sorcery 0.2.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (163) hide show
  1. data/Gemfile +3 -2
  2. data/Gemfile.lock +13 -11
  3. data/README.rdoc +157 -61
  4. data/Rakefile +4 -4
  5. data/VERSION +1 -1
  6. data/lib/generators/sorcery_migration/sorcery_migration_generator.rb +24 -0
  7. data/lib/generators/sorcery_migration/templates/activity_logging.rb +17 -0
  8. data/lib/generators/sorcery_migration/templates/brute_force_protection.rb +11 -0
  9. data/lib/generators/sorcery_migration/templates/core.rb +16 -0
  10. data/lib/generators/sorcery_migration/templates/external.rb +14 -0
  11. data/lib/generators/sorcery_migration/templates/remember_me.rb +15 -0
  12. data/lib/generators/sorcery_migration/templates/reset_password.rb +13 -0
  13. data/lib/generators/sorcery_migration/templates/user_activation.rb +17 -0
  14. data/lib/sorcery/controller/adapters/sinatra.rb +97 -0
  15. data/lib/sorcery/controller/submodules/external/protocols/oauth1.rb +35 -0
  16. data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +26 -0
  17. data/lib/sorcery/controller/submodules/{oauth → external}/providers/facebook.rb +24 -6
  18. data/lib/sorcery/controller/submodules/{oauth → external}/providers/twitter.rb +31 -6
  19. data/lib/sorcery/controller/submodules/{oauth.rb → external.rb} +18 -27
  20. data/lib/sorcery/controller/submodules/http_basic_auth.rb +11 -7
  21. data/lib/sorcery/controller.rb +21 -21
  22. data/lib/sorcery/crypto_providers/bcrypt.rb +3 -5
  23. data/lib/sorcery/crypto_providers/common.rb +35 -0
  24. data/lib/sorcery/crypto_providers/md5.rb +3 -23
  25. data/lib/sorcery/crypto_providers/sha1.rb +4 -16
  26. data/lib/sorcery/crypto_providers/sha256.rb +3 -23
  27. data/lib/sorcery/crypto_providers/sha512.rb +3 -23
  28. data/lib/sorcery/engine.rb +4 -0
  29. data/lib/sorcery/initializers/initializer.rb +86 -0
  30. data/lib/sorcery/model/submodules/activity_logging.rb +2 -2
  31. data/lib/sorcery/model/submodules/brute_force_protection.rb +1 -5
  32. data/lib/sorcery/model/submodules/{oauth.rb → external.rb} +3 -3
  33. data/lib/sorcery/model/submodules/reset_password.rb +1 -1
  34. data/lib/sorcery/model.rb +34 -9
  35. data/lib/sorcery/railties/tasks.rake +10 -0
  36. data/lib/sorcery/sinatra.rb +5 -0
  37. data/lib/sorcery/test_helpers/internal/rails.rb +52 -0
  38. data/lib/sorcery/test_helpers/internal/sinatra.rb +122 -0
  39. data/lib/sorcery/test_helpers/internal.rb +55 -0
  40. data/lib/sorcery/test_helpers/rails.rb +16 -0
  41. data/lib/sorcery/test_helpers/sinatra.rb +85 -0
  42. data/lib/sorcery/test_helpers.rb +0 -79
  43. data/lib/sorcery.rb +25 -7
  44. data/sorcery.gemspec +207 -137
  45. data/spec/Gemfile +2 -2
  46. data/spec/Gemfile.lock +20 -12
  47. data/spec/Rakefile +1 -0
  48. data/spec/rails3/.rspec +1 -1
  49. data/spec/rails3/{app_root/Gemfile → Gemfile} +5 -7
  50. data/spec/rails3/{app_root/Gemfile.lock → Gemfile.lock} +20 -23
  51. data/spec/rails3/{app_root/Rakefile → Rakefile} +1 -0
  52. data/spec/rails3/{app_root/app → app}/controllers/application_controller.rb +11 -11
  53. data/spec/rails3/config/database.yml +27 -0
  54. data/spec/rails3/{app_root/spec → spec}/controller_activity_logging_spec.rb +2 -4
  55. data/spec/rails3/{app_root/spec → spec}/controller_brute_force_protection_spec.rb +3 -2
  56. data/spec/rails3/{app_root/spec → spec}/controller_oauth2_spec.rb +25 -22
  57. data/spec/rails3/{app_root/spec → spec}/controller_oauth_spec.rb +24 -19
  58. data/spec/rails3/spec/controller_session_timeout_spec.rb +55 -0
  59. data/spec/rails3/{app_root/spec → spec}/controller_spec.rb +6 -16
  60. data/spec/rails3/spec/spec.opts +2 -0
  61. data/spec/rails3/spec/spec_helper.rb +70 -0
  62. data/spec/rails3/{app_root/spec → spec}/user_activation_spec.rb +7 -13
  63. data/spec/rails3/{app_root/spec → spec}/user_brute_force_protection_spec.rb +2 -30
  64. data/spec/rails3/{app_root/spec → spec}/user_oauth_spec.rb +7 -7
