sorcery 0.15.0 → 0.16.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2eacf343e86db96ee2b99e31a647efbdca41cc859dd3aaa5d5300fcf80cb2f6f
-  data.tar.gz: 0ab8e2eb73204b108e52ec39c4622e654cf48fa2ec75159bd5a3686a2855156e
+  metadata.gz: 0f0614713fb5b564c7273b8f08b71547414613303b574156932f415dee83286e
+  data.tar.gz: aa2b3081950f5c5f4615dbb21f535fa90ade9a600b29a9d41e3449bdd8551c58
 SHA512:
-  metadata.gz: f4d4e09af8fd96f8c4a025a50c7d9d539ae584fac256f443a488063a91acffe2e1539a0a89b7aa4323116fdc6b9a6bb4e881072d91113e5f98be697e2296005b
-  data.tar.gz: b61da2da586d75af4f1f4df8046accfc7928428005ba3101e6c59fb30421c27b7e358b8b37f6e702c839a2002987e5b43af8c8de7adfd91e70ee8c749ebabf3d
+  metadata.gz: 781c5dd4d01ab49353464f4e8eb1f1990351f75e1acf307ef9fb83892e4304fd5a5876afa4b8091e4f4edad6661e1f6a4b6b226eb8cb1b290d0712e30826414b
+  data.tar.gz: 347e36c6b09f16eaa1028e8ae02eca140763d07c9981a74b867997994e32a968dcde6016b4b8aab61738ee5eaf463989775ae1c1d257bc561e20ec30ac7e4068

data/.github/FUNDING.yml

@@ -0,0 +1 @@
+github: athix

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,5 @@
+Please ensure your pull request includes the following:
+
+- [ ] Description of changes
+- [ ] Update to CHANGELOG.md with short description and link to pull request
+- [ ] Changes have related RSpec tests that ensure functionality does not break

data/.github/workflows/ruby.yml

@@ -0,0 +1,49 @@
+name: Test Suite
+
+# Run against all commits and pull requests.
+on: [ push, pull_request ]
+
+jobs:
+  test_matrix:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 2.4
+          - 2.5
+          - 2.6
+          - 2.7
+          - 3.0
+
+        rails:
+          - '52'
+          - '60'
+
+        exclude:
+          - ruby: 2.4
+            rails: '60'
+          - ruby: 3.0
+            rails: '52'
+
+    env:
+      BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rake spec
+
+  finish:
+    runs-on: ubuntu-latest
+    needs: [ test_matrix ]
+    steps:
+      - name: Wait for status checks
+        run: echo "All Green!"

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2019-12-18 16:18:24 -0800 using RuboCop version 0.78.0.
+# on 2021-04-04 05:00:11 UTC using RuboCop version 0.88.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -13,12 +13,12 @@ Gemspec/RequiredRubyVersion:
   Exclude:
     - 'sorcery.gemspec'
 
-# Offense count: 1
+# Offense count: 2
 # Cop supports --auto-correct.
-# Configuration parameters: AllowAdjacentOneLineDefs, NumberOfEmptyLines.
-Layout/EmptyLineBetweenDefs:
-  Exclude:
-    - 'lib/sorcery/providers/line.rb'
+# Configuration parameters: IndentationWidth.
+# SupportedStyles: special_inside_parentheses, consistent, align_braces
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
 
 # Offense count: 83
 # Cop supports --auto-correct.
@@ -29,6 +29,13 @@ Layout/EmptyLineBetweenDefs:
 Layout/HashAlignment:
   Enabled: false
 
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: AllowInHeredoc.
+Layout/TrailingWhitespace:
+  Exclude:
+    - 'lib/sorcery/controller/submodules/external.rb'
+
 # Offense count: 2
 # Configuration parameters: AllowSafeAssignment.
 Lint/AssignmentInCondition:
@@ -58,15 +65,6 @@ Lint/SendWithMixinArgument:
     - 'lib/sorcery/engine.rb'
     - 'lib/sorcery/test_helpers/internal/rails.rb'
 
-# Offense count: 4
-# Configuration parameters: AllowComments.
-Lint/SuppressedException:
-  Exclude:
-    - 'lib/sorcery/controller.rb'
-    - 'lib/sorcery/model.rb'
-    - 'spec/rails_app/config/application.rb'
-    - 'spec/shared_examples/user_shared_examples.rb'
-
 # Offense count: 2
 # Cop supports --auto-correct.
 # Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
@@ -74,6 +72,20 @@ Lint/UnusedBlockArgument:
   Exclude:
     - 'spec/shared_examples/user_shared_examples.rb'
 
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
+# SupportedStyles: assign_to_condition, assign_inside_condition
+Style/ConditionalAssignment:
+  Exclude:
+    - 'lib/sorcery/adapters/active_record_adapter.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/ExpandPathArguments:
+  Exclude:
+    - 'spec/rails_app/config.ru'
+
 # Offense count: 1
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: annotated, template, unannotated
@@ -81,21 +93,13 @@ Style/FormatStringToken:
   Exclude:
     - 'lib/generators/sorcery/install_generator.rb'
 
