sorcery 0.2.1 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. data/README.rdoc +129 -61
  2. data/VERSION +1 -1
  3. data/lib/generators/sorcery_migration/sorcery_migration_generator.rb +24 -0
  4. data/lib/generators/sorcery_migration/templates/activity_logging.rb +17 -0
  5. data/lib/generators/sorcery_migration/templates/brute_force_protection.rb +11 -0
  6. data/lib/generators/sorcery_migration/templates/core.rb +16 -0
  7. data/lib/generators/sorcery_migration/templates/external.rb +14 -0
  8. data/lib/generators/sorcery_migration/templates/remember_me.rb +15 -0
  9. data/lib/generators/sorcery_migration/templates/reset_password.rb +13 -0
  10. data/lib/generators/sorcery_migration/templates/user_activation.rb +17 -0
  11. data/lib/sorcery/controller/adapters/sinatra.rb +97 -0
  12. data/lib/sorcery/controller/submodules/email.rb +44 -0
  13. data/lib/sorcery/controller/submodules/external/protocols/oauth1.rb +35 -0
  14. data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +26 -0
  15. data/lib/sorcery/controller/submodules/{oauth → external}/providers/facebook.rb +24 -6
  16. data/lib/sorcery/controller/submodules/{oauth → external}/providers/twitter.rb +31 -6
  17. data/lib/sorcery/controller/submodules/external.rb +83 -0
  18. data/lib/sorcery/controller/submodules/http_basic_auth.rb +10 -6
  19. data/lib/sorcery/controller/submodules/oauth.rb +6 -3
  20. data/lib/sorcery/controller.rb +5 -3
  21. data/lib/sorcery/model/submodules/activity_logging.rb +1 -1
  22. data/lib/sorcery/model/submodules/brute_force_protection.rb +0 -4
  23. data/lib/sorcery/model/submodules/{oauth.rb → external.rb} +3 -3
  24. data/lib/sorcery/model.rb +9 -6
  25. data/lib/sorcery/sinatra.rb +14 -0
  26. data/lib/sorcery/test_helpers/rails.rb +57 -0
  27. data/lib/sorcery/test_helpers/sinatra.rb +131 -0
  28. data/lib/sorcery/test_helpers.rb +8 -52
  29. data/lib/sorcery.rb +17 -7
  30. data/sorcery.gemspec +86 -10
  31. data/spec/Gemfile +1 -1
  32. data/spec/Gemfile.lock +2 -2
  33. data/spec/rails3/app_root/Gemfile +2 -4
  34. data/spec/rails3/app_root/Gemfile.lock +2 -5
  35. data/spec/rails3/app_root/app/controllers/application_controller.rb +11 -11
  36. data/spec/rails3/app_root/spec/controller_oauth2_spec.rb +15 -13
  37. data/spec/rails3/app_root/spec/controller_oauth_spec.rb +18 -13
  38. data/spec/rails3/app_root/spec/controller_session_timeout_spec.rb +2 -2
  39. data/spec/rails3/app_root/spec/spec_helper.rb +1 -0
  40. data/spec/rails3/app_root/spec/user_oauth_spec.rb +4 -4
  41. data/spec/rails3/app_root/spec/user_spec.rb +2 -2
  42. data/spec/sinatra/Gemfile +12 -0
  43. data/spec/sinatra/Gemfile.lock +134 -0
  44. data/spec/sinatra/Rakefile +10 -0
  45. data/spec/sinatra/authentication.rb +3 -0
