.configure do |config|
|
|
|
16
17
|
require 'rspec/expectations'
|
|
17
18
|
config.include RSpec::Matchers
|
|
18
19
|
config.mock_with :rspec
|
|
20
|
+
|
|
21
|
+
config.before(:suite) do
|
|
22
|
+
DatabaseCleaner.strategy = :transaction
|
|
23
|
+
DatabaseCleaner.clean_with(:truncation, :except => %w())
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
config.before(:each) do
|
|
27
|
+
DatabaseCleaner.start
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
config.after(:each) do
|
|
31
|
+
DatabaseCleaner.clean
|
|
32
|
+
end
|
|
19
33
|
end
|
metadata
CHANGED
|
@@ -1,19 +1,19 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mini_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 0.3.0.beta
|
|
5
|
+
prerelease: 6
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Tsutomu Kuroda
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2011-12-
|
|
12
|
+
date: 2011-12-20 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &21780380 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ~>
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 3.1.0
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *21780380
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: bcrypt-ruby
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &21779500 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: '0'
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *21779500
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: rspec-rails
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &21778600 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ~>
|
|
@@ -43,10 +43,10 @@ dependencies:
|
|
|
43
43
|
version: 2.7.0
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *21778600
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: sqlite3
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &21778080 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - ! '>='
|
|
@@ -54,7 +54,18 @@ dependencies:
|
|
|
54
54
|
version: '0'
|
|
55
55
|
type: :development
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *21778080
|
|
58
|
+
- !ruby/object:Gem::Dependency
|
|
59
|
+
name: database_cleaner
|
|
60
|
+
requirement: &21777360 !ruby/object:Gem::Requirement
|
|
61
|
+
none: false
|
|
62
|
+
requirements:
|
|
63
|
+
- - ! '>='
|
|
64
|
+
- !ruby/object:Gem::Version
|
|
65
|
+
version: '0'
|
|
66
|
+
type: :development
|
|
67
|
+
prerelease: false
|
|
68
|
+
version_requirements: *21777360
|
|
58
69
|
description: A minimal authentication module for Rails
|
|
59
70
|
email:
|
|
60
71
|
- t-kuroda@oiax.jp
|
|
@@ -76,6 +87,7 @@ files:
|
|
|
76
87
|
- spec/mini_auth/change_password_spec.rb
|
|
77
88
|
- spec/mini_auth/password_digest_spec.rb
|
|
78
89
|
- spec/mini_auth/setting_password_spec.rb
|
|
90
|
+
- spec/mini_auth/token_spec.rb
|
|
79
91
|
- spec/spec_helper.rb
|
|
80
92
|
homepage: ''
|
|
81
93
|
licenses: []
|
|
@@ -92,9 +104,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
92
104
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
93
105
|
none: false
|
|
94
106
|
requirements:
|
|
95
|
-
- - ! '
|
|
107
|
+
- - ! '>'
|
|
96
108
|
- !ruby/object:Gem::Version
|
|
97
|
-
version:
|
|
109
|
+
version: 1.3.1
|
|
98
110
|
requirements: []
|
|
99
111
|
rubyforge_project: mini_auth
|
|
100
112
|
rubygems_version: 1.8.10
|