sorcery 0.13.0 → 0.16.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (67) hide show
  1. checksums.yaml +4 -4
  2. data/.github/FUNDING.yml +1 -0
  3. data/.github/PULL_REQUEST_TEMPLATE.md +5 -0
  4. data/.github/workflows/ruby.yml +49 -0
  5. data/.rubocop.yml +2 -2
  6. data/.rubocop_todo.yml +157 -1
  7. data/CHANGELOG.md +49 -0
  8. data/CODE_OF_CONDUCT.md +14 -0
  9. data/Gemfile +1 -1
  10. data/README.md +4 -4
  11. data/Rakefile +3 -1
  12. data/SECURITY.md +19 -0
  13. data/gemfiles/rails_52.gemfile +7 -0
  14. data/gemfiles/rails_60.gemfile +7 -0
  15. data/lib/generators/sorcery/helpers.rb +4 -0
  16. data/lib/generators/sorcery/templates/initializer.rb +111 -85
  17. data/lib/generators/sorcery/templates/migration/activity_logging.rb +5 -5
  18. data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +4 -4
  19. data/lib/generators/sorcery/templates/migration/core.rb +4 -4
  20. data/lib/generators/sorcery/templates/migration/external.rb +3 -3
  21. data/lib/generators/sorcery/templates/migration/magic_login.rb +4 -4
  22. data/lib/generators/sorcery/templates/migration/remember_me.rb +3 -3
  23. data/lib/generators/sorcery/templates/migration/reset_password.rb +5 -5
  24. data/lib/generators/sorcery/templates/migration/user_activation.rb +4 -4
  25. data/lib/sorcery/adapters/active_record_adapter.rb +2 -2
  26. data/lib/sorcery/controller.rb +4 -1
  27. data/lib/sorcery/controller/config.rb +6 -6
  28. data/lib/sorcery/controller/submodules/activity_logging.rb +5 -3
  29. data/lib/sorcery/controller/submodules/external.rb +4 -1
  30. data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -0
  31. data/lib/sorcery/controller/submodules/remember_me.rb +2 -1
  32. data/lib/sorcery/controller/submodules/session_timeout.rb +2 -0
  33. data/lib/sorcery/crypto_providers/aes256.rb +1 -1
  34. data/lib/sorcery/crypto_providers/bcrypt.rb +6 -1
  35. data/lib/sorcery/engine.rb +7 -1
  36. data/lib/sorcery/model.rb +6 -5
  37. data/lib/sorcery/model/config.rb +5 -0
  38. data/lib/sorcery/model/submodules/magic_login.rb +7 -4
  39. data/lib/sorcery/model/submodules/reset_password.rb +6 -2
  40. data/lib/sorcery/providers/battlenet.rb +51 -0
  41. data/lib/sorcery/providers/discord.rb +52 -0
  42. data/lib/sorcery/providers/line.rb +63 -0
  43. data/lib/sorcery/providers/linkedin.rb +45 -36
  44. data/lib/sorcery/providers/vk.rb +1 -1
  45. data/lib/sorcery/version.rb +1 -1
  46. data/sorcery.gemspec +5 -6
  47. data/spec/controllers/controller_oauth2_spec.rb +41 -6
  48. data/spec/controllers/controller_oauth_spec.rb +6 -0
  49. data/spec/controllers/controller_remember_me_spec.rb +15 -12
  50. data/spec/controllers/controller_spec.rb +11 -1
  51. data/spec/providers/example_provider_spec.rb +17 -0
  52. data/spec/providers/example_spec.rb +17 -0
  53. data/spec/rails_app/app/assets/config/manifest.js +1 -0
  54. data/spec/rails_app/app/controllers/application_controller.rb +2 -0
  55. data/spec/rails_app/app/controllers/sorcery_controller.rb +69 -1
  56. data/spec/rails_app/config/routes.rb +10 -0
  57. data/spec/shared_examples/user_reset_password_shared_examples.rb +18 -2
  58. data/spec/shared_examples/user_shared_examples.rb +63 -0
  59. data/spec/sorcery_crypto_providers_spec.rb +60 -0
  60. data/spec/support/migration_helper.rb +12 -2
  61. data/spec/support/providers/example.rb +11 -0
  62. data/spec/support/providers/example_provider.rb +11 -0
  63. metadata +25 -15
  64. data/.travis.yml +0 -38
  65. data/gemfiles/active_record_rails_40.gemfile +0 -6
  66. data/gemfiles/active_record_rails_41.gemfile +0 -6
