railsware-authlogic 2.1.6.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (126) hide show
  1. data/.gitignore +9 -0
  2. data/CHANGELOG.rdoc +345 -0
  3. data/LICENSE +20 -0
  4. data/README.rdoc +246 -0
  5. data/Rakefile +41 -0
  6. data/VERSION.yml +5 -0
  7. data/authlogic.gemspec +216 -0
  8. data/generators/session/session_generator.rb +9 -0
  9. data/generators/session/templates/session.rb +2 -0
  10. data/init.rb +1 -0
  11. data/lib/authlogic.rb +64 -0
  12. data/lib/authlogic/acts_as_authentic/base.rb +107 -0
  13. data/lib/authlogic/acts_as_authentic/email.rb +110 -0
  14. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +65 -0
  15. data/lib/authlogic/acts_as_authentic/login.rb +141 -0
  16. data/lib/authlogic/acts_as_authentic/magic_columns.rb +24 -0
  17. data/lib/authlogic/acts_as_authentic/password.rb +355 -0
  18. data/lib/authlogic/acts_as_authentic/perishable_token.rb +105 -0
  19. data/lib/authlogic/acts_as_authentic/persistence_token.rb +68 -0
  20. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +61 -0
  21. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +139 -0
  22. data/lib/authlogic/acts_as_authentic/single_access_token.rb +65 -0
  23. data/lib/authlogic/acts_as_authentic/validations_scope.rb +32 -0
  24. data/lib/authlogic/authenticates_many/association.rb +42 -0
  25. data/lib/authlogic/authenticates_many/base.rb +55 -0
  26. data/lib/authlogic/controller_adapters/abstract_adapter.rb +67 -0
  27. data/lib/authlogic/controller_adapters/merb_adapter.rb +30 -0
  28. data/lib/authlogic/controller_adapters/rails_adapter.rb +48 -0
  29. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +61 -0
  30. data/lib/authlogic/crypto_providers/aes256.rb +43 -0
  31. data/lib/authlogic/crypto_providers/bcrypt.rb +90 -0
  32. data/lib/authlogic/crypto_providers/md5.rb +34 -0
  33. data/lib/authlogic/crypto_providers/sha1.rb +35 -0
  34. data/lib/authlogic/crypto_providers/sha256.rb +50 -0
  35. data/lib/authlogic/crypto_providers/sha512.rb +50 -0
  36. data/lib/authlogic/crypto_providers/wordpress.rb +43 -0
  37. data/lib/authlogic/i18n.rb +83 -0
  38. data/lib/authlogic/i18n/translator.rb +15 -0
  39. data/lib/authlogic/random.rb +33 -0
  40. data/lib/authlogic/regex.rb +25 -0
  41. data/lib/authlogic/session/activation.rb +58 -0
  42. data/lib/authlogic/session/active_record_trickery.rb +64 -0
  43. data/lib/authlogic/session/base.rb +37 -0
  44. data/lib/authlogic/session/brute_force_protection.rb +96 -0
  45. data/lib/authlogic/session/callbacks.rb +99 -0
  46. data/lib/authlogic/session/cookies.rb +130 -0
  47. data/lib/authlogic/session/existence.rb +93 -0
  48. data/lib/authlogic/session/foundation.rb +71 -0
  49. data/lib/authlogic/session/http_auth.rb +58 -0
  50. data/lib/authlogic/session/id.rb +41 -0
  51. data/lib/authlogic/session/klass.rb +78 -0
  52. data/lib/authlogic/session/magic_columns.rb +95 -0
  53. data/lib/authlogic/session/magic_states.rb +59 -0
  54. data/lib/authlogic/session/params.rb +101 -0
  55. data/lib/authlogic/session/password.rb +240 -0
  56. data/lib/authlogic/session/perishable_token.rb +18 -0
  57. data/lib/authlogic/session/persistence.rb +70 -0
