omniauth-identity 3.0.1 → 3.0.6

data/lib/omniauth/identity/models/active_record.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'active_record'
 
 module OmniAuth

data/lib/omniauth/identity/models/couch_potato.rb

@@ -1,9 +1,12 @@
+# frozen_string_literal: true
+
 require 'couch_potato'
 
 module OmniAuth
   module Identity
     module Models
       # can not be named CouchPotato since there is a class with that name
+      # NOTE: CouchPotato is based on ActiveModel.
       module CouchPotatoModule
         def self.included(base)
           base.class_eval do

data/lib/omniauth/identity/models/mongoid.rb

@@ -1,8 +1,11 @@
+# frozen_string_literal: true
+
 require 'mongoid'
 
 module OmniAuth
   module Identity
     module Models
+      # NOTE: Mongoid is based on ActiveModel.
       module Mongoid
         def self.included(base)
           base.class_eval do

data/lib/omniauth/identity/models/no_brainer.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'nobrainer'
+
+module OmniAuth
+  module Identity
+    module Models
+      # http://nobrainer.io/ an ORM for RethinkDB
+      # NOTE: NoBrainer is based on ActiveModel.
+      module NoBrainer
+        def self.included(base)
+          base.class_eval do
+            include ::OmniAuth::Identity::Model
+            include ::OmniAuth::Identity::SecurePassword
+
+            has_secure_password
+
+            def self.auth_key=(key)
+              super
+              validates_uniqueness_of key, case_sensitive: false
+            end
+
+            def self.locate(search_hash)
+              where(search_hash).first
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/identity/models/sequel.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'nobrainer'
+
+module OmniAuth
+  module Identity
+    module Models
+      # http://sequel.jeremyevans.net/ an SQL ORM
+      # NOTE: Sequel is *not* based on ActiveModel, but supports the API we need, except for `persisted`:
+      # * create
+      # * save, but save is deprecated in favor of `save_changes`
+      module Sequel
+        def self.included(base)
+          base.class_eval do
+            # NOTE: Using the deprecated :validations_class_methods because it defines
+            #       validates_confirmation_of, while current :validation_helpers does not.
+            # plugin :validation_helpers
+            plugin :validation_class_methods
+
+            include OmniAuth::Identity::Model
+            include ::OmniAuth::Identity::SecurePassword
+
+            has_secure_password
+
+            alias_method :persisted?, :valid?
+
+            def self.auth_key=(key)
+              super
+              validates_uniqueness_of :key, case_sensitive: false
+            end
+
+            def self.locate(search_hash)
+              where(search_hash).first
+            end
+
+            def persisted?
+              exists?
+            end
+
+            def save
+              save_changes
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/identity/secure_password.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bcrypt'
 
 module OmniAuth

data/lib/omniauth/strategies/identity.rb

@@ -1,33 +1,36 @@
+# frozen_string_literal: true
+
 module OmniAuth
   module Strategies
     # The identity strategy allows you to provide simple internal
     # user authentication using the same process flow that you
     # use for external OmniAuth providers.
     class Identity
+      DEFAULT_REGISTRATION_FIELDS = %i[password password_confirmation].freeze
       include OmniAuth::Strategy
-
       option :fields, %i[name email]
-      option :enable_login, true # See #other_phase documentation
-      option :on_login, nil
-      option :on_registration, nil
-      option :on_failed_registration, nil
-      option :enable_registration, true
+
+      # Primary Feature Switches:
+      option :enable_registration, true   # See #other_phase and #request_phase
+      option :enable_login, true          # See #other_phase
+
+      # Customization Options:
+      option :on_login, nil               # See #request_phase
+      option :on_validation, nil          # See #registration_phase
+      option :on_registration, nil        # See #registration_phase
+      option :on_failed_registration, nil # See #registration_phase
       option :locate_conditions, ->(req) { { model.auth_key => req['auth_key'] } }
+      option :create_identity_link_text, 'Create an Identity'
+      option :registration_failure_message, 'One or more fields were invalid'
+      option :validation_failure_message, 'Validation failed'
+      option :title, 'Identity Verification' # Title for Login Form
+      option :registration_form_title, 'Register Identity' # Title for Registration Form
 
