simple_token_authentication 1.5.1 → 1.5.2

data/spec/configuration/sign_in_token_option_spec.rb

@@ -0,0 +1,92 @@
+require 'spec_helper'
+
+describe 'Simple Token Authentication' do
+
+  describe ':sign_in_token option', sign_in_token_option: true do
+
+    describe 'determines if the session will be stored' do
+
+      before(:each) do
+        user = double()
+        stub_const('User', user)
+        allow(user).to receive(:name).and_return('User')
+        @record = double()
+        allow(user).to receive(:find_by).and_return(@record)
+
+        # given a controller class which acts as token authentication handler
+        controller_class = Class.new
+        allow(controller_class).to receive(:before_filter)
+        controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
+        # and handles authentication for a given model
+        controller_class.acts_as_token_authentication_handler_for User
+
+        @controller = controller_class.new
+        allow(@controller).to receive(:params)
+        # and there are credentials for a record of that model in params or headers
+        allow(@controller).to receive(:get_identifier_from_params_or_headers)
+        # and both identifier and authentication token are correct
+        allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
+        allow(@controller).to receive(:token_correct?).and_return(true)
+        allow(@controller).to receive(:env).and_return({})
+      end
+
+      context 'when false' do
+
+        it 'does instruct Devise not to store the session', public: true do
+          allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(false)
+
+          expect(@controller).to receive(:sign_in).with(@record, store: false)
+          @controller.authenticate_user_from_token
+        end
+      end
+
+      context 'when true' do
+
+        it 'does instruct Devise to store the session', public: true do
+          allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(true)
+
+          expect(@controller).to receive(:sign_in).with(@record, store: true)
+          @controller.authenticate_user_from_token
+        end
+      end
+    end
+
+    it 'can be modified from an initializer file', public: true do
+      user = double()
+      stub_const('User', user)
+      allow(user).to receive(:name).and_return('User')
+      @record = double()
+      allow(user).to receive(:find_by).and_return(@record)
+
+      # given a controller class which acts as token authentication handler
+      controller_class = Class.new
+      allow(controller_class).to receive(:before_filter)
+      controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
+
+      allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return('initial value')
+      # INITIALIZATION
+      # this step occurs when 'simple_token_authentication' is required
+      #
+      # given the controller class handles token authentication for a model
+      controller_class.acts_as_token_authentication_handler_for User
+
+      # RUNTIME
+      @controller = controller_class.new
+      allow(@controller).to receive(:params)
+      # and there are credentials for a record of that model in params or headers
+      allow(@controller).to receive(:get_identifier_from_params_or_headers)
+      # and both identifier and authentication token are correct
+      allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
+      allow(@controller).to receive(:token_correct?).and_return(true)
+      allow(@controller).to receive(:env).and_return({})
+
+      # even if modified *after* the class was loaded
+      allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return('updated value')
+
+      # the option updated value is taken into account
+      # when token authentication is performed
+      expect(@controller).to receive(:sign_in).with(@record, store: 'updated value')
+      @controller.authenticate_user_from_token
+    end
+  end
+end