-# Offense count: 121
+# Offense count: 125
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
-# SupportedStyles: always, never
+# SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
   Enabled: false
 
-# Offense count: 3
-# Configuration parameters: MinBodyLength.
-Style/GuardClause:
-  Exclude:
-    - 'lib/sorcery/controller/submodules/brute_force_protection.rb'
-    - 'lib/sorcery/controller/submodules/http_basic_auth.rb'
-    - 'lib/sorcery/controller/submodules/remember_me.rb'
-
 # Offense count: 3
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
@@ -105,11 +109,17 @@ Style/HashSyntax:
     - 'lib/sorcery/adapters/active_record_adapter.rb'
     - 'lib/sorcery/test_helpers/rails/integration.rb'
 
-# Offense count: 49
+# Offense count: 34
 # Cop supports --auto-correct.
 Style/IfUnlessModifier:
   Enabled: false
 
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/MultilineIfModifier:
+  Exclude:
+    - 'lib/sorcery/providers/line.rb'
+
 # Offense count: 2
 # Cop supports --auto-correct.
 Style/RedundantBegin:
@@ -137,6 +147,14 @@ Style/StringLiterals:
     - 'spec/controllers/controller_oauth2_spec.rb'
     - 'spec/sorcery_crypto_providers_spec.rb'
 
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, MinSize.
+# SupportedStyles: percent, brackets
+Style/SymbolArray:
+  Exclude:
+    - 'Rakefile'
+
 # Offense count: 2
 # Cop supports --auto-correct.
 Style/UnpackFirst:

data/CHANGELOG.md

@@ -1,6 +1,25 @@
 # Changelog
 ## HEAD
 
+## 0.16.1
+
+* Fix default table name being incorrect in migration generator [#274](https://github.com/Sorcery/sorcery/pull/274)
+* Update `oauth` dependency per CVE-2016-11086
+
+## 0.16.0
+
+* Add BattleNet Provider [#260](https://github.com/Sorcery/sorcery/pull/260)
+* Fix failing isolated tests [#249](https://github.com/Sorcery/sorcery/pull/249)
+* Support LINE login v2.1 [#251](https://github.com/Sorcery/sorcery/pull/251)
+* Update generators to better support namespaces [#237](https://github.com/Sorcery/sorcery/pull/237)
+* Add support for Rails 6 [#238](https://github.com/Sorcery/sorcery/pull/238)
+* Fix ruby 2.7 deprecation warnings [#241](https://github.com/Sorcery/sorcery/pull/241)
+* Use set to ensure unique arrays [#233](https://github.com/Sorcery/sorcery/pull/233)
+
+## 0.15.1
+
+* Update `oauth` dependency per CVE-2016-11086
+
 ## 0.15.0
 
 * Fix brute force vuln due to callbacks no being ran [#235](https://github.com/Sorcery/sorcery/pull/235)

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,14 @@
+# The Sorcery Community Code of Conduct
+
+This document provides a few simple community guidelines for a safe, respectful,
+productive, and collaborative place for any person who is willing to contribute
+to the Sorcery community. It applies to all "collaborative spaces", which are
+defined as community communications channels (such as mailing lists, submitted
+patches, commit comments, etc.).
+
+* Participants will be tolerant of opposing views.
+* Participants must ensure that their language and actions are free of personal
+  attacks and disparaging personal remarks.
+* When interpreting the words and actions of others, participants should always
+  assume good intentions.
+* Behaviour which can be reasonably considered harassment will not be tolerated.

data/Gemfile

@@ -1,8 +1,8 @@
 source 'https://rubygems.org'
 
 gem 'pry'
-gem 'rails', '~> 5.2.0'
+gem 'rails'
 gem 'rails-controller-testing'
-gem 'sqlite3', '~> 1.3.6'
+gem 'sqlite3'
 
 gemspec

data/README.md

@@ -4,7 +4,6 @@
 [![Gem Downloads](https://img.shields.io/gem/dt/sorcery.svg)](https://rubygems.org/gems/sorcery)
 [![Build Status](https://travis-ci.org/Sorcery/sorcery.svg?branch=master)](https://travis-ci.org/Sorcery/sorcery)
 [![Code Climate](https://codeclimate.com/github/Sorcery/sorcery.svg)](https://codeclimate.com/github/Sorcery/sorcery)
-[![Inline docs](http://inch-ci.org/github/Sorcery/sorcery.svg?branch=master)](http://inch-ci.org/github/Sorcery/sorcery)
 [![Join the chat at https://gitter.im/Sorcery/sorcery](https://badges.gitter.im/join_chat.svg)](https://gitter.im/Sorcery/sorcery?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
 Magical Authentication for Rails. Supports ActiveRecord, DataMapper, Mongoid and MongoMapper.
@@ -238,14 +237,14 @@ Feel free to ask questions using these contact details:
 