  46. data/spec/sinatra/db/migrate/activation/20101224223622_add_activation_to_users.rb +17 -0
  47. data/spec/sinatra/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
  48. data/spec/sinatra/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
  49. data/spec/sinatra/db/migrate/core/20101224223620_create_users.rb +16 -0
  50. data/spec/sinatra/db/migrate/external/20101224223628_create_authentications.rb +14 -0
  51. data/spec/sinatra/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +15 -0
  52. data/spec/sinatra/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
  53. data/spec/sinatra/filters.rb +21 -0
  54. data/spec/sinatra/myapp.rb +133 -0
  55. data/spec/sinatra/sorcery_mailer.rb +25 -0
  56. data/spec/sinatra/spec/controller_activity_logging_spec.rb +85 -0
  57. data/spec/sinatra/spec/controller_brute_force_protection_spec.rb +69 -0
  58. data/spec/sinatra/spec/controller_http_basic_auth_spec.rb +53 -0
  59. data/spec/sinatra/spec/controller_oauth2_spec.rb +119 -0
  60. data/spec/sinatra/spec/controller_oauth_spec.rb +121 -0
  61. data/spec/sinatra/spec/controller_remember_me_spec.rb +64 -0
  62. data/spec/sinatra/spec/controller_session_timeout_spec.rb +52 -0
  63. data/spec/sinatra/spec/controller_spec.rb +120 -0
  64. data/spec/sinatra/spec/spec.opts +4 -0
  65. data/spec/sinatra/spec/spec_helper.rb +44 -0
  66. data/spec/sinatra/spec/user_activation_spec.rb +188 -0
  67. data/spec/sinatra/spec/user_activity_logging_spec.rb +36 -0
  68. data/spec/sinatra/spec/user_brute_force_protection_spec.rb +76 -0
  69. data/spec/sinatra/spec/user_oauth_spec.rb +39 -0
  70. data/spec/sinatra/spec/user_remember_me_spec.rb +66 -0
  71. data/spec/sinatra/spec/user_reset_password_spec.rb +178 -0
  72. data/spec/sinatra/spec/user_spec.rb +317 -0
  73. data/spec/sinatra/user.rb +6 -0
  74. data/spec/sinatra/views/test_login.erb +4 -0
  75. data/spec/untitled folder +18 -0
  76. metadata +85 -9
  77. data/lib/sorcery/controller/submodules/oauth/oauth1.rb +0 -26
  78. data/lib/sorcery/controller/submodules/oauth/oauth2.rb +0 -24
  79. /data/spec/rails3/app_root/db/migrate/{oauth → external}/20101224223628_create_authentications.rb +0 -0
@@ -0,0 +1,134 @@
1
+ PATH
2
+ remote: ../../
3
+ specs:
4
+ sorcery (0.3.1)
5
+ bcrypt-ruby (~> 2.1.4)
6
+ json (>= 1.5.1)
7
+ oauth (>= 0.4.4)
8
+ oauth (>= 0.4.4)
9
+ oauth2 (>= 0.1.1)
10
+ oauth2 (>= 0.1.1)
11
+ rails (>= 3.0.0)
12
+
13
+ GEM
14
+ remote: http://rubygems.org/
15
+ specs:
16
+ abstract (1.0.0)
17
+ actionmailer (3.0.3)
18
+ actionpack (= 3.0.3)
19
+ mail (~> 2.2.9)
20
+ actionpack (3.0.3)
21
+ activemodel (= 3.0.3)
22
+ activesupport (= 3.0.3)
23
+ builder (~> 2.1.2)
24
+ erubis (~> 2.6.6)
25
+ i18n (~> 0.4)
26
+ rack (~> 1.2.1)
27
