sorcery 0.2.1 → 0.3.0

data/spec/sinatra/sorcery_mailer.rb

@@ -0,0 +1,25 @@
+class SorceryMailer < ActionMailer::Base
+  
+  default :from => "notifications@example.com"
+  
+  def activation_needed_email(user)
+    @user = user
+    @url  = "http://example.com/login"
+    mail(:to => user.email,
+         :subject => "Welcome to My Awesome Site")
+  end
+  
+  def activation_success_email(user)
+    @user = user
+    @url  = "http://example.com/login"
+    mail(:to => user.email,
+         :subject => "Your account is now activated")
+  end
+  
+  def reset_password_email(user)
+    @user = user
+    @url  = "http://example.com/login"
+    mail(:to => user.email,
+         :subject => "Your password has been reset")
+  end
+end

data/spec/sinatra/spec/controller_activity_logging_spec.rb

@@ -0,0 +1,85 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe 'MyApp' do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activity_logging")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activity_logging")
+  end
+  
+  # ----------------- ACTIVITY LOGGING -----------------------
+  describe Sinatra::Application, "with activity logging features" do
+    before(:all) do
+      sorcery_reload!([:activity_logging])
+      clear_cookies
+    end
+
+    before(:each) do
+      create_new_user
+    end
+
+    after(:each) do
+      User.delete_all
+    end
+
+    it "should respond to 'current_users'" do
+      get_sinatra_app(subject).should respond_to(:current_users)
+    end
+
+    it "'current_users' should be empty when no users are logged in" do
+      get_sinatra_app(subject).current_users.size.should == 0
+    end
+
+    it "should log login time on login" do
+      now = Time.now.utc
+      get "/test_login", :username => 'gizmo', :password => 'secret'
+      User.first.last_login_at.should_not be_nil
+      User.first.last_login_at.to_s(:db).should >= now.to_s(:db)
+      User.first.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
+    end
+
+    it "should log logout time on logout" do
+      get "/test_login", :username => 'gizmo', :password => 'secret'
+      now = Time.now.utc
+      get "/test_logout"
+      User.first.last_logout_at.should_not be_nil
+      User.first.last_logout_at.to_s(:db).should >= now.to_s(:db)
+      User.first.last_logout_at.to_s(:db).should <= (now+2).to_s(:db)
+    end
+
+    it "should log last activity time when logged in" do
+      get "/test_login", :username => 'gizmo', :password => 'secret'
+      now = Time.now.utc
+      get "/some_action"
+      User.first.last_activity_at.to_s.should >= now.to_s(:db)
+      User.first.last_activity_at.to_s.should <= (now+2).to_s(:db)
+    end
+
+    it "'current_users' should hold the user object when 1 user is logged in" do
+      get "/test_login", :username => 'gizmo', :password => 'secret'
+      get "/some_action"
+      get_sinatra_app(subject).current_users.size.should == 1
+      get_sinatra_app(subject).current_users[0].should == @user
+    end
+
+    it "'current_users' should show all current_users, whether they have logged out before or not." do
+      user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
+      get "/test_login", :username => 'gizmo1', :password => 'secret1'
+      get "/some_action"
+      clear_user_without_logout
+      user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
+      get "/test_login", :username => 'gizmo2', :password => 'secret2'
+      get "/some_action"
+      clear_user_without_logout
+      user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
+      get "/test_login", :username => 'gizmo3', :password => 'secret3'
+      get "/some_action"
+      get_sinatra_app(subject).current_users.size.should == 3
+      get_sinatra_app(subject).current_users[0].should == user1
+      get_sinatra_app(subject).current_users[1].should == user2
+      get_sinatra_app(subject).current_users[2].should == user3
+    end
+  end
+end