  58. data/lib/authlogic/session/priority_record.rb +34 -0
  59. data/lib/authlogic/session/scopes.rb +101 -0
  60. data/lib/authlogic/session/session.rb +62 -0
  61. data/lib/authlogic/session/timeout.rb +82 -0
  62. data/lib/authlogic/session/unauthorized_record.rb +50 -0
  63. data/lib/authlogic/session/validation.rb +82 -0
  64. data/lib/authlogic/test_case.rb +120 -0
  65. data/lib/authlogic/test_case/mock_controller.rb +45 -0
  66. data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -0
  67. data/lib/authlogic/test_case/mock_logger.rb +10 -0
  68. data/lib/authlogic/test_case/mock_request.rb +19 -0
  69. data/lib/authlogic/test_case/rails_request_adapter.rb +30 -0
  70. data/rails/init.rb +1 -0
  71. data/shoulda_macros/authlogic.rb +69 -0
  72. data/test/acts_as_authentic_test/base_test.rb +18 -0
  73. data/test/acts_as_authentic_test/email_test.rb +101 -0
  74. data/test/acts_as_authentic_test/logged_in_status_test.rb +36 -0
  75. data/test/acts_as_authentic_test/login_test.rb +109 -0
  76. data/test/acts_as_authentic_test/magic_columns_test.rb +27 -0
  77. data/test/acts_as_authentic_test/password_test.rb +236 -0
  78. data/test/acts_as_authentic_test/perishable_token_test.rb +90 -0
  79. data/test/acts_as_authentic_test/persistence_token_test.rb +55 -0
  80. data/test/acts_as_authentic_test/restful_authentication_test.rb +40 -0
  81. data/test/acts_as_authentic_test/session_maintenance_test.rb +84 -0
  82. data/test/acts_as_authentic_test/single_access_test.rb +44 -0
  83. data/test/authenticates_many_test.rb +16 -0
  84. data/test/crypto_provider_test/aes256_test.rb +14 -0
  85. data/test/crypto_provider_test/bcrypt_test.rb +14 -0
  86. data/test/crypto_provider_test/sha1_test.rb +23 -0
  87. data/test/crypto_provider_test/sha256_test.rb +14 -0
  88. data/test/crypto_provider_test/sha512_test.rb +14 -0
  89. data/test/fixtures/companies.yml +5 -0
  90. data/test/fixtures/employees.yml +17 -0
  91. data/test/fixtures/projects.yml +3 -0
  92. data/test/fixtures/users.yml +24 -0
  93. data/test/i18n_test.rb +33 -0
  94. data/test/libs/affiliate.rb +7 -0
  95. data/test/libs/company.rb +6 -0
  96. data/test/libs/employee.rb +7 -0
  97. data/test/libs/employee_session.rb +2 -0
  98. data/test/libs/ldaper.rb +3 -0
  99. data/test/libs/ordered_hash.rb +9 -0
  100. data/test/libs/project.rb +3 -0
  101. data/test/libs/user.rb +5 -0
  102. data/test/libs/user_session.rb +6 -0
  103. data/test/random_test.rb +42 -0
  104. data/test/session_test/activation_test.rb +43 -0
  105. data/test/session_test/active_record_trickery_test.rb +36 -0
  106. data/test/session_test/brute_force_protection_test.rb +101 -0
  107. data/test/session_test/callbacks_test.rb +6 -0
  108. data/test/session_test/cookies_test.rb +112 -0
  109. data/test/session_test/credentials_test.rb +0 -0
  110. data/test/session_test/existence_test.rb +64 -0
  111. data/test/session_test/http_auth_test.rb +28 -0
  112. data/test/session_test/id_test.rb +17 -0
  113. data/test/session_test/klass_test.rb +40 -0
  114. data/test/session_test/magic_columns_test.rb +62 -0
  115. data/test/session_test/magic_states_test.rb +60 -0
