sorcery 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sorcery might be problematic. Click here for more details.
- data/.document +5 -0
- data/.rspec +1 -0
- data/Gemfile +19 -0
- data/Gemfile.lock +129 -0
- data/LICENSE.txt +20 -0
- data/README.rdoc +139 -0
- data/Rakefile +61 -0
- data/VERSION +1 -0
- data/features/support/env.rb +13 -0
- data/lib/sorcery.rb +28 -0
- data/lib/sorcery/controller.rb +156 -0
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +89 -0
- data/lib/sorcery/controller/submodules/remember_me.rb +43 -0
- data/lib/sorcery/controller/submodules/session_timeout.rb +42 -0
- data/lib/sorcery/crypto_providers/aes256.rb +44 -0
- data/lib/sorcery/crypto_providers/bcrypt.rb +96 -0
- data/lib/sorcery/crypto_providers/md5.rb +39 -0
- data/lib/sorcery/crypto_providers/sha1.rb +40 -0
- data/lib/sorcery/crypto_providers/sha256.rb +55 -0
- data/lib/sorcery/crypto_providers/sha512.rb +55 -0
- data/lib/sorcery/engine.rb +20 -0
- data/lib/sorcery/model.rb +175 -0
- data/lib/sorcery/model/submodules/password_reset.rb +64 -0
- data/lib/sorcery/model/submodules/remember_me.rb +42 -0
- data/lib/sorcery/model/submodules/user_activation.rb +84 -0
- data/spec/Gemfile +11 -0
- data/spec/Gemfile.lock +108 -0
- data/spec/Rakefile +11 -0
- data/spec/rails3/.rspec +1 -0
- data/spec/rails3/Gemfile +12 -0
- data/spec/rails3/Gemfile.lock +114 -0
- data/spec/rails3/Rakefile +10 -0
- data/spec/rails3/app_root/.gitignore +4 -0
- data/spec/rails3/app_root/README +256 -0
- data/spec/rails3/app_root/Rakefile.unused +7 -0
- data/spec/rails3/app_root/app/controllers/application_controller.rb +61 -0
- data/spec/rails3/app_root/app/helpers/application_helper.rb +2 -0
- data/spec/rails3/app_root/app/mailers/sorcery_mailer.rb +25 -0
- data/spec/rails3/app_root/app/models/user.rb +3 -0
- data/spec/rails3/app_root/app/views/layouts/application.html.erb +14 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_email.html.erb +17 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_email.text.erb +9 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.html.erb +17 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/activation_success_email.text.erb +9 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.html.erb +16 -0
- data/spec/rails3/app_root/app/views/sorcery_mailer/reset_password_email.text.erb +8 -0
- data/spec/rails3/app_root/config.ru +4 -0
- data/spec/rails3/app_root/config/application.rb +48 -0
- data/spec/rails3/app_root/config/boot.rb +13 -0
- data/spec/rails3/app_root/config/database.yml +27 -0
- data/spec/rails3/app_root/config/environment.rb +5 -0
- data/spec/rails3/app_root/config/environments/development.rb +26 -0
- data/spec/rails3/app_root/config/environments/in_memory.rb +0 -0
- data/spec/rails3/app_root/config/environments/production.rb +49 -0
- data/spec/rails3/app_root/config/environments/test.rb +35 -0
- data/spec/rails3/app_root/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/rails3/app_root/config/initializers/inflections.rb +10 -0
- data/spec/rails3/app_root/config/initializers/mime_types.rb +5 -0
- data/spec/rails3/app_root/config/initializers/secret_token.rb +7 -0
- data/spec/rails3/app_root/config/initializers/session_store.rb +8 -0
- data/spec/rails3/app_root/config/locales/en.yml +5 -0
- data/spec/rails3/app_root/config/routes.rb +67 -0
- data/spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb +15 -0