data/spec/sinatra/spec/controller_brute_force_protection_spec.rb

@@ -0,0 +1,69 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Sinatra::Application do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/brute_force_protection")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/brute_force_protection")
+  end
+  
+  # ----------------- SESSION TIMEOUT -----------------------
+  describe Sinatra::Application, "with brute force protection features" do
+    before(:all) do
+      sorcery_reload!([:brute_force_protection])
+    end
+    
+    before(:each) do
+      create_new_user
+    end
+    
+    after(:each) do
+      Sorcery::Controller::Config.reset!
+      sorcery_controller_property_set(:user_class, User)
+      User.delete_all
+    end
+    
+    it "should count login retries" do
+      3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
+      User.find_by_username('gizmo').failed_logins_count.should == 3
+    end
+    
+    it "should reset the counter on a good login" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
+      3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
+      get "/test_login", :username => 'gizmo', :password => 'secret'
+      User.find_by_username('gizmo').failed_logins_count.should == 0
+    end
+    
+    it "should lock user when number of retries reached the limit" do
+      User.find_by_username('gizmo').lock_expires_at.should be_nil
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
+      get "/test_login", :username => 'gizmo', :password => 'blabla'
+      User.find_by_username('gizmo').lock_expires_at.should_not be_nil
+    end
+
+    it "should unlock after lock time period passes" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0.2)
+      get "/test_login", :username => 'gizmo', :password => 'blabla'
+      get "/test_login", :username => 'gizmo', :password => 'blabla'
+      User.find_by_username('gizmo').lock_expires_at.should_not be_nil
+      sleep 0.3
+      get "/test_login", :username => 'gizmo', :password => 'blabla'
+      User.find_by_username('gizmo').lock_expires_at.should be_nil
+    end
+
+    it "should not unlock if time period is 0 (permanent lock)" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0)
+      get "/test_login", :username => 'gizmo', :password => 'blabla'
+      get "/test_login", :username => 'gizmo', :password => 'blabla'
+      unlock_date = User.find_by_username('gizmo').lock_expires_at
+      sleep 1
+      get "/test_login", :username => 'gizmo', :password => 'blabla'
+      User.find_by_username('gizmo').lock_expires_at.to_s.should == unlock_date.to_s
+    end
+  end
+end

data/spec/sinatra/spec/controller_http_basic_auth_spec.rb

@@ -0,0 +1,53 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require 'base64'
+
+describe Sinatra::Application do
+  
+  # ----------------- HTTP BASIC AUTH -----------------------
+  describe Sinatra::Application, "with http basic auth features" do
+    before(:all) do
+      sorcery_reload!([:http_basic_auth])
+      create_new_user
+    end
+    
+    after(:each) do
+      get "/test_logout"
+    end
+    
+    it "requests basic authentication when before_filter is used" do
+      session[:http_authentication_used] = nil
+      get "/test_http_basic_auth"
+      last_response.status.should == 401
+      session[:http_authentication_used].should == true
+    end
+    
+    it "authenticates from http basic if credentials are sent" do
+      session[:http_authentication_used] = true
+      get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
+      last_response.should be_ok
+    end
+    
+    it "fails authentication if credentials are wrong" do
+      session[:http_authentication_used] = true
+      get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:wrong!")}
+      last_response.should redirect_to 'http://example.org/'
+    end
+    
+    it "should allow configuration option 'controller_to_realm_map'" do
+      sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
+      Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
+    end
+    
+    it "should display the correct realm name configured for the controller" do
+      sorcery_controller_property_set(:controller_to_realm_map, {"application" => "Salad"})
+      get "/test_http_basic_auth"
+      last_response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
+    end
+    
+    it "should sign in the user's session on successful login" do
+      session[:http_authentication_used] = true
+      get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
+      session[:user_id].should == User.find_by_username(@user.username).id
+    end
+  end
+end

