simple_auth 1.5.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rspec +1 -1
- data/.travis.yml +11 -0
- data/CHANGELOG.md +5 -0
- data/Gemfile +0 -2
- data/Gemfile.lock +102 -79
- data/README.md +243 -0
- data/Rakefile +15 -0
- data/gemfiles/rails_3_1.gemfile +5 -0
- data/gemfiles/rails_3_1.gemfile.lock +151 -0
- data/gemfiles/rails_3_2.gemfile +5 -0
- data/gemfiles/rails_3_2.gemfile.lock +149 -0
- data/gemfiles/rails_4_0.gemfile +4 -0
- data/gemfiles/rails_4_0.gemfile.lock +140 -0
- data/gemfiles/rails_4_1.gemfile +4 -0
- data/gemfiles/rails_4_1.gemfile.lock +146 -0
- data/lib/simple_auth.rb +1 -6
- data/lib/simple_auth/action_controller.rb +14 -10
- data/lib/simple_auth/active_record.rb +86 -0
- data/lib/simple_auth/compat.rb +2 -0
- data/lib/simple_auth/compat/active_record.rb +31 -0
- data/lib/simple_auth/compat/config.rb +17 -0
- data/lib/simple_auth/config.rb +0 -20
- data/lib/simple_auth/exceptions.rb +0 -1
- data/lib/simple_auth/railtie.rb +1 -1
- data/lib/simple_auth/rspec.rb +2 -2
- data/lib/simple_auth/session.rb +1 -1
- data/lib/simple_auth/version.rb +2 -2
- data/simple_auth.gemspec +4 -4
- data/spec/controllers/redirect_logged_user_spec.rb +16 -16
- data/spec/controllers/require_logged_user_spec.rb +34 -34
- data/spec/schema.rb +5 -1
- data/spec/simple_auth/active_record_spec.rb +104 -2
- data/spec/simple_auth/compat_spec.rb +31 -0
- data/spec/simple_auth/config_spec.rb +8 -27
- data/spec/simple_auth/helper_spec.rb +7 -7
- data/spec/simple_auth/session_spec.rb +76 -76
- data/spec/spec_helper.rb +2 -168
- data/spec/support/app/models/customer.rb +3 -0
- data/templates/initializer.rb +0 -8
- metadata +62 -33
- data/README.markdown +0 -202
- data/lib/simple_auth/orm/active_record.rb +0 -80
- data/lib/simple_auth/orm/base.rb +0 -89
- data/lib/simple_auth/orm/mongo_mapper.rb +0 -62
- data/spec/simple_auth/mongo_mapper_spec.rb +0 -10
- data/spec/support/app/models/account.rb +0 -6
@@ -12,7 +12,7 @@ describe ApplicationController do
|
|
12
12
|
|
13
13
|
context "redirecting logged users" do
|
14
14
|
context "using hash" do
|
15
|
-
controller do
|
15
|
+
controller ApplicationController do
|
16
16
|
redirect_logged_user :to => { :controller => "dashboard" }
|
17
17
|
|
18
18
|
def index
|
@@ -20,17 +20,17 @@ describe ApplicationController do
|
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
23
|
-
it "
|
23
|
+
it "redirects logged users" do
|
24
24
|
session[:user_id] = user.id
|
25
25
|
get :index
|
26
26
|
|
27
|
-
response.code.
|
28
|
-
response.
|
27
|
+
expect(response.code).to match(/302/)
|
28
|
+
expect(response).to redirect_to("/dashboard")
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
32
|
context "using block" do
|
33
|
-
controller do
|
33
|
+
controller ApplicationController do
|
34
34
|
redirect_logged_user :to => proc { dashboard_path }
|
35
35
|
|
36
36
|
def index
|
@@ -38,17 +38,17 @@ describe ApplicationController do
|
|
38
38
|
end
|
39
39
|
end
|
40
40
|
|
41
|
-
it "
|
41
|
+
it "redirects logged users" do
|
42
42
|
session[:user_id] = user.id
|
43
43
|
get :index
|
44
44
|
|
45
|
-
response.code.
|
46
|
-
response.
