sorcery 0.1.0

data/spec/rails3/spec_helper.rb

@@ -0,0 +1,115 @@
+$: << File.join(File.dirname(__FILE__), '..', '..', 'lib' )
+
+require 'simplecov'
+SimpleCov.root File.join(File.dirname(__FILE__), "app_root" )
+SimpleCov.start do
+  add_filter "/config/"
+  
+  add_group 'Controllers', 'app/controllers'
+  add_group 'Models', 'app/models'
+  add_group 'Helpers', 'app/helpers'
+  add_group 'Libraries', 'lib'
+  add_group 'Plugins', 'vendor/plugins'
+  add_group 'Migrations', 'db/migrate'
+end
+
+# Set the default environment to sqlite3's in_memory database
+ENV['RAILS_ENV'] ||= 'in_memory'
+ENV['RAILS_ROOT'] = 'app_root'
+
+# Load the Rails environment and testing framework
+require "#{File.dirname(__FILE__)}/app_root/config/environment"
+#require "#{File.dirname(__FILE__)}/../../init" # for plugins
+require 'rspec/rails'
+#require 'sorcery'
+
+# Undo changes to RAILS_ENV
+silence_warnings {RAILS_ENV = ENV['RAILS_ENV']}
+
+RSpec.configure do |config|
+  config.use_transactional_fixtures = true
+  config.use_instantiated_fixtures  = false
+  config.include RSpec::Rails::ControllerExampleGroup, :example_group => { :file_path => /controller(.)*_spec.rb$/ }#:file_path => /\bspec[\\\/]controllers[\\\/]/ }
+
+  config.before(:suite) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/core")
+  end
+  
+  config.after(:suite) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/core")
+  end
+end
+
+#----------------------------------------------------------------
+#require File.join(File.dirname(__FILE__), 'app_root','app','models','user')
+
+class TestUser < ActiveRecord::Base
+  activate_sorcery!
+end
+
+class TestMailer < ActionMailer::Base
+  
+end
+
+module Sorcery
+  module Model
+    module Submodules
+      module TestSubmodule
+        def my_instance_method
+        end
+      end
+    end
+  end
+end
+
+def create_new_user
+  user_attributes_hash = {:username => 'gizmo', :email => "bla@bla.com", :password => 'secret'}
+  @user = User.new(user_attributes_hash)
+  @user.save!
+end
+
+def login_user
+  subject.send(:login_user,@user)
+  subject.send(:after_login!,@user,['gizmo','secret'])
+end
+
+# TODO: rename to sorcery_reload!(subs = [], model_opts = {}, controller_opts = {})
+def plugin_model_configure(submodules = [], options = {})
+  reload_user_class
+  
+  # return to no-module configuration
+  ::Sorcery::Controller::Config.init!
+  ::Sorcery::Controller::Config.reset!
+  
+  # configure
+  ::Sorcery::Controller::Config.submodules = submodules
+  ::Sorcery::Controller::Config.user_class = nil # the next line will reset it to User
+  ApplicationController.send(:include,::Sorcery::Controller)
+  
+  User.activate_sorcery! do |config|
+    options.each do |property,value|
+      config.send(:"#{property}=", value)
+    end
+  end
+end
+
+# TODO: rename to sorcery_model_property_set(prop, val)
+def plugin_set_model_config_property(property, *values)
+  User.class_eval do
+    sorcery_config.send(:"#{property}=", *values)
+  end
+end
+
+# TODO: rename to sorcery_controller_property_set(prop, val)
+def plugin_set_controller_config_property(property, value)
+  ApplicationController.activate_sorcery! do |config|
+    config.send(:"#{property}=", value)
+  end
+end
+
+private
+
+def reload_user_class
+  Object.send(:remove_const,:User)
+  load 'user.rb'
+end

