sorcery 0.12.0 → 0.13.0

data/.travis.yml

@@ -1,20 +1,15 @@
 language: ruby
 rvm:
-  - jruby
   - 2.2.9
   - 2.3.6
   - 2.4.3
   - 2.5.0
 
-env:
-  global:
-    - JRUBY_OPTS="--2.0"
-
 gemfile:
   - Gemfile
-  - gemfiles/active_record-rails40.gemfile
-  - gemfiles/active_record-rails41.gemfile
-  - gemfiles/active_record-rails42.gemfile
+  - gemfiles/active_record_rails_40.gemfile
+  - gemfiles/active_record_rails_41.gemfile
+  - gemfiles/active_record_rails_42.gemfile
 
 before_script:
   - mysql -e 'create database sorcery_test;'
@@ -24,25 +19,20 @@ before_install:
   - gem update bundler
 
 matrix:
-  allow_failures:
-    - rvm: jruby
-
   exclude:
     - rvm: 2.2.9
-      gemfile: gemfiles/active_record-rails40.gemfile
+      gemfile: gemfiles/active_record_rails_40.gemfile
     - rvm: 2.3.6
-      gemfile: gemfiles/active_record-rails40.gemfile
+      gemfile: gemfiles/active_record_rails_40.gemfile
     - rvm: 2.4.3
-      gemfile: gemfiles/active_record-rails40.gemfile
+      gemfile: gemfiles/active_record_rails_40.gemfile
     - rvm: 2.4.3
-      gemfile: gemfiles/active_record-rails41.gemfile
+      gemfile: gemfiles/active_record_rails_41.gemfile
     - rvm: 2.4.3
-      gemfile: gemfiles/active_record-rails42.gemfile
+      gemfile: gemfiles/active_record_rails_42.gemfile
     - rvm: 2.5.0
-      gemfile: gemfiles/active_record-rails40.gemfile
+      gemfile: gemfiles/active_record_rails_40.gemfile
     - rvm: 2.5.0
-      gemfile: gemfiles/active_record-rails41.gemfile
+      gemfile: gemfiles/active_record_rails_41.gemfile
     - rvm: 2.5.0
-      gemfile: gemfiles/active_record-rails42.gemfile
-    - rvm: jruby
-      gemfile: Gemfile
+      gemfile: gemfiles/active_record_rails_42.gemfile

data/CHANGELOG.md

@@ -1,6 +1,22 @@
 # Changelog
 ## HEAD
 
+## 0.13.0
+
+* Add support for Rails 5.2 / Ruby 2.5 [#129](https://github.com/Sorcery/sorcery/pull/129)
+* Fix migration files not being generated [#128](https://github.com/Sorcery/sorcery/pull/128)
+* Add support for ActionController::API [#133](https://github.com/Sorcery/sorcery/pull/133), [#150](https://github.com/Sorcery/sorcery/pull/150), [#159](https://github.com/Sorcery/sorcery/pull/159)
+* Update activation email to use after_commit callback [#130](https://github.com/Sorcery/sorcery/pull/130)
+* Add opt-in `invalidate_active_sessions!` method [#110](https://github.com/Sorcery/sorcery/pull/110)
+* Pass along `remember_me` to `#auto_login` [#136](https://github.com/Sorcery/sorcery/pull/136)
+* Respect SessionTimeout on login via RememberMe [#102](https://github.com/Sorcery/sorcery/pull/102)
+* Added `demodulize` on authentication class name association name fetch [#147](https://github.com/Sorcery/sorcery/pull/147)
+* Remove Gemnasium badge [#140](https://github.com/Sorcery/sorcery/pull/140)
+* Add Instragram provider [#51](https://github.com/Sorcery/sorcery/pull/51)
+* Remove `publish_actions` permission for facebook [#139](https://github.com/Sorcery/sorcery/pull/139)
+* Prepare for 1.0.0 [#157](https://github.com/Sorcery/sorcery/pull/157)
+* Add Auth0 provider [#160](https://github.com/Sorcery/sorcery/pull/160)
+
 ## 0.12.0
 
