omniauth-identity 1.0.0 → 3.0.1

data/lib/omniauth-identity/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Identity
-    VERSION = '1.0.0'
+    VERSION = '3.0.1'
   end
 end

data/lib/omniauth/identity.rb

@@ -6,12 +6,12 @@ module OmniAuth
   end
 
   module Identity
-    autoload :Model,            'omniauth/identity/model'
-    autoload :SecurePassword,   'omniauth/identity/secure_password'
+    autoload :Model,               'omniauth/identity/model'
+    autoload :SecurePassword,      'omniauth/identity/secure_password'
     module Models
-      autoload :ActiveRecord,   'omniauth/identity/models/active_record'
-      autoload :MongoMapper,    'omniauth/identity/models/mongo_mapper'
-      autoload :Mongoid,        'omniauth/identity/models/mongoid'
+      autoload :ActiveRecord,      'omniauth/identity/models/active_record'
+      autoload :Mongoid,           'omniauth/identity/models/mongoid'
+      autoload :CouchPotatoModule, 'omniauth/identity/models/couch_potato'
     end
   end
 end

data/lib/omniauth/identity/model.rb

@@ -23,14 +23,15 @@ module OmniAuth
         # Authenticate a user with the given key and password.
         #
         # @param [String] key The unique login key provided for a given identity.
-        # @param [String] password The presumed password for the identity. 
+        # @param [String] password The presumed password for the identity.
         # @return [Model] An instance of the identity model class.
-        def authenticate(key, password)
-          instance = locate(key)
+        def authenticate(conditions, password)
+          instance = locate(conditions)
           return false unless instance
+
           instance.authenticate(password)
         end
-        
+
         # Used to set or retrieve the method that will be used to get
         # and set the user-supplied authentication key.
         # @return [String] The method name.
@@ -52,22 +53,20 @@ module OmniAuth
         raise NotImplementedError
       end
 
-      SCHEMA_ATTRIBUTES = %w(name email nickname first_name last_name location description image phone)
+      SCHEMA_ATTRIBUTES = %w[name email nickname first_name last_name location description image phone]
       # A hash of as much of the standard OmniAuth schema as is stored
       # in this particular model. By default, this will call instance
       # methods for each of the attributes it needs in turn, ignoring
       # any for which `#respond_to?` is `false`.
       #
-      # If `first_name`, `nickname`, and/or `last_name` is provided but 
+      # If `first_name`, `nickname`, and/or `last_name` is provided but
       # `name` is not, it will be automatically calculated.
       #
       # @return [Hash] A string-keyed hash of user information.
       def info
-        info = SCHEMA_ATTRIBUTES.inject({}) do |hash,attribute|
+        SCHEMA_ATTRIBUTES.each_with_object({}) do |attribute, hash|
           hash[attribute] = send(attribute) if respond_to?(attribute)
-          hash
         end
-        info
       end
 
       # An identifying string that must be globally unique to the
@@ -75,22 +74,23 @@ module OmniAuth
       #
       # @return [String] An identifier string unique to this identity.
       def uid
-        if respond_to?('id')
-          return nil if self.id.nil?
-          self.id.to_s
+        if respond_to?(:id)
+          return nil if id.nil?
+
+          id.to_s
         else
-          raise NotImplementedError 
+          raise NotImplementedError
         end
       end
 
       # Used to retrieve the user-supplied authentication key (e.g. a
       # username or email). Determined using the class method of the same name,
-      # defaults to `:email`. 
+      # defaults to `:email`.
       #
       # @return [String] An identifying string that will be entered by
       #   users upon sign in.
       def auth_key
-        if respond_to?(self.class.auth_key)
+        if respond_to?(self.class.auth_key.to_sym)
           send(self.class.auth_key)
         else
           raise NotImplementedError
@@ -104,8 +104,9 @@ module OmniAuth
       # @param [String] value The value to which the auth key should be
       #   set.
       def auth_key=(value)
-        if respond_to?(self.class.auth_key + '=')
-          send(self.class.auth_key + '=', value)
+        auth_key_setter = (self.class.auth_key + '=').to_sym
+        if respond_to?(auth_key_setter)
+          send(auth_key_setter, value)
         else
           raise NotImplementedError
         end