- data/spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb +16 -0
- data/spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb +9 -0
- data/spec/rails3/app_root/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +15 -0
- data/spec/rails3/app_root/db/schema.rb +23 -0
- data/spec/rails3/app_root/db/seeds.rb +7 -0
- data/spec/rails3/app_root/lib/tasks/.gitkeep +0 -0
- data/spec/rails3/app_root/public/404.html +26 -0
- data/spec/rails3/app_root/public/422.html +26 -0
- data/spec/rails3/app_root/public/500.html +26 -0
- data/spec/rails3/app_root/public/favicon.ico +0 -0
- data/spec/rails3/app_root/public/images/rails.png +0 -0
- data/spec/rails3/app_root/public/index.html +239 -0
- data/spec/rails3/app_root/public/javascripts/application.js +2 -0
- data/spec/rails3/app_root/public/javascripts/controls.js +965 -0
- data/spec/rails3/app_root/public/javascripts/dragdrop.js +974 -0
- data/spec/rails3/app_root/public/javascripts/effects.js +1123 -0
- data/spec/rails3/app_root/public/javascripts/prototype.js +6001 -0
- data/spec/rails3/app_root/public/javascripts/rails.js +175 -0
- data/spec/rails3/app_root/public/robots.txt +5 -0
- data/spec/rails3/app_root/public/stylesheets/.gitkeep +0 -0
- data/spec/rails3/app_root/script/rails +6 -0
- data/spec/rails3/app_root/test/fixtures/users.yml +9 -0
- data/spec/rails3/app_root/test/performance/browsing_test.rb +9 -0
- data/spec/rails3/app_root/test/test_helper.rb +13 -0
- data/spec/rails3/app_root/test/unit/user_test.rb +8 -0
- data/spec/rails3/app_root/vendor/plugins/.gitkeep +0 -0
- data/spec/rails3/controller_brute_force_protection_spec.rb +72 -0
- data/spec/rails3/controller_remember_me_spec.rb +65 -0
- data/spec/rails3/controller_session_timeout_spec.rb +49 -0
- data/spec/rails3/controller_spec.rb +115 -0
- data/spec/rails3/spec_helper.rb +115 -0
- data/spec/rails3/user_activation_spec.rb +148 -0
- data/spec/rails3/user_password_reset_spec.rb +76 -0
- data/spec/rails3/user_remember_me_spec.rb +66 -0
- data/spec/rails3/user_spec.rb +283 -0
- data/spec/sorcery_crypto_providers_spec.rb +182 -0
- data/spec/spec_helper.rb +18 -0
- metadata +341 -0
@@ -0,0 +1,7 @@
|
|
1
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
2
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
3
|
+
|
4
|
+
require File.expand_path('../config/application', __FILE__)
|
5
|
+
require 'rake'
|
6
|
+
|
7
|
+
AppRoot::Application.load_tasks
|
@@ -0,0 +1,61 @@
|
|
1
|
+
class ApplicationController < ActionController::Base
|
2
|
+
protect_from_forgery
|
3
|
+
|
4
|
+
#before_filter :validate_session, :only => [:test_should_be_logged_in] if defined?(:validate_session)
|
5
|
+
before_filter :require_user_login, :only => [:test_logout, :test_should_be_logged_in, :some_action]
|
6
|
+
|
7
|
+
def index
|
8
|
+
render :text => ""
|
9
|
+
end
|
10
|
+
|
11
|
+
def some_action
|
12
|
+
render :nothing => true
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_login
|
16
|
+
@user = login(params[:username], params[:password])
|
17
|
+
render :text => ""
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_logout
|
21
|
+
logout
|
22
|
+
render :text => ""
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_logout_with_remember
|
26
|
+
remember_me!
|
27
|
+
logout
|
28
|
+
render :text => ""
|
29
|
+
end
|
30
|
+
|
31
|
+
def test_login_with_remember
|
32
|
+
@user = login(params[:username], params[:password])
|
33
|
+
remember_me!
