sorcery 0.1.0 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +1 -2
- data/LICENSE.txt +1 -1
- data/README.rdoc +55 -42
- data/Rakefile +2 -12
- data/VERSION +1 -1
- data/lib/sorcery/controller/submodules/activity_logging.rb +45 -0
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +8 -69
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +60 -0
- data/lib/sorcery/controller/submodules/session_timeout.rb +4 -1
- data/lib/sorcery/controller.rb +13 -7
- data/lib/sorcery/crypto_providers/bcrypt.rb +2 -6
- data/lib/sorcery/model/submodules/activity_logging.rb +35 -0
- data/lib/sorcery/model/submodules/brute_force_protection.rb +72 -0
- data/lib/sorcery/model/submodules/remember_me.rb +3 -1
- data/lib/sorcery/model/submodules/reset_password.rb +93 -0
- data/lib/sorcery/model/submodules/user_activation.rb +8 -6
- data/lib/sorcery/model.rb +14 -8
- data/lib/sorcery.rb +5 -1
- data/sorcery.gemspec +221 -0
- data/spec/Gemfile +1 -1
- data/spec/Gemfile.lock +2 -2
- data/spec/rails3/Gemfile +3 -2
- data/spec/rails3/Gemfile.lock +4 -2
- data/spec/rails3/app_root/app/controllers/application_controller.rb +6 -1
- data/spec/rails3/app_root/config/routes.rb +1 -0
- data/spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
- data/spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
- data/spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
- data/spec/rails3/controller_activity_logging_spec.rb +84 -0
- data/spec/rails3/controller_brute_force_protection_spec.rb +24 -41
- data/spec/rails3/controller_http_basic_auth_spec.rb +50 -0
- data/spec/rails3/controller_session_timeout_spec.rb +1 -0
- data/spec/rails3/controller_spec.rb +3 -3
- data/spec/rails3/spec_helper.rb +39 -19
- data/spec/rails3/user_activation_spec.rb +7 -7
- data/spec/rails3/user_activity_logging_spec.rb +36 -0
- data/spec/rails3/user_brute_force_protection_spec.rb +76 -0
- data/spec/rails3/user_reset_password_spec.rb +198 -0
- data/spec/rails3/user_spec.rb +8 -4
- metadata +40 -64
- data/features/support/env.rb +0 -13
- data/lib/sorcery/model/submodules/password_reset.rb +0 -64
- data/spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb +0 -9
- data/spec/rails3/user_password_reset_spec.rb +0 -76
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
module Sorcery
|
|
2
|
+
module Model
|
|
3
|
+
module Submodules
|
|
4
|
+
# This submodule adds the ability to reset password via email confirmation.
|
|
5
|
+
module ResetPassword
|
|
6
|
+
def self.included(base)
|
|
7
|
+
base.sorcery_config.class_eval do
|
|
8
|
+
attr_accessor :reset_password_token_attribute_name, # reset password code attribute name.
|
|
9
|
+
:reset_password_token_expires_at_attribute_name, # expires at attribute name.
|
|
10
|
+
:reset_password_email_sent_at_attribute_name, # when was email sent, used for hammering protection.
|
|
11
|
+
:reset_password_mailer, # mailer class. Needed.
|
|
12
|
+
:reset_password_email_method_name, # reset password email method on your mailer class.
|
|
13
|
+
:reset_password_expiration_period, # how many seconds before the reset request expires. nil for never expires.
|
|
14
|
+
:reset_password_time_between_emails # hammering protection, how long to wait before allowing another email to be sent.
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
base.sorcery_config.instance_eval do
|
|
19
|
+
@defaults.merge!(:@reset_password_token_attribute_name => :reset_password_token,
|
|
20
|
+
:@reset_password_token_expires_at_attribute_name => :reset_password_token_expires_at,
|
|
21
|
+
:@reset_password_email_sent_at_attribute_name => :reset_password_email_sent_at,
|
|
22
|
+
:@reset_password_mailer => nil,
|
|
23
|
+
:@reset_password_email_method_name => :reset_password_email,
|
|
24
|
+
:@reset_password_expiration_period => nil,
|
|
25
|
+
:@reset_password_time_between_emails => 5.minutes )
|
|
26
|
+
|
|
27
|
+
reset!