 * Fix magic_login not inheriting from migration_class_name [#99](https://github.com/Sorcery/sorcery/pull/99)

data/Gemfile

@@ -1,8 +1,8 @@
 source 'https://rubygems.org'
 
-gem 'rails', '~> 5.1.0'
+gem 'pry'
+gem 'rails', '~> 5.2.0'
 gem 'rails-controller-testing'
 gem 'sqlite3'
-gem 'pry'
 
 gemspec

data/{LICENSE.txt → LICENSE.md}

@@ -1,4 +1,4 @@
-Copyright (c) 2010 Noam Ben-Ari <mailto:nbenari@gmail.com>
+Copyright (c) 2010 [Noam Ben-Ari](mailto:nbenari@gmail.com)
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -3,7 +3,6 @@
 [![Gem Version](https://badge.fury.io/rb/sorcery.svg)](https://rubygems.org/gems/sorcery)
 [![Gem Downloads](https://img.shields.io/gem/dt/sorcery.svg)](https://rubygems.org/gems/sorcery)
 [![Build Status](https://travis-ci.org/Sorcery/sorcery.svg?branch=master)](https://travis-ci.org/Sorcery/sorcery)
-[![Dependency Status](https://gemnasium.com/badges/github.com/Sorcery/sorcery.svg)](https://gemnasium.com/github.com/Sorcery/sorcery)
 [![Code Climate](https://codeclimate.com/github/Sorcery/sorcery.svg)](https://codeclimate.com/github/Sorcery/sorcery)
 [![Inline docs](http://inch-ci.org/github/Sorcery/sorcery.svg?branch=master)](http://inch-ci.org/github/Sorcery/sorcery)
 [![Join the chat at https://gitter.im/Sorcery/sorcery](https://badges.gitter.im/join_chat.svg)](https://gitter.im/Sorcery/sorcery?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
@@ -103,6 +102,12 @@ User.load_from_reset_password_token(token)
 @user.change_password!(new_password)
 ```
 
+### Session Timeout
+
+```ruby
+invalidate_active_sessions! #Invalidate all sessions with a login_time or last_action_time before the current time. Must Opt-in
+```
+
 ### User Activation
 
 ```ruby
@@ -184,6 +189,7 @@ Inside the initializer, the comments will tell you what each setting does.
 
 - Configurable session timeout
 - Optionally session timeout will be calculated from last user action
+- Optionally enable a method to clear all active sessions, expects an `invalidate_sessions_before` datetime attribute.
 
 **Brute Force Protection** (see [lib/sorcery/model/submodules/brute_force_protection.rb](https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/model/submodules/brute_force_protection.rb)):
 

data/gemfiles/{active_record-rails40.gemfile → active_record_rails_40.gemfile}

@@ -1,7 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'sqlite3', platform: :mri
-gem 'activerecord-jdbcsqlite3-adapter', platform: :jruby
 gem 'rails', '~> 4.0.1'
+gem 'sqlite3', platform: :mri
 
 gemspec path: '..'

data/gemfiles/{active_record-rails41.gemfile → active_record_rails_41.gemfile}

@@ -1,7 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'sqlite3', platform: :mri
-gem 'activerecord-jdbcsqlite3-adapter', platform: :jruby
 gem 'rails', '~> 4.1.0'
+gem 'sqlite3', platform: :mri
 
 gemspec path: '..'

data/gemfiles/{active_record-rails42.gemfile → active_record_rails_42.gemfile}

@@ -1,7 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'sqlite3', platform: :mri
-gem 'activerecord-jdbcsqlite3-adapter', platform: :jruby
 gem 'rails', '~> 4.2.0'
+gem 'sqlite3', platform: :mri
 
 gemspec path: '..'

