oath 1.1.0

data/spec/oath/services/authentication_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+require 'oath/services/authentication'
+
+describe Oath::Services::Authentication, '#authentication' do
+  it 'is authenticated for a valid password' do
+    password_digest = BCrypt::Password.create('password')
+    user = double(password_digest: password_digest)
+    auth = Oath::Services::Authentication.new(user, 'password')
+
+    expect(auth.perform).to eq(user)
+  end
+
+  it 'is not authenticated for the wrong password' do
+    password_digest = BCrypt::Password.create('password')
+    user = double(password_digest: password_digest)
+    auth = Oath::Services::Authentication.new(user, 'drowssap')
+
+    expect(auth.perform).to eq(false)
+  end
+
+  it 'is not authenticated without a user' do
+    auth = Oath::Services::Authentication.new(nil, 'password')
+    expect(auth.perform).to eq(false)
+  end
+end

data/spec/oath/services/password_reset_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+require 'oath/services/password_reset'
+require 'ostruct'
+
+describe Oath::Services::PasswordReset do
+  before do
+    Oath.config.hashing_method = ->(password) { password + "secret" }
+  end
+
+  it 'updates the password with the hashing strategy' do
+    password_digest = Oath.hash_token('password')
+    user = double()
+    field = Oath.config.user_token_store_field
+    allow(user).to receive(:[]=)
+    password_reset = Oath::Services::PasswordReset.new(user, 'password')
+
+    password_reset.perform
+    expect(user).to have_received(:[]=).with(field, 'passwordsecret')
+  end
+
+  after do
+    Oath.config.hashing_method = Oath.config.default_hashing_method
+  end
+end

data/spec/oath/services/sign_in_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+require 'oath/services/sign_in'
+
+describe Oath::Services::SignIn, '#perform' do
+  it 'signs the user in' do
+    user = double()
+    warden = double()
+    allow(warden).to receive(:set_user)
+
+    Oath::Services::SignIn.new(user, warden).perform
+    expect(warden).to have_received(:set_user).with(user)
+  end
+end

data/spec/oath/services/sign_out_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+require 'oath/services/sign_out'
+
+describe Oath::Services::SignOut, '#perform' do
+  it 'signs out the user' do
+    warden = double()
+    allow(warden).to receive(:logout)
+    allow(warden).to receive(:user).and_return(double())
+
+    Oath::Services::SignOut.new(warden).perform
+    expect(warden).to have_received(:logout)
+  end
+end

data/spec/oath/services/sign_up_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+require 'oath/services/sign_up'
+
+describe Oath::Services::SignUp, '#perform' do
+  it 'creates a user with the right parameters' do
+    allow(User).to receive(:create)
+    user_params = { email: 'email@example.com', password: 'password' }
+
+    Oath::Services::SignUp.new(user_params).perform
+    expect(User).to have_received(:create) do |args|
+      expect(args[:email]).to eq(user_params[:email])
+      expect(Oath.compare_token(args[:password_digest], 'password')).to be_truthy
+    end
+  end
+
+  it 'creates a user from the configured user creation method' do
+    user_create_double = double(Proc, call: true)
+
+    user_params = { email: 'email@example.com', password: 'password' }
+
+    with_oath_config(creation_method: user_create_double) do
+      Oath::Services::SignUp.new(user_params).perform
+    end
+
+    expect(user_create_double).to have_received(:call) do |args|
+      expect(Oath.compare_token(args[:password_digest], 'password')).to be_truthy
+    end
+  end
+
+  it 'does not create a user with an empty password' do
+    allow(User).to receive(:create)
+    user_params = { email: 'email@example.com', password: '' }
+
+    Oath::Services::SignUp.new(user_params).perform
+    expect(User).to have_received(:create) do |args|
+      expect(args[:password_digest]).to be_nil
+    end
+  end
+
+  it 'does not create a user with a nil password' do
+    allow(User).to receive(:create)
+    user_params = { email: nil, password: nil }
+
+    Oath::Services::SignUp.new(user_params).perform
+    expect(User).to have_received(:create) do |args|
+      expect(args[:password_digest]).to be_nil
+    end
+  end
+end

