sorcery 0.1.0 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +1 -2
- data/LICENSE.txt +1 -1
- data/README.rdoc +55 -42
- data/Rakefile +2 -12
- data/VERSION +1 -1
- data/lib/sorcery/controller/submodules/activity_logging.rb +45 -0
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +8 -69
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +60 -0
- data/lib/sorcery/controller/submodules/session_timeout.rb +4 -1
- data/lib/sorcery/controller.rb +13 -7
- data/lib/sorcery/crypto_providers/bcrypt.rb +2 -6
- data/lib/sorcery/model/submodules/activity_logging.rb +35 -0
- data/lib/sorcery/model/submodules/brute_force_protection.rb +72 -0
- data/lib/sorcery/model/submodules/remember_me.rb +3 -1
- data/lib/sorcery/model/submodules/reset_password.rb +93 -0
- data/lib/sorcery/model/submodules/user_activation.rb +8 -6
- data/lib/sorcery/model.rb +14 -8
- data/lib/sorcery.rb +5 -1
- data/sorcery.gemspec +221 -0
- data/spec/Gemfile +1 -1
- data/spec/Gemfile.lock +2 -2
- data/spec/rails3/Gemfile +3 -2
- data/spec/rails3/Gemfile.lock +4 -2
- data/spec/rails3/app_root/app/controllers/application_controller.rb +6 -1
- data/spec/rails3/app_root/config/routes.rb +1 -0
- data/spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
- data/spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
- data/spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
- data/spec/rails3/controller_activity_logging_spec.rb +84 -0
- data/spec/rails3/controller_brute_force_protection_spec.rb +24 -41
- data/spec/rails3/controller_http_basic_auth_spec.rb +50 -0
- data/spec/rails3/controller_session_timeout_spec.rb +1 -0
- data/spec/rails3/controller_spec.rb +3 -3
- data/spec/rails3/spec_helper.rb +39 -19
- data/spec/rails3/user_activation_spec.rb +7 -7
- data/spec/rails3/user_activity_logging_spec.rb +36 -0
- data/spec/rails3/user_brute_force_protection_spec.rb +76 -0
- data/spec/rails3/user_reset_password_spec.rb +198 -0
- data/spec/rails3/user_spec.rb +8 -4
- metadata +40 -64
- data/features/support/env.rb +0 -13
- data/lib/sorcery/model/submodules/password_reset.rb +0 -64
- data/spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb +0 -9
- data/spec/rails3/user_password_reset_spec.rb +0 -76
|
@@ -0,0 +1,198 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
+
|
|
3
|
+
describe "User with reset_password submodule" do
|
|
4
|
+
before(:all) do
|
|
5
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/reset_password")
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
after(:all) do
|
|
9
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/reset_password")
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# ----------------- PLUGIN CONFIGURATION -----------------------
|
|
13
|
+
describe User, "loaded plugin configuration" do
|
|
14
|
+
|
|
15
|
+
before(:all) do
|
|
16
|
+
plugin_model_configure([:reset_password], :reset_password_mailer => ::SorceryMailer)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
after(:each) do
|
|
20
|
+
User.sorcery_config.reset!