  116. data/test/session_test/params_test.rb +53 -0
  117. data/test/session_test/password_test.rb +106 -0
  118. data/test/session_test/perishability_test.rb +15 -0
  119. data/test/session_test/persistence_test.rb +21 -0
  120. data/test/session_test/scopes_test.rb +60 -0
  121. data/test/session_test/session_test.rb +59 -0
  122. data/test/session_test/timeout_test.rb +52 -0
  123. data/test/session_test/unauthorized_record_test.rb +13 -0
  124. data/test/session_test/validation_test.rb +23 -0
  125. data/test/test_helper.rb +182 -0
  126. metadata +255 -0
@@ -0,0 +1,44 @@
1
+ require 'test_helper'
2
+
3
+ module ActsAsAuthenticTest
4
+ class SingleAccessTest < ActiveSupport::TestCase
5
+ def test_change_single_access_token_with_password_config
6
+ assert !User.change_single_access_token_with_password
7
+ assert !Employee.change_single_access_token_with_password
8
+
9
+ User.change_single_access_token_with_password = true
10
+ assert User.change_single_access_token_with_password
11
+ User.change_single_access_token_with_password false
12
+ assert !User.change_single_access_token_with_password
13
+ end
14
+
15
+ def test_validates_uniqueness_of_single_access_token
16
+ u = User.new
17
+ u.single_access_token = users(:ben).single_access_token
18
+ assert !u.valid?
19
+ assert u.errors[:single_access_token].size > 0
20
+ end
21
+
22
+ def test_before_validation_reset_single_access_token
23
+ u = User.new
24
+ assert !u.valid?
25
+ assert_not_nil u.single_access_token
26
+ end
27
+
28
+ def test_after_password_set_reset_single_access_token
29
+ User.change_single_access_token_with_password = true
30
+
31
+ ben = users(:ben)
32
+ old_single_access_token = ben.single_access_token
33
+ ben.password = "new_pass"
34
+ assert_not_equal old_single_access_token, ben.single_access_token
35
+
36
+ User.change_single_access_token_with_password = false
37
+ end
38
+
39
+ def test_after_password_set_is_not_called
40
+ ldaper = Ldaper.new
41
+ assert ldaper.save
42
+ end
43
+ end
44
+ end
@@ -0,0 +1,16 @@
1
+ require 'test_helper'
2
+
3
+ class AuthenticatesManyTest < ActiveSupport::TestCase
4
+ def test_scoping
5
+ zack = users(:zack)
6
+ ben = users(:ben)
7
+ binary_logic = companies(:binary_logic)
8
+ set_session_for(zack)
9
+
10
+ assert !binary_logic.user_sessions.find
11
+
12
+ set_session_for(ben)
13
+
14
+ assert binary_logic.user_sessions.find
15
+ end
16
+ end
@@ -0,0 +1,14 @@
1
+ require 'test_helper'
2
+
3
+ module CryptoProviderTest
4
+ class AES256Test < ActiveSupport::TestCase
5
+ def test_encrypt
6
+ assert Authlogic::CryptoProviders::AES256.encrypt("mypass")
7
+ end
8
+
9
+ def test_matches
10
+ hash = Authlogic::CryptoProviders::AES256.encrypt("mypass")
11
+ assert Authlogic::CryptoProviders::AES256.matches?(hash, "mypass")
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,14 @@
1
+ require 'test_helper'
2
+
3
+ module CryptoProviderTest
4
+ class BCrpytTest < ActiveSupport::TestCase
5
+ def test_encrypt
6
+ assert Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
7
+ end
8
+
9
+ def test_matches
10
+ hash = Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
11