data/spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb

@@ -0,0 +1,108 @@
+require 'spec_helper'
+
+
+class DummyTokenGenerator
+  def initialize(args={})
+    @tokens_to_be_generated = args[:tokens_to_be_generated]
+  end
+
+  def generate_token
+    @tokens_to_be_generated.shift
+  end
+end
+
+describe DummyTokenGenerator do
+  it_behaves_like 'a token generator'
+end
+
+describe 'A token authenticatable class (or one of its children)' do
+
+  after(:each) do
+    ensure_examples_independence
+  end
+
+  before(:each) do
+    define_test_subjects_for_inclusion_of(SimpleTokenAuthentication::ActsAsTokenAuthenticatable)
+  end
+
+  it 'responds to :acts_as_token_authenticatable', public: true do
+    @subjects.each do |subject|
+      expect(subject).to respond_to :acts_as_token_authenticatable
+    end
+  end
+
+  describe 'which supports the :before_save hook' do
+
+    context 'when it acts as token authenticatable' do
+      it 'ensures its instances have an authentication token before being saved (1)', rspec_3_error: true, public: true do
+        some_class = @subjects.first
+
+        expect(some_class).to receive(:before_save).with(:ensure_authentication_token)
+        some_class.acts_as_token_authenticatable
+      end
+
+      it 'ensures its instances have an authentication token before being saved (2)', rspec_3_error: true, public: true do
+        some_child_class = @subjects.last
+
+        expect(some_child_class).to receive(:before_save).with(:ensure_authentication_token)
+        some_child_class.acts_as_token_authenticatable
+      end
+    end
+  end
+
+  describe 'instance' do
+
+    it 'responds to :ensure_authentication_token', protected: true do
+      @subjects.map!{ |subject| subject.new }
+      @subjects.each do |subject|
+        expect(subject).to respond_to :ensure_authentication_token
+      end
+    end
+
+    context 'when some authentication tokens are already in use' do
+
+      before(:each) do
+        TOKENS_IN_USE = ['ExampleTok3n', '4notherTokeN']
+
+        @subjects.each do |k|
+          k.class_eval do
+
+            def initialize(args={})
+              @authentication_token = args[:authentication_token]
+              @token_generator = DummyTokenGenerator.new(
+                  tokens_to_be_generated: TOKENS_IN_USE + ['Dist1nCt-Tok3N'])
+            end
+
+            def authentication_token=(value)
+              @authentication_token = value
+            end
+
+            def authentication_token
+              @authentication_token
+            end
+
+            # the 'ExampleTok3n' is already in use
+            def token_suitable?(token)
+              not TOKENS_IN_USE.include? token
+            end
+
+            def token_generator
+              @token_generator
+            end
+          end
+        end
+        @subjects.map!{ |subject| subject.new }
+      end
+
+      it 'ensures its authentication token is unique', public: true do
+        @subjects.each do |subject|
+          subject.ensure_authentication_token
+
+          expect(subject.authentication_token).not_to eq 'ExampleTok3n'
+          expect(subject.authentication_token).not_to eq '4notherTokeN'
+          expect(subject.authentication_token).to eq 'Dist1nCt-Tok3N'
+        end
+      end
+    end
+  end
+end