data/spec/oath/strategies/password_strategy_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+module Oath
+  module Strategies
+    describe PasswordStrategy do
+      it "bases lookup and token on config values" do
+        params = HashWithIndifferentAccess.new(username: 'test', the_password: 'password')
+
+        with_oath_config(user_lookup_field: "username", user_token_field: "the_password") do
+          env = Rack::MockRequest.env_for("/", params: params)
+          strategy = PasswordStrategy.new(env)
+          expect(strategy).to be_valid
+        end
+      end
+
+      it "it doesn't trigger if params are not provided" do
+        env = Rack::MockRequest.env_for("/")
+        strategy = PasswordStrategy.new(env)
+        expect(strategy).not_to be_valid
+      end
+    end
+  end
+end

data/spec/oath/test_controller_helpers_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+
+class FakeRequest
+  attr_reader :env
+  def initialize
+    @env = {}
+  end
+end
+
+class FakeController
+  attr_reader :user
+  def sign_in(user)
+    @user = user
+  end
+
+  def sign_out
+    @user = nil
+  end
+end
+
+class FakeSpec
+  cattr_reader :setup_methods
+  attr_reader :request, :controller
+  def initialize(controller = FakeController.new)
+    @request = FakeRequest.new
+    @controller = controller
+  end
+
+  def self.setup(*methods)
+    @@setup_methods = methods
+  end
+  include Oath::Test::ControllerHelpers
+end
+
+module Oath
+  module Test
+    describe ControllerHelpers do
+      it 'sets up warden' do
+        expect(FakeSpec.setup_methods).to eq([:store_controller_for_warden, :warden])
+      end
+
+      it 'creates a warden manager' do
+        fake_spec = FakeSpec.new
+        expect(fake_spec.warden).to be_a(Warden::Proxy)
+      end
+
+      it 'calls the sign in method on the controller' do
+        controller = FakeController.new
+        fake_spec = FakeSpec.new(controller)
+        fake_spec.sign_in("user")
+        expect(controller.user).to eq("user")
+      end
+
+      it 'calls the sign out method on the controller' do
+        controller = FakeController.new
+        fake_spec = FakeSpec.new(controller)
+        fake_spec.sign_in("user")
+        fake_spec.sign_out
+        expect(controller.user).to eq(nil)
+      end
+    end
+  end
+end

data/spec/oath/test_helpers_spec.rb

@@ -0,0 +1,97 @@
+require 'spec_helper'
+require 'warden'
+require 'oath/test/helpers'
+
+module Warden::Spec
+  module Helpers
+    FAILURE_APP = lambda{|e|[401, {"Content-Type" => "text/plain"}, ["You Fail!"]] }
+
+    def env_with_params(path = "/", params = {}, env = {})
+      method = params.delete(:method) || "GET"
+      env = { 'HTTP_VERSION' => '1.1', 'REQUEST_METHOD' => "#{method}" }.merge(env)
+      Rack::MockRequest.env_for("#{path}?#{Rack::Utils.build_query(params)}", env)
+    end
+
+    def setup_rack(app = nil, opts = {}, &block)
+      app ||= block if block_given?
+
+      opts[:failure_app]         ||= failure_app
+      opts[:default_strategies]  ||= [:password]
+      opts[:default_serializers] ||= [:session]
+      blk = opts[:configurator] || proc{}
+
+      Rack::Builder.new do
+        use opts[:session] || Warden::Spec::Helpers::Session unless opts[:nil_session]
+        use Warden::Manager, opts, &blk
+        run app
+      end
+    end
+
+    def valid_response
+      Rack::Response.new("OK").finish
+    end
+
+    def failure_app
+      Warden::Spec::Helpers::FAILURE_APP
+    end
+
+    def success_app
+      lambda{|e| [200, {"Content-Type" => "text/plain"}, ["You Win"]]}
+    end
+
+    class Session
+      attr_accessor :app
+      def initialize(app,configs = {})
+        @app = app
+      end
+
+      def call(e)
+        e['rack.session'] ||= {}
+        @app.call(e)
+      end
+    end # session
+  end
+end
+
+module Oath
+  module Test
+    describe Helpers do
+      include Oath::Test::Helpers
+      include Warden::Spec::Helpers
+
+      before { $captures = [] }
+      after { Oath.test_reset! }
+
+      it 'performs a sign in' do
+        user = double(id: 1)
+        return_value = sign_in(user)
+        app = lambda do |env|
+          $captures << :run
+          expect(env['warden']).to be_authenticated
+          expect(env['warden'].user).to eq(user)
+          valid_response
+        end
+        setup_rack(app).call(env_with_params)
+
+        expect(return_value).to eq(user)
+        expect($captures).to eq([:run])
+      end
+
+      it 'performs a sign out' do
+        user = double(id: 1)
+        sign_in(user)
+        sign_out
+
+        app = lambda do |env|
+          $captures << :run
+          warden = env['warden']
+          expect(warden.user).to be_nil
+          expect(warden).not_to be_authenticated
+        end
+
+        setup_rack(app).call(env_with_params)
+        expect($captures).to eq([:run])
+      end
+    end
+  end
+end

