sorcery 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/Gemfile +4 -3
  2. data/Gemfile.lock +16 -13
  3. data/LICENSE.txt +1 -1
  4. data/README.rdoc +77 -63
  5. data/Rakefile +7 -13
  6. data/VERSION +1 -1
  7. data/lib/sorcery/controller/submodules/activity_logging.rb +58 -0
  8. data/lib/sorcery/controller/submodules/brute_force_protection.rb +15 -69
  9. data/lib/sorcery/controller/submodules/http_basic_auth.rb +65 -0
  10. data/lib/sorcery/controller/submodules/oauth/oauth1.rb +25 -0
  11. data/lib/sorcery/controller/submodules/oauth/oauth2.rb +23 -0
  12. data/lib/sorcery/controller/submodules/oauth/providers/facebook.rb +64 -0
  13. data/lib/sorcery/controller/submodules/oauth/providers/twitter.rb +61 -0
  14. data/lib/sorcery/controller/submodules/oauth.rb +95 -0
  15. data/lib/sorcery/controller/submodules/remember_me.rb +14 -5
  16. data/lib/sorcery/controller/submodules/session_timeout.rb +10 -2
  17. data/lib/sorcery/controller.rb +40 -22
  18. data/lib/sorcery/crypto_providers/bcrypt.rb +3 -7
  19. data/lib/sorcery/engine.rb +9 -2
  20. data/lib/sorcery/model/submodules/activity_logging.rb +40 -0
  21. data/lib/sorcery/model/submodules/brute_force_protection.rb +79 -0
  22. data/lib/sorcery/model/submodules/oauth.rb +53 -0
  23. data/lib/sorcery/model/submodules/remember_me.rb +6 -2
  24. data/lib/sorcery/model/submodules/reset_password.rb +96 -0
  25. data/lib/sorcery/model/submodules/user_activation.rb +44 -23
  26. data/lib/sorcery/model/temporary_token.rb +22 -0
  27. data/lib/sorcery/model.rb +13 -6
  28. data/lib/sorcery/test_helpers.rb +84 -0
  29. data/lib/sorcery.rb +17 -1
  30. data/sorcery.gemspec +85 -41
  31. data/spec/Gemfile +3 -2
  32. data/spec/Gemfile.lock +15 -2
  33. data/spec/rails3/app_root/.rspec +1 -0
  34. data/spec/rails3/{Gemfile → app_root/Gemfile} +5 -3
  35. data/spec/rails3/{Gemfile.lock → app_root/Gemfile.lock} +25 -2
  36. data/spec/rails3/app_root/app/controllers/application_controller.rb +48 -2
  37. data/spec/rails3/app_root/app/models/authentication.rb +3 -0
  38. data/spec/rails3/app_root/app/models/user.rb +4 -1
  39. data/spec/rails3/app_root/config/application.rb +1 -3
  40. data/spec/rails3/app_root/config/routes.rb +1 -9
  41. data/spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb +6 -4
  42. data/spec/rails3/app_root/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
  43. data/spec/rails3/app_root/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
  44. data/spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb +4 -4
  45. data/spec/rails3/app_root/db/migrate/oauth/20101224223628_create_authentications.rb +14 -0
  46. data/spec/rails3/app_root/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
  47. data/spec/rails3/app_root/spec/controller_activity_logging_spec.rb +84 -0
  48. data/spec/rails3/app_root/spec/controller_brute_force_protection_spec.rb +65 -0
  49. data/spec/rails3/app_root/spec/controller_http_basic_auth_spec.rb +50 -0
  50. data/spec/rails3/app_root/spec/controller_oauth2_spec.rb +117 -0
  51. data/spec/rails3/app_root/spec/controller_oauth_spec.rb +117 -0
  52. data/spec/rails3/{controller_remember_me_spec.rb → app_root/spec/controller_remember_me_spec.rb} +4 -4
  53. data/spec/rails3/{controller_session_timeout_spec.rb → app_root/spec/controller_session_timeout_spec.rb} +5 -4
  54. data/spec/rails3/{controller_spec.rb → app_root/spec/controller_spec.rb} +23 -16
  55. data/spec/rails3/app_root/spec/spec_helper.orig.rb +27 -0
  56. data/spec/rails3/app_root/spec/spec_helper.rb +61 -0
  57. data/spec/rails3/{user_activation_spec.rb → app_root/spec/user_activation_spec.rb} +62 -22
  58. data/spec/rails3/app_root/spec/user_activity_logging_spec.rb +36 -0
  59. data/spec/rails3/app_root/spec/user_brute_force_protection_spec.rb +76 -0
  60. data/spec/rails3/app_root/spec/user_oauth_spec.rb +39 -0
  61. data/spec/rails3/{user_remember_me_spec.rb → app_root/spec/user_remember_me_spec.rb} +4 -4
  62. data/spec/rails3/app_root/spec/user_reset_password_spec.rb +178 -0
  63. data/spec/rails3/{user_spec.rb → app_root/spec/user_spec.rb} +68 -38
  64. metadata +145 -61
  65. data/features/support/env.rb +0 -13
  66. data/lib/sorcery/model/submodules/password_reset.rb +0 -64
  67. data/spec/rails3/app_root/db/migrate/password_reset/20101224223622_add_password_reset_to_users.rb +0 -9
  68. data/spec/rails3/app_root/test/fixtures/users.yml +0 -9
  69. data/spec/rails3/app_root/test/performance/browsing_test.rb +0 -9
  70. data/spec/rails3/app_root/test/test_helper.rb +0 -13
  71. data/spec/rails3/app_root/test/unit/user_test.rb +0 -8