|
45
|
+
expect(response.code).to match(/302/)
|
46
|
+
expect(response).to redirect_to("/dashboard")
|
47
47
|
end
|
48
48
|
end
|
49
49
|
|
50
50
|
context "using configuration" do
|
51
|
-
controller do
|
51
|
+
controller ApplicationController do
|
52
52
|
redirect_logged_user
|
53
53
|
|
54
54
|
def index
|
@@ -56,18 +56,18 @@ describe ApplicationController do
|
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
59
|
-
it "
|
59
|
+
it "redirects logged users" do
|
60
60
|
SimpleAuth::Config.logged_url = proc { dashboard_path }
|
61
61
|
session[:user_id] = user.id
|
62
62
|
get :index
|
63
63
|
|
64
|
-
response.code.
|
65
|
-
response.
|
64
|
+
expect(response.code).to match(/302/)
|
65
|
+
expect(response).to redirect_to("/dashboard")
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
69
|
context "when unlogged" do
|
70
|
-
controller do
|
70
|
+
controller ApplicationController do
|
71
71
|
redirect_logged_user :to => { :controller => "dashboard" }
|
72
72
|
|
73
73
|
def index
|
@@ -75,12 +75,12 @@ describe ApplicationController do
|
|
75
75
|
end
|
76
76
|
end
|
77
77
|
|
78
|
-
it "
|
78
|
+
it "renders page" do
|
79
79
|
session[:user_id] = nil
|
80
80
|
get :index
|
81
81
|
|
82
|
-
response.code.
|
83
|
-
response.body.
|
82
|
+
expect(response.code).to match(/200/)
|
83
|
+
expect(response.body).to eq("Rendered")
|
84
84
|
end
|
85
85
|
end
|
86
86
|
end
|
@@ -15,7 +15,7 @@ describe ApplicationController do
|
|
15
15
|
end
|
16
16
|
|
17
17
|
context "redirecting to requested page" do
|
18
|
-
controller do
|
18
|
+
controller ApplicationController do
|
19
19
|
require_logged_user :to => "/login"
|
20
20
|
|
21
21
|
def index
|
@@ -23,66 +23,66 @@ describe ApplicationController do
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
-
it "
|
26
|
+
it "keeps other session data" do
|
27
27
|
session[:skip_intro] = true
|
28
28
|
get :index
|
29
|
-
session[:skip_intro].
|
29
|
+
expect(session[:skip_intro]).to be_truthy
|
30
30
|
end
|
31
31
|
|
32
|
-
it "
|
32
|
+
it "removes record id from session" do
|
33
33
|
session[:user_id] = 0
|
34
34
|
get :index
|
35
|
-
session.
|
35
|
+
expect(session).not_to have_key(:user)
|
36
36
|
end
|
37
37
|
|
38
|
-
it "
|
38
|
+
it "removes session id from session" do
|
39
39
|
session[:session_id] = "xSQR"
|
40
40
|
get :index
|
41
|
-
session.
|
41
|
+
expect(session).not_to have_key(:session_id)
|
42
42
|
end
|
43
43
|
|
44
|
-
it "
|
44
|
+
it "returns the request url" do
|
45
45
|
get :index, :some => "param"
|
46
|
-
controller.send(:return_to, "/dashboard").
|
46
|
+
expect(controller.send(:return_to, "/dashboard")).to eq("/anonymous?some=param")
|
47
47
|
end
|
48
48
|
|
49
|
-
it "
|
50
|
-
controller.send(:return_to, "/dashboard").
|
49
|
+
it "returns the default url" do
|
50
|
+
expect(controller.send(:return_to, "/dashboard")).to eq("/dashboard")
|
51
51
|
end
|
52
52
|
|
53
|
-
it "
|
53
|
+
it "sets return to" do
|
54
54
|
get :index, :some => "param"
|
55
|
-
session[:return_to].
|
55
|
+
expect(session[:return_to]).to eq("/anonymous?some=param")
|
56
56
|
end
|
57
57
|
|
58
|
-
it "
|
58
|
+
it "removes return to from session" do
|
59
59
|
get :index, :some => "param"
|
60
60
|
controller.send(:return_to, "/dashboard")
|
61
|
-
session[:return_to].