 **Current Maintainers:**
 
-- Chase Gilliam ([@Ch4s3](https://github.com/Ch4s3)) | [Email](mailto:chase.gilliam@gmail.com)
-- Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:jbuker@aeonsplice.com)
+- Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
 
 **Past Maintainers:**
 
 - Noam Ben-Ari ([@NoamB](https://github.com/NoamB)) | [Email](mailto:nbenari@gmail.com) | [Twitter](https://twitter.com/nbenari)
 - Kir Shatrov ([@kirs](https://github.com/kirs)) | [Email](mailto:shatrov@me.com) | [Twitter](https://twitter.com/Kiiiir)
 - Grzegorz Witek ([@arnvald](https://github.com/arnvald)) | [Email](mailto:arnvald.to@gmail.com) | [Twitter](https://twitter.com/arnvald)
+- Chase Gilliam ([@Ch4s3](https://github.com/Ch4s3)) | [Email](mailto:chase.gilliam@gmail.com)
 
 ## License
 

data/Rakefile

@@ -1,6 +1,8 @@
 require 'bundler/gem_tasks'
 
 require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
 RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new
 
-task default: :spec
+task default: [:rubocop, :spec]

data/SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| ~> 0.16.0 | :white_check_mark: |
+| ~> 0.15.0 | :white_check_mark: |
+| < 0.15.0  | :x:                |
+
+## Reporting a Vulnerability
+
+Email the current maintainer(s) with a description of the vulnerability. You
+should expect a response within 48 hours. If the vulnerability is accepted, a
+Github advisory will be created and eventually released with a CVE corresponding
+to the issue found.
+
+A list of the current maintainers can be found on the README under the contact
+section. See: [README.md](https://github.com/Sorcery/sorcery#contact)

data/gemfiles/rails_52.gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gem 'rails', '~> 5.2.0'
+gem 'rails-controller-testing'
+gem 'sqlite3', '~> 1.3.6'
+
+gemspec path: '..'

data/gemfiles/rails_60.gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gem 'rails', '~> 6.0.0'
+gem 'rails-controller-testing'
+gem 'sqlite3', '~> 1.4'
+
+gemspec path: '..'

data/lib/generators/sorcery/helpers.rb

@@ -12,6 +12,10 @@ module Sorcery
         options[:model] ? options[:model].classify : 'User'
       end
 
+      def tableized_model_class
+        options[:model] ? options[:model].gsub(/::/, '').tableize : 'users'
+      end
+
       def model_path
         @model_path ||= File.join('app', 'models', "#{file_path}.rb")
       end

data/lib/generators/sorcery/templates/initializer.rb

@@ -222,13 +222,25 @@ Rails.application.config.sorcery.configure do |config|
   # config.line.key = ""
   # config.line.secret = ""
   # config.line.callback_url = "http://mydomain.com:3000/oauth/callback?provider=line"
+  # config.line.scope = "profile"
+  # config.line.bot_prompt = "normal"
+  # config.line.user_info_mapping = {name: 'displayName'}
 
-  # For infromation about Discord API
+  
+  # For information about Discord API
   # https://discordapp.com/developers/docs/topics/oauth2
   # config.discord.key = "xxxxxx"
   # config.discord.secret = "xxxxxx"
   # config.discord.callback_url = "http://localhost:3000/oauth/callback?provider=discord"
   # config.discord.scope = "email guilds"
+
+  # For information about Battlenet API
+  # https://develop.battle.net/documentation/guides/using-oauth
+  # config.battlenet.site = "https://eu.battle.net/" #See Website for other Regional Domains
+  # config.battlenet.key = "xxxxxx"
+  # config.battlenet.secret = "xxxxxx"
+  # config.battlenet.callback_url = "http://localhost:3000/oauth/callback?provider=battlenet"
+  # config.battlenet.scope = "openid"
   # --- user config ---
   config.user_config do |user|
     # -- core --

data/lib/generators/sorcery/templates/migration/activity_logging.rb

@@ -1,10 +1,10 @@
 class SorceryActivityLogging < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :last_login_at,     :datetime, default: nil
-    add_column :<%= model_class_name.tableize %>, :last_logout_at,    :datetime, default: nil
-    add_column :<%= model_class_name.tableize %>, :last_activity_at,  :datetime, default: nil
-    add_column :<%= model_class_name.tableize %>, :last_login_from_ip_address, :string, default: nil
+    add_column :<%= tableized_model_class %>, :last_login_at,     :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :last_logout_at,    :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :last_activity_at,  :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :last_login_from_ip_address, :string, default: nil
 
-    add_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
+    add_index :<%= tableized_model_class %>, [:last_logout_at, :last_activity_at]
   end
 end

data/lib/generators/sorcery/templates/migration/brute_force_protection.rb

@@ -1,9 +1,9 @@
 class SorceryBruteForceProtection < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, default: 0
-    add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, default: nil
-    add_column :<%= model_class_name.tableize %>, :unlock_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :failed_logins_count, :integer, default: 0
+    add_column :<%= tableized_model_class %>, :lock_expires_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :unlock_token, :string, default: nil
 