  72. data/spec/rails3/controller_brute_force_protection_spec.rb +0 -72
  73. data/spec/rails3/spec_helper.rb +0 -115
  74. data/spec/rails3/user_password_reset_spec.rb +0 -76
  75. /data/spec/rails3/{Rakefile → app_root/Rakefile} +0 -0
@@ -0,0 +1,84 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe ApplicationController do
4
+ before(:all) do
5
+ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
6
+ end
7
+
8
+ after(:all) do
9
+ ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
10
+ end
11
+
12
+ # ----------------- ACTIVITY LOGGING -----------------------
13
+ describe ApplicationController, "with activity logging features" do
14
+ before(:all) do
15
+ sorcery_reload!([:activity_logging])
16
+ end
17
+
18
+ before(:each) do
19
+ create_new_user
20
+ end
21
+
22
+ after(:each) do
23
+ User.delete_all
24
+ end
25
+
26
+ it "should respond to 'current_users'" do
27
+ subject.should respond_to(:current_users)
28
+ end
29
+
30
+ it "'current_users' should be empty when no users are logged in" do
31
+ subject.current_users.size.should == 0
32
+ end
33
+
34
+ it "should log login time on login" do
35
+ now = Time.now.utc
36
+ login_user
37
+ @user.last_login_at.should_not be_nil
38
+ @user.last_login_at.to_s(:db).should >= now.to_s(:db)
39
+ @user.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
40
+ end
41
+
42
+ it "should log logout time on logout" do
43
+ login_user
44
+ now = Time.now.utc
45
+ logout_user
46
+ User.first.last_logout_at.should_not be_nil
47
+ User.first.last_logout_at.to_s(:db).should >= now.to_s(:db)
48
+ User.first.last_logout_at.to_s(:db).should <= (now+2).to_s(:db)
49
+ end
50
+
51
+ it "should log last activity time when logged in" do
52
+ login_user
53
+ now = Time.now.utc
54
+ get :some_action
55
+ User.first.last_activity_at.to_s(:db).should >= now.to_s(:db)
56
+ User.first.last_activity_at.to_s(:db).should <= (now+2).to_s(:db)
57
+ end
58
+
59
+ it "'current_users' should hold the user object when 1 user is logged in" do
60
+ login_user
61
+ get :some_action
62
+ subject.current_users.size.should == 1
63
+ subject.current_users[0].should == @user
64
+ end
65
+
66
+ it "'current_users' should show all current_users, whether they have logged out before or not." do
67
+ user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
68
+ login_user(user1)
69
+ get :some_action
70
+ clear_user_without_logout
71
+ user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
72
+ login_user(user2)
73
+ get :some_action
74
+ clear_user_without_logout
75
+ user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
76
+ login_user(user3)
77
+ get :some_action
78
+ subject.current_users.size.should == 3
79
+ subject.current_users[0].should == user1
80
+ subject.current_users[1].should == user2
81
+ subject.current_users[2].should == user3
82
+ end
83
+ end
84
+ end
@@ -0,0 +1,65 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe ApplicationController do
4
+ before(:all) do
5
+ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/brute_force_protection")
6
+ end
7
+
8
+ after(:all) do
9
+ ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/brute_force_protection")
10
+ end
11
+
12
+ # ----------------- SESSION TIMEOUT -----------------------
13
+ describe ApplicationController, "with brute force protection features" do
14
+ before(:all) do
15
+ sorcery_reload!([:brute_force_protection])
16
+ create_new_user
17
+ end
18
+
19
+ after(:each) do
20
+ Sorcery::Controller::Config.reset!
21
+ sorcery_controller_property_set(:user_class, User)
22
+ end
23
+
24
+ it "should count login retries" do
25
+ 3.times {get :test_login, :username => 'gizmo', :password => 'blabla'}
26
+ User.find_by_username('gizmo').failed_logins_count.should == 3
27
+ end
28
+
29
+ it "should reset the counter on a good login" do
30
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
31
+ 3.times {get :test_login, :username => 'gizmo', :password => 'blabla'}
32
+ get :test_login, :username => 'gizmo', :password => 'secret'
33
+ User.find_by_username('gizmo').failed_logins_count.should == 0
34
+ end
35
+
36
+ it "should lock user when number of retries reached the limit" do
37
+ User.find_by_username('gizmo').lock_expires_at.should be_nil
38
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
39
+ get :test_login, :username => 'gizmo', :password => 'blabla'
40
+ User.find_by_username('gizmo').lock_expires_at.should_not be_nil
41
+ end
42
+
43
+ it "should unlock after lock time period passes" do
44
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
45
+ sorcery_model_property_set(:login_lock_time_period, 0.2)
