sorcery 0.1.4 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +4 -2
- data/Gemfile.lock +16 -13
- data/README.rdoc +149 -78
- data/Rakefile +5 -0
- data/VERSION +1 -1
- data/lib/generators/sorcery_migration/sorcery_migration_generator.rb +24 -0
- data/lib/generators/sorcery_migration/templates/activity_logging.rb +17 -0
- data/lib/generators/sorcery_migration/templates/brute_force_protection.rb +11 -0
- data/lib/generators/sorcery_migration/templates/core.rb +16 -0
- data/lib/generators/sorcery_migration/templates/external.rb +14 -0
- data/lib/generators/sorcery_migration/templates/remember_me.rb +15 -0
- data/lib/generators/sorcery_migration/templates/reset_password.rb +13 -0
- data/lib/generators/sorcery_migration/templates/user_activation.rb +17 -0
- data/lib/sorcery/controller/adapters/sinatra.rb +97 -0
- data/lib/sorcery/controller/submodules/activity_logging.rb +20 -7
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +9 -2
- data/lib/sorcery/controller/submodules/email.rb +44 -0
- data/lib/sorcery/controller/submodules/external/protocols/oauth1.rb +35 -0
- data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +26 -0
- data/lib/sorcery/controller/submodules/external/providers/facebook.rb +82 -0
- data/lib/sorcery/controller/submodules/external/providers/twitter.rb +86 -0
- data/lib/sorcery/controller/submodules/external.rb +83 -0
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +18 -9
- data/lib/sorcery/controller/submodules/oauth.rb +95 -0
- data/lib/sorcery/controller/submodules/remember_me.rb +14 -5
- data/lib/sorcery/controller/submodules/session_timeout.rb +6 -1
- data/lib/sorcery/controller.rb +30 -16
- data/lib/sorcery/engine.rb +9 -2
- data/lib/sorcery/model/submodules/activity_logging.rb +13 -8
- data/lib/sorcery/model/submodules/brute_force_protection.rb +11 -8
- data/lib/sorcery/model/submodules/external.rb +53 -0
- data/lib/sorcery/model/submodules/remember_me.rb +5 -3
- data/lib/sorcery/model/submodules/reset_password.rb +16 -13
- data/lib/sorcery/model/submodules/user_activation.rb +38 -19
- data/lib/sorcery/model/temporary_token.rb +22 -0
- data/lib/sorcery/model.rb +17 -7
- data/lib/sorcery/sinatra.rb +14 -0
- data/lib/sorcery/test_helpers/rails.rb +57 -0
- data/lib/sorcery/test_helpers/sinatra.rb +131 -0
- data/lib/sorcery/test_helpers.rb +40 -0
- data/lib/sorcery.rb +22 -0
- data/sorcery.gemspec +146 -41
- data/spec/Gemfile +3 -2
- data/spec/Gemfile.lock +15 -2
- data/spec/rails3/app_root/.rspec +1 -0
- data/spec/rails3/{Gemfile → app_root/Gemfile} +4 -4
- data/spec/rails3/{Gemfile.lock → app_root/Gemfile.lock} +23 -3
- data/spec/rails3/app_root/app/controllers/application_controller.rb +42 -1
- data/spec/rails3/app_root/app/models/authentication.rb +3 -0
- data/spec/rails3/app_root/app/models/user.rb +4 -1
- data/spec/rails3/app_root/config/application.rb +1 -3
- data/spec/rails3/app_root/config/routes.rb +1 -10
- data/spec/rails3/app_root/db/migrate/activation/20101224223622_add_activation_to_users.rb +6 -4
- data/spec/rails3/app_root/db/migrate/core/20101224223620_create_users.rb +4 -4
- data/spec/rails3/app_root/db/migrate/external/20101224223628_create_authentications.rb +14 -0
- data/spec/rails3/{controller_activity_logging_spec.rb → app_root/spec/controller_activity_logging_spec.rb} +13 -13
- data/spec/rails3/{controller_brute_force_protection_spec.rb → app_root/spec/controller_brute_force_protection_spec.rb} +16 -6
- data/spec/rails3/{controller_http_basic_auth_spec.rb → app_root/spec/controller_http_basic_auth_spec.rb} +3 -3
