omniauth-identity 2.0.0 → 3.0.0

data/lib/omniauth/identity/models/mongoid.rb

@@ -4,11 +4,8 @@ module OmniAuth
   module Identity
     module Models
       module Mongoid
-
         def self.included(base)
-
           base.class_eval do
-
             include ::OmniAuth::Identity::Model
             include ::OmniAuth::Identity::SecurePassword
 
@@ -16,17 +13,14 @@ module OmniAuth
 
             def self.auth_key=(key)
               super
-              validates_uniqueness_of key, :case_sensitive => false
+              validates_uniqueness_of key, case_sensitive: false
             end
 
             def self.locate(search_hash)
               where(search_hash).first
             end
-
           end
-
         end
-
       end
     end
   end

data/lib/omniauth/identity/secure_password.rb

@@ -9,9 +9,7 @@ module OmniAuth
     # a has_secure_password method.
     module SecurePassword
       def self.included(base)
-        unless base.respond_to?(:has_secure_password)
-          base.extend ClassMethods
-        end
+        base.extend ClassMethods unless base.respond_to?(:has_secure_password)
       end
 
       module ClassMethods
@@ -40,7 +38,7 @@ module OmniAuth
         #   User.find_by_name("david").try(:authenticate, "notright")      # => nil
         #   User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
         def has_secure_password
-          attr_reader   :password
+          attr_reader :password
 
           validates_confirmation_of :password
           validates_presence_of     :password_digest

data/lib/omniauth/strategies/identity.rb

@@ -6,39 +6,53 @@ module OmniAuth
     class Identity
       include OmniAuth::Strategy
 
-      option :fields, [:name, :email]
+      option :fields, %i[name email]
+      option :enable_login, true # See #other_phase documentation
       option :on_login, nil
       option :on_registration, nil
       option :on_failed_registration, nil
-      option :locate_conditions, lambda{|req| {model.auth_key => req['auth_key']} }
+      option :enable_registration, true
+      option :locate_conditions, ->(req) { { model.auth_key => req['auth_key'] } }
 
       def request_phase
         if options[:on_login]
-          options[:on_login].call(self.env)
+          options[:on_login].call(env)
         else
           OmniAuth::Form.build(
-            :title => (options[:title] || "Identity Verification"),
-            :url => callback_path
+            title: (options[:title] || 'Identity Verification'),
+            url: callback_path
           ) do |f|
             f.text_field 'Login', 'auth_key'
             f.password_field 'Password', 'password'
-            f.html "<p align='center'><a href='#{registration_path}'>Create an Identity</a></p>"
+            if options[:enable_registration]
+              f.html "<p align='center'><a href='#{registration_path}'>Create an Identity</a></p>"
+            end
           end.to_response
         end
       end
 
       def callback_phase
         return fail!(:invalid_credentials) unless identity
+
         super
       end
 
       def other_phase
-        if on_registration_path?
+        if options[:enable_registration] && on_registration_path?
           if request.get?
             registration_form
           elsif request.post?
             registration_phase
+          else
+            call_app!
           end
+        elsif options[:enable_login] && on_request_path?
+          # OmniAuth, by default, disables "GET" requests for security reasons.
+          # This effectively disables omniauth-identity tool's login form feature.
+          # Because it is disabled by default, and because enabling it would desecuritize all the other
+          #   OmniAuth strategies that may be implemented, we do not ask users to modify that setting.
+          # Instead we hook in here in the "other_phase", with a config setting of our own: `enable_login`
+          request_phase
         else
           call_app!
         end
@@ -46,9 +60,9 @@ module OmniAuth
 
       def registration_form
         if options[:on_registration]
-          options[:on_registration].call(self.env)
+          options[:on_registration].call(env)
         else
-          OmniAuth::Form.build(:title => 'Register Identity') do |f|
+          OmniAuth::Form.build(title: 'Register Identity') do |f|
             options[:fields].each do |field|
               f.text_field field.to_s.capitalize, field.to_s
             end
@@ -59,23 +73,26 @@ module OmniAuth
       end
 
