sorcery 0.11.0 → 0.15.1

data/lib/generators/sorcery/templates/migration/activity_logging.rb

@@ -1,9 +1,9 @@
 class SorceryActivityLogging < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :last_login_at,     :datetime, :default => nil
-    add_column :<%= model_class_name.tableize %>, :last_logout_at,    :datetime, :default => nil
-    add_column :<%= model_class_name.tableize %>, :last_activity_at,  :datetime, :default => nil
-    add_column :<%= model_class_name.tableize %>, :last_login_from_ip_address, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :last_login_at,     :datetime, default: nil
+    add_column :<%= model_class_name.tableize %>, :last_logout_at,    :datetime, default: nil
+    add_column :<%= model_class_name.tableize %>, :last_activity_at,  :datetime, default: nil
+    add_column :<%= model_class_name.tableize %>, :last_login_from_ip_address, :string, default: nil
 
     add_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
   end

data/lib/generators/sorcery/templates/migration/brute_force_protection.rb

@@ -1,8 +1,8 @@
 class SorceryBruteForceProtection < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, :default => 0
-    add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, :default => nil
-    add_column :<%= model_class_name.tableize %>, :unlock_token, :string, :default => nil
+    add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, default: 0
+    add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, default: nil
+    add_column :<%= model_class_name.tableize %>, :unlock_token, :string, default: nil
 
     add_index :<%= model_class_name.tableize %>, :unlock_token
   end

data/lib/generators/sorcery/templates/migration/core.rb

@@ -1,11 +1,11 @@
 class SorceryCore < <%= migration_class_name %>
   def change
     create_table :<%= model_class_name.tableize %> do |t|
-      t.string :email,            :null => false
+      t.string :email,            null: false
       t.string :crypted_password
       t.string :salt
 
-      t.timestamps                :null => false
+      t.timestamps                null: false
     end
 
     add_index :<%= model_class_name.tableize %>, :email, unique: true

data/lib/generators/sorcery/templates/migration/external.rb

@@ -1,10 +1,10 @@
 class SorceryExternal < <%= migration_class_name %>
   def change
     create_table :authentications do |t|
-      t.integer :<%= model_class_name.tableize.singularize %>_id, :null => false
-      t.string :provider, :uid, :null => false
+      t.integer :<%= model_class_name.tableize.singularize %>_id, null: false
+      t.string :provider, :uid, null: false
 
-      t.timestamps              :null => false
+      t.timestamps              null: false
     end
 
     add_index :authentications, [:provider, :uid]

data/lib/generators/sorcery/templates/migration/magic_login.rb

@@ -0,0 +1,9 @@
+class SorceryMagicLogin < <%= migration_class_name %>
+  def change
+    add_column :<%= model_class_name.tableize %>, :magic_login_token, :string, default: nil
+    add_column :<%= model_class_name.tableize %>, :magic_login_token_expires_at, :datetime, default: nil
+    add_column :<%= model_class_name.tableize %>, :magic_login_email_sent_at, :datetime, default: nil
+
+    add_index :<%= model_class_name.tableize %>, :magic_login_token
+  end
+end

data/lib/generators/sorcery/templates/migration/remember_me.rb

@@ -1,7 +1,7 @@
 class SorceryRememberMe < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :remember_me_token, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at, :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :remember_me_token, :string, default: nil
+    add_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at, :datetime, default: nil
 
     add_index :<%= model_class_name.tableize %>, :remember_me_token
   end

data/lib/generators/sorcery/templates/migration/reset_password.rb

@@ -1,8 +1,9 @@
 class SorceryResetPassword < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :reset_password_token, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at, :datetime, :default => nil
-    add_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at, :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :reset_password_token, :string, default: nil
+    add_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at, :datetime, default: nil
+    add_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at, :datetime, default: nil
+    add_column :<%= model_class_name.tableize %>, :access_count_to_reset_password_page, :integer, default: 0
 
     add_index :<%= model_class_name.tableize %>, :reset_password_token
   end

data/lib/generators/sorcery/templates/migration/user_activation.rb

@@ -1,8 +1,8 @@
 class SorceryUserActivation < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :activation_state, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :activation_token, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :activation_token_expires_at, :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :activation_state, :string, default: nil
+    add_column :<%= model_class_name.tableize %>, :activation_token, :string, default: nil
+    add_column :<%= model_class_name.tableize %>, :activation_token_expires_at, :datetime, default: nil
 
     add_index :<%= model_class_name.tableize %>, :activation_token
   end

data/lib/sorcery.rb

@@ -18,6 +18,7 @@ module Sorcery
       require 'sorcery/model/submodules/activity_logging'
       require 'sorcery/model/submodules/brute_force_protection'
       require 'sorcery/model/submodules/external'
+      require 'sorcery/model/submodules/magic_login'
     end
   end
 