data/spec/oath_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+require 'warden'
+
+describe 'Oath' do
+  it "stores the warden config" do
+    expect(Oath.warden_config).to be_a Warden::Config
+  end
+
+  it "provides a .test_mode!" do
+    Oath.test_mode!
+    expect(Oath.hash_token('password')).to eql('password')
+    expect(Oath.compare_token('password', 'password')).to be_truthy
+  end
+
+  it "does not lookup with empty params" do
+    allow(Oath::FieldMap).to receive(:new).and_return(fake_field_map)
+    with_oath_config(find_method: -> (conditions) { raise }) do
+      expect(-> { Oath.lookup({}, {}) }).not_to raise_exception
+    end
+  end
+
+  def fake_field_map
+    double(Oath::FieldMap).tap do |field_map|
+      allow(field_map).to receive(:to_fields).and_return(["foo=1 OR bar=1"])
+    end
+  end
+end

data/spec/rails_app/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+RailsApp::Application.load_tasks

data/spec/rails_app/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require_tree .

data/spec/rails_app/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/spec/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,4 @@
+class ApplicationController < ActionController::Base
+  include Oath::ControllerHelpers
+  protect_from_forgery
+end

data/spec/rails_app/app/controllers/basic_auth_controller.rb

@@ -0,0 +1,7 @@
+class BasicAuthController < ApplicationController
+  http_basic_authenticate_with name: "admin", password: "password"
+
+  def show
+    render plain: "Hello"
+  end
+end

data/spec/rails_app/app/controllers/constrained_to_users_controller.rb

@@ -0,0 +1,5 @@
+class ConstrainedToUsersController < ApplicationController
+  def show
+    head :ok
+  end
+end

data/spec/rails_app/app/controllers/constrained_to_visitors_controller.rb

@@ -0,0 +1,5 @@
+class ConstrainedToVisitorsController < ApplicationController
+  def show
+    head :ok
+  end
+end

data/spec/rails_app/app/controllers/failures_controller.rb

@@ -0,0 +1,5 @@
+class FailuresController < ApplicationController
+  def show
+    render status: :unauthorized, plain: "Unauthorized"
+  end
+end

data/spec/rails_app/app/controllers/invalid_sessions_controller.rb

@@ -0,0 +1,2 @@
+class InvalidSessionsController < SessionsController
+end

data/spec/rails_app/app/controllers/posts_controller.rb

@@ -0,0 +1,6 @@
+class PostsController < ApplicationController
+  before_filter :require_login
+
+  def index
+  end
+end

data/spec/rails_app/app/controllers/sessions_controller.rb

@@ -0,0 +1,26 @@
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    user = authenticate_session(session_params)
+
+    if sign_in(user)
+      redirect_to posts_path
+    else
+      redirect_to root_path, notice: "Invalid email or password"
+    end
+  end
+
+  def destroy
+    sign_out
+    redirect_to root_path
+  end
+
+  private
+
+  def session_params
+    params.require(:session).permit(:email, :password)
+  end
+end
+