sorcery 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sorcery might be problematic. Click here for more details.
- data/README.rdoc +27 -34
- data/VERSION +1 -1
- data/lib/sorcery/crypto_providers/bcrypt.rb +2 -2
- data/lib/sorcery/model/submodules/password_reset.rb +5 -5
- data/lib/sorcery/model/submodules/user_activation.rb +6 -6
- data/lib/sorcery/model.rb +3 -3
- data/sorcery.gemspec +1 -1
- data/spec/Gemfile +1 -1
- data/spec/Gemfile.lock +2 -2
- data/spec/rails3/Gemfile +1 -1
- data/spec/rails3/Gemfile.lock +2 -2
- data/spec/rails3/user_activation_spec.rb +7 -7
- data/spec/rails3/user_password_reset_spec.rb +2 -2
- metadata +1 -1
data/README.rdoc
CHANGED
@@ -8,15 +8,36 @@ Crypto code taken almost unchanged from Authlogic.
|
|
8
8
|
|
9
9
|
https://github.com/NoamB/sorcery-example-app
|
10
10
|
|
11
|
-
==
|
11
|
+
== Full Features List by module:
|
12
12
|
|
13
|
-
|
14
|
-
*
|
13
|
+
Core (see lib/sorcery/model/model.rb and lib/sorcery/controller/controller.rb):
|
14
|
+
* login/logout, optional redirect on login to where the user tried to reach before, configurable redirect for non-logged-in users.
|
15
|
+
* password encryption, algorithms: bcrypt(default), md5, sha1, sha256, sha512, aes256, custom(yours!), none. Configurable stretches and salt.
|
16
|
+
* configurable attribute names for username, password and email.
|
17
|
+
|
18
|
+
User Activation (see lib/sorcery/model/submodules/user_activation.rb):
|
15
19
|
* User activation by email with optional success email.
|
20
|
+
* configurable attribute names.
|
21
|
+
* configurable mailer.
|
22
|
+
* Optionally prevent active users to login.
|
23
|
+
|
24
|
+
Password Reset (see lib/sorcery/model/submodules/password_reset.rb):
|
16
25
|
* Reset password with email verification.
|
26
|
+
* configurable mailer, method name, and attribute name.
|
27
|
+
|
28
|
+
Remember Me (see lib/sorcery/model/submodules/remember_me.rb):
|
17
29
|
* Remember me with configurable expiration.
|
30
|
+
* configurable attribute names.
|
31
|
+
|
32
|
+
Session Timeout (see lib/sorcery/controller/submodules/session_timeout.rb):
|
18
33
|
* Configurable session timeout.
|
34
|
+
* Optionally session timeout will be calculated from last user action.
|
35
|
+
|
36
|
+
Brute Force Protection (see lib/sorcery/controller/submodules/brute_force_protection.rb):
|
19
37
|
* Brute force login hammering protection.
|
38
|
+
* configurable logins before ban, logins within time period before ban, ban time and ban action.
|
39
|
+
|
40
|
+
Other:
|
20
41
|
* Modular design, load only the modules you need.
|
21
42
|
* 100% TDD'd code, 100% test coverage.
|
22
43
|
|
@@ -80,7 +101,7 @@ For example:
|
|
80
101
|
2. app/models/user.rb (or another model of your choice)
|
81
102
|
|
82
103
|
activate_sorcery! do |config|
|
83
|
-
config.
|
104
|
+
config.user_activation_mailer = MyMailer
|
84
105
|
config.username_attribute_name = :email
|
85
106
|
end
|
86
107
|
|
@@ -92,45 +113,17 @@ For example:
|
|
92
113
|
|
93
114
|
Also check the migrations in the example app to see what database fields are expected.
|
94
115
|
|
95
|
-
|
96
|
-
|
97
116
|
The configuration options vary with the modules you've chosen to use.
