sorcery 0.16.1 → 0.18.0

data/SECURITY.md

@@ -1,19 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-| Version   | Supported          |
-| --------- | ------------------ |
-| ~> 0.16.0 | :white_check_mark: |
-| ~> 0.15.0 | :white_check_mark: |
-| < 0.15.0  | :x:                |
-
-## Reporting a Vulnerability
-
-Email the current maintainer(s) with a description of the vulnerability. You
-should expect a response within 48 hours. If the vulnerability is accepted, a
-Github advisory will be created and eventually released with a CVE corresponding
-to the issue found.
-
-A list of the current maintainers can be found on the README under the contact
-section. See: [README.md](https://github.com/Sorcery/sorcery#contact)

data/gemfiles/rails_52.gemfile

@@ -1,7 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'rails', '~> 5.2.0'
-gem 'rails-controller-testing'
-gem 'sqlite3', '~> 1.3.6'
-
-gemspec path: '..'

data/gemfiles/rails_60.gemfile

@@ -1,7 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'rails', '~> 6.0.0'
-gem 'rails-controller-testing'
-gem 'sqlite3', '~> 1.4'
-
-gemspec path: '..'

data/sorcery.gemspec

@@ -1,49 +0,0 @@
-lib = File.expand_path('lib', __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'sorcery/version'
-
-# rubocop:disable Metrics/BlockLength
-Gem::Specification.new do |s|
-  s.name = 'sorcery'
-  s.version = Sorcery::VERSION
-  s.authors = [
-    'Noam Ben Ari',
-    'Kir Shatrov',
-    'Grzegorz Witek',
-    'Chase Gilliam',
-    'Josh Buker'
-  ]
-  s.email = [
-    'crypto@joshbuker.com'
-  ]
-
-  # TODO: Cleanup formatting.
-  # rubocop:disable Layout/LineLength
-  s.description = 'Provides common authentication needs such as signing in/out, activating by email and resetting password.'
-  s.summary = 'Magical authentication for Rails applications'
-  s.homepage = 'https://github.com/Sorcery/sorcery'
-  s.post_install_message = "As of version 1.0 oauth/oauth2 won't be automatically bundled so you may need to add those dependencies to your Gemfile.\n"
-  s.post_install_message += 'You may need oauth2 if you use external providers such as any of these: https://github.com/Sorcery/sorcery/tree/master/lib/sorcery/providers'
-  # rubocop:enable Layout/LineLength
-
-  s.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
-  s.require_paths = ['lib']
-
-  s.licenses = ['MIT']
-
-  s.required_ruby_version = '>= 2.4.9'
-
-  s.add_dependency 'bcrypt', '~> 3.1'
-  s.add_dependency 'oauth', '~> 0.5', '>= 0.5.5'
-  s.add_dependency 'oauth2', '~> 1.0', '>= 0.8.0'
-
-  s.add_development_dependency 'byebug', '~> 10.0.0'
-  s.add_development_dependency 'rspec-rails', '~> 3.7.0'
-  s.add_development_dependency 'rubocop'
-  s.add_development_dependency 'simplecov', '>= 0.3.8'
-  s.add_development_dependency 'test-unit', '~> 3.2.0'
-  s.add_development_dependency 'timecop'
-  s.add_development_dependency 'webmock', '~> 3.3.0'
-  s.add_development_dependency 'yard', '~> 0.9.0', '>= 0.9.12'
-end
-# rubocop:enable Metrics/BlockLength

data/spec/active_record/user_activation_spec.rb

@@ -1,17 +0,0 @@
-require 'spec_helper'
-
-require 'rails_app/app/mailers/sorcery_mailer'
-require 'shared_examples/user_activation_shared_examples'
-
-describe User, 'with activation submodule', active_record: true do
-  before(:all) do
-    MigrationHelper.migrate("#{Rails.root}/db/migrate/activation")
-    User.reset_column_information
-  end
-
-  after(:all) do
-    MigrationHelper.rollback("#{Rails.root}/db/migrate/activation")
-  end
-
-  it_behaves_like 'rails_3_activation_model'
-end

data/spec/active_record/user_activity_logging_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-require 'shared_examples/user_activity_logging_shared_examples'
-
-describe User, 'with activity logging submodule', active_record: true do
-  before(:all) do
-    MigrationHelper.migrate("#{Rails.root}/db/migrate/activity_logging")
-    User.reset_column_information
-  end
-
-  after(:all) do
-    MigrationHelper.rollback("#{Rails.root}/db/migrate/activity_logging")
-  end
-
-  it_behaves_like 'rails_3_activity_logging_model'
-end

data/spec/active_record/user_brute_force_protection_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-require 'shared_examples/user_brute_force_protection_shared_examples'
-
-describe User, 'with brute_force_protection submodule', active_record: true do
-  before(:all) do
-    MigrationHelper.migrate("#{Rails.root}/db/migrate/brute_force_protection")
-    User.reset_column_information
-  end
-
-  after(:all) do
-    MigrationHelper.rollback("#{Rails.root}/db/migrate/brute_force_protection")
-  end
-
-  it_behaves_like 'rails_3_brute_force_protection_model'
-end