  67. data/gemfiles/active_record_rails_42.gemfile +0 -6
@@ -0,0 +1,52 @@
1
+ module Sorcery
2
+ module Providers
3
+ # This class adds support for OAuth with discordapp.com
4
+
5
+ class Discord < Base
6
+ include Protocols::Oauth2
7
+
8
+ attr_accessor :auth_path, :scope, :token_url, :user_info_path
9
+
10
+ def initialize
11
+ super
12
+
13
+ @scope = 'identify'
14
+ @site = 'https://discordapp.com/'
15
+ @auth_path = '/api/oauth2/authorize'
16
+ @token_url = '/api/oauth2/token'
17
+ @user_info_path = '/api/users/@me'
18
+ @state = SecureRandom.hex(16)
19
+ end
20
+
21
+ def get_user_hash(access_token)
22
+ response = access_token.get(user_info_path)
23
+ body = JSON.parse(response.body)
24
+ auth_hash(access_token).tap do |h|
25
+ h[:user_info] = body
26
+ h[:uid] = body['id']
27
+ end
28
+ end
29
+
30
+ # calculates and returns the url to which the user should be redirected,
31
+ # to get authenticated at the external provider's site.
32
+ def login_url(_params, _session)
33
+ authorize_url(authorize_url: auth_path)
34
+ end
35
+
36
+ # tries to login the user from access token
37
+ def process_callback(params, _session)
38
+ args = {}.tap do |a|
39
+ a[:code] = params[:code] if params[:code]
40
+ end
41
+ get_access_token(
42
+ args,
43
+ token_url: token_url,
44
+ client_id: @key,
45
+ client_secret: @secret,
46
+ grant_type: 'authorization_code',
47
+ token_method: :post
48
+ )
49
+ end
50
+ end
51
+ end
52
+ end
@@ -0,0 +1,63 @@
1
+ module Sorcery
2
+ module Providers
3
+ # This class adds support for OAuth with line.com.
4
+ #
5
+ # config.line.key = <key>
6
+ # config.line.secret = <secret>
7
+ # ...
8
+ #
9
+ class Line < Base
10
+ include Protocols::Oauth2
11
+
12
+ attr_accessor :token_url, :user_info_path, :auth_path, :scope, :bot_prompt
13
+
14
+ def initialize
15
+ super
16
+
17
+ @site = 'https://access.line.me'
18
+ @user_info_path = 'https://api.line.me/v2/profile'
19
+ @token_url = 'https://api.line.me/oauth2/v2.1/token'
20
+ @auth_path = 'oauth2/v2.1/authorize'
21
+ @scope = 'profile'
22
+ end
23
+
24
+ def get_user_hash(access_token)
25
+ response = access_token.get(user_info_path)
26
+ auth_hash(access_token).tap do |h|
27
+ h[:user_info] = JSON.parse(response.body)
28
+ h[:uid] = h[:user_info]['userId'].to_s
29
+ end
30
+ end
31
+
32
+ # calculates and returns the url to which the user should be redirected,
33
+ # to get authenticated at the external provider's site.
34
+ def login_url(_params, _session)
35
+ @state = SecureRandom.hex(16)
36
+ authorize_url(authorize_url: auth_path)
37
+ end
38
+
39
+ # overrides oauth2#authorize_url to add bot_prompt query.
40
+ def authorize_url(options = {})
41
+ options.merge!({
42
+ connection_opts: { params: { bot_prompt: bot_prompt } }
43
+ }) if bot_prompt.present?
44
+
45
+ super(options)
46
+ end
47
+
48
+ # tries to login the user from access token
49
+ def process_callback(params, _session)
50
+ args = {}.tap do |a|
51
+ a[:code] = params[:code] if params[:code]
52
+ end
53
+
54
+ get_access_token(
55
+ args,
56
+ token_url: token_url,
57
+ token_method: :post,
58
+ grant_type: 'authorization_code'
59
+ )
60
+ end
61
+ end
62
+ end
63
+ end
@@ -1,65 +1,74 @@
1
1
  module Sorcery
2
2
  module Providers
3
- # This class adds support for OAuth with Linkedin.com.
3
+ # This class adds support for OAuth with LinkedIn.
4
4
  #
5
5
  # config.linkedin.key = <key>
6
6
  # config.linkedin.secret = <secret>
7
7
  # ...
8
8
  #
9
9
  class Linkedin < Base
10
- include Protocols::Oauth
10
+ include Protocols::Oauth2
11
11
 
