sorcery 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sorcery might be problematic. Click here for more details.
- data/.document +5 -0
- data/.rspec +1 -0
- data/Gemfile +19 -0
- data/Gemfile.lock +129 -0
- data/LICENSE.txt +20 -0
- data/README.rdoc +139 -0
- data/Rakefile +61 -0
- data/VERSION +1 -0
- data/features/support/env.rb +13 -0
- data/lib/sorcery.rb +28 -0
- data/lib/sorcery/controller.rb +156 -0
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +89 -0
- data/lib/sorcery/controller/submodules/remember_me.rb +43 -0
- data/lib/sorcery/controller/submodules/session_timeout.rb +42 -0
- data/lib/sorcery/crypto_providers/aes256.rb +44 -0
- data/lib/sorcery/crypto_providers/bcrypt.rb +96 -0
- data/lib/sorcery/crypto_providers/md5.rb +39 -0
- data/lib/sorcery/crypto_providers/sha1.rb +40 -0
- data/lib/sorcery/crypto_providers/sha256.rb +55 -0
- data/lib/sorcery/crypto_providers/sha512.rb +55 -0
- data/lib/sorcery/engine.rb +20 -0
- data/lib/sorcery/model.rb +175 -0
- data/lib/sorcery/model/submodules/password_reset.rb +64 -0
- data/lib/sorcery/model/submodules/remember_me.rb +42 -0
- data/lib/sorcery/model/submodules/user_activation.rb +84 -0
- data/spec/Gemfile +11 -0
- data/spec/Gemfile.lock +108 -0
- data/spec/Rakefile +11 -0
- data/spec/rails3/.rspec +1 -0
- data/spec/rails3/Gemfile +12 -0
- data/spec/rails3/Gemfile.lock +114 -0
- data/spec/rails3/Rakefile +10 -0
- data/spec/rails3/app_root/.gitignore +4 -0
- data/spec/rails3/app_root/README +256 -0
- data/spec/rails3/app_root/Rakefile.unused +7 -0
- data/spec/rails3/app_root/app/controllers/application_controller.rb +61 -0
- data/spec/rails3/app_root/app/helpers/application_helper.rb +2 -0
- data/spec/rails3/app_root/app/mailers/sorcery_mailer.rb +25 -0
- data/spec/rails3/app_root/app/models/user.rb +3 -0
- data/spec/rails3/app_root/app/views/layouts/application.html.erb +14 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_email.html.erb +17 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_email.text.erb +9 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.html.erb +17 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.text.erb +9 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.html.erb +16 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.text.erb +8 -0
- data/spec/rails3/app_root/config.ru +4 -0
- data/spec/rails3/app_root/config/application.rb +48 -0
- data/spec/rails3/app_root/config/boot.rb +13 -0
- data/spec/rails3/app_root/config/database.yml +27 -0
- data/spec/rails3/app_root/config/environment.rb +5 -0
- data/spec/rails3/app_root/config/environments/development.rb +26 -0
- data/spec/rails3/app_root/config/environments/in_memory.rb +0 -0
- data/spec/rails3/app_root/config/environments/production.rb +49 -0
- data/spec/rails3/app_root/config/environments/test.rb +35 -0
- data/spec/rails3/app_root/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/rails3/app_root/config/initializers/inflections.rb +10 -0
- data/spec/rails3/app_root/config/initializers/mime_types.rb +5 -0
- data/spec/rails3/app_root/config/initializers/secret_token.rb +7 -0
- data/spec/rails3/app_root/config/initializers/session_store.rb +8 -0
- data/spec/rails3/app_root/config/locales/en.yml +5 -0
- data/spec/rails3/app_root/config/routes.rb +67 -0
- data/spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb +15 -0
- data/spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb +16 -0
- data/spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb +9 -0