  65. data/spec/rails3/{app_root/spec → spec}/user_remember_me_spec.rb +3 -11
  66. data/spec/rails3/{app_root/spec → spec}/user_reset_password_spec.rb +20 -17
  67. data/spec/rails3/{app_root/spec → spec}/user_spec.rb +21 -11
  68. data/spec/sinatra/Gemfile +12 -0
  69. data/spec/sinatra/Gemfile.lock +134 -0
  70. data/spec/sinatra/Rakefile +11 -0
  71. data/spec/sinatra/authentication.rb +3 -0
  72. data/spec/sinatra/db/migrate/activation/20101224223622_add_activation_to_users.rb +17 -0
  73. data/spec/sinatra/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
  74. data/spec/sinatra/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
  75. data/spec/sinatra/db/migrate/core/20101224223620_create_users.rb +16 -0
  76. data/spec/sinatra/db/migrate/external/20101224223628_create_authentications.rb +14 -0
  77. data/spec/sinatra/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +15 -0
  78. data/spec/sinatra/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
  79. data/spec/sinatra/filters.rb +21 -0
  80. data/spec/sinatra/myapp.rb +133 -0
  81. data/spec/sinatra/sorcery_mailer.rb +25 -0
  82. data/spec/sinatra/spec/controller_activity_logging_spec.rb +85 -0
  83. data/spec/sinatra/spec/controller_brute_force_protection_spec.rb +70 -0
  84. data/spec/sinatra/spec/controller_http_basic_auth_spec.rb +53 -0
  85. data/spec/sinatra/spec/controller_oauth2_spec.rb +120 -0
  86. data/spec/sinatra/spec/controller_oauth_spec.rb +121 -0
  87. data/spec/sinatra/spec/controller_remember_me_spec.rb +64 -0
  88. data/spec/sinatra/spec/controller_session_timeout_spec.rb +57 -0
  89. data/spec/sinatra/spec/controller_spec.rb +120 -0
  90. data/spec/sinatra/spec/spec.opts +2 -0
  91. data/spec/sinatra/spec/spec_helper.rb +46 -0
  92. data/spec/sinatra/user.rb +6 -0
  93. data/spec/sinatra/views/test_login.erb +4 -0
  94. data/spec/sorcery_crypto_providers_spec.rb +5 -4
  95. data/spec/spec.opts +2 -0
  96. data/spec/spec_helper.rb +3 -4
  97. data/spec/untitled folder +18 -0
  98. metadata +217 -139
  99. data/lib/sorcery/controller/submodules/oauth/oauth1.rb +0 -26
  100. data/lib/sorcery/controller/submodules/oauth/oauth2.rb +0 -24
  101. data/spec/rails3/app_root/.rspec +0 -1
  102. data/spec/rails3/app_root/config/database.yml +0 -27
  103. data/spec/rails3/app_root/spec/controller_session_timeout_spec.rb +0 -50
  104. data/spec/rails3/app_root/spec/spec_helper.rb +0 -61
  105. /data/spec/rails3/{app_root/.gitignore → .gitignore} +0 -0
  106. /data/spec/rails3/{app_root/README → README} +0 -0
  107. /data/spec/rails3/{app_root/Rakefile.unused → Rakefile.unused} +0 -0
  108. /data/spec/rails3/{app_root/app → app}/helpers/application_helper.rb +0 -0
  109. /data/spec/rails3/{app_root/app → app}/mailers/sorcery_mailer.rb +0 -0
  110. /data/spec/rails3/{app_root/app → app}/models/authentication.rb +0 -0
  111. /data/spec/rails3/{app_root/app → app}/models/user.rb +0 -0
  112. /data/spec/rails3/{app_root/app → app}/views/layouts/application.html.erb +0 -0
  113. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_email.html.erb +0 -0
  114. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_email.text.erb +0 -0
  115. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_success_email.html.erb +0 -0
  116. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_success_email.text.erb +0 -0
  117. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/reset_password_email.html.erb +0 -0
  118. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/reset_password_email.text.erb +0 -0
  119. /data/spec/rails3/{app_root/config → config}/application.rb +0 -0
  120. /data/spec/rails3/{app_root/config → config}/boot.rb +0 -0
  121. /data/spec/rails3/{app_root/config → config}/environment.rb +0 -0
  122. /data/spec/rails3/{app_root/config → config}/environments/development.rb +0 -0
  123. /data/spec/rails3/{app_root/config → config}/environments/in_memory.rb +0 -0
  124. /data/spec/rails3/{app_root/config → config}/environments/production.rb +0 -0
