sorcery 0.17.0 → 0.18.0

data/spec/controllers/controller_oauth_spec.rb

@@ -1,266 +0,0 @@
-require 'spec_helper'
-
-# require 'shared_examples/controller_oauth_shared_examples'
-require 'ostruct'
-
-def stub_all_oauth_requests!
-  consumer = OAuth::Consumer.new('key', 'secret', site: 'http://myapi.com')
-  req_token = OAuth::RequestToken.new(consumer)
-  acc_token = OAuth::AccessToken.new(consumer)
-
-  response = OpenStruct.new
-  response.body = {
-    'following' => false, 'listed_count' => 0, 'profile_link_color' => '0084B4',
-    'profile_image_url' => 'http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg',
-    'description' => 'Programmer/Heavy Metal Fan/New Father',
-    'status' => {
-      'text' => 'coming soon to sorcery gem: twitter and facebook authentication support.',
-      'truncated' => false, 'favorited' => false, 'source' => 'web', 'geo' => nil,
-      'in_reply_to_screen_name' => nil, 'in_reply_to_user_id' => nil,
-      'in_reply_to_status_id_str' => nil, 'created_at' => 'Sun Mar 06 23:01:12 +0000 2011',
-      'contributors' => nil, 'place' => nil, 'retweeted' => false, 'in_reply_to_status_id' => nil,
-      'in_reply_to_user_id_str' => nil, 'coordinates' => nil, 'retweet_count' => 0,
-      'id' => 44_533_012_284_706_816, 'id_str' => '44533012284706816'
-    },
-    'show_all_inline_media' => false, 'geo_enabled' => true,
-    'profile_sidebar_border_color' => 'a8c7f7', 'url' => nil, 'followers_count' => 10,
-    'screen_name' => 'nbenari', 'profile_use_background_image' => true, 'location' => 'Israel',
-    'statuses_count' => 25, 'profile_background_color' => '022330', 'lang' => 'en',
-    'verified' => false, 'notifications' => false,
-    'profile_background_image_url' => 'http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg',
-    'favourites_count' => 5, 'created_at' => 'Fri Nov 20 21:58:19 +0000 2009',
-    'is_translator' => false, 'contributors_enabled' => false, 'protected' => false,
-    'follow_request_sent' => false, 'time_zone' => 'Greenland', 'profile_text_color' => '333333',
-    'name' => 'Noam Ben Ari', 'friends_count' => 10, 'profile_sidebar_fill_color' => 'C0DFEC',
-    'id' => 123, 'id_str' => '91434812', 'profile_background_tile' => false, 'utc_offset' => -10_800
-  }.to_json
-
-  session[:request_token] = req_token.token
-  session[:request_token_secret] = req_token.secret
-
-  allow(OAuth::Consumer).to receive(:new) { consumer }
-  allow(consumer).to receive(:get_request_token) { req_token }
-  allow(req_token).to receive(:get_access_token) { acc_token }
-  allow(OAuth::RequestToken).to receive(:new) { req_token }
-  allow(acc_token).to receive(:get) { response }
-end
-
-describe SorceryController, type: :controller do
-  let(:user) { double('user', id: 42) }
-
-  before(:all) do
-    sorcery_reload!([:external])
-    sorcery_controller_property_set(:external_providers, %i[twitter jira])
-    sorcery_controller_external_property_set(:twitter, :key, 'eYVNBjBDi33aa9GkA3w')
-    sorcery_controller_external_property_set(:twitter, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
-    sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
-
-    sorcery_controller_external_property_set(:jira, :key, '7810b8e317ebdc81601c72f8daecc0f1')
-    sorcery_controller_external_property_set(:jira, :secret, 'MyAppUsingJira')
-    sorcery_controller_external_property_set(:jira, :site, 'http://jira.mycompany.com/plugins/servlet/oauth')
-    sorcery_controller_external_property_set(:jira, :signature_method, 'RSA-SHA1')
-    sorcery_controller_external_property_set(:jira, :private_key_file, 'myrsakey.pem')
-    sorcery_controller_external_property_set(:jira, :callback_url, 'http://myappusingjira.com/home')
-  end
-
-  # ----------------- OAuth -----------------------
-  describe SorceryController, "'using external API to login'" do
-    before(:each) do
-      stub_all_oauth_requests!
