sorcery 0.16.0 → 0.16.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44ff0a756fa8a8379e9333f116a72be359847bd3f9611f643e2f2200180dd4f6
-  data.tar.gz: 8e4bcf9034cac0cac8eddaf296df1a64757272d99c9954e35f99f45d2c9d2836
+  metadata.gz: f2d091c4af06b65d0b8640aa1664cc03370f0859a0d37ccca2865813a41956ec
+  data.tar.gz: c60ee8af595868a99ddced5363716f6593f494bb82e97a82d35769b4a1c223e4
 SHA512:
-  metadata.gz: e6ef63584276452138f36a8cc1f22928d79f9e5998d4ade707c116e825f63e114a8219a5157c13508116caf4a7b46e08670b34b0ee7ea2e84e673f5f68e1f092
-  data.tar.gz: f5d3599a90e6a50896d19c67434e9ac9cf250f8357685d48426745da7bd210e8b3238a6b026243b5ea045f83c973914f505a77c000004b50ba40d721a51eb182
+  metadata.gz: 24281e4ee0082665b792c467fbc9f7e70a6d3f26492a66de179248b6d3c97dcabf2aa3058e44239961ffa01645708883d22e097ac28dfc2b64e38ef2743a03c3
+  data.tar.gz: 55c173b3a0ea39d8067bb26b737e57548fb67357c0969d1eb08290c8876294157f2ca7c17888874d208d88fe893840b4046bf3463c1ead9fa16c15358a9d5668

data/.github/FUNDING.yml

@@ -0,0 +1 @@
+github: athix

data/.github/ISSUE_TEMPLATE.md

@@ -1,4 +1,4 @@
-Please complete all sections.
+<!-- Please complete all sections. -->
 
 ### Configuration
 
@@ -9,12 +9,16 @@ Please complete all sections.
 
 ### Expected Behavior
 
-Tell us what should happen.
+<!-- Tell us what should happen. -->
 
 ### Actual Behavior
 
-Tell us what happens instead.
+<!-- Tell us what happens instead. -->
 
 ### Steps to Reproduce
 
-Please list all steps to reproduce the issue.
+<!-- Please list all steps to reproduce the issue. -->
+
+1.
+2.
+3.

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -3,3 +3,5 @@ Please ensure your pull request includes the following:
 - [ ] Description of changes
 - [ ] Update to CHANGELOG.md with short description and link to pull request
 - [ ] Changes have related RSpec tests that ensure functionality does not break
+
+<!-- For the changelog, please add your entry to the HEAD section. Do not create a new release header. -->

data/.github/workflows/ruby.yml

@@ -1,23 +1,70 @@
-name: Ruby
+name: Test Suite
 
+# Run against all commits and pull requests.
 on:
+  schedule:
+    - cron: '0 0 * * *'
   push:
-    branches: [ master ]
   pull_request:
-    branches: [ master ]
 
 jobs:
-  test:
+  test_matrix:
 
     runs-on: ubuntu-latest
 
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 2.4
+          - 2.5
+          - 2.6
+          - 2.7
+          - 3.0.0
+          # - 3.1
+
+        rails:
+          - '52'
+          - '60'
+          - '61'
+          # - '70'
+
+        exclude:
+          - ruby: 2.4
+            rails: '60'
+          - ruby: 2.4
+            rails: '61'
+          # - ruby: 2.4
+          #   rails: '70'
+          # - ruby: 2.5
+          #   rails: '70'
+          # - ruby: 2.6
+          #   rails: '70'
+          - ruby: 3.0.0
+            rails: '52'
+          # - ruby: 3.1
+          #   rails: '52'
+          # - ruby: 3.1
+          #   rails: '60'
+          # - ruby: 3.1
+          #   rails: '61'
+
+    env:
+      BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rake spec
+
+  finish:
+    runs-on: ubuntu-latest
+    needs: [ test_matrix ]
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-    - name: Install dependencies
-      run: bundle install
-    - name: Run tests
-      run: bundle exec rake
+      - name: Wait for status checks
+        run: echo "All Green!"