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
it "should respond to 'deliver_reset_password_instructions!'" do
|
|
24
|
+
create_new_user
|
|
25
|
+
@user.should respond_to(:deliver_reset_password_instructions!)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
it "should respond to 'reset_password_token_valid?'" do
|
|
29
|
+
create_new_user
|
|
30
|
+
@user.should respond_to(:reset_password_token_valid?)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
it "should respond to 'reset_password!" do
|
|
34
|
+
create_new_user
|
|
35
|
+
@user.should respond_to(:reset_password!)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
it "should respond to 'load_from_reset_password_token'" do
|
|
39
|
+
create_new_user
|
|
40
|
+
User.should respond_to(:load_from_reset_password_token)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
it "should allow configuration option 'reset_password_token_attribute_name'" do
|
|
44
|
+
plugin_set_model_config_property(:reset_password_token_attribute_name, :my_code)
|
|
45
|
+
User.sorcery_config.reset_password_token_attribute_name.should equal(:my_code)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
it "should allow configuration option 'reset_password_mailer'" do
|
|
49
|
+
plugin_set_model_config_property(:reset_password_mailer, TestUser)
|
|
50
|
+
User.sorcery_config.reset_password_mailer.should equal(TestUser)
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
it "should allow configuration option 'reset_password_email_method_name'" do
|
|
54
|
+
plugin_set_model_config_property(:reset_password_email_method_name, :my_mailer_method)
|
|
55
|
+
User.sorcery_config.reset_password_email_method_name.should equal(:my_mailer_method)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
it "should allow configuration option 'reset_password_expiration_period'" do
|
|
59
|
+
plugin_set_model_config_property(:reset_password_expiration_period, 16)
|
|
60
|
+
User.sorcery_config.reset_password_expiration_period.should equal(16)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
it "should allow configuration option 'reset_password_email_sent_at_attribute_name'" do
|
|
64
|
+
plugin_set_model_config_property(:reset_password_email_sent_at_attribute_name, :blabla)
|
|
65
|
+
User.sorcery_config.reset_password_email_sent_at_attribute_name.should equal(:blabla)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
it "should allow configuration option 'reset_password_time_between_emails'" do
|
|
69
|
+
plugin_set_model_config_property(:reset_password_time_between_emails, 16)
|
|
70
|
+
User.sorcery_config.reset_password_time_between_emails.should equal(16)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
# ----------------- PLUGIN ACTIVATED -----------------------
|
|
75
|
+
describe User, "when activated with sorcery" do
|
|
76
|
+
|
|
77
|
+
before(:all) do
|
|
78
|
+
plugin_model_configure([:reset_password], :reset_password_mailer => ::SorceryMailer)
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
before(:each) do
|
|
82
|
+
User.delete_all
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
it "load_from_reset_password_token should return user when token is found" do
|
|
86
|
+
create_new_user
|
|
87
|
+
@user.deliver_reset_password_instructions!
|
|
88
|
+
User.load_from_reset_password_token(@user.reset_password_token).should == @user
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
it "load_from_reset_password_token should NOT return user when token is NOT found" do
|
|
92
|
+
create_new_user
|
|
93
|
+
@user.deliver_reset_password_instructions!
|
|
94
|
+
User.load_from_reset_password_token("a").should == nil
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
it "load_from_reset_password_token should return user when token is found and not expired" do
|
|
98
|
+
create_new_user
|
|
99
|
+
plugin_set_model_config_property(:reset_password_expiration_period, 500)
|
|
100
|
+
@user.deliver_reset_password_instructions!
|
|
101
|
+
User.load_from_reset_password_token(@user.reset_password_token).should == @user
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
it "load_from_reset_password_token should NOT return user when token is found and expired" do
|
|
105
|
+
create_new_user
|
|
106
|
+
plugin_set_model_config_property(:reset_password_expiration_period, 0.1)
|
|
107
|
+
@user.deliver_reset_password_instructions!
|
|
108
|
+
sleep 0.5
|
|
109
|
+
User.load_from_reset_password_token(@user.reset_password_token).should == nil
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
it "load_from_reset_password_token should return nil if token is blank" do
|
|
113
|
+
User.load_from_reset_password_token(nil).should == nil
|
|
114
|
+
User.load_from_reset_password_token("").should == nil
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
it "'deliver_reset_password_instructions!' should generate a reset_password_token" do
|
|
118
|
+
create_new_user
|
|
119
|
+
@user.reset_password_token.should be_nil
|
|
120
|
+
@user.deliver_reset_password_instructions!
|
|
121
|
+
@user.reset_password_token.should_not be_nil
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
it "the reset_password_token should be random" do
|
|
125
|
+
create_new_user
|
|
126
|
+
plugin_set_model_config_property(:reset_password_time_between_emails, 0)
|
|
127
|
+
@user.deliver_reset_password_instructions!
|
|
128
|
+
old_password_code = @user.reset_password_token
|
|
129
|
+
@user.deliver_reset_password_instructions!
|
|
130
|
+
@user.reset_password_token.should_not == old_password_code
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
it "should send an email on reset" do
|
|
134
|
+
create_new_user
|
|
135
|
+
old_size = ActionMailer::Base.deliveries.size
|
|
136
|
+
@user.deliver_reset_password_instructions!