|
98
117
|
|
99
|
-
== Basic Configuration (in Model):
|
100
|
-
|
101
|
-
see lib/sorcery/model.rb
|
102
|
-
|
103
|
-
== User Activation Configuration (in Model):
|
104
|
-
|
105
|
-
see lib/sorcery/model/submodules/user_activation.rb
|
106
|
-
|
107
|
-
== Remember Me Configuration (in Model):
|
108
|
-
|
109
|
-
see lib/sorcery/model/submodules/remember_me.rb
|
110
|
-
|
111
|
-
== Password Reset Configuration (in Model):
|
112
|
-
|
113
|
-
see lib/sorcery/model/submodules/password_reset.rb
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
== Session Timeout Configuration (in Controller or config/application.rb):
|
118
|
-
|
119
|
-
see lib/sorcery/controller/submodules/session_timeout.rb
|
120
|
-
|
121
|
-
== Brute Force Protection Configuration (in Controller or config/application.rb):
|
122
|
-
|
123
|
-
see lib/sorcery/controller/submodules/brute_force_protection.rb
|
124
|
-
|
125
|
-
|
126
118
|
|
127
119
|
== Contributing to sorcery
|
128
120
|
|
129
|
-
I can use help of any kind, be it comments on code
|
121
|
+
I can use help of any kind, be it comments on code, suggestions, features, bug reports, bug fixes, documentation and if you like, a donation.
|
130
122
|
|
131
123
|
== Contact
|
132
124
|
|
133
125
|
email: nbenari@gmail.com
|
126
|
+
twitter: @nbenari
|
134
127
|
|
135
128
|
== Copyright
|
136
129
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.2
|
@@ -46,10 +46,10 @@ module Sorcery
|
|
46
46
|
# This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
|
47
47
|
# Set this to whatever you want, play around with it to get that perfect balance between security and performance.
|
48
48
|
def cost
|
49
|
-
@cost ||=
|
49
|
+
@cost ||= 1
|
50
50
|
end
|
51
51
|
attr_writer :cost
|
52
|
-
|
52
|
+
alias :stretches= :cost=
|
53
53
|
|
54
54
|
# Creates a BCrypt hash for the password passed.
|
55
55
|
def encrypt(*tokens)
|
@@ -6,14 +6,14 @@ module Sorcery
|
|
6
6
|
def self.included(base)
|
7
7
|
base.sorcery_config.class_eval do
|
8
8
|
attr_accessor :reset_password_code_attribute_name, # reset password code attribute name.
|
9
|
-
:
|
9
|
+
:reset_password_mailer, # mailer class. Needed.
|
10
10
|
:reset_password_email_method_name # reset password email method on your mailer class.
|
11
11
|
|
12
12
|
end
|
13
13
|
|
14
14
|
base.sorcery_config.instance_eval do
|
15
15
|
@defaults.merge!(:@reset_password_code_attribute_name => :reset_password_code,
|
16
|
-
:@
|
16
|
+
:@reset_password_mailer => nil,
|
17
17
|
:@reset_password_email_method_name => :reset_password_email)
|
18
18
|
|
19
19
|
reset!
|
@@ -35,8 +35,8 @@ module Sorcery
|
|
35
35
|
|
36
36
|
module ClassMethods
|
37
37
|
def validate_mailer_defined
|
38
|
-
msg = "To use password_reset submodule, you must define a mailer (config.
|
39
|
-
raise ArgumentError, msg if @sorcery_config.
|
38
|
+
msg = "To use password_reset submodule, you must define a mailer (config.reset_password_mailer = YourMailerClass)."
|
39
|
+
raise ArgumentError, msg if @sorcery_config.reset_password_mailer == nil
|
40
40
|
end
|
41
41
|
end
|
42
42
|
|
@@ -46,7 +46,7 @@ module Sorcery
|
|
46
46
|
self.send(:"#{config.reset_password_code_attribute_name}=", generate_random_code)
|
47
47
|
self.class.transaction do
|
48
48
|
self.save!(:validate => false)
|
49
|
-
generic_send_email(:reset_password_email_method_name)
|
49
|
+
generic_send_email(:reset_password_email_method_name, :reset_password_mailer)
|
50
50
|
end
|
51
51
|
end
|
52
52
|
|
@@ -10,7 +10,7 @@ module Sorcery
|
|
10
10
|
base.sorcery_config.class_eval do
|
11
11
|
attr_accessor :activation_state_attribute_name, # the attribute name to hold activation state (active/pending).