  125. /data/spec/rails3/{app_root/config → config}/environments/test.rb +0 -0
  126. /data/spec/rails3/{app_root/config → config}/initializers/backtrace_silencers.rb +0 -0
  127. /data/spec/rails3/{app_root/config → config}/initializers/inflections.rb +0 -0
  128. /data/spec/rails3/{app_root/config → config}/initializers/mime_types.rb +0 -0
  129. /data/spec/rails3/{app_root/config → config}/initializers/secret_token.rb +0 -0
  130. /data/spec/rails3/{app_root/config → config}/initializers/session_store.rb +0 -0
  131. /data/spec/rails3/{app_root/config → config}/locales/en.yml +0 -0
  132. /data/spec/rails3/{app_root/config → config}/routes.rb +0 -0
  133. /data/spec/rails3/{app_root/config.ru → config.ru} +0 -0
  134. /data/spec/rails3/{app_root/db → db}/migrate/activation/20101224223622_add_activation_to_users.rb +0 -0
  135. /data/spec/rails3/{app_root/db → db}/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +0 -0
  136. /data/spec/rails3/{app_root/db → db}/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +0 -0
  137. /data/spec/rails3/{app_root/db → db}/migrate/core/20101224223620_create_users.rb +0 -0
  138. /data/spec/rails3/{app_root/db/migrate/oauth → db/migrate/external}/20101224223628_create_authentications.rb +0 -0
  139. /data/spec/rails3/{app_root/db → db}/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +0 -0
  140. /data/spec/rails3/{app_root/db → db}/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +0 -0
  141. /data/spec/rails3/{app_root/db → db}/schema.rb +0 -0
  142. /data/spec/rails3/{app_root/db → db}/seeds.rb +0 -0
  143. /data/spec/rails3/{app_root/lib → lib}/tasks/.gitkeep +0 -0
  144. /data/spec/rails3/{app_root/public → public}/404.html +0 -0
  145. /data/spec/rails3/{app_root/public → public}/422.html +0 -0
  146. /data/spec/rails3/{app_root/public → public}/500.html +0 -0
  147. /data/spec/rails3/{app_root/public → public}/favicon.ico +0 -0
  148. /data/spec/rails3/{app_root/public → public}/images/rails.png +0 -0
  149. /data/spec/rails3/{app_root/public → public}/index.html +0 -0
  150. /data/spec/rails3/{app_root/public → public}/javascripts/application.js +0 -0
  151. /data/spec/rails3/{app_root/public → public}/javascripts/controls.js +0 -0
  152. /data/spec/rails3/{app_root/public → public}/javascripts/dragdrop.js +0 -0
  153. /data/spec/rails3/{app_root/public → public}/javascripts/effects.js +0 -0
  154. /data/spec/rails3/{app_root/public → public}/javascripts/prototype.js +0 -0
  155. /data/spec/rails3/{app_root/public → public}/javascripts/rails.js +0 -0
  156. /data/spec/rails3/{app_root/public → public}/robots.txt +0 -0
  157. /data/spec/rails3/{app_root/public → public}/stylesheets/.gitkeep +0 -0
  158. /data/spec/rails3/{app_root/script → script}/rails +0 -0
  159. /data/spec/rails3/{app_root/spec → spec}/controller_http_basic_auth_spec.rb +0 -0
  160. /data/spec/rails3/{app_root/spec → spec}/controller_remember_me_spec.rb +0 -0
  161. /data/spec/rails3/{app_root/spec → spec}/spec_helper.orig.rb +0 -0
  162. /data/spec/rails3/{app_root/spec → spec}/user_activity_logging_spec.rb +0 -0
  163. /data/spec/rails3/{app_root/vendor → vendor}/plugins/.gitkeep +0 -0
@@ -0,0 +1,133 @@
1
+ require 'sinatra'
2
+ enable :sessions
3
+
4
+ require 'sqlite3'
5
+ require 'active_record'
6
+
7
+ # establish connection
8
+ ActiveRecord::Base.establish_connection(
9
+ :adapter => "sqlite3",
10
+ :database => ":memory:",
11
+ :verbosity => "quiet"
12
+ )
13
+
14
+ require 'action_mailer'
15
+ ActionMailer::Base.delivery_method = :test
16
+ require File.join(File.dirname(__FILE__),'sorcery_mailer')
17
+
18
+ # models
19
+ require File.join(File.dirname(__FILE__),'user')
20
+ require 'sorcery'
21
+
22
+ APP_ROOT = File.dirname(__FILE__)
23
+
24
+ require File.join(File.dirname(__FILE__),'filters')
25
+
26
+ get '/' do
27
+
28
+ end
29
+
30
+ get '/test_login' do
31
+ @user = login(params[:username],params[:password])
32
+ @current_user = current_user
33
+ @logged_in = logged_in?
