sorcery 0.11.0 → 0.15.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: bc71bccb13f8e3fcbbf0b94f660a98bc34cc4826
-  data.tar.gz: 9c60fb5db29c7a41378e7c45234b0b0e9df47501
+SHA256:
+  metadata.gz: b37df18790461644fdba1a9c1e960b21304a37d993432da9fe6468675f6c952b
+  data.tar.gz: 64745f0bab25339445a18a79e3f4bd0b75744dead50f4f019992514345900689
 SHA512:
-  metadata.gz: c557af8ef3828be476750ba465ea4d3c7a34f5ccbf975c5c731d0841891de4f77d56fa867dfd55be9424a2eea0eed768cdfe1a104e6ed70ae643207bb2573eb1
-  data.tar.gz: 582ea847785099a70c4866feee1b1f891a411e4f572ff89497ac353914cffe78669102d8a7a6b76c208976894ca932f83e61e590645306e7b5a9c3ebc6868bc2
+  metadata.gz: d8374546082aefa223105d535b7be46106df05aba3619785650ac0f52e3d84b0dc3eefa41c95678e9eef7ba0058bb01daf416661591fa0d794d503ffc23cc09e
+  data.tar.gz: 703e0811017208689ecdecb2588973583e5dc167e420559b8e96731b764d2076aa4c4ab9a2df9186c09d18ddb259de3b4a52b29baf0fa8cfbdeb860b5799224e

data/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,20 @@
+Please complete all sections.
+
+### Configuration
+
+- Sorcery Version: ``
+- Ruby Version: ``
+- Framework: ``
+- Platform: ``
+
+### Expected Behavior
+
+Tell us what should happen.
+
+### Actual Behavior
+
+Tell us what happens instead.
+
+### Steps to Reproduce
+
+Please list all steps to reproduce the issue.

data/.rubocop.yml

@@ -0,0 +1,55 @@
+inherit_from: .rubocop_todo.yml
+
+AllCops:
+  Exclude:
+    - 'lib/generators/sorcery/templates/**/*'
+  TargetRubyVersion: 2.6
+
+# See: https://github.com/rubocop-hq/rubocop/issues/3344
+Style/DoubleNegation:
+  Enabled: false
+
+####################
+## Pre-1.0.0 Code ##
+####################
+
+Metrics/AbcSize:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Metrics/BlockLength:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Layout/LineLength:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Metrics/ClassLength:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Metrics/CyclomaticComplexity:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Metrics/MethodLength:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Metrics/PerceivedComplexity:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Naming/AccessorMethodName:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Naming/PredicateName:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'
+Style/Documentation:
+  Exclude:
+    - 'lib/**/*'
+    - 'spec/**/*'