+ assert Authlogic::CryptoProviders::BCrypt.matches?(hash, "mypass")
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,23 @@
1
+ require 'test_helper'
2
+
3
+ module CryptoProviderTest
4
+ class Sha1Test < ActiveSupport::TestCase
5
+ def test_encrypt
6
+ assert Authlogic::CryptoProviders::Sha1.encrypt("mypass")
7
+ end
8
+
9
+ def test_matches
10
+ hash = Authlogic::CryptoProviders::Sha1.encrypt("mypass")
11
+ assert Authlogic::CryptoProviders::Sha1.matches?(hash, "mypass")
12
+ end
13
+
14
+ def test_old_restful_authentication_passwords
15
+ password = "test"
16
+ salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
17
+ digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
18
+ Authlogic::CryptoProviders::Sha1.stretches = 1
19
+ assert Authlogic::CryptoProviders::Sha1.matches?(digest, nil, salt, password, nil)
20
+ Authlogic::CryptoProviders::Sha1.stretches = 10
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,14 @@
1
+ require 'test_helper'
2
+
3
+ module CryptoProviderTest
4
+ class Sha256Test < ActiveSupport::TestCase
5
+ def test_encrypt
6
+ assert Authlogic::CryptoProviders::Sha256.encrypt("mypass")
7
+ end
8
+
9
+ def test_matches
10
+ hash = Authlogic::CryptoProviders::Sha256.encrypt("mypass")
11
+ assert Authlogic::CryptoProviders::Sha256.matches?(hash, "mypass")
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,14 @@
1
+ require 'test_helper'
2
+
3
+ module CryptoProviderTest
4
+ class Sha512Test < ActiveSupport::TestCase
5
+ def test_encrypt
6
+ assert Authlogic::CryptoProviders::Sha512.encrypt("mypass")
7
+ end
8
+
9
+ def test_matches
10
+ hash = Authlogic::CryptoProviders::Sha512.encrypt("mypass")
11
+ assert Authlogic::CryptoProviders::Sha512.matches?(hash, "mypass")
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,5 @@
1
+ binary_logic:
2
+ name: Binary Logic
3
+
4
+ logic_over_data:
5
+ name: Logic Over Data
@@ -0,0 +1,17 @@
1
+ drew:
2
+ company: binary_logic
3
+ email: dgainor@binarylogic.com
4
+ password_salt: <%= salt = Authlogic::Random.hex_token %>
5
+ crypted_password: '<%= Employee.crypto_provider.encrypt("drewrocks" + salt) %>'
6
+ persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
7
+ first_name: Drew
8
+ last_name: Gainor
9
+
10
+ jennifer:
11
+ company: logic_over_data
12
+ email: jjohnson@logicoverdata.com
13
+ password_salt: <%= salt = Authlogic::Random.hex_token %>
14
+ crypted_password: '<%= Employee.crypto_provider.encrypt("jenniferocks" + salt) %>'
15
+ persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
16
+ first_name: Jennifer
17
+ last_name: Johnson
@@ -0,0 +1,3 @@
1
+ web_services:
2
+ name: web services
3
+ users: ben, zack
@@ -0,0 +1,24 @@
1
+ ben:
2
+ company: binary_logic
3
+ projects: web_services
4
+ login: bjohnson
5
+ password_salt: <%= salt = Authlogic::Random.hex_token %>
6
+ crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
7
+ persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
8
+ single_access_token: <%= Authlogic::Random.friendly_token %>
9
+ perishable_token: <%= Authlogic::Random.friendly_token %>
10
+ email: bjohnson@binarylogic.com
11
+ first_name: Ben
12
+ last_name: Johnson
13
+
14
+ zack:
15