34
+ erb :test_login
35
+ end
36
+
37
+ get '/test_logout' do
38
+ session[:user_id] = User.first.id
39
+ logout
40
+ @current_user = current_user
41
+ @logged_in = logged_in?
42
+ end
43
+
44
+ get '/test_current_user' do
45
+ session[:user_id] = params[:id]
46
+ current_user
47
+ end
48
+
49
+ get '/some_action' do
50
+ erb ''
51
+ end
52
+
53
+ post '/test_return_to' do
54
+ session[:return_to_url] = params[:return_to_url] if params[:return_to_url]
55
+ @user = login(params[:username], params[:password])
56
+ redirect_back_or_to(:some_action)
57
+ end
58
+
59
+ get '/test_should_be_logged_in' do
60
+ erb ''
61
+ end
62
+
63
+ def test_not_authenticated_action
64
+ halt "test_not_authenticated_action"
65
+ end
66
+
67
+ def not_authenticated2
68
+ @session = session
69
+ save_instance_vars
70
+ redirect '/'
71
+ end
72
+
73
+ # remember me
74
+
75
+ post '/test_login_with_remember' do
76
+ @user = login(params[:username], params[:password])
77
+ remember_me!
78
+ erb ''
79
+ end
80
+
81
+ post '/test_login_with_remember_in_login' do
82
+ @user = login(params[:username], params[:password], params[:remember])
83
+ erb ''
84
+ end
85
+
86
+ get '/test_login_from_cookie' do
87
+ @user = current_user
88
+ erb ''
89
+ end
90
+
91
+ # http_basic
92
+
93
+ get '/test_http_basic_auth' do
94
+ erb "HTTP Basic Auth"
95
+ end
96
+
97
+ # oauth
98
+
99
+ get '/login_at_test' do
100
+ login_at(:twitter)
101
+ end
102
+
103
+ get '/test_login_from' do
104
+ if @user = login_from(:twitter)
105
+ erb "Success!"
106
+ else
107
+ erb "Failed!"
108
+ end
109
+ end
110
+
111
+ # oauth2
112
+
113
+ get '/login_at_test2' do
114
+ login_at(:facebook)
115
+ end
116
+
117
+ get '/test_login_from2' do
118
+ if @user = login_from(:facebook)
119
+ erb "Success!"
120
+ else
121
+ erb "Failed!"
122
+ end
123
+ end
124
+
125
+ get '/test_create_from_provider' do
126
+ provider = params[:provider]
127
+ login_from(provider)
128
+ if @user = create_from(provider)
129
+ erb "Success!"
130
+ else
131
+ erb "Failed!"