12
- attr_accessor :authorize_path, :access_permissions, :access_token_path,
13
- :request_token_path, :user_info_fields, :user_info_path
12
+ attr_accessor :auth_url, :scope, :token_url, :user_info_url, :email_info_url
14
13
 
15
14
  def initialize
16
- @configuration = {
17
- site: 'https://api.linkedin.com',
18
- authorize_path: '/uas/oauth/authenticate',
19
- request_token_path: '/uas/oauth/requestToken',
20
- access_token_path: '/uas/oauth/accessToken'
21
- }
22
- @user_info_path = '/v1/people/~'
23
- end
15
+ super
24
16
 
25
- # Override included get_consumer method to provide authorize_path
26
- def get_consumer
27
- # Add access permissions to request token path
28
- @configuration[:request_token_path] += '?scope=' + access_permissions.join('+') unless access_permissions.blank? || @configuration[:request_token_path].include?('?scope=')
29
- ::OAuth::Consumer.new(@key, @secret, @configuration)
17
+ @site = 'https://api.linkedin.com'
18
+ @auth_url = '/oauth/v2/authorization'
19
+ @token_url = '/oauth/v2/accessToken'
20
+ @user_info_url = 'https://api.linkedin.com/v2/me'
21
+ @email_info_url = 'https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))'
22
+ @scope = 'r_liteprofile r_emailaddress'
23
+ @state = SecureRandom.hex(16)
30
24
  end
31
25
 
32
26
  def get_user_hash(access_token)
33
- # Always include id for provider uid and prevent accidental duplication via setting `user_info_field = ['id']` (needed in Sorcery 0.9.1)
34
- info_fields = user_info_fields ? user_info_fields.reject { |n| n == 'id' } : []
35
- fields = info_fields.any? ? 'id,' + info_fields.join(',') : 'id'
36
- response = access_token.get("#{@user_info_path}:(#{fields})", 'x-li-format' => 'json')
27
+ user_info = get_user_info(access_token)
37
28
 
38
29
  auth_hash(access_token).tap do |h|
39
- h[:user_info] = JSON.parse(response.body)
40
- h[:uid] = h[:user_info]['id'].to_s
30
+ h[:user_info] = user_info
31
+ h[:uid] = h[:user_info]['id']
41
32
  end
42
33
  end
43
34
 
44
35
  # calculates and returns the url to which the user should be redirected,
45
36
  # to get authenticated at the external provider's site.
46
- def login_url(_params, session)
47
- req_token = get_request_token
48
- session[:request_token] = req_token.token
49
- session[:request_token_secret] = req_token.secret
50
- authorize_url(request_token: req_token.token, request_token_secret: req_token.secret)
37
+ def login_url(_params, _session)
38
+ authorize_url(authorize_url: auth_url)
51
39
  end
52
40
 
53
41
  # tries to login the user from access token
54
- def process_callback(params, session)
55
- args = {
56
- oauth_verifier: params[:oauth_verifier],
57
- request_token: session[:request_token],
58
- request_token_secret: session[:request_token_secret]
59
- }
42
+ def process_callback(params, _session)
43
+ args = {}.tap do |a|
44
+ a[:code] = params[:code] if params[:code]
45
+ end
46
+
47
+ get_access_token(args, token_url: token_url, token_method: :post)
48
+ end
49
+
50
+ def get_user_info(access_token)
51
+ response = access_token.get(user_info_url)
52
+ user_info = JSON.parse(response.body)
53
+
54
+ if email_in_scope?
55
+ email = fetch_email(access_token)
56
+
57
+ return user_info.merge(email)
58
+ end
59
+
60
+ user_info
61
+ end
62
+
63
+ def email_in_scope?
64
+ scope.include?('r_emailaddress')
65
+ end
66
+
67
+ def fetch_email(access_token)
68
+ email_response = access_token.get(email_info_url)
69
+ email_info = JSON.parse(email_response.body)['elements'].first
60
70
 
