sorcery 0.14.0 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bfe20ba10b3d52ae3bd1c37f487d5a3e42da98387127033d26978831f523e4a1
-  data.tar.gz: 5a3f0f7279d060ce1515e8635d9f87c5c52a840d6c15916e064171714b1d26a5
+  metadata.gz: 2eacf343e86db96ee2b99e31a647efbdca41cc859dd3aaa5d5300fcf80cb2f6f
+  data.tar.gz: 0ab8e2eb73204b108e52ec39c4622e654cf48fa2ec75159bd5a3686a2855156e
 SHA512:
-  metadata.gz: a1ff57ddfbfebe031dab7bc2d21bab6a045d48cc03f9b5b1cc50786ce6eb541a89e799d8dc6d68cf4b9995aa89409f101166cc8f0c8aa17056daad4af6bba502
-  data.tar.gz: 8d3eae6eb8a66f9e93ae312f4e9300587bdea66e6800b3608bcfe87e5c2f437e2af85ccc865575471f27c011a7ba947f80836f880bf00d21229bbb6ccdc3e42f
+  metadata.gz: f4d4e09af8fd96f8c4a025a50c7d9d539ae584fac256f443a488063a91acffe2e1539a0a89b7aa4323116fdc6b9a6bb4e881072d91113e5f98be697e2296005b
+  data.tar.gz: b61da2da586d75af4f1f4df8046accfc7928428005ba3101e6c59fb30421c27b7e358b8b37f6e702c839a2002987e5b43af8c8de7adfd91e70ee8c749ebabf3d

data/.rubocop.yml

@@ -3,7 +3,7 @@ inherit_from: .rubocop_todo.yml
 AllCops:
   Exclude:
     - 'lib/generators/sorcery/templates/**/*'
-  TargetRubyVersion: 2.2
+  TargetRubyVersion: 2.6
 
 # See: https://github.com/rubocop-hq/rubocop/issues/3344
 Style/DoubleNegation:
@@ -21,7 +21,7 @@ Metrics/BlockLength:
   Exclude:
     - 'lib/**/*'
     - 'spec/**/*'
-Metrics/LineLength:
+Layout/LineLength:
   Exclude:
     - 'lib/**/*'
     - 'spec/**/*'