|
|
137
|
+
ActionMailer::Base.deliveries.size.should == old_size + 1
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
it "when reset_password! is called, should delete reset_password_token" do
|
|
141
|
+
create_new_user
|
|
142
|
+
@user.deliver_reset_password_instructions!
|
|
143
|
+
@user.reset_password_token.should_not be_nil
|
|
144
|
+
@user.reset_password!(:password => "blabulsdf")
|
|
145
|
+
@user.save!
|
|
146
|
+
@user.reset_password_token.should be_nil
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
it "code isn't valid if expiration passed" do
|
|
150
|
+
create_new_user
|
|
151
|
+
plugin_set_model_config_property(:reset_password_expiration_period, 0.1)
|
|
152
|
+
@user.deliver_reset_password_instructions!
|
|
153
|
+
sleep 0.5
|
|
154
|
+
@user.reset_password_token_valid?.should == false
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
it "code is valid if it's the same code and expiration period did not pass" do
|
|
158
|
+
create_new_user
|
|
159
|
+
plugin_set_model_config_property(:reset_password_expiration_period, 300)
|
|
160
|
+
@user.deliver_reset_password_instructions!
|
|
161
|
+
@user.reset_password_token_valid?.should == true
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
it "code is valid if it's the same code and expiration period is nil" do
|
|
165
|
+
create_new_user
|
|
166
|
+
plugin_set_model_config_property(:reset_password_expiration_period, nil)
|
|
167
|
+
@user.deliver_reset_password_instructions!
|
|
168
|
+
@user.reset_password_token_valid?.should == true
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
it "should not send an email if time between emails has not passed since last email" do
|
|
172
|
+
create_new_user
|
|
173
|
+
plugin_set_model_config_property(:reset_password_time_between_emails, 10000)
|
|
174
|
+
old_size = ActionMailer::Base.deliveries.size
|
|
175
|
+
@user.deliver_reset_password_instructions!
|
|
176
|
+
ActionMailer::Base.deliveries.size.should == old_size + 1
|
|
177
|
+
@user.deliver_reset_password_instructions!
|
|
178
|
+
ActionMailer::Base.deliveries.size.should == old_size + 1
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
it "should send an email if time between emails has passed since last email" do
|
|
182
|
+
create_new_user
|
|
183
|
+
plugin_set_model_config_property(:reset_password_time_between_emails, 0.5)
|
|
184
|
+
old_size = ActionMailer::Base.deliveries.size
|
|
185
|
+
@user.deliver_reset_password_instructions!
|
|
186
|
+
ActionMailer::Base.deliveries.size.should == old_size + 1
|
|
187
|
+
sleep 0.5
|
|
188
|
+
@user.deliver_reset_password_instructions!
|
|
189
|
+
ActionMailer::Base.deliveries.size.should == old_size + 2
|
|
190
|
+
end
|
|
191
|
+
|
|
192
|
+
it "if mailer is nil on activation, throw exception!" do
|
|
193
|
+
expect{plugin_model_configure([:reset_password])}.to raise_error(ArgumentError)
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
end
|
data/spec/rails3/user_spec.rb
CHANGED
|
@@ -93,7 +93,7 @@ describe "User with no submodules (core)" do
|
|
|
93
93
|
# ----------------- PLUGIN ACTIVATED -----------------------
|
|
94
94
|
describe User, "when activated with sorcery" do
|
|
95
95
|
before(:all) do
|
|
96
|
-
plugin_model_configure
|
|
96
|
+
plugin_model_configure()
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
before(:each) do
|
|
@@ -137,7 +137,7 @@ describe "User with no submodules (core)" do
|
|
|
137
137
|
|
|
138
138
|
it "should encrypt password when a new user is saved" do
|
|
139
139
|
create_new_user
|
|
140
|
-
@user.send(User.sorcery_config.crypted_password_attribute_name)
|
|
140
|
+
User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_true
|
|
141
141
|
end
|
|
142
142
|
|
|
143
143
|
it "should clear the virtual password field if the encryption process worked" do
|
|
@@ -171,14 +171,14 @@ describe "User with no submodules (core)" do
|
|
|
171
171
|
create_new_user
|
|
172
172
|
@user.email = "blup@bla.com"
|
|
173
173
|
@user.save!