46
+ get :test_login, :username => 'gizmo', :password => 'blabla'
47
+ get :test_login, :username => 'gizmo', :password => 'blabla'
48
+ User.find_by_username('gizmo').lock_expires_at.should_not be_nil
49
+ sleep 0.3
50
+ get :test_login, :username => 'gizmo', :password => 'blabla'
51
+ User.find_by_username('gizmo').lock_expires_at.should be_nil
52
+ end
53
+
54
+ it "should not unlock if time period is 0 (permanent lock)" do
55
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
56
+ sorcery_model_property_set(:login_lock_time_period, 0)
57
+ get :test_login, :username => 'gizmo', :password => 'blabla'
58
+ get :test_login, :username => 'gizmo', :password => 'blabla'
59
+ unlock_date = User.find_by_username('gizmo').lock_expires_at
60
+ sleep 1
61
+ get :test_login, :username => 'gizmo', :password => 'blabla'
62
+ User.find_by_username('gizmo').lock_expires_at.to_s.should == unlock_date.to_s
63
+ end
64
+ end
65
+ end
@@ -0,0 +1,50 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe ApplicationController do
4
+
5
+ # ----------------- HTTP BASIC AUTH -----------------------
6
+ describe ApplicationController, "with http basic auth features" do
7
+ before(:all) do
8
+ sorcery_reload!([:http_basic_auth])
9
+ create_new_user
10
+ end
11
+
12
+ after(:each) do
13
+ logout_user
14
+ end
15
+
16
+ it "requests basic authentication when before_filter is used" do
17
+ get :test_http_basic_auth
18
+ response.code.should == "401"
19
+ end
20
+
21
+ it "authenticates from http basic if credentials are sent" do
22
+ @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{@user.username}:secret")
23
+ get :test_http_basic_auth, nil, :http_authentication_used => true
24
+ response.should be_a_success
25
+ end
26
+
27
+ it "fails authentication if credentials are wrong" do
28
+ @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{@user.username}:wrong!")
29
+ get :test_http_basic_auth, nil, :http_authentication_used => true
30
+ response.code.should redirect_to root_url
31
+ end
32
+
33
+ it "should allow configuration option 'controller_to_realm_map'" do
34
+ sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
35
+ Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
36
+ end
37
+
38
+ it "should display the correct realm name configured for the controller" do
39
+ sorcery_controller_property_set(:controller_to_realm_map, {"application" => "Salad"})
40
+ get :test_http_basic_auth
41
+ response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
42
+ end
43
+
44
+ it "should sign in the user's session on successful login" do
45
+ @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{@user.username}:secret")
46
+ get :test_http_basic_auth, nil, :http_authentication_used => true
47
+ session[:user_id].should == User.find_by_username(@user.username).id
48
+ end
49
+ end
50
+ end
@@ -0,0 +1,117 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ def stub_all_oauth2_requests!
4
+ @client = OAuth2::Client.new("key","secret", :site => "http://myapi.com")
5
+ OAuth2::Client.stub!(:new).and_return(@client)
6
+ @acc_token = OAuth2::AccessToken.new(@client, "", "asd", nil, {})
7
+ @webby = @client.web_server
8
+ OAuth2::Strategy::WebServer.stub!(:new).and_return(@webby)
9
+ @webby.stub!(:get_access_token).and_return(@acc_token)
10
+ @acc_token.stub!(:get).and_return({"id"=>"123", "name"=>"Noam Ben Ari", "first_name"=>"Noam", "last_name"=>"Ben Ari", "link"=>"http://www.facebook.com/nbenari1", "hometown"=>{"id"=>"110619208966868", "name"=>"Haifa, Israel"}, "location"=>{"id"=>"106906559341067", "name"=>"Pardes Hanah, Hefa, Israel"}, "bio"=>"I'm a new daddy, and enjoying it!", "gender"=>"male", "email"=>"nbenari@gmail.com", "timezone"=>2, "locale"=>"en_US", "languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}], "verified"=>true, "updated_time"=>"2011-02-16T20:59:38+0000"}.to_json)
11
+ end
12
+
13
+ describe ApplicationController do
14
+ before(:all) do
15
+ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/oauth")
16
+ sorcery_reload!([:oauth])
17
+ sorcery_controller_property_set(:oauth_providers, [:facebook])
18
+ sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
19
+ sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
20
+ sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
21
+ end
22
+
23
+ after(:all) do
24
+ ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/oauth")
25
+ end
26
+ # ----------------- OAuth -----------------------
27
+ describe ApplicationController, "with OAuth features" do
28
+
29
+ before(:each) do
30
+ stub_all_oauth2_requests!
31
+ end
32
+
33
+ after(:each) do
34