       def registration_phase
-        attributes = (options[:fields] + [:password, :password_confirmation]).inject({}){|h,k| h[k] = request[k.to_s]; h}
+        attributes = (options[:fields] + %i[password password_confirmation]).each_with_object({}) do |k, h|
+          h[k] = request[k.to_s]
+        end
+        if model.respond_to?(:column_names) && model.column_names.include?('provider')
+          attributes.reverse_merge!(provider: 'identity')
+        end
         @identity = model.create(attributes)
         if @identity.persisted?
           env['PATH_INFO'] = callback_path
           callback_phase
+        elsif options[:on_failed_registration]
+          env['omniauth.identity'] = @identity
+          options[:on_failed_registration].call(env)
         else
-          if options[:on_failed_registration]
-            self.env['omniauth.identity'] = @identity
-            options[:on_failed_registration].call(self.env)
-          else
-            registration_form
-          end
+          registration_form
         end
       end
 
-      uid{ identity.uid }
-      info{ identity.info }
+      uid { identity.uid }
+      info { identity.info }
 
       def registration_path
         options[:registration_path] || "#{path_prefix}/#{name}/register"
@@ -86,13 +103,13 @@ module OmniAuth
       end
 
       def identity
-        if options.locate_conditions.is_a? Proc
-          conditions = instance_exec(request, &options.locate_conditions)
+        if options[:locate_conditions].is_a? Proc
+          conditions = instance_exec(request, &options[:locate_conditions])
           conditions.to_hash
         else
-          conditions = options.locate_conditions.to_hash
+          conditions = options[:locate_conditions].to_hash
         end
-        @identity ||= model.authenticate(conditions, request['password'] )
+        @identity ||= model.authenticate(conditions, request['password'])
       end
 
       def model

data/spec/omniauth/identity/model_spec.rb

@@ -2,87 +2,88 @@ class ExampleModel
   include OmniAuth::Identity::Model
 end
 
-describe OmniAuth::Identity::Model do
+RSpec.describe OmniAuth::Identity::Model do
   context 'Class Methods' do
-    subject{ ExampleModel }
+    subject { ExampleModel }
 
     describe '.locate' do
-      it('should be abstract'){ expect{ subject.locate('abc') }.to raise_error(NotImplementedError) }
+      it('is abstract') { expect { subject.locate('abc') }.to raise_error(NotImplementedError) }
     end
 
     describe '.authenticate' do
-      it 'should call locate and then authenticate' do
-        mocked_instance = double('ExampleModel', :authenticate => 'abbadoo')
+      it 'calls locate and then authenticate' do
+        mocked_instance = double('ExampleModel', authenticate: 'abbadoo')
         allow(subject).to receive(:locate).with('email' => 'example').and_return(mocked_instance)
-        expect(subject.authenticate({'email' => 'example'},'pass')).to eq('abbadoo')
+        expect(subject.authenticate({ 'email' => 'example' }, 'pass')).to eq('abbadoo')
       end
 
-      it 'should call locate with additional scopes when provided' do
-        mocked_instance = double('ExampleModel', :authenticate => 'abbadoo')
-        allow(subject).to receive(:locate).with('email' => 'example', 'user_type' => 'admin').and_return(mocked_instance)
-        expect(subject.authenticate({'email' => 'example', 'user_type' => 'admin'}, 'pass')).to eq('abbadoo')
+      it 'calls locate with additional scopes when provided' do
+        mocked_instance = double('ExampleModel', authenticate: 'abbadoo')
+        allow(subject).to receive(:locate).with('email' => 'example',
+                                                'user_type' => 'admin').and_return(mocked_instance)
+        expect(subject.authenticate({ 'email' => 'example', 'user_type' => 'admin' }, 'pass')).to eq('abbadoo')
       end
 
