sorcery 0.16.1 → 0.18.0

data/lib/sorcery/model/temporary_token.rb

@@ -18,18 +18,18 @@ module Sorcery
       end
 
       module ClassMethods
-        def load_from_token(token, token_attr_name, token_expiration_date_attr = nil, &block)
-          return token_response(failure: :invalid_token, &block) if token.blank?
+        def load_from_token(token, token_attr_name, token_expiration_date_attr = nil, &)
+          return token_response(failure: :invalid_token, &) if token.blank?
 
           user = sorcery_adapter.find_by_token(token_attr_name, token)
 
-          return token_response(failure: :user_not_found, &block) unless user
+          return token_response(failure: :user_not_found, &) unless user
 
           unless check_expiration_date(user, token_expiration_date_attr)
-            return token_response(user: user, failure: :token_expired, &block)
+            return token_response(user: user, failure: :token_expired, &)
           end
 
-          token_response(user: user, return_value: user, &block)
+          token_response(user: user, return_value: user, &)
         end
 
         protected

data/lib/sorcery/model.rb

@@ -17,7 +17,7 @@ module Sorcery
       include_required_submodules!
 
       # This runs the options block set in the initializer on the model class.
-      ::Sorcery::Controller::Config.user_config.tap { |blk| blk.call(@sorcery_config) if blk }
+      ::Sorcery::Controller::Config.user_config.tap { |blk| blk&.call(@sorcery_config) }
 
       define_base_fields
       init_orm_hooks!
@@ -48,14 +48,10 @@ module Sorcery
         @sorcery_config.submodules = ::Sorcery::Controller::Config.submodules
         @sorcery_config.submodules.each do |mod|
           # TODO: Is there a cleaner way to handle missing submodules?
-          # rubocop:disable Lint/HandleExceptions
-          begin
-            include Submodules.const_get(mod.to_s.split('_').map(&:capitalize).join)
-          rescue NameError
-            # don't stop on a missing submodule. Needed because some submodules are only defined
-            # in the controller side.
-          end
-          # rubocop:enable Lint/HandleExceptions
+          include Submodules.const_get(mod.to_s.split('_').map(&:capitalize).join) # rubocop:disable Layout/EmptyLinesAfterModuleInclusion
+        rescue NameError
+          # don't stop on a missing submodule. Needed because some submodules are only defined
+          # in the controller side.
         end
       end
     end
@@ -86,19 +82,13 @@ module Sorcery
       def authenticate(*credentials, &block)
         raise ArgumentError, 'at least 2 arguments required' if credentials.size < 2
 
-        if credentials[0].blank?
-          return authentication_response(return_value: false, failure: :invalid_login, &block)
-        end
+        return authentication_response(return_value: false, failure: :invalid_login, &block) if credentials[0].blank?
 
-        if @sorcery_config.downcase_username_before_authenticating
-          credentials[0].downcase!
-        end
+        credentials[0].downcase! if @sorcery_config.downcase_username_before_authenticating
 
         user = sorcery_adapter.find_by_credentials(credentials)
 
-        unless user
-          return authentication_response(failure: :invalid_login, &block)
-        end
+        return authentication_response(failure: :invalid_login, &block) unless user
 
         set_encryption_attributes
 
@@ -109,9 +99,7 @@ module Sorcery
         @sorcery_config.before_authenticate.each do |callback|
           success, reason = user.send(callback)
 
-          unless success
-            return authentication_response(user: user, failure: reason, &block)
-          end
+          return authentication_response(user: user, failure: reason, &block) unless success
         end
 
         unless user.valid_password?(credentials[1])
@@ -131,6 +119,20 @@ module Sorcery
         @sorcery_config.encryption_provider.encrypt(*tokens)
       end
 
+      # FIXME: This method of passing config to the hashing provider is
+      #        questionable, and has been refactored in Sorcery v1.
+      def set_encryption_attributes
+        if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
+          @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches
+        end
+        if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
+          @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token
+        end
+        return unless @sorcery_config.encryption_provider.respond_to?(:pepper) && @sorcery_config.pepper
+
+        @sorcery_config.encryption_provider.pepper = @sorcery_config.pepper
+      end
+
       protected
 
       def authentication_response(options = {})
@@ -139,12 +141,6 @@ module Sorcery
         options[:return_value]
       end
 