       def request_phase
         if options[:on_login]
           options[:on_login].call(env)
         else
-          OmniAuth::Form.build(
-            title: (options[:title] || 'Identity Verification'),
-            url: callback_path
-          ) do |f|
-            f.text_field 'Login', 'auth_key'
-            f.password_field 'Password', 'password'
-            if options[:enable_registration]
-              f.html "<p align='center'><a href='#{registration_path}'>Create an Identity</a></p>"
-            end
-          end.to_response
+          build_omniauth_login_form.to_response
         end
       end
 
@@ -58,36 +61,32 @@ module OmniAuth
         end
       end
 
-      def registration_form
+      def registration_form(validation_message = nil)
         if options[:on_registration]
           options[:on_registration].call(env)
         else
-          OmniAuth::Form.build(title: 'Register Identity') do |f|
-            options[:fields].each do |field|
-              f.text_field field.to_s.capitalize, field.to_s
-            end
-            f.password_field 'Password', 'password'
-            f.password_field 'Confirm Password', 'password_confirmation'
-          end.to_response
+          build_omniauth_registration_form(validation_message).to_response
         end
       end
 
       def registration_phase
-        attributes = (options[:fields] + %i[password password_confirmation]).each_with_object({}) do |k, h|
+        attributes = (options[:fields] + DEFAULT_REGISTRATION_FIELDS).each_with_object({}) do |k, h|
           h[k] = request[k.to_s]
         end
         if model.respond_to?(:column_names) && model.column_names.include?('provider')
           attributes.reverse_merge!(provider: 'identity')
         end
-        @identity = model.create(attributes)
-        if @identity.persisted?
-          env['PATH_INFO'] = callback_path
-          callback_phase
-        elsif options[:on_failed_registration]
+        @identity = model.new(attributes)
+        if saving_instead_of_creating?
           env['omniauth.identity'] = @identity
-          options[:on_failed_registration].call(env)
+          if !validating? || valid?
+            @identity.save
+            registration_result
+          else
+            registration_failure(options[:validation_failure_message])
+          end
         else
-          registration_form
+          deprecated_registration(attributes)
         end
       end
 
@@ -115,6 +114,80 @@ module OmniAuth
       def model
         options[:model] || ::Identity
       end
+
+      private
+
+      def build_omniauth_login_form
+        OmniAuth::Form.build(
+          title: options[:title],
+          url: callback_path
+        ) do |f|
+          f.text_field 'Login', 'auth_key'
+          f.password_field 'Password', 'password'
+          if options[:enable_registration]
+            f.html "<p align='center'><a href='#{registration_path}'>#{options[:create_identity_link_text]}</a></p>"
+          end
+        end
+      end
+
+      def build_omniauth_registration_form(validation_message)
+        OmniAuth::Form.build(title: options[:registration_form_title]) do |f|
+          f.html "<p style='color:red'>#{validation_message}</p>" if validation_message
+          options[:fields].each do |field|
+            f.text_field field.to_s.capitalize, field.to_s
+          end
+          f.password_field 'Password', 'password'
+          f.password_field 'Confirm Password', 'password_confirmation'
+        end
+      end
+
+      def saving_instead_of_creating?
+        @identity.respond_to?(:save) && @identity.respond_to?(:persisted?)
+      end
+
+      # Validates the model before it is persisted
+      #
+      # @return [truthy or falsey] :on_validation option is truthy or falsey
+      def validating?
+        !!options[:on_validation]
+      end
+
+      # Validates the model before it is persisted
+      #
+      # @return [true or false] result of :on_validation call
+      def valid?
+        # on_validation may run a Captcha or other validation mechanism
+        # Must return true when validation passes, false otherwise
+        !!options[:on_validation].call(env: env)
+      end
+
+      def registration_failure(message)
+        if options[:on_failed_registration]
+          options[:on_failed_registration].call(env)
+        else
+          registration_form(message)
+        end
+      end
+
+      def registration_result
+        if @identity.persisted?
+          env['PATH_INFO'] = callback_path
+          callback_phase
+        else
+          registration_failure(options[:registration_failure_message])
+        end
+      end
+
+      def deprecated_registration(attributes)
+        warn <<~CREATEDEP
+          [DEPRECATION] Please define '#{model.class}#save'.
+                        Behavior based on '#{model.class}.create' will be removed in omniauth-identity v4.0.
+                        See lib/omniauth/identity/model.rb
+        CREATEDEP
+        @identity = model.create(attributes)
+        env['omniauth.identity'] = @identity
+        registration_result
+      end
     end
   end
 end

