sorcery 0.1.0 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. data/Gemfile +1 -2
  2. data/LICENSE.txt +1 -1
  3. data/README.rdoc +55 -42
  4. data/Rakefile +2 -12
  5. data/VERSION +1 -1
  6. data/lib/sorcery/controller/submodules/activity_logging.rb +45 -0
  7. data/lib/sorcery/controller/submodules/brute_force_protection.rb +8 -69
  8. data/lib/sorcery/controller/submodules/http_basic_auth.rb +60 -0
  9. data/lib/sorcery/controller/submodules/session_timeout.rb +4 -1
  10. data/lib/sorcery/controller.rb +13 -7
  11. data/lib/sorcery/crypto_providers/bcrypt.rb +2 -6
  12. data/lib/sorcery/model/submodules/activity_logging.rb +35 -0
  13. data/lib/sorcery/model/submodules/brute_force_protection.rb +72 -0
  14. data/lib/sorcery/model/submodules/remember_me.rb +3 -1
  15. data/lib/sorcery/model/submodules/reset_password.rb +93 -0
  16. data/lib/sorcery/model/submodules/user_activation.rb +8 -6
  17. data/lib/sorcery/model.rb +14 -8
  18. data/lib/sorcery.rb +5 -1
  19. data/sorcery.gemspec +221 -0
  20. data/spec/Gemfile +1 -1
  21. data/spec/Gemfile.lock +2 -2
  22. data/spec/rails3/Gemfile +3 -2
  23. data/spec/rails3/Gemfile.lock +4 -2
  24. data/spec/rails3/app_root/app/controllers/application_controller.rb +6 -1
  25. data/spec/rails3/app_root/config/routes.rb +1 -0
  26. data/spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
  27. data/spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
  28. data/spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
  29. data/spec/rails3/controller_activity_logging_spec.rb +84 -0
  30. data/spec/rails3/controller_brute_force_protection_spec.rb +24 -41
  31. data/spec/rails3/controller_http_basic_auth_spec.rb +50 -0
  32. data/spec/rails3/controller_session_timeout_spec.rb +1 -0
  33. data/spec/rails3/controller_spec.rb +3 -3
  34. data/spec/rails3/spec_helper.rb +39 -19
  35. data/spec/rails3/user_activation_spec.rb +7 -7
  36. data/spec/rails3/user_activity_logging_spec.rb +36 -0
  37. data/spec/rails3/user_brute_force_protection_spec.rb +76 -0
  38. data/spec/rails3/user_reset_password_spec.rb +198 -0
  39. data/spec/rails3/user_spec.rb +8 -4
  40. metadata +40 -64
  41. data/features/support/env.rb +0 -13
  42. data/lib/sorcery/model/submodules/password_reset.rb +0 -64
  43. data/spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb +0 -9
  44. data/spec/rails3/user_password_reset_spec.rb +0 -76
@@ -0,0 +1,93 @@
1
+ module Sorcery
2
+ module Model
3
+ module Submodules
4
+ # This submodule adds the ability to reset password via email confirmation.
5
+ module ResetPassword
6
+ def self.included(base)
7
+ base.sorcery_config.class_eval do
8
+ attr_accessor :reset_password_token_attribute_name, # reset password code attribute name.
9
+ :reset_password_token_expires_at_attribute_name, # expires at attribute name.
10
+ :reset_password_email_sent_at_attribute_name, # when was email sent, used for hammering protection.
11
+ :reset_password_mailer, # mailer class. Needed.
12
+ :reset_password_email_method_name, # reset password email method on your mailer class.
13
+ :reset_password_expiration_period, # how many seconds before the reset request expires. nil for never expires.
14
+ :reset_password_time_between_emails # hammering protection, how long to wait before allowing another email to be sent.
15
+
16
+ end
17
+
18
+ base.sorcery_config.instance_eval do
19
+ @defaults.merge!(:@reset_password_token_attribute_name => :reset_password_token,
20
+ :@reset_password_token_expires_at_attribute_name => :reset_password_token_expires_at,
21
+ :@reset_password_email_sent_at_attribute_name => :reset_password_email_sent_at,
22
+ :@reset_password_mailer => nil,
23
+ :@reset_password_email_method_name => :reset_password_email,