|
61
|
+
expect(session[:return_to]).to be_nil
|
62
62
|
end
|
63
63
|
|
64
|
-
it "
|
64
|
+
it "sets warning message" do
|
65
65
|
get :index
|
66
|
-
flash[:alert].
|
66
|
+
expect(flash[:alert]).to eq("You need to be logged")
|
67
67
|
end
|
68
68
|
|
69
|
-
it "
|
69
|
+
it "redirects when user is not authorized on controller level" do
|
70
70
|
session[:user_id] = user.id
|
71
|
-
@controller.
|
71
|
+
expect(@controller).to receive(:authorized?).and_return(false)
|
72
72
|
|
73
73
|
get :index
|
74
|
-
response.
|
74
|
+
expect(response).to redirect_to("/login")
|
75
75
|
end
|
76
76
|
|
77
|
-
it "
|
77
|
+
it "redirects when session is not valid" do
|
78
78
|
session[:user_id] = "invalid"
|
79
79
|
|
80
80
|
get :index
|
81
|
-
response.
|
81
|
+
expect(response).to redirect_to("/login")
|
82
82
|
end
|
83
83
|
|
84
84
|
context "using hash" do
|
85
|
-
controller do
|
85
|
+
controller ApplicationController do
|
86
86
|
require_logged_user :to => {:controller => "session", :action => "new"}
|
87
87
|
|
88
88
|
def index
|
@@ -90,14 +90,14 @@ describe ApplicationController do
|
|
90
90
|
end
|
91
91
|
end
|
92
92
|
|
93
|
-
it "
|
93
|
+
it "is redirected" do
|
94
94
|
get :index
|
95
|
-
response.
|
95
|
+
expect(response).to redirect_to("/login")
|
96
96
|
end
|
97
97
|
end
|
98
98
|
|
99
99
|
context "using block" do
|
100
|
-
controller do
|
100
|
+
controller ApplicationController do
|
101
101
|
require_logged_user :to => proc { login_path }
|
102
102
|
|
103
103
|
def index
|
@@ -105,14 +105,14 @@ describe ApplicationController do
|
|
105
105
|
end
|
106
106
|
end
|
107
107
|
|
108
|
-
it "
|
108
|
+
it "is redirected" do
|
109
109
|
get :index
|
110
|
-
response.
|
110
|
+
expect(response).to redirect_to("/login")
|
111
111
|
end
|
112
112
|
end
|
113
113
|
|
114
114
|
context "using configuration" do
|
115
|
-
controller do
|
115
|
+
controller ApplicationController do
|
116
116
|
require_logged_user
|
117
117
|
|
118
118
|
def index
|
@@ -120,16 +120,16 @@ describe ApplicationController do
|
|
120
120
|
end
|
121
121
|
end
|
122
122
|
|
123
|
-
it "
|
123
|
+
it "is redirected" do
|
124
124
|
SimpleAuth::Config.login_url = "/login"
|
125
125
|
get :index
|
126
|
-
response.
|
126
|
+
expect(response).to redirect_to("/login")
|
127
127
|
end
|
128
128
|
end
|
129
129
|
end
|
130
130
|
|
131
131
|
context "when logged" do
|
132
|
-
controller do
|
132
|
+
controller ApplicationController do
|
133
133
|
require_logged_user
|
134
134
|
|
135
135
|
def index
|
@@ -137,10 +137,10 @@ describe ApplicationController do
|
|
137
137
|
end
|
138
138
|
end
|
139
139
|
|
140
|
-
it "
|
140
|
+
it "renders page" do
|
141
141
|
session[:user_id] = user.id
|
142
142
|
get :index
|
143
|
-
response.body.