data/spec/omniauth/identity/model_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class ExampleModel
   include OmniAuth::Identity::Model
 end

data/spec/omniauth/identity/models/active_record_spec.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 RSpec.describe(OmniAuth::Identity::Models::ActiveRecord, db: true) do
   describe 'model', type: :model do
     subject(:model_klass) do
       AnonymousActiveRecord.generate(
         parent_klass: 'OmniAuth::Identity::Models::ActiveRecord',
-        columns: %w[name provider],
+        columns: OmniAuth::Identity::Model::SCHEMA_ATTRIBUTES | %w[provider password_digest],
         connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
       ) do
         def flower

data/spec/omniauth/identity/models/couch_potato_spec.rb

@@ -1,10 +1,14 @@
-RSpec.describe(OmniAuth::Identity::Models::CouchPotatoModule, db: true) do
-  class CouchPotatoTestIdentity
-    include CouchPotato::Persistence
-    include OmniAuth::Identity::Models::CouchPotatoModule
-    auth_key :ham_sandwich
-  end
+# frozen_string_literal: true
+
+require 'couch_potato'
 
+class CouchPotatoTestIdentity
+  include CouchPotato::Persistence
+  include OmniAuth::Identity::Models::CouchPotatoModule
+  auth_key :ham_sandwich
+end
+
+RSpec.describe(OmniAuth::Identity::Models::CouchPotatoModule, db: true) do
   describe 'model', type: :model do
     subject { CouchPotatoTestIdentity }
 

data/spec/omniauth/identity/models/mongoid_spec.rb

@@ -1,11 +1,15 @@
-RSpec.describe(OmniAuth::Identity::Models::Mongoid, db: true) do
-  class MongoidTestIdentity
-    include Mongoid::Document
-    include OmniAuth::Identity::Models::Mongoid
-    auth_key :ham_sandwich
-    store_in database: 'db1', collection: 'mongoid_test_identities', client: 'secondary'
-  end
+# frozen_string_literal: true
+
+require 'mongoid'
 
+class MongoidTestIdentity
+  include Mongoid::Document
+  include OmniAuth::Identity::Models::Mongoid
+  auth_key :ham_sandwich
+  store_in database: 'db1', collection: 'mongoid_test_identities', client: 'secondary'
+end
+
+RSpec.describe(OmniAuth::Identity::Models::Mongoid, db: true) do
   describe 'model', type: :model do
     subject { MongoidTestIdentity }
 

data/spec/omniauth/identity/models/no_brainer_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'nobrainer'
+
+class NobrainerTestIdentity
+  include NoBrainer::Document
+  include OmniAuth::Identity::Models::NoBrainer
+  auth_key :ham_sandwich
+end
+
+RSpec.describe(OmniAuth::Identity::Models::NoBrainer, db: true) do
+  it 'delegates locate to the where query method' do
+    allow(NobrainerTestIdentity).to receive(:where).with('ham_sandwich' => 'open faced',
+                                                         'category' => 'sandwiches').and_return(['wakka'])
+    expect(NobrainerTestIdentity.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
+  end
+end