- data/spec/rails3/app_root/spec/controller_oauth2_spec.rb +119 -0
- data/spec/rails3/app_root/spec/controller_oauth_spec.rb +122 -0
- data/spec/rails3/{controller_remember_me_spec.rb → app_root/spec/controller_remember_me_spec.rb} +4 -4
- data/spec/rails3/{controller_session_timeout_spec.rb → app_root/spec/controller_session_timeout_spec.rb} +6 -6
- data/spec/rails3/{controller_spec.rb → app_root/spec/controller_spec.rb} +20 -13
- data/spec/rails3/app_root/spec/spec_helper.orig.rb +27 -0
- data/spec/rails3/app_root/spec/spec_helper.rb +62 -0
- data/spec/rails3/{user_activation_spec.rb → app_root/spec/user_activation_spec.rb} +60 -20
- data/spec/rails3/{user_activity_logging_spec.rb → app_root/spec/user_activity_logging_spec.rb} +4 -4
- data/spec/rails3/{user_brute_force_protection_spec.rb → app_root/spec/user_brute_force_protection_spec.rb} +7 -7
- data/spec/rails3/app_root/spec/user_oauth_spec.rb +39 -0
- data/spec/rails3/{user_remember_me_spec.rb → app_root/spec/user_remember_me_spec.rb} +4 -4
- data/spec/rails3/{user_reset_password_spec.rb → app_root/spec/user_reset_password_spec.rb} +21 -41
- data/spec/rails3/app_root/spec/user_spec.rb +317 -0
- data/spec/sinatra/Gemfile +12 -0
- data/spec/sinatra/Gemfile.lock +134 -0
- data/spec/sinatra/Rakefile +10 -0
- data/spec/sinatra/authentication.rb +3 -0
- data/spec/sinatra/db/migrate/activation/20101224223622_add_activation_to_users.rb +17 -0
- data/spec/sinatra/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
- data/spec/sinatra/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
- data/spec/sinatra/db/migrate/core/20101224223620_create_users.rb +16 -0
- data/spec/sinatra/db/migrate/external/20101224223628_create_authentications.rb +14 -0
- data/spec/sinatra/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +15 -0
- data/spec/sinatra/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
- data/spec/sinatra/filters.rb +21 -0
- data/spec/sinatra/myapp.rb +133 -0
- data/spec/sinatra/sorcery_mailer.rb +25 -0
- data/spec/sinatra/spec/controller_activity_logging_spec.rb +85 -0
- data/spec/sinatra/spec/controller_brute_force_protection_spec.rb +69 -0
- data/spec/sinatra/spec/controller_http_basic_auth_spec.rb +53 -0
- data/spec/sinatra/spec/controller_oauth2_spec.rb +119 -0
- data/spec/sinatra/spec/controller_oauth_spec.rb +121 -0
- data/spec/sinatra/spec/controller_remember_me_spec.rb +64 -0
- data/spec/sinatra/spec/controller_session_timeout_spec.rb +52 -0
- data/spec/sinatra/spec/controller_spec.rb +120 -0
- data/spec/sinatra/spec/spec.opts +4 -0
- data/spec/sinatra/spec/spec_helper.rb +44 -0
- data/spec/sinatra/spec/user_activation_spec.rb +188 -0
- data/spec/sinatra/spec/user_activity_logging_spec.rb +36 -0
- data/spec/sinatra/spec/user_brute_force_protection_spec.rb +76 -0
- data/spec/sinatra/spec/user_oauth_spec.rb +39 -0
- data/spec/sinatra/spec/user_remember_me_spec.rb +66 -0
- data/spec/sinatra/spec/user_reset_password_spec.rb +178 -0
- data/spec/{rails3 → sinatra/spec}/user_spec.rb +68 -38
- data/spec/sinatra/user.rb +6 -0
- data/spec/sinatra/views/test_login.erb +4 -0
- data/spec/untitled folder +18 -0
- metadata +203 -58
- data/spec/rails3/app_root/test/fixtures/users.yml +0 -9
- data/spec/rails3/app_root/test/performance/browsing_test.rb +0 -9
- data/spec/rails3/app_root/test/test_helper.rb +0 -13
- data/spec/rails3/app_root/test/unit/user_test.rb +0 -8
- data/spec/rails3/spec_helper.rb +0 -135
- /data/spec/rails3/{Rakefile → app_root/Rakefile} +0 -0