@@ -56,6 +57,7 @@ module Sorcery
     module Rails
       require 'sorcery/test_helpers/rails/controller'
       require 'sorcery/test_helpers/rails/integration'
+      require 'sorcery/test_helpers/rails/request'
     end
 
     module Internal

data/lib/sorcery/adapters/active_record_adapter.rb

@@ -6,7 +6,8 @@ module Sorcery
           @model.send(:"#{name}=", value)
         end
         primary_key = @model.class.primary_key
-        @model.class.where(:"#{primary_key}" => @model.send(:"#{primary_key}")).update_all(attrs)
+        updated_count = @model.class.where(:"#{primary_key}" => @model.send(:"#{primary_key}")).update_all(attrs)
+        updated_count == 1
       end
 
       def save(options = {})
@@ -34,7 +35,7 @@ module Sorcery
         end
 
         def define_callback(time, event, method_name, options = {})
-          @klass.send "#{time}_#{event}", method_name, options.slice(:if)
+          @klass.send "#{time}_#{event}", method_name, options.slice(:if, :on)
         end
 
         def find_by_oauth_credentials(provider, uid)

data/lib/sorcery/adapters/mongoid_adapter.rb

@@ -10,7 +10,7 @@ module Sorcery
           attrs[name] = value.utc if value.is_a?(ActiveSupport::TimeWithZone)
           @model.send(:"#{name}=", value)
         end
-        @model.class.where(:_id => @model.id).update_all(attrs)
+        @model.class.where(_id: @model.id).update_all(attrs)
       end
 
       def update_attribute(name, value)
@@ -23,21 +23,29 @@ module Sorcery
       end
 
       def mongoid_4?
-        Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new("4.0.0.alpha")
+        Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new('4.0.0.alpha')
       end
 
       class << self
-
-        def define_field(name, type, options={})
+        def define_field(name, type, options = {})
           @klass.field name, options.slice(:default).merge(type: type)
         end
 
-        def define_callback(time, event, method_name, options={})
-          @klass.send "#{time}_#{event}", method_name, options.slice(:if)
+        def define_callback(time, event, method_name, options = {})
+          @klass.send callback_name(time, event, options), method_name, options.slice(:if)
+        end
+
+        def callback_name(time, event, options)
+          if event == :commit
+            options[:on] == :create ? "#{time}_create" : "#{time}_save"
+          else
+            "#{time}_#{event}"
+          end
         end
 
         def credential_regex(credential)
-          return { :$regex =>  /^#{Regexp.escape(credential)}$/i  } if (@klass.sorcery_config.downcase_username_before_authenticating)
+          return { :$regex => /^#{Regexp.escape(credential)}$/i } if @klass.sorcery_config.downcase_username_before_authenticating
+
           credential
         end
 
@@ -73,7 +81,7 @@ module Sorcery
         end
 
         def find_by_username(username)
-          query = @klass.sorcery_config.username_attribute_names.map {|name| {name => username}}
+          query = @klass.sorcery_config.username_attribute_names.map { |name| { name => username } }
           @klass.any_of(*query).first
         end
 