+ rack-mount (~> 0.6.13)
28
+ rack-test (~> 0.5.6)
29
+ tzinfo (~> 0.3.23)
30
+ activemodel (3.0.3)
31
+ activesupport (= 3.0.3)
32
+ builder (~> 2.1.2)
33
+ i18n (~> 0.4)
34
+ activerecord (3.0.3)
35
+ activemodel (= 3.0.3)
36
+ activesupport (= 3.0.3)
37
+ arel (~> 2.0.2)
38
+ tzinfo (~> 0.3.23)
39
+ activeresource (3.0.3)
40
+ activemodel (= 3.0.3)
41
+ activesupport (= 3.0.3)
42
+ activesupport (3.0.3)
43
+ addressable (2.2.4)
44
+ archive-tar-minitar (0.5.2)
45
+ arel (2.0.7)
46
+ bcrypt-ruby (2.1.4)
47
+ builder (2.1.2)
48
+ columnize (0.3.2)
49
+ diff-lcs (1.1.2)
50
+ erubis (2.6.6)
51
+ abstract (>= 1.0.0)
52
+ faraday (0.5.5)
53
+ addressable (~> 2.2.4)
54
+ multipart-post (~> 1.1.0)
55
+ rack (< 2, >= 1.1.0)
56
+ i18n (0.5.0)
57
+ json (1.5.1)
58
+ linecache19 (0.5.11)
59
+ ruby_core_source (>= 0.1.4)
60
+ mail (2.2.15)
61
+ activesupport (>= 2.3.6)
62
+ i18n (>= 0.4.0)
63
+ mime-types (~> 1.16)
64
+ treetop (~> 1.4.8)
65
+ mime-types (1.16)
66
+ multi_json (0.0.5)
67
+ multipart-post (1.1.0)
68
+ oauth (0.4.4)
69
+ oauth2 (0.1.1)
70
+ faraday (~> 0.5.0)
71
+ multi_json (~> 0.0.4)
72
+ polyglot (0.3.1)
73
+ rack (1.2.1)
74
+ rack-mount (0.6.13)
75
+ rack (>= 1.0.0)
76
+ rack-test (0.5.7)
77
+ rack (>= 1.0)
78
+ rails (3.0.3)
79
+ actionmailer (= 3.0.3)
80
+ actionpack (= 3.0.3)
81
+ activerecord (= 3.0.3)
82
+ activeresource (= 3.0.3)
83
+ activesupport (= 3.0.3)
84
+ bundler (~> 1.0)
85
+ railties (= 3.0.3)
86
+ railties (3.0.3)
87
+ actionpack (= 3.0.3)
88
+ activesupport (= 3.0.3)
89
+ rake (>= 0.8.7)
90
+ thor (~> 0.14.4)
91
+ rake (0.8.7)
92
+ rspec (2.4.0)
93
+ rspec-core (~> 2.4.0)
94
+ rspec-expectations (~> 2.4.0)
95
+ rspec-mocks (~> 2.4.0)
96
+ rspec-core (2.4.0)
97
+ rspec-expectations (2.4.0)
98
+ diff-lcs (~> 1.1.2)
99
+ rspec-mocks (2.4.0)
100
+ ruby-debug-base19 (0.11.24)
101
+ columnize (>= 0.3.1)
102
+ linecache19 (>= 0.5.11)
103
+ ruby_core_source (>= 0.1.4)
104
+ ruby-debug19 (0.11.6)
105
+ columnize (>= 0.3.1)
106
+ linecache19 (>= 0.5.11)
107
+ ruby-debug-base19 (>= 0.11.19)
108
+ ruby_core_source (0.1.4)
109
+ archive-tar-minitar (>= 0.5.2)
110
+ simplecov (0.3.9)
111
+ simplecov-html (>= 0.3.7)
112
+ simplecov-html (0.3.9)
113
+ sinatra (1.2.0)
114
+ rack (~> 1.1)
115
+ tilt (< 2.0, >= 1.2.2)
116
+ spork (0.9.0.rc3)
117
+ sqlite3-ruby (1.3.2)
118
+ thor (0.14.6)
119
+ tilt (1.2.2)
120
+ treetop (1.4.9)
121
+ polyglot (>= 0.3.1)
122
+ tzinfo (0.3.24)
123
+
124
+ PLATFORMS
125
+ ruby
126
+
127
+ DEPENDENCIES
128
+ rspec
129
+ ruby-debug19
130
+ simplecov (>= 0.3.8)
131
+ sinatra (>= 1.2.0)
132
+ sorcery (= 0.3.1)!
133
+ spork (~> 0.9.0.rc)
134
+ sqlite3-ruby
@@ -0,0 +1,10 @@
1
+ require 'rake'
2
+ require 'rspec/core/rake_task'
3
+
4
+ desc 'Default: Run all specs.'