|
@@ -1,7 +1,14 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: ../../../
|
|
3
3
|
specs:
|
|
4
|
-
sorcery (0.1
|
|
4
|
+
sorcery (0.3.1)
|
|
5
|
+
bcrypt-ruby (~> 2.1.4)
|
|
6
|
+
json (>= 1.5.1)
|
|
7
|
+
oauth (>= 0.4.4)
|
|
8
|
+
oauth (>= 0.4.4)
|
|
9
|
+
oauth2 (>= 0.1.1)
|
|
10
|
+
oauth2 (>= 0.1.1)
|
|
11
|
+
rails (>= 3.0.0)
|
|
5
12
|
|
|
6
13
|
GEM
|
|
7
14
|
remote: http://rubygems.org/
|
|
@@ -33,6 +40,7 @@ GEM
|
|
|
33
40
|
activemodel (= 3.0.3)
|
|
34
41
|
activesupport (= 3.0.3)
|
|
35
42
|
activesupport (3.0.3)
|
|
43
|
+
addressable (2.2.4)
|
|
36
44
|
archive-tar-minitar (0.5.2)
|
|
37
45
|
arel (2.0.6)
|
|
38
46
|
bcrypt-ruby (2.1.4)
|
|
@@ -41,7 +49,12 @@ GEM
|
|
|
41
49
|
diff-lcs (1.1.2)
|
|
42
50
|
erubis (2.6.6)
|
|
43
51
|
abstract (>= 1.0.0)
|
|
52
|
+
faraday (0.5.5)
|
|
53
|
+
addressable (~> 2.2.4)
|
|
54
|
+
multipart-post (~> 1.1.0)
|
|
55
|
+
rack (< 2, >= 1.1.0)
|
|
44
56
|
i18n (0.5.0)
|
|
57
|
+
json (1.5.1)
|
|
45
58
|
linecache19 (0.5.11)
|
|
46
59
|
ruby_core_source (>= 0.1.4)
|
|
47
60
|
mail (2.2.13)
|
|
@@ -50,6 +63,12 @@ GEM
|
|
|
50
63
|
mime-types (~> 1.16)
|
|
51
64
|
treetop (~> 1.4.8)
|
|
52
65
|
mime-types (1.16)
|
|
66
|
+
multi_json (0.0.5)
|
|
67
|
+
multipart-post (1.1.0)
|
|
68
|
+
oauth (0.4.4)
|
|
69
|
+
oauth2 (0.1.1)
|
|
70
|
+
faraday (~> 0.5.0)
|
|
71
|
+
multi_json (~> 0.0.4)
|
|
53
72
|
polyglot (0.3.1)
|
|
54
73
|
rack (1.2.1)
|
|
55
74
|
rack-mount (0.6.13)
|
|
@@ -96,6 +115,7 @@ GEM
|
|
|
96
115
|
simplecov (0.3.9)
|
|
97
116
|
simplecov-html (>= 0.3.7)
|
|
98
117
|
simplecov-html (0.3.9)
|
|
118
|
+
spork (0.9.0.rc3)
|
|
99
119
|
sqlite3-ruby (1.3.2)
|
|
100
120
|
thor (0.14.6)
|
|
101
121
|
treetop (1.4.9)
|
|
@@ -106,11 +126,11 @@ PLATFORMS
|
|
|
106
126
|
ruby
|
|
107
127
|
|
|
108
128
|
DEPENDENCIES
|
|
109
|
-
bcrypt-ruby (~> 2.1.4)
|
|
110
129
|
rails (= 3.0.3)
|
|
111
130
|
rspec
|
|
112
131
|
rspec-rails
|
|
113
132
|
ruby-debug19
|
|
114
133
|
simplecov (>= 0.3.8)
|
|
115
|
-
sorcery (= 0.1
|
|
134
|
+
sorcery (= 0.3.1)!
|
|
135
|
+
spork (~> 0.9.0.rc)
|
|
116
136
|
sqlite3-ruby
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'oauth'
|
|
2
|
+
|
|
1
3
|
class ApplicationController < ActionController::Base
|
|
2
4
|
protect_from_forgery
|
|
3
5
|
|
|
@@ -18,6 +20,11 @@ class ApplicationController < ActionController::Base
|
|
|
18
20
|
render :text => ""
|
|
19
21
|
end
|
|
20
22
|
|
|
23
|
+
def test_return_to
|
|
24
|
+
@user = login(params[:username], params[:password])
|
|
25
|
+
redirect_back_or_to(:index, :notice => 'haha!')
|
|
26
|
+
end
|
|
27
|
+
|
|
21
28
|
def test_logout
|
|
22
29
|
logout
|
|
23
30
|
render :text => ""
|
|
@@ -43,7 +50,7 @@ class ApplicationController < ActionController::Base
|
|
|
43
50
|
end
|
|
44
51
|
|
|
45
52
|
def test_login_from_cookie
|
|
46
|
-
@user =
|
|
53
|
+
@user = current_user
|
|
47
54
|
render :text => ""
|
|
48
55
|
end
|
|
49
56
|
|
|
@@ -59,6 +66,40 @@ class ApplicationController < ActionController::Base
|
|
|
59
66
|
render :text => "HTTP Basic Auth"
|
|
60
67
|
end
|
|
61
68
|
|
|
69
|
+
def login_at_test
|
|
70
|
+
login_at(:twitter)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def login_at_test2
|
|
74
|
+
login_at(:facebook)
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def test_login_from
|
|
78
|
+
if @user = login_from(:twitter)
|
|
79
|
+
redirect_to "bla", :notice => "Success!"
|
|
80
|
+
else
|
|
81
|
+
redirect_to "blu", :alert => "Failed!"