data/.rubocop_todo.yml

@@ -1,7 +1,145 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2018-11-01 18:13:47 -0700 using RuboCop version 0.59.2.
+# on 2019-12-18 16:18:24 -0800 using RuboCop version 0.78.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Configuration parameters: Include.
+# Include: **/*.gemspec
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'sorcery.gemspec'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowAdjacentOneLineDefs, NumberOfEmptyLines.
+Layout/EmptyLineBetweenDefs:
+  Exclude:
+    - 'lib/sorcery/providers/line.rb'
+
+# Offense count: 83
+# Cop supports --auto-correct.
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/HashAlignment:
+  Enabled: false
+
+# Offense count: 2
+# Configuration parameters: AllowSafeAssignment.
+Lint/AssignmentInCondition:
+  Exclude:
+    - 'spec/rails_app/app/controllers/sorcery_controller.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Lint/NonDeterministicRequireOrder:
+  Exclude:
+    - 'spec/spec_helper.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+Lint/RedundantCopDisableDirective:
+  Exclude:
+    - 'lib/sorcery/controller.rb'
+    - 'lib/sorcery/model.rb'
+    - 'spec/rails_app/config/application.rb'
+    - 'spec/shared_examples/user_shared_examples.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+Lint/SendWithMixinArgument:
+  Exclude:
+    - 'lib/sorcery.rb'
+    - 'lib/sorcery/engine.rb'
+    - 'lib/sorcery/test_helpers/internal/rails.rb'
+
+# Offense count: 4
+# Configuration parameters: AllowComments.
+Lint/SuppressedException:
+  Exclude:
+    - 'lib/sorcery/controller.rb'
+    - 'lib/sorcery/model.rb'
+    - 'spec/rails_app/config/application.rb'
+    - 'spec/shared_examples/user_shared_examples.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'spec/shared_examples/user_shared_examples.rb'
+
+# Offense count: 1
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: annotated, template, unannotated
+Style/FormatStringToken:
+  Exclude:
+    - 'lib/generators/sorcery/install_generator.rb'
+
+# Offense count: 121
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: always, never
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+# Offense count: 3
+# Configuration parameters: MinBodyLength.
+Style/GuardClause:
+  Exclude:
+    - 'lib/sorcery/controller/submodules/brute_force_protection.rb'
+    - 'lib/sorcery/controller/submodules/http_basic_auth.rb'
+    - 'lib/sorcery/controller/submodules/remember_me.rb'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
+# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
+Style/HashSyntax:
+  Exclude:
+    - 'lib/sorcery/adapters/active_record_adapter.rb'
+    - 'lib/sorcery/test_helpers/rails/integration.rb'
+
+# Offense count: 49
+# Cop supports --auto-correct.
+Style/IfUnlessModifier:
+  Enabled: false
+
+# Offense count: 2
+# Cop supports --auto-correct.
+Style/RedundantBegin:
+  Exclude:
+    - 'lib/sorcery/controller.rb'
+    - 'lib/sorcery/model.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
+# AllowedMethods: present?, blank?, presence, try, try!
+Style/SafeNavigation:
+  Exclude:
+    - 'lib/sorcery/controller/config.rb'
+    - 'lib/sorcery/controller/submodules/brute_force_protection.rb'
+    - 'lib/sorcery/controller/submodules/remember_me.rb'
+    - 'lib/sorcery/model.rb'
+
+# Offense count: 7
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
+# SupportedStyles: single_quotes, double_quotes
+Style/StringLiterals:
+  Exclude:
+    - 'spec/controllers/controller_oauth2_spec.rb'
+    - 'spec/sorcery_crypto_providers_spec.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+Style/UnpackFirst:
+  Exclude:
+    - 'lib/sorcery/crypto_providers/aes256.rb'
+    - 'spec/sorcery_crypto_providers_spec.rb'

data/.travis.yml

@@ -1,12 +1,8 @@
 language: ruby
 rvm:
-  - 2.2.9
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
+  - 2.4.9
+  - 2.5.7
+  - 2.6.5
 
 gemfile:
   - Gemfile
-
-before_script:
-  - mysql -e 'create database sorcery_test;'

data/CHANGELOG.md

@@ -1,6 +1,23 @@
 # Changelog
 ## HEAD
 
+## 0.15.0
+
+* Fix brute force vuln due to callbacks no being ran [#235](https://github.com/Sorcery/sorcery/pull/235)
+* Revert on_load change due to breaking existing applications [#234](https://github.com/Sorcery/sorcery/pull/234)
+* Add forget_me! and force_forget_me! test cases [#216](https://github.com/Sorcery/sorcery/pull/216)
+* In `generic_send_email`, check responds_to [#211](https://github.com/Sorcery/sorcery/pull/211)
+* Fix typo [#219](https://github.com/Sorcery/sorcery/pull/219)
+* Fix deprecation warnings in Rails 6 [#209](https://github.com/Sorcery/sorcery/pull/209)
+* Add ruby 2.6.5 to the travis build [#215](https://github.com/Sorcery/sorcery/pull/215)
+* Add discord provider [#185](https://github.com/Sorcery/sorcery/pull/185)
+* Remove MySQL database creation call [#214](https://github.com/Sorcery/sorcery/pull/214)
+* Use id instead of uid for VK provider [#199](https://github.com/Sorcery/sorcery/pull/199)
+* Don't :return_t JSON requests after login [#197](https://github.com/Sorcery/sorcery/pull/197)
+* Fix email scope for LinkedIn Provider [#191](https://github.com/Sorcery/sorcery/pull/191)
+* Ignore cookies when undefined cookies [#187](https://github.com/Sorcery/sorcery/pull/187)
+* Allow for custom providers with multi-word class names. [#190](https://github.com/Sorcery/sorcery/pull/190)
+
 ## 0.14.0
 
