nulogy-authlogic 3.1.0.1

data/test/session_test/active_record_trickery_test.rb

@@ -0,0 +1,46 @@
+require 'test_helper'
+
+module SessionTest
+  module ActiveRecordTrickeryTest
+    class ClassMethodsTest < ActiveSupport::TestCase
+      def test_human_attribute_name
+        assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
+        assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
+      end
+    
+      def test_human_name
+        assert_equal "Usersession", UserSession.human_name
+      end
+    
+      def test_self_and_descendents_from_active_record
+        assert_equal [UserSession], UserSession.self_and_descendents_from_active_record
+      end
+    
+      def test_self_and_descendants_from_active_record
+        assert_equal [UserSession], UserSession.self_and_descendants_from_active_record
+      end
+
+      def test_i18n_of_human_name
+        I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
+        assert_equal "MySession", UserSession.human_name
+      end
+
+      def test_i18n_of_model_name_human
+        I18n.backend.store_translations 'en', :authlogic => {:models => {:user_session => "MySession" } }
+        assert_equal "MySession", UserSession.model_name.human
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_new_record
+        session = UserSession.new
+        assert session.new_record?
+      end
+      
+      def test_to_model
+        session = UserSession.new
+        assert_equal session, session.to_model
+      end
+    end
+  end
+end

data/test/session_test/brute_force_protection_test.rb

@@ -0,0 +1,101 @@
+require 'test_helper'
+
+module SessionTest
+  module BruteForceProtectionTest
+    class ConfigTest < ActiveSupport::TestCase
+      def test_consecutive_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 10
+        assert_equal 10, UserSession.consecutive_failed_logins_limit
+    
+        UserSession.consecutive_failed_logins_limit 50
+        assert_equal 50, UserSession.consecutive_failed_logins_limit
+      end
+      
+      def test_failed_login_ban_for
+        UserSession.failed_login_ban_for = 10
+        assert_equal 10, UserSession.failed_login_ban_for
+    
+        UserSession.failed_login_ban_for 2.hours
+        assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
+      end
+    end
+    
+    class InstaceMethodsTest < ActiveSupport::TestCase
+      def test_under_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks")
+      end
+
+      def test_exceeded_limit
+        ben = users(:ben)
+        ben.failed_login_count = UserSession.consecutive_failed_logins_limit
+        assert ben.save
+        assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        assert UserSession.create(ben).new_session?
+        ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
+        assert !UserSession.create(ben).new_session?
+      end
+    
+      def test_exceeding_failed_logins_limit
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        session = UserSession.new(:login => ben.login, :password => "badpassword2")
+        assert !session.save
+        assert session.errors[:password].size == 0
+        assert_equal 3, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+      
+      def test_exceeded_ban_for
+        UserSession.consecutive_failed_logins_limit = 2
+        UserSession.generalize_credentials_error_messages true
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.invalid_password?
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "benrocks")
+        assert session.save
+        assert_equal 0, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+        UserSession.generalize_credentials_error_messages false
+      end
+
+      def test_exceeded_ban_and_failed_doesnt_ban_again
+        UserSession.consecutive_failed_logins_limit = 2
+        ben = users(:ben)
+      
+        2.times do |i|
+          session = UserSession.new(:login => ben.login, :password => "badpassword1")
+          assert !session.save
+          assert session.errors[:password].size > 0
+          assert_equal i + 1, ben.reload.failed_login_count
+        end
+        
+        ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
+        session = UserSession.new(:login => ben.login, :password => "badpassword1")
+        assert !session.save
+        assert_equal 1, ben.reload.failed_login_count
+      
+        UserSession.consecutive_failed_logins_limit = 50
+      end
+    end
+  end
+end