-      def set_encryption_attributes
-        @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
-        @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
-        @sorcery_config.encryption_provider.pepper = @sorcery_config.pepper if @sorcery_config.encryption_provider.respond_to?(:pepper) && @sorcery_config.pepper
-      end
-
       def add_config_inheritance
         class_eval do
           def self.inherited(subclass)
@@ -177,6 +173,9 @@ module Sorcery
         crypted = send(sorcery_config.crypted_password_attribute_name)
         return crypted == pass if sorcery_config.encryption_provider.nil?
 
+        # Ensure encryption provider is using configured values
+        self.class.set_encryption_attributes
+
         salt = send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
 
         sorcery_config.encryption_provider.matches?(crypted, pass, salt)
@@ -188,7 +187,9 @@ module Sorcery
       # encrypts password with salt and saves it.
       def encrypt_password
         config = sorcery_config
-        send(:"#{config.salt_attribute_name}=", new_salt = TemporaryToken.generate_random_token) unless config.salt_attribute_name.nil?
+        unless config.salt_attribute_name.nil?
+          send(:"#{config.salt_attribute_name}=", new_salt = TemporaryToken.generate_random_token)
+        end
         send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(send(config.password_attribute_name), new_salt))
       end
 

data/lib/sorcery/protocols/oauth2.rb

@@ -32,6 +32,7 @@ module Sorcery
       def build_client(options = {})
         defaults = {
           site: @site,
+          auth_scheme: :request_body,
           ssl: { ca_file: Sorcery::Controller::Config.ca_file }
         }
         ::OAuth2::Client.new(

data/lib/sorcery/providers/base.rb

@@ -26,7 +26,7 @@ module Sorcery
       end
 
       def self.name
-        super.gsub(/Sorcery::Providers::/, '').downcase
+        super.gsub('Sorcery::Providers::', '').downcase
       end
 
       # Ensure that all descendant classes are loaded before run this

data/lib/sorcery/providers/facebook.rb

@@ -48,9 +48,9 @@ module Sorcery
         # Fix: replace default oauth2 options, specially to prevent the Faraday gem which
         # concatenates with "/", removing the Facebook api version
         options = {
-          site:          File.join(@site, api_version.to_s),
+          site: File.join(@site, api_version.to_s),
           authorize_url: File.join(@auth_site, api_version.to_s, auth_path),
-          token_url:     token_url
+          token_url: token_url
         }
 
         @scope = access_permissions.present? ? access_permissions.join(',') : scope

data/lib/sorcery/providers/github.rb

@@ -26,7 +26,7 @@ module Sorcery
 
         auth_hash(access_token).tap do |h|
           h[:user_info] = JSON.parse(response.body).tap do |uih|
-            uih['email'] = primary_email(access_token) if scope =~ /user/
+            uih['email'] = primary_email(access_token) if scope&.include?('user')
           end
           h[:uid] = h[:user_info]['id']
         end
@@ -48,10 +48,10 @@ module Sorcery
       end
 
       def primary_email(access_token)
-        response = access_token.get(user_info_path + '/emails')
+        response = access_token.get("#{user_info_path}/emails")
         emails = JSON.parse(response.body)
         primary = emails.find { |i| i['primary'] }
-        primary && primary['email'] || emails.first && emails.first['email']
+        (primary && primary['email']) || (emails.first && emails.first['email'])
       end
     end
   end

data/lib/sorcery/providers/heroku.rb

@@ -8,8 +8,7 @@ module Sorcery
     # config.heroku.scope = "read"
     # config.heroku.user_info_mapping = {:email => "email", :name => "email" }
 
-    # NOTE:
-    # The full path must be set for OAuth Callback URL when configuring the API Client Information on Heroku.
+    # NOTE: The full path must be set for OAuth Callback URL when configuring the API Client Information on Heroku.
 