|
|
174
|
-
@user.send(User.sorcery_config.crypted_password_attribute_name)
|
|
174
|
+
User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_true
|
|
175
175
|
end
|
|
176
176
|
|
|
177
177
|
it "should replace the crypted_password in case a new password is set" do
|
|
178
178
|
create_new_user
|
|
179
179
|
@user.password = 'new_secret'
|
|
180
180
|
@user.save!
|
|
181
|
-
@user.send(User.sorcery_config.crypted_password_attribute_name)
|
|
181
|
+
User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_false
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
end
|
|
@@ -209,6 +209,10 @@ describe "User with no submodules (core)" do
|
|
|
209
209
|
def self.encrypt(*tokens)
|
|
210
210
|
tokens.flatten.join('').gsub(/e/,'A')
|
|
211
211
|
end
|
|
212
|
+
|
|
213
|
+
def self.matches?(crypted,*tokens)
|
|
214
|
+
crypted = encrypt(*tokens)
|
|
215
|
+
end
|
|
212
216
|
end
|
|
213
217
|
plugin_set_model_config_property(:encryption_algorithm, :custom)
|
|
214
218
|
plugin_set_model_config_property(:custom_encryption_provider, MyCrypto)
|
metadata
CHANGED
|
@@ -1,12 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sorcery
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
prerelease:
|
|
5
|
-
|
|
6
|
-
- 0
|
|
7
|
-
- 1
|
|
8
|
-
- 0
|
|
9
|
-
version: 0.1.0
|
|
4
|
+
prerelease:
|
|
5
|
+
version: 0.1.4
|
|
10
6
|
platform: ruby
|
|
11
7
|
authors:
|
|
12
8
|
- Noam Ben Ari
|
|
@@ -14,7 +10,7 @@ autorequire:
|
|
|
14
10
|
bindir: bin
|
|
15
11
|
cert_chain: []
|
|
16
12
|
|
|
17
|
-
date: 2011-02-
|
|
13
|
+
date: 2011-02-19 00:00:00 +02:00
|
|
18
14
|
default_executable:
|
|
19
15
|
dependencies:
|
|
20
16
|
- !ruby/object:Gem::Dependency
|
|
@@ -22,13 +18,9 @@ dependencies:
|
|
|
22
18
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
23
19
|
none: false
|
|
24
20
|
requirements:
|
|
25
|
-
- - "
|
|
21
|
+
- - ">="
|
|
26
22
|
- !ruby/object:Gem::Version
|
|
27
|
-
|
|
28
|
-
- 3
|
|
29
|
-
- 0
|
|
30
|
-
- 3
|
|
31
|
-
version: 3.0.3
|
|
23
|
+
version: 3.0.0
|
|
32
24
|
type: :development
|
|
33
25
|
prerelease: false
|
|
34
26
|
version_requirements: *id001
|
|
@@ -39,10 +31,6 @@ dependencies:
|
|
|
39
31
|
requirements:
|
|
40
32
|
- - ~>
|
|
41
33
|
- !ruby/object:Gem::Version
|
|
42
|
-
segments:
|
|
43
|
-
- 2
|
|
44
|
-
- 3
|
|
45
|
-
- 0
|
|
46
34
|
version: 2.3.0
|
|
47
35
|
type: :development
|
|
48
36
|
prerelease: false
|
|
@@ -54,8 +42,6 @@ dependencies:
|
|
|
54
42
|
requirements:
|
|
55
43
|
- - ">="
|
|
56
44
|
- !ruby/object:Gem::Version
|
|
57
|
-
segments:
|
|
58
|
-
- 0
|
|
59
45
|
version: "0"
|
|
60
46
|
type: :development
|
|
61
47
|
prerelease: false
|
|
@@ -67,8 +53,6 @@ dependencies:
|
|
|
67
53
|
requirements:
|
|
68
54
|
- - ">="
|
|
69
55
|
- !ruby/object:Gem::Version
|
|
70
|
-
segments:
|
|
71
|
