salted_login_generator 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. data/templates/app-config-test.yml +1 -1
  2. data/templates/controller.rb +8 -11
  3. data/templates/controller_test.rb +105 -43
  4. data/templates/notify.rb +12 -0
  5. data/templates/user.rb +5 -4
  6. data/templates/user_model.sql +1 -1
  7. data/templates/user_test.rb +2 -0
  8. data/templates/users.yml +6 -6
  9. metadata +1 -1
data/templates/app-config-test.yml CHANGED
@@ -3,4 +3,4 @@ admin_email:
3
3
  server_env: test
4
4
  app_url:
5
5
  app_base_uri:
6
- app_name:
6
+ app_name:
data/templates/controller.rb CHANGED
@@ -26,7 +26,7 @@ class <%= class_name %>Controller < ApplicationController
26
26
  when :post
27
27
  @user = User.new(@params['user'])
28
28
  begin
29
- @user.transaction do
29
+ User.transaction(@user) do
30
30
  if @user.save
31
31
  Notify.deliver_signup(@user, @params['user']['password'])
32
32
  flash['notice'] = "Signup successful! Please check your registered email account to verify your account registration and continue with the login."
@@ -51,11 +51,11 @@ class <%= class_name %>Controller < ApplicationController
51
51
  case @request.method
52
52
  when :post
53
53
  @user = @session['user']
54
- @user.attributes = @params['user']
55
54
  begin
56
- @user.transaction do
55
+ User.transaction(@user) do
56
+ @user.attributes = @params['user']
57
+ @user.change_password(@params['user']['password'])
57
58
  if @user.save
58
- @user.change_password(@params['user']['password'])
59
59
  Notify.deliver_change_password(@user, @params['user']['password'])
60
60
  flash['notice'] = "Your updated password has been emailed to #{@user.email}"
61
61
  @user = nil
@@ -80,13 +80,11 @@ class <%= class_name %>Controller < ApplicationController
80
80
  if @user.nil?
81
81
  flash['message'] = "We could not find a user with the email address #{@params['user']['email']}"
82
82
  else
83
- @user.password_confirmation = @user.password
84
- pass = @user.makepass
85
83
  begin
86
- @user.transaction do
87
- # raise "1: #{@user.password_confirmation} 2: #{@user.password}" # = nil
84
+ User.transaction(@user) do
85
+ pass = @user.makepass
86
+ @user.change_password(pass)
88
87
  if @user.save
89
- @user.change_password(pass)
90
88
  Notify.deliver_forgot_password(@user, pass)
91
89
  flash['notice'] = "Your new password has been emailed to #{@params['user']['email']}"
92
90
  @user = nil
@@ -95,8 +93,7 @@ class <%= class_name %>Controller < ApplicationController
95
93
  end
96
94
  end
97
95
  rescue
98
- flash['notice'] = "Your password could not be emailed to #{@params['user']['email']}"
99
- # raise
96
+ flash['message'] = "Your password could not be emailed to #{@params['user']['email']}"
100
97
  end
101
98
  end
102
99
  end
data/templates/controller_test.rb CHANGED
@@ -25,74 +25,115 @@ class AccountControllerTest < Test::Unit::TestCase
25
25
  assert_redirect_url "/bogus/location"
26
26
  end
27
27
 
28
- def test_signup
28
+ def do_test_signup(bad_password, bad_email)
29
29
  ActionMailer::Base.deliveries = []
30
+ CONFIG['inject_mailer_error'] = false
31
+
30
32
  @request.session['return-to'] = "/bogus/location"
31
33
 
32
- post :signup, "user" => { "login" => "newbob", "password" => "newpassword", "password_confirmation" => "newpassword", "email" => "newbob@test.com" }
33
- assert_session_has_no "user"
34
+ if not bad_password and not bad_email
35
+ post :signup, "user" => { "login" => "newbob", "password" => "newpassword", "password_confirmation" => "newpassword", "email" => "newbob@test.com" }
36
+ assert_session_has_no "user"
34
37
 