     class Heroku < Base
       include Protocols::Oauth2

data/lib/sorcery/providers/jira.rb

@@ -13,6 +13,7 @@ module Sorcery
                     :user_info_path, :site, :signature_method, :private_key_file, :callback_url
 
       def initialize
+        super
         @configuration = {
           authorize_path: '/authorize',
           request_token_path: '/request-token',
@@ -59,8 +60,8 @@ module Sorcery
       # tries to login the user from access token
       def process_callback(params, session)
         args = {
-          oauth_verifier:       params[:oauth_verifier],
-          request_token:        session[:request_token],
+          oauth_verifier: params[:oauth_verifier],
+          request_token: session[:request_token],
           request_token_secret: session[:request_token_secret]
         }
 

data/lib/sorcery/providers/line.rb

@@ -38,11 +38,9 @@ module Sorcery
 
       # overrides oauth2#authorize_url to add bot_prompt query.
       def authorize_url(options = {})
-        options.merge!({
-          connection_opts: { params: { bot_prompt: bot_prompt } }
-        }) if bot_prompt.present?
+        options[:connection_opts] = { params: { bot_prompt: bot_prompt } } if bot_prompt.present?
 
-        super(options)
+        super
       end
 
       # tries to login the user from access token

data/lib/sorcery/providers/microsoft.rb

@@ -28,7 +28,7 @@ module Sorcery
           response_type: 'code'
         }
         options.merge!(oauth_params)
-        super(options)
+        super
       end
 
       def get_user_hash(access_token)

data/lib/sorcery/providers/slack.rb

@@ -18,7 +18,7 @@ module Sorcery
       end
 
       def get_user_hash(access_token)
-        response = access_token.get(user_info_path, params: { token: access_token.token })
+        response = access_token.get(user_info_path)
         auth_hash(access_token).tap do |h|
           h[:user_info] = JSON.parse(response.body)
           h[:user_info]['email'] = h[:user_info]['user']['email']

data/lib/sorcery/providers/twitter.rb

@@ -44,8 +44,8 @@ module Sorcery
       # tries to login the user from access token
       def process_callback(params, session)
         args = {
-          oauth_verifier:       params[:oauth_verifier],
-          request_token:        session[:request_token],
+          oauth_verifier: params[:oauth_verifier],
+          request_token: session[:request_token],
           request_token_secret: session[:request_token_secret]
         }
 

data/lib/sorcery/providers/vk.rb

@@ -26,10 +26,10 @@ module Sorcery
 
         params = {
           access_token: access_token.token,
-          uids:         access_token.params['user_id'],
-          fields:       user_info_mapping.values.join(','),
-          scope:        scope,
-          v:            api_version.to_s
+          uids: access_token.params['user_id'],
+          fields: user_info_mapping.values.join(','),
+          scope: scope,
+          v: api_version.to_s
         }
 
         response = access_token.get(user_info_url, params: params)

data/lib/sorcery/providers/xing.rb

@@ -13,6 +13,7 @@ module Sorcery
                     :user_info_path
 
       def initialize
+        super
         @configuration = {
           site: 'https://api.xing.com/v1',
           authorize_path: '/authorize',
@@ -48,8 +49,8 @@ module Sorcery
       # tries to login the user from access token
       def process_callback(params, session)
         args = {
-          oauth_verifier:       params[:oauth_verifier],
-          request_token:        session[:request_token],
+          oauth_verifier: params[:oauth_verifier],
+          request_token: session[:request_token],
           request_token_secret: session[:request_token_secret]
         }
 

data/lib/sorcery/test_helpers/internal/rails.rb

@@ -19,20 +19,16 @@ module Sorcery
 
           # remove all plugin before_actions so they won't fail other tests.
           # I don't like this way, but I didn't find another.
-          # hopefully it won't break until Rails 4.
-          chain = if Gem::Version.new(::Rails::VERSION::STRING) >= Gem::Version.new('4.1.0')
-                    SorceryController._process_action_callbacks.send :chain
-                  else
-                    SorceryController._process_action_callbacks
-                  end
-
+          callbacks = SorceryController._process_action_callbacks
+          chain = callbacks.send :chain
           chain.delete_if { |c| SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
+          callbacks.instance_variable_set(:@all_callbacks, nil)
+          callbacks.instance_variable_set(:@single_callbacks, {})
 