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2021-01-02 07:53:19 UTC using RuboCop version 0.88.0.
+# on 2021-04-04 05:00:11 UTC using RuboCop version 0.88.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -147,6 +147,14 @@ Style/StringLiterals:
     - 'spec/controllers/controller_oauth2_spec.rb'
     - 'spec/sorcery_crypto_providers_spec.rb'
 
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, MinSize.
+# SupportedStyles: percent, brackets
+Style/SymbolArray:
+  Exclude:
+    - 'Rakefile'
+
 # Offense count: 2
 # Cop supports --auto-correct.
 Style/UnpackFirst:

data/CHANGELOG.md

@@ -1,6 +1,23 @@
 # Changelog
 ## HEAD
 
+## 0.16.3
+
+* Fix provider instantiation for plural provider names (eg. okta) [#305](https://github.com/Sorcery/sorcery/pull/305)
+
+## 0.16.2
+
+* Inline core migration index definition [#281](https://github.com/Sorcery/sorcery/pull/281)
+* Add missing remember_me attributes to config [#180](https://github.com/Sorcery/sorcery/pull/180)
+* Fix MongoID adapter breaking on save [#284](https://github.com/Sorcery/sorcery/pull/284)
+* Don't pass token to Slack in query params. Prevents 'invalid_auth' error [#287](https://github.com/Sorcery/sorcery/pull/287)
+* Fix valid_password? not using configured values when called alone [#293](https://github.com/Sorcery/sorcery/pull/293)
+
+## 0.16.1
+
+* Fix default table name being incorrect in migration generator [#274](https://github.com/Sorcery/sorcery/pull/274)
+* Update `oauth` dependency per CVE-2016-11086
+
 ## 0.16.0
 
 * Add BattleNet Provider [#260](https://github.com/Sorcery/sorcery/pull/260)
@@ -11,6 +28,10 @@
 * Fix ruby 2.7 deprecation warnings [#241](https://github.com/Sorcery/sorcery/pull/241)
 * Use set to ensure unique arrays [#233](https://github.com/Sorcery/sorcery/pull/233)
 
+## 0.15.1
+
+* Update `oauth` dependency per CVE-2016-11086
+
 ## 0.15.0
 
 * Fix brute force vuln due to callbacks no being ran [#235](https://github.com/Sorcery/sorcery/pull/235)

data/MAINTAINING.md

@@ -0,0 +1,64 @@
+# Maintaining Sorcery
+
+This will eventually be fleshed out so that anyone should be able to pick up and
+maintain Sorcery by following this guide. It will provide step-by-step guides
+for common tasks such as releasing new versions, as well as explain how to
+triage issues and keep the CHANGELOG up-to-date.
+
+## Table of Contents
+
+1. [Merging Pull Requests](#merging-pull-requests)
+1. [Versioning](#versioning)
+   1. [Version Naming](#version-naming)
+   1. [Releasing a New Version](#releasing-a-new-version)
+
+## Merging Pull Requests
+
+TODO
+
+## Versioning
+
+### Version Naming
+
+Sorcery uses semantic versioning which can be found at: https://semver.org/
+
+All versions of Sorcery should follow this format: `MAJOR.MINOR.PATCH`
+
+Where:
+
+* MAJOR - Includes backwards **incompatible** changes.
+* MINOR - Introduces new functionality but is fully backwards compatible.
+* PATCH - Fixes errors in existing functionality (must be backwards compatible).
+
+The changelog and git tags should use `vMAJOR.MINOR.PATCH` to indicate that the
+number represents a version of Sorcery. For example, `1.0.0` would become
+`v1.0.0`.
+
+### Releasing a New Version
+
+When it's time to release a new version, you'll want to ensure all the changes
+you need are on the master branch and that there is a passing build. Then follow
+this checklist and prepare a release commit:
+
+NOTE: `X.Y.Z` and `vX.Y.Z` are given as examples, and should be replaced with
+      whatever version you are releasing. See: [Version Naming](#version-naming)
+
+1. Update CHANGELOG.md
+   1. Check for any changes that have been included since the last release that
+      are not reflected in the changelog. Add any missing entries to the `HEAD`
+      section.
+   1. Check the changes in `HEAD` to determine what version increment is
+      appropriate. See [Version Naming](#version-naming) if unsure.
+   1. Replace `## HEAD` with `## vX.Y.Z` and create a new `## HEAD` section
+      above the latest version.
+1. Update Gem Version
+   1. Update `./lib/sorcery/version.rb` to 'X.Y.Z'
+1. Stage your changes and create a commit
+   1. `git add -A`
+   1. `git commit -m "Release vX.Y.Z"`
+1. TODO: Gem Release (WIP)
+   1. `cd <dir>`
+   1. `gem build`
+   1. `gem push <filename>`
+1. TODO: Version tagging
+   1. Release new version via github interface

data/README.md

@@ -2,10 +2,7 @@
 
 [![Gem Version](https://badge.fury.io/rb/sorcery.svg)](https://rubygems.org/gems/sorcery)
 [![Gem Downloads](https://img.shields.io/gem/dt/sorcery.svg)](https://rubygems.org/gems/sorcery)
-[![Build Status](https://travis-ci.org/Sorcery/sorcery.svg?branch=master)](https://travis-ci.org/Sorcery/sorcery)
-[![Code Climate](https://codeclimate.com/github/Sorcery/sorcery.svg)](https://codeclimate.com/github/Sorcery/sorcery)
-[![Inline docs](http://inch-ci.org/github/Sorcery/sorcery.svg?branch=master)](http://inch-ci.org/github/Sorcery/sorcery)
-[![Join the chat at https://gitter.im/Sorcery/sorcery](https://badges.gitter.im/join_chat.svg)](https://gitter.im/Sorcery/sorcery?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Build Status](https://github.com/Sorcery/sorcery/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/Sorcery/sorcery/actions/workflows/ruby.yml)
 