 * Update LinkedIn to use OAuth 2 [#189](https://github.com/Sorcery/sorcery/pull/189)

data/lib/generators/sorcery/templates/initializer.rb

@@ -88,11 +88,19 @@ Rails.application.config.sorcery.configure do |config|
   #
   # config.ca_file =
 
+  # Linkedin requires r_emailaddress scope to fetch user's email address.
+  # You can skip including the email field if you use an intermediary signup form. (using build_from method).
+  # The r_emailaddress scope is only necessary if you are using the create_from method directly.
+  #
   # config.linkedin.key = ""
   # config.linkedin.secret = ""
   # config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
-  # config.linkedin.user_info_mapping = {first_name: "firstName", last_name: "lastName"}
-  # config.linkedin.scope = "r_basicprofile"
+  # config.linkedin.user_info_mapping = {
+  #   first_name: 'localizedFirstName',
+  #   last_name:  'localizedLastName',
+  #   email:      'emailAddress'
+  # }
+  # config.linkedin.scope = "r_liteprofile r_emailaddress"
   #
   #
   # For information about XING API:
@@ -215,6 +223,12 @@ Rails.application.config.sorcery.configure do |config|
   # config.line.secret = ""
   # config.line.callback_url = "http://mydomain.com:3000/oauth/callback?provider=line"
 
+  # For infromation about Discord API
+  # https://discordapp.com/developers/docs/topics/oauth2
+  # config.discord.key = "xxxxxx"
+  # config.discord.secret = "xxxxxx"
+  # config.discord.callback_url = "http://localhost:3000/oauth/callback?provider=discord"
+  # config.discord.scope = "email guilds"
   # --- user config ---
   config.user_config do |user|
     # -- core --

data/lib/sorcery/controller.rb

@@ -25,7 +25,10 @@ module Sorcery
       def require_login
         return if logged_in?
 
-        session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr?
+        if Config.save_return_to_url && request.get? && !request.xhr? && !request.format.json?
+          session[:return_to_url] = request.url
+        end
+
         send(Config.not_authenticated_action)
       end
 

data/lib/sorcery/controller/submodules/external.rb

@@ -26,6 +26,7 @@ module Sorcery
           require 'sorcery/providers/instagram'
           require 'sorcery/providers/auth0'
           require 'sorcery/providers/line'
+          require 'sorcery/providers/discord'
 
           Config.module_eval do
             class << self
@@ -38,7 +39,7 @@ module Sorcery
                 providers.each do |name|
                   class_eval <<-RUBY, __FILE__, __LINE__ + 1
                     def self.#{name}
-                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.capitalize).new
+                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.classify).new
                     end
                   RUBY
                 end

data/lib/sorcery/controller/submodules/remember_me.rb

@@ -59,7 +59,7 @@ module Sorcery
           # and logs the user in if found.
           # Runs as a login source. See 'current_user' method for how it is used.
           def login_from_cookie
-            user = cookies.signed[:remember_me_token] && user_class.sorcery_adapter.find_by_remember_me_token(cookies.signed[:remember_me_token])
+            user = cookies.signed[:remember_me_token] && user_class.sorcery_adapter.find_by_remember_me_token(cookies.signed[:remember_me_token]) if defined? cookies
             if user && user.has_remember_me_token?
               set_remember_me_cookie!(user)
               session[:user_id] = user.id.to_s

data/lib/sorcery/engine.rb

@@ -7,12 +7,18 @@ module Sorcery
   class Engine < Rails::Engine
     config.sorcery = ::Sorcery::Controller::Config
 
+    # TODO: Should this include a modified version of the helper methods?
     initializer 'extend Controller with sorcery' do
-      # TODO: Should this include a modified version of the helper methods?
+      # FIXME: on_load is needed to fix Rails 6 deprecations, but it breaks
+      #        applications due to undefined method errors.
+      # ActiveSupport.on_load(:action_controller_api) do
       if defined?(ActionController::API)
         ActionController::API.send(:include, Sorcery::Controller)
       end
 