61
- args[:code] = params[:code] if params[:code]
62
- get_access_token(args)
71
+ email_info['handle~']
63
72
  end
64
73
  end
65
74
  end
@@ -37,7 +37,7 @@ module Sorcery
37
37
  user_hash[:user_info] = user_hash[:user_info]['response'][0]
38
38
  user_hash[:user_info]['full_name'] = [user_hash[:user_info]['first_name'], user_hash[:user_info]['last_name']].join(' ')
39
39
 
40
- user_hash[:uid] = user_hash[:user_info]['uid']
40
+ user_hash[:uid] = user_hash[:user_info]['id']
41
41
  user_hash[:user_info]['email'] = access_token.params['email']
42
42
  end
43
43
  user_hash
@@ -1,3 +1,3 @@
1
1
  module Sorcery
2
- VERSION = '0.13.0'.freeze
2
+ VERSION = '0.16.1'.freeze
3
3
  end
data/sorcery.gemspec CHANGED
@@ -14,28 +14,27 @@ Gem::Specification.new do |s|
14
14
  'Josh Buker'
15
15
  ]
16
16
  s.email = [
17
- 'chase.gilliam@gmail.com',
18
- 'contact@joshbuker.com'
17
+ 'crypto@joshbuker.com'
19
18
  ]
20
19
 
21
20
  # TODO: Cleanup formatting.
22
- # rubocop:disable Metrics/LineLength
21
+ # rubocop:disable Layout/LineLength
23
22
  s.description = 'Provides common authentication needs such as signing in/out, activating by email and resetting password.'
24
23
  s.summary = 'Magical authentication for Rails applications'
25
24
  s.homepage = 'https://github.com/Sorcery/sorcery'
26
25
  s.post_install_message = "As of version 1.0 oauth/oauth2 won't be automatically bundled so you may need to add those dependencies to your Gemfile.\n"
27
26
  s.post_install_message += 'You may need oauth2 if you use external providers such as any of these: https://github.com/Sorcery/sorcery/tree/master/lib/sorcery/providers'
28
- # rubocop:enable Metrics/LineLength
27
+ # rubocop:enable Layout/LineLength
29
28
 
30
29
  s.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
31
30
  s.require_paths = ['lib']
32
31
 
33
32
  s.licenses = ['MIT']
34
33
 
35
- s.required_ruby_version = '>= 2.2.9'
34
+ s.required_ruby_version = '>= 2.4.9'
36
35
 
37
36
  s.add_dependency 'bcrypt', '~> 3.1'
38
- s.add_dependency 'oauth', '~> 0.4', '>= 0.4.4'
37
+ s.add_dependency 'oauth', '~> 0.5', '>= 0.5.5'
39
38
  s.add_dependency 'oauth2', '~> 1.0', '>= 0.8.0'
40
39
 
41
40
  s.add_development_dependency 'byebug', '~> 10.0.0'
@@ -116,12 +116,21 @@ describe SorceryController, active_record: true, type: :controller do
116
116
  end
117
117
 
118
118
  context 'when callback_url begin with http://' do
119
+ before do
120
+ sorcery_controller_external_property_set(:facebook, :callback_url, '/oauth/twitter/callback')
121
+ sorcery_controller_external_property_set(:facebook, :api_version, 'v2.2')
122
+ end
123
+
119
124
  it 'login_at redirects correctly' do
120
125
  create_new_user
121
126
  get :login_at_test_facebook
122
127
  expect(response).to be_a_redirect
123
128
  expect(response).to redirect_to("https://www.facebook.com/v2.2/dialog/oauth?client_id=#{::Sorcery::Controller::Config.facebook.key}&display=page&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&response_type=code&scope=email&state")
124
129
  end
130
+
131
+ after do
132
+ sorcery_controller_external_property_set(:facebook, :callback_url, 'http://blabla.com')
133
+ end
125
134
  end
126
135
 
127
136
  it "'login_from' logins if user exists" do
@@ -155,7 +164,7 @@ describe SorceryController, active_record: true, type: :controller do
155
164
  expect(flash[:notice]).to eq 'Success!'
156
165
  end
157
166
 
158
- %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0].each do |provider|
167
+ %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0 discord battlenet].each do |provider|
159
168
  describe "with #{provider}" do
160
169
  it 'login_at redirects correctly' do
161
170
  get :"login_at_test_#{provider}"
@@ -216,6 +225,9 @@ describe SorceryController, active_record: true, type: :controller do
216
225
  microsoft
217
226
  instagram
218
227
  auth0
228
+ line
229
+ discord
230
+ battlenet
219
231
  ]
220
232
  )
221
233
 