35
- assert_redirect_url(@controller.url_for(:action => "login"))
36
- assert_equal 1, ActionMailer::Base.deliveries.size
37
- mail = ActionMailer::Base.deliveries[0]
38
- assert_equal "newbob@test.com", mail.to_addrs[0].to_s
39
- assert_match /login:\s+\w+\n/, mail.encoded
40
- assert_match /password:\s+\w+\n/, mail.encoded
41
-
42
- user = User.find_by_email("newbob@test.com")
43
- assert_not_nil user
44
- assert_equal 0, user.verified
45
- post :verify, "id" => user.uuid.to_s
46
- user = User.find_by_email("newbob@test.com")
47
- assert_equal 1, user.verified
48
- assert_redirect_url(@controller.url_for(:action => "login"))
38
+ assert_redirect_url(@controller.url_for(:action => "login"))
39
+ assert_equal 1, ActionMailer::Base.deliveries.size
40
+ mail = ActionMailer::Base.deliveries[0]
41
+ assert_equal "newbob@test.com", mail.to_addrs[0].to_s
42
+ assert_match /login:\s+\w+\n/, mail.encoded
43
+ assert_match /password:\s+\w+\n/, mail.encoded
44
+
45
+ user = User.find_by_email("newbob@test.com")
46
+ assert_not_nil user
47
+ assert_equal 0, user.verified
48
+ post :verify, "id" => user.uuid.to_s
49
+ user = User.find_by_email("newbob@test.com")
50
+ assert_equal 1, user.verified
51
+ assert_redirect_url(@controller.url_for(:action => "login"))
52
+ post :login, "user" => { "login" => "newbob", "password" => "newpassword" }
53
+ assert_session_has "user"
54
+ get :logout
55
+ elsif bad_password
56
+ post :signup, "user" => { "login" => "newbob", "password" => "bad", "password_confirmation" => "bad", "email" => "newbob@test.com" }
57
+ assert_session_has_no "user"
58
+ assert_invalid_column_on_record "user", "password"
59
+ assert_success
60
+ assert_equal 0, ActionMailer::Base.deliveries.size
61
+ elsif bad_email
62
+ CONFIG['inject_mailer_error'] = true
63
+ post :signup, "user" => { "login" => "newbob", "password" => "newpassword", "password_confirmation" => "newpassword", "email" => "newbob@test.com" }
64
+ CONFIG['inject_mailer_error'] = false
65
+ assert_session_has_no "user"
66
+ assert_equal 0, ActionMailer::Base.deliveries.size
67
+ assert_flash_has "message"
68
+ else
69
+ # Invalid test case
70
+ assert false
71
+ end
49
72
  end
50
73
 
51
- def do_change_password(bad)
74
+ def test_signup
75
+ do_test_signup(true, false)
76
+ do_test_signup(false, true)
77
+ do_test_signup(false, false)
78
+ end
79
+
80
+ def do_change_password(bad_password, bad_email)
52
81
  ActionMailer::Base.deliveries = []
82
+ CONFIG['inject_mailer_error'] = false
53
83
 
54
84
  post :login, "user" => { "login" => "bob", "password" => "atest" }
55
85
  assert_session_has "user"
56
86
 
57
87
  @request.session['return-to'] = "/bogus/location"
58
- if not bad
88
+ if not bad_password and not bad_email
59
89
  post :change_password, "user" => { "password" => "changed_password", "password_confirmation" => "changed_password" }
60
90
  assert_equal 1, ActionMailer::Base.deliveries.size
61
91
  mail = ActionMailer::Base.deliveries[0]
62
92
  assert_equal "bob@test.com", mail.to_addrs[0].to_s
63
93
  assert_match /login:\s+\w+\n/, mail.encoded
64
94
  assert_match /password:\s+\w+\n/, mail.encoded
65
-
66
95
  assert_redirect_url "/bogus/location"
67
- else
96
+ elsif bad_password
68
97
  post :change_password, "user" => { "password" => "bad", "password_confirmation" => "bad" }
69
98
  assert_invalid_column_on_record "user", "password"
70
99
  assert_success
71
100
  assert_equal 0, ActionMailer::Base.deliveries.size
101
+ elsif bad_email
102
+ CONFIG['inject_mailer_error'] = true
103
+ post :change_password, "user" => { "password" => "changed_password", "password_confirmation" => "changed_password" }
104
+ CONFIG['inject_mailer_error'] = false
105
+ assert_equal 0, ActionMailer::Base.deliveries.size
106
+ assert_flash_has "message"
107
+ else
108
+ # Invalid test case
109
+ assert false
72
110
  end
73
111
 
74
112
  get :logout
75
113
  assert_session_has_no "user"
76
114
 
77
- if not bad
115
+ if not bad_password and not bad_email
78
116
  post :login, "user" => { "login" => "bob", "password" => "changed_password" }
79
117
  assert_session_has "user"
80
118
  post :change_password, "user" => { "password" => "atest", "password_confirmation" => "atest" }
81
- else
82
- post :login, "user" => { "login" => "bob", "password" => "atest" }
83
- assert_session_has "user"
119
+ get :logout
84
120
  end
85
121
 
122
+ post :login, "user" => { "login" => "bob", "password" => "atest" }
123
+ assert_session_has "user"
124
+
86
125
  get :logout
87
126
  end
88
127
 