|
143
|
+
expect(response.body).to eq("Rendered")
|
144
144
|
end
|
145
145
|
end
|
146
146
|
end
|
data/spec/schema.rb
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
ActiveRecord::Schema.define(:version => 0) do
|
2
2
|
create_table :users do |t|
|
3
|
-
t.string :email, :login, :
|
3
|
+
t.string :email, :login, :password_digest, :username
|
4
|
+
end
|
5
|
+
|
6
|
+
create_table :customers do |t|
|
7
|
+
t.string :email, :login, :password_digest, :password_salt
|
4
8
|
end
|
5
9
|
end
|
@@ -1,9 +1,111 @@
|
|
1
1
|
require "spec_helper"
|
2
2
|
|
3
|
-
describe SimpleAuth::
|
3
|
+
describe SimpleAuth::ActiveRecord do
|
4
4
|
let(:model) { User }
|
5
5
|
let(:model_name) { :user }
|
6
6
|
subject { model.new }
|
7
7
|
|
8
|
-
|
8
|
+
before do
|
9
|
+
SimpleAuth::Config.model = model_name
|
10
|
+
end
|
11
|
+
|
12
|
+
context "configuration" do
|
13
|
+
it "sets credentials" do
|
14
|
+
model.authentication do |config|
|
15
|
+
config.credentials = ["uid"]
|
16
|
+
end
|
17
|
+
|
18
|
+
expect(SimpleAuth::Config.credentials).to eq(["uid"])
|
19
|
+
end
|
20
|
+
|
21
|
+
it "automatically sets model" do
|
22
|
+
model.authentication do |config|
|
23
|
+
config.model = nil
|
24
|
+
end
|
25
|
+
|
26
|
+
expect(SimpleAuth::Config.model).to eq(model_name)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context "new record" do
|
31
|
+
before do
|
32
|
+
expect(subject).not_to be_valid
|
33
|
+
end
|
34
|
+
|
35
|
+
it "requires password" do
|
36
|
+
expect(subject.errors[:password]).not_to be_empty
|
37
|
+
end
|
38
|
+
|
39
|
+
it "requires password to be at least 4-chars long" do
|
40
|
+
subject.password = "123"
|
41
|
+
expect(subject).not_to be_valid
|
42
|
+
expect(subject.errors[:password]).not_to be_empty
|
43
|
+
end
|
44
|
+
|
45
|
+
it "requires password confirmation", if: Rails::VERSION::STRING >= "4.0" do
|
46
|
+
user = User.create(password: "test", password_confirmation: "invalid")
|
47
|
+
expect(user.errors[:password_confirmation]).not_to be_empty
|
48
|
+
end
|
49
|
+
|
50
|
+
it "requires password confirmation", if: Rails::VERSION::STRING < "4.0" do
|
51
|
+
user = User.create(password: "test", password_confirmation: "invalid")
|
52
|
+
expect(user.errors[:password]).not_to be_empty
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
context "existing record" do
|
57
|
+
before do
|
58
|
+
model.delete_all
|
59
|
+
model.create(
|
60
|
+
:email => "john@doe.com",
|
61
|
+
:login => "johndoe",
|
62
|
+
:password => "test",
|
63
|
+
:password_confirmation => "test",
|
64
|
+
:username => "john"
|
65
|
+
)
|
66
|
+
end
|
67
|
+
|
68
|
+
subject { model.first }
|
69
|
+
|
70
|
+
it "requires password" do
|
71
|
+
user = User.create(password: nil)
|
72
|
+
expect(user.errors[:password]).not_to be_empty
|
73
|
+
end
|
74
|
+
|
75
|
+
it "authenticates using email" do
|
76
|
+
expect(model.authenticate("john@doe.com", "test")).to eq(subject)
|
77
|
+
end
|
78
|
+
|
79
|
+
it "authenticates using login" do
|
80
|
+
expect(model.authenticate("johndoe", "test")).to eq(subject)
|
81
|
+
end
|
82
|
+
|
83
|
+
it "authenticates using custom attribute" do
|
84
|
+
SimpleAuth::Config.credentials = [:username]
|
85
|
+
expect(model.authenticate("john", "test")).to eq(subject)
|
86
|
+
end
|
87
|
+
|
88
|
+
it "doesn't authenticate using invalid credential" do
|
89
|
+
expect(model.authenticate("invalid", "test")).to be_nil