-    add_index :<%= model_class_name.tableize %>, :unlock_token
+    add_index :<%= tableized_model_class %>, :unlock_token
   end
 end

data/lib/generators/sorcery/templates/migration/core.rb

@@ -1,6 +1,6 @@
 class SorceryCore < <%= migration_class_name %>
   def change
-    create_table :<%= model_class_name.tableize %> do |t|
+    create_table :<%= tableized_model_class %> do |t|
       t.string :email,            null: false
       t.string :crypted_password
       t.string :salt
@@ -8,6 +8,6 @@ class SorceryCore < <%= migration_class_name %>
       t.timestamps                null: false
     end
 
-    add_index :<%= model_class_name.tableize %>, :email, unique: true
+    add_index :<%= tableized_model_class %>, :email, unique: true
   end
 end

data/lib/generators/sorcery/templates/migration/external.rb

@@ -1,7 +1,7 @@
 class SorceryExternal < <%= migration_class_name %>
   def change
     create_table :authentications do |t|
-      t.integer :<%= model_class_name.tableize.singularize %>_id, null: false
+      t.integer :<%= tableized_model_class.singularize %>_id, null: false
       t.string :provider, :uid, null: false
 
       t.timestamps              null: false

data/lib/generators/sorcery/templates/migration/magic_login.rb

@@ -1,9 +1,9 @@
 class SorceryMagicLogin < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :magic_login_token, :string, default: nil
-    add_column :<%= model_class_name.tableize %>, :magic_login_token_expires_at, :datetime, default: nil
-    add_column :<%= model_class_name.tableize %>, :magic_login_email_sent_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :magic_login_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :magic_login_token_expires_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :magic_login_email_sent_at, :datetime, default: nil
 
-    add_index :<%= model_class_name.tableize %>, :magic_login_token
+    add_index :<%= tableized_model_class %>, :magic_login_token
   end
 end

data/lib/generators/sorcery/templates/migration/remember_me.rb

@@ -1,8 +1,8 @@
 class SorceryRememberMe < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :remember_me_token, :string, default: nil
-    add_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :remember_me_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :remember_me_token_expires_at, :datetime, default: nil
 
-    add_index :<%= model_class_name.tableize %>, :remember_me_token
+    add_index :<%= tableized_model_class %>, :remember_me_token
   end
 end

data/lib/generators/sorcery/templates/migration/reset_password.rb

@@ -1,10 +1,10 @@
 class SorceryResetPassword < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :reset_password_token, :string, default: nil
-    add_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at, :datetime, default: nil
-    add_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at, :datetime, default: nil
-    add_column :<%= model_class_name.tableize %>, :access_count_to_reset_password_page, :integer, default: 0
+    add_column :<%= tableized_model_class %>, :reset_password_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :reset_password_token_expires_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :reset_password_email_sent_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :access_count_to_reset_password_page, :integer, default: 0
 
-    add_index :<%= model_class_name.tableize %>, :reset_password_token
+    add_index :<%= tableized_model_class %>, :reset_password_token
   end
 end

data/lib/generators/sorcery/templates/migration/user_activation.rb

@@ -1,9 +1,9 @@
 class SorceryUserActivation < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :activation_state, :string, default: nil
-    add_column :<%= model_class_name.tableize %>, :activation_token, :string, default: nil
-    add_column :<%= model_class_name.tableize %>, :activation_token_expires_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :activation_state, :string, default: nil
+    add_column :<%= tableized_model_class %>, :activation_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :activation_token_expires_at, :datetime, default: nil
 
-    add_index :<%= model_class_name.tableize %>, :activation_token
+    add_index :<%= tableized_model_class %>, :activation_token
   end
 end

data/lib/sorcery/adapters/active_record_adapter.rb

@@ -12,7 +12,7 @@ module Sorcery
 
       def save(options = {})
         mthd = options.delete(:raise_on_failure) ? :save! : :save
-        @model.send(mthd, options)
+        @model.send(mthd, **options)
       end
 
       def increment(field)
@@ -35,7 +35,7 @@ module Sorcery
         end
 
         def define_callback(time, event, method_name, options = {})
-          @klass.send "#{time}_#{event}", method_name, options.slice(:if, :on)
+          @klass.send "#{time}_#{event}", method_name, **options.slice(:if, :on)
         end
 
         def find_by_oauth_credentials(provider, uid)

data/lib/sorcery/controller/config.rb

@@ -25,12 +25,12 @@ module Sorcery
             :@user_class                           => nil,
             :@submodules                           => [],
             :@not_authenticated_action             => :not_authenticated,
-            :@login_sources                        => [],
-            :@after_login                          => [],
-            :@after_failed_login                   => [],
-            :@before_logout                        => [],
-            :@after_logout                         => [],
-            :@after_remember_me                    => [],
+            :@login_sources                        => Set.new,
+            :@after_login                          => Set.new,
+            :@after_failed_login                   => Set.new,
+            :@before_logout                        => Set.new,
+            :@after_logout                         => Set.new,
+            :@after_remember_me                    => Set.new,
             :@save_return_to_url                   => true,
             :@cookie_domain                        => nil
           }