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
base.sorcery_config.after_config << :validate_mailer_defined
|
|
31
|
+
|
|
32
|
+
base.extend(ClassMethods)
|
|
33
|
+
base.send(:include, InstanceMethods)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
module ClassMethods
|
|
37
|
+
|
|
38
|
+
def load_from_reset_password_token(token)
|
|
39
|
+
return nil if token.blank?
|
|
40
|
+
user = where("#{@sorcery_config.reset_password_token_attribute_name} = ?", token).first
|
|
41
|
+
if !user.blank? && !@sorcery_config.reset_password_expiration_period.nil?
|
|
42
|
+
return user.reset_password_token_valid? ? user : nil
|
|
43
|
+
end
|
|
44
|
+
user
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
protected
|
|
48
|
+
|
|
49
|
+
def validate_mailer_defined
|
|
50
|
+
msg = "To use reset_password submodule, you must define a mailer (config.reset_password_mailer = YourMailerClass)."
|
|
51
|
+
raise ArgumentError, msg if @sorcery_config.reset_password_mailer == nil
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
module InstanceMethods
|
|
57
|
+
# generates a reset code with expiration and sends an email to the user.
|
|
58
|
+
def deliver_reset_password_instructions!
|
|
59
|
+
config = sorcery_config
|
|
60
|
+
# hammering protection
|
|
61
|
+
return if config.reset_password_time_between_emails && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.ago.utc
|
|
62
|
+
self.send(:"#{config.reset_password_token_attribute_name}=", generate_random_code)
|
|
63
|
+
self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", Time.now.utc + config.reset_password_expiration_period) if config.reset_password_expiration_period
|
|
64
|
+
self.send(:"#{config.reset_password_email_sent_at_attribute_name}=", Time.now.utc)
|
|
65
|
+
self.class.transaction do
|
|
66
|
+
self.save!(:validate => false)
|
|
67
|
+
generic_send_email(:reset_password_email_method_name, :reset_password_mailer)
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def reset_password!(params)
|
|
72
|
+
clear_reset_password_token
|
|
73
|
+
update_attributes(params)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def reset_password_token_valid?
|
|
77
|
+
config = sorcery_config
|
|
78
|
+
config.reset_password_expiration_period ? Time.now.utc < self.send(config.reset_password_token_expires_at_attribute_name) : true
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
protected
|
|
82
|
+
|
|
83
|
+
def clear_reset_password_token
|
|
84
|
+
config = sorcery_config
|
|
85
|
+
self.send(:"#{config.reset_password_token_attribute_name}=", nil)
|
|
86
|
+
self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", nil) if config.reset_password_expiration_period
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
@@ -10,7 +10,7 @@ module Sorcery
|
|
|
10
10
|
base.sorcery_config.class_eval do
|
|
11
11
|
attr_accessor :activation_state_attribute_name, # the attribute name to hold activation state (active/pending).
|
|
12
12
|
:activation_code_attribute_name, # the attribute name to hold activation code (sent by email).
|
|
13
|
-
:
|
|
13
|
+
:user_activation_mailer, # your mailer class. Needed.
|
|
14
14
|
:activation_needed_email_method_name, # activation needed email method on your mailer class.
|
|
15
15
|
:activation_success_email_method_name, # activation success email method on your mailer class.
|
|
16
16
|
:prevent_non_active_users_to_login # do you want to prevent or allow users that did not activate by email to login?
|
|
@@ -19,7 +19,7 @@ module Sorcery
|
|
|
19
19
|
base.sorcery_config.instance_eval do
|
|
20
20
|
@defaults.merge!(:@activation_state_attribute_name => :activation_state,
|
|
21
21
|
:@activation_code_attribute_name => :activation_code,
|
|
22
|
-
:@
|
|
22
|
+
:@user_activation_mailer => nil,
|
|
23
23
|
:@activation_needed_email_method_name => :activation_needed_email,
|
|
24
24
|
:@activation_success_email_method_name => :activation_success_email,
|
|
25
25
|
:@prevent_non_active_users_to_login => true)
|
|
@@ -40,9 +40,11 @@ module Sorcery
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
module ClassMethods
|
|
43
|
+
protected
|
|
44
|
+
|
|
43
45
|
def validate_mailer_defined
|
|
44
|
-
msg = "To use user_activation submodule, you must define a mailer (config.
|
|
45
|
-
raise ArgumentError, msg if @sorcery_config.
|
|
46
|
+
msg = "To use user_activation submodule, you must define a mailer (config.user_activation_mailer = YourMailerClass)."
|
|
47
|
+
raise ArgumentError, msg if @sorcery_config.user_activation_mailer == nil
|
|
46
48
|
end
|
|
47
49
|
end
|
|
48
50
|
|
|
@@ -65,11 +67,11 @@ module Sorcery
|
|
|
65
67
|
end
|
|
66
68
|
|
|
67
69
|
def send_activation_needed_email!