- data/spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +15 -0
- data/spec/rails3/app_root/db/schema.rb +23 -0
- data/spec/rails3/app_root/db/seeds.rb +7 -0
- data/spec/rails3/app_root/lib/tasks/.gitkeep +0 -0
- data/spec/rails3/app_root/public/404.html +26 -0
- data/spec/rails3/app_root/public/422.html +26 -0
- data/spec/rails3/app_root/public/500.html +26 -0
- data/spec/rails3/app_root/public/favicon.ico +0 -0
- data/spec/rails3/app_root/public/images/rails.png +0 -0
- data/spec/rails3/app_root/public/index.html +239 -0
- data/spec/rails3/app_root/public/javascripts/application.js +2 -0
- data/spec/rails3/app_root/public/javascripts/controls.js +965 -0
- data/spec/rails3/app_root/public/javascripts/dragdrop.js +974 -0
- data/spec/rails3/app_root/public/javascripts/effects.js +1123 -0
- data/spec/rails3/app_root/public/javascripts/prototype.js +6001 -0
- data/spec/rails3/app_root/public/javascripts/rails.js +175 -0
- data/spec/rails3/app_root/public/robots.txt +5 -0
- data/spec/rails3/app_root/public/stylesheets/.gitkeep +0 -0
- data/spec/rails3/app_root/script/rails +6 -0
- data/spec/rails3/app_root/test/fixtures/users.yml +9 -0
- data/spec/rails3/app_root/test/performance/browsing_test.rb +9 -0
- data/spec/rails3/app_root/test/test_helper.rb +13 -0
- data/spec/rails3/app_root/test/unit/user_test.rb +8 -0
- data/spec/rails3/app_root/vendor/plugins/.gitkeep +0 -0
- data/spec/rails3/controller_brute_force_protection_spec.rb +72 -0
- data/spec/rails3/controller_remember_me_spec.rb +65 -0
- data/spec/rails3/controller_session_timeout_spec.rb +49 -0
- data/spec/rails3/controller_spec.rb +115 -0
- data/spec/rails3/spec_helper.rb +115 -0
- data/spec/rails3/user_activation_spec.rb +148 -0
- data/spec/rails3/user_password_reset_spec.rb +76 -0
- data/spec/rails3/user_remember_me_spec.rb +66 -0
- data/spec/rails3/user_spec.rb +283 -0
- data/spec/sorcery_crypto_providers_spec.rb +182 -0
- data/spec/spec_helper.rb +18 -0
- metadata +341 -0
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
(function() {
|
|
2
|
+
// Technique from Juriy Zaytsev
|
|
3
|
+
// http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
|
|
4
|
+
function isEventSupported(eventName) {
|
|
5
|
+
var el = document.createElement('div');
|
|
6
|
+
eventName = 'on' + eventName;
|
|
7
|
+
var isSupported = (eventName in el);
|
|
8
|
+
if (!isSupported) {
|
|
9
|
+
el.setAttribute(eventName, 'return;');
|
|
10
|
+
isSupported = typeof el[eventName] == 'function';
|
|
11
|
+
}
|
|
12
|
+
el = null;
|
|
13
|
+
return isSupported;
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
function isForm(element) {
|
|
17
|
+
return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
function isInput(element) {
|
|
21
|
+
if (Object.isElement(element)) {
|
|
22
|
+
var name = element.nodeName.toUpperCase()
|
|
23
|
+
return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
|
|
24
|
+
}
|
|
25
|
+
else return false
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
var submitBubbles = isEventSupported('submit'),
|
|
29
|
+
changeBubbles = isEventSupported('change')
|
|
30
|
+
|
|
31
|
+
if (!submitBubbles || !changeBubbles) {
|
|
32
|
+
// augment the Event.Handler class to observe custom events when needed
|
|
33
|
+
Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
|
|
34
|
+
function(init, element, eventName, selector, callback) {
|
|
35
|
+
init(element, eventName, selector, callback)
|
|
36
|
+
// is the handler being attached to an element that doesn't support this event?