|
34
|
+
|
35
|
+
render :text => ""
|
36
|
+
end
|
37
|
+
|
38
|
+
def test_login_with_remember_in_login
|
39
|
+
@user = login(params[:username], params[:password], params[:remember])
|
40
|
+
|
41
|
+
render :text => ""
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_login_from_cookie
|
45
|
+
@user = logged_in_user
|
46
|
+
render :text => ""
|
47
|
+
end
|
48
|
+
|
49
|
+
def test_not_authenticated_action
|
50
|
+
render :text => "test_not_authenticated_action"
|
51
|
+
end
|
52
|
+
|
53
|
+
def test_should_be_logged_in
|
54
|
+
render :text => ""
|
55
|
+
end
|
56
|
+
|
57
|
+
protected
|
58
|
+
|
59
|
+
|
60
|
+
|
61
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
class SorceryMailer < ActionMailer::Base
|
2
|
+
|
3
|
+
default :from => "notifications@example.com"
|
4
|
+
|
5
|
+
def activation_needed_email(user)
|
6
|
+
@user = user
|
7
|
+
@url = "http://example.com/login"
|
8
|
+
mail(:to => user.email,
|
9
|
+
:subject => "Welcome to My Awesome Site")
|
10
|
+
end
|
11
|
+
|
12
|
+
def activation_success_email(user)
|
13
|
+
@user = user
|
14
|
+
@url = "http://example.com/login"
|
15
|
+
mail(:to => user.email,
|
16
|
+
:subject => "Your account is now activated")
|
17
|
+
end
|
18
|
+
|
19
|
+
def reset_password_email(user)
|
20
|
+
@user = user
|
21
|
+
@url = "http://example.com/login"
|
22
|
+
mail(:to => user.email,
|
23
|
+
:subject => "Your password has been reset")
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
|
5
|
+
</head>
|
6
|
+
<body>
|
7
|
+
<h1>Welcome to example.com, <%= @user.username %></h1>
|
8
|
+
<p>
|
9
|
+
You have successfully signed up to example.com,
|
10
|
+
your username is: <%= @user.username %>.<br/>
|
11
|
+
</p>
|
12
|
+
<p>
|
13
|
+
To login to the site, just follow this link: <%= @url %>.
|
14
|
+
</p>
|
15
|
+
<p>Thanks for joining and have a great day!</p>
|
16
|
+
</body>
|
17
|
+
</html>
|
@@ -0,0 +1,9 @@
|
|
1
|
+
Welcome to example.com, <%= @user.username %>
|
2
|
+
===============================================
|
3
|
+
|
4
|
+
You have successfully signed up to example.com,
|
5
|
+
your username is: <%= @user.username %>.
|
6
|
+
|
7
|
+
To login to the site, just follow this link: <%= @url %>.
|
8
|
+
|
9
|
+
Thanks for joining and have a great day!
|
@@ -0,0 +1,17 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
|
5
|
+
</head>
|
6
|
+
<body>
|
7
|
+
<h1>Congratz, <%= @user.username %></h1>
|
8
|
+
<p>
|
9
|
+
You have successfully activated your example.com account,
|
10
|
+
your username is: <%= @user.username %>.<br/>
|
11
|
+
</p>
|
12
|
+
<p>
|
13
|
+
To login to the site, just follow this link: <%= @url %>.
|
14
|
+
</p>
|
15
|
+
<p>Thanks for joining and have a great day!</p>
|
16
|
+
</body>
|
17
|
+
</html>
|
@@ -0,0 +1,9 @@
|
|
1
|
+
Congratz, <%= @user.username %>
|
2
|
+
===============================================
|
3
|
+
|
4
|
+
You have successfully activated your example.com account,
|
5
|
+
your username is: <%= @user.username %>.
|
6
|
+
|
7
|
+
To login to the site, just follow this link: <%= @url %>.
|
8
|
+
|
9
|
+
Thanks for joining and have a great day!
|
@@ -0,0 +1,16 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
|
5
|
+
</head>
|
6
|
+
<body>
|
7
|
+
<h1>Hello, <%= @user.username %></h1>
|
8
|
+
<p>
|
9
|
+
You have requested to reset your password.
|
10
|
+
</p>
|
11
|
+
<p>
|
12
|
+
To choose a new password, just follow this link: <%= @url %>.
|
13
|
+
</p>
|
14
|
+
<p>Have a great day!</p>
|
15
|
+
</body>
|
16
|
+
</html>
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require 'rails/all'
|
4
|
+
|
5
|
+
# If you have a Gemfile, require the gems listed there, including any gems
|
6
|
+
# you've limited to :test, :development, or :production.
|
7
|
+
Bundler.require(:default, Rails.env) if defined?(Bundler)
