sorcery 0.17.0 → 0.18.0

data/spec/controllers/controller_activity_logging_spec.rb

@@ -1,113 +0,0 @@
-require 'spec_helper'
-
-# require 'shared_examples/controller_activity_logging_shared_examples'
-
-describe SorceryController, type: :controller do
-  after(:all) do
-    sorcery_controller_property_set(:register_login_time, true)
-    sorcery_controller_property_set(:register_logout_time, true)
-    sorcery_controller_property_set(:register_last_activity_time, true)
-    # sorcery_controller_property_set(:last_login_from_ip_address_name, true)
-  end
-
-  # ----------------- ACTIVITY LOGGING -----------------------
-  context 'with activity logging features' do
-    let(:adapter) { double('sorcery_adapter') }
-    let(:user) { double('user', id: 42, sorcery_adapter: adapter) }
-
-    before(:all) do
-      sorcery_reload!([:activity_logging])
-    end
-
-    before(:each) do
-      allow(user).to receive(:username)
-      allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
-      allow(User.sorcery_config).to receive(:last_login_at_attribute_name) { :last_login_at }
-      allow(User.sorcery_config).to receive(:last_login_from_ip_address_name) { :last_login_from_ip_address }
-
-      sorcery_controller_property_set(:register_login_time, false)
-      sorcery_controller_property_set(:register_last_ip_address, false)
-      sorcery_controller_property_set(:register_last_activity_time, false)
-    end
-
-    it 'logs login time on login' do
-      now = Time.now.in_time_zone
-      Timecop.freeze(now)
-
-      sorcery_controller_property_set(:register_login_time, true)
-      expect(user).to receive(:set_last_login_at).with(be_within(0.1).of(now))
-      login_user(user)
-
-      Timecop.return
-    end
-
-    it 'logs logout time on logout' do
-      login_user(user)
-      now = Time.now.in_time_zone
-      Timecop.freeze(now)
-      expect(user).to receive(:set_last_logout_at).with(be_within(0.1).of(now))
-
-      logout_user
-
-      Timecop.return
-    end
-
-    it 'logs last activity time when logged in' do
-      sorcery_controller_property_set(:register_last_activity_time, true)
-
-      login_user(user)
-      now = Time.now.in_time_zone
-      Timecop.freeze(now)
-      expect(user).to receive(:set_last_activity_at).with(be_within(0.1).of(now))
-
-      get :some_action
-
-      Timecop.return
-    end
-
-    it 'logs last IP address when logged in' do
-      sorcery_controller_property_set(:register_last_ip_address, true)
-      expect(user).to receive(:set_last_ip_address).with('0.0.0.0')
-
-      login_user(user)
-    end
-
-    it 'updates nothing but activity fields' do
-      pending 'Move to model'
-      original_user_name = User.last.username
-      login_user(user)
-      get :some_action_making_a_non_persisted_change_to_the_user
-
-      expect(User.last.username).to eq original_user_name
-    end
-
-    it 'does not register login time if configured so' do
-      sorcery_controller_property_set(:register_login_time, false)
-
-      expect(user).to receive(:set_last_login_at).never
-      login_user(user)
-    end
-
-    it 'does not register logout time if configured so' do
-      sorcery_controller_property_set(:register_logout_time, false)
-      login_user(user)
-
-      expect(user).to receive(:set_last_logout_at).never
-      logout_user
-    end
-
-    it 'does not register last activity time if configured so' do
-      sorcery_controller_property_set(:register_last_activity_time, false)
-
-      expect(user).to receive(:set_last_activity_at).never
-      login_user(user)
-    end
-
-    it 'does not register last IP address if configured so' do
-      sorcery_controller_property_set(:register_last_ip_address, false)
-      expect(user).to receive(:set_last_ip_address).never
-
-      login_user(user)
-    end
-  end
-end

data/spec/controllers/controller_brute_force_protection_spec.rb

@@ -1,41 +0,0 @@
-require 'spec_helper'
-
-describe SorceryController, type: :controller do
-  let(:user) { double('user', id: 42, email: 'bla@bla.com') }
-
-  def request_test_login
-    get :test_login, params: { email: 'bla@bla.com', password: 'blabla' }
-  end
-
-  # ----------------- SESSION TIMEOUT -----------------------
-  describe 'brute force protection features' do
-    before(:all) do
-      sorcery_reload!([:brute_force_protection])
-    end
-
-    after(:each) do
-      Sorcery::Controller::Config.reset!
-      sorcery_controller_property_set(:user_class, User)
-      Timecop.return
-    end
-
-    it 'counts login retries' do
-      allow(User).to receive(:authenticate) { |&block| block.call(nil, :other) }
-      allow(User.sorcery_adapter).to receive(:find_by_credentials).with(['bla@bla.com', 'blabla']).and_return(user)
-
-      expect(user).to receive(:register_failed_login!).exactly(3).times
-
-      3.times { request_test_login }
-    end
-
-    it 'resets the counter on a good login' do
-      # dirty hack for rails 4
-      allow(@controller).to receive(:register_last_activity_time_to_db)
-
-      allow(User).to receive(:authenticate) { |&block| block.call(user, nil) }
-      expect(user).to receive_message_chain(:sorcery_adapter, :update_attribute).with(:failed_logins_count, 0)
-
-      get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
-    end
-  end
-end

data/spec/controllers/controller_http_basic_auth_spec.rb

@@ -1,67 +0,0 @@
-require 'spec_helper'
-
-describe SorceryController, type: :controller do
-  let(:user) { double('user', id: 42, email: 'bla@bla.com') }
-
-  describe 'with http basic auth features' do
-    before(:all) do
-      sorcery_reload!([:http_basic_auth])
-
-      sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'sorcery')
-    end
-
-    after(:each) do
-      logout_user
-    end
-
-    it 'requests basic authentication when before_action is used' do
-      get :test_http_basic_auth
-
-      expect(response.status).to eq 401
-    end
-
-    it 'authenticates from http basic if credentials are sent' do
-      # dirty hack for rails 4
-      allow(subject).to receive(:register_last_activity_time_to_db)
-
-      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
-      expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
-      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-
-      expect(response).to be_successful
-    end
-
-    it 'fails authentication if credentials are wrong' do
-      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:wrong!")}"
-      expect(User).to receive('authenticate').with('bla@bla.com', 'wrong!').and_return(nil)
-      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-
-      expect(response).to redirect_to root_url
-    end
-
-    it "allows configuration option 'controller_to_realm_map'" do
-      sorcery_controller_property_set(:controller_to_realm_map, '1' => '2')
-
-      expect(Sorcery::Controller::Config.controller_to_realm_map).to eq('1' => '2')
-    end
-
-    it 'displays the correct realm name configured for the controller' do
-      sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'Salad')
-      get :test_http_basic_auth
-
-      expect(response.headers['WWW-Authenticate']).to eq 'Basic realm="Salad"'
-    end
-
-    it "signs in the user's session on successful login" do
-      # dirty hack for rails 4
-      allow(controller).to receive(:register_last_activity_time_to_db)
-
-      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
-      expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
-
-      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-
-      expect(session[:user_id]).to eq '42'
-    end
-  end
-end