+ User.delete_all
35
+ end
36
+
37
+ it "auth_at_provider redirects correctly" do
38
+ create_new_user
39
+ get :auth_at_provider_test2
40
+ response.should be_a_redirect
41
+ response.should redirect_to("http://myapi.com/oauth/authorize?client_id=key&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&type=web_server")
42
+ end
43
+
44
+ it "'login_from_access_token' logins if user exists" do
45
+ sorcery_model_property_set(:authentications_class, Authentication)
46
+ create_new_external_user(:facebook)
47
+ get :test_login_from_access_token2
48
+ flash[:notice].should == "Success!"
49
+ end
50
+
51
+ it "'login_from_access_token' fails if user doesn't exist" do
52
+ sorcery_model_property_set(:authentications_class, Authentication)
53
+ create_new_user
54
+ get :test_login_from_access_token2
55
+ flash[:alert].should == "Failed!"
56
+ end
57
+ end
58
+
59
+ describe ApplicationController, "'create_from_provider!'" do
60
+ before(:each) do
61
+ stub_all_oauth2_requests!
62
+ User.delete_all
63
+ end
64
+
65
+ it "should create a new user" do
66
+ sorcery_controller_property_set(:authentications_class, Authentication)
67
+ sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "name"})
68
+ lambda do
69
+ get :test_create_from_provider, :provider => "facebook"
70
+ end.should change(User, :count).by(1)
71
+ User.first.username.should == "Noam Ben Ari"
72
+ end
73
+
74
+ it "should support nested attributes" do
75
+ sorcery_controller_property_set(:authentications_class, Authentication)
76
+ sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "hometown/name"})
77
+ lambda do
78
+ get :test_create_from_provider, :provider => "facebook"
79
+ end.should change(User, :count).by(1)
80
+ User.first.username.should == "Haifa, Israel"
81
+ end
82
+ end
83
+
84
+ describe ApplicationController, "OAuth with User Activation features" do
85
+ before(:all) do
86
+ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
87
+ sorcery_reload!([:user_activation,:oauth], :user_activation_mailer => ::SorceryMailer)
88
+ sorcery_controller_property_set(:oauth_providers, [:facebook])
89
+ sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
90
+ sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
91
+ sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
92
+ end
93
+
94
+ after(:all) do
95
+ ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
96
+ end
97
+
98
+ after(:each) do
99
+ User.delete_all
100
+ end
101
+
102
+ it "should not send activation email to external users" do
103
+ old_size = ActionMailer::Base.deliveries.size
104
+ create_new_external_user(:facebook)
105
+ ActionMailer::Base.deliveries.size.should == old_size
106
+ end
107
+
108
+ it "should not send external users an activation success email" do
109
+ sorcery_model_property_set(:activation_success_email_method_name, nil)
110
+ create_new_external_user(:facebook)
111
+ old_size = ActionMailer::Base.deliveries.size
112
+ @user.activate!
113
+ ActionMailer::Base.deliveries.size.should == old_size
114
+ end
115
+ end
116
+
117
+ end
@@ -0,0 +1,117 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require 'ostruct'
3
+
4
+ def stub_all_oauth_requests!
5
+ @consumer = OAuth::Consumer.new("key","secret", :site => "http://myapi.com")
6
+ OAuth::Consumer.stub!(:new).and_return(@consumer)
7
+
8
+ @req_token = OAuth::RequestToken.new(@consumer)
9
+ @consumer.stub!(:get_request_token).and_return(@req_token)
10
+ @acc_token = OAuth::AccessToken.new(@consumer)
11
+ @req_token.stub!(:get_access_token).and_return(@acc_token)
12
+ session[:request_token] = @req_token
13
+ response = OpenStruct.new()
14
+ response.body = {"following"=>false, "listed_count"=>0, "profile_link_color"=>"0084B4", "profile_image_url"=>"http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg", "description"=>"Programmer/Heavy Metal Fan/New Father", "status"=>{"text"=>"coming soon to sorcery gem: twitter and facebook authentication support.", "truncated"=>false, "favorited"=>false, "source"=>"web", "geo"=>nil, "in_reply_to_screen_name"=>nil, "in_reply_to_user_id"=>nil, "in_reply_to_status_id_str"=>nil, "created_at"=>"Sun Mar 06 23:01:12 +0000 2011", "contributors"=>nil, "place"=>nil, "retweeted"=>false, "in_reply_to_status_id"=>nil, "in_reply_to_user_id_str"=>nil, "coordinates"=>nil, "retweet_count"=>0, "id"=>44533012284706816, "id_str"=>"44533012284706816"}, "show_all_inline_media"=>false, "geo_enabled"=>true, "profile_sidebar_border_color"=>"a8c7f7", "url"=>nil, "followers_count"=>10, "screen_name"=>"nbenari", "profile_use_background_image"=>true, "location"=>"Israel", "statuses_count"=>25, "profile_background_color"=>"022330", "lang"=>"en", "verified"=>false, "notifications"=>false, "profile_background_image_url"=>"http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg", "favourites_count"=>5, "created_at"=>"Fri Nov 20 21:58:19 +0000 2009", "is_translator"=>false, "contributors_enabled"=>false, "protected"=>false, "follow_request_sent"=>false, "time_zone"=>"Greenland", "profile_text_color"=>"333333", "name"=>"Noam Ben Ari", "friends_count"=>10, "profile_sidebar_fill_color"=>"C0DFEC", "id"=>123, "id_str"=>"91434812", "profile_background_tile"=>false, "utc_offset"=>-10800}.to_json
