sorcery 0.12.0 → 0.13.0

data/lib/sorcery/model/submodules/external.rb

@@ -40,12 +40,13 @@ module Sorcery
           def load_from_provider(provider, uid)
             config = sorcery_config
             authentication = config.authentications_class.sorcery_adapter.find_by_oauth_credentials(provider, uid)
-            user = sorcery_adapter.find_by_id(authentication.send(config.authentications_user_id_attribute_name)) if authentication
+            # Return user if matching authentication found
+            sorcery_adapter.find_by_id(authentication.send(config.authentications_user_id_attribute_name)) if authentication
           end
 
           def create_and_validate_from_provider(provider, uid, attrs)
             user = new(attrs)
-            user.send(sorcery_config.authentications_class.to_s.downcase.pluralize).build(
+            user.send(sorcery_config.authentications_class.name.demodulize.underscore.pluralize).build(
               sorcery_config.provider_uid_attribute_name => uid,
               sorcery_config.provider_attribute_name => provider
             )
@@ -92,7 +93,7 @@ module Sorcery
 
         module InstanceMethods
           def add_provider_to_user(provider, uid)
-            authentications = sorcery_config.authentications_class.name.underscore.pluralize
+            authentications = sorcery_config.authentications_class.name.demodulize.underscore.pluralize
             # first check to see if user has a particular authentication already
             if sorcery_adapter.find_authentication_by_oauth_credentials(authentications, provider, uid).nil?
               user = send(authentications).build(sorcery_config.provider_uid_attribute_name => uid,