data/lib/generators/sorcery/USAGE

@@ -1,6 +1,6 @@
 Description:
   Generates the necessary files to get you up and running with Sorcery gem
-  
+
 Examples:
   rails generate sorcery:install
 

data/lib/generators/sorcery/install_generator.rb

@@ -7,7 +7,7 @@ module Sorcery
       include Rails::Generators::Migration
       include Sorcery::Generators::Helpers
 
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path('templates', __dir__)
 
       argument :submodules, optional: true, type: :array, banner: 'submodules'
 
@@ -21,9 +21,9 @@ module Sorcery
                                      desc: "Specify if you want to add submodules to an existing model\n\t\t\t     # (will generate migrations files, and add submodules to config file)"
 
       def check_deprecated_options
-        if options[:migrations]
-          warn('[DEPRECATED] `--migrations` option is deprecated, please use `--only-submodules` instead')
-        end
+        return unless options[:migrations]
+
+        warn('[DEPRECATED] `--migrations` option is deprecated, please use `--only-submodules` instead')
       end
 
       # Copy the initializer file to config/initializers folder.
@@ -33,23 +33,22 @@ module Sorcery
 
       def configure_initializer_file
         # Add submodules to the initializer file.
-        if submodules
-          submodule_names = submodules.collect { |submodule| ':' + submodule }
+        return unless submodules
 
-          gsub_file sorcery_config_path, /submodules = \[.*\]/ do |str|
-            current_submodule_names = (str =~ /\[(.*)\]/ ? Regexp.last_match(1) : '').delete(' ').split(',')
-            "submodules = [#{(current_submodule_names | submodule_names).join(', ')}]"
-          end
+        submodule_names = submodules.collect { |submodule| ':' + submodule }
+
+        gsub_file sorcery_config_path, /submodules = \[.*\]/ do |str|
+          current_submodule_names = (str =~ /\[(.*)\]/ ? Regexp.last_match(1) : '').delete(' ').split(',')
+          "submodules = [#{(current_submodule_names | submodule_names).join(', ')}]"
         end
       end
 
       def configure_model
         # Generate the model and add 'authenticates_with_sorcery!' unless you passed --only-submodules
-        unless only_submodules?
-          generate "model #{model_class_name} --skip-migration"
+        return if only_submodules?
 
-          inject_sorcery_to_model
-        end
+        generate "model #{model_class_name} --skip-migration"
+        inject_sorcery_to_model
       end
 
       def inject_sorcery_to_model
@@ -61,14 +60,15 @@ module Sorcery
       # Copy the migrations files to db/migrate folder
       def copy_migration_files
         # Copy core migration file in all cases except when you pass --only-submodules.
-        return unless defined?(Sorcery::Generators::InstallGenerator::ActiveRecord)
+        return unless defined?(ActiveRecord)
+
         migration_template 'migration/core.rb', 'db/migrate/sorcery_core.rb', migration_class_name: migration_class_name unless only_submodules?
 
-        if submodules
-          submodules.each do |submodule|
-            unless submodule == 'http_basic_auth' || submodule == 'session_timeout' || submodule == 'core'
-              migration_template "migration/#{submodule}.rb", "db/migrate/sorcery_#{submodule}.rb", migration_class_name: migration_class_name
-            end
+        return unless submodules
+
+        submodules.each do |submodule|
+          unless %w[http_basic_auth session_timeout core].include?(submodule)
+            migration_template "migration/#{submodule}.rb", "db/migrate/sorcery_#{submodule}.rb", migration_class_name: migration_class_name
           end
         end
       end
@@ -79,7 +79,7 @@ module Sorcery
           sleep 1 # make sure each time we get a different timestamp
           Time.new.utc.strftime('%Y%m%d%H%M%S')
         else
-          '%.3d' % (current_migration_number(dirname) + 1)
+          format('%.3d', (current_migration_number(dirname) + 1))
         end
       end
 

data/lib/generators/sorcery/templates/initializer.rb

@@ -46,6 +46,11 @@ Rails.application.config.sorcery.configure do |config|
   #
   # config.session_timeout_from_last_action =
 