|
|
68
|
-
generic_send_email(:activation_needed_email_method_name) unless sorcery_config.activation_needed_email_method_name.nil?
|
|
70
|
+
generic_send_email(:activation_needed_email_method_name, :user_activation_mailer) unless sorcery_config.activation_needed_email_method_name.nil?
|
|
69
71
|
end
|
|
70
72
|
|
|
71
73
|
def send_activation_success_email!
|
|
72
|
-
generic_send_email(:activation_success_email_method_name) unless sorcery_config.activation_success_email_method_name.nil?
|
|
74
|
+
generic_send_email(:activation_success_email_method_name, :user_activation_mailer) unless sorcery_config.activation_success_email_method_name.nil?
|
|
73
75
|
end
|
|
74
76
|
|
|
75
77
|
def prevent_non_active_login
|
data/lib/sorcery/model.rb
CHANGED
|
@@ -52,10 +52,16 @@ module Sorcery
|
|
|
52
52
|
def authenticate(*credentials)
|
|
53
53
|
raise ArgumentError, "at least 2 arguments required" if credentials.size < 2
|
|
54
54
|
user = where("#{@sorcery_config.username_attribute_name} = ?", credentials[0]).first
|
|
55
|
-
|
|
56
|
-
user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && (user.send(@sorcery_config.crypted_password_attribute_name)
|
|
55
|
+
_salt = user.send(@sorcery_config.salt_attribute_name) if user && !@sorcery_config.salt_attribute_name.nil? && !@sorcery_config.encryption_provider.nil?
|
|
56
|
+
user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && credentials_match?(user.send(@sorcery_config.crypted_password_attribute_name),credentials[1],_salt)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def credentials_match?(crypted, *tokens)
|
|
60
|
+
return crypted == tokens.join if @sorcery_config.encryption_provider.nil?
|
|
61
|
+
@sorcery_config.encryption_provider.matches?(crypted, *tokens)
|
|
57
62
|
end
|
|
58
63
|
|
|
64
|
+
# encrypt tokens using current encryption_provider.
|
|
59
65
|
def encrypt(*tokens)
|
|
60
66
|
return tokens.first if @sorcery_config.encryption_provider.nil?
|
|
61
67
|
|
|
@@ -78,8 +84,8 @@ module Sorcery
|
|
|
78
84
|
# encrypts password with salt and save it.
|
|
79
85
|
def encrypt_password
|
|
80
86
|
config = sorcery_config
|
|
81
|
-
self.send(:"#{config.salt_attribute_name}=", generate_random_code) if !config.salt_attribute_name.nil?
|
|
82
|
-
self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),
|
|
87
|
+
new_salt = self.send(:"#{config.salt_attribute_name}=", generate_random_code) if !config.salt_attribute_name.nil?
|
|
88
|
+
self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),new_salt))
|
|
83
89
|
end
|
|
84
90
|
|
|
85
91
|
def clear_virtual_password
|
|
@@ -89,10 +95,10 @@ module Sorcery
|
|
|
89
95
|
|
|
90
96
|
# calls the requested email method on the configured mailer
|
|
91
97
|
# supports both the ActionMailer 3 way of calling, and the plain old Ruby object way.
|
|
92
|
-
def generic_send_email(method)
|
|
98
|
+
def generic_send_email(method, mailer)
|
|
93
99
|
config = sorcery_config
|
|
94
|
-
mail = config.
|
|
95
|
-
if defined?(ActionMailer) and config.