132
+ end
133
+ end
@@ -0,0 +1,25 @@
1
+ class SorceryMailer < ActionMailer::Base
2
+
3
+ default :from => "notifications@example.com"
4
+
5
+ def activation_needed_email(user)
6
+ @user = user
7
+ @url = "http://example.com/login"
8
+ mail(:to => user.email,
9
+ :subject => "Welcome to My Awesome Site")
10
+ end
11
+
12
+ def activation_success_email(user)
13
+ @user = user
14
+ @url = "http://example.com/login"
15
+ mail(:to => user.email,
16
+ :subject => "Your account is now activated")
17
+ end
18
+
19
+ def reset_password_email(user)
20
+ @user = user
21
+ @url = "http://example.com/login"
22
+ mail(:to => user.email,
23
+ :subject => "Your password has been reset")
24
+ end
25
+ end
@@ -0,0 +1,85 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe 'MyApp' do
4
+ before(:all) do
5
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activity_logging")
6
+ end
7
+
8
+ after(:all) do
9
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activity_logging")
10
+ end
11
+
12
+ # ----------------- ACTIVITY LOGGING -----------------------
13
+ describe Sinatra::Application, "with activity logging features" do
14
+ before(:all) do
15
+ sorcery_reload!([:activity_logging])
16
+ clear_cookies
17
+ end
18
+
19
+ before(:each) do
20
+ create_new_user
21
+ end
22
+
23
+ after(:each) do
24
+ User.delete_all
25
+ end
26
+
27
+ it "should respond to 'current_users'" do
28
+ get_sinatra_app(subject).should respond_to(:current_users)
29
+ end
30
+
31
+ it "'current_users' should be empty when no users are logged in" do
32
+ get_sinatra_app(subject).current_users.size.should == 0
33
+ end
34
+
35
+ it "should log login time on login" do
36
+ now = Time.now.utc
37
+ get "/test_login", :username => 'gizmo', :password => 'secret'
38
+ User.first.last_login_at.should_not be_nil
39
+ User.first.last_login_at.to_s(:db).should >= now.to_s(:db)
40
+ User.first.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
41
+ end
42
+
43
+ it "should log logout time on logout" do
44
+ get "/test_login", :username => 'gizmo', :password => 'secret'
45
+ now = Time.now.utc
46
+ get "/test_logout"
47
+ User.first.last_logout_at.should_not be_nil
48
+ User.first.last_logout_at.to_s(:db).should >= now.to_s(:db)
49
+ User.first.last_logout_at.to_s(:db).should <= (now+2).to_s(:db)
50
+ end
51
+
52
+ it "should log last activity time when logged in" do
53
+ get "/test_login", :username => 'gizmo', :password => 'secret'
54
+ now = Time.now.utc
55
+ get "/some_action"
56
+ User.first.last_activity_at.to_s.should >= now.to_s(:db)
57
+ User.first.last_activity_at.to_s.should <= (now+2).to_s(:db)
58
+ end
59
+
60
+ it "'current_users' should hold the user object when 1 user is logged in" do
61
+ get "/test_login", :username => 'gizmo', :password => 'secret'
62
+ get "/some_action"
63
+ get_sinatra_app(subject).current_users.size.should == 1
64
+ get_sinatra_app(subject).current_users[0].should == @user
65
+ end
66
+
67
+ it "'current_users' should show all current_users, whether they have logged out before or not." do
68
+ user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
69
+ get "/test_login", :username => 'gizmo1', :password => 'secret1'
70
+ get "/some_action"
71
+ clear_user_without_logout
72
+ user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
73
+ get "/test_login", :username => 'gizmo2', :password => 'secret2'
74
+ get "/some_action"
75
+ clear_user_without_logout
76
+ user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
77
+ get "/test_login", :username => 'gizmo3', :password => 'secret3'
78
+ get "/some_action"
79
+ get_sinatra_app(subject).current_users.size.should == 3
80
+ get_sinatra_app(subject).current_users[0].should == user1
81
+ get_sinatra_app(subject).current_users[1].should == user2
82
+ get_sinatra_app(subject).current_users[2].should == user3
83
+ end
84
+ end
85
+ end
@@ -0,0 +1,70 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe Sinatra::Application do
4
+ before(:all) do
5
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/brute_force_protection")
6
+ end
7
+
8
+ after(:all) do
9
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/brute_force_protection")
10
+ end
11
+
12
+ # ----------------- SESSION TIMEOUT -----------------------
13
+ describe Sinatra::Application, "with brute force protection features" do
14
+ before(:all) do
15
+ sorcery_reload!([:brute_force_protection])
16
+ end
17
+
18
+ before(:each) do
19
+ create_new_user
20
+ end
21
+
22
+ after(:each) do
23
+ Sorcery::Controller::Config.reset!