+      # FIXME: on_load is needed to fix Rails 6 deprecations, but it breaks
+      #        applications due to undefined method errors.
+      # ActiveSupport.on_load(:action_controller_base) do
       if defined?(ActionController::Base)
         ActionController::Base.send(:include, Sorcery::Controller)
         ActionController::Base.helper_method :current_user

data/lib/sorcery/model.rb

@@ -102,10 +102,6 @@ module Sorcery
 
         set_encryption_attributes
 
-        unless user.valid_password?(credentials[1])
-          return authentication_response(user: user, failure: :invalid_password, &block)
-        end
-
         if user.respond_to?(:active_for_authentication?) && !user.active_for_authentication?
           return authentication_response(user: user, failure: :inactive, &block)
         end
@@ -118,6 +114,10 @@ module Sorcery
           end
         end
 
+        unless user.valid_password?(credentials[1])
+          return authentication_response(user: user, failure: :invalid_password, &block)
+        end
+
         authentication_response(user: user, return_value: user, &block)
       end
 
@@ -206,7 +206,7 @@ module Sorcery
       def generic_send_email(method, mailer)
         config = sorcery_config
         mail = config.send(mailer).send(config.send(method), self)
-        return unless defined?(ActionMailer) && config.send(mailer).is_a?(Class) && config.send(mailer) < ActionMailer::Base
+        return unless mail.respond_to?(config.email_delivery_method)
 
         mail.send(config.email_delivery_method)
       end

data/lib/sorcery/providers/discord.rb

@@ -0,0 +1,52 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with discordapp.com
+
+    class Discord < Base
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :scope, :token_url, :user_info_path
+
+      def initialize
+        super
+
+        @scope          = 'identify'
+        @site           = 'https://discordapp.com/'
+        @auth_path      = '/api/oauth2/authorize'
+        @token_url      = '/api/oauth2/token'
+        @user_info_path = '/api/users/@me'
+        @state          = SecureRandom.hex(16)
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+        body = JSON.parse(response.body)
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = body
+          h[:uid] = body['id']
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+        get_access_token(
+          args,
+          token_url: token_url,
+          client_id: @key,
+          client_secret: @secret,
+          grant_type: 'authorization_code',
+          token_method: :post
+        )
+      end
+    end
+  end
+end

data/lib/sorcery/providers/linkedin.rb

@@ -9,25 +9,26 @@ module Sorcery
     class Linkedin < Base
       include Protocols::Oauth2
 
-      attr_accessor :auth_url, :scope, :token_url, :user_info_url
+      attr_accessor :auth_url, :scope, :token_url, :user_info_url, :email_info_url
 
       def initialize
         super
 
-        @site          = 'https://api.linkedin.com'
-        @auth_url      = '/oauth/v2/authorization'
-        @token_url     = '/oauth/v2/accessToken'
-        @user_info_url = 'https://api.linkedin.com/v2/me'
-        @scope         = 'r_liteprofile'
-        @state         = SecureRandom.hex(16)
+        @site           = 'https://api.linkedin.com'
+        @auth_url       = '/oauth/v2/authorization'
+        @token_url      = '/oauth/v2/accessToken'
+        @user_info_url  = 'https://api.linkedin.com/v2/me'
+        @email_info_url = 'https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))'
+        @scope          = 'r_liteprofile r_emailaddress'
+        @state          = SecureRandom.hex(16)
       end
 
       def get_user_hash(access_token)
-        response = access_token.get(user_info_url)
+        user_info = get_user_info(access_token)
 
         auth_hash(access_token).tap do |h|
-          h[:user_info] = JSON.parse(response.body)
-          h[:uid] = h[:user_info]['id']
+          h[:user_info] = user_info
+          h[:uid]       = h[:user_info]['id']
         end
       end
 