data/.rubocop_todo.yml

@@ -0,0 +1,145 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2019-12-18 16:18:24 -0800 using RuboCop version 0.78.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Configuration parameters: Include.
+# Include: **/*.gemspec
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'sorcery.gemspec'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowAdjacentOneLineDefs, NumberOfEmptyLines.
+Layout/EmptyLineBetweenDefs:
+  Exclude:
+    - 'lib/sorcery/providers/line.rb'
+
+# Offense count: 83
+# Cop supports --auto-correct.
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/HashAlignment:
+  Enabled: false
+
+# Offense count: 2
+# Configuration parameters: AllowSafeAssignment.
+Lint/AssignmentInCondition:
+  Exclude:
+    - 'spec/rails_app/app/controllers/sorcery_controller.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Lint/NonDeterministicRequireOrder:
+  Exclude:
+    - 'spec/spec_helper.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+Lint/RedundantCopDisableDirective:
+  Exclude:
+    - 'lib/sorcery/controller.rb'
+    - 'lib/sorcery/model.rb'
+    - 'spec/rails_app/config/application.rb'
+    - 'spec/shared_examples/user_shared_examples.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+Lint/SendWithMixinArgument:
+  Exclude:
+    - 'lib/sorcery.rb'
+    - 'lib/sorcery/engine.rb'
+    - 'lib/sorcery/test_helpers/internal/rails.rb'
+
+# Offense count: 4
+# Configuration parameters: AllowComments.
+Lint/SuppressedException:
+  Exclude:
+    - 'lib/sorcery/controller.rb'
+    - 'lib/sorcery/model.rb'
+    - 'spec/rails_app/config/application.rb'
+    - 'spec/shared_examples/user_shared_examples.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'spec/shared_examples/user_shared_examples.rb'
+
+# Offense count: 1
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: annotated, template, unannotated
+Style/FormatStringToken:
+  Exclude:
+    - 'lib/generators/sorcery/install_generator.rb'
+
+# Offense count: 121
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: always, never
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+# Offense count: 3
+# Configuration parameters: MinBodyLength.
+Style/GuardClause:
+  Exclude:
+    - 'lib/sorcery/controller/submodules/brute_force_protection.rb'
+    - 'lib/sorcery/controller/submodules/http_basic_auth.rb'
+    - 'lib/sorcery/controller/submodules/remember_me.rb'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
+# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
+Style/HashSyntax:
+  Exclude:
+    - 'lib/sorcery/adapters/active_record_adapter.rb'
+    - 'lib/sorcery/test_helpers/rails/integration.rb'
+
+# Offense count: 49
+# Cop supports --auto-correct.
+Style/IfUnlessModifier:
+  Enabled: false
+
+# Offense count: 2
+# Cop supports --auto-correct.
+Style/RedundantBegin:
+  Exclude:
+    - 'lib/sorcery/controller.rb'
+    - 'lib/sorcery/model.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
+# AllowedMethods: present?, blank?, presence, try, try!
+Style/SafeNavigation:
+  Exclude:
+    - 'lib/sorcery/controller/config.rb'
+    - 'lib/sorcery/controller/submodules/brute_force_protection.rb'
+    - 'lib/sorcery/controller/submodules/remember_me.rb'
+    - 'lib/sorcery/model.rb'
+
+# Offense count: 7
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
+# SupportedStyles: single_quotes, double_quotes
+Style/StringLiterals:
+  Exclude:
+    - 'spec/controllers/controller_oauth2_spec.rb'
+    - 'spec/sorcery_crypto_providers_spec.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+Style/UnpackFirst:
+  Exclude:
+    - 'lib/sorcery/crypto_providers/aes256.rb'
+    - 'spec/sorcery_crypto_providers_spec.rb'

data/.travis.yml

@@ -1,57 +1,8 @@
 language: ruby
 rvm:
-  - jruby
-  - 2.0.0
-  - 2.1.10
-  - 2.2.6
-  - 2.3.3
-  - 2.4.0
-
-env:
-  global:
-    - JRUBY_OPTS="--2.0"
+  - 2.4.9
+  - 2.5.7
+  - 2.6.5
 
 gemfile:
   - Gemfile
-  - gemfiles/active_record-rails40.gemfile
-  - gemfiles/active_record-rails41.gemfile
-  - gemfiles/active_record-rails42.gemfile
-
-before_script:
-  - mysql -e 'create database sorcery_test;'
-
-before_install:
-  - rvm get stable --auto-dotfiles
-  - gem update bundler
-
-matrix:
-  allow_failures:
-    - rvm: jruby
-
-  exclude:
-    - rvm: 2.0.0
-      gemfile: gemfiles/active_record-rails42.gemfile
-
-    - rvm: 2.0.0
-      gemfile: Gemfile
-
-    - rvm: 2.1.10
-      gemfile: Gemfile
-
-    - rvm: 2.2.6
-      gemfile: gemfiles/active_record-rails40.gemfile
-
-    - rvm: 2.3.3
-      gemfile: gemfiles/active_record-rails40.gemfile
-
-    - rvm: 2.4.0
-      gemfile: gemfiles/active_record-rails40.gemfile
-
-    - rvm: 2.4.0
-      gemfile: gemfiles/active_record-rails41.gemfile
-
-    - rvm: 2.4.0
-      gemfile: gemfiles/active_record-rails42.gemfile
-
-    - rvm: jruby
-      gemfile: Gemfile

