sorcery 0.11.0 → 0.12.0

data/lib/sorcery/model/submodules/reset_password.rb

@@ -16,6 +16,8 @@ module Sorcery
             attr_accessor :reset_password_token_attribute_name
             # Expires at attribute name.
             attr_accessor :reset_password_token_expires_at_attribute_name
+            # Counter access to reset password page
+            attr_accessor :reset_password_page_access_count_attribute_name
             # When was email sent, used for hammering protection.
             attr_accessor :reset_password_email_sent_at_attribute_name
             # Mailer class (needed)
@@ -34,6 +36,8 @@ module Sorcery
           base.sorcery_config.instance_eval do
             @defaults.merge!(:@reset_password_token_attribute_name            => :reset_password_token,
                              :@reset_password_token_expires_at_attribute_name => :reset_password_token_expires_at,
+                             :@reset_password_page_access_count_attribute_name =>
+                                 :access_count_to_reset_password_page,
                              :@reset_password_email_sent_at_attribute_name    => :reset_password_email_sent_at,
                              :@reset_password_mailer                          => nil,
                              :@reset_password_mailer_disabled                 => false,
@@ -103,6 +107,20 @@ module Sorcery
             end
             mail
           end
+          
+          # Increment access_count_to_reset_password_page attribute.
+          # For example, access_count_to_reset_password_page attribute is over 1, which
+          # means the user doesn't have a right to access.
+          def increment_password_reset_page_access_counter
+            sorcery_adapter.increment(self.sorcery_config.reset_password_page_access_count_attribute_name)
+          end
+          
+          # Reset access_count_to_reset_password_page attribute into 0.
+          # This is expected to be used after sending an instruction email.
+          def reset_password_reset_page_access_counter
+            send(:"#{sorcery_config.reset_password_page_access_count_attribute_name}=", 0)
+            sorcery_adapter.save
+          end
 
           # Clears token and tries to update the new password for the user.
           def change_password!(new_password)

data/lib/sorcery/model/temporary_token.rb

@@ -7,12 +7,14 @@ module Sorcery
     # such as reseting password and activating the user by email.
     module TemporaryToken
       def self.included(base)
+        # FIXME: This may not be the ideal way of passing sorcery_config to generate_random_token.
+        @sorcery_config = base.sorcery_config
         base.extend(ClassMethods)
       end
 
       # Random code, used for salt and temporary tokens.
       def self.generate_random_token
-        SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz')
+        SecureRandom.urlsafe_base64(@sorcery_config.token_randomness).tr('lIO0', 'sxyz')
       end
 
       module ClassMethods

data/lib/sorcery/providers/vk.rb

@@ -9,7 +9,7 @@ module Sorcery
     class Vk < Base
       include Protocols::Oauth2
 
-      attr_accessor :auth_path, :token_path, :user_info_url, :scope
+      attr_accessor :auth_path, :token_path, :user_info_url, :scope, :api_version
 
       def initialize
         super
@@ -28,7 +28,8 @@ module Sorcery
           access_token: access_token.token,
           uids:         access_token.params['user_id'],
           fields:       user_info_mapping.values.join(','),
-          scope:        scope
+          scope:        scope,
+          v:            api_version.to_s
         }
 
         response = access_token.get(user_info_url, params: params)

data/lib/sorcery/test_helpers/rails/request.rb

@@ -0,0 +1,20 @@
+module Sorcery
+  module TestHelpers
+    module Rails
+      module Request
+        # Accepts arguments for user to login, the password, route to use and HTTP method
+        # Defaults - @user, 'secret', 'user_sessions_url' and http_method: POST
+        def login_user(user = nil, password = 'secret', route = nil, http_method = :post)
+          user ||= @user
+          route ||= user_sessions_url
+
+          username_attr = user.sorcery_config.username_attribute_names.first
+          username = user.send(username_attr)
+          password_attr = user.sorcery_config.password_attribute_name
+
+          send(http_method, route, params: { "#{username_attr}": username, "#{password_attr}": password })
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = '0.11.0'
+  VERSION = '0.12.0'
 end

data/sorcery.gemspec

@@ -18,16 +18,17 @@ Gem::Specification.new do |s|
 
   s.licenses = ['MIT']
 