@@ -87,9 +95,13 @@ module Sorcery
 
         def get_current_users
           config = @klass.sorcery_config
-          @klass.where(config.last_activity_at_attribute_name.ne => nil) \
-          .where("this.#{config.last_logout_at_attribute_name} == null || this.#{config.last_activity_at_attribute_name} > this.#{config.last_logout_at_attribute_name}") \
-          .where(config.last_activity_at_attribute_name.gt => config.activity_timeout.seconds.ago.utc).order_by([:_id,:asc])
+          @klass.where(
+            config.last_activity_at_attribute_name.ne => nil
+          ).where(
+            "this.#{config.last_logout_at_attribute_name} == null || this.#{config.last_activity_at_attribute_name} > this.#{config.last_logout_at_attribute_name}"
+          ).where(
+            config.last_activity_at_attribute_name.gt => config.activity_timeout.seconds.ago.utc
+          ).order_by(%i[_id asc])
         end
       end
     end

data/lib/sorcery/controller.rb

@@ -4,11 +4,14 @@ module Sorcery
       klass.class_eval do
         include InstanceMethods
         Config.submodules.each do |mod|
+          # FIXME: Is there a cleaner way to handle missing submodules?
+          # rubocop:disable Lint/HandleExceptions
           begin
             include Submodules.const_get(mod.to_s.split('_').map(&:capitalize).join)
           rescue NameError
             # don't stop on a missing submodule.
           end
+          # rubocop:enable Lint/HandleExceptions
         end
       end
       Config.update!
@@ -20,10 +23,13 @@ module Sorcery
       # Will trigger auto-login attempts via the call to logged_in?
       # If all attempts to auto-login fail, the failure callback will be called.
       def require_login
-        unless logged_in?
-          session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr?
-          send(Config.not_authenticated_action)
+        return if logged_in?
+
+        if Config.save_return_to_url && request.get? && !request.xhr? && !request.format.json?
+          session[:return_to_url] = request.url
         end
+
+        send(Config.not_authenticated_action)
       end
 
       # Takes credentials and returns a user on successful authentication.
@@ -37,7 +43,10 @@ module Sorcery
 
             yield(user, failure_reason) if block_given?
 
+            # FIXME: Does using `break` or `return nil` change functionality?
+            # rubocop:disable Lint/NonLocalExitFromIterator
             return
+            # rubocop:enable Lint/NonLocalExitFromIterator
           end
 
           old_session = session.dup.to_hash
@@ -47,30 +56,26 @@ module Sorcery
           end
           form_authenticity_token
 
-          auto_login(user)
+          auto_login(user, credentials[2])
           after_login!(user, credentials)
 
           block_given? ? yield(current_user, nil) : current_user
         end
       end
 
-      # put this into the catch block to rescue undefined method `destroy_session'
-      # hotfix for https://github.com/NoamB/sorcery/issues/464
-      # can be removed when Rails 4.1 is out
       def reset_sorcery_session
         reset_session # protect from session fixation attacks
-      rescue NoMethodError
       end
 
       # Resets the session and runs hooks before and after.
       def logout
-        if logged_in?
-          user = current_user
-          before_logout!
-          @current_user = nil
-          reset_sorcery_session
-          after_logout!(user)
-        end
+        return unless logged_in?
+
+        user = current_user
+        before_logout!
+        @current_user = nil
+        reset_sorcery_session
+        after_logout!(user)
       end
 
       def logged_in?
@@ -153,8 +158,14 @@ module Sorcery
         Config.after_logout.each { |c| send(c, user) }
       end
 
+      def after_remember_me!(user)
+        Config.after_remember_me.each { |c| send(c, user) }
+      end
+
       def user_class
         @user_class ||= Config.user_class.to_s.constantize
+      rescue NameError
+        raise ArgumentError, 'You have incorrectly defined user_class or have forgotten to define it in intitializer file (config.user_class = \'User\').'
       end
     end
   end

data/lib/sorcery/controller/config.rb

@@ -18,6 +18,7 @@ module Sorcery
         attr_accessor :after_failed_login
         attr_accessor :before_logout
         attr_accessor :after_logout
+        attr_accessor :after_remember_me
 
         def init!
           @defaults = {
@@ -29,6 +30,7 @@ module Sorcery
             :@after_failed_login                   => [],
             :@before_logout                        => [],
             :@after_logout                         => [],
+            :@after_remember_me                    => [],
             :@save_return_to_url                   => true,
             :@cookie_domain                        => nil
           }

data/lib/sorcery/controller/submodules/activity_logging.rb

@@ -30,9 +30,16 @@ module Sorcery
             end
             merge_activity_logging_defaults!
           end
-          Config.after_login    << :register_login_time_to_db
-          Config.after_login    << :register_last_ip_address
-          Config.before_logout  << :register_logout_time_to_db
+          # FIXME: There is likely a more elegant way to safeguard these callbacks.
+          unless Config.after_login.include?(:register_login_time_to_db)
+            Config.after_login << :register_login_time_to_db
+          end
+          unless Config.after_login.include?(:register_last_ip_address)
+            Config.after_login << :register_last_ip_address
+          end
+          unless Config.before_logout.include?(:register_logout_time_to_db)
+            Config.before_logout << :register_logout_time_to_db
+          end
           base.after_action :register_last_activity_time_to_db
         end
 