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def test_login_from2
|
|
86
|
+
if @user = login_from(:facebook)
|
|
87
|
+
redirect_to "bla", :notice => "Success!"
|
|
88
|
+
else
|
|
89
|
+
redirect_to "blu", :alert => "Failed!"
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def test_create_from_provider
|
|
94
|
+
provider = params[:provider]
|
|
95
|
+
login_from(provider)
|
|
96
|
+
if @user = create_from(provider)
|
|
97
|
+
redirect_to "bla", :notice => "Success!"
|
|
98
|
+
else
|
|
99
|
+
redirect_to "blu", :alert => "Failed!"
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
62
103
|
protected
|
|
63
104
|
|
|
64
105
|
|
|
@@ -38,9 +38,7 @@ module AppRoot
|
|
|
38
38
|
|
|
39
39
|
# Configure sensitive parameters which will be filtered from the log file.
|
|
40
40
|
config.filter_parameters += [:password]
|
|
41
|
-
|
|
42
|
-
config.root = File.expand_path('../..', __FILE__)
|
|
43
|
-
|
|
41
|
+
|
|
44
42
|
config.action_mailer.delivery_method = :test
|
|
45
43
|
|
|
46
44
|
config.active_support.deprecation = :stderr
|
|
@@ -1,14 +1,5 @@
|
|
|
1
1
|
AppRoot::Application.routes.draw do
|
|
2
2
|
root :to => "application#index"
|
|
3
|
-
match '/test_login', :to => "application#test_login"
|
|
4
|
-
match '/test_logout', :to => "application#test_logout"
|
|
5
|
-
match '/some_action', :to => "application#some_action"
|
|
6
|
-
match '/test_logout_with_remember', :to => "application#test_logout_with_remember"
|
|
7
|
-
match '/test_login_with_remember', :to => 'application#test_login_with_remember'
|
|
8
|
-
match '/test_login_with_remember_in_login', :to => 'application#test_login_with_remember_in_login'
|
|
9
|
-
match '/test_login_from_cookie', :to => 'application#test_login_from_cookie'
|
|
10
|
-
match '/test_should_be_logged_in', :to => 'application#test_should_be_logged_in'
|
|
11
|
-
match '/test_http_basic_auth', :to => 'application#test_http_basic_auth'
|
|
12
3
|
# The priority is based upon order of creation:
|
|
13
4
|
# first created -> highest priority.
|
|
14
5
|
|
|
@@ -64,5 +55,5 @@ AppRoot::Application.routes.draw do
|
|
|
64
55
|
|
|
65
56
|
# This is a legacy wild controller route that's not recommended for RESTful applications.
|
|
66
57
|
# Note: This route will make all actions in every controller accessible via GET requests.
|
|
67
|
-
|
|
58
|
+
match ':controller(/:action(/:id(.:format)))'
|
|
68
59
|
end
|
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
class AddActivationToUsers < ActiveRecord::Migration
|
|
2
2
|
def self.up
|
|
3
3
|
add_column :users, :activation_state, :string, :default => nil
|
|
4
|
-
add_column :users, :
|
|
4
|
+
add_column :users, :activation_token, :string, :default => nil
|
|
5
|
+
add_column :users, :activation_token_expires_at, :datetime, :default => nil
|
|
5
6
|
|
|
6
|
-
add_index :users, :
|
|
7
|
+
add_index :users, :activation_token
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
def self.down
|
|
10
|
-
remove_index :users, :
|
|
11
|
+
remove_index :users, :activation_token
|
|
11
12
|
|
|
12
|
-
remove_column :users, :
|
|
13
|
+
remove_column :users, :activation_token_expires_at
|
|
14
|
+
remove_column :users, :activation_token
|
|
13
15
|
remove_column :users, :activation_state
|
|
14
16
|
end
|
|
15
17
|
end
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
class CreateUsers < ActiveRecord::Migration
|
|
2
2
|
def self.up
|
|
3
3
|
create_table :users do |t|
|
|
4
|
-
t.string :username
|
|
5
|
-
t.string :email,
|
|
6
|
-
t.string :crypted_password
|
|
7
|
-
t.string :salt
|
|
4
|
+
t.string :username, :null => false
|
|
5
|
+
t.string :email, :default => nil
|
|
6
|
+
t.string :crypted_password, :default => nil
|
|
7
|
+
t.string :salt, :default => nil
|
|
8
8
|
|
|
9
9
|
t.timestamps
|
|
10
10
|
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
class CreateAuthentications < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
create_table :authentications do |t|
|
|
4
|
+
t.integer :user_id, :null => false
|
|
5
|
+
t.string :provider, :uid, :null => false
|
|
6
|
+
|
|
7
|
+
t.timestamps
|
|
8
|
+
end
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def self.down
|
|
12
|
+
drop_table :authentications
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -12,7 +12,7 @@ describe ApplicationController do
|
|
|
12
12
|
# ----------------- ACTIVITY LOGGING -----------------------
|
|
13
13
|
describe ApplicationController, "with activity logging features" do
|
|
14
14
|
before(:all) do
|
|
15
|
-
|
|
15
|
+
sorcery_reload!([:activity_logging])
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
before(:each) do
|
|
@@ -23,12 +23,12 @@ describe ApplicationController do
|
|
|
23
23
|
User.delete_all
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
it "should respond to '
|
|
27
|
-
subject.should respond_to(:
|
|
26
|
+
it "should respond to 'current_users'" do
|
|
27
|
+
subject.should respond_to(:current_users)
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
it "'
|
|
31
|
-
subject.