           # configure
           ::Sorcery::Controller::Config.submodules = submodules
-          ::Sorcery::Controller::Config.user_class = nil
-          ActionController::Base.send(:include, ::Sorcery::Controller)
           ::Sorcery::Controller::Config.user_class = 'User'
+          ActionController::Base.include(::Sorcery::Controller)
 
           ::Sorcery::Controller::Config.user_config do |user|
             options.each do |property, value|
@@ -40,11 +36,6 @@ module Sorcery
             end
           end
           User.authenticates_with_sorcery!
-          return unless defined?(DataMapper) && User.ancestors.include?(DataMapper::Resource)
-
-          DataMapper.auto_migrate!
-          User.finalize
-          Authentication.finalize
         end
 
         def sorcery_controller_property_set(property, value)
@@ -62,14 +53,6 @@ module Sorcery
         def clear_user_without_logout
           subject.instance_variable_set(:@current_user, nil)
         end
-
-        if ::Rails.version < '5.0.0'
-          %w[get post put].each do |method|
-            define_method(method) do |action, options = {}|
-              super action, options[:params] || {}, options[:session]
-            end
-          end
-        end
       end
     end
   end

data/lib/sorcery/test_helpers/internal.rb

@@ -17,14 +17,14 @@ module Sorcery
       # a patch to fix a bug in testing that happens when you 'destroy' a session twice.
       # After the first destroy, the session is an ordinary hash, and then when destroy
       # is called again there's an exception.
-      class ::Hash # rubocop:disable Style/ClassAndModuleChildren
+      class ::Hash
         def destroy
           clear
         end
       end
 
       def build_new_user(attributes_hash = nil)
-        user_attributes_hash = attributes_hash || { username: 'gizmo', email: 'bla@bla.com', password: 'secret' }
+        user_attributes_hash = attributes_hash || { username: 'gizmo', email: 'bla@example.com', password: 'secret' }
         @user = User.new(user_attributes_hash)
       end
 
@@ -58,8 +58,8 @@ module Sorcery
         end
       end
 
-      def update_model(&block)
-        User.class_exec(&block)
+      def update_model(&)
+        User.class_exec(&)
       end
 
       private
@@ -70,8 +70,6 @@ module Sorcery
         User && Object.send(:remove_const, 'User')
         load 'user.rb'
 
-        return unless User.respond_to?(:reset_column_information)
-
         User.reset_column_information
       end
     end

data/lib/sorcery/test_helpers/rails/integration.rb

@@ -10,7 +10,7 @@ module Sorcery
 
           username_attr = user.sorcery_config.username_attribute_names.first
           username = user.send(username_attr)
-          page.driver.send(http_method, route, :"#{username_attr}" => username, :password => 'secret')
+          page.driver.send(http_method, route, "#{username_attr}": username, password: 'secret')
         end
 
         # Accepts route and HTTP method arguments

data/lib/sorcery/test_helpers/rails/request.rb

@@ -4,7 +4,7 @@ module Sorcery
       module Request
         # Accepts arguments for user to login, the password, route to use and HTTP method
         # Defaults - @user, 'secret', 'user_sessions_url' and http_method: POST
-        def login_user(user = nil, password = 'secret', route = nil, http_method = :post)
+        def login_user(user = nil, password = 'secret', route = nil, http_method = :post) # rubocop:disable Metrics/ParameterLists
           user ||= @user
           route ||= user_sessions_url
 

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = '0.16.1'.freeze
+  VERSION = '0.18.0'.freeze
 end

data/lib/sorcery.rb

@@ -1,6 +1,11 @@
 require 'sorcery/version'
+require 'sorcery/errors'
 
 module Sorcery
+  def self.deprecator
+    @deprecator ||= ActiveSupport::Deprecation.new(nil, 'Sorcery')
+  end
+
   require 'sorcery/model'
 
   module Adapters
@@ -82,7 +87,7 @@ module Sorcery
 
   if defined?(Mongoid::Document)
     require 'sorcery/adapters/mongoid_adapter'
-    Mongoid::Document::ClassMethods.send :include, Sorcery::Model
+    Mongoid::Document::ClassMethods.include Sorcery::Model
 
     Mongoid::Document.send :define_method, :sorcery_adapter do
       @sorcery_adapter ||= Sorcery::Adapters::MongoidAdapter.new(self)