24
+ :@reset_password_expiration_period => nil,
25
+ :@reset_password_time_between_emails => 5.minutes )
26
+
27
+ reset!
28
+ end
29
+
30
+ base.sorcery_config.after_config << :validate_mailer_defined
31
+
32
+ base.extend(ClassMethods)
33
+ base.send(:include, InstanceMethods)
34
+ end
35
+
36
+ module ClassMethods
37
+
38
+ def load_from_reset_password_token(token)
39
+ return nil if token.blank?
40
+ user = where("#{@sorcery_config.reset_password_token_attribute_name} = ?", token).first
41
+ if !user.blank? && !@sorcery_config.reset_password_expiration_period.nil?
42
+ return user.reset_password_token_valid? ? user : nil
43
+ end
44
+ user
45
+ end
46
+
47
+ protected
48
+
49
+ def validate_mailer_defined
50
+ msg = "To use reset_password submodule, you must define a mailer (config.reset_password_mailer = YourMailerClass)."
51
+ raise ArgumentError, msg if @sorcery_config.reset_password_mailer == nil
52
+ end
53
+
54
+ end
55
+
56
+ module InstanceMethods
57
+ # generates a reset code with expiration and sends an email to the user.
58
+ def deliver_reset_password_instructions!
59
+ config = sorcery_config
60
+ # hammering protection
61
+ return if config.reset_password_time_between_emails && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.ago.utc
62
+ self.send(:"#{config.reset_password_token_attribute_name}=", generate_random_code)
63
+ self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", Time.now.utc + config.reset_password_expiration_period) if config.reset_password_expiration_period
64
+ self.send(:"#{config.reset_password_email_sent_at_attribute_name}=", Time.now.utc)
65
+ self.class.transaction do
66
+ self.save!(:validate => false)
67
+ generic_send_email(:reset_password_email_method_name, :reset_password_mailer)
68
+ end
69
+ end
70
+
71
+ def reset_password!(params)
72
+ clear_reset_password_token
73
+ update_attributes(params)
74
+ end
75
+
76
+ def reset_password_token_valid?
77
+ config = sorcery_config
78
+ config.reset_password_expiration_period ? Time.now.utc < self.send(config.reset_password_token_expires_at_attribute_name) : true
79
+ end
80
+
81
+ protected
82
+
83
+ def clear_reset_password_token
84
+ config = sorcery_config
85
+ self.send(:"#{config.reset_password_token_attribute_name}=", nil)
86
+ self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", nil) if config.reset_password_expiration_period
87
+ end
88
+ end
89
+
90
+ end
91
+ end
92
+ end
93
+ end
@@ -10,7 +10,7 @@ module Sorcery
10
10
  base.sorcery_config.class_eval do
11
11
  attr_accessor :activation_state_attribute_name, # the attribute name to hold activation state (active/pending).
12
12
  :activation_code_attribute_name, # the attribute name to hold activation code (sent by email).
13
- :sorcery_mailer, # your mailer class. Needed.
13
+ :user_activation_mailer, # your mailer class. Needed.
14
14
  :activation_needed_email_method_name, # activation needed email method on your mailer class.
15
15
  :activation_success_email_method_name, # activation success email method on your mailer class.
16
16
  :prevent_non_active_users_to_login # do you want to prevent or allow users that did not activate by email to login?
@@ -19,7 +19,7 @@ module Sorcery
19
19
  base.sorcery_config.instance_eval do
20
20
  @defaults.merge!(:@activation_state_attribute_name => :activation_state,
21
21
  :@activation_code_attribute_name => :activation_code,
22
- :@sorcery_mailer => nil,
22
+ :@user_activation_mailer => nil,
23
23
  :@activation_needed_email_method_name => :activation_needed_email,
24
24
  :@activation_success_email_method_name => :activation_success_email,
25
25
  :@prevent_non_active_users_to_login => true)
@@ -40,9 +40,11 @@ module Sorcery
40
40
  end
41
41
 