|
|
100
|
+
mail = config.send(mailer).send(config.send(method),self)
|
|
101
|
+
if defined?(ActionMailer) and config.send(mailer).superclass == ActionMailer::Base
|
|
96
102
|
mail.deliver
|
|
97
103
|
end
|
|
98
104
|
end
|
|
@@ -131,7 +137,7 @@ module Sorcery
|
|
|
131
137
|
:@password_attribute_name => :password,
|
|
132
138
|
:@email_attribute_name => :email,
|
|
133
139
|
:@crypted_password_attribute_name => :crypted_password,
|
|
134
|
-
:@encryption_algorithm => :
|
|
140
|
+
:@encryption_algorithm => :bcrypt,
|
|
135
141
|
:@encryption_provider => CryptoProviders::BCrypt,
|
|
136
142
|
:@custom_encryption_provider => nil,
|
|
137
143
|
:@encryption_key => nil,
|
data/lib/sorcery.rb
CHANGED
|
@@ -3,8 +3,10 @@ module Sorcery
|
|
|
3
3
|
module Model
|
|
4
4
|
module Submodules
|
|
5
5
|
autoload :UserActivation, 'sorcery/model/submodules/user_activation'
|
|
6
|
-
autoload :
|
|
6
|
+
autoload :ResetPassword, 'sorcery/model/submodules/reset_password'
|
|
7
7
|
autoload :RememberMe, 'sorcery/model/submodules/remember_me'
|
|
8
|
+
autoload :ActivityLogging, 'sorcery/model/submodules/activity_logging'
|
|
9
|
+
autoload :BruteForceProtection, 'sorcery/model/submodules/brute_force_protection'
|
|
8
10
|
end
|
|
9
11
|
end
|
|
10
12
|
autoload :Controller, 'sorcery/controller'
|
|
@@ -13,6 +15,8 @@ module Sorcery
|
|
|
13
15
|
autoload :RememberMe, 'sorcery/controller/submodules/remember_me'
|
|
14
16
|
autoload :SessionTimeout, 'sorcery/controller/submodules/session_timeout'
|
|
15
17
|
autoload :BruteForceProtection, 'sorcery/controller/submodules/brute_force_protection'
|
|
18
|
+
autoload :HttpBasicAuth, 'sorcery/controller/submodules/http_basic_auth'
|
|
19
|
+
autoload :ActivityLogging, 'sorcery/controller/submodules/activity_logging'
|
|
16
20
|
end
|
|
17
21
|
end
|
|
18
22
|
module CryptoProviders
|
data/sorcery.gemspec
ADDED
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
# Generated by jeweler
|
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
|
+
# -*- encoding: utf-8 -*-
|
|
5
|
+
|
|
6
|
+
Gem::Specification.new do |s|
|
|
7
|
+
s.name = %q{sorcery}
|
|
8
|
+
s.version = "0.1.4"
|
|
9
|
+
|
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
|
+
s.authors = ["Noam Ben Ari"]
|
|
12
|
+
s.date = %q{2011-02-19}
|
|
13
|
+
s.description = %q{Provides common authentication needs such as signing in/out, activating by email and resetting password.}
|
|
14
|
+
s.email = %q{nbenari@gmail.com}
|
|
15
|
+
s.extra_rdoc_files = [
|
|
16
|
+
"LICENSE.txt",
|
|
17
|
+
"README.rdoc"
|
|
18
|
+
]
|
|
19
|
+
s.files = [
|
|
20
|
+
".document",
|
|
21
|
+
".rspec",
|
|
22
|
+
"Gemfile",
|
|
23
|
+
"Gemfile.lock",
|
|
24
|
+
"LICENSE.txt",
|
|
25
|
+
"README.rdoc",
|
|
26
|
+
"Rakefile",
|
|
27
|
+
"VERSION",
|
|
28
|
+
"lib/sorcery.rb",
|
|
29
|
+
"lib/sorcery/controller.rb",
|
|
30
|
+
"lib/sorcery/controller/submodules/activity_logging.rb",
|
|
31
|
+
"lib/sorcery/controller/submodules/brute_force_protection.rb",
|
|
32
|
+
"lib/sorcery/controller/submodules/http_basic_auth.rb",
|
|
33
|
+
"lib/sorcery/controller/submodules/remember_me.rb",
|
|
34
|
+
"lib/sorcery/controller/submodules/session_timeout.rb",
|
|
35
|
+
"lib/sorcery/crypto_providers/aes256.rb",
|
|
36
|
+
"lib/sorcery/crypto_providers/bcrypt.rb",
|
|
37
|
+
"lib/sorcery/crypto_providers/md5.rb",
|
|
38
|
+
"lib/sorcery/crypto_providers/sha1.rb",
|
|
39
|
+
"lib/sorcery/crypto_providers/sha256.rb",
|
|
40
|
+
"lib/sorcery/crypto_providers/sha512.rb",
|
|
41
|
+
"lib/sorcery/engine.rb",
|
|
42
|
+
"lib/sorcery/model.rb",
|
|
43
|
+