data/lib/sorcery/model/submodules/magic_login.rb

@@ -16,24 +16,18 @@ module Sorcery
                           :magic_login_token_expires_at_attribute_name, # expires at attribute name.
                           :magic_login_email_sent_at_attribute_name, # when was email sent, used for hammering
                           # protection.
-            
                           :magic_login_mailer_class, # mailer class. Needed.
-            
                           :magic_login_mailer_disabled, # when true sorcery will not automatically
                           # email magic login details and allow you to
                           # manually handle how and when email is sent
-            
                           :magic_login_email_method_name, # magic login email method on your
                           # mailer class.
-            
                           :magic_login_expiration_period, # how many seconds before the request
                           # expires. nil for never expires.
-            
                           :magic_login_time_between_emails # hammering protection, how long to wait
             # before allowing another email to be sent.
-          
           end
-          
+
           base.sorcery_config.instance_eval do
             @defaults.merge!(:@magic_login_token_attribute_name => :magic_login_token,
                              :@magic_login_token_expires_at_attribute_name => :magic_login_token_expires_at,
@@ -43,19 +37,18 @@ module Sorcery
                              :@magic_login_email_method_name => :magic_login_email,
                              :@magic_login_expiration_period => 15 * 60,
                              :@magic_login_time_between_emails => 5 * 60)
-            
+
             reset!
           end
-          
+
           base.extend(ClassMethods)
-          
+
           base.sorcery_config.after_config << :validate_mailer_defined
           base.sorcery_config.after_config << :define_magic_login_fields
-          
+
           base.send(:include, InstanceMethods)
-        
         end
-        
+
         module ClassMethods
           # Find user by token, also checks for expiration.
           # Returns the user if token found and is valid.
@@ -64,44 +57,45 @@ module Sorcery
             token_expiration_date_attr = @sorcery_config.magic_login_token_expires_at_attribute_name
             load_from_token(token, token_attr_name, token_expiration_date_attr)
           end
-          
+
           protected
-          
+
           # This submodule requires the developer to define his own mailer class to be used by it
           # when magic_login_mailer_disabled is false
           def validate_mailer_defined
-            msg = "To use magic_login submodule, you must define a mailer (config.magic_login_mailer_class = YourMailerClass)."
-            raise ArgumentError, msg if @sorcery_config.magic_login_mailer_class.nil? and @sorcery_config.magic_login_mailer_disabled == false
+            msg = 'To use magic_login submodule, you must define a mailer (config.magic_login_mailer_class = YourMailerClass).'
+            raise ArgumentError, msg if @sorcery_config.magic_login_mailer_class.nil? && @sorcery_config.magic_login_mailer_disabled == false
           end
-          
+
           def define_magic_login_fields
             sorcery_adapter.define_field sorcery_config.magic_login_token_attribute_name, String
             sorcery_adapter.define_field sorcery_config.magic_login_token_expires_at_attribute_name, Time
             sorcery_adapter.define_field sorcery_config.magic_login_email_sent_at_attribute_name, Time
           end
-        
         end
-        
+
         module InstanceMethods
           # generates a reset code with expiration
           def generate_magic_login_token!
             config = sorcery_config
-            attributes = {config.magic_login_token_attribute_name => TemporaryToken.generate_random_token,
-                          config.magic_login_email_sent_at_attribute_name => Time.now.in_time_zone}
+            attributes = {
+              config.magic_login_token_attribute_name => TemporaryToken.generate_random_token,
+              config.magic_login_email_sent_at_attribute_name => Time.now.in_time_zone
+            }
             attributes[config.magic_login_token_expires_at_attribute_name] = Time.now.in_time_zone + config.magic_login_expiration_period if config.magic_login_expiration_period
-            
-            self.sorcery_adapter.update_attributes(attributes)
+
+            sorcery_adapter.update_attributes(attributes)
           end
-          
+
           # generates a magic login code with expiration and sends an email to the user.
           def deliver_magic_login_instructions!
             mail = false
             config = sorcery_config
             # hammering protection
             return false if !config.magic_login_time_between_emails.nil? &&
-                self.send(config.magic_login_email_sent_at_attribute_name) &&
-                self.send(config.magic_login_email_sent_at_attribute_name) > config.magic_login_time_between_emails.seconds.ago
-            
+                            send(config.magic_login_email_sent_at_attribute_name) &&
+                            send(config.magic_login_email_sent_at_attribute_name) > config.magic_login_time_between_emails.seconds.ago
+
             self.class.sorcery_adapter.transaction do
               generate_magic_login_token!
               unless config.magic_login_mailer_disabled
@@ -111,23 +105,22 @@ module Sorcery
             end
             mail
           end
-          
+
           # Clears the token.
           def clear_magic_login_token!
             config = sorcery_config
-            self.sorcery_adapter.update_attributes({
-                                                       config.magic_login_token_attribute_name => nil,
-                                                       config.magic_login_token_expires_at_attribute_name => nil
-                                                   })
+            sorcery_adapter.update_attributes(
+              config.magic_login_token_attribute_name => nil,
+              config.magic_login_token_expires_at_attribute_name => nil
+            )
           end
-          
+
           protected
-          
+
           def send_magic_login_email!
             generic_send_email(:magic_login_email_method_name, :magic_login_mailer_class)
           end
         end
-      
       end
     end
   end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -101,20 +101,21 @@ module Sorcery
             config = sorcery_config
             # hammering protection
             return false if config.reset_password_time_between_emails.present? && send(config.reset_password_email_sent_at_attribute_name) && send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
+
             self.class.sorcery_adapter.transaction do
               generate_reset_password_token!
               mail = send_reset_password_email! unless config.reset_password_mailer_disabled
             end
             mail
           end
-          
+
           # Increment access_count_to_reset_password_page attribute.
           # For example, access_count_to_reset_password_page attribute is over 1, which
           # means the user doesn't have a right to access.
           def increment_password_reset_page_access_counter
-            sorcery_adapter.increment(self.sorcery_config.reset_password_page_access_count_attribute_name)
+            sorcery_adapter.increment(sorcery_config.reset_password_page_access_count_attribute_name)
           end
-          
+
           # Reset access_count_to_reset_password_page attribute into 0.
           # This is expected to be used after sending an instruction email.
           def reset_password_reset_page_access_counter
@@ -126,7 +127,7 @@ module Sorcery
           def change_password!(new_password)
             clear_reset_password_token
             send(:"#{sorcery_config.password_attribute_name}=", new_password)
-            sorcery_adapter.save
+            sorcery_adapter.save raise_on_failure: true
           end
 