42
42
  module ClassMethods
43
+ protected
44
+
43
45
  def validate_mailer_defined
44
- msg = "To use user_activation submodule, you must define a mailer (config.sorcery_mailer = YourMailerClass)."
45
- raise ArgumentError, msg if @sorcery_config.sorcery_mailer == nil
46
+ msg = "To use user_activation submodule, you must define a mailer (config.user_activation_mailer = YourMailerClass)."
47
+ raise ArgumentError, msg if @sorcery_config.user_activation_mailer == nil
46
48
  end
47
49
  end
48
50
 
@@ -65,11 +67,11 @@ module Sorcery
65
67
  end
66
68
 
67
69
  def send_activation_needed_email!
68
- generic_send_email(:activation_needed_email_method_name) unless sorcery_config.activation_needed_email_method_name.nil?
70
+ generic_send_email(:activation_needed_email_method_name, :user_activation_mailer) unless sorcery_config.activation_needed_email_method_name.nil?
69
71
  end
70
72
 
71
73
  def send_activation_success_email!
72
- generic_send_email(:activation_success_email_method_name) unless sorcery_config.activation_success_email_method_name.nil?
74
+ generic_send_email(:activation_success_email_method_name, :user_activation_mailer) unless sorcery_config.activation_success_email_method_name.nil?
73
75
  end
74
76
 
75
77
  def prevent_non_active_login
data/lib/sorcery/model.rb CHANGED
@@ -52,10 +52,16 @@ module Sorcery
52
52
  def authenticate(*credentials)
53
53
  raise ArgumentError, "at least 2 arguments required" if credentials.size < 2
54
54
  user = where("#{@sorcery_config.username_attribute_name} = ?", credentials[0]).first
55
- salt = user.send(@sorcery_config.salt_attribute_name) if user && !@sorcery_config.salt_attribute_name.nil?
56
- user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && (user.send(@sorcery_config.crypted_password_attribute_name)) == encrypt(credentials[1],salt)
55
+ _salt = user.send(@sorcery_config.salt_attribute_name) if user && !@sorcery_config.salt_attribute_name.nil? && !@sorcery_config.encryption_provider.nil?
56
+ user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && credentials_match?(user.send(@sorcery_config.crypted_password_attribute_name),credentials[1],_salt)
57
+ end
58
+
59
+ def credentials_match?(crypted, *tokens)
60
+ return crypted == tokens.join if @sorcery_config.encryption_provider.nil?
61
+ @sorcery_config.encryption_provider.matches?(crypted, *tokens)
57
62
  end
58
63
 
64
+ # encrypt tokens using current encryption_provider.
59
65
  def encrypt(*tokens)
60
66
  return tokens.first if @sorcery_config.encryption_provider.nil?
61
67
 
@@ -78,8 +84,8 @@ module Sorcery
78
84
  # encrypts password with salt and save it.
79
85
  def encrypt_password
80
86
  config = sorcery_config
81
- self.send(:"#{config.salt_attribute_name}=", generate_random_code) if !config.salt_attribute_name.nil?
82
- self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),salt))
87
+ new_salt = self.send(:"#{config.salt_attribute_name}=", generate_random_code) if !config.salt_attribute_name.nil?
88
+ self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),new_salt))
83
89
  end
84
90
 