-  s.required_ruby_version = '>= 2.0.0'
+  s.required_ruby_version = '>= 2.2.2'
 
   s.add_dependency 'oauth', '~> 0.4', '>= 0.4.4'
   s.add_dependency 'oauth2', '~> 1.0', '>= 0.8.0'
   s.add_dependency 'bcrypt', '~> 3.1'
 
-  s.add_development_dependency 'yard', '~> 0.6.0'
+  s.add_development_dependency 'yard', '~> 0.9.0', '>= 0.9.12'
   s.add_development_dependency 'timecop'
   s.add_development_dependency 'simplecov', '>= 0.3.8'
-  s.add_development_dependency 'rspec-rails', '~> 3.5.0'
-  s.add_development_dependency 'test-unit', '~> 3.1.0'
-  s.add_development_dependency 'byebug', '~> 9.0.0'
+  s.add_development_dependency 'rspec-rails', '~> 3.7.0'
+  s.add_development_dependency 'test-unit', '~> 3.2.0'
+  s.add_development_dependency 'byebug', '~> 10.0.0'
+  s.add_development_dependency 'webmock', '~> 3.3.0'
 end

data/spec/active_record/user_magic_login_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+require 'shared_examples/user_magic_login_shared_examples'
+
+describe User, 'with magic_login submodule', active_record: true do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/magic_login")
+    User.reset_column_information
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/magic_login")
+  end
+  
+  it_behaves_like 'magic_login_model'
+end

data/spec/providers/vk_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'sorcery/providers/base'
+require 'sorcery/providers/vk'
+require 'webmock/rspec'
+
+describe Sorcery::Providers::Vk do
+  include WebMock::API
+
+  let(:provider) { Sorcery::Controller::Config.vk }
+
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:vk])
+    sorcery_controller_external_property_set(:vk, :key, "KEY")
+    sorcery_controller_external_property_set(:vk, :secret, "SECRET")
+  end
+
+  def stub_vk_authorize
+    stub_request(:post, /https\:\/\/oauth\.vk\.com\/access_token/)
+      .to_return(
+        status: 200,
+        body: '{"access_token":"TOKEN","expires_in":86329,"user_id":1}',
+        headers: {'content-type' => 'application/json'})
+  end
+
+  context "getting user info hash" do
+    it "should provide VK API version" do
+      stub_vk_authorize
+      sorcery_controller_external_property_set(:vk, :api_version, '5.71')
+
+      get_user = stub_request(:get, "https://api.vk.com/method/getProfiles?access_token=TOKEN&fields=&scope=email&uids=1&v=5.71")
+        .to_return(body: '{"response":[{"id":1}]}')
+
+      token = provider.process_callback({ code: 'CODE' }, nil)
+      provider.get_user_hash(token)
+
+      expect(get_user).to have_been_requested
+    end
+  end
+
+end

data/spec/rails_app/app/mailers/sorcery_mailer.rb

@@ -28,4 +28,11 @@ class SorceryMailer < ActionMailer::Base
     mail(to: user.email,
          subject: 'Your account has been locked due to many wrong logins')
   end
+  
+  def magic_login_email(user)
+    @user = user
+    @url  = 'http://example.com/login'
+    mail(to: user.email,
+         subject: 'Magic Login')
+  end
 end

data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+</head>
+<body>
+<h1>Hello, <%= @user.username %></h1>
+<p>
+  To login without a password, just follow this link: <%= @url %>.
+</p>
+<p>Have a great day!</p>
+</body>
+</html>

data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.text.erb

@@ -0,0 +1,6 @@
+Hello, <%= @user.username %>
+===============================================
+
+To login without a password, just follow this link: <%= @url %>.
+
+Have a great day!

data/spec/rails_app/db/migrate/magic_login/20170924151831_add_magic_login_to_users.rb