-
- 0
|
|
72
56
|
version: "0"
|
|
73
57
|
type: :development
|
|
74
58
|
prerelease: false
|
|
@@ -80,8 +64,6 @@ dependencies:
|
|
|
80
64
|
requirements:
|
|
81
65
|
- - ">="
|
|
82
66
|
- !ruby/object:Gem::Version
|
|
83
|
-
segments:
|
|
84
|
-
- 0
|
|
85
67
|
version: "0"
|
|
86
68
|
type: :development
|
|
87
69
|
prerelease: false
|
|
@@ -93,70 +75,52 @@ dependencies:
|
|
|
93
75
|
requirements:
|
|
94
76
|
- - ~>
|
|
95
77
|
- !ruby/object:Gem::Version
|
|
96
|
-
segments:
|
|
97
|
-
- 0
|
|
98
|
-
- 6
|
|
99
|
-
- 0
|
|
100
78
|
version: 0.6.0
|
|
101
79
|
type: :development
|
|
102
80
|
prerelease: false
|
|
103
81
|
version_requirements: *id006
|
|
104
82
|
- !ruby/object:Gem::Dependency
|
|
105
|
-
name:
|
|
83
|
+
name: bundler
|
|
106
84
|
requirement: &id007 !ruby/object:Gem::Requirement
|
|
107
85
|
none: false
|
|
108
86
|
requirements:
|
|
109
|
-
- -
|
|
87
|
+
- - ~>
|
|
110
88
|
- !ruby/object:Gem::Version
|
|
111
|
-
|
|
112
|
-
- 0
|
|
113
|
-
version: "0"
|
|
89
|
+
version: 1.0.0
|
|
114
90
|
type: :development
|
|
115
91
|
prerelease: false
|
|
116
92
|
version_requirements: *id007
|
|
117
93
|
- !ruby/object:Gem::Dependency
|
|
118
|
-
name:
|
|
94
|
+
name: jeweler
|
|
119
95
|
requirement: &id008 !ruby/object:Gem::Requirement
|
|
120
96
|
none: false
|
|
121
97
|
requirements:
|
|
122
98
|
- - ~>
|
|
123
99
|
- !ruby/object:Gem::Version
|
|
124
|
-
|
|
125
|
-
- 1
|
|
126
|
-
- 0
|
|
127
|
-
- 0
|
|
128
|
-
version: 1.0.0
|
|
100
|
+
version: 1.5.2
|
|
129
101
|
type: :development
|
|
130
102
|
prerelease: false
|
|
131
103
|
version_requirements: *id008
|
|
132
104
|
- !ruby/object:Gem::Dependency
|
|
133
|
-
name:
|
|
105
|
+
name: simplecov
|
|
134
106
|
requirement: &id009 !ruby/object:Gem::Requirement
|
|
135
107
|
none: false
|
|
136
108
|
requirements:
|
|
137
|
-
- -
|
|
109
|
+
- - ">="
|
|
138
110
|
- !ruby/object:Gem::Version
|
|
139
|
-
|
|
140
|
-
- 1
|
|
141
|
-
- 5
|
|
142
|
-
- 2
|
|
143
|
-
version: 1.5.2
|
|
111
|
+
version: 0.3.8
|
|
144
112
|
type: :development
|
|
145
113
|
prerelease: false
|
|
146
114
|
version_requirements: *id009
|
|
147
115
|
- !ruby/object:Gem::Dependency
|
|
148
|
-
name:
|
|
116
|
+
name: bcrypt-ruby
|
|
149
117
|
requirement: &id010 !ruby/object:Gem::Requirement
|
|
150
118
|
none: false
|
|
151
119
|
requirements:
|
|
152
|
-
- -
|
|
120
|
+
- - ~>
|
|
153
121
|
- !ruby/object:Gem::Version
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
- 3
|
|
157
|
-
- 8
|
|
158
|
-
version: 0.3.8
|
|
159
|
-
type: :development
|
|
122
|
+
version: 2.1.4
|
|
123
|
+
type: :runtime
|
|
160
124
|
prerelease: false
|
|
161
125
|
version_requirements: *id010
|
|
162
126
|
description: Provides common authentication needs such as signing in/out, activating by email and resetting password.