85
91
  def clear_virtual_password
@@ -89,10 +95,10 @@ module Sorcery
89
95
 
90
96
  # calls the requested email method on the configured mailer
91
97
  # supports both the ActionMailer 3 way of calling, and the plain old Ruby object way.
92
- def generic_send_email(method)
98
+ def generic_send_email(method, mailer)
93
99
  config = sorcery_config
94
- mail = config.sorcery_mailer.send(config.send(method),self)
95
- if defined?(ActionMailer) and config.sorcery_mailer.superclass == ActionMailer::Base
100
+ mail = config.send(mailer).send(config.send(method),self)
101
+ if defined?(ActionMailer) and config.send(mailer).superclass == ActionMailer::Base
96
102
  mail.deliver
97
103
  end
98
104
  end
@@ -131,7 +137,7 @@ module Sorcery
131
137
  :@password_attribute_name => :password,
132
138
  :@email_attribute_name => :email,
133
139
  :@crypted_password_attribute_name => :crypted_password,
134
- :@encryption_algorithm => :sha256,
140
+ :@encryption_algorithm => :bcrypt,
135
141
  :@encryption_provider => CryptoProviders::BCrypt,
136
142
  :@custom_encryption_provider => nil,
137
143
  :@encryption_key => nil,
data/lib/sorcery.rb CHANGED
@@ -3,8 +3,10 @@ module Sorcery
3
3
  module Model
4
4
  module Submodules
5
5
  autoload :UserActivation, 'sorcery/model/submodules/user_activation'
6
- autoload :PasswordReset, 'sorcery/model/submodules/password_reset'
6
+ autoload :ResetPassword, 'sorcery/model/submodules/reset_password'
7
7
  autoload :RememberMe, 'sorcery/model/submodules/remember_me'
8
+ autoload :ActivityLogging, 'sorcery/model/submodules/activity_logging'
9
+ autoload :BruteForceProtection, 'sorcery/model/submodules/brute_force_protection'
8
10
  end
9
11
  end
10
12
  autoload :Controller, 'sorcery/controller'
@@ -13,6 +15,8 @@ module Sorcery
13
15
  autoload :RememberMe, 'sorcery/controller/submodules/remember_me'
14
16
  autoload :SessionTimeout, 'sorcery/controller/submodules/session_timeout'
15
17
  autoload :BruteForceProtection, 'sorcery/controller/submodules/brute_force_protection'
18
+ autoload :HttpBasicAuth, 'sorcery/controller/submodules/http_basic_auth'
19
+ autoload :ActivityLogging, 'sorcery/controller/submodules/activity_logging'
16
20
  end
17
21
  end
18
22
  module CryptoProviders
data/sorcery.gemspec ADDED
@@ -0,0 +1,221 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{sorcery}
8
+ s.version = "0.1.4"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Noam Ben Ari"]
12
+ s.date = %q{2011-02-19}
13
+ s.description = %q{Provides common authentication needs such as signing in/out, activating by email and resetting password.}
14
+ s.email = %q{nbenari@gmail.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE.txt",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ ".rspec",
22
+ "Gemfile",
23
+ "Gemfile.lock",
24
+ "LICENSE.txt",
25
+ "README.rdoc",
26
+ "Rakefile",
27
+ "VERSION",
28
+ "lib/sorcery.rb",
29
+ "lib/sorcery/controller.rb",
30
+ "lib/sorcery/controller/submodules/activity_logging.rb",
31
+ "lib/sorcery/controller/submodules/brute_force_protection.rb",
32
+ "lib/sorcery/controller/submodules/http_basic_auth.rb",
33
+ "lib/sorcery/controller/submodules/remember_me.rb",
34
+ "lib/sorcery/controller/submodules/session_timeout.rb",
35
+ "lib/sorcery/crypto_providers/aes256.rb",
36
+ "lib/sorcery/crypto_providers/bcrypt.rb",
37
+ "lib/sorcery/crypto_providers/md5.rb",
38
+ "lib/sorcery/crypto_providers/sha1.rb",
39
+ "lib/sorcery/crypto_providers/sha256.rb",
40
+ "lib/sorcery/crypto_providers/sha512.rb",
41
+ "lib/sorcery/engine.rb",
42
+ "lib/sorcery/model.rb",
43
+ "lib/sorcery/model/submodules/activity_logging.rb",
44
+ "lib/sorcery/model/submodules/brute_force_protection.rb",
45
+ "lib/sorcery/model/submodules/remember_me.rb",
46
+ "lib/sorcery/model/submodules/reset_password.rb",
47
+ "lib/sorcery/model/submodules/user_activation.rb",
48
+ "sorcery.gemspec",
49
+ "spec/Gemfile",
50
+ "spec/Gemfile.lock",
51
+ "spec/Rakefile",
52
+ "spec/rails3/.rspec",
53
+ "spec/rails3/Gemfile",
54
+ "spec/rails3/Gemfile.lock",
55
+ "spec/rails3/Rakefile",
56
+ "spec/rails3/app_root/.gitignore",
57
+ "spec/rails3/app_root/README",
58
+ "spec/rails3/app_root/Rakefile.unused",
59
+ "spec/rails3/app_root/app/controllers/application_controller.rb",