data/lib/omniauth/identity/models/active_record.rb

@@ -9,14 +9,15 @@ module OmniAuth
 
         self.abstract_class = true
         has_secure_password
-       
+
         def self.auth_key=(key)
           super
-          validates_uniqueness_of key, :case_sensitive => false
+          validates_uniqueness_of key, case_sensitive: false
         end
 
-        def self.locate(key)
-          where(auth_key => key).first
+        def self.locate(search_hash)
+          search_hash = search_hash.reverse_merge!('provider' => 'identity') if column_names.include?('provider')
+          where(search_hash).first
         end
       end
     end

data/lib/omniauth/identity/models/{mongo_mapper.rb → couch_potato.rb}

@@ -1,9 +1,10 @@
-require 'mongo_mapper'
+require 'couch_potato'
 
 module OmniAuth
   module Identity
     module Models
-      module MongoMapper
+      # can not be named CouchPotato since there is a class with that name
+      module CouchPotatoModule
         def self.included(base)
           base.class_eval do
             include ::OmniAuth::Identity::Model
@@ -13,11 +14,11 @@ module OmniAuth
 
             def self.auth_key=(key)
               super
-              validates_uniqueness_of key, :case_sensitive => false
+              validates_uniqueness_of key, case_sensitive: false
             end
 
-            def self.locate(key)
-              where(auth_key => key).first
+            def self.locate(search_hash)
+              where(search_hash).first
             end
           end
         end
@@ -25,4 +26,3 @@ module OmniAuth
     end
   end
 end
-

data/lib/omniauth/identity/models/mongoid.rb

@@ -4,11 +4,8 @@ module OmniAuth
   module Identity
     module Models
       module Mongoid
-
         def self.included(base)
-
           base.class_eval do
-
             include ::OmniAuth::Identity::Model
             include ::OmniAuth::Identity::SecurePassword
 
@@ -16,17 +13,14 @@ module OmniAuth
 
             def self.auth_key=(key)
               super
-              validates_uniqueness_of key, :case_sensitive => false
+              validates_uniqueness_of key, case_sensitive: false
             end
 
-            def self.locate(key)
-              where(auth_key => key).first
+            def self.locate(search_hash)
+              where(search_hash).first
             end
-
           end
-
         end
-
       end
     end
   end

data/lib/omniauth/identity/secure_password.rb

@@ -9,9 +9,7 @@ module OmniAuth
     # a has_secure_password method.
     module SecurePassword
       def self.included(base)
-        unless base.respond_to?(:has_secure_password)
-          base.extend ClassMethods
-        end
+        base.extend ClassMethods unless base.respond_to?(:has_secure_password)
       end
 
       module ClassMethods
@@ -40,7 +38,7 @@ module OmniAuth
         #   User.find_by_name("david").try(:authenticate, "notright")      # => nil
         #   User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
         def has_secure_password
-          attr_reader   :password
+          attr_reader :password
 
           validates_confirmation_of :password
           validates_presence_of     :password_digest
@@ -68,7 +66,7 @@ module OmniAuth
         # Encrypts the password into the password_digest attribute.
         def password=(unencrypted_password)
           @password = unencrypted_password
-          unless unencrypted_password.blank?
+          if unencrypted_password && !unencrypted_password.empty?
             self.password_digest = BCrypt::Password.create(unencrypted_password)
           end
         end

data/lib/omniauth/strategies/identity.rb

@@ -1,70 +1,98 @@
 module OmniAuth
   module Strategies
-    # The identity strategy allows you to provide simple internal 
+    # The identity strategy allows you to provide simple internal
     # user authentication using the same process flow that you
     # use for external OmniAuth providers.
     class Identity
       include OmniAuth::Strategy
 