|
|
30
|
+
it "'current_users' should be empty when no users are logged in" do
|
|
31
|
+
subject.current_users.size.should == 0
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
it "should log login time on login" do
|
|
@@ -56,14 +56,14 @@ describe ApplicationController do
|
|
|
56
56
|
User.first.last_activity_at.to_s(:db).should <= (now+2).to_s(:db)
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
-
it "'
|
|
59
|
+
it "'current_users' should hold the user object when 1 user is logged in" do
|
|
60
60
|
login_user
|
|
61
61
|
get :some_action
|
|
62
|
-
subject.
|
|
63
|
-
subject.
|
|
62
|
+
subject.current_users.size.should == 1
|
|
63
|
+
subject.current_users[0].should == @user
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
-
it "'
|
|
66
|
+
it "'current_users' should show all current_users, whether they have logged out before or not." do
|
|
67
67
|
user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
|
|
68
68
|
login_user(user1)
|
|
69
69
|
get :some_action
|
|
@@ -75,10 +75,10 @@ describe ApplicationController do
|
|
|
75
75
|
user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
|
|
76
76
|
login_user(user3)
|
|
77
77
|
get :some_action
|
|
78
|
-
subject.
|
|
79
|
-
subject.
|
|
80
|
-
subject.
|
|
81
|
-
subject.
|
|
78
|
+
subject.current_users.size.should == 3
|
|
79
|
+
subject.current_users[0].should == user1
|
|
80
|
+
subject.current_users[1].should == user2
|
|
81
|
+
subject.current_users[2].should == user3
|
|
82
82
|
end
|
|
83
83
|
end
|
|
84
84
|
end
|
|
@@ -12,13 +12,13 @@ describe ApplicationController do
|
|
|
12
12
|
# ----------------- SESSION TIMEOUT -----------------------
|
|
13
13
|
describe ApplicationController, "with brute force protection features" do
|
|
14
14
|
before(:all) do
|
|
15
|
-
|
|
15
|
+
sorcery_reload!([:brute_force_protection])
|
|
16
16
|
create_new_user
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
after(:each) do
|
|
20
20
|
Sorcery::Controller::Config.reset!
|
|
21
|
-
|
|
21
|
+
sorcery_controller_property_set(:user_class, User)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
it "should count login retries" do
|
|
@@ -27,7 +27,7 @@ describe ApplicationController do
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
it "should reset the counter on a good login" do
|
|
30
|
-
|
|
30
|
+
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
|
|
31
31
|
3.times {get :test_login, :username => 'gizmo', :password => 'blabla'}
|
|
32
32
|
get :test_login, :username => 'gizmo', :password => 'secret'
|
|
33
33
|
User.find_by_username('gizmo').failed_logins_count.should == 0
|
|
@@ -35,14 +35,14 @@ describe ApplicationController do
|
|
|
35
35
|
|
|
36
36
|
it "should lock user when number of retries reached the limit" do
|
|
37
37
|
User.find_by_username('gizmo').lock_expires_at.should be_nil
|
|
38
|
-
|
|
38
|
+
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
|
|
39
39
|
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
40
40
|
User.find_by_username('gizmo').lock_expires_at.should_not be_nil
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
it "should unlock after lock time period passes" do
|
|
44
|
-
|
|
45
|
-
|
|
44
|
+
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
|
|
45
|
+
sorcery_model_property_set(:login_lock_time_period, 0.2)
|
|
46
46
|
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
47
47
|
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
48
48
|
User.find_by_username('gizmo').lock_expires_at.should_not be_nil
|
|
@@ -51,5 +51,15 @@ describe ApplicationController do
|
|
|
51
51
|
User.find_by_username('gizmo').lock_expires_at.should be_nil
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
+
it "should not unlock if time period is 0 (permanent lock)" do
|
|
55
|
+
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
|
|
56
|
+
sorcery_model_property_set(:login_lock_time_period, 0)
|
|
57
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
58
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
59
|
+
unlock_date = User.find_by_username('gizmo').lock_expires_at
|
|
60
|
+
sleep 1
|
|
61
|
+
get :test_login, :username => 'gizmo', :password => 'blabla'
|
|
62
|
+
User.find_by_username('gizmo').lock_expires_at.to_s.should == unlock_date.to_s
|
|
63
|
+
end
|
|
54
64
|
end
|
|
55
65
|
end
|
|
@@ -5,7 +5,7 @@ describe ApplicationController do
|
|
|
5
5
|
# ----------------- HTTP BASIC AUTH -----------------------
|
|
6
6
|
describe ApplicationController, "with http basic auth features" do
|
|
7
7
|
before(:all) do
|
|
8
|
-
|
|
8
|
+
sorcery_reload!([:http_basic_auth])
|
|
9
9
|
create_new_user
|
|
10
10
|
end
|
|
11
11
|
|
|
@@ -31,12 +31,12 @@ describe ApplicationController do
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
it "should allow configuration option 'controller_to_realm_map'" do
|
|
34
|
-
|
|
34
|
+
sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
|
|
35
35
|
Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
it "should display the correct realm name configured for the controller" do
|
|
39
|
-
|
|
39
|
+
sorcery_controller_property_set(:controller_to_realm_map, {"application" => "Salad"})
|
|
40
40
|
get :test_http_basic_auth
|
|
41
41
|
response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
|
|
42
42
|
end
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
+
|
|
3
|
+
def stub_all_oauth2_requests!