60
+ "spec/rails3/app_root/app/helpers/application_helper.rb",
61
+ "spec/rails3/app_root/app/mailers/sorcery_mailer.rb",
62
+ "spec/rails3/app_root/app/models/user.rb",
63
+ "spec/rails3/app_root/app/views/layouts/application.html.erb",
64
+ "spec/rails3/app_root/app/views/sorcery_mailer/activation_email.html.erb",
65
+ "spec/rails3/app_root/app/views/sorcery_mailer/activation_email.text.erb",
66
+ "spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.html.erb",
67
+ "spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.text.erb",
68
+ "spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.html.erb",
69
+ "spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.text.erb",
70
+ "spec/rails3/app_root/config.ru",
71
+ "spec/rails3/app_root/config/application.rb",
72
+ "spec/rails3/app_root/config/boot.rb",
73
+ "spec/rails3/app_root/config/database.yml",
74
+ "spec/rails3/app_root/config/environment.rb",
75
+ "spec/rails3/app_root/config/environments/development.rb",
76
+ "spec/rails3/app_root/config/environments/in_memory.rb",
77
+ "spec/rails3/app_root/config/environments/production.rb",
78
+ "spec/rails3/app_root/config/environments/test.rb",
79
+ "spec/rails3/app_root/config/initializers/backtrace_silencers.rb",
80
+ "spec/rails3/app_root/config/initializers/inflections.rb",
81
+ "spec/rails3/app_root/config/initializers/mime_types.rb",
82
+ "spec/rails3/app_root/config/initializers/secret_token.rb",
83
+ "spec/rails3/app_root/config/initializers/session_store.rb",
84
+ "spec/rails3/app_root/config/locales/en.yml",
85
+ "spec/rails3/app_root/config/routes.rb",
86
+ "spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb",
87
+ "spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb",
88
+ "spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb",
89
+ "spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb",
90
+ "spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb",
91
+ "spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb",
92
+ "spec/rails3/app_root/db/schema.rb",
93
+ "spec/rails3/app_root/db/seeds.rb",
94
+ "spec/rails3/app_root/lib/tasks/.gitkeep",
95
+ "spec/rails3/app_root/public/404.html",
96
+ "spec/rails3/app_root/public/422.html",
97
+ "spec/rails3/app_root/public/500.html",
98
+ "spec/rails3/app_root/public/favicon.ico",
99
+ "spec/rails3/app_root/public/images/rails.png",
100
+ "spec/rails3/app_root/public/index.html",
101
+ "spec/rails3/app_root/public/javascripts/application.js",
102
+ "spec/rails3/app_root/public/javascripts/controls.js",
103
+ "spec/rails3/app_root/public/javascripts/dragdrop.js",
104
+ "spec/rails3/app_root/public/javascripts/effects.js",
105
+ "spec/rails3/app_root/public/javascripts/prototype.js",
106
+ "spec/rails3/app_root/public/javascripts/rails.js",
107
+ "spec/rails3/app_root/public/robots.txt",
108
+ "spec/rails3/app_root/public/stylesheets/.gitkeep",
109
+ "spec/rails3/app_root/script/rails",
110
+ "spec/rails3/app_root/test/fixtures/users.yml",
111
+ "spec/rails3/app_root/test/performance/browsing_test.rb",
112
+ "spec/rails3/app_root/test/test_helper.rb",
113
+ "spec/rails3/app_root/test/unit/user_test.rb",
114
+ "spec/rails3/app_root/vendor/plugins/.gitkeep",
115
+ "spec/rails3/controller_activity_logging_spec.rb",
116
+ "spec/rails3/controller_brute_force_protection_spec.rb",
117
+ "spec/rails3/controller_http_basic_auth_spec.rb",
118
+ "spec/rails3/controller_remember_me_spec.rb",
119
+ "spec/rails3/controller_session_timeout_spec.rb",
120
+ "spec/rails3/controller_spec.rb",
121
+ "spec/rails3/spec_helper.rb",
122
+ "spec/rails3/user_activation_spec.rb",
123
+ "spec/rails3/user_activity_logging_spec.rb",
124
+ "spec/rails3/user_brute_force_protection_spec.rb",
125
+ "spec/rails3/user_remember_me_spec.rb",
126
+ "spec/rails3/user_reset_password_spec.rb",
127
+ "spec/rails3/user_spec.rb",
128
+ "spec/sorcery_crypto_providers_spec.rb",
129
+ "spec/spec_helper.rb"
130
+ ]
131
+ s.homepage = %q{http://github.com/NoamB/sorcery}
132
+ s.licenses = ["MIT"]
133
+ s.require_paths = ["lib"]
134
+ s.rubygems_version = %q{1.5.0}
135
+ s.summary = %q{Magical authentication for Rails 3 applications}
136
+ s.test_files = [
137
+ "spec/rails3/app_root/app/controllers/application_controller.rb",
138