-    end
-
-    context 'when callback_url begin with /' do
-      before do
-        sorcery_controller_external_property_set(:twitter, :callback_url, '/oauth/twitter/callback')
-      end
-      it 'login_at redirects correctly' do
-        get :login_at_test
-        expect(response).to be_a_redirect
-        expect(response).to redirect_to('http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=')
-      end
-      after do
-        sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
-      end
-    end
-
-    context 'when callback_url begin with http://' do
-      before do
-        sorcery_controller_external_property_set(:twitter, :callback_url, '/oauth/twitter/callback')
-      end
-      it 'login_at redirects correctly', pending: true do
-        get :login_at_test
-        expect(response).to be_a_redirect
-        expect(response).to redirect_to('http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=')
-      end
-      after do
-        sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
-      end
-    end
-
-    it 'logins if user exists' do
-      expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
-
-      get :test_login_from, params: { oauth_verifier: 'blablaRERASDFcxvSDFA' }
-      expect(flash[:notice]).to eq 'Success!'
-    end
-
-    it "'login_from' fails if user doesn't exist" do
-      expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(nil)
-
-      get :test_login_from, params: { oauth_verifier: 'blablaRERASDFcxvSDFA' }
-      expect(flash[:alert]).to eq 'Failed!'
-    end
-
-    it "on successful 'login_from' the user is redirected to the url he originally wanted" do
-      expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
-      get :test_return_to_with_external, params: {}, session: { return_to_url: 'fuu' }
-      expect(response).to redirect_to('fuu')
-      expect(flash[:notice]).to eq 'Success!'
-    end
-
-    context 'when jira' do
-      it 'user logins successfully' do
-        get :login_at_test_jira
-        expect(session[:request_token]).not_to be_nil
-        expect(response).to be_a_redirect
-      end
-    end
-  end
-
-  describe SorceryController do
-    describe "using 'create_from'" do
-      before(:each) do
-        stub_all_oauth_requests!
-      end
-
-      it 'creates a new user' do
-        sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'screen_name')
-        expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
-        expect(User).to receive(:create_from_provider).with('twitter', '123', { username: 'nbenari' }).and_return(user)
-
-        get :test_create_from_provider, params: { provider: 'twitter' }
-      end
-
-      it 'supports nested attributes' do
-        sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'status/text')
-        expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
-        expect(User).to receive(:create_from_provider).with('twitter', '123', { username: 'coming soon to sorcery gem: twitter and facebook authentication support.' }).and_return(user)
-
-        get :test_create_from_provider, params: { provider: 'twitter' }
-      end
-
-      it 'does not crash on missing nested attributes' do
-        sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'status/text', created_at: 'does/not/exist')
-        expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
-        expect(User).to receive(:create_from_provider).with('twitter', '123', { username: 'coming soon to sorcery gem: twitter and facebook authentication support.' }).and_return(user)
-
-        get :test_create_from_provider, params: { provider: 'twitter' }
-      end
-
-      it 'binds new provider' do
-        sorcery_model_property_set(:authentications_class, UserProvider)
-
-        allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
-        allow(user).to receive(:username).and_return('bla@bla.com')
-        login_user(user)
-
-        expect(user).to receive(:add_provider_to_user).with('twitter', '123')
-        get :test_add_second_provider, params: { provider: 'twitter' }
-      end
-
-      describe 'with a block' do
-        it 'does not create user' do
-          sorcery_model_property_set(:authentications_class, Authentication)
-          sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'screen_name')
-
-          u = double('user')
-          expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
-          expect(User).to receive(:create_from_provider).with('twitter', '123', { username: 'nbenari' }).and_return(u).and_yield(u)
-
-          get :test_create_from_provider_with_block, params: { provider: 'twitter' }
-        end
-      end
-    end
-  end
-
-  describe SorceryController, 'OAuth with user activation features' do
-    before(:all) do
-      sorcery_reload!(%i[activity_logging external])
-    end
-
-    context 'when twitter' do
-      before(:each) do
-        sorcery_controller_property_set(:register_login_time, true)
-        sorcery_controller_property_set(:register_logout_time, false)
-        sorcery_controller_property_set(:register_last_activity_time, false)
-        sorcery_controller_property_set(:register_last_ip_address, false)
-        stub_all_oauth_requests!