89
128
  def test_change_password
90
- do_change_password(false)
91
- do_change_password(true)
129
+ do_change_password(false, false)
130
+ do_change_password(true, false)
131
+ do_change_password(false, true)
92
132
  end
93
133
 
94
- def do_forgot_password(bad, logged_in)
134
+ def do_forgot_password(bad_address, bad_email, logged_in)
95
135
  ActionMailer::Base.deliveries = []
136
+ CONFIG['inject_mailer_error'] = false
96
137
 
97
138
  if logged_in
98
139
  post :login, "user" => { "login" => "bob", "password" => "atest" }
@@ -100,11 +141,7 @@ class AccountControllerTest < Test::Unit::TestCase
100
141
  end
101
142
 
102
143
  @request.session['return-to'] = "/bogus/location"
103
- if bad
104
- post :forgot_password, "user" => { "email" => "bademail@test.com" }
105
- assert_equal 0, ActionMailer::Base.deliveries.size
106
- assert_flash_has "message"
107
- else
144
+ if not bad_address and not bad_email
108
145
  post :forgot_password, "user" => { "email" => "bob@test.com" }
109
146
  assert_equal 1, ActionMailer::Base.deliveries.size
110
147
  mail = ActionMailer::Base.deliveries[0]
@@ -113,27 +150,52 @@ class AccountControllerTest < Test::Unit::TestCase
113
150
  assert_match /password:\s+\w{8}\n/, mail.encoded
114
151
  mail.encoded =~ /password:\s+(\w{8})\n/
115
152
  password = $1
153
+ elsif bad_address
154
+ post :forgot_password, "user" => { "email" => "bademail@test.com" }
155
+ assert_equal 0, ActionMailer::Base.deliveries.size
156
+ assert_flash_has "message"
157
+ elsif bad_email
158
+ CONFIG['inject_mailer_error'] = true
159
+ post :forgot_password, "user" => { "email" => "bob@test.com" }
160
+ CONFIG['inject_mailer_error'] = false
161
+ assert_equal 0, ActionMailer::Base.deliveries.size
162
+ assert_flash_has "message"
163
+ else
164
+ # Invalid test case
165
+ assert false
116
166
  end
117
167
 
118
- if logged_in
119
- assert_redirect_url "/bogus/location"
120
- else
121
- if not bad
168
+ if not bad_address and not bad_email
169
+ if logged_in
170
+ assert_redirect_url "/bogus/location"
171
+ get :logout
172
+ else
122
173
  assert_redirect_url(@controller.url_for(:action => "login"))
123
- post :login, "user" => { "login" => "bob", "password" => "#{password}" }
124
174
  end
175
+ post :login, "user" => { "login" => "bob", "password" => "#{password}" }
176
+ else
177
+ # Okay, make sure the database did not get changed
178
+ if logged_in
179
+ get :logout
180
+ end
181
+ post :login, "user" => { "login" => "bob", "password" => "atest" }
125
182
  end
126
183
 
127
- if not bad
184
+ assert_session_has "user"
185
+
186
+ # Put the old settings back
187
+ if not bad_address and not bad_email
128
188
  post :change_password, "user" => { "password" => "atest", "password_confirmation" => "atest" }
129
- get :logout
130
189
  end
190
+
191
+ get :logout
131
192
  end
132
193
 
133
194
  def test_forgot_password
134
- do_forgot_password(false, false)
135
- do_forgot_password(false, true)
136
- do_forgot_password(true, false)
195
+ do_forgot_password(false, false, false)
196
+ do_forgot_password(false, false, true)
197
+ do_forgot_password(true, false, false)
198
+ do_forgot_password(false, true, false)
137
199
  end
138
200
 
139
201
  def test_bad_signup
data/templates/notify.rb CHANGED
@@ -12,6 +12,10 @@ class Notify < ActionMailer::Base
12
12
  @body["password"] = password
13
13
  @body["url"] = url || CONFIG['app_url'].to_s
14
14
  @body["uuid"] = user.uuid
15
+
16
+ if CONFIG['inject_mailer_error']
17
+ raise "Signup mail failed"
18
+ end
15
19
  end
16
20
 
17
21
  def forgot_password(user, password, url=nil, sent_on=Time.now)
@@ -26,6 +30,10 @@ class Notify < ActionMailer::Base
26
30
  @body["login"] = user.login
27
31
  @body["password"] = password
28
32
  @body["url"] = url || CONFIG['app_url'].to_s
33
+
34
+ if CONFIG['inject_mailer_error']
35
+ raise "Forgot password mail failed"
36
+ end
29
37
  end
30
38
 
