sorcery 0.11.0 → 0.15.1

data/spec/rails_app/app/mailers/sorcery_mailer.rb

@@ -28,4 +28,11 @@ class SorceryMailer < ActionMailer::Base
     mail(to: user.email,
          subject: 'Your account has been locked due to many wrong logins')
   end
+
+  def magic_login_email(user)
+    @user = user
+    @url  = 'http://example.com/login'
+    mail(to: user.email,
+         subject: 'Magic Login')
+  end
 end

data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+</head>
+<body>
+<h1>Hello, <%= @user.username %></h1>
+<p>
+  To login without a password, just follow this link: <%= @url %>.
+</p>
+<p>Have a great day!</p>
+</body>
+</html>

data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.text.erb

@@ -0,0 +1,6 @@
+Hello, <%= @user.username %>
+===============================================
+
+To login without a password, just follow this link: <%= @url %>.
+
+Have a great day!

data/spec/rails_app/config/application.rb

@@ -1,4 +1,4 @@
-require File.expand_path('../boot', __FILE__)
+require File.expand_path('boot', __dir__)
 
 require 'action_controller/railtie'
 require 'action_mailer/railtie'
@@ -6,16 +6,19 @@ require 'rails/test_unit/railtie'
 
 Bundler.require :default, SORCERY_ORM
 
+# rubocop:disable Lint/HandleExceptions
 begin
   require "#{SORCERY_ORM}/railtie"
 rescue LoadError
+  # TODO: Log this issue or change require scheme.
 end
+# rubocop:enable Lint/HandleExceptions
 
 require 'sorcery'
 
 module AppRoot
   class Application < Rails::Application
-    config.autoload_paths.reject! { |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?(Regexp.last_match(1)) }
+    config.autoload_paths.reject! { |p| p =~ %r{/\/app\/(\w+)$/} && !%w[controllers helpers mailers views].include?(Regexp.last_match(1)) }
     config.autoload_paths += ["#{config.root}/app/#{SORCERY_ORM}"]
 
     # Settings in config/environments/* take precedence over those specified here.
@@ -50,7 +53,9 @@ module AppRoot
     config.filter_parameters += [:password]
 
     config.action_mailer.delivery_method = :test
-
     config.active_support.deprecation = :stderr
+    if Rails.version >= '5.1.0' && config.active_record.sqlite3.present?
+      config.active_record.sqlite3.represent_boolean_as_integer = true
+    end
   end
 end

data/spec/rails_app/config/boot.rb

@@ -1,4 +1,4 @@
 # Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
 
 require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

data/spec/rails_app/config/environment.rb

@@ -1,5 +1,5 @@
 # Load the rails application
-require File.expand_path('../application', __FILE__)
+require File.expand_path('application', __dir__)
 
 # Initialize the rails application
 AppRoot::Application.initialize!

data/spec/rails_app/config/routes.rb

@@ -11,7 +11,9 @@ AppRoot::Application.routes.draw do
     get :test_login_from_cookie
     get :test_login_from
     get :test_logout_with_remember
+    get :test_logout_with_forget_me
     get :test_logout_with_force_forget_me
+    get :test_invalidate_active_session
     get :test_should_be_logged_in
     get :test_create_from_provider
     get :test_add_second_provider
@@ -29,6 +31,10 @@ AppRoot::Application.routes.draw do
     get :test_login_from_jira
     get :test_login_from_salesforce
     get :test_login_from_slack
+    get :test_login_from_instagram
+    get :test_login_from_auth0
+    get :test_login_from_line
+    get :test_login_from_discord
     get :login_at_test
     get :login_at_test_twitter
     get :login_at_test_facebook
@@ -42,6 +48,10 @@ AppRoot::Application.routes.draw do
     get :login_at_test_jira
     get :login_at_test_salesforce
     get :login_at_test_slack
+    get :login_at_test_instagram
+    get :login_at_test_auth0
+    get :login_at_test_line
+    get :login_at_test_discord
     get :test_return_to_with_external
     get :test_return_to_with_external_twitter
     get :test_return_to_with_external_facebook
@@ -55,6 +65,10 @@ AppRoot::Application.routes.draw do
     get :test_return_to_with_external_jira
     get :test_return_to_with_external_salesforce
     get :test_return_to_with_external_slack
+    get :test_return_to_with_external_instagram
+    get :test_return_to_with_external_auth0
+    get :test_return_to_with_external_line
+    get :test_return_to_with_external_discord
     get :test_http_basic_auth
     get :some_action_making_a_non_persisted_change_to_the_user
     post :test_login_with_remember