-      it 'should recover gracefully if locate is nil' do
+      it 'recovers gracefully if locate is nil' do
         allow(subject).to receive(:locate).and_return(nil)
-        expect(subject.authenticate('blah','foo')).to be false
+        expect(subject.authenticate('blah', 'foo')).to be false
       end
     end
   end
 
   context 'Instance Methods' do
-    subject{ ExampleModel.new }
+    subject { ExampleModel.new }
 
     describe '#authenticate' do
-      it('should be abstract'){ expect{ subject.authenticate('abc') }.to raise_error(NotImplementedError) }
+      it('is abstract') { expect { subject.authenticate('abc') }.to raise_error(NotImplementedError) }
     end
 
     describe '#uid' do
-      it 'should default to #id' do
+      it 'defaults to #id' do
         allow(subject).to receive(:respond_to?).with(:id).and_return(true)
         allow(subject).to receive(:id).and_return 'wakka-do'
         expect(subject.uid).to eq('wakka-do')
       end
 
-      it 'should stringify it' do
+      it 'stringifies it' do
         allow(subject).to receive(:id).and_return 123
         expect(subject.uid).to eq('123')
       end
 
-      it 'should raise NotImplementedError if #id is not defined' do
+      it 'raises NotImplementedError if #id is not defined' do
         allow(subject).to receive(:respond_to?).with(:id).and_return(false)
-        expect{ subject.uid }.to raise_error(NotImplementedError)
+        expect { subject.uid }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#auth_key' do
-      it 'should default to #email' do
+      it 'defaults to #email' do
         allow(subject).to receive(:respond_to?).with(:email).and_return(true)
         allow(subject).to receive(:email).and_return('bob@bob.com')
         expect(subject.auth_key).to eq('bob@bob.com')
       end
 
-      it 'should use the class .auth_key' do
+      it 'uses the class .auth_key' do
         subject.class.auth_key 'login'
         allow(subject).to receive(:login).and_return 'bob'
         expect(subject.auth_key).to eq('bob')
         subject.class.auth_key nil
       end
 
-      it 'should raise a NotImplementedError if the auth_key method is not defined' do
-        expect{ subject.auth_key }.to raise_error(NotImplementedError)
+      it 'raises a NotImplementedError if the auth_key method is not defined' do
+        expect { subject.auth_key }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#auth_key=' do
-      it 'should default to setting email' do
+      it 'defaults to setting email' do
         allow(subject).to receive(:respond_to?).with(:email=).and_return(true)
         expect(subject).to receive(:email=).with 'abc'
-        
+
         subject.auth_key = 'abc'
       end
 
-      it 'should use a custom .auth_key if one is provided' do
+      it 'uses a custom .auth_key if one is provided' do
         subject.class.auth_key 'login'
         allow(subject).to receive(:respond_to?).with(:login=).and_return(true)
         expect(subject).to receive(:login=).with('abc')
@@ -90,28 +91,28 @@ describe OmniAuth::Identity::Model do
         subject.auth_key = 'abc'
       end
 
-      it 'should raise a NotImplementedError if the autH_key method is not defined' do
-        expect{ subject.auth_key = 'broken' }.to raise_error(NotImplementedError)
+      it 'raises a NotImplementedError if the autH_key method is not defined' do
+        expect { subject.auth_key = 'broken' }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#info' do
-      it 'should include attributes that are set' do
+      it 'includes attributes that are set' do
         allow(subject).to receive(:name).and_return('Bob Bobson')
         allow(subject).to receive(:nickname).and_return('bob')
 
         expect(subject.info).to eq({
-          'name' => 'Bob Bobson',
-          'nickname' => 'bob'
-        })
+                                     'name' => 'Bob Bobson',
+                                     'nickname' => 'bob'
+                                   })
       end
 
-      it 'should automatically set name off of nickname' do
+      it 'automaticallies set name off of nickname' do
         allow(subject).to receive(:nickname).and_return('bob')
         subject.info['name'] == 'bob'
       end
 