"lib/sorcery/model/submodules/activity_logging.rb",
|
|
44
|
+
"lib/sorcery/model/submodules/brute_force_protection.rb",
|
|
45
|
+
"lib/sorcery/model/submodules/remember_me.rb",
|
|
46
|
+
"lib/sorcery/model/submodules/reset_password.rb",
|
|
47
|
+
"lib/sorcery/model/submodules/user_activation.rb",
|
|
48
|
+
"sorcery.gemspec",
|
|
49
|
+
"spec/Gemfile",
|
|
50
|
+
"spec/Gemfile.lock",
|
|
51
|
+
"spec/Rakefile",
|
|
52
|
+
"spec/rails3/.rspec",
|
|
53
|
+
"spec/rails3/Gemfile",
|
|
54
|
+
"spec/rails3/Gemfile.lock",
|
|
55
|
+
"spec/rails3/Rakefile",
|
|
56
|
+
"spec/rails3/app_root/.gitignore",
|
|
57
|
+
"spec/rails3/app_root/README",
|
|
58
|
+
"spec/rails3/app_root/Rakefile.unused",
|
|
59
|
+
"spec/rails3/app_root/app/controllers/application_controller.rb",
|
|
60
|
+
"spec/rails3/app_root/app/helpers/application_helper.rb",
|
|
61
|
+
"spec/rails3/app_root/app/mailers/sorcery_mailer.rb",
|
|
62
|
+
"spec/rails3/app_root/app/models/user.rb",
|
|
63
|
+
"spec/rails3/app_root/app/views/layouts/application.html.erb",
|
|
64
|
+
"spec/rails3/app_root/app/views/sorcery_mailer/activation_email.html.erb",
|
|
65
|
+
"spec/rails3/app_root/app/views/sorcery_mailer/activation_email.text.erb",
|
|
66
|
+
"spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.html.erb",
|
|
67
|
+
"spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.text.erb",
|
|
68
|
+
"spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.html.erb",
|
|
69
|
+
"spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.text.erb",
|
|
70
|
+
"spec/rails3/app_root/config.ru",
|
|
71
|
+
"spec/rails3/app_root/config/application.rb",
|
|
72
|
+
"spec/rails3/app_root/config/boot.rb",
|
|
73
|
+
"spec/rails3/app_root/config/database.yml",
|
|
74
|
+
"spec/rails3/app_root/config/environment.rb",
|
|
75
|
+
"spec/rails3/app_root/config/environments/development.rb",
|
|
76
|
+
"spec/rails3/app_root/config/environments/in_memory.rb",
|
|
77
|
+
"spec/rails3/app_root/config/environments/production.rb",
|
|
78
|
+
"spec/rails3/app_root/config/environments/test.rb",
|
|
79
|
+
"spec/rails3/app_root/config/initializers/backtrace_silencers.rb",
|
|
80
|
+
"spec/rails3/app_root/config/initializers/inflections.rb",
|
|
81
|
+
"spec/rails3/app_root/config/initializers/mime_types.rb",
|
|
82
|
+
"spec/rails3/app_root/config/initializers/secret_token.rb",
|
|
83
|
+
"spec/rails3/app_root/config/initializers/session_store.rb",
|
|
84
|
+
"spec/rails3/app_root/config/locales/en.yml",
|
|
85
|
+
"spec/rails3/app_root/config/routes.rb",
|
|
86
|
+
"spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb",
|
|
87
|
+
"spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb",
|
|
88
|
+
"spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb",
|
|
89
|
+
"spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb",
|
|
90
|
+
"spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb",
|
|
91
|
+
"spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb",
|
|
92
|
+
"spec/rails3/app_root/db/schema.rb",
|
|
93
|
+
"spec/rails3/app_root/db/seeds.rb",
|
|
94
|
+
"spec/rails3/app_root/lib/tasks/.gitkeep",
|
|
95
|
+
"spec/rails3/app_root/public/404.html",
|
|
96
|
+
"spec/rails3/app_root/public/422.html",
|
|
97
|
+
"spec/rails3/app_root/public/500.html",
|
|
98
|
+
"spec/rails3/app_root/public/favicon.ico",
|
|
99
|
+
"spec/rails3/app_root/public/images/rails.png",
|
|
100
|
+
"spec/rails3/app_root/public/index.html",
|
|
101
|
+
"spec/rails3/app_root/public/javascripts/application.js",
|
|
102
|
+
"spec/rails3/app_root/public/javascripts/controls.js",
|
|
103
|
+
"spec/rails3/app_root/public/javascripts/dragdrop.js",