|
|
37
|
+
if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
|
|
38
|
+
(!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
|
|
39
|
+
// "submit" => "emulated:submit"
|
|
40
|
+
this.eventName = 'emulated:' + this.eventName
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
)
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
if (!submitBubbles) {
|
|
47
|
+
// discover forms on the page by observing focus events which always bubble
|
|
48
|
+
document.on('focusin', 'form', function(focusEvent, form) {
|
|
49
|
+
// special handler for the real "submit" event (one-time operation)
|
|
50
|
+
if (!form.retrieve('emulated:submit')) {
|
|
51
|
+
form.on('submit', function(submitEvent) {
|
|
52
|
+
var emulated = form.fire('emulated:submit', submitEvent, true)
|
|
53
|
+
// if custom event received preventDefault, cancel the real one too
|
|
54
|
+
if (emulated.returnValue === false) submitEvent.preventDefault()
|
|
55
|
+
})
|
|
56
|
+
form.store('emulated:submit', true)
|
|
57
|
+
}
|
|
58
|
+
})
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
if (!changeBubbles) {
|
|
62
|
+
// discover form inputs on the page
|
|
63
|
+
document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
|
|
64
|
+
// special handler for real "change" events
|
|
65
|
+
if (!input.retrieve('emulated:change')) {
|
|
66
|
+
input.on('change', function(changeEvent) {
|
|
67
|
+
input.fire('emulated:change', changeEvent, true)
|
|
68
|
+
})
|
|
69
|
+
input.store('emulated:change', true)
|
|
70
|
+
}
|
|
71
|
+
})
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
function handleRemote(element) {
|
|
75
|
+
var method, url, params;
|
|
76
|
+
|
|
77
|
+
var event = element.fire("ajax:before");
|
|
78
|
+
if (event.stopped) return false;
|
|
79
|
+
|
|
80
|
+
if (element.tagName.toLowerCase() === 'form') {
|
|
81
|
+
method = element.readAttribute('method') || 'post';
|
|
82
|
+
url = element.readAttribute('action');
|
|
83
|
+
params = element.serialize();
|
|
84
|
+
} else {
|
|
85
|
+
method = element.readAttribute('data-method') || 'get';
|
|
86
|
+
url = element.readAttribute('href');
|
|
87
|
+
params = {};
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
new Ajax.Request(url, {
|
|
91
|
+
method: method,
|
|
92
|
+
parameters: params,
|
|
93
|
+
evalScripts: true,
|
|
94
|
+
|
|
95
|
+
onComplete: function(request) { element.fire("ajax:complete", request); },
|
|
96
|
+
onSuccess: function(request) { element.fire("ajax:success", request); },
|
|
97
|
+
onFailure: function(request) { element.fire("ajax:failure", request); }
|
|
98
|
+
});
|
|
99
|
+
|
|
100
|
+
element.fire("ajax:after");
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
function handleMethod(element) {
|
|
104
|
+
var method = element.readAttribute('data-method'),
|
|
105
|
+
url = element.readAttribute('href'),
|
|
106
|
+
csrf_param = $$('meta[name=csrf-param]')[0],
|
|
107
|
+
csrf_token = $$('meta[name=csrf-token]')[0];
|
|
108
|
+
|
|
109
|
+
var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
|
|
110
|
+
element.parentNode.insert(form);
|
|
111
|
+
|
|
112
|
+
if (method !== 'post') {
|
|
113
|
+
var field = new Element('input', { type: 'hidden', name: '_method', value: method });
|
|
114
|
+
form.insert(field);
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
if (csrf_param) {
|
|
118
|
+
var param = csrf_param.readAttribute('content'),
|
|
119
|
+
token = csrf_token.readAttribute('content'),
|
|
120
|
+
field = new Element('input', { type: 'hidden', name: param, value: token });
|
|
121
|
+
form.insert(field);
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
form.submit();
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
|
|
128
|
+
document.on("click", "*[data-confirm]", function(event, element) {
|
|
129
|
+
var message = element.readAttribute('data-confirm');
|
|
130
|
+
if (!confirm(message)) event.stop();
|
|
131
|
+
});
|
|
132
|
+
|
|
133
|
+
document.on("click", "a[data-remote]", function(event, element) {
|
|
134
|
+
if (event.stopped) return;
|
|
135
|
+
handleRemote(element);
|
|
136
|
+
event.stop();
|
|
137
|
+
});
|
|
138
|
+
|
|
139
|
+
document.on("click", "a[data-method]", function(event, element) {
|
|
140
|
+
if (event.stopped) return;
|
|
141
|
+
handleMethod(element);
|
|
142
|
+
event.stop();
|
|
143
|
+
});
|
|
144
|
+
|
|
145
|
+
document.on("submit", function(event) {
|
|
146
|
+
var element = event.findElement(),
|
|
147
|
+
message = element.readAttribute('data-confirm');
|
|
148
|
+
if (message && !confirm(message)) {
|
|
149
|
+
event.stop();
|
|
150
|
+
return false;
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
var inputs = element.select("input[type=submit][data-disable-with]");
|
|
154
|
+
inputs.each(function(input) {
|
|
155
|
+
input.disabled = true;
|
|
156
|
+
input.writeAttribute('data-original-value', input.value);
|
|
157
|
+