+  # Invalidate active sessions Requires an `invalidate_sessions_before` timestamp column
+  # Default: `false`
+  #
+  # config.session_timeout_invalidate_active_sessions_enabled =
+
   # -- http_basic_auth --
   # What realm to display for which controller name. For example {"My App" => "Application"}
   # Default: `{"application" => "Application"}`
@@ -114,11 +119,17 @@ Rails.application.config.sorcery.configure do |config|
   # config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
   # config.facebook.user_info_path = "me?fields=email"
   # config.facebook.user_info_mapping = {:email => "email"}
-  # config.facebook.access_permissions = ["email", "publish_actions"]
+  # config.facebook.access_permissions = ["email"]
   # config.facebook.display = "page"
   # config.facebook.api_version = "v2.3"
   # config.facebook.parse = :json
   #
+  # config.instagram.key = ""
+  # config.instagram.secret = ""
+  # config.instagram.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=instagram"
+  # config.instagram.user_info_mapping = {:email => "username"}
+  # config.instagram.access_permissions = ["basic", "public_content", "follower_list", "comments", "relationships", "likes"]
+  #
   # config.github.key = ""
   # config.github.secret = ""
   # config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
@@ -134,6 +145,13 @@ Rails.application.config.sorcery.configure do |config|
   # config.wechat.secret = ""
   # config.wechat.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=wechat"
   #
+  # For Auth0, site is required and should match the domain provided by Auth0.
+  #
+  # config.auth0.key = ""
+  # config.auth0.secret = ""
+  # config.auth0.callback_url = "https://0.0.0.0:3000/oauth/callback?provider=auth0"
+  # config.auth0.site = "https://example.auth0.com"
+  #
   # config.google.key = ""
   # config.google.secret = ""
   # config.google.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=google"

data/lib/sorcery/adapters/active_record_adapter.rb

@@ -35,7 +35,7 @@ module Sorcery
         end
 
         def define_callback(time, event, method_name, options = {})
-          @klass.send "#{time}_#{event}", method_name, options.slice(:if)
+          @klass.send "#{time}_#{event}", method_name, options.slice(:if, :on)
         end
 
         def find_by_oauth_credentials(provider, uid)

data/lib/sorcery/adapters/mongoid_adapter.rb

@@ -10,7 +10,7 @@ module Sorcery
           attrs[name] = value.utc if value.is_a?(ActiveSupport::TimeWithZone)
           @model.send(:"#{name}=", value)
         end
-        @model.class.where(:_id => @model.id).update_all(attrs)
+        @model.class.where(_id: @model.id).update_all(attrs)
       end
 
       def update_attribute(name, value)
@@ -23,21 +23,29 @@ module Sorcery
       end
 
       def mongoid_4?
-        Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new("4.0.0.alpha")
+        Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new('4.0.0.alpha')
       end
 
       class << self
-
-        def define_field(name, type, options={})
+        def define_field(name, type, options = {})
           @klass.field name, options.slice(:default).merge(type: type)
         end
 
-        def define_callback(time, event, method_name, options={})
-          @klass.send "#{time}_#{event}", method_name, options.slice(:if)
+        def define_callback(time, event, method_name, options = {})
+          @klass.send callback_name(time, event, options), method_name, options.slice(:if)
+        end
+
+        def callback_name(time, event, options)
+          if event == :commit
+            options[:on] == :create ? "#{time}_create" : "#{time}_save"
+          else
+            "#{time}_#{event}"
+          end
         end
 
         def credential_regex(credential)
-          return { :$regex =>  /^#{Regexp.escape(credential)}$/i  } if (@klass.sorcery_config.downcase_username_before_authenticating)
+          return { :$regex => /^#{Regexp.escape(credential)}$/i } if @klass.sorcery_config.downcase_username_before_authenticating
+
           credential
         end
 