|
90
|
+
end
|
91
|
+
|
92
|
+
it "doesn't authenticate using wrong password" do
|
93
|
+
expect(model.authenticate("johndoe", "invalid")).not_to be
|
94
|
+
end
|
95
|
+
|
96
|
+
it "returns nil when no user has been found" do
|
97
|
+
expect(model.find_by_credential("invalid")).to be_nil
|
98
|
+
end
|
99
|
+
|
100
|
+
it "raises error when no user has been found" do
|
101
|
+
expect {
|
102
|
+
model.find_by_credential!("invalid")
|
103
|
+
}.to raise_error(SimpleAuth::RecordNotFound)
|
104
|
+
end
|
105
|
+
|
106
|
+
it "returns user" do
|
107
|
+
expect(model.find_by_credential(subject.email)).to eq(subject)
|
108
|
+
expect(model.find_by_credential!(subject.email)).to eq(subject)
|
109
|
+
end
|
110
|
+
end
|
9
111
|
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe SimpleAuth, "compatibility mode" do
|
4
|
+
before do
|
5
|
+
SimpleAuth::Config.model = :customer
|
6
|
+
require "simple_auth/compat"
|
7
|
+
require "customer"
|
8
|
+
end
|
9
|
+
|
10
|
+
after do
|
11
|
+
mod = SimpleAuth::ActiveRecord::InstanceMethods
|
12
|
+
mod.send :remove_method, :password=
|
13
|
+
mod.send :remove_method, :password_confirmation=
|
14
|
+
mod.send :remove_method, :authenticate
|
15
|
+
end
|
16
|
+
|
17
|
+
it "finds user based on the hashing system" do
|
18
|
+
password_salt = SecureRandom.hex
|
19
|
+
password_hash = SimpleAuth::Config.crypter.call("test", password_salt)
|
20
|
+
password_digest = BCrypt::Password.create(password_hash, cost: BCrypt::Engine::MIN_COST)
|
21
|
+
|
22
|
+
ActiveRecord::Base.connection.execute <<-SQL
|
23
|
+
INSERT INTO customers
|
24
|
+
(email, login, password_digest, password_salt)
|
25
|
+
VALUES
|
26
|
+
('john@example.org', 'johndoe', '#{password_digest}', '#{password_salt}')
|
27
|
+
SQL
|
28
|
+
|
29
|
+
expect(Customer.authenticate("johndoe", "test")).to be_a(Customer)
|
30
|
+
end
|
31
|
+
end
|
@@ -1,40 +1,21 @@
|
|
1
1
|
require "spec_helper"
|
2
2
|
|
3
3
|
describe SimpleAuth::Config do
|
4
|
-
it "
|
4
|
+
it "yields SimpleAuth::Config class" do
|
5
5
|
SimpleAuth.setup do |config|
|
6
|
-
config.
|
6
|
+
expect(config).to eq(SimpleAuth::Config)
|
7
7
|
end
|
8
8
|
end
|
9
9
|
|
10
|
-
it "
|
11
|
-
SimpleAuth::Config.credentials.
|
10
|
+
it "uses [:email, :login] as credential attributes" do
|
11
|
+
expect(SimpleAuth::Config.credentials).to eq([:email, :login])
|
12
12
|
end
|
13
13
|
|
14
|
-
it "
|
15
|
-
SimpleAuth::Config.model.
|
14
|
+
it "uses User as default model" do
|
15
|
+
expect(SimpleAuth::Config.model).to eq(:user)
|
16
16
|
end
|
17
17
|
|
18
|
-
|
19
|
-
SimpleAuth::Config.
|
20
|
-
end
|
21
|
-
|
22
|
-
specify "salt should expect 1 block argument" do
|
23
|
-
SimpleAuth::Config.salt.arity.should == 1
|
24
|
-
end
|
25
|
-
|
26
|
-
specify "salt should return a 64-char long salt" do
|
27
|
-
SimpleAuth::Config.salt.call(nil).size.should == 64
|
28
|
-
end
|
29
|
-
|
30
|
-
specify "wipeout session should be disabled" do
|
31
|
-
SimpleAuth::Config.wipeout_session.should be_false
|
32
|
-
end
|
33
|
-
|
34
|
-
specify "deprecated reset_session accessor" do
|
35
|
-
Kernel.should_receive(:warn).twice
|
36
|
-
|
37
|
-
SimpleAuth::Config.reset_session = true
|
38
|
-
SimpleAuth::Config.reset_session
|
18
|
+
it "disables session wipeout" do
|
19
|
+
expect(SimpleAuth::Config.wipeout_session).to be_falsey
|
39
20
|
end
|
40
21
|
end
|