|
|
4
|
+
@client = OAuth2::Client.new("key","secret", :site => "http://myapi.com")
|
|
5
|
+
OAuth2::Client.stub!(:new).and_return(@client)
|
|
6
|
+
@acc_token = OAuth2::AccessToken.new(@client, "", "asd", nil, {})
|
|
7
|
+
@webby = @client.web_server
|
|
8
|
+
OAuth2::Strategy::WebServer.stub!(:new).and_return(@webby)
|
|
9
|
+
@webby.stub!(:get_access_token).and_return(@acc_token)
|
|
10
|
+
@acc_token.stub!(:get).and_return({"id"=>"123", "name"=>"Noam Ben Ari", "first_name"=>"Noam", "last_name"=>"Ben Ari", "link"=>"http://www.facebook.com/nbenari1", "hometown"=>{"id"=>"110619208966868", "name"=>"Haifa, Israel"}, "location"=>{"id"=>"106906559341067", "name"=>"Pardes Hanah, Hefa, Israel"}, "bio"=>"I'm a new daddy, and enjoying it!", "gender"=>"male", "email"=>"nbenari@gmail.com", "timezone"=>2, "locale"=>"en_US", "languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}], "verified"=>true, "updated_time"=>"2011-02-16T20:59:38+0000"}.to_json)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
describe ApplicationController do
|
|
14
|
+
before(:all) do
|
|
15
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
|
16
|
+
sorcery_reload!([:external])
|
|
17
|
+
sorcery_controller_property_set(:external_providers, [:facebook])
|
|
18
|
+
sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
|
|
19
|
+
sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
20
|
+
sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
after(:all) do
|
|
24
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
|
|
25
|
+
end
|
|
26
|
+
# ----------------- OAuth -----------------------
|
|
27
|
+
describe ApplicationController, "with OAuth features" do
|
|
28
|
+
|
|
29
|
+
before(:each) do
|
|
30
|
+
stub_all_oauth2_requests!
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
after(:each) do
|
|
34
|
+
User.delete_all
|
|
35
|
+
Authentication.delete_all
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
it "login_at redirects correctly" do
|
|
39
|
+
create_new_user
|
|
40
|
+
get :login_at_test2
|
|
41
|
+
response.should be_a_redirect
|
|
42
|
+
response.should redirect_to("http://myapi.com/oauth/authorize?client_id=key&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&type=web_server")
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
it "'login_from' logins if user exists" do
|
|
46
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
47
|
+
create_new_external_user(:facebook)
|
|
48
|
+
get :test_login_from2
|
|
49
|
+
flash[:notice].should == "Success!"
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
it "'login_from' fails if user doesn't exist" do
|
|
53
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
54
|
+
create_new_user
|
|
55
|
+
get :test_login_from2
|
|
56
|
+
flash[:alert].should == "Failed!"