data/spec/rails3/user_activation_spec.rb

@@ -0,0 +1,148 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require File.expand_path(File.dirname(__FILE__) + '/app_root/app/mailers/sorcery_mailer')
+
+describe "User with activation submodule" do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
+  end
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    before(:all) do
+      plugin_model_configure([:user_activation], :sorcery_mailer => ::SorceryMailer)
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+      plugin_model_configure([:user_activation], :sorcery_mailer => ::SorceryMailer)
+    end
+    
+    it "should enable configuration option 'activation_state_attribute_name'" do
+      plugin_set_model_config_property(:activation_state_attribute_name, :status)
+      User.sorcery_config.activation_state_attribute_name.should equal(:status)    
+    end
+    
+    it "should enable configuration option 'activation_code_attribute_name'" do
+      plugin_set_model_config_property(:activation_code_attribute_name, :code)
+      User.sorcery_config.activation_code_attribute_name.should equal(:code)    
+    end
+    
+    it "should enable configuration option 'sorcery_mailer'" do
+      plugin_set_model_config_property(:sorcery_mailer, TestMailer)
+      User.sorcery_config.sorcery_mailer.should equal(TestMailer)    
+    end
+    
+    it "should enable configuration option 'activation_needed_email_method_name'" do
+      plugin_set_model_config_property(:activation_needed_email_method_name, :my_activation_email)
+      User.sorcery_config.activation_needed_email_method_name.should equal(:my_activation_email)
+    end
+    
+    it "should enable configuration option 'activation_success_email_method_name'" do
+      plugin_set_model_config_property(:activation_success_email_method_name, :my_activation_email)
+      User.sorcery_config.activation_success_email_method_name.should equal(:my_activation_email)
+    end
+    
+    it "if mailer is nil on activation, throw exception!" do
+      expect{plugin_model_configure([:user_activation])}.to raise_error(ArgumentError)
+    end
+  end
+
+  # ----------------- ACTIVATION PROCESS -----------------------
+  describe User, "activation process" do
+    before(:all) do
+      plugin_model_configure([:user_activation], :sorcery_mailer => ::SorceryMailer)
+    end
+    
+    it "should generate an activation code on registration" do
+      create_new_user
+      @user.activation_code.should_not be_nil
+    end
+    
+    it "should initialize user state to 'pending'" do
+      create_new_user
+      @user.activation_state.should == "pending"
+    end
+    
+    it "should respond to 'activate!'" do
+      create_new_user
+      @user.should respond_to(:activate!)
+    end
+    
+    it "should clear activation code and change state to 'active' on activation" do
+      create_new_user
+      activation_code = @user.activation_code
+      @user.activate!
+      @user2 = User.find(@user.id) # go to db to make sure it was saved and not just in memory
+      @user2.activation_code.should be_nil
+      @user2.activation_state.should == "active"
+      User.find_by_activation_code(activation_code).should be_nil
+    end
+    
+    it "should send the user an activation email" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_user
+      ActionMailer::Base.deliveries.size.should == old_size + 1
+    end
+    
+    it "subsequent saves do not send activation email" do
+      create_new_user
+      old_size = ActionMailer::Base.deliveries.size
+      @user.username = "Shauli"
+      @user.save!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "should send the user an activation success email on successful activation" do
+      create_new_user
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size + 1
+    end
+    
+    it "subsequent saves do not send activation success email" do
+      create_new_user
+      @user.activate!
+      old_size = ActionMailer::Base.deliveries.size
+      @user.username = "Shauli"
+      @user.save!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "activation needed email is optional" do
+      plugin_set_model_config_property(:activation_needed_email_method_name, nil)
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_user
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "activation success email is optional" do
+      plugin_set_model_config_property(:activation_success_email_method_name, nil)
+      create_new_user
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+  end
+
+  describe User, "prevent non-active login feature" do
+    before(:all) do
+      plugin_model_configure([:user_activation], :sorcery_mailer => ::SorceryMailer)
+    end
+    
+    it "should not allow a non-active user to authenticate" do
+      create_new_user
+      User.authenticate(@user.username,'secret').should be_false
+    end
+    
+    it "should allow a non-active user to authenticate if configured so" do
+      create_new_user
+      plugin_set_model_config_property(:prevent_non_active_users_to_login, false)
+      User.authenticate(@user.username,'secret').should be_true
+    end
+  end
+  
+end