data/spec/sinatra/spec/controller_oauth2_spec.rb

@@ -0,0 +1,119 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+def stub_all_oauth2_requests!
+  @client = OAuth2::Client.new("key","secret", :site => "http://myapi.com")
+  OAuth2::Client.stub!(:new).and_return(@client)
+  @acc_token = OAuth2::AccessToken.new(@client, "", "asd", nil, {})
+  @webby = @client.web_server
+  OAuth2::Strategy::WebServer.stub!(:new).and_return(@webby)
+  @webby.stub!(:get_access_token).and_return(@acc_token)
+  @acc_token.stub!(:get).and_return({"id"=>"123", "name"=>"Noam Ben Ari", "first_name"=>"Noam", "last_name"=>"Ben Ari", "link"=>"http://www.facebook.com/nbenari1", "hometown"=>{"id"=>"110619208966868", "name"=>"Haifa, Israel"}, "location"=>{"id"=>"106906559341067", "name"=>"Pardes Hanah, Hefa, Israel"}, "bio"=>"I'm a new daddy, and enjoying it!", "gender"=>"male", "email"=>"nbenari@gmail.com", "timezone"=>2, "locale"=>"en_US", "languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}], "verified"=>true, "updated_time"=>"2011-02-16T20:59:38+0000"}.to_json)
+end
+
+describe 'MyApp' do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/oauth")
+    sorcery_reload!([:oauth])
+    sorcery_controller_property_set(:oauth_providers, [:facebook])
+    sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/oauth")
+  end
+  # ----------------- OAuth -----------------------
+  describe Sinatra::Application, "with OAuth features" do
+  
+    before(:each) do
+      stub_all_oauth2_requests!
+    end
+      
+    after(:each) do
+      User.delete_all
+      Authentication.delete_all
+    end
+    
+    it "auth_at_provider redirects correctly" do
+      create_new_user
+      get "/auth_at_provider_test2"
+      last_response.should be_a_redirect
+      last_response.should redirect_to("http://myapi.com/oauth/authorize?client_id=key&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&type=web_server")
+    end
+    
+    it "'login_from_access_token' logins if user exists" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_external_user(:facebook)
+      get "/test_login_from_access_token2"
+      last_response.body.should == "Success!"
+    end
+    
+    it "'login_from_access_token' fails if user doesn't exist" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_user
+      get "/test_login_from_access_token2"
+      last_response.body.should == "Failed!"
+    end
+  end
+  
+  describe Sinatra::Application, "'create_from_provider!'" do
+    before(:each) do
+      stub_all_oauth2_requests!
+      User.delete_all
+      Authentication.delete_all
+    end
+      
+    it "should create a new user" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "name"})
+      lambda do
+        get "/test_create_from_provider", :provider => "facebook"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "Noam Ben Ari"
+    end
+    
+    it "should support nested attributes" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:facebook, :user_info_mapping, {:username => "hometown/name"})
+      lambda do
+        get "/test_create_from_provider", :provider => "facebook"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "Haifa, Israel"
+    end
+  end
+  
+  describe Sinatra::Application, "OAuth with User Activation features" do
+    before(:all) do
+      ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activation")
+      sorcery_reload!([:user_activation,:oauth], :user_activation_mailer => ::SorceryMailer)
+      sorcery_controller_property_set(:oauth_providers, [:facebook])
+      sorcery_controller_oauth_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_oauth_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_oauth_property_set(:facebook, :callback_url, "http://blabla.com")
+    end
+    
+    after(:all) do
+      ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activation")
+    end
+    
+    after(:each) do
+      User.delete_all
+    end
+    
+    it "should not send activation email to external users" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_external_user(:facebook)
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "should not send external users an activation success email" do
+      sorcery_model_property_set(:activation_success_email_method_name, nil)
+      create_new_external_user(:facebook)
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+  end
+  
+end