data/CHANGELOG.md

@@ -1,11 +1,80 @@
 # Changelog
 ## HEAD
 
+## 0.15.1
+
+* Update `oauth` dependency per CVE-2016-11086
+
+## 0.15.0
+
+* Fix brute force vuln due to callbacks no being ran [#235](https://github.com/Sorcery/sorcery/pull/235)
+* Revert on_load change due to breaking existing applications [#234](https://github.com/Sorcery/sorcery/pull/234)
+* Add forget_me! and force_forget_me! test cases [#216](https://github.com/Sorcery/sorcery/pull/216)
+* In `generic_send_email`, check responds_to [#211](https://github.com/Sorcery/sorcery/pull/211)
+* Fix typo [#219](https://github.com/Sorcery/sorcery/pull/219)
+* Fix deprecation warnings in Rails 6 [#209](https://github.com/Sorcery/sorcery/pull/209)
+* Add ruby 2.6.5 to the travis build [#215](https://github.com/Sorcery/sorcery/pull/215)
+* Add discord provider [#185](https://github.com/Sorcery/sorcery/pull/185)
+* Remove MySQL database creation call [#214](https://github.com/Sorcery/sorcery/pull/214)
+* Use id instead of uid for VK provider [#199](https://github.com/Sorcery/sorcery/pull/199)
+* Don't :return_t JSON requests after login [#197](https://github.com/Sorcery/sorcery/pull/197)
+* Fix email scope for LinkedIn Provider [#191](https://github.com/Sorcery/sorcery/pull/191)
+* Ignore cookies when undefined cookies [#187](https://github.com/Sorcery/sorcery/pull/187)
+* Allow for custom providers with multi-word class names. [#190](https://github.com/Sorcery/sorcery/pull/190)
+
+## 0.14.0
+
+* Update LinkedIn to use OAuth 2 [#189](https://github.com/Sorcery/sorcery/pull/189)
+* Support the LINE login auth [#80](https://github.com/Sorcery/sorcery/pull/80)
+* Allow BCrypt to have app-specific secret token [#173](https://github.com/Sorcery/sorcery/pull/173)
+* Add #change_password method to reset_password module. [#165](https://github.com/Sorcery/sorcery/pull/165)
+* Clean up initializer comments [#153](https://github.com/Sorcery/sorcery/pull/153)
+* Allow load_from_magic_login_token to accept a block [#152](https://github.com/Sorcery/sorcery/pull/152)
+* Fix CipherError class name [#142](https://github.com/Sorcery/sorcery/pull/142)
+* Fix `update_failed_logins_count` being called twice when login failed [#163](https://github.com/Sorcery/sorcery/pull/163)
+* Update migration templates to use new hash syntax [#170](https://github.com/Sorcery/sorcery/pull/170)
+* Support for Rails 4.2 and lower soft-dropped [#171](https://github.com/Sorcery/sorcery/pull/171)
+
+## 0.13.0
+
+* Add support for Rails 5.2 / Ruby 2.5 [#129](https://github.com/Sorcery/sorcery/pull/129)
+* Fix migration files not being generated [#128](https://github.com/Sorcery/sorcery/pull/128)
+* Add support for ActionController::API [#133](https://github.com/Sorcery/sorcery/pull/133), [#150](https://github.com/Sorcery/sorcery/pull/150), [#159](https://github.com/Sorcery/sorcery/pull/159)
+* Update activation email to use after_commit callback [#130](https://github.com/Sorcery/sorcery/pull/130)
+* Add opt-in `invalidate_active_sessions!` method [#110](https://github.com/Sorcery/sorcery/pull/110)
+* Pass along `remember_me` to `#auto_login` [#136](https://github.com/Sorcery/sorcery/pull/136)
+* Respect SessionTimeout on login via RememberMe [#102](https://github.com/Sorcery/sorcery/pull/102)
+* Added `demodulize` on authentication class name association name fetch [#147](https://github.com/Sorcery/sorcery/pull/147)
+* Remove Gemnasium badge [#140](https://github.com/Sorcery/sorcery/pull/140)
+* Add Instragram provider [#51](https://github.com/Sorcery/sorcery/pull/51)
+* Remove `publish_actions` permission for facebook [#139](https://github.com/Sorcery/sorcery/pull/139)
+* Prepare for 1.0.0 [#157](https://github.com/Sorcery/sorcery/pull/157)
+* Add Auth0 provider [#160](https://github.com/Sorcery/sorcery/pull/160)
+
+## 0.12.0
+
+* Fix magic_login not inheriting from migration_class_name [#99](https://github.com/Sorcery/sorcery/pull/99)
+* Update YARD dependency [#100](https://github.com/Sorcery/sorcery/pull/100)
+* Make `#update_attributes` behave like `#update` [#98](https://github.com/Sorcery/sorcery/pull/98)
+* Add tests to the magic login submodule [#95](https://github.com/Sorcery/sorcery/pull/95)
+* Set user.stretches to 1 in test env by default [#81](https://github.com/Sorcery/sorcery/pull/81)
+* Allow user to be loaded from other source when session expires. fix #89 [#94](https://github.com/Sorcery/sorcery/pull/94)
+* Added a new ArgumentError for not defined user_class in config [#82](https://github.com/Sorcery/sorcery/pull/82)
+* Updated Required Ruby version to 2.2 [#85](https://github.com/Sorcery/sorcery/pull/85)
+* Add configuration for token randomness [#67](https://github.com/Sorcery/sorcery/pull/67)
+* Add facebook user_info_path option to initializer.rb [#63](https://github.com/Sorcery/sorcery/pull/63)
+* Add new function: `build_from` (allows building a user instance from OAuth without saving) [#54](https://github.com/Sorcery/sorcery/pull/54)
+* Add rubocop configuration and TODO list [#107](https://github.com/Sorcery/sorcery/pull/107)
+* Add support for VK OAuth (thanks to @Hirurg103) [#109](https://github.com/Sorcery/sorcery/pull/109)
+* Fix token leak via referrer header [#56](https://github.com/Sorcery/sorcery/pull/56)
+* Add `login_user` helper for request specs [#57](https://github.com/Sorcery/sorcery/pull/57)
+
 ## 0.11.0
 