-      it 'should not overwrite a provided name' do
+      it 'does not overwrite a provided name' do
         allow(subject).to receive(:name).and_return('Awesome Dude')
         allow(subject).to receive(:first_name).and_return('Frank')
         expect(subject.info['name']).to eq('Awesome Dude')

data/spec/omniauth/identity/models/active_record_spec.rb

@@ -1,16 +1,28 @@
-describe(OmniAuth::Identity::Models::ActiveRecord, :db => true) do
-  class TestIdentity < OmniAuth::Identity::Models::ActiveRecord; end
-
-  describe "model", type: :model do
-    subject { TestIdentity }
+RSpec.describe(OmniAuth::Identity::Models::ActiveRecord, db: true) do
+  describe 'model', type: :model do
+    subject(:model_klass) do
+      AnonymousActiveRecord.generate(
+        parent_klass: 'OmniAuth::Identity::Models::ActiveRecord',
+        columns: %w[name provider],
+        connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
+      ) do
+        def flower
+          '🌸'
+        end
+      end
+    end
 
-    it 'should delegate locate to the where query method' do
-      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches').and_return(['wakka'])
-      expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
+    it 'delegates locate to the where query method' do
+      allow(model_klass).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches',
+                                                 'provider' => 'identity').and_return(['wakka'])
+      expect(model_klass.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
     end
+  end
 
-    it 'should not use STI rules for its table name' do
-      expect(subject.table_name).to eq('test_identities')
+  describe '#table_name' do
+    class TestIdentity < OmniAuth::Identity::Models::ActiveRecord; end
+    it 'does not use STI rules for its table name' do
+      expect(TestIdentity.table_name).to eq('test_identities')
     end
   end
 end

data/spec/omniauth/identity/models/couch_potato_spec.rb

@@ -1,4 +1,4 @@
-describe(OmniAuth::Identity::Models::CouchPotatoModule, :db => true) do
+RSpec.describe(OmniAuth::Identity::Models::CouchPotatoModule, db: true) do
   class CouchPotatoTestIdentity
     include CouchPotato::Persistence
     include OmniAuth::Identity::Models::CouchPotatoModule
@@ -8,8 +8,9 @@ describe(OmniAuth::Identity::Models::CouchPotatoModule, :db => true) do
   describe 'model', type: :model do
     subject { CouchPotatoTestIdentity }
 
-    it 'should delegate locate to the where query method' do
-      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches').and_return(['wakka'])
+    it 'delegates locate to the where query method' do
+      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced',
+                                             'category' => 'sandwiches').and_return(['wakka'])
       expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
     end
   end

data/spec/omniauth/identity/models/mongoid_spec.rb

@@ -1,4 +1,4 @@
-describe(OmniAuth::Identity::Models::Mongoid, :db => true) do
+RSpec.describe(OmniAuth::Identity::Models::Mongoid, db: true) do
   class MongoidTestIdentity
     include Mongoid::Document
     include OmniAuth::Identity::Models::Mongoid
@@ -6,17 +6,18 @@ describe(OmniAuth::Identity::Models::Mongoid, :db => true) do
     store_in database: 'db1', collection: 'mongoid_test_identities', client: 'secondary'
   end
 
-  describe "model", type: :model do
+  describe 'model', type: :model do
     subject { MongoidTestIdentity }
 
     it { is_expected.to be_mongoid_document }
 
     it 'does not munge collection name' do
-      is_expected.to be_stored_in(database: 'db1', collection: 'mongoid_test_identities', client: 'secondary')
+      expect(subject).to be_stored_in(database: 'db1', collection: 'mongoid_test_identities', client: 'secondary')
     end
 
-    it 'should delegate locate to the where query method' do
-      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches').and_return(['wakka'])
+    it 'delegates locate to the where query method' do
+      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced',
+                                             'category' => 'sandwiches').and_return(['wakka'])
       expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
     end
   end

data/spec/omniauth/identity/secure_password_spec.rb

@@ -5,19 +5,19 @@ end
 class DoesNotHaveTheMethod
 end
 
-describe OmniAuth::Identity::SecurePassword do
-  it 'should extend with the class methods if it does not have the method' do
+RSpec.describe OmniAuth::Identity::SecurePassword do
+  it 'extends with the class methods if it does not have the method' do
     expect(DoesNotHaveTheMethod).to receive(:extend).with(OmniAuth::Identity::SecurePassword::ClassMethods)
-    DoesNotHaveTheMethod.send(:include, OmniAuth::Identity::SecurePassword)
+    DoesNotHaveTheMethod.include OmniAuth::Identity::SecurePassword
   end
 