data/lib/sorcery/controller/submodules/activity_logging.rb

@@ -30,16 +30,11 @@ module Sorcery
             end
             merge_activity_logging_defaults!
           end
-          # FIXME: There is likely a more elegant way to safeguard these callbacks.
-          unless Config.after_login.include?(:register_login_time_to_db)
-            Config.after_login << :register_login_time_to_db
-          end
-          unless Config.after_login.include?(:register_last_ip_address)
-            Config.after_login << :register_last_ip_address
-          end
-          unless Config.before_logout.include?(:register_logout_time_to_db)
-            Config.before_logout << :register_logout_time_to_db
-          end
+
+          Config.after_login << :register_login_time_to_db
+          Config.after_login << :register_last_ip_address
+          Config.before_logout << :register_logout_time_to_db
+
           base.after_action :register_last_activity_time_to_db
         end
 

data/lib/sorcery/controller/submodules/brute_force_protection.rb

@@ -10,13 +10,9 @@ module Sorcery
       module BruteForceProtection
         def self.included(base)
           base.send(:include, InstanceMethods)
-          # FIXME: There is likely a more elegant way to safeguard these callbacks.
-          unless Config.after_login.include?(:reset_failed_logins_count!)
-            Config.after_login << :reset_failed_logins_count!
-          end
-          unless Config.after_failed_login.include?(:update_failed_logins_count!)
-            Config.after_failed_login << :update_failed_logins_count!
-          end
+
+          Config.after_login << :reset_failed_logins_count!
+          Config.after_failed_login << :update_failed_logins_count!
         end
 
         module InstanceMethods

data/lib/sorcery/controller/submodules/external.rb

@@ -27,6 +27,7 @@ module Sorcery
           require 'sorcery/providers/auth0'
           require 'sorcery/providers/line'
           require 'sorcery/providers/discord'
+          require 'sorcery/providers/battlenet'
 
           Config.module_eval do
             class << self

data/lib/sorcery/controller/submodules/http_basic_auth.rb

@@ -19,10 +19,8 @@ module Sorcery
             end
             merge_http_basic_auth_defaults!
           end
-          # FIXME: There is likely a more elegant way to safeguard these callbacks.
-          unless Config.login_sources.include?(:login_from_basic_auth)
-            Config.login_sources << :login_from_basic_auth
-          end
+
+          Config.login_sources << :login_from_basic_auth
         end
 
         module InstanceMethods

data/lib/sorcery/controller/submodules/remember_me.rb

@@ -17,13 +17,9 @@ module Sorcery
             end
             merge_remember_me_defaults!
           end
-          # FIXME: There is likely a more elegant way to safeguard these callbacks.
-          unless Config.login_sources.include?(:login_from_cookie)
-            Config.login_sources << :login_from_cookie
-          end
-          unless Config.before_logout.include?(:forget_me!)
-            Config.before_logout << :forget_me!
-          end
+
+          Config.login_sources << :login_from_cookie
+          Config.before_logout << :forget_me!
         end
 
         module InstanceMethods

data/lib/sorcery/controller/submodules/session_timeout.rb

@@ -23,13 +23,10 @@ module Sorcery
             end
             merge_session_timeout_defaults!
           end
-          # FIXME: There is likely a more elegant way to safeguard these callbacks.
-          unless Config.after_login.include?(:register_login_time)
-            Config.after_login << :register_login_time
-          end
-          unless Config.after_remember_me.include?(:register_login_time)
-            Config.after_remember_me << :register_login_time
-          end
+
+          Config.after_login << :register_login_time
+          Config.after_remember_me << :register_login_time
+
           base.prepend_before_action :validate_session
         end
 

data/lib/sorcery/providers/battlenet.rb

@@ -0,0 +1,51 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with BattleNet
+
+    class Battlenet < Base
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :scope, :token_url, :user_info_path
+
+      def initialize
+        super
+
+        @scope          = 'openid'
+        @site           = 'https://eu.battle.net/'
+        @auth_path      = '/oauth/authorize'
+        @token_url      = '/oauth/token'
+        @user_info_path = '/oauth/userinfo'
+        @state          = SecureRandom.hex(16)
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+        body = JSON.parse(response.body)
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = body
+          h[:battletag] = body['battletag']
+          h[:uid] = body['id']
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, _session)
+        args = { code: params[:code] }
+        get_access_token(
+          args,
+          token_url: token_url,
+          client_id: @key,
+          client_secret: @secret,
+          grant_type: 'authorization_code',
+          token_method: :post
+        )
+      end
+    end
+  end
+end

data/lib/sorcery/providers/line.rb

@@ -9,15 +9,16 @@ module Sorcery
     class Line < Base
       include Protocols::Oauth2
 