+ "spec/rails3/app_root/app/helpers/application_helper.rb",
139
+ "spec/rails3/app_root/app/mailers/sorcery_mailer.rb",
140
+ "spec/rails3/app_root/app/models/user.rb",
141
+ "spec/rails3/app_root/config/application.rb",
142
+ "spec/rails3/app_root/config/boot.rb",
143
+ "spec/rails3/app_root/config/environment.rb",
144
+ "spec/rails3/app_root/config/environments/development.rb",
145
+ "spec/rails3/app_root/config/environments/in_memory.rb",
146
+ "spec/rails3/app_root/config/environments/production.rb",
147
+ "spec/rails3/app_root/config/environments/test.rb",
148
+ "spec/rails3/app_root/config/initializers/backtrace_silencers.rb",
149
+ "spec/rails3/app_root/config/initializers/inflections.rb",
150
+ "spec/rails3/app_root/config/initializers/mime_types.rb",
151
+ "spec/rails3/app_root/config/initializers/secret_token.rb",
152
+ "spec/rails3/app_root/config/initializers/session_store.rb",
153
+ "spec/rails3/app_root/config/routes.rb",
154
+ "spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb",
155
+ "spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb",
156
+ "spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb",
157
+ "spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb",
158
+ "spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb",
159
+ "spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb",
160
+ "spec/rails3/app_root/db/schema.rb",
161
+ "spec/rails3/app_root/db/seeds.rb",
162
+ "spec/rails3/app_root/test/performance/browsing_test.rb",
163
+ "spec/rails3/app_root/test/test_helper.rb",
164
+ "spec/rails3/app_root/test/unit/user_test.rb",
165
+ "spec/rails3/controller_activity_logging_spec.rb",
166
+ "spec/rails3/controller_brute_force_protection_spec.rb",
167
+ "spec/rails3/controller_http_basic_auth_spec.rb",
168
+ "spec/rails3/controller_remember_me_spec.rb",
169
+ "spec/rails3/controller_session_timeout_spec.rb",
170
+ "spec/rails3/controller_spec.rb",
171
+ "spec/rails3/spec_helper.rb",
172
+ "spec/rails3/user_activation_spec.rb",
173
+ "spec/rails3/user_activity_logging_spec.rb",
174
+ "spec/rails3/user_brute_force_protection_spec.rb",
175
+ "spec/rails3/user_remember_me_spec.rb",
176
+ "spec/rails3/user_reset_password_spec.rb",
177
+ "spec/rails3/user_spec.rb",
178
+ "spec/sorcery_crypto_providers_spec.rb",
179
+ "spec/spec_helper.rb"
180
+ ]
181
+
182
+ if s.respond_to? :specification_version then
183
+ s.specification_version = 3
184
+
185
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
186
+ s.add_development_dependency(%q<rails>, [">= 3.0.0"])
187
+ s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
188
+ s.add_development_dependency(%q<rspec-rails>, [">= 0"])
189
+ s.add_development_dependency(%q<ruby-debug19>, [">= 0"])
190
+ s.add_development_dependency(%q<sqlite3-ruby>, [">= 0"])
191
+ s.add_development_dependency(%q<yard>, ["~> 0.6.0"])
192
+ s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
193
+ s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
194
+ s.add_development_dependency(%q<simplecov>, [">= 0.3.8"])
195
+ s.add_runtime_dependency(%q<bcrypt-ruby>, ["~> 2.1.4"])
196
+ else
197
+ s.add_dependency(%q<rails>, [">= 3.0.0"])
198
+ s.add_dependency(%q<rspec>, ["~> 2.3.0"])
199
+ s.add_dependency(%q<rspec-rails>, [">= 0"])
200
+ s.add_dependency(%q<ruby-debug19>, [">= 0"])
201
+ s.add_dependency(%q<sqlite3-ruby>, [">= 0"])
202
+ s.add_dependency(%q<yard>, ["~> 0.6.0"])
203
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
204
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
205
+ s.add_dependency(%q<simplecov>, [">= 0.3.8"])
206
+ s.add_dependency(%q<bcrypt-ruby>, ["~> 2.1.4"])
207
+ end
208
+ else
209
+ s.add_dependency(%q<rails>, [">= 3.0.0"])
210
+ s.add_dependency(%q<rspec>, ["~> 2.3.0"])
211
+ s.add_dependency(%q<rspec-rails>, [">= 0"])
212
+ s.add_dependency(%q<ruby-debug19>, [">= 0"])
213
+ s.add_dependency(%q<sqlite3-ruby>, [">= 0"])
214
+ s.add_dependency(%q<yard>, ["~> 0.6.0"])
215
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
216
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
217
+ s.add_dependency(%q<simplecov>, [">= 0.3.8"])
218
+ s.add_dependency(%q<bcrypt-ruby>, ["~> 2.1.4"])
219
+ end
220
+ end
221
+
data/spec/Gemfile CHANGED
@@ -2,7 +2,7 @@ source 'http://rubygems.org'
2
2
 