+ company: logic_over_data
16
+ projects: web_services
17
+ login: zackham
18
+ password_salt: <%= salt = Authlogic::Random.hex_token %>
19
+ crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
20
+ persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
21
+ single_access_token: <%= Authlogic::Random.friendly_token %>
22
+ email: zham@ziggityzack.com
23
+ first_name: Zack
24
+ last_name: Ham
data/test/i18n_test.rb ADDED
@@ -0,0 +1,33 @@
1
+ require 'test_helper'
2
+
3
+ class I18nTest < ActiveSupport::TestCase
4
+ def test_uses_authlogic_as_scope_by_default
5
+ assert_equal :authlogic, Authlogic::I18n.scope
6
+ end
7
+
8
+ def test_can_set_scope
9
+ assert_nothing_raised { Authlogic::I18n.scope = [:a, :b] }
10
+ assert_equal [:a, :b], Authlogic::I18n.scope
11
+ Authlogic::I18n.scope = :authlogic
12
+ end
13
+
14
+ def test_uses_built_in_translator_by_default
15
+ assert_equal Authlogic::I18n::Translator, Authlogic::I18n.translator.class
16
+ end
17
+
18
+ def test_can_set_custom_translator
19
+ old_translator = Authlogic::I18n.translator
20
+
21
+ assert_nothing_raised do
22
+ Authlogic::I18n.translator = Class.new do
23
+ def translate(key, options = {})
24
+ "Translated: #{key}"
25
+ end
26
+ end.new
27
+ end
28
+
29
+ assert_equal "Translated: x", Authlogic::I18n.translate(:x)
30
+
31
+ Authlogic::I18n.translator = old_translator
32
+ end
33
+ end
@@ -0,0 +1,7 @@
1
+ class Affiliate < ActiveRecord::Base
2
+ acts_as_authentic do |c|
3
+ c.crypted_password_field = :pw_hash
4
+ end
5
+
6
+ belongs_to :company
7
+ end
@@ -0,0 +1,6 @@
1
+ class Company < ActiveRecord::Base
2
+ authenticates_many :employee_sessions
3
+ authenticates_many :user_sessions
4
+ has_many :employees, :dependent => :destroy
5
+ has_many :users, :dependent => :destroy
6
+ end
@@ -0,0 +1,7 @@
1
+ class Employee < ActiveRecord::Base
2
+ acts_as_authentic do |c|
3
+ c.crypto_provider Authlogic::CryptoProviders::AES256
4
+ end
5
+
6
+ belongs_to :company
7
+ end
@@ -0,0 +1,2 @@
1
+ class EmployeeSession < Authlogic::Session::Base
2
+ end
@@ -0,0 +1,3 @@
1
+ class Ldaper < ActiveRecord::Base
2
+ acts_as_authentic
3
+ end
@@ -0,0 +1,9 @@
1
+ class Hash
2
+ def each(&block)
3
+ sorted_keys = keys.sort { |a, b| a.to_s <=> b.to_s }
4
+ sorted_keys.each do |key|
5
+ yield key, self[key]
6
+ end
7
+ self
8
+ end
9
+ end
@@ -0,0 +1,3 @@
1
+ class Project < ActiveRecord::Base
2
+ has_and_belongs_to_many :users
3
+ end
data/test/libs/user.rb ADDED
@@ -0,0 +1,5 @@
1
+ class User < ActiveRecord::Base
2
+ acts_as_authentic
3
+ belongs_to :company
4
+ has_and_belongs_to_many :projects
5
+ end
@@ -0,0 +1,6 @@
1
+ class UserSession < Authlogic::Session::Base
2
+ end
3
+
4
+ class BackOfficeUserSession < Authlogic::Session::Base
5
+ authenticate_with User
6
+ end
@@ -0,0 +1,42 @@
1
+ require 'test_helper'
2
+
3
+ class RandomTest < ActiveSupport::TestCase
4
+ def test_random_tokens_are_indeed_random
5
+ # this might fail if you are *really* unlucky :)
6
+ with_any_random do
7
+ assert_not_equal Authlogic::Random.hex_token, Authlogic::Random.hex_token
8
+ assert_not_equal Authlogic::Random.friendly_token, Authlogic::Random.friendly_token