data/test/session_test/callbacks_test.rb

@@ -0,0 +1,54 @@
+require 'test_helper'
+
+class WackyUserSession < Authlogic::Session::Base
+  attr_accessor :counter
+  authenticate_with User
+
+  def initialize
+    @counter = 0
+    super
+  end
+
+  def persist_by_false
+    self.counter += 1
+    return false
+  end
+
+  def persist_by_true
+    self.counter += 1
+    return true
+  end
+end
+
+module SessionTest
+  class CallbacksTest < ActiveSupport::TestCase
+    def setup
+     WackyUserSession.reset_callbacks(:persist)
+    end
+    
+    def test_no_callbacks
+      assert_equal [], WackyUserSession._persist_callbacks.map(&:filter)
+      session = WackyUserSession.new
+      session.send(:persist)
+      assert_equal 0, session.counter
+    end
+
+    def test_true_callback_cancelling_later_callbacks
+      WackyUserSession.persist :persist_by_true, :persist_by_false
+      assert_equal [:persist_by_true, :persist_by_false], WackyUserSession._persist_callbacks.map(&:filter)
+  
+      session = WackyUserSession.new
+      session.send(:persist)
+      assert_equal 1, session.counter
+    end
+  
+    def test_false_callback_continuing_to_later_callbacks
+      WackyUserSession.persist :persist_by_false, :persist_by_true
+      assert_equal [:persist_by_false, :persist_by_true], WackyUserSession._persist_callbacks.map(&:filter)
+  
+      session = WackyUserSession.new
+      session.send(:persist)
+      assert_equal 2, session.counter
+    end
+  end
+end

data/test/session_test/cookies_test.rb

@@ -0,0 +1,136 @@
+require 'test_helper'
+
+module SessionTest
+  module CookiesTest
+    class ConfiTest < ActiveSupport::TestCase
+      def test_cookie_key
+        UserSession.cookie_key = "my_cookie_key"
+        assert_equal "my_cookie_key", UserSession.cookie_key
+
+        UserSession.cookie_key "user_credentials"
+        assert_equal "user_credentials", UserSession.cookie_key
+      end
+
+      def test_default_cookie_key
+        assert_equal "user_credentials", UserSession.cookie_key
+        assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
+      end
+
+      def test_remember_me
+        UserSession.remember_me = true
+        assert_equal true, UserSession.remember_me
+        session = UserSession.new
+        assert_equal true, session.remember_me
+
+        UserSession.remember_me false
+        assert_equal false, UserSession.remember_me
+        session = UserSession.new
+        assert_equal false, session.remember_me
+      end
+
+      def test_remember_me_for
+        UserSession.remember_me_for = 3.years
+        assert_equal 3.years, UserSession.remember_me_for
+        session = UserSession.new
+        session.remember_me = true
+        assert_equal 3.years, session.remember_me_for
+
+        UserSession.remember_me_for 3.months
+        assert_equal 3.months, UserSession.remember_me_for
+        session = UserSession.new
+        session.remember_me = true
+        assert_equal 3.months, session.remember_me_for
+      end
+
+      def test_secure
+        UserSession.secure = true
+        assert_equal true, UserSession.secure
+        session = UserSession.new
+        assert_equal true, session.secure
+
+        UserSession.secure false
+        assert_equal false, UserSession.secure
+        session = UserSession.new
+        assert_equal false, session.secure
+      end
+
+      def test_httponly
+        UserSession.httponly = true
+        assert_equal true, UserSession.httponly
+        session = UserSession.new
+        assert_equal true, session.httponly
+
+        UserSession.httponly false
+        assert_equal false, UserSession.httponly
+        session = UserSession.new
+        assert_equal false, session.httponly
+      end
+    end
+
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_credentials
+        session = UserSession.new
+        session.credentials = {:remember_me => true}
+        assert_equal true, session.remember_me
+      end
+
+      def test_remember_me
+        session = UserSession.new
+        assert_equal false, session.remember_me
+        assert !session.remember_me?
+
+        session.remember_me = false
+        assert_equal false, session.remember_me
+        assert !session.remember_me?
+
+        session.remember_me = true
+        assert_equal true, session.remember_me
+        assert session.remember_me?
+
+        session.remember_me = nil
+        assert_nil session.remember_me
+        assert !session.remember_me?
+
+        session.remember_me = "1"
+        assert_equal "1", session.remember_me
+        assert session.remember_me?
+
+        session.remember_me = "true"
+        assert_equal "true", session.remember_me
+        assert session.remember_me?
+      end
+
+      def test_remember_me_until
+        session = UserSession.new
+        assert_nil session.remember_me_until
+
+        session.remember_me = true
+        assert 3.months.from_now <= session.remember_me_until
+      end
+
+      def test_persist_persist_by_cookie
+        ben = users(:ben)
+        assert !UserSession.find
+        set_cookie_for(ben)
+        assert session = UserSession.find
+        assert_equal ben, session.record
+      end
+
+      def test_after_save_save_cookie
+        ben = users(:ben)
+        session = UserSession.new(ben)
+        assert session.save
+        assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+      end
+
+      def test_after_destroy_destroy_cookie
+        ben = users(:ben)
+        set_cookie_for(ben)
+        session = UserSession.find
+        assert controller.cookies["user_credentials"]
+        assert session.destroy
+        assert !controller.cookies["user_credentials"]
+      end
+    end
+  end
+end