@@ -45,6 +46,30 @@ module Sorcery
 
         get_access_token(args, token_url: token_url, token_method: :post)
       end
+
+      def get_user_info(access_token)
+        response  = access_token.get(user_info_url)
+        user_info = JSON.parse(response.body)
+
+        if email_in_scope?
+          email = fetch_email(access_token)
+
+          return user_info.merge(email)
+        end
+
+        user_info
+      end
+
+      def email_in_scope?
+        scope.include?('r_emailaddress')
+      end
+
+      def fetch_email(access_token)
+        email_response = access_token.get(email_info_url)
+        email_info     = JSON.parse(email_response.body)['elements'].first
+
+        email_info['handle~']
+      end
     end
   end
 end

data/lib/sorcery/providers/vk.rb

@@ -37,7 +37,7 @@ module Sorcery
           user_hash[:user_info] = user_hash[:user_info]['response'][0]
           user_hash[:user_info]['full_name'] = [user_hash[:user_info]['first_name'], user_hash[:user_info]['last_name']].join(' ')
 
-          user_hash[:uid] = user_hash[:user_info]['uid']
+          user_hash[:uid] = user_hash[:user_info]['id']
           user_hash[:user_info]['email'] = access_token.params['email']
         end
         user_hash

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = '0.14.0'.freeze
+  VERSION = '0.15.0'.freeze
 end

data/sorcery.gemspec

@@ -19,20 +19,20 @@ Gem::Specification.new do |s|
   ]
 
   # TODO: Cleanup formatting.
-  # rubocop:disable Metrics/LineLength
+  # rubocop:disable Layout/LineLength
   s.description = 'Provides common authentication needs such as signing in/out, activating by email and resetting password.'
   s.summary = 'Magical authentication for Rails applications'
   s.homepage = 'https://github.com/Sorcery/sorcery'
   s.post_install_message = "As of version 1.0 oauth/oauth2 won't be automatically bundled so you may need to add those dependencies to your Gemfile.\n"
   s.post_install_message += 'You may need oauth2 if you use external providers such as any of these: https://github.com/Sorcery/sorcery/tree/master/lib/sorcery/providers'
-  # rubocop:enable Metrics/LineLength
+  # rubocop:enable Layout/LineLength
 
   s.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   s.require_paths = ['lib']
 
   s.licenses = ['MIT']
 
-  s.required_ruby_version = '>= 2.2.9'
+  s.required_ruby_version = '>= 2.4.9'
 
   s.add_dependency 'bcrypt', '~> 3.1'
   s.add_dependency 'oauth', '~> 0.4', '>= 0.4.4'

data/spec/controllers/controller_oauth2_spec.rb

@@ -155,7 +155,7 @@ describe SorceryController, active_record: true, type: :controller do
       expect(flash[:notice]).to eq 'Success!'
     end
 
-    %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0].each do |provider|
+    %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0 discord].each do |provider|
       describe "with #{provider}" do
         it 'login_at redirects correctly' do
           get :"login_at_test_#{provider}"
@@ -217,6 +217,7 @@ describe SorceryController, active_record: true, type: :controller do
           instagram
           auth0
           line
+          discord
         ]
       )
 
@@ -261,6 +262,9 @@ describe SorceryController, active_record: true, type: :controller do
       sorcery_controller_external_property_set(:line, :key, "eYVNBjBDi33aa9GkA3w")
       sorcery_controller_external_property_set(:line, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
       sorcery_controller_external_property_set(:line, :callback_url, "http://blabla.com")
+      sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
+      sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
+      sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
     end
 
     after(:each) do
@@ -283,7 +287,7 @@ describe SorceryController, active_record: true, type: :controller do
       expect(ActionMailer::Base.deliveries.size).to eq old_size
     end
 
-    %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0].each do |provider|
+    %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0 discord].each do |provider|
       it "does not send activation email to external users (#{provider})" do
         old_size = ActionMailer::Base.deliveries.size
         create_new_external_user provider
@@ -307,7 +311,7 @@ describe SorceryController, active_record: true, type: :controller do
       sorcery_reload!(%i[activity_logging external])
     end
 