|
8
|
+
|
9
|
+
module AppRoot
|
10
|
+
class Application < Rails::Application
|
11
|
+
# Settings in config/environments/* take precedence over those specified here.
|
12
|
+
# Application configuration should go into files in config/initializers
|
13
|
+
# -- all .rb files in that directory are automatically loaded.
|
14
|
+
|
15
|
+
# Custom directories with classes and modules you want to be autoloadable.
|
16
|
+
# config.autoload_paths += %W(#{config.root}/extras)
|
17
|
+
|
18
|
+
# Only load the plugins named here, in the order given (default is alphabetical).
|
19
|
+
# :all can be used as a placeholder for all plugins not explicitly named.
|
20
|
+
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
|
21
|
+
|
22
|
+
# Activate observers that should always be running.
|
23
|
+
# config.active_record.observers = :cacher, :garbage_collector, :forum_observer
|
24
|
+
|
25
|
+
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
|
26
|
+
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
|
27
|
+
# config.time_zone = 'Central Time (US & Canada)'
|
28
|
+
|
29
|
+
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
|
30
|
+
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
|
31
|
+
# config.i18n.default_locale = :de
|
32
|
+
|
33
|
+
# JavaScript files you want as :defaults (application.js is always included).
|
34
|
+
# config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
|
35
|
+
|
36
|
+
# Configure the default encoding used in templates for Ruby 1.9.
|
37
|
+
config.encoding = "utf-8"
|
38
|
+
|
39
|
+
# Configure sensitive parameters which will be filtered from the log file.
|
40
|
+
config.filter_parameters += [:password]
|
41
|
+
|
42
|
+
config.root = File.expand_path('../..', __FILE__)
|
43
|
+
|
44
|
+
config.action_mailer.delivery_method = :test
|
45
|
+
|
46
|
+
config.active_support.deprecation = :stderr
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
|
3
|
+
# Set up gems listed in the Gemfile.
|
4
|
+
gemfile = File.expand_path('../../Gemfile', __FILE__)
|
5
|
+
begin
|
6
|
+
ENV['BUNDLE_GEMFILE'] = gemfile
|
7
|
+
require 'bundler'
|
8
|
+
Bundler.setup
|
9
|
+
rescue Bundler::GemNotFound => e
|
10
|
+
STDERR.puts e.message
|
11
|
+
STDERR.puts "Try running `bundle install`."
|
12
|
+
exit!
|
13
|
+
end if File.exist?(gemfile)
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# SQLite version 3.x
|
2
|
+
# gem install sqlite3-ruby (not necessary on OS X Leopard)
|
3
|
+
development:
|
4
|
+
adapter: sqlite3
|
5
|
+
database: db/development.sqlite3
|
6
|
+
pool: 5
|
7
|
+
timeout: 5000
|
8
|
+
|
9
|
+
# Warning: The database defined as "test" will be erased and
|
10
|
+
# re-generated from your development database when you run "rake".
|
11
|
+
# Do not set this db to the same as development or production.
|
12
|
+
test:
|
13
|
+
adapter: sqlite3
|
14
|
+
database: db/test.sqlite3
|
15
|
+
pool: 5
|
16
|
+
timeout: 5000
|
17
|
+
|
18
|
+
production:
|
19
|
+
adapter: sqlite3
|
20
|
+
database: db/production.sqlite3
|
21
|
+
pool: 5
|
22
|
+
timeout: 5000
|
23
|
+
|
24
|
+
in_memory:
|
25
|
+
adapter: sqlite3
|
26
|
+
database: ":memory:"
|
27
|
+
verbosity: quiet
|
@@ -0,0 +1,26 @@
|
|
1
|
+
AppRoot::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# In the development environment your application's code is reloaded on
|
5
|
+
# every request. This slows down response time but is perfect for development
|
6
|
+
# since you don't have to restart the webserver when you make code changes.
|
7
|
+
config.cache_classes = false
|
8
|
+
|
9
|
+
# Log error messages when you accidentally call methods on nil.
|
10
|
+
config.whiny_nils = true
|
11
|
+
|
12
|
+
# Show full error reports and disable caching
|
13
|
+
config.consider_all_requests_local = true
|
14
|
+
config.action_view.debug_rjs = true
|
15
|
+
config.action_controller.perform_caching = false
|
16
|
+
|
17
|
+
# Don't care if the mailer can't send
|
18
|
+
config.action_mailer.raise_delivery_errors = false
|
19
|
+
|
20
|
+
# Print deprecation notices to the Rails logger
|
21
|
+
config.active_support.deprecation = :log
|
22
|
+
|
23
|
+
# Only use best-standards-support built into browsers
|
24
|
+
config.action_dispatch.best_standards_support = :builtin
|
25
|
+
end
|
26
|
+
|
File without changes
|
@@ -0,0 +1,49 @@
|
|
1
|
+
AppRoot::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# The production environment is meant for finished, "live" apps.