           protected

data/lib/sorcery/model/submodules/user_activation.rb

@@ -45,7 +45,7 @@ module Sorcery
             # don't setup activation if no password supplied - this user is created automatically
             sorcery_adapter.define_callback :before, :create, :setup_activation, if: proc { |user| user.send(sorcery_config.password_attribute_name).present? }
             # don't send activation needed email if no crypted password created - this user is external (OAuth etc.)
-            sorcery_adapter.define_callback :after, :create, :send_activation_needed_email!, if: :send_activation_needed_email?
+            sorcery_adapter.define_callback :after, :commit, :send_activation_needed_email!, on: :create, if: :send_activation_needed_email?
           end
 
           base.sorcery_config.after_config << :validate_mailer_defined

data/lib/sorcery/protocols/oauth.rb

@@ -9,6 +9,7 @@ module Sorcery
 
       def get_request_token(token = nil, secret = nil)
         return ::OAuth::RequestToken.new(get_consumer, token, secret) if token && secret
+
         get_consumer.get_request_token(oauth_callback: @callback_url)
       end
 

data/lib/sorcery/providers/auth0.rb

@@ -0,0 +1,46 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with Auth0.com
+    #
+    #   config.auth0.key = <key>
+    #   config.auth0.secret = <secret>
+    #   config.auth0.domain = <domain>
+    #   ...
+    #
+    class Auth0 < Base
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :token_path, :user_info_path, :scope
+
+      def initialize
+        super
+
+        @auth_path      = '/authorize'
+        @token_path     = '/oauth/token'
+        @user_info_path = '/userinfo'
+        @scope          = 'openid profile email'
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = JSON.parse(response.body)
+          h[:uid] = h[:user_info]['sub']
+        end
+      end
+
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+
+        get_access_token(args, token_url: token_path, token_method: :post)
+      end
+    end
+  end
+end

data/lib/sorcery/providers/heroku.rb

@@ -45,6 +45,7 @@ module Sorcery
       # tries to login the user from access token
       def process_callback(params, _session)
         raise 'Invalid state. Potential Cross Site Forgery' if params[:state] != state
+
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end

data/lib/sorcery/providers/instagram.rb

@@ -0,0 +1,73 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with Instagram.com.
+    class Instagram < Base
+      include Protocols::Oauth2
+
+      attr_accessor :access_permissions, :token_url,
+                    :authorization_path, :user_info_path,
+                    :scope, :user_info_fields
+
+      def initialize
+        super
+
+        @site = 'https://api.instagram.com'
+        @token_url = '/oauth/access_token'
+        @authorization_path = '/oauth/authorize/'
+        @user_info_path = '/v1/users/self'
+        @scope = 'basic'
+      end
+
+      def self.included(base)
+        base.extend Sorcery::Providers
+      end
+
+      # provider implements method to build Oauth client
+      def login_url(_params, _session)
+        authorize_url(token_url: @token_url)
+      end
+
+      # overrides oauth2#authorize_url to allow customized scope.
+      def authorize_url(opts = {})
+        @scope = access_permissions.present? ? access_permissions.join(' ') : scope
+        super(opts.merge(token_url: @token_url))
+      end
+
+      # pass oauth2 param `code` provided by instgrm server
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+        get_access_token(
+          args,
+          token_url: @token_url,
+          client_id: @key,
+          client_secret: @secret
+        )
+      end
+
+      # see `user_info_mapping` in config/initializer,
+      # given `user_info_mapping` to specify
+      #   {:db_attribute_name => 'instagram_attr_name'}
+      # so that Sorcery can build AR model from attr names
+      #
+      # NOTE: instead of just getting the user info
+      # from the access_token (which already returns them),
+      # testing strategy relies on querying user_info_path
+      def get_user_hash(access_token)
+        call_api_params = {
+          access_token: access_token.token,
+          client_id: access_token[:client_id]
+        }
+        response = access_token.get(
+          "#{user_info_path}?#{call_api_params.to_param}"
+        )
+
+        user_attrs = {}
+        user_attrs[:user_info] = JSON.parse(response.body)['data']
+        user_attrs[:uid] = user_attrs[:user_info]['id']
+        user_attrs
+      end
+    end
+  end
+end