data/spec/rails_app/config/secrets.yml

@@ -0,0 +1,4 @@
+# secrets.yml
+
+test:
+  secret_key_base: 'a9789f869a0d0ac2f2b683d6e9410c530696b178bca28a7971f4a652b14ff2da89f2cf4dcbf0355f6bc41f81731aa8e46085674d1acc1980436f61cdba76ff5d'

data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb

@@ -5,11 +5,11 @@ class AddActivityLoggingToUsers < ActiveRecord::CompatibleLegacyMigration.migrat
     add_column :users, :last_activity_at,  :datetime, default: nil
     add_column :users, :last_login_from_ip_address, :string, default: nil
 
-    add_index :users, [:last_logout_at, :last_activity_at]
+    add_index :users, %i[last_logout_at last_activity_at]
   end
 
   def self.down
-    remove_index :users, [:last_logout_at, :last_activity_at]
+    remove_index :users, %i[last_logout_at last_activity_at]
 
     remove_column :users, :last_activity_at
     remove_column :users, :last_logout_at

data/spec/rails_app/db/migrate/invalidate_active_sessions/20180221093235_add_invalidate_active_sessions_before_to_users.rb

@@ -0,0 +1,9 @@
+class AddInvalidateSessionsBeforeToUsers < ActiveRecord::CompatibleLegacyMigration.migration_class
+  def self.up
+    add_column :users, :invalidate_sessions_before, :datetime, default: nil
+  end
+
+  def self.down
+    remove_column :users, :invalidate_sessions_before
+  end
+end

data/spec/rails_app/db/migrate/magic_login/20170924151831_add_magic_login_to_users.rb

@@ -0,0 +1,17 @@
+class AddMagicLoginToUsers < ActiveRecord::CompatibleLegacyMigration.migration_class
+  def self.up
+    add_column :users, :magic_login_token, :string, default: nil
+    add_column :users, :magic_login_token_expires_at, :datetime, default: nil
+    add_column :users, :magic_login_email_sent_at, :datetime, default: nil
+
+    add_index :users, :magic_login_token
+  end
+
+  def self.down
+    remove_index :users, :magic_login_token
+
+    remove_column :users, :magic_login_token
+    remove_column :users, :magic_login_token_expires_at
+    remove_column :users, :magic_login_email_sent_at
+  end
+end

data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb

@@ -3,11 +3,13 @@ class AddResetPasswordToUsers < ActiveRecord::CompatibleLegacyMigration.migratio
     add_column :users, :reset_password_token, :string, default: nil
     add_column :users, :reset_password_token_expires_at, :datetime, default: nil
     add_column :users, :reset_password_email_sent_at, :datetime, default: nil
+    add_column :users, :access_count_to_reset_password_page, :integer, default: 0
   end
 
   def self.down
     remove_column :users, :reset_password_email_sent_at
     remove_column :users, :reset_password_token_expires_at
     remove_column :users, :reset_password_token
+    remove_column :users, :access_count_to_reset_password_page
   end
 end

data/spec/rails_app/db/schema.rb

@@ -10,14 +10,12 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20101224223620) do
-
-  create_table "users", :force => true do |t|
-    t.string   "username"
-    t.string   "email"
-    t.string   "crypted_password"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+ActiveRecord::Schema.define(version: 20_101_224_223_620) do
+  create_table 'users', force: true do |t|
+    t.string   'username'
+    t.string   'email'
+    t.string   'crypted_password'
+    t.datetime 'created_at'
+    t.datetime 'updated_at'
   end
-
 end