15
+ @acc_token.stub!(:get).and_return(response)
16
+ end
17
+
18
+ describe ApplicationController do
19
+ before(:all) do
20
+ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/oauth")
21
+ sorcery_reload!([:oauth])
22
+ sorcery_controller_property_set(:oauth_providers, [:twitter])
23
+ sorcery_controller_oauth_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
24
+ sorcery_controller_oauth_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
25
+ sorcery_controller_oauth_property_set(:twitter, :callback_url, "http://blabla.com")
26
+ end
27
+
28
+ after(:all) do
29
+ ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/oauth")
30
+ end
31
+ # ----------------- OAuth -----------------------
32
+ describe ApplicationController, "'login_from_access_token'" do
33
+
34
+ before(:each) do
35
+ stub_all_oauth_requests!
36
+ end
37
+
38
+ after(:each) do
39
+ User.delete_all
40
+ end
41
+
42
+ it "auth_at_provider redirects correctly" do
43
+ create_new_user
44
+ get :auth_at_provider_test
45
+ response.should be_a_redirect
46
+ response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
47
+ end
48
+
49
+ it "logins if user exists" do
50
+ sorcery_model_property_set(:authentications_class, Authentication)
51
+ create_new_external_user(:twitter)
52
+ get :test_login_from_access_token, :oauth_verifier => "blablaRERASDFcxvSDFA"
53
+ flash[:notice].should == "Success!"
54
+ end
55
+
56
+ it "'login_from_access_token' fails if user doesn't exist" do
57
+ sorcery_model_property_set(:authentications_class, Authentication)
58
+ create_new_user
59
+ get :test_login_from_access_token, :oauth_verifier => "blablaRERASDFcxvSDFA"
60
+ flash[:alert].should == "Failed!"
61
+ end
62
+ end
63
+
64
+ describe ApplicationController, "'create_from_provider!'" do
65
+ before(:each) do
66
+ stub_all_oauth_requests!
67
+ User.delete_all
68
+ end
69
+
70
+ it "should create a new user" do
71
+ sorcery_controller_property_set(:authentications_class, Authentication)
72
+ sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "screen_name"})
73
+ lambda do
74
+ get :test_create_from_provider, :provider => "twitter"
75
+ end.should change(User, :count).by(1)
76
+ User.first.username.should == "nbenari"
77
+ end
78
+
79
+ it "should support nested attributes" do
80
+ sorcery_controller_property_set(:authentications_class, Authentication)
81
+ sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "status/text"})
82
+ lambda do
83
+ get :test_create_from_provider, :provider => "twitter"
84
+ end.should change(User, :count).by(1)
85
+ User.first.username.should == "coming soon to sorcery gem: twitter and facebook authentication support."
86
+ end
87
+ end
88
+
89
+ describe ApplicationController, "OAuth with User Activation features" do
90
+ before(:all) do
91
+ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
92
+ sorcery_reload!([:user_activation,:oauth], :user_activation_mailer => ::SorceryMailer)
93
+ end
94
+
95
+ after(:all) do
96
+ ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
97
+ end
98
+
99
+ after(:each) do
100
+ User.delete_all
101
+ end
102
+
103
+ it "should not send activation email to external users" do
104
+ old_size = ActionMailer::Base.deliveries.size
105
+ create_new_external_user(:twitter)
106
+ ActionMailer::Base.deliveries.size.should == old_size
107
+ end
108
+
109
+ it "should not send external users an activation success email" do
110
+ sorcery_model_property_set(:activation_success_email_method_name, nil)
111
+ create_new_external_user(:twitter)
112
+ old_size = ActionMailer::Base.deliveries.size
113
+ @user.activate!
114
+ ActionMailer::Base.deliveries.size.should == old_size
115
+ end
116
+ end
117
+ end
@@ -6,7 +6,7 @@ describe ApplicationController do
6
6
  describe ApplicationController, "with remember me features" do
7
7
  before(:all) do
8
8
  ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
9
- plugin_model_configure([:remember_me])
9
+ sorcery_reload!([:remember_me])
10
10
  end
11
11
 