input.value = input.readAttribute('data-disable-with');
|
|
158
|
+
});
|
|
159
|
+
|
|
160
|
+
var element = event.findElement("form[data-remote]");
|
|
161
|
+
if (element) {
|
|
162
|
+
handleRemote(element);
|
|
163
|
+
event.stop();
|
|
164
|
+
}
|
|
165
|
+
});
|
|
166
|
+
|
|
167
|
+
document.on("ajax:after", "form", function(event, element) {
|
|
168
|
+
var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
|
|
169
|
+
inputs.each(function(input) {
|
|
170
|
+
input.value = input.readAttribute('data-original-value');
|
|
171
|
+
input.removeAttribute('data-original-value');
|
|
172
|
+
input.disabled = false;
|
|
173
|
+
});
|
|
174
|
+
});
|
|
175
|
+
})();
|
|
File without changes
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
|
3
|
+
|
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
|
6
|
+
require 'rails/commands'
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
ENV["RAILS_ENV"] = "test"
|
|
2
|
+
require File.expand_path('../../config/environment', __FILE__)
|
|
3
|
+
require 'rails/test_help'
|
|
4
|
+
|
|
5
|
+
class ActiveSupport::TestCase
|
|
6
|
+
# Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
|
|
7
|
+
#
|
|
8
|
+
# Note: You'll currently still have to declare fixtures explicitly in integration tests
|
|
9
|
+
# -- they do not yet inherit this setting
|
|
10
|
+
fixtures :all
|
|
11
|
+
|
|
12
|
+
# Add more helper methods to be used by all tests here...
|
|
13
|
+
end
|
|
File without changes
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
+
|
|
3
|
+
describe ApplicationController do
|
|
4
|
+
|
|
5
|
+
# ----------------- SESSION TIMEOUT -----------------------
|
|
6
|
+
describe ApplicationController, "with brute force protection features" do
|
|
7
|
+
before(:all) do
|
|
8
|
+
plugin_model_configure([:brute_force_protection])
|
|
9
|
+
create_new_user
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
after(:each) do
|
|
13
|
+
Sorcery::Controller::Config.reset!
|
|
14
|
+
plugin_set_controller_config_property(:user_class, User)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it "should have configuration for 'login_retries_amount_allowed' per session" do
|
|
18
|
+
plugin_set_controller_config_property(:login_retries_amount_allowed, 32)
|
|
19
|
+
Sorcery::Controller::Config.login_retries_amount_allowed.should equal(32)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
it "should have configuration for 'login_retries_counter_reset_time'" do
|
|
23
|
+
plugin_set_controller_config_property(:login_retries_time_period, 32)
|
|
24
|
+
Sorcery::Controller::Config.login_retries_time_period.should equal(32)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
it "should count login retries per session" do
|
|
28
|
+
3.times {get :test_login, :username => 'gizmo', :password => 'blabla'}
|
|
29
|
+
session[:failed_logins].should == 3
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it "should reset the counter if enough time has passed" do
|
|
33
|
+
plugin_set_controller_config_property(:login_retries_amount_allowed, 5)
|
|
34
|
+
plugin_set_controller_config_property(:login_retries_time_period, 0.2)
|
|
35
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
36
|
+
sleep 0.4
|
|
37
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
38
|
+
session[:failed_logins].should == 1
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
it "should ban session when number of retries reached within an amount of time" do
|
|
42
|
+
plugin_set_controller_config_property(:login_retries_amount_allowed, 1)
|
|
43
|
+
plugin_set_controller_config_property(:login_retries_time_period, 50)
|
|
44
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
45
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
46
|
+
session[:banned].should == true
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
it "should clear ban after ban time limit passes" do
|
|
50
|
+
plugin_set_controller_config_property(:login_retries_amount_allowed, 1)
|
|
51
|
+
plugin_set_controller_config_property(:login_retries_time_period, 50)
|
|
52
|
+
plugin_set_controller_config_property(:login_ban_time_period, 0.2)
|
|
53
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
54
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
55
|
+
session[:banned].should == true
|
|
56
|
+
sleep 0.3
|
|
57
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
58
|
+
session[:banned].should == nil
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
it "banned session calls the configured banned action" do
|
|
62
|
+
plugin_set_controller_config_property(:login_retries_amount_allowed, 1)
|
|
63
|
+
plugin_set_controller_config_property(:login_retries_time_period, 50)
|
|
64
|
+
plugin_set_controller_config_property(:login_ban_time_period, 50)
|
|
65
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
66
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
67
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
68
|
+