-      option :fields, [:name, :email]
+      option :fields, %i[name email]
+      option :enable_login, true # See #other_phase documentation
+      option :on_login, nil
+      option :on_registration, nil
       option :on_failed_registration, nil
+      option :enable_registration, true
+      option :locate_conditions, ->(req) { { model.auth_key => req['auth_key'] } }
 
       def request_phase
-        OmniAuth::Form.build(
-          :title => (options[:title] || "Identity Verification"),
-          :url => callback_path
-        ) do |f|
-          f.text_field 'Login', 'auth_key'
-          f.password_field 'Password', 'password'
-          f.html "<p align='center'><a href='#{registration_path}'>Create an Identity</a></p>"
-        end.to_response 
+        if options[:on_login]
+          options[:on_login].call(env)
+        else
+          OmniAuth::Form.build(
+            title: (options[:title] || 'Identity Verification'),
+            url: callback_path
+          ) do |f|
+            f.text_field 'Login', 'auth_key'
+            f.password_field 'Password', 'password'
+            if options[:enable_registration]
+              f.html "<p align='center'><a href='#{registration_path}'>Create an Identity</a></p>"
+            end
+          end.to_response
+        end
       end
 
       def callback_phase
         return fail!(:invalid_credentials) unless identity
+
         super
       end
 
       def other_phase
-        if on_registration_path?
+        if options[:enable_registration] && on_registration_path?
           if request.get?
             registration_form
           elsif request.post?
             registration_phase
+          else
+            call_app!
           end
+        elsif options[:enable_login] && on_request_path?
+          # OmniAuth, by default, disables "GET" requests for security reasons.
+          # This effectively disables omniauth-identity tool's login form feature.
+          # Because it is disabled by default, and because enabling it would desecuritize all the other
+          #   OmniAuth strategies that may be implemented, we do not ask users to modify that setting.
+          # Instead we hook in here in the "other_phase", with a config setting of our own: `enable_login`
+          request_phase
         else
           call_app!
         end
       end
 
       def registration_form
-        OmniAuth::Form.build(:title => 'Register Identity') do |f|
-          options[:fields].each do |field|
-            f.text_field field.to_s.capitalize, field.to_s
-          end
-          f.password_field 'Password', 'password'
-          f.password_field 'Confirm Password', 'password_confirmation'
-        end.to_response
+        if options[:on_registration]
+          options[:on_registration].call(env)
+        else
+          OmniAuth::Form.build(title: 'Register Identity') do |f|
+            options[:fields].each do |field|
+              f.text_field field.to_s.capitalize, field.to_s
+            end
+            f.password_field 'Password', 'password'
+            f.password_field 'Confirm Password', 'password_confirmation'
+          end.to_response
+        end
       end
 
       def registration_phase
-        attributes = (options[:fields] + [:password, :password_confirmation]).inject({}){|h,k| h[k] = request[k.to_s]; h}
+        attributes = (options[:fields] + %i[password password_confirmation]).each_with_object({}) do |k, h|
+          h[k] = request[k.to_s]
+        end
+        if model.respond_to?(:column_names) && model.column_names.include?('provider')
+          attributes.reverse_merge!(provider: 'identity')
+        end
         @identity = model.create(attributes)
         if @identity.persisted?
           env['PATH_INFO'] = callback_path
           callback_phase
+        elsif options[:on_failed_registration]
+          env['omniauth.identity'] = @identity
+          options[:on_failed_registration].call(env)
         else
-          if options[:on_failed_registration]
-            self.env['omniauth.identity'] = @identity
-            options[:on_failed_registration].call(self.env)
-          else
-            registration_form
-          end
+          registration_form
         end
       end
 