12
12
  before(:each) do
@@ -25,7 +25,7 @@ describe ApplicationController do
25
25
 
26
26
  it "should set cookie on remember_me!" do
27
27
  post :test_login_with_remember, :username => 'gizmo', :password => 'secret'
28
- cookies["remember_me_token"].should == assigns[:logged_in_user].remember_me_token
28
+ cookies["remember_me_token"].should == assigns[:current_user].remember_me_token
29
29
  end
30
30
 
31
31
  it "should clear cookie on forget_me!" do
@@ -50,11 +50,11 @@ describe ApplicationController do
50
50
  session[:user_id] = @user.id
51
51
  subject.remember_me!
52
52
  subject.instance_eval do
53
- @logged_in_user = nil
53
+ @current_user = nil
54
54
  end
55
55
  session[:user_id] = nil
56
56
  get :test_login_from_cookie
57
- assigns[:logged_in_user].should == @user
57
+ assigns[:current_user].should == @user
58
58
  end
59
59
 
60
60
  it "should not remember_me! when not asked to" do
@@ -5,8 +5,8 @@ describe ApplicationController do
5
5
  # ----------------- SESSION TIMEOUT -----------------------
6
6
  describe ApplicationController, "with session timeout features" do
7
7
  before(:all) do
8
- plugin_model_configure([:session_timeout])
9
- plugin_set_controller_config_property(:session_timeout,0.5)
8
+ sorcery_reload!([:session_timeout])
9
+ sorcery_controller_property_set(:session_timeout,0.5)
10
10
  create_new_user
11
11
  end
12
12
 
