signinable 2.0.10 → 2.0.13

data/spec/factories/signins.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :signin do
+    ip { '127.0.0.1' }
+    signinable
+  end
+end

data/spec/factories/users.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :user, aliases: [:signinable] do
+    name { 'test' }
+  end
+end

data/spec/models/signin_spec.rb

@@ -1,50 +1,102 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require 'rails_helper'
 
 describe Signin do
-  it "has a valid factory" do
-    signin = FactoryGirl.build(:signin)
-    signin.should be_valid
-  end
+  describe '#expired?' do
+    let(:expiration_time) { Time.zone.now + 1.hour }
+    let(:signin) { create(:signin, expiration_time: expiration_time) }
 
-  context "is invalid without" do
-    it "a token" do
-      signin = FactoryGirl.create(:signin)
-      signin.token = nil
-      signin.should_not be_valid
+    it 'returns false when not expired' do
+      expect(signin).to_not be_expired
     end
 
-    it "an ip" do
-      FactoryGirl.build(:signin, ip: nil).should_not be_valid
+    it 'returns true when expired' do
+      Timecop.travel(expiration_time) do
+        expect(signin).to be_expired
+      end
     end
   end
 
-  it "should generate token on create" do
-    signin = FactoryGirl.create(:signin, token: nil)
-    signin.token.should_not be_nil
-  end
+  describe '#expireable?' do
+    it 'returns false when expireable' do
+      signin = create(:signin, expiration_time: nil)
+      expect(signin).to_not be_expireable
+    end
 
-  context "not valid with" do
-    it "wrong ip" do
-      FactoryGirl.build(:signin, ip: "123").should_not be_valid
+    it 'returns true when expireable' do
+      signin = create(:signin, expiration_time: Time.zone.now)
+      expect(signin).to be_expireable
     end
   end
 
-  it "should expire" do
-    Timecop.freeze
-    expiration_time = Time.zone.now + 1.hour
-    signin = FactoryGirl.create(:signin, expiration_time: expiration_time)
-    Timecop.travel(expiration_time)
-    signin.should be_expired
-    Timecop.return
+  describe '#expire!' do
+    it 'sets expiration_time to now' do
+      signin = create(:signin, expiration_time: (Time.zone.now + 1.hour))
+      allow(signin).to receive(:renew!)
+      signin.expire!
+      expect(signin).to have_received(:renew!).with(period: 0, ip: signin.ip, user_agent: signin.user_agent)
+    end
   end
 
-  describe ".expire!" do
-    it "should set expiration_time to now" do
-      Timecop.freeze
-      signin = FactoryGirl.create(:signin, expiration_time: (Time.zone.now + 1.hour))
-      signin.expire!
-      signin.should be_expired
-      Timecop.return
+  describe '#renew!' do
+    let(:signin) { create(:signin) }
+    let(:attrs) do
+      {
+        period: 100,
+        ip: signin.ip,
+        user_agent: signin.user_agent,
+        refresh_token: false
+      }
+    end
+
+    before(:each) do
+      allow(signin).to receive(:update!)
+    end
+
+    it 'updates ip and user_agent' do
+      signin.renew!(**attrs)
+      expect(signin).to have_received(:update!).with(hash_including(ip: signin.ip, user_agent: signin.user_agent))
+    end
+
+    context 'when expireable' do
+      before(:each) do
+        allow(signin).to receive(:expireable?).and_return(true)
+      end
+
+      it 'updates expiration_time' do
+        Timecop.freeze do
+          signin.renew!(**attrs)
+          expect(signin).to have_received(:update!).with(hash_including(expiration_time: Time.zone.now + attrs[:period]))
+        end
+      end
+    end
+
+    context 'when not expireable' do
+      before(:each) do
+        allow(signin).to receive(:expireable?).and_return(false)
+      end
+
+      it 'does not update expiration_time' do
+        signin.renew!(**attrs)
+        expect(signin).to have_received(:update!).with(hash_excluding(expiration_time: Time.zone.now + attrs[:period]))
+      end
+    end
+
+    context 'when need to refresh_token' do
+      it 'updates expiration_time' do
+        allow(SecureRandom).to receive(:urlsafe_base64).and_return('bla')
+        signin.renew!(**attrs.merge(refresh_token: true))
+        expect(signin).to have_received(:update!).with(hash_including(token: 'bla'))
+      end
+    end
+
+    context 'when no need to refresh_token' do
+      it 'does not update expiration_time' do
+        allow(SecureRandom).to receive(:urlsafe_base64).and_return('bla')
+        signin.renew!(**attrs)
+        expect(signin).to have_received(:update!).with(hash_excluding(token: 'bla'))
+      end
     end
   end
 end