5
+ task :default => :spec
6
+
7
+ desc "Run all specs"
8
+ RSpec::Core::RakeTask.new(:spec) do |t|
9
+ t.pattern = '**/*_spec.rb'
10
+ end
@@ -0,0 +1,3 @@
1
+ class Authentication < ActiveRecord::Base
2
+ belongs_to :user
3
+ end
@@ -0,0 +1,17 @@
1
+ class AddActivationToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :activation_state, :string, :default => nil
4
+ add_column :users, :activation_token, :string, :default => nil
5
+ add_column :users, :activation_token_expires_at, :datetime, :default => nil
6
+
7
+ add_index :users, :activation_token
8
+ end
9
+
10
+ def self.down
11
+ remove_index :users, :activation_token
12
+
13
+ remove_column :users, :activation_token_expires_at
14
+ remove_column :users, :activation_token
15
+ remove_column :users, :activation_state
16
+ end
17
+ end
@@ -0,0 +1,17 @@
1
+ class AddActivityLoggingToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :last_login_at, :datetime, :default => nil
4
+ add_column :users, :last_logout_at, :datetime, :default => nil
5
+ add_column :users, :last_activity_at, :datetime, :default => nil
6
+
7
+ add_index :users, [:last_logout_at, :last_activity_at]
8
+ end
9
+
10
+ def self.down
11
+ remove_index :users, [:last_logout_at, :last_activity_at]
12
+
13
+ remove_column :users, :last_activity_at
14
+ remove_column :users, :last_logout_at
15
+ remove_column :users, :last_login_at
16
+ end
17
+ end
@@ -0,0 +1,11 @@
1
+ class AddBruteForceProtectionToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :failed_logins_count, :integer, :default => 0
4
+ add_column :users, :lock_expires_at, :datetime, :default => nil
5
+ end
6
+
7
+ def self.down
8
+ remove_column :users, :lock_expires_at
9
+ remove_column :users, :failed_logins_count
10
+ end
11
+ end
@@ -0,0 +1,16 @@
1
+ class CreateUsers < ActiveRecord::Migration
2
+ def self.up
3
+ create_table :users do |t|
4
+ t.string :username, :null => false
5
+ t.string :email, :default => nil
6
+ t.string :crypted_password, :default => nil
7
+ t.string :salt, :default => nil
8
+
9
+ t.timestamps
10
+ end
11
+ end
12
+
13
+ def self.down
14
+ drop_table :users
15
+ end
16
+ end
@@ -0,0 +1,14 @@
1
+ class CreateAuthentications < ActiveRecord::Migration
2
+ def self.up
3
+ create_table :authentications do |t|
4
+ t.integer :user_id, :null => false
5
+ t.string :provider, :uid, :null => false
6
+
7
+ t.timestamps
8
+ end
9
+ end
10
+
11
+ def self.down
12
+ drop_table :authentications
13
+ end
14
+ end
@@ -0,0 +1,15 @@
1
+ class AddRememberMeTokenToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :remember_me_token, :string, :default => nil
4
+ add_column :users, :remember_me_token_expires_at, :datetime, :default => nil
5
+
6
+ add_index :users, :remember_me_token
7
+ end
8
+
9
+ def self.down
10
+ remove_index :users, :remember_me_token
11
+
12
+ remove_column :users, :remember_me_token_expires_at
13
+ remove_column :users, :remember_me_token
14
+ end
15
+ end
@@ -0,0 +1,13 @@
1
+ class AddResetPasswordToUsers < ActiveRecord::Migration
2
+ def self.up
3
+ add_column :users, :reset_password_token, :string, :default => nil
4
+ add_column :users, :reset_password_token_expires_at, :datetime, :default => nil
5
+ add_column :users, :reset_password_email_sent_at, :datetime, :default => nil
6
+ end
7
+
8
+ def self.down
9
+ remove_column :users, :reset_password_email_sent_at
10