-    %w[facebook github google liveid vk salesforce slack].each do |provider|
+    %w[facebook github google liveid vk salesforce slack discord].each do |provider|
       context "when #{provider}" do
         before(:each) do
           sorcery_controller_property_set(:register_login_time, true)
@@ -346,7 +350,7 @@ describe SorceryController, active_record: true, type: :controller do
 
     let(:user) { double('user', id: 42) }
 
-    %w[facebook github google liveid vk salesforce slack].each do |provider|
+    %w[facebook github google liveid vk salesforce slack discord].each do |provider|
       context "when #{provider}" do
         before(:each) do
           sorcery_model_property_set(:authentications_class, Authentication)
@@ -427,7 +431,7 @@ describe SorceryController, active_record: true, type: :controller do
         # response for VK auth
         'response' => [
           {
-            'uid' => '123',
+            'id' => '123',
             'first_name' => 'Noam',
             'last_name' => 'Ben Ari'
           }
@@ -479,6 +483,7 @@ describe SorceryController, active_record: true, type: :controller do
         instagram
         auth0
         line
+        discord
       ]
     )
     sorcery_controller_external_property_set(:facebook, :key, 'eYVNBjBDi33aa9GkA3w')
@@ -521,6 +526,9 @@ describe SorceryController, active_record: true, type: :controller do
     sorcery_controller_external_property_set(:line, :key, "eYVNBjBDi33aa9GkA3w")
     sorcery_controller_external_property_set(:line, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
     sorcery_controller_external_property_set(:line, :callback_url, "http://blabla.com")
+    sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
+    sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
+    sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
   end
 
   def provider_url(provider)
@@ -535,7 +543,8 @@ describe SorceryController, active_record: true, type: :controller do
       wechat: "https://open.weixin.qq.com/connect/qrconnect?appid=#{::Sorcery::Controller::Config.wechat.key}&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=snsapi_login&state=#wechat_redirect",
       microsoft: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#{::Sorcery::Controller::Config.microsoft.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+email+https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state",
       instagram: "https://api.instagram.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.instagram.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=#{::Sorcery::Controller::Config.instagram.scope}&state",
-      auth0: "https://sorcery-test.auth0.com/authorize?client_id=#{::Sorcery::Controller::Config.auth0.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+profile+email&state"
+      auth0: "https://sorcery-test.auth0.com/authorize?client_id=#{::Sorcery::Controller::Config.auth0.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+profile+email&state",
+      discord: "https://discordapp.com/api/oauth2/authorize?client_id=#{::Sorcery::Controller::Config.discord.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=identify&state"
     }[provider]
   end
 end

data/spec/controllers/controller_remember_me_spec.rb

@@ -6,14 +6,19 @@ describe SorceryController, type: :controller do
   # ----------------- REMEMBER ME -----------------------
   context 'with remember me features' do
     before(:all) do
+      if SORCERY_ORM == :active_record
+        MigrationHelper.migrate("#{Rails.root}/db/migrate/remember_me")
+        User.reset_column_information
+      end
+
       sorcery_reload!([:remember_me])
     end
 
-    # TODO: Unused, remove?
-    # after(:each) do
-    #   session = nil
-    #   cookies = nil
-    # end
+    after(:all) do
+      if SORCERY_ORM == :active_record
+        MigrationHelper.rollback("#{Rails.root}/db/migrate/remember_me")
+      end
+    end
 
     before(:each) do
       allow(user).to receive(:remember_me_token)
@@ -32,19 +37,17 @@ describe SorceryController, type: :controller do
     end
 
     it 'clears cookie on forget_me!' do
-      cookies['remember_me_token'] = { value: 'asd54234dsfsd43534', expires: 3600 }
-      get :test_logout
+      request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
+      get :test_logout_with_forget_me
 