|
5
|
+
# Code is not reloaded between requests
|
6
|
+
config.cache_classes = true
|
7
|
+
|
8
|
+
# Full error reports are disabled and caching is turned on
|
9
|
+
config.consider_all_requests_local = false
|
10
|
+
config.action_controller.perform_caching = true
|
11
|
+
|
12
|
+
# Specifies the header that your server uses for sending files
|
13
|
+
config.action_dispatch.x_sendfile_header = "X-Sendfile"
|
14
|
+
|
15
|
+
# For nginx:
|
16
|
+
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'
|
17
|
+
|
18
|
+
# If you have no front-end server that supports something like X-Sendfile,
|
19
|
+
# just comment this out and Rails will serve the files
|
20
|
+
|
21
|
+
# See everything in the log (default is :info)
|
22
|
+
# config.log_level = :debug
|
23
|
+
|
24
|
+
# Use a different logger for distributed setups
|
25
|
+
# config.logger = SyslogLogger.new
|
26
|
+
|
27
|
+
# Use a different cache store in production
|
28
|
+
# config.cache_store = :mem_cache_store
|
29
|
+
|
30
|
+
# Disable Rails's static asset server
|
31
|
+
# In production, Apache or nginx will already do this
|
32
|
+
config.serve_static_assets = false
|
33
|
+
|
34
|
+
# Enable serving of images, stylesheets, and javascripts from an asset server
|
35
|
+
# config.action_controller.asset_host = "http://assets.example.com"
|
36
|
+
|
37
|
+
# Disable delivery errors, bad email addresses will be ignored
|
38
|
+
# config.action_mailer.raise_delivery_errors = false
|
39
|
+
|
40
|
+
# Enable threaded mode
|
41
|
+
# config.threadsafe!
|
42
|
+
|
43
|
+
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
44
|
+
# the I18n.default_locale when a translation can not be found)
|
45
|
+
config.i18n.fallbacks = true
|
46
|
+
|
47
|
+
# Send deprecation notices to registered listeners
|
48
|
+
config.active_support.deprecation = :notify
|
49
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
AppRoot::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# The test environment is used exclusively to run your application's
|
5
|
+
# test suite. You never need to work with it otherwise. Remember that
|
6
|
+
# your test database is "scratch space" for the test suite and is wiped
|
7
|
+
# and recreated between test runs. Don't rely on the data there!
|
8
|
+
config.cache_classes = true
|
9
|
+
|
10
|
+
# Log error messages when you accidentally call methods on nil.
|
11
|
+
config.whiny_nils = true
|
12
|
+
|
13
|
+
# Show full error reports and disable caching
|
14
|
+
config.consider_all_requests_local = true
|
15
|
+
config.action_controller.perform_caching = false
|
16
|
+
|
17
|
+
# Raise exceptions instead of rendering exception templates
|
18
|
+
config.action_dispatch.show_exceptions = false
|
19
|
+
|
20
|
+
# Disable request forgery protection in test environment
|
21
|
+
config.action_controller.allow_forgery_protection = false
|
22
|
+
|
23
|
+
# Tell Action Mailer not to deliver emails to the real world.
|
24
|
+
# The :test delivery method accumulates sent emails in the
|
25
|
+
# ActionMailer::Base.deliveries array.
|
26
|
+
config.action_mailer.delivery_method = :test
|
27
|
+
|
28
|
+
# Use SQL instead of Active Record's schema dumper when creating the test database.
|
29
|
+
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
30
|
+
# like if you have constraints or database-specific column types
|
31
|
+
# config.active_record.schema_format = :sql
|
32
|
+
|
33
|
+
# Print deprecation notices to the stderr
|
34
|
+
config.active_support.deprecation = :stderr
|
35
|
+
end
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
+
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
+
|
6
|
+
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
7
|
+
# Rails.backtrace_cleaner.remove_silencers!
|