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
describe ApplicationController, "'create_from'" do
|
|
61
|
+
before(:each) do
|
|
62
|
+
stub_all_oauth2_requests!
|
|
63
|
+
User.delete_all
|
|
64
|
+
Authentication.delete_all
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
it "should create a new user" do
|
|
68
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
69
|
+
sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "name"})
|
|
70
|
+
lambda do
|
|
71
|
+
get :test_create_from_provider, :provider => "facebook"
|
|
72
|
+
end.should change(User, :count).by(1)
|
|
73
|
+
User.first.username.should == "Noam Ben Ari"
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
it "should support nested attributes" do
|
|
77
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
78
|
+
sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "hometown/name"})
|
|
79
|
+
lambda do
|
|
80
|
+
get :test_create_from_provider, :provider => "facebook"
|
|
81
|
+
end.should change(User, :count).by(1)
|
|
82
|
+
User.first.username.should == "Haifa, Israel"
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
describe ApplicationController, "OAuth with User Activation features" do
|
|
87
|
+
before(:all) do
|
|
88
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
|
|
89
|
+
sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
|
|
90
|
+
sorcery_controller_property_set(:external_providers, [:facebook])
|
|
91
|
+
sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
|
|
92
|
+
sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
93
|
+
sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
after(:all) do
|
|
97
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
after(:each) do
|
|
101
|
+
User.delete_all
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
it "should not send activation email to external users" do
|
|
105
|
+
old_size = ActionMailer::Base.deliveries.size
|
|
106
|
+
create_new_external_user(:facebook)
|
|
107
|
+
ActionMailer::Base.deliveries.size.should == old_size
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
it "should not send external users an activation success email" do
|
|
111
|
+
sorcery_model_property_set(:activation_success_email_method_name, nil)
|
|
112
|
+
create_new_external_user(:facebook)
|
|
113
|
+
old_size = ActionMailer::Base.deliveries.size
|
|
114
|
+
@user.activate!
|
|
115
|
+
ActionMailer::Base.deliveries.size.should == old_size
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
end
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
+
require 'ostruct'
|
|
3
|
+
|
|
4
|
+
def stub_all_oauth_requests!
|
|
5
|
+
@consumer = OAuth::Consumer.new("key","secret", :site => "http://myapi.com")
|
|
6
|
+
OAuth::Consumer.stub!(:new).and_return(@consumer)
|
|
7
|
+
|
|
8
|
+
@req_token = OAuth::RequestToken.new(@consumer)
|
|
9
|
+
@consumer.stub!(:get_request_token).and_return(@req_token)
|
|
10
|
+
@acc_token = OAuth::AccessToken.new(@consumer)
|
|
11
|
+
@req_token.stub!(:get_access_token).and_return(@acc_token)
|
|
12
|
+
session[:request_token] = @req_token.token
|
|
13
|
+
session[:request_token_secret] = @req_token.secret
|
|
14
|
+
OAuth::RequestToken.stub!(:new).and_return(@req_token)
|
|
15
|
+
response = OpenStruct.new()
|
|
16
|
+
response.body = {"following"=>false, "listed_count"=>0, "profile_link_color"=>"0084B4", "profile_image_url"=>"http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg", "description"=>"Programmer/Heavy Metal Fan/New Father", "status"=>{"text"=>"coming soon to sorcery gem: twitter and facebook authentication support.", "truncated"=>false, "favorited"=>false, "source"=>"web", "geo"=>nil, "in_reply_to_screen_name"=>nil, "in_reply_to_user_id"=>nil, "in_reply_to_status_id_str"=>nil, "created_at"=>"Sun Mar 06 23:01:12 +0000 2011", "contributors"=>nil, "place"=>nil, "retweeted"=>false, "in_reply_to_status_id"=>nil, "in_reply_to_user_id_str"=>nil, "coordinates"=>nil, "retweet_count"=>0, "id"=>44533012284706816, "id_str"=>"44533012284706816"}, "show_all_inline_media"=>false, "geo_enabled"=>true, "profile_sidebar_border_color"=>"a8c7f7", "url"=>nil, "followers_count"=>10, "screen_name"=>"nbenari", "profile_use_background_image"=>true, "location"=>"Israel", "statuses_count"=>25, "profile_background_color"=>"022330", "lang"=>"en", "verified"=>false, "notifications"=>false, "profile_background_image_url"=>"http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg", "favourites_count"=>5, "created_at"=>"Fri Nov 20 21:58:19 +0000 2009", "is_translator"=>false, "contributors_enabled"=>false, "protected"=>false, "follow_request_sent"=>false, "time_zone"=>"Greenland", "profile_text_color"=>"333333", "name"=>"Noam Ben Ari", "friends_count"=>10, "profile_sidebar_fill_color"=>"C0DFEC", "id"=>123, "id_str"=>"91434812", "profile_background_tile"=>false, "utc_offset"=>-10800}.to_json
|
|
17
|
+
@acc_token.stub!(:get).and_return(response)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
describe ApplicationController do
|
|
21
|
+
before(:all) do
|
|
22
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
|
23
|
+
sorcery_reload!([:external])
|
|
24
|
+
sorcery_controller_property_set(:external_providers, [:twitter])
|
|
25
|
+
sorcery_controller_oauth_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
|
|
26
|
+
sorcery_controller_oauth_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
27
|
+
sorcery_controller_oauth_property_set(:twitter, :callback_url, "http://blabla.com")
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
after(:all) do
|
|
31
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
|
|
32
|
+
end
|
|
33
|
+
# ----------------- OAuth -----------------------
|
|
34
|
+
describe ApplicationController, "'login_from'" do
|
|
35
|
+
|
|
36
|
+
before(:each) do
|
|
37
|
+
stub_all_oauth_requests!