@@ -257,6 +269,15 @@ describe SorceryController, active_record: true, type: :controller do
257
269
  sorcery_controller_external_property_set(:auth0, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
258
270
  sorcery_controller_external_property_set(:auth0, :callback_url, 'http://blabla.com')
259
271
  sorcery_controller_external_property_set(:auth0, :site, 'https://sorcery-test.auth0.com')
272
+ sorcery_controller_external_property_set(:line, :key, "eYVNBjBDi33aa9GkA3w")
273
+ sorcery_controller_external_property_set(:line, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
274
+ sorcery_controller_external_property_set(:line, :callback_url, "http://blabla.com")
275
+ sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
276
+ sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
277
+ sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
278
+ sorcery_controller_external_property_set(:battlenet, :key, '4c43d4862c774ca5bbde89873bf0d338')
279
+ sorcery_controller_external_property_set(:battlenet, :secret, 'TxY7IwKOykACd8kUxPyVGTqBs44UBDdX')
280
+ sorcery_controller_external_property_set(:battlenet, :callback_url, 'http://blabla.com')
260
281
  end
261
282
 
262
283
  after(:each) do
@@ -279,7 +300,7 @@ describe SorceryController, active_record: true, type: :controller do
279
300
  expect(ActionMailer::Base.deliveries.size).to eq old_size
280
301
  end
281
302
 
282
- %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0].each do |provider|
303
+ %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0 discord battlenet].each do |provider|
283
304
  it "does not send activation email to external users (#{provider})" do
284
305
  old_size = ActionMailer::Base.deliveries.size
285
306
  create_new_external_user provider
@@ -303,7 +324,7 @@ describe SorceryController, active_record: true, type: :controller do
303
324
  sorcery_reload!(%i[activity_logging external])
304
325
  end
305
326
 
306
- %w[facebook github google liveid vk salesforce slack].each do |provider|
327
+ %w[facebook github google liveid vk salesforce slack discord battlenet].each do |provider|
307
328
  context "when #{provider}" do
308
329
  before(:each) do
309
330
  sorcery_controller_property_set(:register_login_time, true)
@@ -342,7 +363,7 @@ describe SorceryController, active_record: true, type: :controller do
342
363
 
343
364
  let(:user) { double('user', id: 42) }
344
365
 
345
- %w[facebook github google liveid vk salesforce slack].each do |provider|
366
+ %w[facebook github google liveid vk salesforce slack discord battlenet].each do |provider|
346
367
  context "when #{provider}" do
347
368
  before(:each) do
348
369
  sorcery_model_property_set(:authentications_class, Authentication)
@@ -423,7 +444,7 @@ describe SorceryController, active_record: true, type: :controller do
423
444
  # response for VK auth
424
445
  'response' => [
425
446
  {
426
- 'uid' => '123',
447
+ 'id' => '123',
427
448
  'first_name' => 'Noam',
428
449
  'last_name' => 'Ben Ari'
429
450
  }
@@ -474,6 +495,9 @@ describe SorceryController, active_record: true, type: :controller do
474
495
  microsoft
475
496
  instagram
476
497
  auth0
498
+ line
499
+ discord
500
+ battlenet
477
501
  ]
478
502
  )
479
503
  sorcery_controller_external_property_set(:facebook, :key, 'eYVNBjBDi33aa9GkA3w')
@@ -513,6 +537,15 @@ describe SorceryController, active_record: true, type: :controller do
513
537
  sorcery_controller_external_property_set(:auth0, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
514
538
  sorcery_controller_external_property_set(:auth0, :callback_url, 'http://blabla.com')
515
539
  sorcery_controller_external_property_set(:auth0, :site, 'https://sorcery-test.auth0.com')
540
+ sorcery_controller_external_property_set(:line, :key, "eYVNBjBDi33aa9GkA3w")
541
+ sorcery_controller_external_property_set(:line, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
542
+ sorcery_controller_external_property_set(:line, :callback_url, "http://blabla.com")
543
+ sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
544
+ sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
545
+ sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
546
+ sorcery_controller_external_property_set(:battlenet, :key, '4c43d4862c774ca5bbde89873bf0d338')
547
+ sorcery_controller_external_property_set(:battlenet, :secret, 'TxY7IwKOykACd8kUxPyVGTqBs44UBDdX')
548
+ sorcery_controller_external_property_set(:battlenet, :callback_url, 'http://blabla.com')
516
549
  end
517
550
 