-      attr_accessor :token_url, :user_info_path, :auth_path
+      attr_accessor :token_url, :user_info_path, :auth_path, :scope, :bot_prompt
 
       def initialize
         super
 
         @site           = 'https://access.line.me'
         @user_info_path = 'https://api.line.me/v2/profile'
-        @token_url      = 'https://api.line.me/v2/oauth/accessToken'
-        @auth_path      = 'dialog/oauth/weblogin'
+        @token_url      = 'https://api.line.me/oauth2/v2.1/token'
+        @auth_path      = 'oauth2/v2.1/authorize'
+        @scope          = 'profile'
       end
 
       def get_user_hash(access_token)
@@ -34,13 +35,28 @@ module Sorcery
         @state = SecureRandom.hex(16)
         authorize_url(authorize_url: auth_path)
       end
+
+      # overrides oauth2#authorize_url to add bot_prompt query.
+      def authorize_url(options = {})
+        options.merge!({
+          connection_opts: { params: { bot_prompt: bot_prompt } }
+        }) if bot_prompt.present?
+
+        super(options)
+      end
+
       # tries to login the user from access token
       def process_callback(params, _session)
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
 
-        get_access_token(args, token_url: token_url, token_method: :post)
+        get_access_token(
+          args,
+          token_url: token_url,
+          token_method: :post,
+          grant_type: 'authorization_code'
+        )
       end
     end
   end

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = '0.15.0'.freeze
+  VERSION = '0.16.1'.freeze
 end

data/sorcery.gemspec

@@ -14,8 +14,7 @@ Gem::Specification.new do |s|
     'Josh Buker'
   ]
   s.email = [
-    'chase.gilliam@gmail.com',
-    'contact@joshbuker.com'
+    'crypto@joshbuker.com'
   ]
 
   # TODO: Cleanup formatting.
@@ -35,7 +34,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 2.4.9'
 
   s.add_dependency 'bcrypt', '~> 3.1'
-  s.add_dependency 'oauth', '~> 0.4', '>= 0.4.4'
+  s.add_dependency 'oauth', '~> 0.5', '>= 0.5.5'
   s.add_dependency 'oauth2', '~> 1.0', '>= 0.8.0'
 
   s.add_development_dependency 'byebug', '~> 10.0.0'

data/spec/controllers/controller_oauth2_spec.rb

@@ -116,12 +116,21 @@ describe SorceryController, active_record: true, type: :controller do
     end
 
     context 'when callback_url begin with http://' do
+      before do
+        sorcery_controller_external_property_set(:facebook, :callback_url, '/oauth/twitter/callback')
+        sorcery_controller_external_property_set(:facebook, :api_version, 'v2.2')
+      end
+
       it 'login_at redirects correctly' do
         create_new_user
         get :login_at_test_facebook
         expect(response).to be_a_redirect
         expect(response).to redirect_to("https://www.facebook.com/v2.2/dialog/oauth?client_id=#{::Sorcery::Controller::Config.facebook.key}&display=page&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&response_type=code&scope=email&state")
       end
+
+      after do
+        sorcery_controller_external_property_set(:facebook, :callback_url, 'http://blabla.com')
+      end
     end
 
     it "'login_from' logins if user exists" do
@@ -155,7 +164,7 @@ describe SorceryController, active_record: true, type: :controller do
       expect(flash[:notice]).to eq 'Success!'
     end
 
-    %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0 discord].each do |provider|
+    %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0 discord battlenet].each do |provider|
       describe "with #{provider}" do
         it 'login_at redirects correctly' do
           get :"login_at_test_#{provider}"
@@ -218,6 +227,7 @@ describe SorceryController, active_record: true, type: :controller do
           auth0
           line
           discord
+          battlenet
         ]
       )
 
@@ -265,6 +275,9 @@ describe SorceryController, active_record: true, type: :controller do
       sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
       sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
       sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
+      sorcery_controller_external_property_set(:battlenet, :key, '4c43d4862c774ca5bbde89873bf0d338')
+      sorcery_controller_external_property_set(:battlenet, :secret, 'TxY7IwKOykACd8kUxPyVGTqBs44UBDdX')
+      sorcery_controller_external_property_set(:battlenet, :callback_url, 'http://blabla.com')
     end
 
     after(:each) do
@@ -287,7 +300,7 @@ describe SorceryController, active_record: true, type: :controller do
       expect(ActionMailer::Base.deliveries.size).to eq old_size
     end
 
-    %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0 discord].each do |provider|
+    %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0 discord battlenet].each do |provider|
       it "does not send activation email to external users (#{provider})" do
         old_size = ActionMailer::Base.deliveries.size
         create_new_external_user provider
@@ -311,7 +324,7 @@ describe SorceryController, active_record: true, type: :controller do
       sorcery_reload!(%i[activity_logging external])
     end
 
