mini_auth 0.2.0 → 0.3.0.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,8 @@
1
+ ## 0.3.0
2
+
3
+ * Add the class method `token` that defines "generate_#{name}_token" and
4
+ "verify_#{name}_token" methods dynamically.
5
+
1
6
  ## 0.2.0 (2011-12-19)
2
7
 
3
8
  * Two attributes `changing_password` and `setting_password` are introduced.
data/README.md CHANGED
@@ -233,6 +233,33 @@ If your class has a _role_ such as :admin, you should enumerate the accessible a
233
233
  For more information about mass assignment security, please refer to the
234
234
  [Mass Assignment](http://guides.rubyonrails.org/security.html#mass-assignment) section of Rails Guides.
235
235
 
236
+
237
+ ### Random token
238
+
239
+ `MiniAuth` module provides an easy way to generate a random token and verify it.
240
+
241
+ The class method `token` takes a list of names and defines "generate\_#{name}\_token" and "verify\_#{name}\_token" methods dynamically.
242
+
243
+ class User < ActiveRecord::Base
244
+ include MiniAuth
245
+
246
+ attr_accessible :name, :address, :phone
247
+ token :auto_login, :mail_confirmation
248
+ end
249
+
250
+ By calling `generate_auto_login_token`, you can generate a random hex string of 32 letters and set it to the `auto_login_token` column.
251
+
252
+ d = User.new(:name => "david")
253
+ d.generate_auto_login_token
254
+ d.auto_login_token # => "8d21d3830a3ef2aafe8a7c0388493883"
255
+
256
+ Call `verify_auto_login_token` to verify it. For example,
257
+
258
+ d.verify_auto_login_token(params[:token])
259
+
260
+ returns `true` if `params[:token]` equals to the generated token. Otherwise it returns `false`.
261
+
262
+
236
263
  License
237
264
  -------
238
265
 
@@ -52,19 +52,39 @@ module MiniAuth
52
52
  end
53
53
  end
54
54
 
55
- def authenticate(raw_password)
56
- if password_digest && BCrypt::Password.new(password_digest) == raw_password
57
- self
58
- else
59
- false
55
+ module InstanceMethods
56
+ def authenticate(raw_password)
57
+ if password_digest && BCrypt::Password.new(password_digest) == raw_password
58
+ self
59
+ else
60
+ false
61
+ end
60
62
  end
61
- end
62
63
 
63
- def changing_password?
64
- !!changing_password
64
+ def changing_password?
65
+ !!changing_password
66
+ end
67
+
68
+ def setting_password?
69
+ !!setting_password
70
+ end
65
71
  end
66
72
 
67
- def setting_password?
68
- !!setting_password
73
+ module ClassMethods
74
+ def token(*names)
75
+ names.each do |name|
76
+ self.class_eval <<-METHOD, __FILE__, __LINE__ + 1
77
+ def generate_#{name}_token
78
+ send("#{name}_token=", SecureRandom.hex)
79
+ end
80
+ METHOD
81
+
82
+ self.class_eval <<-METHOD, __FILE__, __LINE__ + 1
83
+ def verify_#{name}_token(token)
84
+ token && token == self.send("#{name}_token")
85
+ end
86
+ METHOD
87
+ end
88
+ end
69
89
  end
70
90
  end
@@ -1,3 +1,3 @@
1
1
  module MiniAuth
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.0.beta"
3
3
  end
@@ -21,4 +21,5 @@ Gem::Specification.new do |s|
21
21
  s.add_runtime_dependency "bcrypt-ruby"
22
22
  s.add_development_dependency "rspec-rails", "~> 2.7.0"
23
23
  s.add_development_dependency "sqlite3"
24
+ s.add_development_dependency "database_cleaner"
24
25
  end
@@ -10,8 +10,12 @@ ActiveRecord::Base.logger = Logger.new('/dev/null')
10
10
  # Define migration class
11
11
  class CreateAllTables < ActiveRecord::Migration
12
12
  def change
13
- create_table(:users) { |t| t.string :name; t.string :password_digest }
14
- create_table(:administrators) { |t| t.string :name; t.string :password_digest, :null => false }
13
+ create_table(:users) do |t|
14
+ t.string :name
15
+ t.string :password_digest
16
+ t.string :auto_login_token
17
+ t.string :mail_confirmation_token
18
+ end
15
19
  end
16
20
  end
17
21
 
@@ -25,4 +29,5 @@ class User < ActiveRecord::Base
25
29
  include MiniAuth
26
30
 
27
31
  attr_accessible :name
32
+ token :auto_login, :mail_confirmation
28
33
  end
@@ -2,7 +2,9 @@ require 'spec_helper'
2
2
 