518
551
  def provider_url(provider)
@@ -527,7 +560,9 @@ describe SorceryController, active_record: true, type: :controller do
527
560
  wechat: "https://open.weixin.qq.com/connect/qrconnect?appid=#{::Sorcery::Controller::Config.wechat.key}&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=snsapi_login&state=#wechat_redirect",
528
561
  microsoft: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#{::Sorcery::Controller::Config.microsoft.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+email+https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state",
529
562
  instagram: "https://api.instagram.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.instagram.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=#{::Sorcery::Controller::Config.instagram.scope}&state",
530
- auth0: "https://sorcery-test.auth0.com/authorize?client_id=#{::Sorcery::Controller::Config.auth0.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+profile+email&state"
563
+ auth0: "https://sorcery-test.auth0.com/authorize?client_id=#{::Sorcery::Controller::Config.auth0.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+profile+email&state",
564
+ discord: "https://discordapp.com/api/oauth2/authorize?client_id=#{::Sorcery::Controller::Config.discord.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=identify&state",
565
+ battlenet: "https://eu.battle.net/oauth/authorize?client_id=#{::Sorcery::Controller::Config.battlenet.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid&state"
531
566
  }[provider]
532
567
  end
533
568
  end
@@ -84,11 +84,17 @@ describe SorceryController, type: :controller do
84
84
  end
85
85
 
86
86
  context 'when callback_url begin with http://' do
87
+ before do
88
+ sorcery_controller_external_property_set(:twitter, :callback_url, '/oauth/twitter/callback')
89
+ end
87
90
  it 'login_at redirects correctly', pending: true do
88
91
  get :login_at_test
89
92
  expect(response).to be_a_redirect
90
93
  expect(response).to redirect_to('http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=')
91
94
  end
95
+ after do
96
+ sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
97
+ end
92
98
  end
93
99
 
94
100
  it 'logins if user exists' do
@@ -6,14 +6,19 @@ describe SorceryController, type: :controller do
6
6
  # ----------------- REMEMBER ME -----------------------
7
7
  context 'with remember me features' do
8
8
  before(:all) do
9
+ if SORCERY_ORM == :active_record
10
+ MigrationHelper.migrate("#{Rails.root}/db/migrate/remember_me")
11
+ User.reset_column_information
12
+ end
13
+
9
14
  sorcery_reload!([:remember_me])
10
15
  end
11
16
 
12
- # TODO: Unused, remove?
13
- # after(:each) do
14
- # session = nil
15
- # cookies = nil
16
- # end
17
+ after(:all) do
18
+ if SORCERY_ORM == :active_record
19
+ MigrationHelper.rollback("#{Rails.root}/db/migrate/remember_me")
20
+ end
21
+ end
17
22
 
18
23
  before(:each) do
19
24
  allow(user).to receive(:remember_me_token)
@@ -32,19 +37,17 @@ describe SorceryController, type: :controller do
32
37
  end
33
38
 
34
39
  it 'clears cookie on forget_me!' do
35
- cookies['remember_me_token'] = { value: 'asd54234dsfsd43534', expires: 3600 }
36
- get :test_logout
40
+ request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
41
+ get :test_logout_with_forget_me
37
42
 
38
- pending 'Test previously broken, functionality might not be working here.'
39
- expect(cookies['remember_me_token']).to be_nil
43
+ expect(response.cookies[:remember_me_token]).to be_nil
40
44
  end
41
45
 
42
46
  it 'clears cookie on force_forget_me!' do
43
- cookies['remember_me_token'] = { value: 'asd54234dsfsd43534', expires: 3600 }
47
+ request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
44
48
  get :test_logout_with_force_forget_me
45
49
 
46
- pending 'Test previously broken, functionality might not be working here.'
47
- expect(cookies['remember_me_token']).to be_nil
50
+ expect(response.cookies[:remember_me_token]).to be_nil
48
51
  end
49
52
 
50
53
  it 'login(email,password,remember_me) logs user in and remembers' do