session[:banned].should == true
|
|
69
|
+
response.body.should == " "
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
+
|
|
3
|
+
describe ApplicationController do
|
|
4
|
+
|
|
5
|
+
# ----------------- REMEMBER ME -----------------------
|
|
6
|
+
describe ApplicationController, "with remember me features" do
|
|
7
|
+
before(:all) do
|
|
8
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
|
|
9
|
+
plugin_model_configure([:remember_me])
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
before(:each) do
|
|
13
|
+
create_new_user
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
after(:all) do
|
|
17
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/remember_me")
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
after(:each) do
|
|
21
|
+
session = nil
|
|
22
|
+
cookies = nil
|
|
23
|
+
User.delete_all
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
it "should set cookie on remember_me!" do
|
|
27
|
+
post :test_login_with_remember, :username => 'gizmo', :password => 'secret'
|
|
28
|
+
cookies["remember_me_token"].should == assigns[:logged_in_user].remember_me_token
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
it "should clear cookie on forget_me!" do
|
|
32
|
+
cookies["remember_me_token"] == {:value => 'asd54234dsfsd43534', :expires => 3600}
|
|
33
|
+
get :test_logout
|
|
34
|
+
cookies["remember_me_token"].should == nil
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it "login(username,password,remember_me) should login and remember" do
|
|
38
|
+
post :test_login_with_remember_in_login, :username => 'gizmo', :password => 'secret', :remember => "1"
|
|
39
|
+
cookies["remember_me_token"].should_not be_nil
|
|
40
|
+
cookies["remember_me_token"].should == assigns[:user].remember_me_token
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
it "logout should also forget_me!" do
|
|
44
|
+
session[:user_id] = @user.id
|
|
45
|
+
get :test_logout_with_remember
|
|
46
|
+
cookies["remember_me_token"].should == nil
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
it "should login_from_cookie" do
|
|
50
|
+
session[:user_id] = @user.id
|
|
51
|
+
subject.remember_me!
|
|
52
|
+
subject.instance_eval do
|
|
53
|
+
@logged_in_user = nil
|
|
54
|
+
end
|
|
55
|
+
session[:user_id] = nil
|
|
56
|
+
get :test_login_from_cookie
|
|
57
|
+
assigns[:logged_in_user].should == @user
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
it "should not remember_me! when not asked to" do
|
|
61
|
+
post :test_login, :username => 'gizmo', :password => 'secret'
|
|
62
|
+
cookies["remember_me_token"].should == nil
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
+
|
|
3
|
+
describe ApplicationController do
|
|
4
|
+
|
|
5
|
+
# ----------------- SESSION TIMEOUT -----------------------
|
|
6
|
+
describe ApplicationController, "with session timeout features" do
|
|
7
|
+
before(:all) do
|
|
8
|
+
plugin_model_configure([:session_timeout])
|
|
9
|
+
plugin_set_controller_config_property(:session_timeout,0.5)
|
|
10
|
+
create_new_user
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "should not reset session before session timeout" do
|
|
14
|
+
login_user
|
|
15
|
+
get :test_should_be_logged_in
|
|
16
|
+
session[:user_id].should_not be_nil
|
|
17
|
+
response.should be_a_success
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
it "should reset session after session timeout" do
|
|
21
|
+
login_user
|
|
22
|
+
sleep 0.6
|
|
23
|
+
get :test_should_be_logged_in
|
|
24
|
+
session[:user_id].should be_nil
|
|
25
|
+
response.should be_a_redirect
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
it "with 'session_timeout_from_last_action' should not logout if there was activity" do
|
|
29
|
+
plugin_set_controller_config_property(:session_timeout_from_last_action, true)
|
|
30
|
+
login_user
|
|
31
|
+
sleep 0.3
|
|
32
|
+
get :test_should_be_logged_in
|
|
33
|
+
session[:user_id].should_not be_nil
|
|
34
|
+
sleep 0.3
|
|
35
|
+
get :test_should_be_logged_in
|
|
36
|
+
session[:user_id].should_not be_nil
|
|
37
|
+
response.should be_a_success
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
it "with 'session_timeout_from_last_action' should logout if there was no activity" do
|
|
41
|
+
plugin_set_controller_config_property(:session_timeout_from_last_action, true)
|
|
42
|
+
login_user
|
|
43
|
+
sleep 0.6
|
|
44
|
+
get :test_should_be_logged_in
|
|
45
|
+
session[:user_id].should be_nil
|
|
46
|
+
response.should be_a_redirect
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
+
|
|
3
|
+
describe ApplicationController do
|
|
4
|
+
|
|
5
|
+
# ----------------- PLUGIN CONFIGURATION -----------------------
|
|
6
|
+
describe ApplicationController, "plugin configuration" do
|
|
7
|
+
before(:all) do
|
|
8
|
+
plugin_model_configure
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
after(:each) do
|
|
12
|
+
Sorcery::Controller::Config.reset!