data/spec/models/user_spec.rb

@@ -1,133 +1,253 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require 'rails_helper'
 
 describe User do
+  let(:credentials) { ['127.0.0.1', 'user_agent'] }
+  let(:other_credentials) { ['127.0.0.2', 'user_agent2'] }
+  let(:user) { create(:user) }
+
   before :each do
     Timecop.freeze
-    User.signin_expiration = 2.hours
-    User.signin_simultaneous = true
-    User.signin_restrictions = []
-    @user = FactoryGirl.create(:user)
-    @credentials = ['127.0.0.1', 'user_agent']
-    @other_credentials = ['127.0.0.2', 'user_agent2']
   end
 
   after :each do
     Timecop.return
   end
 
-  describe ".signin" do
-    it "should create Signin" do
-      expect {
-        sign_in_user(@user, @credentials)
-      }.to change(Signin, :count).by(1)
+  describe '#signin' do
+    it 'should create Signin' do
+      expect do
+        sign_in_user(user, credentials)
+      end.to change(Signin, :count).by(1)
+    end
+
+    it 'sets jwt on user instance' do
+      expect do
+        sign_in_user(user, credentials)
+      end.to change(user, :jwt).from(nil)
     end
 
-    it "should set expiration_time" do
-      signin = sign_in_user(@user, @credentials)
-      signin.expiration_time.to_i.should eq((Time.zone.now + User.signin_expiration).to_i)
+    it 'should generate jwt with correct payload' do
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      payload = JWT.decode(user.jwt, 'test', true, { algorithm: 'HS256' })[0]
+      expect(payload).to include(
+        'refresh_token' => signin.token,
+        'signinable_id' => user.id
+      )
     end
 
-    it "should not set expiration_time" do
-      User.signin_expiration = 0
-      signin = sign_in_user(@user, @credentials)
-      signin.expiration_time.should be_nil
+    it 'should set expiration_time' do
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      expect(signin.expiration_time.to_i).to eq((Time.zone.now + User.refresh_exp).to_i)
+    end
+
+    it 'should not set expiration_time' do
+      allow(described_class).to receive(:refresh_exp).and_return(0)
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      expect(signin.expiration_time).to be_nil
+    end
+
+    context 'when simultaneous signins enabled' do
+      before do
+        allow(described_class).to receive(:simultaneous_signings).and_return(true)
+      end
+
+      it 'does not expire active signins' do
+        sign_in_user(user, credentials)
+        sign_in_user(user, credentials)
+        expect(user.signins.active.count).to eq(2)
+      end
+    end
+
+    context 'when simultaneous signins disabled' do
+      before do
+        allow(described_class).to receive(:simultaneous_signings).and_return(false)
+      end
+
+      it 'expires active signins' do
+        sign_in_user(user, credentials)
+        sign_in_user(user, credentials)
+        expect(user.signins.active.count).to eq(1)
+      end
     end
   end
 
-  describe ".signout" do
-    it "should expire signin" do
-      signin = sign_in_user(@user, @credentials)
-      sign_out_user(signin, @credentials)
-      signin.reload
-      signin.should be_expired
+  describe '#signout' do
+    it 'should expire signin' do
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      sign_out_user(signin, credentials)
+      expect(signin.reload).to be_expired
     end
 
-    context "should be allowed with" do
-      %w{ip user_agent}.each do |c|
-        it "changed #{c} if not restricted" do
-          signin = sign_in_user(@user, @credentials)
-          sign_out_user(signin, @credentials).should be_true
+    context 'when has no restrictions' do
+      %i[ip user_agent].each do |c|
+        it "allows signout when #{c} changes" do
+          sign_in_user(user, credentials)
+          signin = user.last_signin
+          expect(sign_out_user(signin, credentials)).to be_truthy
         end
       end
     end
 
-    context "should not be allowed with" do
-      %w{ip user_agent}.each do |c|
-        it "changed #{c} if restricted" do
-          User.signin_restrictions = [c]
-          signin = sign_in_user(@user, @credentials)
-          sign_out_user(signin, @other_credentials).should be_nil
+    context 'when has restrictions' do
+      %i[ip user_agent].each do |c|
+        it "forbids signout when #{c} changes" do
+          allow(described_class).to receive(:signin_restrictions).and_return([c])
+          sign_in_user(user, credentials)
+          signin = user.last_signin
+          expect(sign_out_user(signin, other_credentials)).to be_nil
         end
       end
     end
   end
 