-      pending 'Test previously broken, functionality might not be working here.'
-      expect(cookies['remember_me_token']).to be_nil
+      expect(response.cookies[:remember_me_token]).to be_nil
     end
 
     it 'clears cookie on force_forget_me!' do
-      cookies['remember_me_token'] = { value: 'asd54234dsfsd43534', expires: 3600 }
+      request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
       get :test_logout_with_force_forget_me
 
-      pending 'Test previously broken, functionality might not be working here.'
-      expect(cookies['remember_me_token']).to be_nil
+      expect(response.cookies[:remember_me_token]).to be_nil
     end
 
     it 'login(email,password,remember_me) logs user in and remembers' do

data/spec/controllers/controller_spec.rb

@@ -150,6 +150,16 @@ describe SorceryController, type: :controller do
       end
     end
 
+    it 'require_login before_action does not save the url for JSON requests' do
+      get :some_action, format: :json
+      expect(session[:return_to_url]).to be_nil
+    end
+
+    it 'require_login before_action does not save the url for XHR requests' do
+      get :some_action, xhr: true
+      expect(session[:return_to_url]).to be_nil
+    end
+
     it 'on successful login the user is redirected to the url he originally wanted' do
       session[:return_to_url] = 'http://test.host/some_action'
       post :test_return_to, params: { email: 'bla@bla.com', password: 'secret' }
@@ -161,7 +171,7 @@ describe SorceryController, type: :controller do
     # --- auto_login(user) ---
     specify { should respond_to(:auto_login) }
 
-    it 'auto_login(user) los in a user instance' do
+    it 'auto_login(user) logs in a user instance' do
       session[:user_id] = nil
       subject.auto_login(user)
 

data/spec/providers/example_provider_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'sorcery/providers/base'
+
+describe Sorcery::Providers::ExampleProvider do
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:example_provider])
+  end
+
+  context 'fetching a multi-word custom provider' do
+    it 'returns the provider' do
+      expect(Sorcery::Controller::Config.example_provider).to be_a(Sorcery::Providers::ExampleProvider)
+    end
+  end
+end

data/spec/providers/example_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'sorcery/providers/base'
+
+describe Sorcery::Providers::Example do
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:example])
+  end
+
+  context 'fetching a single-word custom provider' do
+    it 'returns the provider' do
+      expect(Sorcery::Controller::Config.example).to be_a(Sorcery::Providers::Example)
+    end
+  end
+end

data/spec/rails_app/app/assets/config/manifest.js

@@ -0,0 +1 @@
+{}

data/spec/rails_app/app/controllers/sorcery_controller.rb

@@ -6,6 +6,7 @@ class SorceryController < ActionController::Base
   before_action :require_login_from_http_basic, only: [:test_http_basic_auth]
   before_action :require_login, only: %i[
     test_logout
+    test_logout_with_forget_me
     test_logout_with_force_forget_me
     test_should_be_logged_in
     some_action
@@ -50,6 +51,13 @@ class SorceryController < ActionController::Base
     head :ok
   end
 
+  def test_logout_with_forget_me
+    remember_me!
+    forget_me!
+    logout
+    head :ok
+  end
+
   def test_logout_with_force_forget_me
     remember_me!
     force_forget_me!
@@ -158,6 +166,10 @@ class SorceryController < ActionController::Base
     login_at(:auth0)
   end
 
+  def login_at_test_discord
+    login_at(:discord)
+  end
+
   def test_login_from_twitter
     if (@user = login_from(:twitter))
       redirect_to 'bla', notice: 'Success!'
@@ -280,6 +292,14 @@ class SorceryController < ActionController::Base
     end
   end
 
+  def test_login_from_discord
+    if (@user = login_from(:discord))
+      redirect_to 'bla', notice: 'Success!'
+    else
+      redirect_to 'blu', alert: 'Failed!'
+    end
+  end
+
   def test_return_to_with_external_twitter
     if (@user = login_from(:twitter))
       redirect_back_or_to 'bla', notice: 'Success!'
@@ -402,6 +422,14 @@ class SorceryController < ActionController::Base
     end
   end
 