|
|
13
|
+
plugin_model_configure
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it "should enable configuration option 'user_class'" do
|
|
17
|
+
plugin_set_controller_config_property(:user_class, TestUser)
|
|
18
|
+
Sorcery::Controller::Config.user_class.should equal(TestUser)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it "should enable configuration option 'not_authenticated_action'" do
|
|
22
|
+
plugin_set_controller_config_property(:not_authenticated_action, :my_action)
|
|
23
|
+
Sorcery::Controller::Config.not_authenticated_action.should equal(:my_action)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# ----------------- PLUGIN ACTIVATED -----------------------
|
|
29
|
+
describe ApplicationController, "when activated with sorcery" do
|
|
30
|
+
before(:all) do
|
|
31
|
+
User.delete_all
|
|
32
|
+
create_new_user
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
after(:each) do
|
|
36
|
+
Sorcery::Controller::Config.reset!
|
|
37
|
+
plugin_set_controller_config_property(:user_class, User)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
it "should respond to the instance method login" do
|
|
41
|
+
should respond_to(:login)
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
it "should respond to the instance method logout" do
|
|
45
|
+
should respond_to(:logout)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
it "should respond to the instance method logged_in?" do
|
|
49
|
+
should respond_to(:logged_in?)
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
it "should respond to the instance method logged_in_user" do
|
|
53
|
+
should respond_to(:logged_in_user)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
it "login(username,password) should return the user when success and set the session with user.id" do
|
|
57
|
+
get :test_login, :username => 'gizmo', :password => 'secret'
|
|
58
|
+
assigns[:user].should == @user
|
|
59
|
+
session[:user_id].should == @user.id
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
it "login(username,password) should return nil and not set the session when failure" do
|
|
63
|
+
get :test_login, :username => 'gizmo', :password => 'opensesame!'
|
|
64
|
+
assigns[:user].should be_nil
|
|
65
|
+
session[:user_id].should be_nil
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
it "logout should clear the session" do
|
|
69
|
+
cookies[:remember_me_token] = nil
|
|
70
|
+
session[:user_id] = @user.id
|
|
71
|
+
get :test_logout
|
|
72
|
+
session[:user_id].should be_nil
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
it "logged_in? should return true if logged in" do
|
|
76
|
+
session[:user_id] = @user.id
|
|
77
|
+
subject.logged_in?.should be_true
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
it "logged_in? should return false if not logged in" do
|
|
81
|
+
session[:user_id] = nil
|
|
82
|
+
subject.logged_in?.should be_false
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
it "logged_in_user should return the user instance if logged in" do
|
|
86
|
+
create_new_user
|
|
87
|
+
session[:user_id] = @user.id
|
|
88
|
+
subject.logged_in_user.should == @user
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
it "logged_in_user should return false if not logged in" do
|
|
92
|
+
session[:user_id] = nil
|
|
93
|
+
subject.logged_in_user.should == false
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
it "should respond to 'require_user_login'" do
|
|
97
|
+
should respond_to(:require_user_login)
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
it "should call the configured 'not_authenticated_action' when authenticate before_filter fails" do
|
|
101
|
+
session[:user_id] = nil
|
|
102
|
+
plugin_set_controller_config_property(:not_authenticated_action, :test_not_authenticated_action)
|
|
103
|
+
get :test_logout
|
|
104
|
+
response.body.should == "test_not_authenticated_action"
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
it "require_user_login before_filter should save the url that the user originally wanted" do
|
|
108
|
+
get :some_action
|
|
109
|
+
session[:user_wanted_url].should == "http://test.host/some_action"
|
|
110
|
+
response.should redirect_to("http://test.host/")
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
end
|