9
+ end
10
+ end
11
+
12
+ private
13
+ def with_any_random(&block)
14
+ [true, false].each {|val| with_secure_random_enabled(val, &block)}
15
+ end
16
+
17
+ def with_secure_random_enabled(enabled = true)
18
+ # can't really test SecureRandom if we don't have an implementation
19
+ return if enabled && !Authlogic::Random::SecureRandom
20
+
21
+ current_sec_rand = Authlogic::Random::SecureRandom
22
+ reload_authlogic_with_sec_random!(current_sec_rand, enabled)
23
+
24
+ yield
25
+ ensure
26
+ reload_authlogic_with_sec_random!(current_sec_rand)
27
+ end
28
+
29
+ def reload_authlogic_with_sec_random!(secure_random, enabled = true)
30
+ silence_warnings do
31
+ secure_random.parent.const_set(secure_random.name.sub("#{secure_random.parent}::", ''), enabled ? secure_random : nil)
32
+ load(File.dirname(__FILE__) + '/../lib/authlogic/random.rb')
33
+ end
34
+ end
35
+
36
+ def silence_warnings
37
+ old_verbose, $VERBOSE = $VERBOSE, nil
38
+ yield
39
+ ensure
40
+ $VERBOSE = old_verbose
41
+ end
42
+ end
@@ -0,0 +1,43 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module ActivationTest
5
+ class ClassMethodsTest < ActiveSupport::TestCase
6
+ def test_activated
7
+ assert UserSession.activated?
8
+ Authlogic::Session::Base.controller = nil
9
+ assert !UserSession.activated?
10
+ end
11
+
12
+ def test_controller
13
+ Authlogic::Session::Base.controller = nil
14
+ assert_nil Authlogic::Session::Base.controller
15
+ thread1 = Thread.new do
16
+ controller = MockController.new
17
+ Authlogic::Session::Base.controller = controller
18
+ assert_equal controller, Authlogic::Session::Base.controller
19
+ end
20
+ thread1.join
21
+
22
+ assert_nil Authlogic::Session::Base.controller
23
+
24
+ thread2 = Thread.new do
25
+ controller = MockController.new
26
+ Authlogic::Session::Base.controller = controller
27
+ assert_equal controller, Authlogic::Session::Base.controller
28
+ end
29
+ thread2.join
30
+
31
+ assert_nil Authlogic::Session::Base.controller
32
+ end
33
+ end
34
+
35
+ class InstanceMethodsTest < ActiveSupport::TestCase
36
+ def test_init
37
+ UserSession.controller = nil
38
+ assert_raise(Authlogic::Session::Activation::NotActivatedError) { UserSession.new }
39
+ UserSession.controller = controller
40
+ end
41
+ end
42
+ end
43
+ end
@@ -0,0 +1,36 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module ActiveRecordTrickeryTest
5
+ class ClassMethodsTest < ActiveSupport::TestCase
6
+ def test_human_attribute_name
7
+ assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
8
+ assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
9
+ end
10
+
11
+ def test_human_name
12
+ assert_equal "Usersession", UserSession.human_name
13
+ end
14
+
15
+ def test_self_and_descendents_from_active_record
16
+ assert_equal [UserSession], UserSession.self_and_descendents_from_active_record
17
+ end
18
+
19
+ def test_self_and_descendants_from_active_record
20
+ assert_equal [UserSession], UserSession.self_and_descendants_from_active_record
21
+ end
22
+ end
23
+
24
+ class InstanceMethodsTest < ActiveSupport::TestCase
25
+ def test_new_record
26
+ session = UserSession.new
27
+ assert session.new_record?