31
39
  def change_password(user, password, url=nil, sent_on=Time.now)
@@ -40,5 +48,9 @@ class Notify < ActionMailer::Base
40
48
  @body["login"] = user.login
41
49
  @body["password"] = password
42
50
  @body["url"] = url || CONFIG['app_url'].to_s
51
+
52
+ if CONFIG['inject_mailer_error']
53
+ raise "Change password mail failed"
54
+ end
43
55
  end
44
56
  end
data/templates/user.rb CHANGED
@@ -12,8 +12,7 @@ class User < ActiveRecord::Base
12
12
  end
13
13
 
14
14
  def change_password(pass)
15
- update_attribute("salt", self.class.hashed("salt-#{Time.now}"))
16
- update_attribute("password", self.class.salted_password(salt, self.class.hashed(pass)))
15
+ self.password_confirmation = self.password = pass
17
16
  end
18
17
 
19
18
  def makepass
@@ -23,7 +22,8 @@ class User < ActiveRecord::Base
23
22
  end
24
23
 
25
24
  def verify
26
- update_attribute("verified", 1)
25
+ toggle("verified")
26
+ update_without_callbacks
27
27
  end
28
28
 
29
29
  protected
@@ -32,7 +32,8 @@ class User < ActiveRecord::Base
32
32
  return Digest::SHA1.hexdigest("change-me--#{str}--")[0..39]
33
33
  end
34
34
 
35
- before_create :generate_uuid, :crypt_password
35
+ before_create :generate_uuid
36
+ before_save :crypt_password
36
37
 
37
38
  def crypt_password
38
39
  write_attribute("salt", self.class.hashed("salt-#{Time.now}"))
data/templates/user_model.sql CHANGED
@@ -12,4 +12,4 @@ CREATE TABLE users (
12
12
  updated_at DATETIME default NULL,
13
13
  logged_in_at DATETIME default NULL,
14
14
  PRIMARY KEY (id)
15
- );
15
+ ) TYPE=InnoDB;
data/templates/user_test.rb CHANGED
@@ -15,9 +15,11 @@ class UserTest < Test::Unit::TestCase
15
15
  def test_passwordchange
16
16
 
17
17
  @longbob.change_password("nonbobpasswd")
18
+ @longbob.save
18
19
  assert_equal @longbob, User.authenticate("longbob", "nonbobpasswd")
19
20
  assert_nil User.authenticate("longbob", "alongtest")
20
21
  @longbob.change_password("alongtest")
22
+ @longbob.save
21
23
  assert_equal @longbob, User.authenticate("longbob", "alongtest")
22
24
  assert_nil User.authenticate("longbob", "nonbobpasswd")
23
25
 
data/templates/users.yml CHANGED
@@ -3,23 +3,23 @@
3
3
  bob:
4
4
  id: 1000001
5
5
  login: bob
6
- password: 1e340b1f9adc4d6341feeb35d2a0f496ba8ed36c # atest
7
- salt: 83adfb824223d02e163f903707dec5589e431c61
6
+ password: ef94c16f6c124a4e84cc215c164767bfa25f6e92 # atest
7
+ salt: 7f8b036f9b647d46d22abdbfc8113f44a88f9889
8
8
  email: bob@test.com
9
9
  verified: 1
10
10
 
11
11
  existingbob:
12
12
  id: 1000002
13
13
  login: existingbob
14
- password: 313d038a07f750cbcbe09066ee5f46ac08ce5ceb # atest
15
- salt: 90ba172042b62f36d47c87e8dac0d07ac788cef4
14
+ password: 99d6b680d4bfa81cbd383ffa0390bb03323a0b9a # atest
15
+ salt: fc76daa7bc4e4b7833375cf9deca38beee4c5581
16
16
  email: existingbob@test.com
17
17
  verified: 1
18
18
 
19
19
  longbob:
20
20
  id: 1000003
21
21
  login: longbob
22
- password: a255d0285bd2a5a5df497af3c28c1a8a11739dcb # alongtest
23
- salt: 4780fb458484e17611a9c20a72a21f7c564811cb
22
+ password: c841391e1d29100a4920de7a8fbb4b0fd180c6c0 # alongtest
23
+ salt: c068e3671780f16898c0a8295ae8d82cc59713e2
24
24
  email: longbob@test.com
25
25
  verified: 1
metadata CHANGED
@@ -3,7 +3,7 @@ rubygems_version: 0.8.8
3
3
  specification_version: 1
4
4
  name: salted_login_generator
5
5
  version: !ruby/object:Gem::Version
6
- version: 1.0.3
6
+ version: 1.0.4
7
7
  date: 2005-04-16
8
8
  summary: "[Rails] Login generator with salted passwords."
9
9
  require_paths: