sorcery 0.1.4 → 0.2.0

data/spec/rails3/app_root/config/application.rb

@@ -38,9 +38,7 @@ module AppRoot
 
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
-    
-    config.root = File.expand_path('../..', __FILE__)
-    
+        
     config.action_mailer.delivery_method = :test
     
     config.active_support.deprecation = :stderr

data/spec/rails3/app_root/config/routes.rb

@@ -1,14 +1,5 @@
 AppRoot::Application.routes.draw do
   root :to => "application#index" 
-  match '/test_login', :to => "application#test_login"
-  match '/test_logout', :to => "application#test_logout"
-  match '/some_action', :to => "application#some_action"
-  match '/test_logout_with_remember', :to => "application#test_logout_with_remember"
-  match '/test_login_with_remember', :to => 'application#test_login_with_remember'
-  match '/test_login_with_remember_in_login', :to => 'application#test_login_with_remember_in_login'
-  match '/test_login_from_cookie', :to => 'application#test_login_from_cookie'
-  match '/test_should_be_logged_in', :to => 'application#test_should_be_logged_in'
-  match '/test_http_basic_auth', :to => 'application#test_http_basic_auth'
   # The priority is based upon order of creation:
   # first created -> highest priority.
 
@@ -64,5 +55,5 @@ AppRoot::Application.routes.draw do
 
   # This is a legacy wild controller route that's not recommended for RESTful applications.
   # Note: This route will make all actions in every controller accessible via GET requests.
-  # match ':controller(/:action(/:id(.:format)))'
+  match ':controller(/:action(/:id(.:format)))'
 end

data/spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb

@@ -1,15 +1,17 @@
 class AddActivationToUsers < ActiveRecord::Migration
   def self.up
     add_column :users, :activation_state, :string, :default => nil
-    add_column :users, :activation_code, :string, :default => nil
+    add_column :users, :activation_token, :string, :default => nil
+    add_column :users, :activation_token_expires_at, :datetime, :default => nil
     
-    add_index :users, :activation_code
+    add_index :users, :activation_token
   end
 
   def self.down
-    remove_index :users, :activation_code
+    remove_index :users, :activation_token
     
-    remove_column :users, :activation_code
+    remove_column :users, :activation_token_expires_at
+    remove_column :users, :activation_token
     remove_column :users, :activation_state
   end
 end

data/spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb

@@ -1,10 +1,10 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.string :username
-      t.string :email, :null => false
-      t.string :crypted_password
-      t.string :salt
+      t.string :username,         :null => false
+      t.string :email,            :default => nil
+      t.string :crypted_password, :default => nil
+      t.string :salt,             :default => nil
 
       t.timestamps
     end

data/spec/rails3/app_root/db/migrate/oauth/20101224223628_create_authentications.rb

@@ -0,0 +1,14 @@
+class CreateAuthentications < ActiveRecord::Migration
+  def self.up
+    create_table :authentications do |t|
+      t.integer :user_id, :null => false
+      t.string :provider, :uid, :null => false
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :authentications
+  end
+end

data/spec/rails3/{controller_activity_logging_spec.rb → app_root/spec/controller_activity_logging_spec.rb}

@@ -12,7 +12,7 @@ describe ApplicationController do
   # ----------------- ACTIVITY LOGGING -----------------------
   describe ApplicationController, "with activity logging features" do
     before(:all) do
-      plugin_model_configure([:activity_logging])
+      sorcery_reload!([:activity_logging])
     end
 
     before(:each) do
@@ -23,12 +23,12 @@ describe ApplicationController do
       User.delete_all
     end
 
-    it "should respond to 'logged_in_users'" do
-      subject.should respond_to(:logged_in_users)
+    it "should respond to 'current_users'" do
+      subject.should respond_to(:current_users)
     end
 
-    it "'logged_in_users' should be empty when no users are logged in" do
-      subject.logged_in_users.size.should == 0
+    it "'current_users' should be empty when no users are logged in" do
+      subject.current_users.size.should == 0
     end
 
     it "should log login time on login" do
@@ -56,14 +56,14 @@ describe ApplicationController do
       User.first.last_activity_at.to_s(:db).should <= (now+2).to_s(:db)
     end
 
-    it "'logged_in_users' should hold the user object when 1 user is logged in" do
+    it "'current_users' should hold the user object when 1 user is logged in" do
       login_user
       get :some_action
-      subject.logged_in_users.size.should == 1
-      subject.logged_in_users[0].should == @user
+      subject.current_users.size.should == 1
+      subject.current_users[0].should == @user
     end
 
-    it "'logged_in_users' should show all logged_in_users, whether they have logged out before or not." do
+    it "'current_users' should show all current_users, whether they have logged out before or not." do
       user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
       login_user(user1)
       get :some_action
@@ -75,10 +75,10 @@ describe ApplicationController do
       user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
       login_user(user3)
       get :some_action
-      subject.logged_in_users.size.should == 3
-      subject.logged_in_users[0].should == user1
-      subject.logged_in_users[1].should == user2
-      subject.logged_in_users[2].should == user3
+      subject.current_users.size.should == 3
+      subject.current_users[0].should == user1
+      subject.current_users[1].should == user2
+      subject.current_users[2].should == user3
     end
   end
 end

data/spec/rails3/{controller_brute_force_protection_spec.rb → app_root/spec/controller_brute_force_protection_spec.rb}

@@ -12,13 +12,13 @@ describe ApplicationController do
   # ----------------- SESSION TIMEOUT -----------------------
   describe ApplicationController, "with brute force protection features" do
     before(:all) do
-      plugin_model_configure([:brute_force_protection])
+      sorcery_reload!([:brute_force_protection])
       create_new_user
     end
     
     after(:each) do
       Sorcery::Controller::Config.reset!
-      plugin_set_controller_config_property(:user_class, User)
+      sorcery_controller_property_set(:user_class, User)
     end
     
     it "should count login retries" do
@@ -27,7 +27,7 @@ describe ApplicationController do
     end
     
     it "should reset the counter on a good login" do
-      plugin_set_model_config_property(:consecutive_login_retries_amount_allowed, 5)
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
       3.times {get :test_login, :username => 'gizmo', :password => 'blabla'}
       get :test_login, :username => 'gizmo', :password => 'secret'
       User.find_by_username('gizmo').failed_logins_count.should == 0
@@ -35,14 +35,14 @@ describe ApplicationController do
     
     it "should lock user when number of retries reached the limit" do
       User.find_by_username('gizmo').lock_expires_at.should be_nil
-      plugin_set_model_config_property(:consecutive_login_retries_amount_allowed, 1)
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
       get :test_login, :username => 'gizmo', :password => 'blabla'
       User.find_by_username('gizmo').lock_expires_at.should_not be_nil
     end
 
     it "should unlock after lock time period passes" do
-      plugin_set_model_config_property(:consecutive_login_retries_amount_allowed, 2)
-      plugin_set_model_config_property(:login_lock_time_period, 0.2)
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0.2)
       get :test_login, :username => 'gizmo', :password => 'blabla'
       get :test_login, :username => 'gizmo', :password => 'blabla'
       User.find_by_username('gizmo').lock_expires_at.should_not be_nil
@@ -51,5 +51,15 @@ describe ApplicationController do
       User.find_by_username('gizmo').lock_expires_at.should be_nil
     end
 
+    it "should not unlock if time period is 0 (permanent lock)" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0)
+      get :test_login, :username => 'gizmo', :password => 'blabla'
+      get :test_login, :username => 'gizmo', :password => 'blabla'
+      unlock_date = User.find_by_username('gizmo').lock_expires_at
+      sleep 1
+      get :test_login, :username => 'gizmo', :password => 'blabla'
+      User.find_by_username('gizmo').lock_expires_at.to_s.should == unlock_date.to_s
+    end
   end
 end

data/spec/rails3/{controller_http_basic_auth_spec.rb → app_root/spec/controller_http_basic_auth_spec.rb}

@@ -5,7 +5,7 @@ describe ApplicationController do
   # ----------------- HTTP BASIC AUTH -----------------------
   describe ApplicationController, "with http basic auth features" do
     before(:all) do
-      plugin_model_configure([:http_basic_auth])
+      sorcery_reload!([:http_basic_auth])
       create_new_user
     end
     
@@ -31,12 +31,12 @@ describe ApplicationController do
     end
     
     it "should allow configuration option 'controller_to_realm_map'" do
-      plugin_set_controller_config_property(:controller_to_realm_map, {"1" => "2"})
+      sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
       Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
     end
     
     it "should display the correct realm name configured for the controller" do
-      plugin_set_controller_config_property(:controller_to_realm_map, {"application" => "Salad"})
+      sorcery_controller_property_set(:controller_to_realm_map, {"application" => "Salad"})
       get :test_http_basic_auth
       response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
     end

data/spec/rails3/app_root/spec/controller_oauth2_spec.rb

@@ -0,0 +1,117 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+def stub_all_oauth2_requests!
+  @client = OAuth2::Client.new("key","secret", :site => "http://myapi.com")
+  OAuth2::Client.stub!(:new).and_return(@client)
+  @acc_token = OAuth2::AccessToken.new(@client, "", "asd", nil, {})
+  @webby = @client.web_server
+  OAuth2::Strategy::WebServer.stub!(:new).and_return(@webby)
+  @webby.stub!(:get_access_token).and_return(@acc_token)
+  @acc_token.stub!(:get).and_return({"id"=>"123", "name"=>"Noam Ben Ari", "first_name"=>"Noam", "last_name"=>"Ben Ari", "link"=>"http://www.facebook.com/nbenari1", "hometown"=>{"id"=>"110619208966868", "name"=>"Haifa, Israel"}, "location"=>{"id"=>"106906559341067", "name"=>"Pardes Hanah, Hefa, Israel"}, "bio"=>"I'm a new daddy, and enjoying it!", "gender"=>"male", "email"=>"nbenari@gmail.com", "timezone"=>2, "locale"=>"en_US", "languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}], "verified"=>true, "updated_time"=>"2011-02-16T20:59:38+0000"}.to_json)
+end
+
+describe ApplicationController do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/oauth")
+    sorcery_reload!([:oauth])
+    sorcery_controller_property_set(:oauth_providers, [:facebook])
+    sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/oauth")
+  end
+  # ----------------- OAuth -----------------------
+  describe ApplicationController, "with OAuth features" do
+  
+    before(:each) do
+      stub_all_oauth2_requests!
+    end
+      
+    after(:each) do
+      User.delete_all
+    end
+    
+    it "auth_at_provider redirects correctly" do
+      create_new_user
+      get :auth_at_provider_test2
+      response.should be_a_redirect
+      response.should redirect_to("http://myapi.com/oauth/authorize?client_id=key&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&type=web_server")
+    end
+    
+    it "'login_from_access_token' logins if user exists" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_external_user(:facebook)
+      get :test_login_from_access_token2
+      flash[:notice].should == "Success!"
+    end
+    
+    it "'login_from_access_token' fails if user doesn't exist" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_user
+      get :test_login_from_access_token2
+      flash[:alert].should == "Failed!"
+    end
+  end
+  
+  describe ApplicationController, "'create_from_provider!'" do
+    before(:each) do
+      stub_all_oauth2_requests!
+      User.delete_all
+    end
+      
+    it "should create a new user" do
+      sorcery_controller_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "name"})
+      lambda do
+        get :test_create_from_provider, :provider => "facebook"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "Noam Ben Ari"
+    end
+    
+    it "should support nested attributes" do
+      sorcery_controller_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "hometown/name"})
+      lambda do
+        get :test_create_from_provider, :provider => "facebook"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "Haifa, Israel"
+    end
+  end
+  
+  describe ApplicationController, "OAuth with User Activation features" do
+    before(:all) do
+      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
+      sorcery_reload!([:user_activation,:oauth], :user_activation_mailer => ::SorceryMailer)
+      sorcery_controller_property_set(:oauth_providers, [:facebook])
+      sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
+    end
+    
+    after(:all) do
+      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
+    end
+    
+    after(:each) do
+      User.delete_all
+    end
+    
+    it "should not send activation email to external users" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_external_user(:facebook)
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "should not send external users an activation success email" do
+      sorcery_model_property_set(:activation_success_email_method_name, nil)
+      create_new_external_user(:facebook)
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+  end
+  
+end

data/spec/rails3/app_root/spec/controller_oauth_spec.rb

@@ -0,0 +1,117 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require 'ostruct'
+
+def stub_all_oauth_requests!
+  @consumer = OAuth::Consumer.new("key","secret", :site => "http://myapi.com")
+  OAuth::Consumer.stub!(:new).and_return(@consumer)
+  
+  @req_token = OAuth::RequestToken.new(@consumer)
+  @consumer.stub!(:get_request_token).and_return(@req_token)
+  @acc_token = OAuth::AccessToken.new(@consumer)
+  @req_token.stub!(:get_access_token).and_return(@acc_token)
+  session[:request_token] = @req_token
+  response = OpenStruct.new()
+  response.body = {"following"=>false, "listed_count"=>0, "profile_link_color"=>"0084B4", "profile_image_url"=>"http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg", "description"=>"Programmer/Heavy Metal Fan/New Father", "status"=>{"text"=>"coming soon to sorcery gem: twitter and facebook authentication support.", "truncated"=>false, "favorited"=>false, "source"=>"web", "geo"=>nil, "in_reply_to_screen_name"=>nil, "in_reply_to_user_id"=>nil, "in_reply_to_status_id_str"=>nil, "created_at"=>"Sun Mar 06 23:01:12 +0000 2011", "contributors"=>nil, "place"=>nil, "retweeted"=>false, "in_reply_to_status_id"=>nil, "in_reply_to_user_id_str"=>nil, "coordinates"=>nil, "retweet_count"=>0, "id"=>44533012284706816, "id_str"=>"44533012284706816"}, "show_all_inline_media"=>false, "geo_enabled"=>true, "profile_sidebar_border_color"=>"a8c7f7", "url"=>nil, "followers_count"=>10, "screen_name"=>"nbenari", "profile_use_background_image"=>true, "location"=>"Israel", "statuses_count"=>25, "profile_background_color"=>"022330", "lang"=>"en", "verified"=>false, "notifications"=>false, "profile_background_image_url"=>"http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg", "favourites_count"=>5, "created_at"=>"Fri Nov 20 21:58:19 +0000 2009", "is_translator"=>false, "contributors_enabled"=>false, "protected"=>false, "follow_request_sent"=>false, "time_zone"=>"Greenland", "profile_text_color"=>"333333", "name"=>"Noam Ben Ari", "friends_count"=>10, "profile_sidebar_fill_color"=>"C0DFEC", "id"=>123, "id_str"=>"91434812", "profile_background_tile"=>false, "utc_offset"=>-10800}.to_json
+  @acc_token.stub!(:get).and_return(response)
+end
+
+describe ApplicationController do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/oauth")
+    sorcery_reload!([:oauth])
+    sorcery_controller_property_set(:oauth_providers, [:twitter])
+    sorcery_controller_oauth_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_oauth_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_oauth_property_set(:twitter, :callback_url, "http://blabla.com")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/oauth")
+  end
+  # ----------------- OAuth -----------------------
+  describe ApplicationController, "'login_from_access_token'" do
+  
+    before(:each) do
+      stub_all_oauth_requests!
+    end
+      
+    after(:each) do
+      User.delete_all
+    end
+    
+    it "auth_at_provider redirects correctly" do
+      create_new_user
+      get :auth_at_provider_test
+      response.should be_a_redirect
+      response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+    end
+    
+    it "logins if user exists" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_external_user(:twitter)
+      get :test_login_from_access_token, :oauth_verifier => "blablaRERASDFcxvSDFA"
+      flash[:notice].should == "Success!"
+    end
+    
+    it "'login_from_access_token' fails if user doesn't exist" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_user
+      get :test_login_from_access_token, :oauth_verifier => "blablaRERASDFcxvSDFA"
+      flash[:alert].should == "Failed!"
+    end
+  end
+  
+  describe ApplicationController, "'create_from_provider!'" do
+    before(:each) do
+      stub_all_oauth_requests!
+      User.delete_all
+    end
+      
+    it "should create a new user" do
+      sorcery_controller_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "screen_name"})
+      lambda do
+        get :test_create_from_provider, :provider => "twitter"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "nbenari"
+    end
+    
+    it "should support nested attributes" do
+      sorcery_controller_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "status/text"})
+      lambda do
+        get :test_create_from_provider, :provider => "twitter"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "coming soon to sorcery gem: twitter and facebook authentication support."
+    end
+  end
+  
+  describe ApplicationController, "OAuth with User Activation features" do
+    before(:all) do
+      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
+      sorcery_reload!([:user_activation,:oauth], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    after(:all) do
+      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
+    end
+    
+    after(:each) do
+      User.delete_all
+    end
+    
+    it "should not send activation email to external users" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_external_user(:twitter)
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "should not send external users an activation success email" do
+      sorcery_model_property_set(:activation_success_email_method_name, nil)
+      create_new_external_user(:twitter)
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+  end
+end