28
+ end
29
+
30
+ def test_to_model
31
+ session = UserSession.new
32
+ assert_equal session, session.to_model
33
+ end
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,101 @@
1
+ require 'test_helper'
2
+
3
+ module SessionTest
4
+ module BruteForceProtectionTest
5
+ class ConfigTest < ActiveSupport::TestCase
6
+ def test_consecutive_failed_logins_limit
7
+ UserSession.consecutive_failed_logins_limit = 10
8
+ assert_equal 10, UserSession.consecutive_failed_logins_limit
9
+
10
+ UserSession.consecutive_failed_logins_limit 50
11
+ assert_equal 50, UserSession.consecutive_failed_logins_limit
12
+ end
13
+
14
+ def test_failed_login_ban_for
15
+ UserSession.failed_login_ban_for = 10
16
+ assert_equal 10, UserSession.failed_login_ban_for
17
+
18
+ UserSession.failed_login_ban_for 2.hours
19
+ assert_equal 2.hours.to_i, UserSession.failed_login_ban_for
20
+ end
21
+ end
22
+
23
+ class InstaceMethodsTest < ActiveSupport::TestCase
24
+ def test_under_limit
25
+ ben = users(:ben)
26
+ ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1
27
+ assert ben.save
28
+ assert UserSession.create(:login => ben.login, :password => "benrocks")
29
+ end
30
+
31
+ def test_exceeded_limit
32
+ ben = users(:ben)
33
+ ben.failed_login_count = UserSession.consecutive_failed_logins_limit
34
+ assert ben.save
35
+ assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
36
+ assert UserSession.create(ben).new_session?
37
+ ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
38
+ assert !UserSession.create(ben).new_session?
39
+ end
40
+
41
+ def test_exceeding_failed_logins_limit
42
+ UserSession.consecutive_failed_logins_limit = 2
43
+ ben = users(:ben)
44
+
45
+ 2.times do |i|
46
+ session = UserSession.new(:login => ben.login, :password => "badpassword1")
47
+ assert !session.save
48
+ assert session.errors[:password].size > 0
49
+ assert_equal i + 1, ben.reload.failed_login_count
50
+ end
51
+
52
+ session = UserSession.new(:login => ben.login, :password => "badpassword2")
53
+ assert !session.save
54
+ assert session.errors[:password].size == 0
55
+ assert_equal 3, ben.reload.failed_login_count
56
+
57
+ UserSession.consecutive_failed_logins_limit = 50
58
+ end
59
+
60
+ def test_exceeded_ban_for
61
+ UserSession.consecutive_failed_logins_limit = 2
62
+ UserSession.generalize_credentials_error_messages true
63
+ ben = users(:ben)
64
+
65
+ 2.times do |i|
66
+ session = UserSession.new(:login => ben.login, :password => "badpassword1")
67
+ assert !session.save
68
+ assert session.invalid_password?
69
+ assert_equal i + 1, ben.reload.failed_login_count
70
+ end
71
+
72
+ ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
73
+ session = UserSession.new(:login => ben.login, :password => "benrocks")
74
+ assert session.save
75
+ assert_equal 0, ben.reload.failed_login_count
76
+
77
+ UserSession.consecutive_failed_logins_limit = 50
78
+ UserSession.generalize_credentials_error_messages false
79
+ end
80
+
81
+ def test_exceeded_ban_and_failed_doesnt_ban_again
82
+ UserSession.consecutive_failed_logins_limit = 2
83
+ ben = users(:ben)
84
+
85
+ 2.times do |i|
86
+ session = UserSession.new(:login => ben.login, :password => "badpassword1")
87
+ assert !session.save
88
+ assert session.errors[:password].size > 0
89
+ assert_equal i + 1, ben.reload.failed_login_count
90
+ end
91
+
92
+ ActiveRecord::Base.connection.execute("update users set updated_at = '#{1.day.ago.to_s(:db)}' where login = '#{ben.login}'")
93
+ session = UserSession.new(:login => ben.login, :password => "badpassword1")
94
+ assert !session.save
95
+ assert_equal 1, ben.reload.failed_login_count
96
+
97
+ UserSession.consecutive_failed_logins_limit = 50
98
+ end
99
+ end
100
+ end
101
+ end