3
3
  gem "rails", '3.0.3'
4
4
  gem 'bcrypt-ruby', :require => 'bcrypt'
5
- gem "sorcery", '0.1.0', :path => '../../../'
5
+ gem "sorcery", '0.1.3', :path => '../../../'
6
6
 
7
7
  group :development do
8
8
  gem 'rspec'
data/spec/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../../../
3
3
  specs:
4
- sorcery (0.1.0)
4
+ sorcery (0.1.3)
5
5
 
6
6
  GEM
7
7
  remote: http://rubygems.org/
@@ -105,4 +105,4 @@ DEPENDENCIES
105
105
  rspec
106
106
  ruby-debug19
107
107
  simplecov (>= 0.3.8)
108
- sorcery (= 0.1.0)!
108
+ sorcery (= 0.1.3)!
data/spec/rails3/Gemfile CHANGED
@@ -2,8 +2,9 @@ source 'http://rubygems.org'
2
2
 
3
3
  gem 'rails', '3.0.3'
4
4
  gem 'sqlite3-ruby', :require => 'sqlite3'
5
- gem "sorcery", '0.1.0', :path => '../../../'
6
-
5
+ gem "sorcery", '0.1.3', :path => '../../../'
6
+ gem 'bcrypt-ruby', '~> 2.1.4', :require => 'bcrypt'
7
+
7
8
  group :development do
8
9
  gem 'rspec'
9
10
  gem 'rspec-rails'
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../../../
3
3
  specs:
4
- sorcery (0.1.0)
4
+ sorcery (0.1.3)
5
5
 