data/test/session_test/existence_test.rb

@@ -0,0 +1,64 @@
+require 'test_helper'
+
+module SessionTest
+  module ExistenceTest
+    class ClassMethodsTest < ActiveSupport::TestCase
+      def test_create
+        ben = users(:ben)
+        assert UserSession.create(:login => "somelogin", :password => "badpw2").new_session?
+        assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { UserSession.create!(:login => ben.login, :password => "badpw") }
+        assert !UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
+      end
+    end
+    
+    class IsntaceMethodsTest < ActiveSupport::TestCase
+      def test_new_session
+        session = UserSession.new
+        assert session.new_session?
+      
+        set_session_for(users(:ben))
+        session = UserSession.find
+        assert !session.new_session?
+      end
+    
+      def test_save_with_nothing
+        session = UserSession.new
+        assert !session.save
+        assert session.new_session?
+      end
+    
+      def test_save_with_block
+        ben = users(:ben)
+        session = UserSession.new
+        block_result = session.save do |result|
+          assert !result
+        end
+        assert !block_result
+        assert session.new_session?
+      end
+    
+      def test_save_with_bang
+        session = UserSession.new
+        assert_raise(Authlogic::Session::Existence::SessionInvalidError) { session.save! }
+      
+        session.unauthorized_record = users(:ben)
+        assert_nothing_raised { session.save! }
+      end
+    
+      def test_destroy
+        ben = users(:ben)
+        session = UserSession.new
+        assert !session.valid?
+        assert !session.errors.empty?
+        assert session.destroy
+        assert session.errors.empty?
+        session.unauthorized_record = ben
+        assert session.save
+        assert session.record
+        assert session.destroy
+        assert !session.record
+      end
+    end
+  end
+end

data/test/session_test/http_auth_test.rb

@@ -0,0 +1,57 @@
+require 'test_helper'
+
+module SessionTest
+  class HttpAuthTest < ActiveSupport::TestCase
+    class ConfiTest < ActiveSupport::TestCase
+      def test_allow_http_basic_auth
+        UserSession.allow_http_basic_auth = false
+        assert_equal false, UserSession.allow_http_basic_auth
+    
+        UserSession.allow_http_basic_auth true
+        assert_equal true, UserSession.allow_http_basic_auth
+      end
+
+      def test_request_http_basic_auth
+        UserSession.request_http_basic_auth = true
+        assert_equal true, UserSession.request_http_basic_auth
+
+        UserSession.request_http_basic_auth = false
+        assert_equal false, UserSession.request_http_basic_auth
+      end
+
+      def test_http_basic_auth_realm
+        assert_equal 'Application', UserSession.http_basic_auth_realm
+
+        UserSession.http_basic_auth_realm = 'TestRealm'
+        assert_equal 'TestRealm', UserSession.http_basic_auth_realm
+      end
+    end
+    
+    class InstanceMethodsTest < ActiveSupport::TestCase
+      def test_persist_persist_by_http_auth
+        ben = users(:ben)
+        http_basic_auth_for do
+          assert !UserSession.find
+        end
+        http_basic_auth_for(ben) do
+          assert session = UserSession.find
+          assert_equal ben, session.record
+          assert_equal ben.login, session.login
+          assert_equal "benrocks", session.send(:protected_password)
+          assert !controller.http_auth_requested?
+        end
+        unset_session
+        UserSession.request_http_basic_auth = true
+        UserSession.http_basic_auth_realm = 'PersistTestRealm'
+        http_basic_auth_for(ben) do
+          assert session = UserSession.find
+          assert_equal ben, session.record
+          assert_equal ben.login, session.login
+          assert_equal "benrocks", session.send(:protected_password)
+          assert_equal 'PersistTestRealm', controller.realm
+          assert controller.http_auth_requested?
+        end
+      end
+    end
+  end
+end