data/spec/omniauth/identity/models/sequel_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'sequel'
+# Connect to an in-memory sqlite3 database.
+DB = Sequel.sqlite
+DB.create_table :sequel_test_identities do
+  primary_key :id
+  String :ham_sandwich, null: false
+  String :password_digest, null: false
+end
+
+class SequelTestIdentity < Sequel::Model
+  include OmniAuth::Identity::Models::Sequel
+  auth_key :ham_sandwich
+end
+
+RSpec.describe(OmniAuth::Identity::Models::Sequel, db: true) do
+  it 'delegates locate to the where query method' do
+    allow(SequelTestIdentity).to receive(:where).with('ham_sandwich' => 'open faced',
+                                                      'category' => 'sandwiches').and_return(['wakka'])
+    expect(SequelTestIdentity.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
+  end
+end

data/spec/omniauth/identity/secure_password_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class HasTheMethod
   def self.has_secure_password; end
 end
@@ -8,17 +10,17 @@ end
 RSpec.describe OmniAuth::Identity::SecurePassword do
   it 'extends with the class methods if it does not have the method' do
     expect(DoesNotHaveTheMethod).to receive(:extend).with(OmniAuth::Identity::SecurePassword::ClassMethods)
-    DoesNotHaveTheMethod.include OmniAuth::Identity::SecurePassword
+    DoesNotHaveTheMethod.include described_class
   end
 
   it 'does not extend if the method is already defined' do
     expect(HasTheMethod).not_to receive(:extend)
-    HasTheMethod.include OmniAuth::Identity::SecurePassword
+    HasTheMethod.include described_class
   end
 
   it 'responds to has_secure_password afterwards' do
     [HasTheMethod, DoesNotHaveTheMethod].each do |klass|
-      klass.send(:include, OmniAuth::Identity::SecurePassword)
+      klass.send(:include, described_class)
       expect(klass).to be_respond_to(:has_secure_password)
     end
   end

data/spec/omniauth/strategies/identity_spec.rb

@@ -1,12 +1,16 @@
+# frozen_string_literal: true
+
 RSpec.describe OmniAuth::Strategies::Identity do
   attr_accessor :app
 
-  let(:auth_hash) { last_response.headers['env']['omniauth.auth'] }
-  let(:identity_hash) { last_response.headers['env']['omniauth.identity'] }
+  let(:env_hash) { last_response.headers['env'] }
+  let(:auth_hash) { env_hash['omniauth.auth'] }
+  let(:identity_hash) { env_hash['omniauth.identity'] }
   let(:identity_options) { {} }
   let(:anon_ar) do
     AnonymousActiveRecord.generate(
-      columns: %w[name provider],
+      parent_klass: 'OmniAuth::Identity::Models::ActiveRecord',
+      columns: OmniAuth::Identity::Model::SCHEMA_ATTRIBUTES | %w[provider password_digest],
       connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
     ) do
       def balloon
@@ -190,7 +194,7 @@ RSpec.describe OmniAuth::Strategies::Identity do
       end
     end
 
-    context 'with successful creation' do
+    context 'with good identity' do
       let(:properties) do
         {
           name: 'Awesome Dude',
@@ -201,20 +205,71 @@ RSpec.describe OmniAuth::Strategies::Identity do
         }
       end
 