6
6
  GEM
7
7
  remote: http://rubygems.org/
@@ -35,6 +35,7 @@ GEM
35
35
  activesupport (3.0.3)
36
36
  archive-tar-minitar (0.5.2)
37
37
  arel (2.0.6)
38
+ bcrypt-ruby (2.1.4)
38
39
  builder (2.1.2)
39
40
  columnize (0.3.2)
40
41
  diff-lcs (1.1.2)
@@ -105,10 +106,11 @@ PLATFORMS
105
106
  ruby
106
107
 
107
108
  DEPENDENCIES
109
+ bcrypt-ruby (~> 2.1.4)
108
110
  rails (= 3.0.3)
109
111
  rspec
110
112
  rspec-rails
111
113
  ruby-debug19
112
114
  simplecov (>= 0.3.8)
113
- sorcery (= 0.1.0)!
115
+ sorcery (= 0.1.3)!
114
116
  sqlite3-ruby
@@ -2,7 +2,8 @@ class ApplicationController < ActionController::Base
2
2
  protect_from_forgery
3
3
 
4
4
  #before_filter :validate_session, :only => [:test_should_be_logged_in] if defined?(:validate_session)
5
- before_filter :require_user_login, :only => [:test_logout, :test_should_be_logged_in, :some_action]
5
+ before_filter :require_login_from_http_basic, :only => [:test_http_basic_auth]
6
+ before_filter :require_login, :only => [:test_logout, :test_should_be_logged_in, :some_action]
6
7
 
7
8
  def index
8
9
  render :text => ""
@@ -54,6 +55,10 @@ class ApplicationController < ActionController::Base
54
55
  render :text => ""
55
56
  end
56
57
 
58
+ def test_http_basic_auth
59
+ render :text => "HTTP Basic Auth"
60
+ end
61
+
57
62
  protected
58
63
 
59
64
 
@@ -8,6 +8,7 @@ AppRoot::Application.routes.draw do
8
8
  match '/test_login_with_remember_in_login', :to => 'application#test_login_with_remember_in_login'
9
9
  match '/test_login_from_cookie', :to => 'application#test_login_from_cookie'
10
10
  match '/test_should_be_logged_in', :to => 'application#test_should_be_logged_in'
11
+ match '/test_http_basic_auth', :to => 'application#test_http_basic_auth'
11
12
  # The priority is based upon order of creation:
12
13
  # first created -> highest priority.
13
14
 
@@ -0,0 +1,17 @@
1
+ class AddActivityLoggingToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :last_login_at, :datetime, :default => nil
4
+ add_column :users, :last_logout_at, :datetime, :default => nil
5
+ add_column :users, :last_activity_at, :datetime, :default => nil
6
+
7
+ add_index :users, [:last_logout_at, :last_activity_at]
8
+ end
9
+
10
+ def self.down
11
+ remove_index :users, [:last_logout_at, :last_activity_at]
12
+
13
+ remove_column :users, :last_activity_at
14
+ remove_column :users, :last_logout_at
15
+ remove_column :users, :last_login_at
16
+ end
17
+ end
@@ -0,0 +1,11 @@
1
+ class AddBruteForceProtectionToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :failed_logins_count, :integer, :default => 0
4
+ add_column :users, :lock_expires_at, :datetime, :default => nil
5
+ end
6
+
7
+ def self.down
8
+ remove_column :users, :lock_expires_at
9
+ remove_column :users, :failed_logins_count
10
+ end
11
+ end
@@ -0,0 +1,13 @@
1
+ class AddResetPasswordToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :reset_password_token, :string, :default => nil
4
+ add_column :users, :reset_password_token_expires_at, :datetime, :default => nil
5
+ add_column :users, :reset_password_email_sent_at, :datetime, :default => nil
6
+ end
7
+
8
+ def self.down
9
+ remove_column :users, :reset_password_email_sent_at
10
+ remove_column :users, :reset_password_token_expires_at
11
+ remove_column :users, :reset_password_token
12
+ end
13
+ end