-  describe "#authenticate_with_token" do
-    context "expiration_time" do
-      it "should be changed after authentication" do
-        signin = sign_in_user(@user, @credentials)
-        old_time = signin.expiration_time
-        new_time = signin.expiration_time - 1.hour
-        Timecop.travel(new_time)
-        User.authenticate_with_token(signin.token, *@credentials)
-        signin.reload
-        signin.expiration_time.to_i.should eq((new_time + User.signin_expiration).to_i)
+  describe '#last_signin' do
+    it 'retuns nil when no signins' do
+      expect(user.last_signin).to be_nil
+    end
+
+    it 'returns last active signin' do
+      sign_in_user(user, credentials)
+      sign_in_user(user, credentials)
+      signin = user.signins.active.last
+      sign_in_user(user, credentials)
+      user.signins.last.expire!
+
+      expect(user.last_signin).to eq(signin)
+    end
+  end
+
+  describe '.generate_jwt' do
+    let(:token) { SecureRandom.urlsafe_base64(rand(50..100)) }
+
+    it 'sets correct payload' do
+      jwt = described_class.generate_jwt(token, user.id)
+      payload = JWT.decode(jwt, described_class.jwt_secret, true, { algorithm: 'HS256' })[0]
+      expect(payload).to eq(
+        'refresh_token' => token,
+        'signinable_id' => user.id,
+        'exp' => Time.zone.now.to_i + described_class.jwt_exp
+      )
+    end
+  end
+
+  describe '.authenticate_with_token' do
+    context 'when jwt is invalid' do
+      it 'returns nil' do
+        expect(described_class.authenticate_with_token('blablabla', *credentials)).to be_nil
+      end
+    end
+
+    context 'when jwt has not expired' do
+      before(:each) do
+        sign_in_user(user, credentials)
       end
 
-      it "should not be changed after authentication" do
-        User.signin_expiration = 0
-        signin = sign_in_user(@user, @credentials)
-        old_time = signin.expiration_time
-        Timecop.travel(Time.zone.now + 1.hour)
-        User.authenticate_with_token(signin.token, *@credentials)
-        signin.reload
-        signin.expiration_time.to_i.should eq(old_time.to_i)
+      it 'returns user' do
+        expect(described_class.authenticate_with_token(user.jwt, *credentials)).to eq(user)
+      end
+
+      it 'does not update refresh token' do
+        allow(described_class).to receive(:refresh_jwt)
+        described_class.authenticate_with_token(user.jwt, *credentials)
+        expect(described_class).not_to have_received(:refresh_jwt)
       end
     end
 
-    context "should allow signin with" do
-      it "not last token if simultaneous is permitted" do
-        signin1 = sign_in_user(@user, @credentials)
-        signin2 = sign_in_user(@user, @credentials)
-        User.authenticate_with_token(signin1.token, *@credentials).should eq(@user)
-        User.authenticate_with_token(signin2.token, *@credentials).should eq(@user)
+    context 'when jwt has expired' do
+      before(:each) do
+        sign_in_user(user, credentials)
+        Timecop.travel(Time.zone.now + described_class.jwt_exp)
       end
 
-      it "valid token" do
-        signin = sign_in_user(@user, @credentials)
-        User.authenticate_with_token(signin.token, *@credentials).should eq(@user)
+      it 'does not do user lookup' do
+        allow(described_class).to receive(:find_by)
+        described_class.authenticate_with_token(user.jwt, *credentials)
+        expect(described_class).not_to have_received(:find_by)
       end
 
-      %w{ip user_agent}.each do |c|
-        it "changed #{c} if not restricted" do
-          signin = sign_in_user(@user, @credentials)
-          User.authenticate_with_token(signin.token, *@other_credentials).should eq(@user)
-        end
+      it 'calls for refresh token' do
+        allow(described_class).to receive(:refresh_jwt)
+        described_class.authenticate_with_token(user.jwt, *credentials)
+        expect(described_class).to have_received(:refresh_jwt)
       end
     end
+  end
 