-      uid{ identity.uid }
-      info{ identity.info }
+      uid { identity.uid }
+      info { identity.info }
 
       def registration_path
         options[:registration_path] || "#{path_prefix}/#{name}/register"
@@ -75,7 +103,13 @@ module OmniAuth
       end
 
       def identity
-        @identity ||= model.authenticate(request['auth_key'], request['password'])
+        if options[:locate_conditions].is_a? Proc
+          conditions = instance_exec(request, &options[:locate_conditions])
+          conditions.to_hash
+        else
+          conditions = options[:locate_conditions].to_hash
+        end
+        @identity ||= model.authenticate(conditions, request['password'])
       end
 
       def model

data/spec/omniauth/identity/model_spec.rb

@@ -1,116 +1,121 @@
-require 'spec_helper'
-
 class ExampleModel
   include OmniAuth::Identity::Model
 end
 
-describe OmniAuth::Identity::Model do
+RSpec.describe OmniAuth::Identity::Model do
   context 'Class Methods' do
-    subject{ ExampleModel }
+    subject { ExampleModel }
 
     describe '.locate' do
-      it('should be abstract'){ lambda{ subject.locate('abc') }.should raise_error(NotImplementedError) }
+      it('is abstract') { expect { subject.locate('abc') }.to raise_error(NotImplementedError) }
     end
 
     describe '.authenticate' do
-      it 'should call locate and then authenticate' do
-        mocked_instance = mock('ExampleModel', :authenticate => 'abbadoo')
-        subject.should_receive(:locate).with('example').and_return(mocked_instance)
-        subject.authenticate('example','pass').should == 'abbadoo'
+      it 'calls locate and then authenticate' do
+        mocked_instance = double('ExampleModel', authenticate: 'abbadoo')
+        allow(subject).to receive(:locate).with('email' => 'example').and_return(mocked_instance)
+        expect(subject.authenticate({ 'email' => 'example' }, 'pass')).to eq('abbadoo')
+      end
+
+      it 'calls locate with additional scopes when provided' do
+        mocked_instance = double('ExampleModel', authenticate: 'abbadoo')
+        allow(subject).to receive(:locate).with('email' => 'example',
+                                                'user_type' => 'admin').and_return(mocked_instance)
+        expect(subject.authenticate({ 'email' => 'example', 'user_type' => 'admin' }, 'pass')).to eq('abbadoo')
       end
 
-      it 'should recover gracefully if locate is nil' do
-        subject.stub!(:locate).and_return(nil)
-        subject.authenticate('blah','foo').should be_false
+      it 'recovers gracefully if locate is nil' do
+        allow(subject).to receive(:locate).and_return(nil)
+        expect(subject.authenticate('blah', 'foo')).to be false
       end
     end
   end
 
   context 'Instance Methods' do
-    subject{ ExampleModel.new }
+    subject { ExampleModel.new }
 
     describe '#authenticate' do
-      it('should be abstract'){ lambda{ subject.authenticate('abc') }.should raise_error(NotImplementedError) }
+      it('is abstract') { expect { subject.authenticate('abc') }.to raise_error(NotImplementedError) }
     end
 
     describe '#uid' do
-      it 'should default to #id' do
-        subject.should_receive(:respond_to?).with('id').and_return(true)
-        subject.stub!(:id).and_return 'wakka-do'
-        subject.uid.should == 'wakka-do'
+      it 'defaults to #id' do
+        allow(subject).to receive(:respond_to?).with(:id).and_return(true)
+        allow(subject).to receive(:id).and_return 'wakka-do'
+        expect(subject.uid).to eq('wakka-do')
       end
 
-      it 'should stringify it' do
-        subject.stub!(:id).and_return 123
-        subject.uid.should == '123'
+      it 'stringifies it' do
+        allow(subject).to receive(:id).and_return 123
+        expect(subject.uid).to eq('123')
       end
 