|
|
@@ -177,10 +141,11 @@ files:
|
|
|
177
141
|
- README.rdoc
|
|
178
142
|
- Rakefile
|
|
179
143
|
- VERSION
|
|
180
|
-
- features/support/env.rb
|
|
181
144
|
- lib/sorcery.rb
|
|
182
145
|
- lib/sorcery/controller.rb
|
|
146
|
+
- lib/sorcery/controller/submodules/activity_logging.rb
|
|
183
147
|
- lib/sorcery/controller/submodules/brute_force_protection.rb
|
|
148
|
+
- lib/sorcery/controller/submodules/http_basic_auth.rb
|
|
184
149
|
- lib/sorcery/controller/submodules/remember_me.rb
|
|
185
150
|
- lib/sorcery/controller/submodules/session_timeout.rb
|
|
186
151
|
- lib/sorcery/crypto_providers/aes256.rb
|
|
@@ -191,9 +156,12 @@ files:
|
|
|
191
156
|
- lib/sorcery/crypto_providers/sha512.rb
|
|
192
157
|
- lib/sorcery/engine.rb
|
|
193
158
|
- lib/sorcery/model.rb
|
|
194
|
-
- lib/sorcery/model/submodules/
|
|
159
|
+
- lib/sorcery/model/submodules/activity_logging.rb
|
|
160
|
+
- lib/sorcery/model/submodules/brute_force_protection.rb
|
|
195
161
|
- lib/sorcery/model/submodules/remember_me.rb
|
|
162
|
+
- lib/sorcery/model/submodules/reset_password.rb
|
|
196
163
|
- lib/sorcery/model/submodules/user_activation.rb
|
|
164
|
+
- sorcery.gemspec
|
|
197
165
|
- spec/Gemfile
|
|
198
166
|
- spec/Gemfile.lock
|
|
199
167
|
- spec/Rakefile
|
|
@@ -232,9 +200,11 @@ files:
|
|
|
232
200
|
- spec/rails3/app_root/config/locales/en.yml
|
|
233
201
|
- spec/rails3/app_root/config/routes.rb
|
|
234
202
|
- spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb
|
|
203
|
+
- spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb
|
|
204
|
+
- spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb
|
|
235
205
|
- spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb
|
|
236
|
-
- spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb
|
|
237
206
|
- spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb
|
|
207
|
+
- spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb
|
|
238
208
|
- spec/rails3/app_root/db/schema.rb
|
|
239
209
|
- spec/rails3/app_root/db/seeds.rb
|
|
240
210
|
- spec/rails3/app_root/lib/tasks/.gitkeep
|
|
@@ -258,14 +228,18 @@ files:
|
|
|
258
228
|
- spec/rails3/app_root/test/test_helper.rb
|
|
259
229
|
- spec/rails3/app_root/test/unit/user_test.rb
|
|
260
230
|
- spec/rails3/app_root/vendor/plugins/.gitkeep
|
|
231
|
+
- spec/rails3/controller_activity_logging_spec.rb
|
|
261
232
|
- spec/rails3/controller_brute_force_protection_spec.rb
|
|
233
|
+
- spec/rails3/controller_http_basic_auth_spec.rb
|
|
262
234
|
- spec/rails3/controller_remember_me_spec.rb
|
|
263
235
|
- spec/rails3/controller_session_timeout_spec.rb
|
|
264
236
|
- spec/rails3/controller_spec.rb
|
|
265
237
|
- spec/rails3/spec_helper.rb
|
|
266
238
|
- spec/rails3/user_activation_spec.rb
|
|
267
|
-
- spec/rails3/
|
|
239
|
+
- spec/rails3/user_activity_logging_spec.rb
|
|
240
|
+
- spec/rails3/user_brute_force_protection_spec.rb
|
|
268
241
|
- spec/rails3/user_remember_me_spec.rb
|
|
242
|
+
- spec/rails3/user_reset_password_spec.rb
|
|
269
243
|
- spec/rails3/user_spec.rb
|
|
270
244
|
- spec/sorcery_crypto_providers_spec.rb
|
|
271
245
|
- spec/spec_helper.rb
|
|
@@ -283,21 +257,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
283
257
|
requirements:
|
|
284
258
|
- - ">="
|
|
285
259
|
- !ruby/object:Gem::Version
|
|
286
|
-
segments:
|
|
287
|
-
- 0
|
|
288
260
|
version: "0"
|
|
289
261
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
290
262
|
none: false
|
|
291
263
|
requirements:
|
|
292
264
|
- - ">="
|
|
293
265
|
- !ruby/object:Gem::Version
|
|
294
|
-
segments:
|
|
295
|
-
- 0
|
|
296
266
|
version: "0"
|
|
297
267
|
requirements: []
|
|
298
268
|
|
|
299
269
|
rubyforge_project:
|
|
300
|
-
rubygems_version: 1.