data/spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb

@@ -0,0 +1,127 @@
+require 'spec_helper'
+
+def ignore_cucumber_hack
+  skip_rails_test_environment_code
+end
+
+# Skip the code intended to be run in the Rails test environment
+def skip_rails_test_environment_code
+  rails = double()
+  stub_const('Rails', rails)
+  allow(rails).to receive_message_chain(:env, :test?).and_return(false)
+end
+
+describe 'Any class which extends SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler (or any if its children)' do
+
+  after(:each) do
+    ensure_examples_independence
+  end
+
+  before(:each) do
+    define_test_subjects_for_extension_of(SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler)
+  end
+
+  it 'responds to :acts_as_token_authentication_handler_for', public: true do
+    @subjects.each do |subject|
+      expect(subject).to respond_to :acts_as_token_authentication_handler_for
+    end
+  end
+
+  it 'responds to :acts_as_token_authentication_handler', public: true, deprecated: true do
+    @subjects.each do |subject|
+      expect(subject).to respond_to :acts_as_token_authentication_handler
+    end
+  end
+
+  it 'doesn\'t behave like a token authentication handler', public: true do
+    stub_const('SimpleTokenAuthentication::TokenAuthenticationHandler', Module.new)
+
+    @subjects.each do |subject|
+      expect(subject).not_to be_include SimpleTokenAuthentication::TokenAuthenticationHandler
+    end
+  end
+
+  context 'when it explicitely acts as a token authentication handler' do
+
+    it 'behaves like a token authentication handler (1)', rspec_3_error: true, public: true do
+      double_user_model
+      stub_const('SimpleTokenAuthentication::TokenAuthenticationHandler', Module.new)
+
+      some_class = @subjects.first
+      allow(some_class).to receive(:handle_token_authentication_for)
+
+      some_class.acts_as_token_authentication_handler_for User
+      expect(some_class).to be_include SimpleTokenAuthentication::TokenAuthenticationHandler
+    end
+
+    it 'behaves like a token authentication handler (2)', rspec_3_error: true, public: true do
+      double_user_model
+      stub_const('SimpleTokenAuthentication::TokenAuthenticationHandler', Module.new)
+
+      some_child_class = @subjects.last
+      allow(some_child_class).to receive(:handle_token_authentication_for)
+
+      some_child_class.acts_as_token_authentication_handler_for User
+      expect(some_child_class).to be_include SimpleTokenAuthentication::TokenAuthenticationHandler
+    end
+  end
+
+  describe '.acts_as_token_authentication_handler_for', rspec_3_error: true do
+
+    it 'ensures the receiver class does handle token authentication for a given (token authenticatable) model (1)', public: true do
+      double_user_model
+
+      some_class = @subjects.first
+      allow(some_class).to receive(:before_filter)
+
+      expect(some_class).to receive(:include).with(SimpleTokenAuthentication::TokenAuthenticationHandler)
+      expect(some_class).to receive(:handle_token_authentication_for).with(User, { option: 'value' })
+
+      some_class.acts_as_token_authentication_handler_for User, { option: 'value' }
+    end
+
+    it 'ensures the receiver class does handle token authentication for a given (token authenticatable) model (2)', public: true do
+      double_user_model
+
+      some_child_class = @subjects.last
+      allow(some_child_class).to receive(:before_filter)
+
+      expect(some_child_class).to receive(:include).with(SimpleTokenAuthentication::TokenAuthenticationHandler)
+      expect(some_child_class).to receive(:handle_token_authentication_for).with(User, { option: 'value' })
+
+      some_child_class.acts_as_token_authentication_handler_for User, { option: 'value' }
+    end
+  end
+
+  describe '.acts_as_token_authentication_handler', deprecated: true do
+
+    it 'issues a deprecation warning', public: true do
+      double_user_model
+
+      @subjects.each do |subject|
+        deprecation_handler = double()
+        stub_const('ActiveSupport::Deprecation', deprecation_handler)
+        allow(subject).to receive(:acts_as_token_authentication_handler_for)
+
+        expect(deprecation_handler).to receive(:warn)
+
+        subject.acts_as_token_authentication_handler
+      end
+    end
+
+    it 'is replaced by .acts_as_token_authentication_handler_for', public: true do
+      double_user_model
+
+      @subjects.each do |subject|
+        deprecation_handler = double()
+        allow(deprecation_handler).to receive(:warn)
+        stub_const('ActiveSupport::Deprecation', deprecation_handler)
+        allow(subject).to receive(:acts_as_token_authentication_handler_for)
+
+        expect(subject).to receive(:acts_as_token_authentication_handler_for).with(User)
+
+        subject.acts_as_token_authentication_handler
+      end
+    end
+  end
+end

data/spec/lib/simple_token_authentication/adapter_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+describe 'Any class which extends SimpleTokenAuthentication::Adapter' do
+
+  after(:each) do
+    SimpleTokenAuthentication.send(:remove_const, :SomeClass)
+  end
+
+  before(:each) do
+    @subject = define_dummy_class_which_extends(SimpleTokenAuthentication::Adapter)
+  end
+
+  it_behaves_like 'an adapter'
+
+  describe '.base_class' do
+
+    it 'raises an error if not overwritten', public: true do
+      expect{ @subject.base_class }.to raise_error NotImplementedError
+    end
+  end
+end

data/spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+require 'simple_token_authentication/adapters/active_record_adapter'
+
+describe 'SimpleTokenAuthentication::Adapters::ActiveRecordAdapter' do
+
+  before(:each) do
+    stub_const('ActiveRecord', Module.new)
+    stub_const('ActiveRecord::Base', double())
+
+    @subject = SimpleTokenAuthentication::Adapters::ActiveRecordAdapter
+  end
+
+  it_behaves_like 'an adapter'
+
+  describe '.base_class' do
+
+    it 'is ActiveRecord::Base', private: true do
+      expect(@subject.base_class).to eq ActiveRecord::Base
+    end
+  end
+end

data/spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+require 'simple_token_authentication/adapters/rails_adapter'
+
+describe 'SimpleTokenAuthentication::Adapters::RailsAdapter' do
+
+  before(:each) do
+    stub_const('ActionController', Module.new)
+    stub_const('ActionController::Base', double())
+
+    @subject = SimpleTokenAuthentication::Adapters::RailsAdapter
+  end
+
+  it_behaves_like 'an adapter'
+
+  describe '.base_class' do
+
+    it 'is ActionController::Base', private: true do
+      expect(@subject.base_class).to eq ActionController::Base
+    end
+  end
+end