|
|
104
|
+
"spec/rails3/app_root/public/javascripts/effects.js",
|
|
105
|
+
"spec/rails3/app_root/public/javascripts/prototype.js",
|
|
106
|
+
"spec/rails3/app_root/public/javascripts/rails.js",
|
|
107
|
+
"spec/rails3/app_root/public/robots.txt",
|
|
108
|
+
"spec/rails3/app_root/public/stylesheets/.gitkeep",
|
|
109
|
+
"spec/rails3/app_root/script/rails",
|
|
110
|
+
"spec/rails3/app_root/test/fixtures/users.yml",
|
|
111
|
+
"spec/rails3/app_root/test/performance/browsing_test.rb",
|
|
112
|
+
"spec/rails3/app_root/test/test_helper.rb",
|
|
113
|
+
"spec/rails3/app_root/test/unit/user_test.rb",
|
|
114
|
+
"spec/rails3/app_root/vendor/plugins/.gitkeep",
|
|
115
|
+
"spec/rails3/controller_activity_logging_spec.rb",
|
|
116
|
+
"spec/rails3/controller_brute_force_protection_spec.rb",
|
|
117
|
+
"spec/rails3/controller_http_basic_auth_spec.rb",
|
|
118
|
+
"spec/rails3/controller_remember_me_spec.rb",
|
|
119
|
+
"spec/rails3/controller_session_timeout_spec.rb",
|
|
120
|
+
"spec/rails3/controller_spec.rb",
|
|
121
|
+
"spec/rails3/spec_helper.rb",
|
|
122
|
+
"spec/rails3/user_activation_spec.rb",
|
|
123
|
+
"spec/rails3/user_activity_logging_spec.rb",
|
|
124
|
+
"spec/rails3/user_brute_force_protection_spec.rb",
|
|
125
|
+
"spec/rails3/user_remember_me_spec.rb",
|
|
126
|
+
"spec/rails3/user_reset_password_spec.rb",
|
|
127
|
+
"spec/rails3/user_spec.rb",
|
|
128
|
+
"spec/sorcery_crypto_providers_spec.rb",
|
|
129
|
+
"spec/spec_helper.rb"
|
|
130
|
+
]
|
|
131
|
+
s.homepage = %q{http://github.com/NoamB/sorcery}
|
|
132
|
+
s.licenses = ["MIT"]
|
|
133
|
+
s.require_paths = ["lib"]
|
|
134
|
+
s.rubygems_version = %q{1.5.0}
|
|
135
|
+
s.summary = %q{Magical authentication for Rails 3 applications}
|
|
136
|
+
s.test_files = [
|
|
137
|
+
"spec/rails3/app_root/app/controllers/application_controller.rb",
|
|
138
|
+
"spec/rails3/app_root/app/helpers/application_helper.rb",
|
|
139
|
+
"spec/rails3/app_root/app/mailers/sorcery_mailer.rb",
|
|
140
|
+
"spec/rails3/app_root/app/models/user.rb",
|
|
141
|
+
"spec/rails3/app_root/config/application.rb",
|
|
142
|
+
"spec/rails3/app_root/config/boot.rb",
|
|
143
|
+
"spec/rails3/app_root/config/environment.rb",
|
|
144
|
+
"spec/rails3/app_root/config/environments/development.rb",
|
|
145
|
+
"spec/rails3/app_root/config/environments/in_memory.rb",
|
|
146
|
+
"spec/rails3/app_root/config/environments/production.rb",
|
|
147
|
+
"spec/rails3/app_root/config/environments/test.rb",
|
|
148
|
+
"spec/rails3/app_root/config/initializers/backtrace_silencers.rb",
|
|
149
|
+
"spec/rails3/app_root/config/initializers/inflections.rb",
|
|
150
|
+
"spec/rails3/app_root/config/initializers/mime_types.rb",
|
|
151
|
+
"spec/rails3/app_root/config/initializers/secret_token.rb",
|
|
152
|
+
"spec/rails3/app_root/config/initializers/session_store.rb",
|
|
153
|
+
"spec/rails3/app_root/config/routes.rb",
|
|
154
|
+
"spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb",
|
|
155
|
+
"spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb",
|
|
156
|
+
"spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb",
|
|
157
|
+
"spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb",
|
|
158
|
+
"spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb",
|
|
159
|
+
"spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb",
|
|
160
|
+
"spec/rails3/app_root/db/schema.rb",
|
|
161
|
+
"spec/rails3/app_root/db/seeds.rb",
|
|
162
|
+
"spec/rails3/app_root/test/performance/browsing_test.rb",
|
|
163
|
+
"spec/rails3/app_root/test/test_helper.rb",
|
|
164
|
+