@@ -43,6 +50,7 @@ module Sorcery
           # This runs as a hook just after a successful login.
           def register_login_time_to_db(user, _credentials)
             return unless Config.register_login_time
+
             user.set_last_login_at(Time.now.in_time_zone)
           end
 
@@ -50,6 +58,7 @@ module Sorcery
           # This runs as a hook just before a logout.
           def register_logout_time_to_db
             return unless Config.register_logout_time
+
             current_user.set_last_logout_at(Time.now.in_time_zone)
           end
 
@@ -58,6 +67,7 @@ module Sorcery
           def register_last_activity_time_to_db
             return unless Config.register_last_activity_time
             return unless logged_in?
+
             current_user.set_last_activity_at(Time.now.in_time_zone)
           end
 
@@ -65,6 +75,7 @@ module Sorcery
           # This runs as a hook just after a successful login.
           def register_last_ip_address(_user, _credentials)
             return unless Config.register_last_ip_address
+
             current_user.set_last_ip_address(request.remote_ip)
           end
         end

data/lib/sorcery/controller/submodules/brute_force_protection.rb

@@ -10,9 +10,13 @@ module Sorcery
       module BruteForceProtection
         def self.included(base)
           base.send(:include, InstanceMethods)
-
-          Config.after_login << :reset_failed_logins_count!
-          Config.after_failed_login << :update_failed_logins_count!
+          # FIXME: There is likely a more elegant way to safeguard these callbacks.
+          unless Config.after_login.include?(:reset_failed_logins_count!)
+            Config.after_login << :reset_failed_logins_count!
+          end
+          unless Config.after_failed_login.include?(:update_failed_logins_count!)
+            Config.after_failed_login << :update_failed_logins_count!
+          end
         end
 
         module InstanceMethods

data/lib/sorcery/controller/submodules/external.rb

@@ -23,6 +23,10 @@ module Sorcery
           require 'sorcery/providers/slack'
           require 'sorcery/providers/wechat'
           require 'sorcery/providers/microsoft'
+          require 'sorcery/providers/instagram'
+          require 'sorcery/providers/auth0'
+          require 'sorcery/providers/line'
+          require 'sorcery/providers/discord'
 
           Config.module_eval do
             class << self
@@ -33,17 +37,17 @@ module Sorcery
                 @external_providers = providers
 
                 providers.each do |name|
-                  class_eval <<-E
+                  class_eval <<-RUBY, __FILE__, __LINE__ + 1
                     def self.#{name}
-                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.capitalize).new
+                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.classify).new
                     end
-                  E
+                  RUBY
                 end
               end
 
               def merge_external_defaults!
                 @defaults.merge!(:@external_providers => [],
-                                 :@ca_file => File.join(File.expand_path(File.dirname(__FILE__)), '../../protocols/certs/ca-bundle.crt'))
+                                 :@ca_file => File.join(__dir__, '../../protocols/certs/ca-bundle.crt'))
               end
             end
             merge_external_defaults!
@@ -56,6 +60,7 @@ module Sorcery
           # save the singleton ProviderClient instance into @provider
           def sorcery_get_provider(provider_name)
             return unless Config.external_providers.include?(provider_name.to_sym)
+
             Config.send(provider_name.to_sym)
           end
 
@@ -64,12 +69,11 @@ module Sorcery
           def sorcery_login_url(provider_name, args = {})
             @provider = sorcery_get_provider provider_name
             sorcery_fixup_callback_url @provider
-            if @provider.respond_to?(:login_url) && @provider.has_callback?
-              @provider.state = args[:state]
-              return @provider.login_url(params, session)
-            else
-              return nil
-            end
+
+            return nil unless @provider.respond_to?(:login_url) && @provider.has_callback?
+
+            @provider.state = args[:state]
+            @provider.login_url(params, session)
           end
 