data/spec/lib/simple_token_authentication/configuration_spec.rb

@@ -0,0 +1,121 @@
+require 'spec_helper'
+
+describe SimpleTokenAuthentication::Configuration do
+
+
+  context 'when included in any class' do
+
+    before(:each) do
+      SimpleTokenAuthentication.const_set(:ConfigurableClass, Class.new)
+      klass = SimpleTokenAuthentication::ConfigurableClass
+      klass.send :include, SimpleTokenAuthentication::Configuration
+      @subject = klass.new
+    end
+
+    after(:each) do
+      SimpleTokenAuthentication.send(:remove_const, :ConfigurableClass)
+    end
+
+    describe 'provides #controller_adapters which' do
+
+      it_behaves_like 'a configuration option', 'controller_adapters'
+
+      it "defauts to ['rails']", private: true do
+        expect(@subject.controller_adapters).to eq ['rails']
+      end
+    end
+
+    describe 'provides #model_adapters which' do
+
+      it_behaves_like 'a configuration option', 'model_adapters'
+
+      it "defauts to ['active_record']", private: true do
+        expect(@subject.model_adapters).to eq ['active_record']
+      end
+    end
+
+    describe 'provides #header_names which', header_names_option: true do
+
+      it_behaves_like 'a configuration option', 'header_names'
+
+      it 'defauts to {}', public: true  do
+        expect(@subject.header_names).to eq({})
+      end
+    end
+
+    describe 'provides #sign_in_token which', sign_in_token_option: true do
+
+      it_behaves_like 'a configuration option', 'sign_in_token'
+
+      it 'defauts to false', public: true do
+        expect(@subject.sign_in_token).to eq false
+      end
+    end
+
+    describe 'does provide #fallback which', fallback_option: true do
+
+      it 'is readable', private: true do
+        expect(@subject).to respond_to :fallback
+      end
+
+      it 'can\'t be written', private: true do
+        expect(@subject).not_to respond_to :fallback=
+      end
+
+      it 'defaults to :devise', private: true do
+        expect(@subject.fallback).to eq :devise
+      end
+    end
+
+    describe 'provides #parse_options which' do
+
+      describe 'replaces :fallback_to_devise by :fallback' do
+
+        context 'when :fallback option is set' do
+
+          it 'removes :fallback_to_devise', private: true do
+            options = { fallback: 'anything', fallback_to_devise: true }
+            expect(@subject.parse_options(options)).to eq({ fallback: 'anything' })
+          end
+        end
+
+        context 'when :fallback option is omitted' do
+          context 'and :fallback_to_devise is true' do
+
+            it 'replaces it by fallback: :devise', private: true do
+              options = { fallback_to_devise: true }
+              expect(@subject.parse_options(options)).to eq({ fallback: :devise })
+            end
+          end
+
+          context 'and :fallback_to_devise is false' do
+
+            context 'when :fallback default is :devise' do
+              it 'replaces :fallback_to_devise by fallback: :none', private: true do
+                allow(SimpleTokenAuthentication).to receive(:fallback).and_return(:devise)
+                options = { fallback_to_devise: false }
+                expect(@subject.parse_options(options)).to eq({ fallback: :none })
+              end
+            end
+
+            context 'when :fallback default is not :devise' do
+              it 'replaces :fallback_to_devise by :fallback default', private: true do
+                allow(SimpleTokenAuthentication).to receive(:fallback).and_return('anything_but_devise')
+                options = { fallback_to_devise: false }
+                expect(@subject.parse_options(options)).to eq({ fallback: 'anything_but_devise' })
+              end
+            end
+          end
+
+          context 'and :fallback_to_devise is omitted' do
+            it 'sets :fallback to its default value', private: true do
+              allow(SimpleTokenAuthentication).to receive(:fallback).and_return('any_value')
+              options = {}
+              expect(@subject.parse_options(options)).to eq({ fallback: 'any_value' })
+            end
+          end
+        end
+      end
+    end
+  end
+end