"spec/rails3/app_root/test/unit/user_test.rb",
|
|
165
|
+
"spec/rails3/controller_activity_logging_spec.rb",
|
|
166
|
+
"spec/rails3/controller_brute_force_protection_spec.rb",
|
|
167
|
+
"spec/rails3/controller_http_basic_auth_spec.rb",
|
|
168
|
+
"spec/rails3/controller_remember_me_spec.rb",
|
|
169
|
+
"spec/rails3/controller_session_timeout_spec.rb",
|
|
170
|
+
"spec/rails3/controller_spec.rb",
|
|
171
|
+
"spec/rails3/spec_helper.rb",
|
|
172
|
+
"spec/rails3/user_activation_spec.rb",
|
|
173
|
+
"spec/rails3/user_activity_logging_spec.rb",
|
|
174
|
+
"spec/rails3/user_brute_force_protection_spec.rb",
|
|
175
|
+
"spec/rails3/user_remember_me_spec.rb",
|
|
176
|
+
"spec/rails3/user_reset_password_spec.rb",
|
|
177
|
+
"spec/rails3/user_spec.rb",
|
|
178
|
+
"spec/sorcery_crypto_providers_spec.rb",
|
|
179
|
+
"spec/spec_helper.rb"
|
|
180
|
+
]
|
|
181
|
+
|
|
182
|
+
if s.respond_to? :specification_version then
|
|
183
|
+
s.specification_version = 3
|
|
184
|
+
|
|
185
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
186
|
+
s.add_development_dependency(%q<rails>, [">= 3.0.0"])
|
|
187
|
+
s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
|
|
188
|
+
s.add_development_dependency(%q<rspec-rails>, [">= 0"])
|
|
189
|
+
s.add_development_dependency(%q<ruby-debug19>, [">= 0"])
|
|
190
|
+
s.add_development_dependency(%q<sqlite3-ruby>, [">= 0"])
|
|
191
|
+
s.add_development_dependency(%q<yard>, ["~> 0.6.0"])
|
|
192
|
+
s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
193
|
+
s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
|
|
194
|
+
s.add_development_dependency(%q<simplecov>, [">= 0.3.8"])
|
|
195
|
+
s.add_runtime_dependency(%q<bcrypt-ruby>, ["~> 2.1.4"])
|
|
196
|
+
else
|
|
197
|
+
s.add_dependency(%q<rails>, [">= 3.0.0"])
|
|
198
|
+
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
|
199
|
+
s.add_dependency(%q<rspec-rails>, [">= 0"])
|
|
200
|
+
s.add_dependency(%q<ruby-debug19>, [">= 0"])
|
|
201
|
+
s.add_dependency(%q<sqlite3-ruby>, [">= 0"])
|
|
202
|
+
s.add_dependency(%q<yard>, ["~> 0.6.0"])
|
|
203
|
+
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
204
|
+
s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
|
|
205
|
+
s.add_dependency(%q<simplecov>, [">= 0.3.8"])
|
|
206
|
+
s.add_dependency(%q<bcrypt-ruby>, ["~> 2.1.4"])
|
|
207
|
+
end
|
|
208
|
+
else
|
|
209
|
+
s.add_dependency(%q<rails>, [">= 3.0.0"])
|
|
210
|
+
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
|
211
|
+
s.add_dependency(%q<rspec-rails>, [">= 0"])
|
|
212
|
+
s.add_dependency(%q<ruby-debug19>, [">= 0"])
|
|
213
|
+
s.add_dependency(%q<sqlite3-ruby>, [">= 0"])
|
|
214
|
+
s.add_dependency(%q<yard>, ["~> 0.6.0"])
|
|
215
|
+
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
216
|
+
s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
|
|
217
|
+
s.add_dependency(%q<simplecov>, [">= 0.3.8"])
|
|
218
|
+
s.add_dependency(%q<bcrypt-ruby>, ["~> 2.1.4"])
|
|
219
|
+
end
|
|
220
|
+
end
|
|
221
|
+
|
data/spec/Gemfile
CHANGED
data/spec/Gemfile.lock
CHANGED
data/spec/rails3/Gemfile
CHANGED
|
@@ -2,8 +2,9 @@ source 'http://rubygems.org'
|
|
|
2
2
|
|
|
3
3
|
gem 'rails', '3.0.3'
|
|
4
4
|
gem 'sqlite3-ruby', :require => 'sqlite3'
|
|
5
|
-
gem "sorcery", '0.1.
|
|
6
|
-
|
|
5
|
+
gem "sorcery", '0.1.3', :path => '../../../'
|
|
6
|
+
gem 'bcrypt-ruby', '~> 2.1.4', :require => 'bcrypt'
|
|
7
|
+
|
|
7
8
|
group :development do
|
|
8
9
|
gem 'rspec'
|
|
9
10
|
gem 'rspec-rails'
|
data/spec/rails3/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: ../../../
|
|
3
3
|
specs:
|
|
4
|
-
sorcery (0.1.