data/spec/sinatra/spec/controller_oauth_spec.rb

@@ -0,0 +1,121 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require 'ostruct'
+
+def stub_all_oauth_requests!
+  @consumer = OAuth::Consumer.new("key","secret", :site => "http://myapi.com")
+  OAuth::Consumer.stub!(:new).and_return(@consumer)
+  @req_token = OAuth::RequestToken.new(@consumer) # OpenStruct.new() 
+  @consumer.stub!(:get_request_token).and_return(@req_token)
+  @acc_token = OAuth::AccessToken.new(@consumer)
+  @req_token.stub!(:get_access_token).and_return(@acc_token)
+  session[:request_token] = @req_token.token
+  session[:request_token_secret] = @req_token.secret
+  OAuth::RequestToken.stub!(:new).and_return(@req_token)
+  response = OpenStruct.new()
+  response.body = {"following"=>false, "listed_count"=>0, "profile_link_color"=>"0084B4", "profile_image_url"=>"http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg", "description"=>"Programmer/Heavy Metal Fan/New Father", "status"=>{"text"=>"coming soon to sorcery gem: twitter and facebook authentication support.", "truncated"=>false, "favorited"=>false, "source"=>"web", "geo"=>nil, "in_reply_to_screen_name"=>nil, "in_reply_to_user_id"=>nil, "in_reply_to_status_id_str"=>nil, "created_at"=>"Sun Mar 06 23:01:12 +0000 2011", "contributors"=>nil, "place"=>nil, "retweeted"=>false, "in_reply_to_status_id"=>nil, "in_reply_to_user_id_str"=>nil, "coordinates"=>nil, "retweet_count"=>0, "id"=>44533012284706816, "id_str"=>"44533012284706816"}, "show_all_inline_media"=>false, "geo_enabled"=>true, "profile_sidebar_border_color"=>"a8c7f7", "url"=>nil, "followers_count"=>10, "screen_name"=>"nbenari", "profile_use_background_image"=>true, "location"=>"Israel", "statuses_count"=>25, "profile_background_color"=>"022330", "lang"=>"en", "verified"=>false, "notifications"=>false, "profile_background_image_url"=>"http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg", "favourites_count"=>5, "created_at"=>"Fri Nov 20 21:58:19 +0000 2009", "is_translator"=>false, "contributors_enabled"=>false, "protected"=>false, "follow_request_sent"=>false, "time_zone"=>"Greenland", "profile_text_color"=>"333333", "name"=>"Noam Ben Ari", "friends_count"=>10, "profile_sidebar_fill_color"=>"C0DFEC", "id"=>123, "id_str"=>"91434812", "profile_background_tile"=>false, "utc_offset"=>-10800}.to_json
+  @acc_token.stub!(:get).and_return(response)
+end
+
+describe Sinatra::Application do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/oauth")
+    sorcery_reload!([:oauth])
+    sorcery_controller_property_set(:oauth_providers, [:twitter])
+    sorcery_controller_oauth_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_oauth_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_oauth_property_set(:twitter, :callback_url, "http://blabla.com")
+  end
+  
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/oauth")
+  end
+  # ----------------- OAuth -----------------------
+  describe Sinatra::Application, "'login_from_access_token'" do
+  
+    before(:each) do
+      stub_all_oauth_requests!
+    end
+      
+    after(:each) do
+      User.delete_all
+      Authentication.delete_all
+    end
+    
+    it "auth_at_provider redirects correctly" do
+      create_new_user
+      get "/auth_at_provider_test"
+      last_response.should be_a_redirect
+      last_response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+    end
+    
+    it "logins if user exists" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_external_user(:twitter)
+      get '/test_login_from_access_token', :oauth_verifier => "blablaRERASDFcxvSDFA"
+      last_response.body.should == "Success!"
+    end
+    
+    it "'login_from_access_token' fails if user doesn't exist" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      create_new_user
+      get :test_login_from_access_token, :oauth_verifier => "blablaRERASDFcxvSDFA"
+      last_response.body.should == "Failed!"
+    end
+  end
+  
+  describe Sinatra::Application, "'create_from_provider!'" do
+    before(:each) do
+      stub_all_oauth_requests!
+      User.delete_all
+      Authentication.delete_all
+    end
+      
+    it "should create a new user" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "screen_name"})
+      lambda do
+        get :test_create_from_provider, :provider => "twitter"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "nbenari"
+    end
+    
+    it "should support nested attributes" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_oauth_property_set(:twitter, :user_info_mapping, {:username => "status/text"})
+      lambda do
+        get :test_create_from_provider, :provider => "twitter"
+      end.should change(User, :count).by(1)
+      User.first.username.should == "coming soon to sorcery gem: twitter and facebook authentication support."
+    end
+  end
+  
+  describe Sinatra::Application, "OAuth with User Activation features" do
+    before(:all) do
+      ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activation")
+      sorcery_reload!([:user_activation,:oauth], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    after(:all) do
+      ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activation")
+    end
+    
+    after(:each) do
+      User.delete_all
+      Authentication.delete_all
+    end
+    
+    it "should not send activation email to external users" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_external_user(:twitter)
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "should not send external users an activation success email" do
+      sorcery_model_property_set(:activation_success_email_method_name, nil)
+      create_new_external_user(:twitter)
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+  end
+end