24
+ sorcery_controller_property_set(:user_class, User)
25
+ User.delete_all
26
+ Timecop.return
27
+ end
28
+
29
+ it "should count login retries" do
30
+ 3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
31
+ User.find_by_username('gizmo').failed_logins_count.should == 3
32
+ end
33
+
34
+ it "should reset the counter on a good login" do
35
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
36
+ 3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
37
+ get "/test_login", :username => 'gizmo', :password => 'secret'
38
+ User.find_by_username('gizmo').failed_logins_count.should == 0
39
+ end
40
+
41
+ it "should lock user when number of retries reached the limit" do
42
+ User.find_by_username('gizmo').lock_expires_at.should be_nil
43
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
44
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
45
+ User.find_by_username('gizmo').lock_expires_at.should_not be_nil
46
+ end
47
+
48
+ it "should unlock after lock time period passes" do
49
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
50
+ sorcery_model_property_set(:login_lock_time_period, 0.2)
51
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
52
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
53
+ User.find_by_username('gizmo').lock_expires_at.should_not be_nil
54
+ Timecop.travel(Time.now+0.3)
55
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
56
+ User.find_by_username('gizmo').lock_expires_at.should be_nil
57
+ end
58
+
59
+ it "should not unlock if time period is 0 (permanent lock)" do
60
+ sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
61
+ sorcery_model_property_set(:login_lock_time_period, 0)
62
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
63
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
64
+ unlock_date = User.find_by_username('gizmo').lock_expires_at
65
+ Timecop.travel(Time.now+1)
66
+ get "/test_login", :username => 'gizmo', :password => 'blabla'
67
+ User.find_by_username('gizmo').lock_expires_at.to_s.should == unlock_date.to_s
68
+ end
69
+ end
70
+ end
@@ -0,0 +1,53 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require 'base64'
3
+
4
+ describe Sinatra::Application do
5
+
6
+ # ----------------- HTTP BASIC AUTH -----------------------
7
+ describe Sinatra::Application, "with http basic auth features" do
8
+ before(:all) do
9
+ sorcery_reload!([:http_basic_auth])
10
+ create_new_user
11
+ end
12
+
13
+ after(:each) do
14
+ get "/test_logout"
15
+ end
16
+
17
+ it "requests basic authentication when before_filter is used" do
18
+ session[:http_authentication_used] = nil
19
+ get "/test_http_basic_auth"
20
+ last_response.status.should == 401
21
+ session[:http_authentication_used].should == true
22
+ end
23
+
24
+ it "authenticates from http basic if credentials are sent" do
25
+ session[:http_authentication_used] = true
26
+ get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
27
+ last_response.should be_ok
28
+ end
29
+
30
+ it "fails authentication if credentials are wrong" do
31
+ session[:http_authentication_used] = true
32
+ get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:wrong!")}
33
+ last_response.should redirect_to 'http://example.org/'
34
+ end
35
+
36
+ it "should allow configuration option 'controller_to_realm_map'" do
37
+ sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
38
+ Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
39
+ end
40
+
41
+ it "should display the correct realm name configured for the controller" do
42
+ sorcery_controller_property_set(:controller_to_realm_map, {"application" => "Salad"})
43
+ get "/test_http_basic_auth"
44
+ last_response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
45
+ end
46
+
47
+ it "should sign in the user's session on successful login" do
48
+ session[:http_authentication_used] = true
49
+ get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
50
+ session[:user_id].should == User.find_by_username(@user.username).id
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,120 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ def stub_all_oauth2_requests!
4
+ @client = OAuth2::Client.new("key","secret", :site => "http://myapi.com")
5
+ OAuth2::Client.stub!(:new).and_return(@client)
6
+ @acc_token = OAuth2::AccessToken.new(@client, "", "asd", nil, {})
7
+ @webby = @client.web_server
8
+ OAuth2::Strategy::WebServer.stub!(:new).and_return(@webby)
9
+ @webby.stub!(:get_access_token).and_return(@acc_token)
10
+ @acc_token.stub!(:get).and_return({"id"=>"123", "name"=>"Noam Ben Ari", "first_name"=>"Noam", "last_name"=>"Ben Ari", "link"=>"http://www.facebook.com/nbenari1", "hometown"=>{"id"=>"110619208966868", "name"=>"Haifa, Israel"}, "location"=>{"id"=>"106906559341067", "name"=>"Pardes Hanah, Hefa, Israel"}, "bio"=>"I'm a new daddy, and enjoying it!", "gender"=>"male", "email"=>"nbenari@gmail.com", "timezone"=>2, "locale"=>"en_US", "languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}], "verified"=>true, "updated_time"=>"2011-02-16T20:59:38+0000"}.to_json)
11
+ end
12
+
13
+ describe 'MyApp' do
14
+ before(:all) do
15
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/external")
16
+ sorcery_reload!([:external])
17
+ sorcery_controller_property_set(:external_providers, [:facebook])
18
+ sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
19
+ sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
20
+ sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
21
+ end
22
+
23
+ after(:all) do
24
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/external")
25
+ end
26
+ # ----------------- OAuth -----------------------
27
+ describe Sinatra::Application, "with OAuth features" do
28
+
29
+ before(:each) do
30
+ stub_all_oauth2_requests!