data/spec/rails3/user_password_reset_spec.rb

@@ -0,0 +1,76 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "User with password_reset submodule" do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/password_reset")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/password_reset")
+  end
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+  
+    before(:all) do
+      plugin_model_configure([:password_reset], :sorcery_mailer => ::SorceryMailer)
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+    
+    it "should respond to 'reset_password!'" do
+      create_new_user
+      @user.should respond_to(:reset_password!)
+    end
+  end
+
+  # ----------------- PLUGIN ACTIVATED -----------------------
+  describe User, "when activated with sorcery" do
+  
+    before(:all) do
+      plugin_model_configure([:password_reset], :sorcery_mailer => ::SorceryMailer)
+    end
+  
+    before(:each) do
+      User.delete_all
+    end
+
+    it "'reset_password!' should generate a reset_password_code" do
+      create_new_user
+      @user.reset_password_code.should be_nil
+      @user.reset_password!
+      @user.reset_password_code.should_not be_nil
+    end
+
+    it "the reset_password_code should be random" do
+      create_new_user
+      @user.reset_password!
+      old_password_code = @user.reset_password_code
+      @user.reset_password!
+      @user.reset_password_code.should_not == old_password_code
+    end
+
+    it "should send an email on reset" do
+      create_new_user
+      old_size = ActionMailer::Base.deliveries.size
+      @user.reset_password!
+      ActionMailer::Base.deliveries.size.should == old_size + 1
+    end
+
+    it "when a new password is set, should delete reset_password_code" do
+      create_new_user
+      @user.reset_password!
+      @user.reset_password_code.should_not be_nil
+      @user.password = "blabulsdf"
+      @user.save!
+      @user.reset_password_code.should be_nil
+    end
+    
+    it "if mailer is nil on activation, throw exception!" do
+      expect{plugin_model_configure([:password_reset])}.to raise_error(ArgumentError)
+    end
+  end
+  
+end

data/spec/rails3/user_remember_me_spec.rb

@@ -0,0 +1,66 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "User with remember_me submodule" do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/remember_me")
+  end
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    before(:all) do
+      plugin_model_configure([:remember_me])
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+    
+    it "should allow configuration option 'remember_me_token_attribute_name'" do
+      plugin_set_model_config_property(:remember_me_token_attribute_name, :my_token)
+      User.sorcery_config.remember_me_token_attribute_name.should equal(:my_token)
+    end
+
+    it "should allow configuration option 'remember_me_token_expires_at_attribute_name'" do
+      plugin_set_model_config_property(:remember_me_token_expires_at_attribute_name, :my_expires)
+      User.sorcery_config.remember_me_token_expires_at_attribute_name.should equal(:my_expires)
+    end
+    
+    it "should respond to 'remember_me!'" do
+      create_new_user
+      @user.should respond_to(:remember_me!)
+    end
+    
+    it "should respond to 'forget_me!'" do
+      create_new_user
+      @user.should respond_to(:forget_me!)
+    end
+    
+    it "should generate a new token on 'remember_me!'" do
+      create_new_user
+      @user.remember_me_token.should be_nil
+      @user.remember_me!
+      @user.remember_me_token.should_not be_nil
+    end
+    
+    it "should set an expiration based on 'remember_me_for' attribute" do
+      create_new_user
+      plugin_set_model_config_property(:remember_me_for, 2 * 60 * 60 * 24)
+      @user.remember_me!
+      @user.remember_me_token_expires_at.to_s.should == (Time.now + 2 * 60 * 60 * 24).utc.to_s
+    end
+    
+    it "should delete the token and expiration on 'forget_me!'" do
+      create_new_user
+      @user.remember_me!
+      @user.remember_me_token.should_not be_nil
+      @user.forget_me!
+      @user.remember_me_token.should be_nil
+      @user.remember_me_token_expires_at.should be_nil
+    end
+  end
+
+end