data/spec/active_record/user_magic_login_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-require 'shared_examples/user_magic_login_shared_examples'
-
-describe User, 'with magic_login submodule', active_record: true do
-  before(:all) do
-    MigrationHelper.migrate("#{Rails.root}/db/migrate/magic_login")
-    User.reset_column_information
-  end
-
-  after(:all) do
-    MigrationHelper.rollback("#{Rails.root}/db/migrate/magic_login")
-  end
-
-  it_behaves_like 'magic_login_model'
-end

data/spec/active_record/user_oauth_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-require 'shared_examples/user_oauth_shared_examples'
-
-describe User, 'with oauth submodule', active_record: true do
-  before(:all) do
-    MigrationHelper.migrate("#{Rails.root}/db/migrate/external")
-    User.reset_column_information
-  end
-
-  after(:all) do
-    MigrationHelper.rollback("#{Rails.root}/db/migrate/external")
-  end
-
-  it_behaves_like 'rails_3_oauth_model'
-end

data/spec/active_record/user_remember_me_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-require 'shared_examples/user_remember_me_shared_examples'
-
-describe User, 'with remember_me submodule', active_record: true do
-  before(:all) do
-    MigrationHelper.migrate("#{Rails.root}/db/migrate/remember_me")
-    User.reset_column_information
-  end
-
-  after(:all) do
-    MigrationHelper.rollback("#{Rails.root}/db/migrate/remember_me")
-  end
-
-  it_behaves_like 'rails_3_remember_me_model'
-end

data/spec/active_record/user_reset_password_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-require 'shared_examples/user_reset_password_shared_examples'
-
-describe User, 'with reset_password submodule', active_record: true do
-  before(:all) do
-    MigrationHelper.migrate("#{Rails.root}/db/migrate/reset_password")
-    User.reset_column_information
-  end
-
-  after(:all) do
-    MigrationHelper.rollback("#{Rails.root}/db/migrate/reset_password")
-  end
-
-  it_behaves_like 'rails_3_reset_password_model'
-end

data/spec/active_record/user_spec.rb

@@ -1,27 +0,0 @@
-require 'spec_helper'
-require 'rails_app/app/mailers/sorcery_mailer'
-require 'shared_examples/user_shared_examples'
-
-describe User, 'with no submodules (core)', active_record: true do
-  before(:all) do
-    sorcery_reload!
-  end
-
-  context 'when app has plugin loaded' do
-    it 'responds to the plugin activation class method' do
-      expect(ActiveRecord::Base).to respond_to :authenticates_with_sorcery!
-    end
-
-    it 'User responds to .authenticates_with_sorcery!' do
-      expect(User).to respond_to :authenticates_with_sorcery!
-    end
-  end
-
-  # ----------------- PLUGIN CONFIGURATION -----------------------
-
-  it_should_behave_like 'rails_3_core_model'
-
-  describe 'external users' do
-    it_should_behave_like 'external_user'
-  end
-end

data/spec/controllers/controller_activity_logging_spec.rb

@@ -1,113 +0,0 @@
-require 'spec_helper'
-
-# require 'shared_examples/controller_activity_logging_shared_examples'
-
-describe SorceryController, type: :controller do
-  after(:all) do
-    sorcery_controller_property_set(:register_login_time, true)
-    sorcery_controller_property_set(:register_logout_time, true)
-    sorcery_controller_property_set(:register_last_activity_time, true)
-    # sorcery_controller_property_set(:last_login_from_ip_address_name, true)
-  end
-
-  # ----------------- ACTIVITY LOGGING -----------------------
-  context 'with activity logging features' do
-    let(:adapter) { double('sorcery_adapter') }
-    let(:user) { double('user', id: 42, sorcery_adapter: adapter) }
-
-    before(:all) do
-      sorcery_reload!([:activity_logging])
-    end
-
-    before(:each) do
-      allow(user).to receive(:username)
-      allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
-      allow(User.sorcery_config).to receive(:last_login_at_attribute_name) { :last_login_at }
-      allow(User.sorcery_config).to receive(:last_login_from_ip_address_name) { :last_login_from_ip_address }
-
-      sorcery_controller_property_set(:register_login_time, false)
-      sorcery_controller_property_set(:register_last_ip_address, false)
-      sorcery_controller_property_set(:register_last_activity_time, false)
-    end
-
-    it 'logs login time on login' do
-      now = Time.now.in_time_zone
-      Timecop.freeze(now)
-
-      sorcery_controller_property_set(:register_login_time, true)
-      expect(user).to receive(:set_last_login_at).with(be_within(0.1).of(now))
-      login_user(user)
-
-      Timecop.return
-    end
-
-    it 'logs logout time on logout' do
-      login_user(user)
-      now = Time.now.in_time_zone
-      Timecop.freeze(now)
-      expect(user).to receive(:set_last_logout_at).with(be_within(0.1).of(now))
-
-      logout_user
-
-      Timecop.return
-    end
-
-    it 'logs last activity time when logged in' do
-      sorcery_controller_property_set(:register_last_activity_time, true)
-
-      login_user(user)
-      now = Time.now.in_time_zone
-      Timecop.freeze(now)
-      expect(user).to receive(:set_last_activity_at).with(be_within(0.1).of(now))
-
-      get :some_action
-
-      Timecop.return
-    end
-
-    it 'logs last IP address when logged in' do
-      sorcery_controller_property_set(:register_last_ip_address, true)
-      expect(user).to receive(:set_last_ip_address).with('0.0.0.0')
-
-      login_user(user)
-    end
-
-    it 'updates nothing but activity fields' do
-      pending 'Move to model'
-      original_user_name = User.last.username
-      login_user(user)
-      get :some_action_making_a_non_persisted_change_to_the_user
-
-      expect(User.last.username).to eq original_user_name
-    end
-
-    it 'does not register login time if configured so' do
-      sorcery_controller_property_set(:register_login_time, false)
-
-      expect(user).to receive(:set_last_login_at).never
-      login_user(user)
-    end
-
-    it 'does not register logout time if configured so' do
-      sorcery_controller_property_set(:register_logout_time, false)
-      login_user(user)
-
-      expect(user).to receive(:set_last_logout_at).never
-      logout_user
-    end
-
-    it 'does not register last activity time if configured so' do
-      sorcery_controller_property_set(:register_last_activity_time, false)
-
-      expect(user).to receive(:set_last_activity_at).never
-      login_user(user)
-    end
-
-    it 'does not register last IP address if configured so' do
-      sorcery_controller_property_set(:register_last_ip_address, false)
-      expect(user).to receive(:set_last_ip_address).never
-
-      login_user(user)
-    end
-  end
-end