           # get the user hash from a provider using information from the params and session.
@@ -88,6 +92,7 @@ module Sorcery
             # cache them in instance variables.
             @access_token ||= @provider.process_callback(params, session) # sends request to oauth agent to get the token
             @user_hash ||= @provider.get_user_hash(@access_token) # uses the token to send another request to the oauth agent requesting user info
+            nil
           end
 
           # for backwards compatibility
@@ -98,14 +103,15 @@ module Sorcery
           # this method should be somewhere else.  It only does something once per application per provider.
           def sorcery_fixup_callback_url(provider)
             provider.original_callback_url ||= provider.callback_url
-            if provider.original_callback_url.present? && provider.original_callback_url[0] == '/'
-              uri = URI.parse(request.url.gsub(/\?.*$/, ''))
-              uri.path = ''
-              uri.query = nil
-              uri.scheme = 'https' if request.env['HTTP_X_FORWARDED_PROTO'] == 'https'
-              host = uri.to_s
-              provider.callback_url = "#{host}#{@provider.original_callback_url}"
-            end
+
+            return unless provider.original_callback_url.present? && provider.original_callback_url[0] == '/'
+
+            uri = URI.parse(request.url.gsub(/\?.*$/, ''))
+            uri.path = ''
+            uri.query = nil
+            uri.scheme = 'https' if request.env['HTTP_X_FORWARDED_PROTO'] == 'https'
+            host = uri.to_s
+            provider.callback_url = "#{host}#{@provider.original_callback_url}"
           end
 
           # sends user to authenticate at the provider's website.
@@ -118,26 +124,26 @@ module Sorcery
           def login_from(provider_name, should_remember = false)
             sorcery_fetch_user_hash provider_name
 
-            if user = user_class.load_from_provider(provider_name, @user_hash[:uid].to_s)
-              # we found the user.
-              # clear the session
-              return_to_url = session[:return_to_url]
-              reset_sorcery_session
-              session[:return_to_url] = return_to_url
+            return unless (user = user_class.load_from_provider(provider_name, @user_hash[:uid].to_s))
 
-              # sign in the user
-              auto_login(user, should_remember)
-              after_login!(user)
+            # we found the user.
+            # clear the session
+            return_to_url = session[:return_to_url]
+            reset_sorcery_session
+            session[:return_to_url] = return_to_url
 
-              # return the user
-              user
-            end
+            # sign in the user
+            auto_login(user, should_remember)
+            after_login!(user)
+
+            # return the user
+            user
           end
 
           # If user is logged, he can add all available providers into his account
           def add_provider_to_user(provider_name)
             sorcery_fetch_user_hash provider_name
-            config = user_class.sorcery_config
+            # config = user_class.sorcery_config # TODO: Unused, remove?
 
             current_user.add_provider_to_user(provider_name.to_s, @user_hash[:uid].to_s)
           end
@@ -181,19 +187,28 @@ module Sorcery
           #
           def create_from(provider_name, &block)
             sorcery_fetch_user_hash provider_name
-            config = user_class.sorcery_config
+            # config = user_class.sorcery_config # TODO: Unused, remove?
 
             attrs = user_attrs(@provider.user_info_mapping, @user_hash)
             @user = user_class.create_from_provider(provider_name, @user_hash[:uid], attrs, &block)
           end
 
+          # follows the same patterns as create_from, but builds the user instead of creating
+          def build_from(provider_name, &block)
+            sorcery_fetch_user_hash provider_name
+            # config = user_class.sorcery_config # TODO: Unused, remove?
+
+            attrs = user_attrs(@provider.user_info_mapping, @user_hash)
+            @user = user_class.build_from_provider(attrs, &block)
+          end
+
           def user_attrs(user_info_mapping, user_hash)
             attrs = {}
             user_info_mapping.each do |k, v|
               if (varr = v.split('/')).size > 1
                 attribute_value = begin
                                     varr.inject(user_hash[:user_info]) { |hash, value| hash[value] }
-                                  rescue
+                                  rescue StandardError
                                     nil
                                   end
                 attribute_value.nil? ? attrs : attrs.merge!(k => attribute_value)