@@ -73,7 +81,7 @@ module Sorcery
         end
 
         def find_by_username(username)
-          query = @klass.sorcery_config.username_attribute_names.map {|name| {name => username}}
+          query = @klass.sorcery_config.username_attribute_names.map { |name| { name => username } }
           @klass.any_of(*query).first
         end
 
@@ -87,9 +95,13 @@ module Sorcery
 
         def get_current_users
           config = @klass.sorcery_config
-          @klass.where(config.last_activity_at_attribute_name.ne => nil) \
-          .where("this.#{config.last_logout_at_attribute_name} == null || this.#{config.last_activity_at_attribute_name} > this.#{config.last_logout_at_attribute_name}") \
-          .where(config.last_activity_at_attribute_name.gt => config.activity_timeout.seconds.ago.utc).order_by([:_id,:asc])
+          @klass.where(
+            config.last_activity_at_attribute_name.ne => nil
+          ).where(
+            "this.#{config.last_logout_at_attribute_name} == null || this.#{config.last_activity_at_attribute_name} > this.#{config.last_logout_at_attribute_name}"
+          ).where(
+            config.last_activity_at_attribute_name.gt => config.activity_timeout.seconds.ago.utc
+          ).order_by(%i[_id asc])
         end
       end
     end

data/lib/sorcery/controller.rb

@@ -4,11 +4,14 @@ module Sorcery
       klass.class_eval do
         include InstanceMethods
         Config.submodules.each do |mod|
+          # FIXME: Is there a cleaner way to handle missing submodules?
+          # rubocop:disable Lint/HandleExceptions
           begin
             include Submodules.const_get(mod.to_s.split('_').map(&:capitalize).join)
           rescue NameError
             # don't stop on a missing submodule.
           end
+          # rubocop:enable Lint/HandleExceptions
         end
       end
       Config.update!
@@ -20,10 +23,10 @@ module Sorcery
       # Will trigger auto-login attempts via the call to logged_in?
       # If all attempts to auto-login fail, the failure callback will be called.
       def require_login
-        unless logged_in?
-          session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr?
-          send(Config.not_authenticated_action)
-        end
+        return if logged_in?
+
+        session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr?
+        send(Config.not_authenticated_action)
       end
 
       # Takes credentials and returns a user on successful authentication.
@@ -37,7 +40,10 @@ module Sorcery
 
             yield(user, failure_reason) if block_given?
 
+            # FIXME: Does using `break` or `return nil` change functionality?
+            # rubocop:disable Lint/NonLocalExitFromIterator
             return
+            # rubocop:enable Lint/NonLocalExitFromIterator
           end
 
           old_session = session.dup.to_hash
@@ -47,30 +53,26 @@ module Sorcery
           end
           form_authenticity_token
 
-          auto_login(user)
+          auto_login(user, credentials[2])
           after_login!(user, credentials)
 
           block_given? ? yield(current_user, nil) : current_user
         end
       end
 
-      # put this into the catch block to rescue undefined method `destroy_session'
-      # hotfix for https://github.com/NoamB/sorcery/issues/464
-      # can be removed when Rails 4.1 is out
       def reset_sorcery_session
         reset_session # protect from session fixation attacks
-      rescue NoMethodError
       end
 
       # Resets the session and runs hooks before and after.
       def logout
-        if logged_in?
-          user = current_user
-          before_logout!
-          @current_user = nil
-          reset_sorcery_session
-          after_logout!(user)
-        end
+        return unless logged_in?
+
+        user = current_user
+        before_logout!
+        @current_user = nil
+        reset_sorcery_session
+        after_logout!(user)
       end
 
       def logged_in?
@@ -153,6 +155,10 @@ module Sorcery
         Config.after_logout.each { |c| send(c, user) }
       end
 
+      def after_remember_me!(user)
+        Config.after_remember_me.each { |c| send(c, user) }
+      end
+
       def user_class
         @user_class ||= Config.user_class.to_s.constantize
       rescue NameError