|
|
270
|
+
rubygems_version: 1.5.0
|
|
301
271
|
signing_key:
|
|
302
272
|
specification_version: 3
|
|
303
273
|
summary: Magical authentication for Rails 3 applications
|
|
@@ -320,22 +290,28 @@ test_files:
|
|
|
320
290
|
- spec/rails3/app_root/config/initializers/session_store.rb
|
|
321
291
|
- spec/rails3/app_root/config/routes.rb
|
|
322
292
|
- spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb
|
|
293
|
+
- spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb
|
|
294
|
+
- spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb
|
|
323
295
|
- spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb
|
|
324
|
-
- spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb
|
|
325
296
|
- spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb
|
|
297
|
+
- spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb
|
|
326
298
|
- spec/rails3/app_root/db/schema.rb
|
|
327
299
|
- spec/rails3/app_root/db/seeds.rb
|
|
328
300
|
- spec/rails3/app_root/test/performance/browsing_test.rb
|
|
329
301
|
- spec/rails3/app_root/test/test_helper.rb
|
|
330
302
|
- spec/rails3/app_root/test/unit/user_test.rb
|
|
303
|
+
- spec/rails3/controller_activity_logging_spec.rb
|
|
331
304
|
- spec/rails3/controller_brute_force_protection_spec.rb
|
|
305
|
+
- spec/rails3/controller_http_basic_auth_spec.rb
|
|
332
306
|
- spec/rails3/controller_remember_me_spec.rb
|
|
333
307
|
- spec/rails3/controller_session_timeout_spec.rb
|
|
334
308
|
- spec/rails3/controller_spec.rb
|
|
335
309
|
- spec/rails3/spec_helper.rb
|
|
336
310
|
- spec/rails3/user_activation_spec.rb
|
|
337
|
-
- spec/rails3/
|
|
311
|
+
- spec/rails3/user_activity_logging_spec.rb
|
|
312
|
+
- spec/rails3/user_brute_force_protection_spec.rb
|
|
338
313
|
- spec/rails3/user_remember_me_spec.rb
|
|
314
|
+
- spec/rails3/user_reset_password_spec.rb
|
|
339
315
|
- spec/rails3/user_spec.rb
|
|
340
316
|
- spec/sorcery_crypto_providers_spec.rb
|
|
341
317
|
- spec/spec_helper.rb
|
data/features/support/env.rb
DELETED
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
require 'bundler'
|
|
2
|
-
begin
|
|
3
|
-
Bundler.setup(:default, :development)
|
|
4
|
-
rescue Bundler::BundlerError => e
|
|
5
|
-
$stderr.puts e.message
|
|
6
|
-
$stderr.puts "Run `bundle install` to install missing gems"
|
|
7
|
-
exit e.status_code
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
$LOAD_PATH.unshift(File.dirname(__FILE__) + '/../../lib')
|
|
11
|
-
require 'sorcery'
|
|
12
|
-
|
|
13
|
-
require 'rspec/expectations'
|
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
module Sorcery
|
|
2
|
-
module Model
|
|
3
|
-
module Submodules
|
|
4
|
-
# This submodule adds the ability to reset password via email confirmation.
|
|
5
|
-
module PasswordReset
|
|
6
|
-
def self.included(base)
|
|
7
|
-
base.sorcery_config.class_eval do
|
|
8
|
-
attr_accessor :reset_password_code_attribute_name, # reset password code attribute name.
|
|
9
|
-
:sorcery_mailer, # mailer class. Needed.
|
|
10
|
-
:reset_password_email_method_name # reset password email method on your mailer class.
|
|
11
|
-
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
base.sorcery_config.instance_eval do
|
|
15
|
-
@defaults.merge!(:@reset_password_code_attribute_name => :reset_password_code,
|
|
16
|
-
:@sorcery_mailer => nil,
|
|
17
|
-
:@reset_password_email_method_name => :reset_password_email)
|
|
18
|
-
|
|
19
|
-
reset!