-    context "should not allow signin with" do
-      it "not last token if simultaneous not permitted" do
-        User.signin_simultaneous = false
-        signin1 = sign_in_user(@user, @credentials)
-        signin2 = sign_in_user(@user, @credentials)
-        User.authenticate_with_token(signin1.token, *@credentials).should be_nil
-        User.authenticate_with_token(signin2.token, *@credentials).should eq(@user)
+  describe '.refresh_jwt' do
+    context 'when jwt is invalid' do
+      it 'returns nil' do
+        expect(described_class.refresh_jwt('blablabla', *credentials)).to be_nil
       end
+    end
+
+    it 'returns nil when signin not found' do
+      jwt = described_class.generate_jwt('blablabla', 0)
+      expect(described_class.refresh_jwt(jwt, *credentials)).to be_nil
+    end
+
+    it 'returns nil when signin expired' do
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      Timecop.travel(Time.zone.now + described_class.refresh_exp)
+      expect(described_class.refresh_jwt(user.jwt, *credentials)).to be_nil
+    end
 
-      it "expired token" do
-        signin = sign_in_user(@user, @credentials)
-        @user.signout(signin.token, *@credentials)
-        User.authenticate_with_token(signin.token, *@credentials).should be_nil
+    context 'when has no restrictions' do
+      %i[ip user_agent].each do |c|
+        it "allows signin when #{c} changed" do
+          sign_in_user(user, credentials)
+          expect(described_class.refresh_jwt(user.jwt, *other_credentials)).to eq(user)
+        end
       end
+    end
 
-      %w{ip user_agent}.each do |c|
-        it "changed #{c} if restricted" do
-          User.signin_restrictions = [c]
-          signin = sign_in_user(@user, @credentials)
-          User.authenticate_with_token(signin.token, *@other_credentials).should be_nil
+    context 'when has restrictions' do
+      %i[ip user_agent].each do |c|
+        it "forbids signin when #{c} changed" do
+          allow(User).to receive(:signin_restrictions).and_return([c])
+          sign_in_user(user, credentials)
+          expect(described_class.refresh_jwt(user.jwt, *other_credentials)).to be_nil
         end
       end
     end
+
+    it 'renews signin' do
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      allow(signin).to receive(:renew!)
+      allow(Signin).to receive(:find_by).with(token: signin.token).and_return(signin)
+
+      described_class.refresh_jwt(user.jwt, *credentials)
+      expect(signin).to have_received(:renew!).with(period: described_class.expiration_period, ip: credentials[0],
+                                                    user_agent: credentials[1], refresh_token: true)
+    end
+
+    it 'assigns new jwt' do
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      allow(user).to receive(:jwt=)
+      allow(signin).to receive(:signinable).and_return(user)
+      allow(Signin).to receive(:find_by).with(token: signin.token).and_return(signin)
+      allow(described_class).to receive(:generate_jwt).and_return('bla')
+
+      described_class.refresh_jwt(user.jwt, *credentials)
+      expect(user).to have_received(:jwt=).with('bla')
+    end
+
+    it 'regenerates jwt' do
+      sign_in_user(user, credentials)
+      signin = user.last_signin
+      allow(described_class).to receive(:generate_jwt)
+
+      described_class.refresh_jwt(user.jwt, *credentials)
+      signin.reload
+      expect(described_class).to have_received(:generate_jwt).with(signin.token, signin.signinable_id)
+    end
   end
 end

data/spec/rails_helper.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+ENV['RAILS_ENV'] ||= 'test'
+
+require File.expand_path('dummy/config/environment', __dir__)
+
+require 'spec_helper'
+require 'rspec/rails'
+
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].sort.each { |f| require f }
+
+RSpec.configure do |config|
+  config.use_transactional_fixtures = true
+
+  config.infer_spec_type_from_file_location!
+
+  config.filter_rails_from_backtrace!
+
+  config.include FactoryBot::Syntax::Methods
+end

data/spec/spec_helper.rb

@@ -1,18 +1,17 @@
-ENV['RAILS_ENV'] ||= 'test'
+# frozen_string_literal: true
 
-require File.expand_path('../dummy/config/environment', __FILE__)
-require 'rspec/rails'
-require 'rspec/autorun'
-require 'factory_girl_rails'
+require 'factory_bot_rails'
+require 'pry'
 require 'timecop'
 
-Rails.backtrace_cleaner.remove_silencers!
+RSpec.configure do |config|
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
 
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
 
-RSpec.configure do |config|
-  config.mock_with :rspec
-  config.use_transactional_fixtures = false
-  config.infer_base_class_for_anonymous_controllers = false
-  config.order = 'random'
+  config.shared_context_metadata_behavior = :apply_to_host_groups
 end

data/spec/support/utilities.rb

@@ -1,6 +1,7 @@
+# frozen_string_literal: true
+
 def sign_in_user(user, credentials)
-  token = user.signin(*credentials, 'referer')
-  Signin.find_by_token(token)
+  user.signin(*credentials, 'referer')
 end
 
 def sign_out_user(signin, credentials)