oath 1.1.0

data/lib/oath/warden_setup.rb

@@ -0,0 +1,47 @@
+require 'warden'
+require "oath/strategies/password_strategy"
+
+module Oath
+  # Sets up warden specifics for working with oath
+  class WardenSetup
+    def initialize(warden_config)
+      @warden_config = warden_config
+    end
+
+    # Sets up warden specifics for working with oath:
+    # * Session serialization
+    # * Strategy
+    # * Failure app
+    def call
+      setup_warden_manager
+      setup_warden_strategies
+      setup_warden_config
+    end
+
+    private
+    attr_reader :warden_config
+
+    def setup_warden_manager
+      Warden::Manager.serialize_into_session(&serialize_into_session_method)
+      Warden::Manager.serialize_from_session(&serialize_from_session_method)
+    end
+
+    def setup_warden_strategies
+      Warden::Strategies.add(:password_strategy, Oath.config.authentication_strategy)
+    end
+
+    def setup_warden_config
+      warden_config.tap do |config|
+        config.failure_app = Oath.config.failure_app
+      end
+    end
+
+    def serialize_into_session_method
+      Oath.config.warden_serialize_into_session
+    end
+
+    def serialize_from_session_method
+      Oath.config.warden_serialize_from_session
+    end
+  end
+end

data/oath.gemspec

@@ -0,0 +1,30 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'oath/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "oath"
+  gem.version       = Oath::VERSION
+  gem.authors       = ["halogenandtoast", "calebthompson"]
+  gem.email         = ["halogenandtoast@gmail.com"]
+  gem.description   = %q{simple rails authentication}
+  gem.summary       = %q{Making rails authentication as simple as possible}
+  gem.homepage      = "https://github.com/halogenandtoast/oath"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency 'rails'
+  gem.add_dependency 'bcrypt'
+  gem.add_dependency 'warden'
+
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'rspec-rails'
+  gem.add_development_dependency 'capybara'
+  gem.add_development_dependency 'sqlite3'
+  gem.add_development_dependency 'active_hash'
+end

data/spec/features/user/user_signs_in_spec.rb

@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+feature 'User signs in' do
+  scenario 'with mismatched email case' do
+    user = User.create!(email: "example@example.com", password_digest: "password")
+
+    visit sign_in_path
+    fill_in "session[email]", with: "Example@example.com"
+    fill_in "session[password]", with: "password"
+    click_button "go"
+
+    expect(current_path).to eq posts_path
+  end
+end

data/spec/features/user/user_signs_in_through_back_door_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+feature 'User signs in through the back-door' do
+  scenario 'with the configured lookup field' do
+    user = User.create!
+
+    visit constrained_to_users_path(as: user)
+
+    expect(current_path).to eq constrained_to_users_path
+  end
+end

data/spec/features/user/user_tries_to_access_constrained_routes_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+feature 'User tries to access constrained routes' do
+  scenario 'they can access a route constrained to users' do
+    sign_in User.new
+
+    visit constrained_to_users_path
+    expect(page.status_code).to eq(200)
+  end
+
+  scenario 'they cannot access a route constrained to visitors' do
+    sign_in User.new
+
+    expect {
+      visit constrained_to_visitors_path
+    }.to raise_error ActionController::RoutingError
+  end
+end

data/spec/features/user/user_tries_to_access_http_auth_page_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+feature 'User tries to access constrained routes' do
+  scenario 'they can access a route constrained to users' do
+    page.driver.browser.basic_authorize("admin", "password")
+    visit basic_auth_path
+    expect(page.status_code).to eq(200)
+  end
+end

data/spec/features/visitor/visitor_fails_to_sign_up_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+feature 'Visitor signs up' do
+  scenario 'with an email and password' do
+    visit sign_up_path
+    click_on 'go'
+
+    expect(page).not_to have_content("Sign out")
+  end
+end

data/spec/features/visitor/visitor_is_unauthorized_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+feature 'Visitor is unauthorzed' do
+  scenario 'when visiting a resource' do
+    visit failure_path
+    expect(page.status_code).to eq(401)
+  end
+end

data/spec/features/visitor/visitor_signs_in_via_invalid_form_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+feature 'Visitor signs in with invalid form' do
+  scenario 'is not signed in' do
+    Oath::Services::SignUp.new(email: 'email@example.com', password: 'password').perform
+    visit invalid_sign_in_path
+    fill_in "session_password", with: 'password'
+    click_button 'go'
+    expect(page).to have_content("Sign in")
+  end
+end