-      before do
-        allow(anon_ar).to receive('auth_key').and_return('email')
-        m = double(uid: 'abc', name: 'Awesome Dude', email: 'awesome@example.com',
-                   info: { name: 'DUUUUDE!' }, persisted?: true)
-        expect(anon_ar).to receive(:create).with(properties).and_return(m)
-      end
-
       it 'sets the auth hash' do
         post '/auth/identity/register', properties
-        expect(auth_hash['uid']).to eq('abc')
+        expect(auth_hash['uid']).to match(/\d+/)
+        expect(auth_hash['provider']).to eq('identity')
+      end
+
+      context 'with on_validation proc' do
+        let(:identity_options) do
+          { model: anon_ar, on_validation: on_validation_proc }
+        end
+        let(:on_validation_proc) do
+          lambda { |_env|
+            false
+          }
+        end
+
+        context 'when validation fails' do
+          it 'does not set the env hash' do
+            post '/auth/identity/register', properties
+            expect(env_hash).to eq(nil)
+          end
+
+          it 'renders registration form' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).to be_include(described_class.default_options[:registration_form_title])
+          end
+
+          it 'displays validation failure message' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).to be_include(described_class.default_options[:validation_failure_message])
+          end
+        end
+
+        context 'when validation succeeds' do
+          let(:on_validation_proc) do
+            lambda { |_env|
+              true
+            }
+          end
+
+          it 'sets the auth hash' do
+            post '/auth/identity/register', properties
+            expect(auth_hash['uid']).to match(/\d+/)
+            expect(auth_hash['provider']).to eq('identity')
+          end
+
+          it 'does not render registration form' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).not_to be_include(described_class.default_options[:registration_form_title])
+          end
+
+          it 'does not display validation failure message' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).not_to be_include(described_class.default_options[:validation_failure_message])
+          end
+
+          it 'does not display registration failure message' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).not_to be_include(described_class.default_options[:registration_failure_message])
+          end
+        end
       end
     end
 
-    context 'with invalid identity' do
+    context 'with bad identity' do
       let(:properties) do
         {
           name: 'Awesome Dude',
@@ -224,16 +279,17 @@ RSpec.describe OmniAuth::Strategies::Identity do
           provider: 'identity'
         }
       end
-      let(:invalid_identity) { double(persisted?: false) }
+      let(:invalid_identity) { double(persisted?: false, save: false) }
 
       before do
-        expect(anon_ar).to receive(:create).with(properties).and_return(invalid_identity)
+        expect(anon_ar).to receive(:new).with(properties).and_return(invalid_identity)
       end
 
       context 'default' do
         it 'shows registration form' do
           post '/auth/identity/register', properties
           expect(last_response.body).to be_include('Register Identity')
+          expect(last_response.body).to be_include('One or more fields were invalid')
         end
       end
 
@@ -248,6 +304,63 @@ RSpec.describe OmniAuth::Strategies::Identity do
           post '/auth/identity/register', properties
           expect(identity_hash).to eq(invalid_identity)
           expect(last_response.body).to be_include("FAIL'DOH!")
+          expect(last_response.body).not_to be_include('One or more fields were invalid')
+        end
+      end
+
+      context 'with on_validation proc' do
+        let(:identity_options) do
+          { model: anon_ar, on_validation: on_validation_proc }
+        end
+        let(:on_validation_proc) do
+          lambda { |_env|
+            false
+          }
+        end
+
+        context 'when validation fails' do
+          it 'does not set the env hash' do
+            post '/auth/identity/register', properties
+            expect(env_hash).to eq(nil)
+          end
+
+          it 'renders registration form' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).to be_include(described_class.default_options[:registration_form_title])
+          end
+
+          it 'displays validation failure message' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).to be_include(described_class.default_options[:validation_failure_message])
+          end
+        end
+
+        context 'when validation succeeds' do
+          let(:on_validation_proc) do
+            lambda { |_env|
+              true
+            }
+          end
+
+          it 'does not set the env hash' do
+            post '/auth/identity/register', properties
+            expect(env_hash).to eq(nil)
+          end
+
+          it 'renders registration form' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).to be_include(described_class.default_options[:registration_form_title])
+          end
+
+          it 'does not display validation failure message' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).not_to be_include(described_class.default_options[:validation_failure_message])
+          end
+
+          it 'display registration failure message' do
+            post '/auth/identity/register', properties
+            expect(last_response.body).to be_include(described_class.default_options[:registration_failure_message])
+          end
         end
       end
     end