-    %w[facebook github google liveid vk salesforce slack discord].each do |provider|
+    %w[facebook github google liveid vk salesforce slack discord battlenet].each do |provider|
       context "when #{provider}" do
         before(:each) do
           sorcery_controller_property_set(:register_login_time, true)
@@ -350,7 +363,7 @@ describe SorceryController, active_record: true, type: :controller do
 
     let(:user) { double('user', id: 42) }
 
-    %w[facebook github google liveid vk salesforce slack discord].each do |provider|
+    %w[facebook github google liveid vk salesforce slack discord battlenet].each do |provider|
       context "when #{provider}" do
         before(:each) do
           sorcery_model_property_set(:authentications_class, Authentication)
@@ -484,6 +497,7 @@ describe SorceryController, active_record: true, type: :controller do
         auth0
         line
         discord
+        battlenet
       ]
     )
     sorcery_controller_external_property_set(:facebook, :key, 'eYVNBjBDi33aa9GkA3w')
@@ -529,6 +543,9 @@ describe SorceryController, active_record: true, type: :controller do
     sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
     sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
     sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
+    sorcery_controller_external_property_set(:battlenet, :key, '4c43d4862c774ca5bbde89873bf0d338')
+    sorcery_controller_external_property_set(:battlenet, :secret, 'TxY7IwKOykACd8kUxPyVGTqBs44UBDdX')
+    sorcery_controller_external_property_set(:battlenet, :callback_url, 'http://blabla.com')
   end
 
   def provider_url(provider)
@@ -544,7 +561,8 @@ describe SorceryController, active_record: true, type: :controller do
       microsoft: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#{::Sorcery::Controller::Config.microsoft.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+email+https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state",
       instagram: "https://api.instagram.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.instagram.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=#{::Sorcery::Controller::Config.instagram.scope}&state",
       auth0: "https://sorcery-test.auth0.com/authorize?client_id=#{::Sorcery::Controller::Config.auth0.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+profile+email&state",
-      discord: "https://discordapp.com/api/oauth2/authorize?client_id=#{::Sorcery::Controller::Config.discord.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=identify&state"
+      discord: "https://discordapp.com/api/oauth2/authorize?client_id=#{::Sorcery::Controller::Config.discord.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=identify&state",
+      battlenet: "https://eu.battle.net/oauth/authorize?client_id=#{::Sorcery::Controller::Config.battlenet.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid&state"
     }[provider]
   end
 end

data/spec/controllers/controller_oauth_spec.rb

@@ -84,11 +84,17 @@ describe SorceryController, type: :controller do
     end
 
     context 'when callback_url begin with http://' do
+      before do
+        sorcery_controller_external_property_set(:twitter, :callback_url, '/oauth/twitter/callback')
+      end
       it 'login_at redirects correctly', pending: true do
         get :login_at_test
         expect(response).to be_a_redirect
         expect(response).to redirect_to('http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=')
       end
+      after do
+        sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
+      end
     end
 
     it 'logins if user exists' do

data/spec/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,2 @@
+class ApplicationController < ActionController::Base
+end

data/spec/rails_app/app/controllers/sorcery_controller.rb

@@ -1,6 +1,6 @@
 require 'oauth'
 
-class SorceryController < ActionController::Base
+class SorceryController < ApplicationController
   protect_from_forgery
 
   before_action :require_login_from_http_basic, only: [:test_http_basic_auth]
@@ -170,6 +170,10 @@ class SorceryController < ActionController::Base
     login_at(:discord)
   end
 
+  def login_at_test_battlenet
+    login_at(:battlenet)
+  end
+
   def test_login_from_twitter
     if (@user = login_from(:twitter))
       redirect_to 'bla', notice: 'Success!'
@@ -300,6 +304,14 @@ class SorceryController < ActionController::Base
     end
   end
 
+  def test_login_from_battlenet
+    if (@user = login_from(:battlenet))
+      redirect_to 'bla', notice: 'Success!'
+    else
+      redirect_to 'blu', alert: 'Failed!'
+    end
+  end
+
   def test_return_to_with_external_twitter
     if (@user = login_from(:twitter))
       redirect_back_or_to 'bla', notice: 'Success!'
@@ -430,6 +442,14 @@ class SorceryController < ActionController::Base
     end
   end
 
+  def test_return_to_with_external_battlenet
+    if (@user = login_from(:battlenet))
+      redirect_back_or_to 'bla', notice: 'Success!'
+    else
+      redirect_to 'blu', alert: 'Failed!'
+    end
+  end
+
   def test_create_from_provider
     provider = params[:provider]
     login_from(provider)

data/spec/rails_app/config/routes.rb

@@ -35,6 +35,7 @@ AppRoot::Application.routes.draw do
     get :test_login_from_auth0
     get :test_login_from_line
     get :test_login_from_discord
+    get :test_login_from_battlenet
     get :login_at_test
     get :login_at_test_twitter
     get :login_at_test_facebook
@@ -52,6 +53,7 @@ AppRoot::Application.routes.draw do
     get :login_at_test_auth0
     get :login_at_test_line
     get :login_at_test_discord
+    get :login_at_test_battlenet
     get :test_return_to_with_external
     get :test_return_to_with_external_twitter
     get :test_return_to_with_external_facebook
@@ -69,6 +71,7 @@ AppRoot::Application.routes.draw do
     get :test_return_to_with_external_auth0
     get :test_return_to_with_external_line
     get :test_return_to_with_external_discord
+    get :test_return_to_with_external_battlenet
     get :test_http_basic_auth
     get :some_action_making_a_non_persisted_change_to_the_user
     post :test_login_with_remember