-  it 'should not extend if the method is already defined' do
+  it 'does not extend if the method is already defined' do
     expect(HasTheMethod).not_to receive(:extend)
-    HasTheMethod.send(:include, OmniAuth::Identity::SecurePassword)
+    HasTheMethod.include OmniAuth::Identity::SecurePassword
   end
 
-  it 'should respond to has_secure_password afterwards' do
-    [HasTheMethod,DoesNotHaveTheMethod].each do |klass|
+  it 'responds to has_secure_password afterwards' do
+    [HasTheMethod, DoesNotHaveTheMethod].each do |klass|
       klass.send(:include, OmniAuth::Identity::SecurePassword)
       expect(klass).to be_respond_to(:has_secure_password)
     end

data/spec/omniauth/strategies/identity_spec.rb

@@ -1,139 +1,253 @@
-class MockIdentity; end
-
-describe OmniAuth::Strategies::Identity do
+RSpec.describe OmniAuth::Strategies::Identity do
   attr_accessor :app
 
-  let(:auth_hash){ last_response.headers['env']['omniauth.auth'] }
-  let(:identity_hash){ last_response.headers['env']['omniauth.identity'] }
+  let(:auth_hash) { last_response.headers['env']['omniauth.auth'] }
+  let(:identity_hash) { last_response.headers['env']['omniauth.identity'] }
+  let(:identity_options) { {} }
+  let(:anon_ar) do
+    AnonymousActiveRecord.generate(
+      columns: %w[name provider],
+      connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
+    ) do
+      def balloon
+        '🎈'
+      end
+    end
+  end
 
   # customize rack app for testing, if block is given, reverts to default
   # rack app after testing is done
   def set_app!(identity_options = {})
-    identity_options = {:model => MockIdentity}.merge(identity_options)
-    old_app = self.app
+    old_app = app
     self.app = Rack::Builder.app do
       use Rack::Session::Cookie, secret: '1234567890qwertyuiop'
       use OmniAuth::Strategies::Identity, identity_options
-      run lambda{|env| [404, {'env' => env}, ["HELLO!"]]}
+      run ->(env) { [404, { 'env' => env }, ['HELLO!']] }
     end
     if block_given?
       yield
       self.app = old_app
     end
-    self.app
+    app
   end
 
-  before(:all) do
-    set_app!
+  before do
+    opts = identity_options.reverse_merge({ model: anon_ar })
+    set_app!(opts)
   end
 
   describe '#request_phase' do
-    it 'should display a form' do
-      get '/auth/identity'
-      expect(last_response.body).to be_include("<form")
+    context 'with default settings' do
+      let(:identity_options) { { model: anon_ar } }
+
+      it 'displays a form' do
+        get '/auth/identity'
+
+        expect(last_response.body).not_to eq('HELLO!')
+        expect(last_response.body).to be_include('<form')
+      end
+    end
+
+    context 'when login is enabled' do
+      context 'when registration is enabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: true, enable_login: true } }
+
+        it 'displays a form with a link to register' do
+          get '/auth/identity'
+
+          expect(last_response.body).not_to eq('HELLO!')
+          expect(last_response.body).to be_include('<form')
+          expect(last_response.body).to be_include('<a')
+          expect(last_response.body).to be_include('Create an Identity')
+        end
+      end
+
+      context 'when registration is disabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: false, enable_login: true } }
+
+        it 'displays a form without a link to register' do
+          get '/auth/identity'
+
+          expect(last_response.body).not_to eq('HELLO!')
+          expect(last_response.body).to be_include('<form')
+          expect(last_response.body).not_to be_include('<a')
+          expect(last_response.body).not_to be_include('Create an Identity')
+        end
+      end
+    end
+
+    context 'when login is disabled' do
+      context 'when registration is enabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: true, enable_login: false } }
+
+        it 'bypasses registration form' do
+          get '/auth/identity'
+
+          expect(last_response.body).to eq('HELLO!')
+          expect(last_response.body).not_to be_include('<form')
+          expect(last_response.body).not_to be_include('<a')
+          expect(last_response.body).not_to be_include('Create an Identity')
+        end
+      end
+
+      context 'when registration is disabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: false, enable_login: false } }
+
+        it 'displays a form without a link to register' do
+          get '/auth/identity'
+
+          expect(last_response.body).to eq('HELLO!')
+          expect(last_response.body).not_to be_include('<form')
+          expect(last_response.body).not_to be_include('<a')
+          expect(last_response.body).not_to be_include('Create an Identity')
+        end
+      end
     end
   end
 