+ remove_column :users, :reset_password_token_expires_at
11
+ remove_column :users, :reset_password_token
12
+ end
13
+ end
@@ -0,0 +1,21 @@
1
+ # --- before filters
2
+
3
+ ['/test_logout','/some_action','/test_should_be_logged_in'].each do |patt|
4
+ before patt do
5
+ require_login
6
+ end
7
+ end
8
+
9
+ before '/test_http_basic_auth' do
10
+ require_login_from_http_basic
11
+ end
12
+
13
+ # ----- test filters
14
+
15
+ before do
16
+ self.class.sorcery_vars = {}
17
+ end
18
+
19
+ after do
20
+ save_instance_vars
21
+ end
@@ -0,0 +1,133 @@
1
+ require 'sinatra'
2
+ enable :sessions
3
+
4
+ require 'sqlite3'
5
+ require 'active_record'
6
+
7
+ # establish connection
8
+ ActiveRecord::Base.establish_connection(
9
+ :adapter => "sqlite3",
10
+ :database => ":memory:",
11
+ :verbosity => "quiet"
12
+ )
13
+
14
+ require 'action_mailer'
15
+ ActionMailer::Base.delivery_method = :test
16
+ require File.join(File.dirname(__FILE__),'sorcery_mailer')
17
+
18
+ # models
19
+ require File.join(File.dirname(__FILE__),'user')
20
+ require 'sorcery'
21
+
22
+ APP_ROOT = File.dirname(__FILE__)
23
+
24
+ require File.join(File.dirname(__FILE__),'filters')
25
+
26
+ get '/' do
27
+
28
+ end
29
+
30
+ get '/test_login' do
31
+ @user = login(params[:username],params[:password])
32
+ @current_user = current_user
33
+ @logged_in = logged_in?
34
+ erb :test_login
35
+ end
36
+
37
+ get '/test_logout' do
38
+ session[:user_id] = User.first.id
39
+ logout
40
+ @current_user = current_user
41
+ @logged_in = logged_in?
42
+ end
43
+
44
+ get '/test_current_user' do
45
+ session[:user_id] = params[:id]
46
+ current_user
47
+ end
48
+
49
+ get '/some_action' do
50
+ erb ''
51
+ end
52
+
53
+ post '/test_return_to' do
54
+ session[:return_to_url] = params[:return_to_url] if params[:return_to_url]
55
+ @user = login(params[:username], params[:password])
56
+ redirect_back_or_to(:some_action)
57
+ end
58
+
59
+ get '/test_should_be_logged_in' do
60
+ erb ''
61
+ end
62
+
63
+ def test_not_authenticated_action
64
+ halt "test_not_authenticated_action"
65
+ end
66
+
67
+ def not_authenticated2
68
+ @session = session
69
+ save_instance_vars
70
+ redirect '/'
71
+ end
72
+
73
+ # remember me
74
+
75
+ post '/test_login_with_remember' do
76
+ @user = login(params[:username], params[:password])
77
+ remember_me!
78
+ erb ''
79
+ end
80
+
81
+ post '/test_login_with_remember_in_login' do
82
+ @user = login(params[:username], params[:password], params[:remember])
83
+ erb ''
84
+ end
85
+
86
+ get '/test_login_from_cookie' do
87
+ @user = current_user
88
+ erb ''
89
+ end
90
+
91
+ # http_basic
92
+
93
+ get '/test_http_basic_auth' do
94
+ erb "HTTP Basic Auth"
95
+ end
96
+
97
+ # oauth
98
+
99
+ get '/login_at_test' do
100
+ login_at(:twitter)
101
+ end
102
+
103
+ get '/test_login_from' do
104
+ if @user = login_from(:twitter)
105
+ erb "Success!"
106
+ else
107
+ erb "Failed!"
108
+ end
109
+ end
110
+
111
+ # oauth2
112
+
113
+ get '/login_at_test2' do
114
+ login_at(:facebook)
115
+ end
116
+
117
+ get '/test_login_from2' do
118
+ if @user = login_from(:facebook)
119
+ erb "Success!"
120
+ else
121
+ erb "Failed!"
122
+ end
123
+ end
124
+
125
+ get '/test_create_from_provider' do
126
+ provider = params[:provider]
127
+ login_from(provider)
128
+ if @user = create_from(provider)
129
+ erb "Success!"
130
+ else
131
+ erb "Failed!"