3
3
  describe "change_password" do
4
4
  let(:user) do
5
- u = User.create!(:name => 'alice', :new_password => 'password')
5
+ u = User.new(:name => 'alice', :password => 'password')
6
+ u.setting_password = true
7
+ u.save!
6
8
  u.changing_password = true
7
9
  u
8
10
  end
@@ -0,0 +1,35 @@
1
+ require 'spec_helper'
2
+
3
+ describe "MiniAuth.token" do
4
+ let(:user) do
5
+ User.create!(:name => 'alice')
6
+ end
7
+
8
+ it "should generate auto_login_token" do
9
+ expect {
10
+ user.generate_auto_login_token
11
+ }.to change { user.auto_login_token }
12
+
13
+ user.auto_login_token.should_not be_nil
14
+ user.auto_login_token.length.should == 32
15
+ end
16
+
17
+ it "should generate mail_confirmation_token" do
18
+ expect {
19
+ user.generate_mail_confirmation_token
20
+ }.to change { user.mail_confirmation_token }
21
+
22
+ user.mail_confirmation_token.should_not be_nil
23
+ user.mail_confirmation_token.length.should == 32
24
+ end
25
+
26
+ it "should verify auto_login_token" do
27
+ user.generate_auto_login_token
28
+
29
+ user.verify_auto_login_token(user.auto_login_token).should be_true
30
+ end
31
+
32
+ it "should reject wrong token" do
33
+ user.verify_auto_login_token('z' * 32).should be_false
34
+ end
35
+ end
@@ -3,6 +3,7 @@ ENV["RAILS_ENV"] = "test"
3
3
 
4
4
  require "rails/all"
5
5
  require "rspec/rails"
6
+ require 'database_cleaner'
6
7
  require "mini_auth"
7
8
 
8
9
  # Pull in the fake rails app
@@ -16,4 +17,17 @@ RSpec.configure do |config|
16
17
  require 'rspec/expectations'
17
18
  config.include RSpec::Matchers
18
19
  config.mock_with :rspec
20
+
21
+ config.before(:suite) do
22
+ DatabaseCleaner.strategy = :transaction
23
+ DatabaseCleaner.clean_with(:truncation, :except => %w())
24
+ end
25
+
26
+ config.before(:each) do
27
+ DatabaseCleaner.start
28
+ end
29
+
30
+ config.after(:each) do
31
+ DatabaseCleaner.clean
32
+ end
19
33
  end
metadata CHANGED
@@ -1,19 +1,19 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mini_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
5
- prerelease:
4
+ version: 0.3.0.beta
5
+ prerelease: 6
6
6
  platform: ruby
7
7
  authors:
8
8
  - Tsutomu Kuroda
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2011-12-19 00:00:00.000000000 Z
12
+ date: 2011-12-20 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rails
16
- requirement: &17342020 !ruby/object:Gem::Requirement
16
+ requirement: &21780380 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ~>
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 3.1.0
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *17342020
24
+ version_requirements: *21780380
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: bcrypt-ruby
27
- requirement: &17268340 !ruby/object:Gem::Requirement
27
+ requirement: &21779500 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: '0'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *17268340
35
+ version_requirements: *21779500
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: rspec-rails
38
- requirement: &17267280 !ruby/object:Gem::Requirement
38
+ requirement: &21778600 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ~>
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: 2.7.0
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *17267280
46
+ version_requirements: *21778600
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: sqlite3
49
- requirement: &17266540 !ruby/object:Gem::Requirement
49
+ requirement: &21778080 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ! '>='
@@ -54,7 +54,18 @@ dependencies:
54
54
  version: '0'
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *17266540
57
+ version_requirements: *21778080
58
+ - !ruby/object:Gem::Dependency
59
+ name: database_cleaner
60
+ requirement: &21777360 !ruby/object:Gem::Requirement
61
+ none: false
62
+ requirements:
63
+ - - ! '>='
64
+ - !ruby/object:Gem::Version
65
+ version: '0'
66
+ type: :development
67
+ prerelease: false
68
+ version_requirements: *21777360
58
69
  description: A minimal authentication module for Rails
59
70
  email:
60
71
  - t-kuroda@oiax.jp
@@ -76,6 +87,7 @@ files:
76
87
  - spec/mini_auth/change_password_spec.rb
77
88
  - spec/mini_auth/password_digest_spec.rb
78
89
  - spec/mini_auth/setting_password_spec.rb
90
+ - spec/mini_auth/token_spec.rb
79
91
  - spec/spec_helper.rb
80
92
  homepage: ''
81
93
  licenses: []
@@ -92,9 +104,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
92
104
  required_rubygems_version: !ruby/object:Gem::Requirement
93
105
  none: false
94
106
  requirements:
95
- - - ! '>='
107
+ - - ! '>'
96
108
  - !ruby/object:Gem::Version
97
- version: '0'
109
+ version: 1.3.1
98
110
  requirements: []
99
111
  rubyforge_project: mini_auth
100
112
  rubygems_version: 1.8.10