   describe '#callback_phase' do
-    let(:user){ double(:uid => 'user1', :info => {'name' => 'Rockefeller'})}
+    let(:user) { double(uid: 'user1', info: { 'name' => 'Rockefeller' }) }
 
     context 'with valid credentials' do
       before do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        expect(MockIdentity).to receive('authenticate').with({'email' => 'john'},'awesome').and_return(user)
-        post '/auth/identity/callback', :auth_key => 'john', :password => 'awesome'
+        allow(anon_ar).to receive('auth_key').and_return('email')
+        expect(anon_ar).to receive('authenticate').with({ 'email' => 'john' }, 'awesome').and_return(user)
+        post '/auth/identity/callback', auth_key: 'john', password: 'awesome'
       end
 
-      it 'should populate the auth hash' do
+      it 'populates the auth hash' do
         expect(auth_hash).to be_kind_of(Hash)
       end
 
-      it 'should populate the uid' do
+      it 'populates the uid' do
         expect(auth_hash['uid']).to eq('user1')
       end
 
-      it 'should populate the info hash' do
-        expect(auth_hash['info']).to eq({'name' => 'Rockefeller'})
+      it 'populates the info hash' do
+        expect(auth_hash['info']).to eq({ 'name' => 'Rockefeller' })
       end
     end
 
     context 'with invalid credentials' do
       before do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        OmniAuth.config.on_failure = lambda{|env| [401, {}, [env['omniauth.error.type'].inspect]]}
-        expect(MockIdentity).to receive(:authenticate).with({'email' => 'wrong'},'login').and_return(false)
-        post '/auth/identity/callback', :auth_key => 'wrong', :password => 'login'
+        allow(anon_ar).to receive('auth_key').and_return('email')
+        OmniAuth.config.on_failure = ->(env) { [401, {}, [env['omniauth.error.type'].inspect]] }
+        expect(anon_ar).to receive(:authenticate).with({ 'email' => 'wrong' }, 'login').and_return(false)
+        post '/auth/identity/callback', auth_key: 'wrong', password: 'login'
       end
 
-      it 'should fail with :invalid_credentials' do
+      it 'fails with :invalid_credentials' do
         expect(last_response.body).to eq(':invalid_credentials')
       end
     end
 
     context 'with auth scopes' do
+      let(:identity_options) do
+        { model: anon_ar, locate_conditions: lambda { |req|
+                                               { model.auth_key => req['auth_key'], 'user_type' => 'admin' }
+                                             } }
+      end
 
-      it 'should evaluate and pass through conditions proc' do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        set_app!( :locate_conditions => lambda{|req| {model.auth_key => req['auth_key'], 'user_type' => 'admin'} } )
-        expect(MockIdentity).to receive('authenticate').with( {'email' => 'john', 'user_type' => 'admin'}, 'awesome' ).and_return(user)
-        post '/auth/identity/callback', :auth_key => 'john', :password => 'awesome'
+      it 'evaluates and pass through conditions proc' do
+        allow(anon_ar).to receive('auth_key').and_return('email')
+        expect(anon_ar).to receive('authenticate').with({ 'email' => 'john', 'user_type' => 'admin' },
+                                                        'awesome').and_return(user)
+        post '/auth/identity/callback', auth_key: 'john', password: 'awesome'
       end
     end
   end
 