132
+ end
133
+ end
@@ -0,0 +1,25 @@
1
+ class SorceryMailer < ActionMailer::Base
2
+
3
+ default :from => "notifications@example.com"
4
+
5
+ def activation_needed_email(user)
6
+ @user = user
7
+ @url = "http://example.com/login"
8
+ mail(:to => user.email,
9
+ :subject => "Welcome to My Awesome Site")
10
+ end
11
+
12
+ def activation_success_email(user)
13
+ @user = user
14
+ @url = "http://example.com/login"
15
+ mail(:to => user.email,
16
+ :subject => "Your account is now activated")
17
+ end
18
+
19
+ def reset_password_email(user)
20
+ @user = user
21
+ @url = "http://example.com/login"
22
+ mail(:to => user.email,
23
+ :subject => "Your password has been reset")
24
+ end
25
+ end
@@ -0,0 +1,85 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe 'MyApp' do
4
+ before(:all) do
5
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activity_logging")
6
+ end
7
+
8
+ after(:all) do
9
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activity_logging")
10
+ end
11
+
12
+ # ----------------- ACTIVITY LOGGING -----------------------
13
+ describe Sinatra::Application, "with activity logging features" do
14
+ before(:all) do
15
+ sorcery_reload!([:activity_logging])
16
+ clear_cookies
17
+ end
18
+
19
+ before(:each) do
20
+ create_new_user
21
+ end
22
+
23
+ after(:each) do
24
+ User.delete_all
25
+ end
26
+
27
+ it "should respond to 'current_users'" do
28
+ get_sinatra_app(subject).should respond_to(:current_users)
29
+ end
30
+
31
+ it "'current_users' should be empty when no users are logged in" do
32
+ get_sinatra_app(subject).current_users.size.should == 0
33
+ end
34
+
35
+ it "should log login time on login" do
36
+ now = Time.now.utc
37
+ get "/test_login", :username => 'gizmo', :password => 'secret'
38
+ User.first.last_login_at.should_not be_nil
39
+ User.first.last_login_at.to_s(:db).should >= now.to_s(:db)
40
+ User.first.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
41
+ end
42
+
43
+ it "should log logout time on logout" do
44
+ get "/test_login", :username => 'gizmo', :password => 'secret'
45
+ now = Time.now.utc
46
+ get "/test_logout"
47
+ User.first.last_logout_at.should_not be_nil
48
+ User.first.last_logout_at.to_s(:db).should >= now.to_s(:db)
49
+ User.first.last_logout_at.to_s(:db).should <= (now+2).to_s(:db)
50
+ end
51
+
52
+ it "should log last activity time when logged in" do
53
+ get "/test_login", :username => 'gizmo', :password => 'secret'
54
+ now = Time.now.utc
55
+ get "/some_action"
56
+ User.first.last_activity_at.to_s.should >= now.to_s(:db)
57
+ User.first.last_activity_at.to_s.should <= (now+2).to_s(:db)
58
+ end
59
+
60
+ it "'current_users' should hold the user object when 1 user is logged in" do
61
+ get "/test_login", :username => 'gizmo', :password => 'secret'
62
+ get "/some_action"
63
+ get_sinatra_app(subject).current_users.size.should == 1
64
+ get_sinatra_app(subject).current_users[0].should == @user
65
+ end
66
+
67
+ it "'current_users' should show all current_users, whether they have logged out before or not." do
68
+ user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
69
+ get "/test_login", :username => 'gizmo1', :password => 'secret1'
70
+ get "/some_action"
71
+ clear_user_without_logout
72
+ user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
73
+ get "/test_login", :username => 'gizmo2', :password => 'secret2'
74
+ get "/some_action"
75
+ clear_user_without_logout
76
+ user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
77
+ get "/test_login", :username => 'gizmo3', :password => 'secret3'
78
+ get "/some_action"
79
+ get_sinatra_app(subject).current_users.size.should == 3
80
+ get_sinatra_app(subject).current_users[0].should == user1
81
+ get_sinatra_app(subject).current_users[1].should == user2
82
+ get_sinatra_app(subject).current_users[2].should == user3
83
+ end
84
+ end
85
+ end
@@ -0,0 +1,69 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe Sinatra::Application do
4
+ before(:all) do
5
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/brute_force_protection")
6
+ end
7
+
8
+ after(:all) do
9
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/brute_force_protection")
10
+ end
11
+
12
+ # ----------------- SESSION TIMEOUT -----------------------
13
+ describe Sinatra::Application, "with brute force protection features" do
14
+ before(:all) do
15
+ sorcery_reload!([:brute_force_protection])
16
+ end
17
+
18
+ before(:each) do
19
+ create_new_user
20
+ end
21
+
22
+ after(:each) do
23
+ Sorcery::Controller::Config.reset!