data/spec/features/visitor/visitor_signs_up_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+feature 'Visitor signs up' do
+  scenario 'with an email and password' do
+    visit sign_up_path
+    fill_in 'user_email', with: 'email@example.com'
+    fill_in 'user_password', with: 'password'
+    click_on 'go'
+
+    expect(page.current_path).to eq(posts_path)
+  end
+
+  scenario 'with uppercase email' do
+    visit sign_up_path
+    fill_in 'user_email', with: 'Email@example.com'
+    fill_in 'user_password', with: 'password'
+    click_on 'go'
+
+    expect(User.last.email).to eq('email@example.com')
+  end
+
+  scenario 'multiple users' do
+    visit sign_up_path
+    fill_in 'user_email', with: 'email@example.com'
+    fill_in 'user_password', with: 'password'
+    click_on 'go'
+    click_on 'Sign out'
+    visit sign_up_path
+    fill_in 'user_email', with: 'email2@example.com'
+    fill_in 'user_password', with: 'password2'
+    click_on 'go'
+    click_on 'Sign out'
+    visit sign_in_path
+    fill_in 'session_email', with: 'email@example.com'
+    fill_in 'session_password', with: 'password'
+    click_on 'go'
+
+    expect(page.current_path).to eq(posts_path)
+  end
+end

data/spec/features/visitor/visitor_tries_to_access_constrained_routes_spec.rb

@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+feature 'Visitor tries to access constrained routes' do
+  scenario 'they can access a route constrained to visitors' do
+    visit constrained_to_visitors_path
+    expect(page.status_code).to eq(200)
+  end
+
+  scenario 'they cannot access a route constrained to users' do
+    expect {
+      visit constrained_to_users_path
+    }.to raise_error ActionController::RoutingError
+  end
+end

data/spec/features/visitor/visitor_uses_remember_token_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+feature 'Visitor signs in' do
+  scenario 'with remember token' do
+    pending
+    Oath::SignUp.new(email: "email@example.com", password: "password").perform
+    visit sign_in_path
+    fill_in 'session_email', with: 'email@example.com'
+    fill_in 'session_password', with: 'password'
+    check 'Remember me'
+    click_on 'go'
+  end
+end

data/spec/oath/configuration_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+require 'warden'
+
+module Oath
+  describe Configuration do
+    it 'sets the no login redirect to a resonable default' do
+      configuration = Configuration.new
+      expect(configuration.no_login_redirect).to eq({ controller: "/sessions", action: "new" })
+    end
+  end
+end