|
12
12
|
:activation_code_attribute_name, # the attribute name to hold activation code (sent by email).
|
13
|
-
:
|
13
|
+
:user_activation_mailer, # your mailer class. Needed.
|
14
14
|
:activation_needed_email_method_name, # activation needed email method on your mailer class.
|
15
15
|
:activation_success_email_method_name, # activation success email method on your mailer class.
|
16
16
|
:prevent_non_active_users_to_login # do you want to prevent or allow users that did not activate by email to login?
|
@@ -19,7 +19,7 @@ module Sorcery
|
|
19
19
|
base.sorcery_config.instance_eval do
|
20
20
|
@defaults.merge!(:@activation_state_attribute_name => :activation_state,
|
21
21
|
:@activation_code_attribute_name => :activation_code,
|
22
|
-
:@
|
22
|
+
:@user_activation_mailer => nil,
|
23
23
|
:@activation_needed_email_method_name => :activation_needed_email,
|
24
24
|
:@activation_success_email_method_name => :activation_success_email,
|
25
25
|
:@prevent_non_active_users_to_login => true)
|
@@ -41,8 +41,8 @@ module Sorcery
|
|
41
41
|
|
42
42
|
module ClassMethods
|
43
43
|
def validate_mailer_defined
|
44
|
-
msg = "To use user_activation submodule, you must define a mailer (config.
|
45
|
-
raise ArgumentError, msg if @sorcery_config.
|
44
|
+
msg = "To use user_activation submodule, you must define a mailer (config.user_activation_mailer = YourMailerClass)."
|
45
|
+
raise ArgumentError, msg if @sorcery_config.user_activation_mailer == nil
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
@@ -65,11 +65,11 @@ module Sorcery
|
|
65
65
|
end
|
66
66
|
|
67
67
|
def send_activation_needed_email!
|
68
|
-
generic_send_email(:activation_needed_email_method_name) unless sorcery_config.activation_needed_email_method_name.nil?
|
68
|
+
generic_send_email(:activation_needed_email_method_name, :user_activation_mailer) unless sorcery_config.activation_needed_email_method_name.nil?
|
69
69
|
end
|
70
70
|
|
71
71
|
def send_activation_success_email!
|
72
|
-
generic_send_email(:activation_success_email_method_name) unless sorcery_config.activation_success_email_method_name.nil?
|
72
|
+
generic_send_email(:activation_success_email_method_name, :user_activation_mailer) unless sorcery_config.activation_success_email_method_name.nil?
|
73
73
|
end
|
74
74
|
|
75
75
|
def prevent_non_active_login
|
data/lib/sorcery/model.rb
CHANGED
@@ -95,10 +95,10 @@ module Sorcery
|
|
95
95
|
|
96
96
|
# calls the requested email method on the configured mailer
|
97
97
|
# supports both the ActionMailer 3 way of calling, and the plain old Ruby object way.
|
98
|
-
def generic_send_email(method)
|
98
|
+
def generic_send_email(method, mailer)
|
99
99
|
config = sorcery_config
|
100
|
-
mail = config.
|
101
|
-
if defined?(ActionMailer) and config.
|
100
|
+
mail = config.send(mailer).send(config.send(method),self)
|
101
|
+
if defined?(ActionMailer) and config.send(mailer).superclass == ActionMailer::Base
|
102
102
|
mail.deliver
|
103
103
|
end
|
104
104
|
end
|
data/sorcery.gemspec
CHANGED
data/spec/Gemfile
CHANGED
data/spec/Gemfile.lock
CHANGED
data/spec/rails3/Gemfile
CHANGED
@@ -2,7 +2,7 @@ source 'http://rubygems.org'
|
|
2
2
|
|
3
3
|
gem 'rails', '3.0.3'
|
4
4
|
gem 'sqlite3-ruby', :require => 'sqlite3'
|
5
|
-
gem "sorcery", '0.1.
|
5
|
+
gem "sorcery", '0.1.1', :path => '../../../'
|
6
6
|
gem 'bcrypt-ruby', '~> 2.1.4', :require => 'bcrypt'
|
7
7
|
|
8
8
|
group :development do
|
data/spec/rails3/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: ../../../
|
3
3
|
specs:
|
4
|
-
sorcery (0.1.