@@ -26,7 +26,7 @@ describe ApplicationController do
26
26
  end
27
27
 
28
28
  it "with 'session_timeout_from_last_action' should not logout if there was activity" do
29
- plugin_set_controller_config_property(:session_timeout_from_last_action, true)
29
+ sorcery_controller_property_set(:session_timeout_from_last_action, true)
30
30
  login_user
31
31
  sleep 0.3
32
32
  get :test_should_be_logged_in
@@ -38,12 +38,13 @@ describe ApplicationController do
38
38
  end
39
39
 
40
40
  it "with 'session_timeout_from_last_action' should logout if there was no activity" do
41
- plugin_set_controller_config_property(:session_timeout_from_last_action, true)
41
+ sorcery_controller_property_set(:session_timeout_from_last_action, true)
42
42
  login_user
43
43
  sleep 0.6
44
44
  get :test_should_be_logged_in
45
45
  session[:user_id].should be_nil
46
46
  response.should be_a_redirect
47
47
  end
48
+
48
49
  end
49
50
  end
@@ -5,21 +5,21 @@ describe ApplicationController do
5
5
  # ----------------- PLUGIN CONFIGURATION -----------------------
6
6
  describe ApplicationController, "plugin configuration" do
7
7
  before(:all) do
8
- plugin_model_configure
8
+ sorcery_reload!
9
9
  end
10
10
 
11
11
  after(:each) do
12
12
  Sorcery::Controller::Config.reset!
13
- plugin_model_configure
13
+ sorcery_reload!
14
14
  end
15
15
 
16
16
  it "should enable configuration option 'user_class'" do
17
- plugin_set_controller_config_property(:user_class, TestUser)
17
+ sorcery_controller_property_set(:user_class, TestUser)
18
18
  Sorcery::Controller::Config.user_class.should equal(TestUser)
19
19
  end
20
20
 
21
21
  it "should enable configuration option 'not_authenticated_action'" do
22
- plugin_set_controller_config_property(:not_authenticated_action, :my_action)
22
+ sorcery_controller_property_set(:not_authenticated_action, :my_action)
23
23
  Sorcery::Controller::Config.not_authenticated_action.should equal(:my_action)
24
24
  end
25
25
 