data/lib/sorcery/providers/linkedin.rb

@@ -31,7 +31,7 @@ module Sorcery
 
       def get_user_hash(access_token)
         # Always include id for provider uid and prevent accidental duplication via setting `user_info_field = ['id']` (needed in Sorcery 0.9.1)
-        info_fields = user_info_fields ? user_info_fields.reject{|n| n == 'id'} : []
+        info_fields = user_info_fields ? user_info_fields.reject { |n| n == 'id' } : []
         fields = info_fields.any? ? 'id,' + info_fields.join(',') : 'id'
         response = access_token.get("#{@user_info_path}:(#{fields})", 'x-li-format' => 'json')
 

data/lib/sorcery/providers/vk.rb

@@ -33,7 +33,7 @@ module Sorcery
         }
 
         response = access_token.get(user_info_url, params: params)
-        if user_hash[:user_info] = JSON.parse(response.body)
+        if (user_hash[:user_info] = JSON.parse(response.body))
           user_hash[:user_info] = user_hash[:user_info]['response'][0]
           user_hash[:user_info]['full_name'] = [user_hash[:user_info]['first_name'], user_hash[:user_info]['last_name']].join(' ')
 

data/lib/sorcery/providers/wechat.rb

@@ -37,10 +37,13 @@ module Sorcery
       end
 
       def get_user_hash(access_token)
-        response = access_token.get(user_info_path, params: {
-          access_token: access_token.token,
-          openid: access_token.params['openid'],
-        })
+        response = access_token.get(
+          user_info_path,
+          params: {
+            access_token: access_token.token,
+            openid: access_token.params['openid']
+          }
+        )
 
         {}.tap do |h|
           h[:user_info] = JSON.parse(response.body)
@@ -70,10 +73,9 @@ module Sorcery
           args,
           token_url: token_url,
           mode: mode,
-          param_name: param_name,
+          param_name: param_name
         )
       end
     end
   end
 end
-

data/lib/sorcery/test_helpers/internal.rb

@@ -17,7 +17,7 @@ module Sorcery
       # a patch to fix a bug in testing that happens when you 'destroy' a session twice.
       # After the first destroy, the session is an ordinary hash, and then when destroy
       # is called again there's an exception.
-      class ::Hash
+      class ::Hash # rubocop:disable Style/ClassAndModuleChildren
         def destroy
           clear
         end
@@ -69,9 +69,10 @@ module Sorcery
       def reload_user_class
         User && Object.send(:remove_const, 'User')
         load 'user.rb'
-        if User.respond_to?(:reset_column_information)
-          User.reset_column_information
-        end
+
+        return unless User.respond_to?(:reset_column_information)
+
+        User.reset_column_information
       end
     end
   end

data/lib/sorcery/test_helpers/internal/rails.rb

@@ -4,11 +4,11 @@ module Sorcery
       module Rails
         include ::Sorcery::TestHelpers::Rails::Controller
 
-        SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS = [
-          :register_last_activity_time_to_db,
-          :deny_banned_user,
-          :validate_session
-        ]
+        SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS = %i[
+          register_last_activity_time_to_db
+          deny_banned_user
+          validate_session
+        ].freeze
 
         def sorcery_reload!(submodules = [], options = {})
           reload_user_class
@@ -40,11 +40,11 @@ module Sorcery
             end
           end
           User.authenticates_with_sorcery!
-          if defined?(DataMapper) && User.ancestors.include?(DataMapper::Resource)
-            DataMapper.auto_migrate!
-            User.finalize
-            Authentication.finalize
-          end
+          return unless defined?(DataMapper) && User.ancestors.include?(DataMapper::Resource)
+
+          DataMapper.auto_migrate!
+          User.finalize
+          Authentication.finalize
         end
 
         def sorcery_controller_property_set(property, value)
@@ -64,7 +64,7 @@ module Sorcery
         end
 
         if ::Rails.version < '5.0.0'
-          %w(get post put).each do |method|
+          %w[get post put].each do |method|
             define_method(method) do |action, options = {}|
               super action, options[:params] || {}, options[:session]
             end