 * Refer to User before calling remove_const to avoid NameError [#58](https://github.com/Sorcery/sorcery/pull/58)
 * Resurrect block authentication, showing auth failure reason. [#41](https://github.com/Sorcery/sorcery/pull/41)
 * Add github scope option to initializer.rb [#50](https://github.com/Sorcery/sorcery/pull/50)
+* Fix Facebook being broken due to API deprecation [#53](https://github.com/Sorcery/sorcery/pull/53)
 
 ## 0.10.3
 

data/Gemfile

@@ -1,8 +1,8 @@
 source 'https://rubygems.org'
 
-gem 'rails', '~> 5.0.0'
-gem 'rails-controller-testing'
-gem 'sqlite3'
 gem 'pry'
+gem 'rails', '~> 5.2.0'
+gem 'rails-controller-testing'
+gem 'sqlite3', '~> 1.3.6'
 
 gemspec

data/{LICENSE.txt → LICENSE.md}

@@ -1,4 +1,4 @@
-Copyright (c) 2010 Noam Ben-Ari <mailto:nbenari@gmail.com>
+Copyright (c) 2010 [Noam Ben-Ari](mailto:nbenari@gmail.com)
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -3,7 +3,6 @@
 [![Gem Version](https://badge.fury.io/rb/sorcery.svg)](https://rubygems.org/gems/sorcery)
 [![Gem Downloads](https://img.shields.io/gem/dt/sorcery.svg)](https://rubygems.org/gems/sorcery)
 [![Build Status](https://travis-ci.org/Sorcery/sorcery.svg?branch=master)](https://travis-ci.org/Sorcery/sorcery)
-[![Dependency Status](https://gemnasium.com/badges/github.com/Sorcery/sorcery.svg)](https://gemnasium.com/github.com/Sorcery/sorcery)
 [![Code Climate](https://codeclimate.com/github/Sorcery/sorcery.svg)](https://codeclimate.com/github/Sorcery/sorcery)
 [![Inline docs](http://inch-ci.org/github/Sorcery/sorcery.svg?branch=master)](http://inch-ci.org/github/Sorcery/sorcery)
 [![Join the chat at https://gitter.im/Sorcery/sorcery](https://badges.gitter.im/join_chat.svg)](https://gitter.im/Sorcery/sorcery?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
@@ -22,6 +21,18 @@ Sorcery is a stripped-down, bare-bones authentication library, with which you ca
 - Configuration over Confusion - Centralized (1 file), Simple & short configuration as possible, not drowning in syntactic sugar.
 - Keep MVC cleanly separated - DB is for models, sessions are for controllers. Models stay unaware of sessions.
 