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
base.class_eval do
|
|
23
|
-
clear_reset_password_code_proc = Proc.new do |record|
|
|
24
|
-
record.valid? && record.send(sorcery_config.password_attribute_name)
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
before_save :clear_reset_password_code, :if =>clear_reset_password_code_proc
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
base.sorcery_config.after_config << :validate_mailer_defined
|
|
31
|
-
|
|
32
|
-
base.extend(ClassMethods)
|
|
33
|
-
base.send(:include, InstanceMethods)
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
module ClassMethods
|
|
37
|
-
def validate_mailer_defined
|
|
38
|
-
msg = "To use password_reset submodule, you must define a mailer (config.sorcery_mailer = YourMailerClass)."
|
|
39
|
-
raise ArgumentError, msg if @sorcery_config.sorcery_mailer == nil
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
module InstanceMethods
|
|
44
|
-
def reset_password!
|
|
45
|
-
config = sorcery_config
|
|
46
|
-
self.send(:"#{config.reset_password_code_attribute_name}=", generate_random_code)
|
|
47
|
-
self.class.transaction do
|
|
48
|
-
self.save!(:validate => false)
|
|
49
|
-
generic_send_email(:reset_password_email_method_name)
|
|
50
|
-
end
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
protected
|
|
54
|
-
|
|
55
|
-
def clear_reset_password_code
|
|
56
|
-
config = sorcery_config
|
|
57
|
-
self.send(:"#{config.reset_password_code_attribute_name}=", nil)
|
|
58
|
-
end
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
end
|
|
@@ -1,76 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
-
|
|
3
|
-
describe "User with password_reset submodule" do
|
|
4
|
-
before(:all) do
|
|
5
|
-
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/password_reset")
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
after(:all) do
|
|
9
|
-
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/password_reset")
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
# ----------------- PLUGIN CONFIGURATION -----------------------
|
|
13
|
-
describe User, "loaded plugin configuration" do
|
|
14
|
-
|
|
15
|
-
before(:all) do
|
|
16
|
-
plugin_model_configure([:password_reset], :sorcery_mailer => ::SorceryMailer)
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
after(:each) do
|
|
20
|
-
User.sorcery_config.reset!
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
it "should respond to 'reset_password!'" do
|
|
24
|
-
create_new_user
|
|
25
|
-
@user.should respond_to(:reset_password!)
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
# ----------------- PLUGIN ACTIVATED -----------------------
|
|
30
|
-
describe User, "when activated with sorcery" do
|
|
31
|
-
|
|
32
|
-
before(:all) do
|
|
33
|
-
plugin_model_configure([:password_reset], :sorcery_mailer => ::SorceryMailer)
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
before(:each) do
|
|
37
|
-
User.delete_all
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
it "'reset_password!' should generate a reset_password_code" do
|
|
41
|
-
create_new_user
|
|
42
|
-
@user.reset_password_code.should be_nil
|
|
43
|
-
@user.reset_password!
|
|
44
|
-
@user.reset_password_code.should_not be_nil
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
it "the reset_password_code should be random" do
|
|
48
|
-
create_new_user
|
|
49
|
-
@user.reset_password!
|
|
50
|
-
old_password_code = @user.reset_password_code
|
|
51
|
-
@user.reset_password!
|
|
52
|
-
@user.reset_password_code.should_not == old_password_code
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
it "should send an email on reset" do
|
|
56
|
-
create_new_user
|
|
57
|
-
old_size = ActionMailer::Base.deliveries.size
|
|
58
|
-
@user.reset_password!
|
|
59
|
-
ActionMailer::Base.deliveries.size.should == old_size + 1
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
it "when a new password is set, should delete reset_password_code" do
|
|
63
|
-
create_new_user
|
|
64
|
-
@user.reset_password!
|
|
65
|
-
@user.reset_password_code.should_not be_nil
|
|
66
|
-
@user.password = "blabulsdf"
|
|
67
|
-
@user.save!
|
|
68
|
-
@user.reset_password_code.should be_nil
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
it "if mailer is nil on activation, throw exception!" do
|
|
72
|
-
expect{plugin_model_configure([:password_reset])}.to raise_error(ArgumentError)
|
|
73
|
-
end
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
end
|