data/spec/rails3/user_spec.rb

@@ -0,0 +1,283 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require File.expand_path(File.dirname(__FILE__) + '/app_root/app/mailers/sorcery_mailer')
+
+describe "User with no submodules (core)" do
+  before(:all) do
+    plugin_model_configure
+  end
+
+  describe User, "when app has plugin loaded" do
+    it "should respond to the plugin activation class method" do
+      ActiveRecord::Base.should respond_to(:activate_sorcery!)
+      User.should respond_to(:activate_sorcery!)
+    end
+    
+    it "plugin activation should yield config to block" do
+      User.activate_sorcery! do |config|
+        config.class.should == ::Sorcery::Model::Config 
+      end
+    end
+  end
+
+  # ----------------- PLUGIN ACTIVATION -----------------------
+  describe TestUser, "Testing activated class self-registration" do
+    it "should register itself as user_class if activated" do
+      TestUser.class_eval do
+        activate_sorcery!
+      end
+      ::Sorcery::Controller::Config.user_class.should == TestUser
+    end
+  end
+  
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+  
+    it "should enable configuration option 'username_attribute_name'" do
+      plugin_set_model_config_property(:username_attribute_name, :email)
+      User.sorcery_config.username_attribute_name.should equal(:email)    
+    end
+  
+    it "should enable configuration option 'password_attribute_name'" do
+      plugin_set_model_config_property(:password_attribute_name, :mypassword)
+      User.sorcery_config.password_attribute_name.should equal(:mypassword)
+    end
+    
+    it "should enable configuration option 'email_attribute_name'" do
+      plugin_set_model_config_property(:email_attribute_name, :my_email)
+      User.sorcery_config.email_attribute_name.should equal(:my_email)
+    end
+
+    it "should enable configuration option 'crypted_password_attribute_name'" do
+      plugin_set_model_config_property(:crypted_password_attribute_name, :password)
+      User.sorcery_config.crypted_password_attribute_name.should equal(:password)
+    end
+    
+    it "should enable configuration option 'salt_attribute_name'" do
+      plugin_set_model_config_property(:salt_attribute_name, :my_salt)
+      User.sorcery_config.salt_attribute_name.should equal(:my_salt)
+    end
+
+    it "should enable configuration option 'encryption_algorithm'" do
+      plugin_set_model_config_property(:encryption_algorithm, :none)
+      User.sorcery_config.encryption_algorithm.should equal(:none)
+    end
+
+    it "should enable configuration option 'encryption_key'" do
+      plugin_set_model_config_property(:encryption_key, 'asdadas424234242')
+      User.sorcery_config.encryption_key.should == 'asdadas424234242'
+    end
+
+    it "should enable configuration option 'custom_encryption_provider'" do
+      plugin_set_model_config_property(:encryption_algorithm, :custom)
+      plugin_set_model_config_property(:custom_encryption_provider, Array)
+      User.sorcery_config.custom_encryption_provider.should equal(Array)
+    end
+  
+    it "should enable configuration option 'salt_join_token'" do
+      salt_join_token = "--%%*&-"
+      plugin_set_model_config_property(:salt_join_token, salt_join_token)
+      User.sorcery_config.salt_join_token.should equal(salt_join_token)
+    end
+    
+    it "should enable configuration option 'stretches'" do
+      stretches = 15
+      plugin_set_model_config_property(:stretches, stretches)
+      User.sorcery_config.stretches.should equal(stretches)
+    end
+  
+  end
+
+  # ----------------- PLUGIN ACTIVATED -----------------------
+  describe User, "when activated with sorcery" do
+    before(:all) do
+      plugin_model_configure
+    end
+  
+    before(:each) do
+      User.delete_all
+    end
+  
+    it "should respond to class method authenticate" do
+      ActiveRecord::Base.should_not respond_to(:authenticate)
+      User.should respond_to(:authenticate)
+    end
+  
+    it "authenticate should return true if credentials are good" do
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
+    end
+  
+    it "authenticate should return false if credentials are bad" do
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'wrong!').should be_false
+    end
+  
+    it "should respond to the class method encrypt" do
+      User.should respond_to(:encrypt)
+    end
+  end
+
+  # ----------------- REGISTRATION -----------------------
+  describe User, "registration" do
+  
+    before(:all) do
+      plugin_model_configure()
+    end
+
+    before(:each) do
+      User.delete_all
+    end
+  
+    it "by default, encryption_provider should not be nil" do
+      User.sorcery_config.encryption_provider.should_not be_nil
+    end
+    
+    it "should encrypt password when a new user is saved" do
+      create_new_user
+      @user.send(User.sorcery_config.crypted_password_attribute_name).should == User.encrypt('secret',@user.salt)
+    end
+
+    it "should clear the virtual password field if the encryption process worked" do
+      create_new_user
+      @user.password.should be_nil
+    end
+    
+    it "should not clear the virtual password field if save failed due to validity" do