31
+ end
32
+
33
+ after(:each) do
34
+ User.delete_all
35
+ Authentication.delete_all
36
+ end
37
+
38
+ it "login_at redirects correctly" do
39
+ create_new_user
40
+ get "/login_at_test2"
41
+ last_response.should be_a_redirect
42
+ #last_response.should redirect_to("http://myapi.com/oauth/authorize?client_id=key&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&type=web_server")
43
+ last_response.should redirect_to("http://myapi.com/oauth/authorize?client_id=key&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&response_type=code")
44
+ end
45
+
46
+ it "'login_from' logins if user exists" do
47
+ sorcery_model_property_set(:authentications_class, Authentication)
48
+ create_new_external_user(:facebook)
49
+ get "/test_login_from2"
50
+ last_response.body.should == "Success!"
51
+ end
52
+
53
+ it "'login_from' fails if user doesn't exist" do
54
+ sorcery_model_property_set(:authentications_class, Authentication)
55
+ create_new_user
56
+ get "/test_login_from2"
57
+ last_response.body.should == "Failed!"
58
+ end
59
+ end
60
+
61
+ describe Sinatra::Application, "'create_from'" do
62
+ before(:each) do
63
+ stub_all_oauth2_requests!
64
+ User.delete_all
65
+ Authentication.delete_all
66
+ end
67
+
68
+ it "should create a new user" do
69
+ sorcery_model_property_set(:authentications_class, Authentication)
70
+ sorcery_controller_external_property_set(:facebook, :user_info_mapping, {:username => "name"})
71
+ lambda do
72
+ get "/test_create_from_provider", :provider => "facebook"
73
+ end.should change(User, :count).by(1)
74
+ User.first.username.should == "Noam Ben Ari"
75
+ end
76
+
77
+ it "should support nested attributes" do
78
+ sorcery_model_property_set(:authentications_class, Authentication)
79
+ sorcery_controller_external_property_set(:facebook, :user_info_mapping, {:username => "hometown/name"})
80
+ lambda do
81
+ get "/test_create_from_provider", :provider => "facebook"
82
+ end.should change(User, :count).by(1)
83
+ User.first.username.should == "Haifa, Israel"
84
+ end
85
+ end
86
+
87
+ describe Sinatra::Application, "OAuth with User Activation features" do
88
+ before(:all) do
89
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activation")
90
+ sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
91
+ sorcery_controller_property_set(:external_providers, [:facebook])
92
+ sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
93
+ sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
94
+ sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
95
+ end
96
+
97
+ after(:all) do
98
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activation")
99
+ end
100
+
101
+ after(:each) do
102
+ User.delete_all
103
+ end
104
+
105
+ it "should not send activation email to external users" do
106
+ old_size = ActionMailer::Base.deliveries.size
107
+ create_new_external_user(:facebook)
108
+ ActionMailer::Base.deliveries.size.should == old_size
109
+ end
110
+
111
+ it "should not send external users an activation success email" do
112
+ sorcery_model_property_set(:activation_success_email_method_name, nil)
113
+ create_new_external_user(:facebook)
114
+ old_size = ActionMailer::Base.deliveries.size
115
+ @user.activate!
116
+ ActionMailer::Base.deliveries.size.should == old_size
117
+ end
118
+ end
119
+
120
+ end
@@ -0,0 +1,121 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require 'ostruct'
3
+
4
+ def stub_all_oauth_requests!