data/spec/controllers/controller_brute_force_protection_spec.rb

@@ -1,41 +0,0 @@
-require 'spec_helper'
-
-describe SorceryController, type: :controller do
-  let(:user) { double('user', id: 42, email: 'bla@bla.com') }
-
-  def request_test_login
-    get :test_login, params: { email: 'bla@bla.com', password: 'blabla' }
-  end
-
-  # ----------------- SESSION TIMEOUT -----------------------
-  describe 'brute force protection features' do
-    before(:all) do
-      sorcery_reload!([:brute_force_protection])
-    end
-
-    after(:each) do
-      Sorcery::Controller::Config.reset!
-      sorcery_controller_property_set(:user_class, User)
-      Timecop.return
-    end
-
-    it 'counts login retries' do
-      allow(User).to receive(:authenticate) { |&block| block.call(nil, :other) }
-      allow(User.sorcery_adapter).to receive(:find_by_credentials).with(['bla@bla.com', 'blabla']).and_return(user)
-
-      expect(user).to receive(:register_failed_login!).exactly(3).times
-
-      3.times { request_test_login }
-    end
-
-    it 'resets the counter on a good login' do
-      # dirty hack for rails 4
-      allow(@controller).to receive(:register_last_activity_time_to_db)
-
-      allow(User).to receive(:authenticate) { |&block| block.call(user, nil) }
-      expect(user).to receive_message_chain(:sorcery_adapter, :update_attribute).with(:failed_logins_count, 0)
-
-      get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
-    end
-  end
-end

data/spec/controllers/controller_http_basic_auth_spec.rb

@@ -1,67 +0,0 @@
-require 'spec_helper'
-
-describe SorceryController, type: :controller do
-  let(:user) { double('user', id: 42, email: 'bla@bla.com') }
-
-  describe 'with http basic auth features' do
-    before(:all) do
-      sorcery_reload!([:http_basic_auth])
-
-      sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'sorcery')
-    end
-
-    after(:each) do
-      logout_user
-    end
-
-    it 'requests basic authentication when before_action is used' do
-      get :test_http_basic_auth
-
-      expect(response.status).to eq 401
-    end
-
-    it 'authenticates from http basic if credentials are sent' do
-      # dirty hack for rails 4
-      allow(subject).to receive(:register_last_activity_time_to_db)
-
-      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
-      expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
-      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-
-      expect(response).to be_successful
-    end
-
-    it 'fails authentication if credentials are wrong' do
-      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:wrong!")}"
-      expect(User).to receive('authenticate').with('bla@bla.com', 'wrong!').and_return(nil)
-      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-
-      expect(response).to redirect_to root_url
-    end
-
-    it "allows configuration option 'controller_to_realm_map'" do
-      sorcery_controller_property_set(:controller_to_realm_map, '1' => '2')
-
-      expect(Sorcery::Controller::Config.controller_to_realm_map).to eq('1' => '2')
-    end
-
-    it 'displays the correct realm name configured for the controller' do
-      sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'Salad')
-      get :test_http_basic_auth
-
-      expect(response.headers['WWW-Authenticate']).to eq 'Basic realm="Salad"'
-    end
-
-    it "signs in the user's session on successful login" do
-      # dirty hack for rails 4
-      allow(controller).to receive(:register_last_activity_time_to_db)
-
-      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
-      expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
-
-      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-
-      expect(session[:user_id]).to eq '42'
-    end
-  end
-end