24
+ sorcery_controller_property_set(:user_class, User)
25
+ User.delete_all
26
+ end
27
+
28
+ it "should count login retries" do
29
+ 3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
30
+ User.find_by_username('gizmo').failed_logins_count.should == 3
31
+ end
32
+
33
+ it "should reset the counter on a good login" do
34
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
35
+ 3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
36
+ get "/test_login", :username => 'gizmo', :password => 'secret'
37
+ User.find_by_username('gizmo').failed_logins_count.should == 0
38
+ end
39
+
40
+ it "should lock user when number of retries reached the limit" do
41
+ User.find_by_username('gizmo').lock_expires_at.should be_nil
42
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
43
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
44
+ User.find_by_username('gizmo').lock_expires_at.should_not be_nil
45
+ end
46
+
47
+ it "should unlock after lock time period passes" do
48
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
49
+ sorcery_model_property_set(:login_lock_time_period, 0.2)
50
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
51
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
52
+ User.find_by_username('gizmo').lock_expires_at.should_not be_nil
53
+ sleep 0.3
54
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
55
+ User.find_by_username('gizmo').lock_expires_at.should be_nil
56
+ end
57
+
58
+ it "should not unlock if time period is 0 (permanent lock)" do
59
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
60
+ sorcery_model_property_set(:login_lock_time_period, 0)
61
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
62
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
63
+ unlock_date = User.find_by_username('gizmo').lock_expires_at
64
+ sleep 1
65
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
66
+ User.find_by_username('gizmo').lock_expires_at.to_s.should == unlock_date.to_s
67
+ end
68
+ end
69
+ end
@@ -0,0 +1,53 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require 'base64'
3
+
4
+ describe Sinatra::Application do
5
+
6
+ # ----------------- HTTP BASIC AUTH -----------------------
7
+ describe Sinatra::Application, "with http basic auth features" do
8
+ before(:all) do
9
+ sorcery_reload!([:http_basic_auth])
10
+ create_new_user
11
+ end
12
+
13
+ after(:each) do
14
+ get "/test_logout"
15
+ end
16
+
17
+ it "requests basic authentication when before_filter is used" do
18
+ session[:http_authentication_used] = nil
19
+ get "/test_http_basic_auth"
20
+ last_response.status.should == 401
21
+ session[:http_authentication_used].should == true
22
+ end
23
+
24
+ it "authenticates from http basic if credentials are sent" do
25
+ session[:http_authentication_used] = true
26
+ get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
27
+ last_response.should be_ok
28
+ end
29
+
30
+ it "fails authentication if credentials are wrong" do
31
+ session[:http_authentication_used] = true
32
+ get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:wrong!")}
33
+ last_response.should redirect_to 'http://example.org/'
34
+ end
35
+
36
+ it "should allow configuration option 'controller_to_realm_map'" do
37
+ sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
38
+ Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
39
+ end
40
+
41
+ it "should display the correct realm name configured for the controller" do
42
+ sorcery_controller_property_set(:controller_to_realm_map, {"application" => "Salad"})
43
+ get "/test_http_basic_auth"
44
+ last_response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
45
+ end
46
+
47
+ it "should sign in the user's session on successful login" do
48
+ session[:http_authentication_used] = true
49
+ get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
50
+ session[:user_id].should == User.find_by_username(@user.username).id
51
+ end
52
+ end
53
+ end