+  def test_return_to_with_external_discord
+    if (@user = login_from(:discord))
+      redirect_back_or_to 'bla', notice: 'Success!'
+    else
+      redirect_to 'blu', alert: 'Failed!'
+    end
+  end
+
   def test_create_from_provider
     provider = params[:provider]
     login_from(provider)

data/spec/rails_app/config/routes.rb

@@ -11,6 +11,7 @@ AppRoot::Application.routes.draw do
     get :test_login_from_cookie
     get :test_login_from
     get :test_logout_with_remember
+    get :test_logout_with_forget_me
     get :test_logout_with_force_forget_me
     get :test_invalidate_active_session
     get :test_should_be_logged_in
@@ -33,6 +34,7 @@ AppRoot::Application.routes.draw do
     get :test_login_from_instagram
     get :test_login_from_auth0
     get :test_login_from_line
+    get :test_login_from_discord
     get :login_at_test
     get :login_at_test_twitter
     get :login_at_test_facebook
@@ -49,6 +51,7 @@ AppRoot::Application.routes.draw do
     get :login_at_test_instagram
     get :login_at_test_auth0
     get :login_at_test_line
+    get :login_at_test_discord
     get :test_return_to_with_external
     get :test_return_to_with_external_twitter
     get :test_return_to_with_external_facebook
@@ -65,6 +68,7 @@ AppRoot::Application.routes.draw do
     get :test_return_to_with_external_instagram
     get :test_return_to_with_external_auth0
     get :test_return_to_with_external_line
+    get :test_return_to_with_external_discord
     get :test_http_basic_auth
     get :some_action_making_a_non_persisted_change_to_the_user
     post :test_login_with_remember

data/spec/support/providers/example.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'sorcery/providers/base'
+
+module Sorcery
+  module Providers
+    class Example < Base
+      include Protocols::Oauth2
+    end
+  end
+end

data/spec/support/providers/example_provider.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'sorcery/providers/base'
+
+module Sorcery
+  module Providers
+    class ExampleProvider < Base
+      include Protocols::Oauth2
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sorcery
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.15.0
 platform: ruby
 authors:
 - Noam Ben Ari
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-23 00:00:00.000000000 Z
+date: 2020-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -52,22 +52,22 @@ dependencies:
   name: oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.8.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.8.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -254,6 +254,7 @@ files:
 - lib/sorcery/protocols/oauth2.rb
 - lib/sorcery/providers/auth0.rb
 - lib/sorcery/providers/base.rb
+- lib/sorcery/providers/discord.rb
 - lib/sorcery/providers/facebook.rb
 - lib/sorcery/providers/github.rb
 - lib/sorcery/providers/google.rb
@@ -295,10 +296,13 @@ files:
 - spec/controllers/controller_session_timeout_spec.rb
 - spec/controllers/controller_spec.rb
 - spec/orm/active_record.rb
+- spec/providers/example_provider_spec.rb
+- spec/providers/example_spec.rb
 - spec/providers/vk_spec.rb
 - spec/rails_app/app/active_record/authentication.rb
 - spec/rails_app/app/active_record/user.rb
 - spec/rails_app/app/active_record/user_provider.rb
+- spec/rails_app/app/assets/config/manifest.js
 - spec/rails_app/app/controllers/sorcery_controller.rb
 - spec/rails_app/app/helpers/application_helper.rb
 - spec/rails_app/app/mailers/sorcery_mailer.rb
@@ -352,6 +356,8 @@ files:
 - spec/spec.opts
 - spec/spec_helper.rb
 - spec/support/migration_helper.rb
+- spec/support/providers/example.rb
+- spec/support/providers/example_provider.rb
 homepage: https://github.com/Sorcery/sorcery
 licenses:
 - MIT
@@ -366,15 +372,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.9
+      version: 2.4.9
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Magical authentication for Rails applications