-      it 'should raise NotImplementedError if #id is not defined' do
-        subject.should_receive(:respond_to?).with('id').and_return(false)
-        lambda{ subject.uid }.should raise_error(NotImplementedError)
+      it 'raises NotImplementedError if #id is not defined' do
+        allow(subject).to receive(:respond_to?).with(:id).and_return(false)
+        expect { subject.uid }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#auth_key' do
-      it 'should default to #email' do
-        subject.should_receive(:respond_to?).with('email').and_return(true)
-        subject.stub!(:email).and_return('bob@bob.com')
-        subject.auth_key.should == 'bob@bob.com'
+      it 'defaults to #email' do
+        allow(subject).to receive(:respond_to?).with(:email).and_return(true)
+        allow(subject).to receive(:email).and_return('bob@bob.com')
+        expect(subject.auth_key).to eq('bob@bob.com')
       end
 
-      it 'should use the class .auth_key' do
+      it 'uses the class .auth_key' do
         subject.class.auth_key 'login'
-        subject.stub!(:login).and_return 'bob'
-        subject.auth_key.should == 'bob'
+        allow(subject).to receive(:login).and_return 'bob'
+        expect(subject.auth_key).to eq('bob')
         subject.class.auth_key nil
       end
 
-      it 'should raise a NotImplementedError if the auth_key method is not defined' do
-        lambda{ subject.auth_key }.should raise_error(NotImplementedError)
+      it 'raises a NotImplementedError if the auth_key method is not defined' do
+        expect { subject.auth_key }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#auth_key=' do
-      it 'should default to setting email' do
-        subject.should_receive(:respond_to?).with('email=').and_return(true)
-        subject.should_receive(:email=).with 'abc'
-        
+      it 'defaults to setting email' do
+        allow(subject).to receive(:respond_to?).with(:email=).and_return(true)
+        expect(subject).to receive(:email=).with 'abc'
+
         subject.auth_key = 'abc'
       end
 
-      it 'should use a custom .auth_key if one is provided' do
+      it 'uses a custom .auth_key if one is provided' do
         subject.class.auth_key 'login'
-        subject.should_receive(:respond_to?).with('login=').and_return(true)
-        subject.should_receive('login=').with('abc')
+        allow(subject).to receive(:respond_to?).with(:login=).and_return(true)
+        expect(subject).to receive(:login=).with('abc')
 
         subject.auth_key = 'abc'
       end
 
-      it 'should raise a NotImplementedError if the autH_key method is not defined' do
-        lambda{ subject.auth_key = 'broken' }.should raise_error(NotImplementedError)
+      it 'raises a NotImplementedError if the autH_key method is not defined' do
+        expect { subject.auth_key = 'broken' }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#info' do
-      it 'should include attributes that are set' do
-        subject.stub!(:name).and_return('Bob Bobson')
-        subject.stub!(:nickname).and_return('bob')
-
-        subject.info.should == {
-          'name' => 'Bob Bobson',
-          'nickname' => 'bob'
-        }
+      it 'includes attributes that are set' do
+        allow(subject).to receive(:name).and_return('Bob Bobson')
+        allow(subject).to receive(:nickname).and_return('bob')
+
+        expect(subject.info).to eq({
+                                     'name' => 'Bob Bobson',
+                                     'nickname' => 'bob'
+                                   })
       end
 
-      it 'should automatically set name off of nickname' do
-        subject.stub!(:nickname).and_return('bob')
+      it 'automaticallies set name off of nickname' do
+        allow(subject).to receive(:nickname).and_return('bob')
         subject.info['name'] == 'bob'
       end
 
-      it 'should not overwrite a provided name' do
-        subject.stub!(:name).and_return('Awesome Dude')
-        subject.stub!(:first_name).and_return('Frank')
-        subject.info['name'].should == 'Awesome Dude'
+      it 'does not overwrite a provided name' do
+        allow(subject).to receive(:name).and_return('Awesome Dude')
+        allow(subject).to receive(:first_name).and_return('Frank')
+        expect(subject.info['name']).to eq('Awesome Dude')
       end
     end
   end