 Magical Authentication for Rails. Supports ActiveRecord, DataMapper, Mongoid and MongoMapper.
 

data/Rakefile

@@ -1,6 +1,8 @@
 require 'bundler/gem_tasks'
 
 require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
 RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new
 
-task default: :spec
+task default: [:rubocop, :spec]

data/SECURITY.md

@@ -2,10 +2,11 @@
 
 ## Supported Versions
 
-| Version  | Supported          |
-| -------- | ------------------ |
-| 0.15.0   | :white_check_mark: |
-| < 0.15.0 | :x:                |
+| Version   | Supported          |
+| --------- | ------------------ |
+| ~> 0.16.0 | :white_check_mark: |
+| ~> 0.15.0 | :white_check_mark: |
+| < 0.15.0  | :x:                |
 
 ## Reporting a Vulnerability
 

data/gemfiles/rails_61.gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gem 'rails', '~> 6.1.0'
+gem 'rails-controller-testing'
+gem 'sqlite3', '~> 1.4'
+
+gemspec path: '..'

data/gemfiles/rails_70.gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gem 'rails', '~> 7.0.0'
+gem 'rails-controller-testing'
+gem 'sqlite3', '~> 1.4'
+
+gemspec path: '..'

data/lib/generators/sorcery/helpers.rb

@@ -13,7 +13,7 @@ module Sorcery
       end
 
       def tableized_model_class
-        options[:model] ? options[:model].gsub(/::/, '').tableize : 'User'
+        options[:model] ? options[:model].gsub(/::/, '').tableize : 'users'
       end
 
       def model_path

data/lib/generators/sorcery/templates/initializer.rb

@@ -306,6 +306,16 @@ Rails.application.config.sorcery.configure do |config|
     # user.subclasses_inherit_config =
 
     # -- remember_me --
+    # change default remember_me_token attribute.
+    # Default: `:remember_me_token`
+    #
+    # user.remember_me_token_attribute_name =
+
+    # change default remember_me_token_expires_at attribute.
+    # Default: `:remember_me_token_expires_at`
+    #
+    # user.remember_me_token_expires_at_attribute_name =
+
     # How long in seconds the session length will be
     # Default: `60 * 60 * 24 * 7`
     #

data/lib/generators/sorcery/templates/migration/core.rb

@@ -1,13 +1,11 @@
 class SorceryCore < <%= migration_class_name %>
   def change
     create_table :<%= tableized_model_class %> do |t|
-      t.string :email,            null: false
+      t.string :email,            null: false, index: { unique: true }
       t.string :crypted_password
       t.string :salt
 
       t.timestamps                null: false
     end
-
-    add_index :<%= tableized_model_class %>, :email, unique: true
   end
 end

data/lib/sorcery/adapters/mongoid_adapter.rb

@@ -32,7 +32,7 @@ module Sorcery
         end
 
         def define_callback(time, event, method_name, options = {})
-          @klass.send callback_name(time, event, options), method_name, options.slice(:if)
+          @klass.send callback_name(time, event, options), method_name, **options.slice(:if)
         end
 
         def callback_name(time, event, options)

data/lib/sorcery/controller/submodules/external.rb

@@ -28,9 +28,6 @@ module Sorcery
           require 'sorcery/providers/line'
           require 'sorcery/providers/discord'
           require 'sorcery/providers/battlenet'
-          
-          
-          
 
           Config.module_eval do
             class << self
@@ -43,7 +40,7 @@ module Sorcery
                 providers.each do |name|
                   class_eval <<-RUBY, __FILE__, __LINE__ + 1
                     def self.#{name}
-                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.classify).new
+                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.camelcase).new
                     end
                   RUBY
                 end

data/lib/sorcery/model.rb

@@ -131,6 +131,14 @@ module Sorcery
         @sorcery_config.encryption_provider.encrypt(*tokens)
       end
 
+      # FIXME: This method of passing config to the hashing provider is
+      #        questionable, and has been refactored in Sorcery v1.
+      def set_encryption_attributes
+        @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
+        @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
+        @sorcery_config.encryption_provider.pepper = @sorcery_config.pepper if @sorcery_config.encryption_provider.respond_to?(:pepper) && @sorcery_config.pepper
+      end
+
       protected
 
       def authentication_response(options = {})
@@ -139,12 +147,6 @@ module Sorcery
         options[:return_value]
       end
 