data/spec/shared_examples/user_magic_login_shared_examples.rb

@@ -0,0 +1,150 @@
+shared_examples_for 'magic_login_model' do
+  let(:user) { create_new_user }
+  before(:each) do
+    User.sorcery_adapter.delete_all
+  end
+
+  context 'loaded plugin configuration' do
+    let(:config) { User.sorcery_config }
+
+    before(:all) do
+      sorcery_reload!([:magic_login])
+    end
+
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+
+    describe 'enables configuration options' do
+      it do
+        sorcery_model_property_set(:magic_login_token_attribute_name, :test_magic_login_token)
+        expect(config.magic_login_token_attribute_name).to eq :test_magic_login_token
+      end
+
+      it do
+        sorcery_model_property_set(:magic_login_token_expires_at_attribute_name, :test_magic_login_token_expires_at)
+        expect(config.magic_login_token_expires_at_attribute_name).to eq :test_magic_login_token_expires_at
+      end
+
+      it do
+        sorcery_model_property_set(:magic_login_email_sent_at_attribute_name, :test_magic_login_email_sent_at)
+        expect(config.magic_login_email_sent_at_attribute_name).to eq :test_magic_login_email_sent_at
+      end
+
+      it do
+        TestMailerClass = Class.new # need a mailer class to test
+        sorcery_model_property_set(:magic_login_mailer_class, TestMailerClass)
+        expect(config.magic_login_mailer_class).to eq TestMailerClass
+      end
+
+      it do
+        sorcery_model_property_set(:magic_login_mailer_disabled, false)
+        expect(config.magic_login_mailer_disabled).to eq false
+      end
+
+      it do
+        sorcery_model_property_set(:magic_login_email_method_name, :test_magic_login_email)
+        expect(config.magic_login_email_method_name).to eq :test_magic_login_email
+      end
+
+      it do
+        sorcery_model_property_set(:magic_login_expiration_period, 100_000_000)
+        expect(config.magic_login_expiration_period).to eq 100_000_000
+      end
+
+      it do
+        sorcery_model_property_set(:magic_login_time_between_emails, 100_000_000)
+        expect(config.magic_login_time_between_emails).to eq 100_000_000
+      end
+    end
+
+    describe '#generate_magic_login_token!' do
+      context 'magic_login_token is nil' do
+        it "magic_login_token_expires_at and magic_login_email_sent_at aren't nil " do
+          user.generate_magic_login_token!
+          expect(user.magic_login_token_expires_at).not_to be_nil
+          expect(user.magic_login_email_sent_at).not_to be_nil
+        end
+
+        it 'magic_login_token is different from the one before' do
+          token_before = user.magic_login_token
+          user.generate_magic_login_token!
+          expect(user.magic_login_token).not_to eq token_before
+        end
+      end
+
+      context 'magic_login_token is not nil' do
+        it 'changes `user.magic_login_token`' do
+          token_before = user.magic_login_token
+          user.generate_magic_login_token!
+          expect(user.magic_login_token).not_to eq token_before
+        end
+      end
+    end
+
+    describe '#deliver_magic_login_instructions!' do
+      context 'success' do
+        before do
+          sorcery_model_property_set(:magic_login_time_between_emails, 30 * 60)
+          sorcery_model_property_set(:magic_login_mailer_disabled, false)
+          Timecop.travel(10.days.ago) do
+            user.send(:"#{config.magic_login_email_sent_at_attribute_name}=", DateTime.now)
+          end
+          sorcery_model_property_set(:magic_login_mailer_class, ::SorceryMailer)
+        end
+
+        it do
+          user.deliver_magic_login_instructions!
+          expect(ActionMailer::Base.deliveries.size).to eq 1
+        end
+
+        it do
+          expect(user.deliver_magic_login_instructions!).to eq true
+        end
+      end
+
+      context 'failure' do
+        context 'magic_login_time_between_emails is nil' do
+          it 'returns false' do
+            sorcery_model_property_set(:magic_login_time_between_emails, nil)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+
+        context 'magic_login_email_sent_at is nil' do
+          it 'returns false' do
+            user.send(:"#{config.magic_login_email_sent_at_attribute_name}=", nil)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+
+        context 'now is before magic_login_email_sent_at plus the interval' do
+          it 'returns false' do
+            user.send(:"#{config.magic_login_email_sent_at_attribute_name}=", DateTime.now)
+            sorcery_model_property_set(:magic_login_time_between_emails, 30 * 60)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+
+        context 'magic_login_mailer_disabled is true' do
+          it 'returns false' do
+            sorcery_model_property_set(:magic_login_mailer_disabled, true)
+            expect(user.deliver_magic_login_instructions!).to eq false
+          end
+        end
+      end
+    end
+
+    describe '#clear_magic_login_token!' do
+      it 'makes magic_login_token_attribute_name and magic_login_token_expires_at_attribute_name nil' do
+        user.magic_login_token = 'test_token'
+        user.magic_login_token_expires_at = Time.now
+
+        user.clear_magic_login_token!
+
+        expect(user.magic_login_token).to eq nil
+        expect(user.magic_login_token_expires_at).to eq nil
+      end
+    end
+  end
+end

data/spec/shared_examples/user_oauth_shared_examples.rb

@@ -27,7 +27,7 @@ shared_examples_for 'rails_3_oauth_model' do
 
     it "'load_from_provider' returns nil if user doesn't exist" do
       external_user
-      expect(User.load_from_provider(:twitter, 980342)).to be_nil
+      expect(User.load_from_provider(:twitter, 980_342)).to be_nil
     end
   end
 end

data/spec/shared_examples/user_remember_me_shared_examples.rb

@@ -42,7 +42,7 @@ shared_examples_for 'rails_3_remember_me_model' do
         user.remember_me!
       end
 