   describe '#registration_form' do
-    it 'should trigger from /auth/identity/register by default' do
-      get '/auth/identity/register'
-      expect(last_response.body).to be_include("Register Identity")
+    context 'registration is enabled' do
+      it 'triggers from /auth/identity/register by default' do
+        get '/auth/identity/register'
+        expect(last_response.body).to be_include('Register Identity')
+      end
+    end
+
+    context 'registration is disabled' do
+      let(:identity_options) { { model: anon_ar, enable_registration: false } }
+
+      it 'calls app' do
+        get '/auth/identity/register'
+        expect(last_response.body).to be_include('HELLO!')
+      end
+    end
+
+    it 'supports methods other than GET and POST' do
+      head '/auth/identity/register'
+      expect(last_response.status).to eq(404)
     end
   end
 
   describe '#registration_phase' do
+    context 'registration is disabled' do
+      let(:identity_options) { { model: anon_ar, enable_registration: false } }
+
+      it 'calls app' do
+        post '/auth/identity/register'
+        expect(last_response.body).to eq('HELLO!')
+      end
+    end
+
     context 'with successful creation' do
-      let(:properties){ {
-        :name => 'Awesome Dude',
-        :email => 'awesome@example.com',
-        :password => 'face',
-        :password_confirmation => 'face'
-      } }
+      let(:properties) do
+        {
+          name: 'Awesome Dude',
+          email: 'awesome@example.com',
+          password: 'face',
+          password_confirmation: 'face',
+          provider: 'identity'
+        }
+      end
 
       before do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        m = double(:uid => 'abc', :name => 'Awesome Dude', :email => 'awesome@example.com', :info => {:name => 'DUUUUDE!'}, :persisted? => true)
-        expect(MockIdentity).to receive(:create).with(properties).and_return(m)
+        allow(anon_ar).to receive('auth_key').and_return('email')
+        m = double(uid: 'abc', name: 'Awesome Dude', email: 'awesome@example.com',
+                   info: { name: 'DUUUUDE!' }, persisted?: true)
+        expect(anon_ar).to receive(:create).with(properties).and_return(m)
       end
 
-      it 'should set the auth hash' do
+      it 'sets the auth hash' do
         post '/auth/identity/register', properties
         expect(auth_hash['uid']).to eq('abc')
       end
     end
 
     context 'with invalid identity' do
-      let(:properties) { {
-        :name => 'Awesome Dude', 
-        :email => 'awesome@example.com',
-        :password => 'NOT',
-        :password_confirmation => 'MATCHING'
-      } }
+      let(:properties) do
+        {
+          name: 'Awesome Dude',
+          email: 'awesome@example.com',
+          password: 'NOT',
+          password_confirmation: 'MATCHING',
+          provider: 'identity'
+        }
+      end
+      let(:invalid_identity) { double(persisted?: false) }
 
       before do
-        expect(MockIdentity).to receive(:create).with(properties).and_return(double(:persisted? => false))
+        expect(anon_ar).to receive(:create).with(properties).and_return(invalid_identity)
       end
 
       context 'default' do
-        it 'should show registration form' do
+        it 'shows registration form' do
           post '/auth/identity/register', properties
-          expect(last_response.body).to be_include("Register Identity")
+          expect(last_response.body).to be_include('Register Identity')
         end
       end
 
       context 'custom on_failed_registration endpoint' do
-        it 'should set the identity hash' do
-          set_app!(:on_failed_registration => lambda{|env| [404, {'env' => env}, ["HELLO!"]]}) do
-            post '/auth/identity/register', properties
-            expect(identity_hash).not_to be_nil
-          end
+        let(:identity_options) do
+          { model: anon_ar, on_failed_registration: lambda { |env|
+                                                      [404, { 'env' => env }, ["FAIL'DOH!"]]
+                                                    } }
+        end
+
+        it 'sets the identity hash' do
+          post '/auth/identity/register', properties
+          expect(identity_hash).to eq(invalid_identity)
+          expect(last_response.body).to be_include("FAIL'DOH!")
         end
       end
     end