@@ -0,0 +1,17 @@
+class AddMagicLoginToUsers < ActiveRecord::CompatibleLegacyMigration.migration_class
+  def self.up
+    add_column :users, :magic_login_token, :string, default: nil
+    add_column :users, :magic_login_token_expires_at, :datetime, default: nil
+    add_column :users, :magic_login_email_sent_at, :datetime, default: nil
+    
+    add_index :users, :magic_login_token
+  end
+  
+  def self.down
+    remove_index :users, :magic_login_token
+    
+    remove_column :users, :magic_login_token
+    remove_column :users, :magic_login_token_expires_at
+    remove_column :users, :magic_login_email_sent_at
+  end
+end

data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb

@@ -3,11 +3,13 @@ class AddResetPasswordToUsers < ActiveRecord::CompatibleLegacyMigration.migratio
     add_column :users, :reset_password_token, :string, default: nil
     add_column :users, :reset_password_token_expires_at, :datetime, default: nil
     add_column :users, :reset_password_email_sent_at, :datetime, default: nil
+    add_column :users, :access_count_to_reset_password_page, :integer, default: 0
   end
 
   def self.down
     remove_column :users, :reset_password_email_sent_at
     remove_column :users, :reset_password_token_expires_at
     remove_column :users, :reset_password_token
+    remove_column :users, :access_count_to_reset_password_page
   end
 end

data/spec/shared_examples/user_magic_login_shared_examples.rb

@@ -0,0 +1,150 @@
+shared_examples_for "magic_login_model" do
+  let(:user) {create_new_user}
+  before(:each) do
+    User.sorcery_adapter.delete_all
+  end
+  
+  context 'loaded plugin configuration' do
+    let(:config) {User.sorcery_config}
+    
+    before(:all) do
+      sorcery_reload!([:magic_login])
+    end
+    
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+    
+    describe "enables configuration options" do
+      it do
+        sorcery_model_property_set(:magic_login_token_attribute_name, :test_magic_login_token)
+        expect(config.magic_login_token_attribute_name).to eq :test_magic_login_token
+      end
+      
+      it do
+        sorcery_model_property_set(:magic_login_token_expires_at_attribute_name, :test_magic_login_token_expires_at)
+        expect(config.magic_login_token_expires_at_attribute_name).to eq :test_magic_login_token_expires_at
+      end
+      
+      it do
+        sorcery_model_property_set(:magic_login_email_sent_at_attribute_name, :test_magic_login_email_sent_at)
+        expect(config.magic_login_email_sent_at_attribute_name).to eq :test_magic_login_email_sent_at
+      end
+      
+      it do
+        TestMailerClass = Class.new # need a mailer class to test
+        sorcery_model_property_set(:magic_login_mailer_class, TestMailerClass)
+        expect(config.magic_login_mailer_class).to eq TestMailerClass
+      end
+      
+      it do
+        sorcery_model_property_set(:magic_login_mailer_disabled, false)
+        expect(config.magic_login_mailer_disabled).to eq false
+      end
+      
+      it do
+        sorcery_model_property_set(:magic_login_email_method_name, :test_magic_login_email)
+        expect(config.magic_login_email_method_name).to eq :test_magic_login_email
+      end
+      
+      it do
+        sorcery_model_property_set(:magic_login_expiration_period, 100000000)
+        expect(config.magic_login_expiration_period).to eq 100000000
+      end
+      
+      it do
+        sorcery_model_property_set(:magic_login_time_between_emails, 100000000)
+        expect(config.magic_login_time_between_emails).to eq 100000000
+      end
+    end
+
+    describe "#generate_magic_login_token!" do
+      context "magic_login_token is nil" do
+        it "magic_login_token_expires_at and magic_login_email_sent_at aren't nil " do
+          user.generate_magic_login_token!
+          expect(user.magic_login_token_expires_at).not_to be_nil
+          expect(user.magic_login_email_sent_at).not_to be_nil
+        end
+        
+        it "magic_login_token is different from the one before" do
+          token_before = user.magic_login_token
+          user.generate_magic_login_token!
+          expect(user.magic_login_token).not_to eq token_before
+        end
+      end
+      
+      context "magic_login_token is not nil" do
+        it "changes `user.magic_login_token`" do
+          token_before = user.magic_login_token
+          user.generate_magic_login_token!
+          expect(user.magic_login_token).not_to eq token_before
+        end
+      end
+    end
+    
+    describe "#deliver_magic_login_instructions!" do
+      context "success" do
+        before do
+          sorcery_model_property_set(:magic_login_time_between_emails, 30*60)
+          sorcery_model_property_set(:magic_login_mailer_disabled, false)
+          Timecop.travel(10.days.ago) do
+            user.send(:"#{config.magic_login_email_sent_at_attribute_name}=", DateTime.now)
+          end
+          sorcery_model_property_set(:magic_login_mailer_class, ::SorceryMailer)
+        end
+        
+        it do
+          user.deliver_magic_login_instructions!
+          expect(ActionMailer::Base.deliveries.size).to eq 1
+        end
+        
+        it do
+          expect(user.deliver_magic_login_instructions!).to eq true
+        end
+      end
+
+      context "failure" do
+        context "magic_login_time_between_emails is nil" do
+          it "returns false" do
+            sorcery_model_property_set(:magic_login_time_between_emails, nil)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+  
+        context "magic_login_email_sent_at is nil" do
+          it "returns false" do
+            user.send(:"#{config.magic_login_email_sent_at_attribute_name}=", nil)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+  
+        context "now is before magic_login_email_sent_at plus the interval" do
+          it "returns false" do
+            user.send(:"#{config.magic_login_email_sent_at_attribute_name}=", DateTime.now)
+            sorcery_model_property_set(:magic_login_time_between_emails, 30*60)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+        
+        context "magic_login_mailer_disabled is true" do
+          it "returns false" do
+            sorcery_model_property_set(:magic_login_mailer_disabled, true)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+      end
+    end
+    
+    describe "#clear_magic_login_token!" do
+      it "makes magic_login_token_attribute_name and magic_login_token_expires_at_attribute_name nil" do
+        user.magic_login_token = "test_token"
+        user.magic_login_token_expires_at = Time.now
+        
+        user.clear_magic_login_token!
+
+        expect(user.magic_login_token).to eq nil
+        expect(user.magic_login_token_expires_at).to eq nil
+      end
+    end
+  end
+end