-      expect(user.remember_me_token_expires_at.utc.to_s).to eq (ts + 2 * 60 * 60 * 24).utc.to_s
+      expect(user.remember_me_token_expires_at.utc.to_s).to eq((ts + 2 * 60 * 60 * 24).utc.to_s)
     end
 
     context 'when not persisting globally' do

data/spec/shared_examples/user_reset_password_shared_examples.rb

@@ -14,6 +14,8 @@ shared_examples_for 'rails_3_reset_password_model' do
     context 'API' do
       specify { expect(user).to respond_to :deliver_reset_password_instructions! }
 
+      specify { expect(user).to respond_to :change_password }
+
       specify { expect(user).to respond_to :change_password! }
 
       it 'responds to .load_from_reset_password_token' do
@@ -214,6 +216,22 @@ shared_examples_for 'rails_3_reset_password_model' do
       expect(user.reset_password_token).not_to eq old_password_code
     end
 
+    describe '#increment_password_reset_page_access_counter' do
+      it 'increments reset_password_page_access_count_attribute_name' do
+        expected_count = user.access_count_to_reset_password_page + 1
+        user.increment_password_reset_page_access_counter
+        expect(user.access_count_to_reset_password_page).to eq expected_count
+      end
+    end
+
+    describe '#reset_password_reset_page_access_counter' do
+      it 'reset reset_password_page_access_count_attribute_name into 0' do
+        user.update(access_count_to_reset_password_page: 10)
+        user.reset_password_reset_page_access_counter
+        expect(user.access_count_to_reset_password_page).to eq 0
+      end
+    end
+
     context 'mailer is enabled' do
       it 'sends an email on reset' do
         old_size = ActionMailer::Base.deliveries.size
@@ -229,7 +247,7 @@ shared_examples_for 'rails_3_reset_password_model' do
       end
 
       it 'does not send an email if time between emails has not passed since last email' do
-        sorcery_model_property_set(:reset_password_time_between_emails, 10000)
+        sorcery_model_property_set(:reset_password_time_between_emails, 10_000)
         old_size = ActionMailer::Base.deliveries.size
         user.deliver_reset_password_instructions!
 
@@ -273,7 +291,7 @@ shared_examples_for 'rails_3_reset_password_model' do
       end
 
       it 'does not send an email if time between emails has not passed since last email' do
-        sorcery_model_property_set(:reset_password_time_between_emails, 10000)
+        sorcery_model_property_set(:reset_password_time_between_emails, 10_000)
         old_size = ActionMailer::Base.deliveries.size
         user.deliver_reset_password_instructions!
 
@@ -298,19 +316,33 @@ shared_examples_for 'rails_3_reset_password_model' do
       end
     end
 
-    it 'when change_password! is called, deletes reset_password_token' do
+    it 'when change_password! is called, deletes reset_password_token and calls #save!' do
       user.deliver_reset_password_instructions!
 
       expect(user.reset_password_token).not_to be_nil
+      expect(user).to_not receive(:save)
+      expect(user).to receive(:save!)
 
       user.change_password!('blabulsdf')
-      user.save!
+
+      expect(user.reset_password_token).to be_nil
+    end
+
+    it 'when change_password is called, deletes reset_password_token and calls #save' do
+      new_password = 'blabulsdf'
+
+      user.deliver_reset_password_instructions!
+      expect(user.reset_password_token).not_to be_nil
+      expect(user).to_not receive(:save!)
+      expect(user).to receive(:save)
+
+      user.change_password(new_password)
 
       expect(user.reset_password_token).to be_nil
     end
 
     it 'returns false if time between emails has not passed since last email' do
-      sorcery_model_property_set(:reset_password_time_between_emails, 10000)
+      sorcery_model_property_set(:reset_password_time_between_emails, 10_000)
       user.deliver_reset_password_instructions!
 
       expect(user.deliver_reset_password_instructions!).to be false