data/spec/oath/controller_helpers_spec.rb

@@ -0,0 +1,180 @@
+require 'spec_helper'
+require 'warden'
+
+module Oath
+  describe ControllerHelpers do
+    class WardenMock
+      def user; end
+    end
+    class Flash < Struct.new(:notice)
+    end
+    class FakeRequest
+      attr_reader :env
+      def initialize(env)
+        @env = env
+      end
+    end
+
+    class Dummy
+      attr_reader :redirected, :redirected_to, :flash, :request
+      def initialize warden
+        @warden = warden
+        @flash = Flash.new
+        @redirected = false
+        @request = FakeRequest.new(env)
+      end
+      def redirect_to path
+        @redirected = true
+        @redirected_to = path
+      end
+      def env
+        { "warden" => @warden }
+      end
+    end
+
+    before(:each) do
+      @warden = WardenMock.new
+      @dummy = Dummy.new(@warden)
+      @dummy.extend(ControllerHelpers)
+    end
+
+    it 'performs a sign in' do
+      user = stub_sign_in
+      @dummy.sign_in user
+    end
+
+    it 'runs the block when user is signed in' do
+      user = stub_sign_in
+      expectation = double()
+      allow(expectation).to receive(:success)
+      @dummy.sign_in(user) { expectation.success }
+      expect(expectation).to have_received(:success)
+    end
+
+    it 'does not run the block when user can not be signed in' do
+      user = stub_sign_in(false)
+      expectation = double()
+      allow(expectation).to receive(:failure)
+      @dummy.sign_in(user) { expectation.failure }
+      expect(expectation).not_to have_received(:failure)
+    end
+
+    it 'performs a sign out' do
+      sign_out = double()
+      allow(sign_out).to receive(:perform)
+      allow(Services::SignOut).to receive(:new).with(@warden).and_return(sign_out)
+      @dummy.sign_out
+      expect(sign_out).to have_received(:perform)
+    end
+
+    it 'performs a sign_up' do
+      user_params = stub_sign_up
+      @dummy.sign_up user_params
+    end
+
+    it 'runs the block when user is signed up' do
+      user_params = stub_sign_up
+      expectation = double()
+      allow(expectation).to receive(:success)
+      @dummy.sign_up(user_params) { expectation.success }
+      expect(expectation).to have_received(:success)
+    end
+
+    it 'does not run the block when user can not be signed up' do
+      user_params = stub_sign_up(false)
+      expectation = double()
+      allow(expectation).to receive(:failure)
+      @dummy.sign_up(user_params) { expectation.failure }
+      expect(expectation).not_to have_received(:failure)
+    end
+
+    it 'authenticates a session' do
+      session_params = { password: 'password', email: 'a@b.com' }
+      user = double()
+      authentication = double()
+      allow(authentication).to receive(:perform).and_return(user)
+      allow(Oath).to receive(:lookup).with({email: 'a@b.com'}, nil).and_return(user)
+      allow(Services::Authentication).to receive(:new).with(user, 'password').and_return(authentication)
+      expect(@dummy.authenticate_session(session_params)).to eq user
+    end
+
+    it 'authenticates a session against multiple fields' do
+      session_params = { email_or_username: 'foo', password: 'password' }
+      field_map = { email_or_username: [:email, :username] }
+      user = double()
+      authentication = double()
+      allow(authentication).to receive(:perform).and_return(user)
+      allow(Oath).to receive(:lookup).with(session_params.except(:password), field_map).and_return(user)
+      allow(Services::Authentication).to receive(:new).with(user, 'password').and_return(authentication)
+      expect(@dummy.authenticate_session(session_params, field_map)).to eq user
+    end
+
+    it 'returns false when it could not authenticate the user' do
+      session_params = { password: "password", lookup_key: "lookup_key" }
+      user = double()
+      authentication = double()
+      allow(authentication).to receive(:perform).and_return(false)
+      allow(Oath).to receive(:lookup).with({ lookup_key: "lookup_key" }, nil).and_return(user)
+      allow(Services::Authentication).to receive(:new).with(user, 'password').and_return(authentication)
+      expect(@dummy.authenticate_session(session_params)).to be_falsey
+    end
+
+    it 'performs an authenticate' do
+      user = double()
+      password = double()
+      authentication = double()
+      allow(authentication).to receive(:perform)
+      allow(Services::Authentication).to receive(:new).with(user, password).and_return(authentication)
+      @dummy.authenticate user, password
+      expect(authentication).to have_received(:perform)
+    end
+
+    it 'returns the current user' do
+      current_user = double()
+      allow(@warden).to receive(:user).and_return(current_user)
+      expect(@dummy.current_user).to eq current_user
+    end
+
+    it 'returns signed_in?' do
+      allow(@warden).to receive(:user)
+      allow(@dummy).to receive(:current_user)
+      @dummy.signed_in?
+      expect(@warden).to have_received(:user)
+      expect(@dummy).not_to have_received(:current_user)
+    end
+
+    it 'redirects when not signed_in' do
+      allow(@warden).to receive(:user).and_return(false)
+      @dummy.require_login
+      expect(@dummy.redirected).to eq(true)
+      expect(@dummy.redirected_to).to eq(Oath.config.no_login_redirect)
+      expect(@dummy.flash.notice).to eq(Oath.config.sign_in_notice.call)
+    end
+
+    it 'does not redirect when signed_in' do
+      allow(@warden).to receive(:user).and_return(true)
+      @dummy.require_login
+      expect(@dummy.redirected).to eq(false)
+    end
+
+    it 'returns warden' do
+      expect(@dummy.warden).to eq @warden
+    end
+
+    def stub_sign_in(success = true)
+      user = double()
+      sign_in = double()
+      allow(sign_in).to receive(:perform).and_return(success)
+      allow(Services::SignIn).to receive(:new).with(user, @warden).and_return(sign_in)
+      user
+    end
+
+    def stub_sign_up(success = true)
+      user_params = double()
+      sign_up = double()
+      allow(sign_up).to receive(:perform).and_return(success)
+      allow(Services::SignUp).to receive(:new).with(user_params).and_return(sign_up)
+      user_params
+    end
+  end
+end

data/spec/oath/field_map_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+module Oath
+  describe FieldMap do
+    it 'returns the params with symbolized keys without a field map' do
+      params = double()
+      allow(params).to receive(:inject).and_return(params)
+      field_map = FieldMap.new(params, nil)
+      expect(field_map.to_fields).to eq(params)
+    end
+
+    it 'returns mapped params with a field map' do
+      params = { email_or_username: 'foo' }
+      map = { email_or_username: [:email, :username] }
+      field_map = FieldMap.new(params, map)
+      expect(field_map.to_fields).to eq(["email = ? OR username = ?", 'foo', 'foo'])
+    end
+  end
+end