+## Table of Contents
+
+1. [Useful Links](#useful-links)
+2. [API Summary](#api-summary)
+3. [Installation](#installation)
+4. [Configuration](#configuration)
+5. [Full Features List by Module](#full-features-list-by-module)
+6. [Planned Features](#planned-features)
+7. [Contributing](#contributing)
+8. [Contact](#contact)
+9. [License](#license)
+
 ## Useful Links
 
 - [Documentation](http://rubydoc.info/gems/sorcery)
@@ -70,6 +81,7 @@ require_login_from_http_basic # This is a before action
 login_at(provider) # Sends the user to an external service (Facebook, Twitter, etc.) to authenticate
 login_from(provider) # Tries to login from the external provider's callback
 create_from(provider) # Create the user in the local app database
+build_from(provider) # Build user instance using user_info_mappings
 ```
 
 ### Remember Me
@@ -87,7 +99,14 @@ force_forget_me! # Forgets all sessions by clearing the token, even if remember_
 User.load_from_reset_password_token(token)
 @user.generate_reset_password_token! # Use if you want to send the email by yourself
 @user.deliver_reset_password_instructions! # Generates the token and sends the email
-@user.change_password!(new_password)
+@user.change_password(new_password)
+@user.change_password!(new_password) # Same as change_password but raises exception on save
+```
+
+### Session Timeout
+
+```ruby
+invalidate_active_sessions! #Invalidate all sessions with a login_time or last_action_time before the current time. Must Opt-in
 ```
 
 ### User Activation
@@ -171,6 +190,7 @@ Inside the initializer, the comments will tell you what each setting does.
 
 - Configurable session timeout
 - Optionally session timeout will be calculated from last user action
+- Optionally enable a method to clear all active sessions, expects an `invalidate_sessions_before` datetime attribute.
 
 **Brute Force Protection** (see [lib/sorcery/model/submodules/brute_force_protection.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/brute_force_protection.rb)):
 
@@ -209,16 +229,23 @@ Have an idea? Let us know, and it might get into the gem!
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/Sorcery/sorcery.
 
-If you feel sorcery has made your life easier, and you would like to express
-your thanks via a donation, my PayPal email is in the contact details.
+- [Git Workflow](https://github.com/Sorcery/sorcery/wiki/Git-Workflow)
+- [Running the specs](https://github.com/Sorcery/sorcery/wiki/Running-the-specs)
 
 ## Contact
 
 Feel free to ask questions using these contact details:
 
-- Noam Ben-Ari: [nbenari@gmail.com](mailto:nbenari@gmail.com) (also PayPal), [Twitter](https://twitter.com/nbenari)
-- Kir Shatrov: [shatrov@me.com](mailto:shatrov@me.com), [Twitter](https://twitter.com/Kiiiir)
-- Grzegorz Witek: [arnvald.to@gmail.com](mailto:arnvald.to@gmail.com), [Twitter](https://twitter.com/arnvald)
+**Current Maintainers:**
+
+- Chase Gilliam ([@Ch4s3](https://github.com/Ch4s3)) | [Email](mailto:chase.gilliam@gmail.com)
+- Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:jbuker@aeonsplice.com)
+
+**Past Maintainers:**
+
+- Noam Ben-Ari ([@NoamB](https://github.com/NoamB)) | [Email](mailto:nbenari@gmail.com) | [Twitter](https://twitter.com/nbenari)
+- Kir Shatrov ([@kirs](https://github.com/kirs)) | [Email](mailto:shatrov@me.com) | [Twitter](https://twitter.com/Kiiiir)
+- Grzegorz Witek ([@arnvald](https://github.com/arnvald)) | [Email](mailto:arnvald.to@gmail.com) | [Twitter](https://twitter.com/arnvald)
 
 ## License