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
after(:each) do
|
|
41
|
+
User.delete_all
|
|
42
|
+
Authentication.delete_all
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
it "login_at redirects correctly" do
|
|
46
|
+
create_new_user
|
|
47
|
+
get :login_at_test
|
|
48
|
+
response.should be_a_redirect
|
|
49
|
+
response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
it "logins if user exists" do
|
|
53
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
54
|
+
create_new_external_user(:twitter)
|
|
55
|
+
get :test_login_from, :oauth_verifier => "blablaRERASDFcxvSDFA"
|
|
56
|
+
flash[:notice].should == "Success!"
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
it "'login_from' fails if user doesn't exist" do
|
|
60
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
61
|
+
create_new_user
|
|
62
|
+
get :test_login_from, :oauth_verifier => "blablaRERASDFcxvSDFA"
|
|
63
|
+
flash[:alert].should == "Failed!"
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
describe ApplicationController, "'create_from'" do
|
|
68
|
+
before(:each) do
|
|
69
|
+
stub_all_oauth_requests!
|
|
70
|
+
User.delete_all
|
|
71
|
+
Authentication.delete_all
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
it "should create a new user" do
|
|
75
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
76
|
+
sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "screen_name"})
|
|
77
|
+
lambda do
|
|
78
|
+
get :test_create_from_provider, :provider => "twitter"
|
|
79
|
+
end.should change(User, :count).by(1)
|
|
80
|
+
User.first.username.should == "nbenari"
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
it "should support nested attributes" do
|
|
84
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
85
|
+
sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "status/text"})
|
|
86
|
+
lambda do
|
|
87
|
+
get :test_create_from_provider, :provider => "twitter"
|
|
88
|
+
end.should change(User, :count).by(1)
|
|
89
|
+
User.first.username.should == "coming soon to sorcery gem: twitter and facebook authentication support."
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
describe ApplicationController, "OAuth with User Activation features" do
|
|
94
|
+
before(:all) do
|
|
95
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
|
|
96
|
+
sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
after(:all) do
|
|
100
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
after(:each) do
|
|
104
|
+
User.delete_all
|
|
105
|
+
Authentication.delete_all
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
it "should not send activation email to external users" do
|
|
109
|
+
old_size = ActionMailer::Base.deliveries.size
|
|
110
|
+
create_new_external_user(:twitter)
|
|
111
|
+
ActionMailer::Base.deliveries.size.should == old_size
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
it "should not send external users an activation success email" do
|
|
115
|
+
sorcery_model_property_set(:activation_success_email_method_name, nil)
|
|
116
|
+
create_new_external_user(:twitter)
|
|
117
|
+
old_size = ActionMailer::Base.deliveries.size
|
|
118
|
+
@user.activate!
|
|
119
|
+
ActionMailer::Base.deliveries.size.should == old_size
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
data/spec/rails3/{controller_remember_me_spec.rb → app_root/spec/controller_remember_me_spec.rb}
RENAMED
|
@@ -6,7 +6,7 @@ describe ApplicationController do
|
|
|
6
6
|
describe ApplicationController, "with remember me features" do
|
|
7
7
|
before(:all) do
|
|
8
8
|
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
|
|
9
|
-
|
|
9
|
+
sorcery_reload!([:remember_me])
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
before(:each) do
|
|
@@ -25,7 +25,7 @@ describe ApplicationController do
|
|
|
25
25
|
|
|
26
26
|
it "should set cookie on remember_me!" do
|
|
27
27
|
post :test_login_with_remember, :username => 'gizmo', :password => 'secret'
|
|
28
|
-
cookies["remember_me_token"].should == assigns[:
|
|
28
|
+
cookies["remember_me_token"].should == assigns[:current_user].remember_me_token
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
it "should clear cookie on forget_me!" do
|
|
@@ -50,11 +50,11 @@ describe ApplicationController do
|
|
|
50
50
|
session[:user_id] = @user.id
|
|
51
51
|
subject.remember_me!
|
|
52
52
|
subject.instance_eval do
|
|
53
|
-
@
|
|
53
|
+
@current_user = nil
|
|
54
54
|
end
|
|
55
55
|
session[:user_id] = nil
|
|
56
56
|
get :test_login_from_cookie
|
|
57
|
-
assigns[:
|
|
57
|
+
assigns[:current_user].should == @user
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
it "should not remember_me! when not asked to" do
|