-      end
-
-      it 'registers login time' do
-        now = Time.now.in_time_zone
-        Timecop.freeze(now)
-        expect(User).to receive(:load_from_provider).and_return(user)
-        expect(user).to receive(:set_last_login_at).with(be_within(0.1).of(now))
-        get :test_login_from
-        Timecop.return
-      end
-
-      it 'does not register login time if configured so' do
-        sorcery_controller_property_set(:register_login_time, false)
-        now = Time.now.in_time_zone
-        Timecop.freeze(now)
-        expect(User).to receive(:load_from_provider).and_return(user)
-        expect(user).to receive(:set_last_login_at).never
-        get :test_login_from
-        Timecop.return
-      end
-    end
-  end
-
-  describe SorceryController, 'OAuth with session timeout features' do
-    before(:all) do
-      if SORCERY_ORM == :active_record
-        MigrationHelper.migrate("#{Rails.root}/db/migrate/external")
-        User.reset_column_information
-      end
-
-      sorcery_reload!(%i[session_timeout external])
-    end
-
-    after(:all) do
-      if SORCERY_ORM == :active_record
-        MigrationHelper.rollback("#{Rails.root}/db/migrate/external")
-      end
-    end
-
-    context 'when twitter' do
-      before(:each) do
-        sorcery_model_property_set(:authentications_class, Authentication)
-        sorcery_controller_property_set(:session_timeout, 0.5)
-        stub_all_oauth_requests!
-      end
-
-      after(:each) do
-        Timecop.return
-      end
-
-      it 'does not reset session before session timeout' do
-        expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
-        get :test_login_from
-
-        expect(session[:user_id]).not_to be_nil
-        expect(flash[:notice]).to eq 'Success!'
-      end
-
-      it 'resets session after session timeout' do
-        get :test_login_from
-        Timecop.travel(Time.now.in_time_zone + 0.6)
-        get :test_should_be_logged_in
-
-        expect(session[:user_id]).to be_nil
-        expect(response).to be_a_redirect
-      end
-    end
-  end
-end

data/spec/controllers/controller_remember_me_spec.rb

@@ -1,130 +0,0 @@
-require 'spec_helper'
-
-describe SorceryController, type: :controller do
-  let!(:user) { double('user', id: 42) }
-
-  # ----------------- REMEMBER ME -----------------------
-  context 'with remember me features' do
-    before(:all) do
-      if SORCERY_ORM == :active_record
-        MigrationHelper.migrate("#{Rails.root}/db/migrate/remember_me")
-        User.reset_column_information
-      end
-
-      sorcery_reload!([:remember_me])
-    end
-
-    after(:all) do
-      if SORCERY_ORM == :active_record
-        MigrationHelper.rollback("#{Rails.root}/db/migrate/remember_me")
-      end
-    end
-
-    before(:each) do
-      allow(user).to receive(:remember_me_token)
-      allow(user).to receive(:remember_me_token_expires_at)
-      allow(user).to receive_message_chain(:sorcery_config, :remember_me_token_attribute_name).and_return(:remember_me_token)
-      allow(user).to receive_message_chain(:sorcery_config, :remember_me_token_expires_at_attribute_name).and_return(:remember_me_token_expires_at)
-    end
-
-    it 'sets cookie on remember_me!' do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
-      expect(user).to receive(:remember_me!)
-
-      post :test_login_with_remember, params: { email: 'bla@bla.com', password: 'secret' }
-
-      expect(cookies.signed['remember_me_token']).to eq assigns[:current_user].remember_me_token
-    end
-
-    it 'clears cookie on forget_me!' do
-      request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
-      get :test_logout_with_forget_me
-
-      expect(response.cookies[:remember_me_token]).to be_nil
-    end
-
-    it 'clears cookie on force_forget_me!' do
-      request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
-      get :test_logout_with_force_forget_me
-
-      expect(response.cookies[:remember_me_token]).to be_nil
-    end
-
-    it 'login(email,password,remember_me) logs user in and remembers' do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret', '1') { |&block| block.call(user, nil) }
-      expect(user).to receive(:remember_me!)