@@ -34,7 +34,7 @@ describe ApplicationController do
34
34
 
35
35
  after(:each) do
36
36
  Sorcery::Controller::Config.reset!
37
- plugin_set_controller_config_property(:user_class, User)
37
+ sorcery_controller_property_set(:user_class, User)
38
38
  end
39
39
 
40
40
  it "should respond to the instance method login" do
@@ -49,8 +49,8 @@ describe ApplicationController do
49
49
  should respond_to(:logged_in?)
50
50
  end
51
51
 
52
- it "should respond to the instance method logged_in_user" do
53
- should respond_to(:logged_in_user)
52
+ it "should respond to the instance method current_user" do
53
+ should respond_to(:current_user)
54
54
  end
55
55
 
56
56
  it "login(username,password) should return the user when success and set the session with user.id" do
@@ -82,34 +82,41 @@ describe ApplicationController do
82
82
  subject.logged_in?.should be_false
83
83
  end
84
84
 
85
- it "logged_in_user should return the user instance if logged in" do
85
+ it "current_user should return the user instance if logged in" do
86
86
  create_new_user
87
87
  session[:user_id] = @user.id
88
- subject.logged_in_user.should == @user
88
+ subject.current_user.should == @user
89
89
  end
90
90
 
91
- it "logged_in_user should return false if not logged in" do
91
+ it "current_user should return false if not logged in" do
92
92
  session[:user_id] = nil
93
- subject.logged_in_user.should == false
93
+ subject.current_user.should == false
94
94
  end
95
95
 
96
- it "should respond to 'require_user_login'" do
97
- should respond_to(:require_user_login)
96
+ it "should respond to 'require_login'" do
97
+ should respond_to(:require_login)
98
98
  end
99
99
 
100
100
  it "should call the configured 'not_authenticated_action' when authenticate before_filter fails" do
101
101
  session[:user_id] = nil
102
- plugin_set_controller_config_property(:not_authenticated_action, :test_not_authenticated_action)
102
+ sorcery_controller_property_set(:not_authenticated_action, :test_not_authenticated_action)
103
103
  get :test_logout
104
104
  response.body.should == "test_not_authenticated_action"
105
105
  end
106
106
 
107
- it "require_user_login before_filter should save the url that the user originally wanted" do
107
+ it "require_login before_filter should save the url that the user originally wanted" do
108
108
  get :some_action
109
- session[:user_wanted_url].should == "http://test.host/some_action"
109
+ session[:return_to_url].should == "http://test.host/application/some_action"
110
110
  response.should redirect_to("http://test.host/")
111
111
  end
112
112
 
113
+ it "on successful login the user should be redirected to the url he originally wanted" do
114
+ session[:return_to_url] = "http://test.host/some_action"
115
+ post :test_return_to, :username => 'gizmo', :password => 'secret'
116
+ response.should redirect_to("http://test.host/some_action")
117
+ flash[:notice].should == "haha!"
118
+ end
119
+
113
120
  end
114
121
 
115
122
  end
@@ -0,0 +1,27 @@
1
+ # This file is copied to spec/ when you run 'rails generate rspec:install'
2
+ ENV["RAILS_ENV"] ||= 'test'
3
+ require File.expand_path("../../config/environment", __FILE__)
4
+ require 'rspec/rails'
5
+
6
+ # Requires supporting ruby files with custom matchers and macros, etc,
7
+ # in spec/support/ and its subdirectories.
8
+ Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
9
+
10
+ RSpec.configure do |config|
11
+ # == Mock Framework
12
+ #
13
+ # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
14
+ #
15
+ # config.mock_with :mocha
16
+ # config.mock_with :flexmock
17
+ # config.mock_with :rr
18
+ config.mock_with :rspec
19
+
20
+ # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
21
+ config.fixture_path = "#{::Rails.root}/spec/fixtures"
22
+
23
+ # If you're not using ActiveRecord, or you'd prefer not to run each of your
24
+ # examples within a transaction, remove the following line or assign false
25
+ # instead of true.
26
+ config.use_transactional_fixtures = true
27
+ end