|
4
|
+
sorcery (0.1.1)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: http://rubygems.org/
|
@@ -112,5 +112,5 @@ DEPENDENCIES
|
|
112
112
|
rspec-rails
|
113
113
|
ruby-debug19
|
114
114
|
simplecov (>= 0.3.8)
|
115
|
-
sorcery (= 0.1.
|
115
|
+
sorcery (= 0.1.1)!
|
116
116
|
sqlite3-ruby
|
@@ -13,12 +13,12 @@ describe "User with activation submodule" do
|
|
13
13
|
# ----------------- PLUGIN CONFIGURATION -----------------------
|
14
14
|
describe User, "loaded plugin configuration" do
|
15
15
|
before(:all) do
|
16
|
-
plugin_model_configure([:user_activation], :
|
16
|
+
plugin_model_configure([:user_activation], :user_activation_mailer => ::SorceryMailer)
|
17
17
|
end
|
18
18
|
|
19
19
|
after(:each) do
|
20
20
|
User.sorcery_config.reset!
|
21
|
-
plugin_model_configure([:user_activation], :
|
21
|
+
plugin_model_configure([:user_activation], :user_activation_mailer => ::SorceryMailer)
|
22
22
|
end
|
23
23
|
|
24
24
|
it "should enable configuration option 'activation_state_attribute_name'" do
|
@@ -31,9 +31,9 @@ describe "User with activation submodule" do
|
|
31
31
|
User.sorcery_config.activation_code_attribute_name.should equal(:code)
|
32
32
|
end
|
33
33
|
|
34
|
-
it "should enable configuration option '
|
35
|
-
plugin_set_model_config_property(:
|
36
|
-
User.sorcery_config.
|
34
|
+
it "should enable configuration option 'user_activation_mailer'" do
|
35
|
+
plugin_set_model_config_property(:user_activation_mailer, TestMailer)
|
36
|
+
User.sorcery_config.user_activation_mailer.should equal(TestMailer)
|
37
37
|
end
|
38
38
|
|
39
39
|
it "should enable configuration option 'activation_needed_email_method_name'" do
|
@@ -54,7 +54,7 @@ describe "User with activation submodule" do
|
|
54
54
|
# ----------------- ACTIVATION PROCESS -----------------------
|
55
55
|
describe User, "activation process" do
|
56
56
|
before(:all) do
|
57
|
-
plugin_model_configure([:user_activation], :
|
57
|
+
plugin_model_configure([:user_activation], :user_activation_mailer => ::SorceryMailer)
|
58
58
|
end
|
59
59
|
|
60
60
|
it "should generate an activation code on registration" do
|
@@ -130,7 +130,7 @@ describe "User with activation submodule" do
|
|
130
130
|
|
131
131
|
describe User, "prevent non-active login feature" do
|
132
132
|
before(:all) do
|
133
|
-
plugin_model_configure([:user_activation], :
|
133
|
+
plugin_model_configure([:user_activation], :user_activation_mailer => ::SorceryMailer)
|
134
134
|
end
|
135
135
|
|
136
136
|
it "should not allow a non-active user to authenticate" do
|
@@ -13,7 +13,7 @@ describe "User with password_reset submodule" do
|
|
13
13
|
describe User, "loaded plugin configuration" do
|
14
14
|
|
15
15
|
before(:all) do
|
16
|
-
plugin_model_configure([:password_reset], :
|
16
|
+
plugin_model_configure([:password_reset], :reset_password_mailer => ::SorceryMailer)
|
17
17
|
end
|
18
18
|
|
19
19
|
after(:each) do
|
@@ -30,7 +30,7 @@ describe "User with password_reset submodule" do
|
|
30
30
|
describe User, "when activated with sorcery" do
|
31
31
|
|
32
32
|
before(:all) do
|
33
|
-
plugin_model_configure([:password_reset], :
|
33
|
+
plugin_model_configure([:password_reset], :reset_password_mailer => ::SorceryMailer)
|
34
34
|
end
|
35
35
|
|
36
36
|
before(:each) do
|