-      expect(user).to receive(:remember_me_token).and_return('abracadabra').twice
-
-      post :test_login_with_remember_in_login, params: { email: 'bla@bla.com', password: 'secret', remember: '1' }
-
-      expect(cookies.signed['remember_me_token']).not_to be_nil
-      expect(cookies.signed['remember_me_token']).to eq assigns[:user].remember_me_token
-    end
-
-    it 'logout also calls forget_me!' do
-      session[:user_id] = user.id.to_s
-      expect(User.sorcery_adapter).to receive(:find_by_id).with(user.id.to_s).and_return(user)
-      expect(user).to receive(:remember_me!)
-      expect(user).to receive(:forget_me!)
-      get :test_logout_with_remember
-
-      expect(cookies['remember_me_token']).to be_nil
-    end
-
-    it 'logs user in from cookie' do
-      session[:user_id] = user.id.to_s
-      expect(User.sorcery_adapter).to receive(:find_by_id).with(user.id.to_s).and_return(user)
-      expect(user).to receive(:remember_me!)
-      expect(user).to receive(:remember_me_token).and_return('token').twice
-      expect(user).to receive(:has_remember_me_token?) { true }
-
-      subject.remember_me!
-      subject.instance_eval do
-        remove_instance_variable :@current_user
-      end
-      session[:user_id] = nil
-
-      expect(User.sorcery_adapter).to receive(:find_by_remember_me_token).with('token').and_return(user)
-
-      expect(subject).to receive(:after_remember_me!).with(user)
-
-      get :test_login_from_cookie
-
-      expect(assigns[:current_user]).to eq user
-    end
-
-    it 'doest not remember_me! when not asked to, even if third parameter is used' do
-      post :test_login_with_remember_in_login, params: { email: 'bla@bla.com', password: 'secret', remember: '0' }
-
-      expect(cookies['remember_me_token']).to be_nil
-    end
-
-    it 'doest not remember_me! when not asked to' do
-      post :test_login, params: { email: 'bla@bla.com', password: 'secret' }
-      expect(cookies['remember_me_token']).to be_nil
-    end
-
-    # --- login_user(user) ---
-    specify { expect(@controller).to respond_to :auto_login }
-
-    it 'auto_login(user) logs in an user instance without remembering' do
-      session[:user_id] = nil
-      subject.auto_login(user)
-      get :test_login_from_cookie
-
-      expect(assigns[:current_user]).to eq user
-      expect(cookies['remember_me_token']).to be_nil
-    end
-
-    it 'auto_login(user, true) logs in an user instance with remembering' do
-      session[:user_id] = nil
-      expect(user).to receive(:remember_me!)
-      subject.auto_login(user, true)
-
-      get :test_login_from_cookie
-
-      expect(assigns[:current_user]).to eq user
-      expect(cookies['remember_me_token']).not_to be_nil
-    end
-  end
-end

data/spec/controllers/controller_session_timeout_spec.rb

@@ -1,168 +0,0 @@
-require 'spec_helper'
-
-describe SorceryController, type: :controller do
-  let!(:user) { double('user', id: 42) }
-
-  # ----------------- SESSION TIMEOUT -----------------------
-  context 'with session timeout features' do
-    before(:all) do
-      sorcery_reload!([:session_timeout])
-      sorcery_controller_property_set(:session_timeout, 0.5)
-    end
-
-    after(:each) do
-      Timecop.return
-    end
-
-    before(:each) do
-      allow(user).to receive(:username)
-      allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
-    end
-
-    it 'does not reset session before session timeout' do
-      login_user user
-      get :test_should_be_logged_in
-
-      expect(session[:user_id]).not_to be_nil
-      expect(response).to be_successful
-    end
-
-    it 'resets session after session timeout' do
-      login_user user
-      Timecop.travel(Time.now.in_time_zone + 0.6)
-      get :test_should_be_logged_in
-
-      expect(session[:user_id]).to be_nil
-      expect(response).to be_a_redirect
-    end
-
-    context "with 'invalidate_active_sessions_enabled'" do
-      it 'does not reset the session if invalidate_sessions_before is nil' do
-        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
-        login_user user
-        allow(user).to receive(:invalidate_sessions_before) { nil }
-
-        get :test_should_be_logged_in
-
-        expect(session[:user_id]).not_to be_nil
-        expect(response).to be_successful
-      end
-
-      it 'does not reset the session if it was not created before invalidate_sessions_before' do