data/spec/shared_examples/user_shared_examples.rb

@@ -511,7 +511,7 @@ shared_examples_for 'rails_3_core_model' do
 
       # password comparison is done using BCrypt::Password#==(raw_token), not String#==
       bcrypt_password = BCrypt::Password.new(user.crypted_password)
-      allow(::BCrypt::Password).to receive(:create) do |token, cost:|
+      allow(::BCrypt::Password).to receive(:create) do |token, options = {}|
         # need to use common BCrypt's salt when genarating BCrypt::Password objects
         # so that any generated password hashes can be compared each other
         ::BCrypt::Engine.hash_secret(token, bcrypt_password.salt)
@@ -535,7 +535,7 @@ shared_examples_for 'rails_3_core_model' do
 
       # password comparison is done using BCrypt::Password#==(raw_token), not String#==
       bcrypt_password = BCrypt::Password.new(user.crypted_password)
-      allow(::BCrypt::Password).to receive(:create) do |token, cost:|
+      allow(::BCrypt::Password).to receive(:create) do |token, options = {}|
         # need to use common BCrypt's salt when genarating BCrypt::Password objects
         # so that any generated password hashes can be compared each other
         ::BCrypt::Engine.hash_secret(token, bcrypt_password.salt)

data/spec/support/migration_helper.rb

@@ -1,7 +1,9 @@
 class MigrationHelper
   class << self
     def migrate(path)
-      if ActiveRecord.version >= Gem::Version.new('5.2.0')
+      if ActiveRecord.version >= Gem::Version.new('6.0.0')
+        ActiveRecord::MigrationContext.new(path, schema_migration).migrate
+      elsif ActiveRecord.version >= Gem::Version.new('5.2.0')
         ActiveRecord::MigrationContext.new(path).migrate
       else
         ActiveRecord::Migrator.migrate(path)
@@ -9,11 +11,19 @@ class MigrationHelper
     end
 
     def rollback(path)
-      if ActiveRecord.version >= Gem::Version.new('5.2.0')
+      if ActiveRecord.version >= Gem::Version.new('6.0.0')
+        ActiveRecord::MigrationContext.new(path, schema_migration).rollback
+      elsif ActiveRecord.version >= Gem::Version.new('5.2.0')
         ActiveRecord::MigrationContext.new(path).rollback
       else
         ActiveRecord::Migrator.rollback(path)
       end
     end
+
+    private
+
+    def schema_migration
+      ActiveRecord::Base.connection.schema_migration
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sorcery
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 0.16.1
 platform: ruby
 authors:
 - Noam Ben Ari
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-02 00:00:00.000000000 Z
+date: 2021-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -34,40 +34,40 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.4
+        version: 0.5.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.4
+        version: 0.5.5
 - !ruby/object:Gem::Dependency
   name: oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.8.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.8.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -189,24 +189,29 @@ dependencies:
 description: Provides common authentication needs such as signing in/out, activating
   by email and resetting password.
 email:
-- chase.gilliam@gmail.com
-- contact@joshbuker.com
+- crypto@joshbuker.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - ".document"
+- ".github/FUNDING.yml"
 - ".github/ISSUE_TEMPLATE.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
-- ".travis.yml"
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.md
 - README.md
 - Rakefile
+- SECURITY.md
+- gemfiles/rails_52.gemfile
+- gemfiles/rails_60.gemfile
 - lib/generators/sorcery/USAGE
 - lib/generators/sorcery/helpers.rb
 - lib/generators/sorcery/install_generator.rb
@@ -254,6 +259,7 @@ files:
 - lib/sorcery/protocols/oauth2.rb
 - lib/sorcery/providers/auth0.rb
 - lib/sorcery/providers/base.rb
+- lib/sorcery/providers/battlenet.rb
 - lib/sorcery/providers/discord.rb
 - lib/sorcery/providers/facebook.rb
 - lib/sorcery/providers/github.rb
@@ -303,6 +309,7 @@ files:
 - spec/rails_app/app/active_record/user.rb
 - spec/rails_app/app/active_record/user_provider.rb
 - spec/rails_app/app/assets/config/manifest.js
+- spec/rails_app/app/controllers/application_controller.rb
 - spec/rails_app/app/controllers/sorcery_controller.rb
 - spec/rails_app/app/helpers/application_helper.rb
 - spec/rails_app/app/mailers/sorcery_mailer.rb
@@ -379,7 +386,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Magical authentication for Rails applications

data/.travis.yml

@@ -1,8 +0,0 @@
-language: ruby
-rvm:
-  - 2.4.9
-  - 2.5.7
-  - 2.6.5
-
-gemfile:
-  - Gemfile