+      create_new_user
+      User.class_eval do
+        validates_format_of :email, :with => /^(.)+@(.)+$/, :if => Proc.new {|r| r.email}, :message => "is invalid"
+      end
+      @user.password = 'blupush'
+      @user.email = 'asd'
+      @user.save
+      @user.password.should_not be_nil
+    end
+    
+    it "should not clear the virtual password field if save failed due to exception" do
+      create_new_user
+      @user.password = 'blupush'
+      @user.email = nil
+      begin
+        @user.save # triggers SQL exception since email field is defined not null.
+      rescue
+      end
+      @user.password.should_not be_nil
+    end
+    
+    it "should not encrypt the password twice when a user is updated" do
+      create_new_user
+      @user.email = "blup@bla.com"
+      @user.save!
+      @user.send(User.sorcery_config.crypted_password_attribute_name).should == User.encrypt('secret',@user.salt)
+    end
+
+    it "should replace the crypted_password in case a new password is set" do
+      create_new_user
+      @user.password = 'new_secret'
+      @user.save!
+      @user.send(User.sorcery_config.crypted_password_attribute_name).should == User.encrypt('new_secret',@user.salt)
+    end
+
+  end
+
+  # ----------------- PASSWORD ENCRYPTION -----------------------
+  describe User, "special encryption cases" do
+    before(:all) do
+      plugin_model_configure()
+      @text = "Some Text!"
+    end
+  
+    before(:each) do
+      User.delete_all
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+  
+    it "should work with no password encryption" do
+      plugin_set_model_config_property(:encryption_algorithm, :none)
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
+    end
+  
+    it "should work with custom password encryption" do
+      class MyCrypto
+        def self.encrypt(*tokens)
+          tokens.flatten.join('').gsub(/e/,'A')
+        end
+      end
+      plugin_set_model_config_property(:encryption_algorithm, :custom)
+      plugin_set_model_config_property(:custom_encryption_provider, MyCrypto)
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
+    end
+  
+    it "if encryption algo is aes256, it should set key to crypto provider" do
+      plugin_set_model_config_property(:encryption_algorithm, :aes256)
+      plugin_set_model_config_property(:encryption_key, nil)
+      expect{User.encrypt(@text)}.to raise_error(ArgumentError)
+      plugin_set_model_config_property(:encryption_key, "asd234dfs423fddsmndsflktsdf32343")
+      expect{User.encrypt(@text)}.to_not raise_error(ArgumentError)
+    end
+    
+    it "if encryption algo is aes256, it should set key to crypto provider, even if attributes are set in reverse" do
+      plugin_set_model_config_property(:encryption_key, nil)
+      plugin_set_model_config_property(:encryption_algorithm, :none)
+      plugin_set_model_config_property(:encryption_key, "asd234dfs423fddsmndsflktsdf32343")
+      plugin_set_model_config_property(:encryption_algorithm, :aes256)
+      expect{User.encrypt(@text)}.to_not raise_error(ArgumentError)
+    end
+  
+    it "if encryption algo is md5 it should work" do
+      plugin_set_model_config_property(:encryption_algorithm, :md5)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::MD5.encrypt(@text)
+    end
+  
+    it "if encryption algo is sha1 it should work" do
+      plugin_set_model_config_property(:encryption_algorithm, :sha1)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::SHA1.encrypt(@text)
+    end
+  
+    it "if encryption algo is sha256 it should work" do
+      plugin_set_model_config_property(:encryption_algorithm, :sha256)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::SHA256.encrypt(@text)
+    end
+  
+    it "if encryption algo is sha512 it should work" do
+      plugin_set_model_config_property(:encryption_algorithm, :sha512)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::SHA512.encrypt(@text)
+    end
+  
+    it "salt should be random for each user and saved in db" do
+      plugin_set_model_config_property(:salt_attribute_name, :salt)
+      create_new_user
+      @user.salt.should_not be_nil
+    end
+    
+    it "if salt is set should use it to encrypt" do
+      plugin_set_model_config_property(:salt_attribute_name, :salt)
+      plugin_set_model_config_property(:encryption_algorithm, :sha512)
+      create_new_user
+      @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret')
+      @user.crypted_password.should == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
+    end
+    
+    it "if salt_join_token is set should use it to encrypt" do
+      plugin_set_model_config_property(:salt_attribute_name, :salt)
+      plugin_set_model_config_property(:salt_join_token, "-@=>")
+      plugin_set_model_config_property(:encryption_algorithm, :sha512)
+      create_new_user
+      @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret')
+      Sorcery::CryptoProviders::SHA512.join_token = ""
+      @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
+      Sorcery::CryptoProviders::SHA512.join_token = User.sorcery_config.salt_join_token
+      @user.crypted_password.should == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
+    end
+    
+  end
+
+end