-        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
-        login_user user
-        allow(user).to receive(:invalidate_sessions_before) { Time.now.in_time_zone - 10.minutes }
-
-        get :test_should_be_logged_in
-
-        expect(session[:user_id]).not_to be_nil
-        expect(response).to be_successful
-      end
-
-      it 'resets the session if the session was created before invalidate_sessions_before' do
-        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
-        login_user user
-        allow(user).to receive(:invalidate_sessions_before) { Time.now.in_time_zone }
-        get :test_should_be_logged_in
-
-        expect(session[:user_id]).to be_nil
-        expect(response).to be_a_redirect
-      end
-
-      it 'resets active sessions on next action if invalidate_active_sessions! is called' do
-        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
-        # precondition that the user is logged in
-        login_user user
-        get :test_should_be_logged_in
-        expect(response).to be_successful
-
-        allow(user).to receive(:send) { |_method, value| allow(user).to receive(:invalidate_sessions_before) { value } }
-        allow(user).to receive(:save)
-        get :test_invalidate_active_session
-        expect(response).to be_successful
-
-        get :test_should_be_logged_in
-        expect(session[:user_id]).to be_nil
-        expect(response).to be_a_redirect
-      end
-
-      it 'allows login after invalidate_active_sessions! is called' do
-        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
-        # precondition that the user is logged in
-        login_user user
-        get :test_should_be_logged_in
-        expect(response).to be_successful
-
-        allow(user).to receive(:send) { |_method, value| allow(user).to receive(:invalidate_sessions_before) { value } }
-        allow(user).to receive(:save)
-        # Call to invalidate
-        get :test_invalidate_active_session
-        expect(response).to be_successful
-
-        # Check that existing sessions were logged out
-        get :test_should_be_logged_in
-        expect(session[:user_id]).to be_nil
-        expect(response).to be_a_redirect
-
-        # Check that new session is allowed to login
-        login_user user
-        get :test_should_be_logged_in
-        expect(response).to be_successful
-        expect(session[:user_id]).not_to be_nil
-
-        # Check an additional request to make sure not logged out on next request
-        get :test_should_be_logged_in
-        expect(response).to be_successful
-        expect(session[:user_id]).not_to be_nil
-      end
-    end
-
-    it 'works if the session is stored as a string or a Time' do
-      session[:login_time] = Time.now.to_s
-      # TODO: ???
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
-
-      get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
-
-      expect(session[:user_id]).not_to be_nil
-      expect(response).to be_successful
-    end
-
-    context "with 'session_timeout_from_last_action'" do
-      before { create_new_user }
-      after { User.delete_all }
-
-      it 'does not logout if there was activity' do
-        sorcery_controller_property_set(:session_timeout_from_last_action, true)
-
-        get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
-        Timecop.travel(Time.now.in_time_zone + 0.3)
-        get :test_should_be_logged_in
-
-        expect(session[:user_id]).not_to be_nil
-
-        Timecop.travel(Time.now.in_time_zone + 0.3)
-        get :test_should_be_logged_in
-
-        expect(session[:user_id]).not_to be_nil
-        expect(response).to be_successful
-      end
-
-      it "with 'session_timeout_from_last_action' logs out if there was no activity" do
-        sorcery_controller_property_set(:session_timeout_from_last_action, true)
-        get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
-        Timecop.travel(Time.now.in_time_zone + 0.6)
-        get :test_should_be_logged_in
-
-        expect(session[:user_id]).to be_nil
-        expect(response).to be_a_redirect
-      end
-    end
-
-    it 'registers login time on remember_me callback' do
-      expect(subject).to receive(:register_login_time).with(user)
-
-      subject.send(:after_remember_me!, user)
-    end
-  end
-end