-      def set_encryption_attributes
-        @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
-        @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
-        @sorcery_config.encryption_provider.pepper = @sorcery_config.pepper if @sorcery_config.encryption_provider.respond_to?(:pepper) && @sorcery_config.pepper
-      end
-
       def add_config_inheritance
         class_eval do
           def self.inherited(subclass)
@@ -177,6 +179,9 @@ module Sorcery
         crypted = send(sorcery_config.crypted_password_attribute_name)
         return crypted == pass if sorcery_config.encryption_provider.nil?
 
+        # Ensure encryption provider is using configured values
+        self.class.set_encryption_attributes
+
         salt = send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
 
         sorcery_config.encryption_provider.matches?(crypted, pass, salt)

data/lib/sorcery/providers/slack.rb

@@ -18,7 +18,7 @@ module Sorcery
       end
 
       def get_user_hash(access_token)
-        response = access_token.get(user_info_path, params: { token: access_token.token })
+        response = access_token.get(user_info_path)
         auth_hash(access_token).tap do |h|
           h[:user_info] = JSON.parse(response.body)
           h[:user_info]['email'] = h[:user_info]['user']['email']

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = '0.16.0'.freeze
+  VERSION = '0.16.3'.freeze
 end

data/sorcery.gemspec

@@ -34,7 +34,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 2.4.9'
 
   s.add_dependency 'bcrypt', '~> 3.1'
-  s.add_dependency 'oauth', '~> 0.4', '>= 0.4.4'
+  s.add_dependency 'oauth', '~> 0.5', '>= 0.5.5'
   s.add_dependency 'oauth2', '~> 1.0', '>= 0.8.0'
 
   s.add_development_dependency 'byebug', '~> 10.0.0'

data/spec/providers/examples_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'sorcery/providers/base'
+
+describe Sorcery::Providers::Examples do
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:examples])
+  end
+
+  context 'fetching a plural custom provider' do
+    it 'returns the provider' do
+      expect(Sorcery::Controller::Config.examples).to be_a(Sorcery::Providers::Examples)
+    end
+  end
+end

data/spec/support/providers/examples.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'sorcery/providers/base'
+
+module Sorcery
+  module Providers
+    class Examples < Base
+      include Protocols::Oauth2
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sorcery
 version: !ruby/object:Gem::Version
-  version: 0.16.0
+  version: 0.16.3
 platform: ruby
 authors:
 - Noam Ben Ari
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-16 00:00:00.000000000 Z
+date: 2022-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -34,20 +34,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.4
+        version: 0.5.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.4
+        version: 0.5.5
 - !ruby/object:Gem::Dependency
   name: oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -195,6 +195,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".document"
+- ".github/FUNDING.yml"
 - ".github/ISSUE_TEMPLATE.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/workflows/ruby.yml"
@@ -202,16 +203,18 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
-- ".travis.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.md
+- MAINTAINING.md
 - README.md
 - Rakefile
 - SECURITY.md
 - gemfiles/rails_52.gemfile
 - gemfiles/rails_60.gemfile
+- gemfiles/rails_61.gemfile
+- gemfiles/rails_70.gemfile
 - lib/generators/sorcery/USAGE
 - lib/generators/sorcery/helpers.rb
 - lib/generators/sorcery/install_generator.rb
@@ -304,6 +307,7 @@ files:
 - spec/orm/active_record.rb
 - spec/providers/example_provider_spec.rb
 - spec/providers/example_spec.rb
+- spec/providers/examples_spec.rb
 - spec/providers/vk_spec.rb
 - spec/rails_app/app/active_record/authentication.rb
 - spec/rails_app/app/active_record/user.rb
@@ -365,6 +369,7 @@ files:
 - spec/support/migration_helper.rb
 - spec/support/providers/example.rb
 - spec/support/providers/example_provider.rb
+- spec/support/providers/examples.rb
 homepage: https://github.com/Sorcery/sorcery
 licenses:
 - MIT
@@ -386,7 +391,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: Magical authentication for Rails applications

data/.travis.yml

@@ -1,17 +0,0 @@
-language: ruby
-cache: bundler
-
-rvm:
-  - 2.4.9
-  - 2.5.7
-  - 2.6.5
-  - 2.7.1
-
-gemfile:
-  - gemfiles/rails_52.gemfile
-  - gemfiles/rails_60.gemfile
-
-jobs:
-  exclude:
-  - rvm: 2.4.9
-    gemfile: gemfiles/rails_60.gemfile