|
|
4
|
+
sorcery (0.1.3)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: http://rubygems.org/
|
|
@@ -35,6 +35,7 @@ GEM
|
|
|
35
35
|
activesupport (3.0.3)
|
|
36
36
|
archive-tar-minitar (0.5.2)
|
|
37
37
|
arel (2.0.6)
|
|
38
|
+
bcrypt-ruby (2.1.4)
|
|
38
39
|
builder (2.1.2)
|
|
39
40
|
columnize (0.3.2)
|
|
40
41
|
diff-lcs (1.1.2)
|
|
@@ -105,10 +106,11 @@ PLATFORMS
|
|
|
105
106
|
ruby
|
|
106
107
|
|
|
107
108
|
DEPENDENCIES
|
|
109
|
+
bcrypt-ruby (~> 2.1.4)
|
|
108
110
|
rails (= 3.0.3)
|
|
109
111
|
rspec
|
|
110
112
|
rspec-rails
|
|
111
113
|
ruby-debug19
|
|
112
114
|
simplecov (>= 0.3.8)
|
|
113
|
-
sorcery (= 0.1.
|
|
115
|
+
sorcery (= 0.1.3)!
|
|
114
116
|
sqlite3-ruby
|
|
@@ -2,7 +2,8 @@ class ApplicationController < ActionController::Base
|
|
|
2
2
|
protect_from_forgery
|
|
3
3
|
|
|
4
4
|
#before_filter :validate_session, :only => [:test_should_be_logged_in] if defined?(:validate_session)
|
|
5
|
-
before_filter :
|
|
5
|
+
before_filter :require_login_from_http_basic, :only => [:test_http_basic_auth]
|
|
6
|
+
before_filter :require_login, :only => [:test_logout, :test_should_be_logged_in, :some_action]
|
|
6
7
|
|
|
7
8
|
def index
|
|
8
9
|
render :text => ""
|
|
@@ -54,6 +55,10 @@ class ApplicationController < ActionController::Base
|
|
|
54
55
|
render :text => ""
|
|
55
56
|
end
|
|
56
57
|
|
|
58
|
+
def test_http_basic_auth
|
|
59
|
+
render :text => "HTTP Basic Auth"
|
|
60
|
+
end
|
|
61
|
+
|
|
57
62
|
protected
|
|
58
63
|
|
|
59
64
|
|
|
@@ -8,6 +8,7 @@ AppRoot::Application.routes.draw do
|
|
|
8
8
|
match '/test_login_with_remember_in_login', :to => 'application#test_login_with_remember_in_login'
|
|
9
9
|
match '/test_login_from_cookie', :to => 'application#test_login_from_cookie'
|
|
10
10
|
match '/test_should_be_logged_in', :to => 'application#test_should_be_logged_in'
|
|
11
|
+
match '/test_http_basic_auth', :to => 'application#test_http_basic_auth'
|
|
11
12
|
# The priority is based upon order of creation:
|
|
12
13
|
# first created -> highest priority.
|
|
13
14
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
class AddActivityLoggingToUsers < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
add_column :users, :last_login_at, :datetime, :default => nil
|
|
4
|
+
add_column :users, :last_logout_at, :datetime, :default => nil
|
|
5
|
+
add_column :users, :last_activity_at, :datetime, :default => nil
|
|
6
|
+
|
|
7
|
+
add_index :users, [:last_logout_at, :last_activity_at]
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def self.down
|
|
11
|
+
remove_index :users, [:last_logout_at, :last_activity_at]
|
|
12
|
+
|
|
13
|
+
remove_column :users, :last_activity_at
|
|
14
|
+
remove_column :users, :last_logout_at
|
|
15
|
+
remove_column :users, :last_login_at
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
class AddBruteForceProtectionToUsers < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
add_column :users, :failed_logins_count, :integer, :default => 0
|
|
4
|
+
add_column :users, :lock_expires_at, :datetime, :default => nil
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def self.down
|
|
8
|
+
remove_column :users, :lock_expires_at
|
|
9
|
+
remove_column :users, :failed_logins_count
|
|
10
|
+
end
|
|
11
|
+
end
|
data/spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
class AddResetPasswordToUsers < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
add_column :users, :reset_password_token, :string, :default => nil
|
|
4
|
+
add_column :users, :reset_password_token_expires_at, :datetime, :default => nil
|
|
5
|
+
add_column :users, :reset_password_email_sent_at, :datetime, :default => nil
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.down
|
|
9
|
+
remove_column :users, :reset_password_email_sent_at
|
|
10
|
+
remove_column :users, :reset_password_token_expires_at
|
|
11
|
+
remove_column :users, :reset_password_token
|
|
12
|
+
end
|
|
13
|
+
end
|