data/spec/shared_examples/user_reset_password_shared_examples.rb

@@ -214,6 +214,22 @@ shared_examples_for 'rails_3_reset_password_model' do
       expect(user.reset_password_token).not_to eq old_password_code
     end
 
+    describe '#increment_password_reset_page_access_counter' do
+      it 'increments reset_password_page_access_count_attribute_name' do
+        expected_count = user.access_count_to_reset_password_page + 1
+        user.increment_password_reset_page_access_counter
+        expect(user.access_count_to_reset_password_page).to eq expected_count
+      end
+    end
+
+    describe '#reset_password_reset_page_access_counter' do
+      it 'reset reset_password_page_access_count_attribute_name into 0' do
+        user.update(access_count_to_reset_password_page: 10)
+        user.reset_password_reset_page_access_counter
+        expect(user.access_count_to_reset_password_page).to eq 0
+      end
+    end
+
     context 'mailer is enabled' do
       it 'sends an email on reset' do
         old_size = ActionMailer::Base.deliveries.size

data/spec/sorcery_temporary_token_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe Sorcery::Model::TemporaryToken do
+  describe '.generate_random_token' do
+    before do
+      sorcery_reload!
+    end
+
+    subject { Sorcery::Model::TemporaryToken.generate_random_token.length }
+
+    context 'token_randomness is 3' do
+      before do
+        sorcery_model_property_set(:token_randomness, 3)
+      end
+
+      it { is_expected.to eq 4 }
+    end
+
+    context 'token_randomness is 15' do
+      before do
+        sorcery_model_property_set(:token_randomness, 15)
+      end
+
+      it { is_expected.to eq 20 }
+    end
+  end
+end