5
+ @consumer = OAuth::Consumer.new("key","secret", :site => "http://myapi.com")
6
+ OAuth::Consumer.stub!(:new).and_return(@consumer)
7
+ @req_token = OAuth::RequestToken.new(@consumer) # OpenStruct.new()
8
+ @consumer.stub!(:get_request_token).and_return(@req_token)
9
+ @acc_token = OAuth::AccessToken.new(@consumer)
10
+ @req_token.stub!(:get_access_token).and_return(@acc_token)
11
+ session[:request_token] = @req_token.token
12
+ session[:request_token_secret] = @req_token.secret
13
+ OAuth::RequestToken.stub!(:new).and_return(@req_token)
14
+ response = OpenStruct.new()
15
+ response.body = {"following"=>false, "listed_count"=>0, "profile_link_color"=>"0084B4", "profile_image_url"=>"http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg", "description"=>"Programmer/Heavy Metal Fan/New Father", "status"=>{"text"=>"coming soon to sorcery gem: twitter and facebook authentication support.", "truncated"=>false, "favorited"=>false, "source"=>"web", "geo"=>nil, "in_reply_to_screen_name"=>nil, "in_reply_to_user_id"=>nil, "in_reply_to_status_id_str"=>nil, "created_at"=>"Sun Mar 06 23:01:12 +0000 2011", "contributors"=>nil, "place"=>nil, "retweeted"=>false, "in_reply_to_status_id"=>nil, "in_reply_to_user_id_str"=>nil, "coordinates"=>nil, "retweet_count"=>0, "id"=>44533012284706816, "id_str"=>"44533012284706816"}, "show_all_inline_media"=>false, "geo_enabled"=>true, "profile_sidebar_border_color"=>"a8c7f7", "url"=>nil, "followers_count"=>10, "screen_name"=>"nbenari", "profile_use_background_image"=>true, "location"=>"Israel", "statuses_count"=>25, "profile_background_color"=>"022330", "lang"=>"en", "verified"=>false, "notifications"=>false, "profile_background_image_url"=>"http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg", "favourites_count"=>5, "created_at"=>"Fri Nov 20 21:58:19 +0000 2009", "is_translator"=>false, "contributors_enabled"=>false, "protected"=>false, "follow_request_sent"=>false, "time_zone"=>"Greenland", "profile_text_color"=>"333333", "name"=>"Noam Ben Ari", "friends_count"=>10, "profile_sidebar_fill_color"=>"C0DFEC", "id"=>123, "id_str"=>"91434812", "profile_background_tile"=>false, "utc_offset"=>-10800}.to_json
16
+ @acc_token.stub!(:get).and_return(response)
17
+ end
18
+
19
+ describe Sinatra::Application do
20
+ before(:all) do
21
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/external")
22
+ sorcery_reload!([:external])
23
+ sorcery_controller_property_set(:external_providers, [:twitter])
24
+ sorcery_controller_external_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
25
+ sorcery_controller_external_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
26
+ sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
27
+ end
28
+
29
+ after(:all) do
30
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/external")
31
+ end
32
+ # ----------------- OAuth -----------------------
33
+ describe Sinatra::Application, "'login_from'" do
34
+
35
+ before(:each) do
36
+ stub_all_oauth_requests!
37
+ end
38
+
39
+ after(:each) do
40
+ User.delete_all
41
+ Authentication.delete_all
42
+ end
43
+
44
+ it "login_at_test redirects correctly" do
45
+ create_new_user
46
+ get "/login_at_test"
47
+ last_response.should be_a_redirect
48
+ last_response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
49
+ end
50
+
51
+ it "logins if user exists" do
52
+ sorcery_model_property_set(:authentications_class, Authentication)
53
+ create_new_external_user(:twitter)
54
+ get '/test_login_from', :oauth_verifier => "blablaRERASDFcxvSDFA"
55
+ last_response.body.should == "Success!"
56
+ end
57
+
58
+ it "'login_from' fails if user doesn't exist" do
59
+ sorcery_model_property_set(:authentications_class, Authentication)
60
+ create_new_user
61
+ get '/test_login_from', :oauth_verifier => "blablaRERASDFcxvSDFA"
62
+ last_response.body.should == "Failed!"
63
+ end
64
+ end
65
+
66
+ describe Sinatra::Application, "'create_from'" do
67
+ before(:each) do
68
+ stub_all_oauth_requests!
69
+ User.delete_all
70
+ Authentication.delete_all
71
+ end
72
+
73
+ it "should create a new user" do
74
+ sorcery_model_property_set(:authentications_class, Authentication)
75
+ sorcery_controller_external_property_set(:twitter, :user_info_mapping, {:username => "screen_name"})
76
+ lambda do
77
+ get :test_create_from_provider, :provider => "twitter"
78
+ end.should change(User, :count).by(1)
79
+ User.first.username.should == "nbenari"
80
+ end
81
+
82
+ it "should support nested attributes" do
83
+ sorcery_model_property_set(:authentications_class, Authentication)
84
+ sorcery_controller_external_property_set(:twitter, :user_info_mapping, {:username => "status/text"})
85
+ lambda do
86
+ get :test_create_from_provider, :provider => "twitter"
87
+ end.should change(User, :count).by(1)
88
+ User.first.username.should == "coming soon to sorcery gem: twitter and facebook authentication support."
89
+ end
90
+ end
91
+
92
+ describe Sinatra::Application, "OAuth with User Activation features" do
93
+ before(:all) do
94
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activation")
95
+ sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
96
+ end
97
+
98
+ after(:all) do
99
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activation")
100
+ end
101
+
102
+ after(:each) do
103
+ User.delete_all
104
+ Authentication.delete_all
105
+ end
106
+
107
+ it "should not send activation email to external users" do
108
+ old_size = ActionMailer::Base.deliveries.size
109
+ create_new_external_user(:twitter)
110
+ ActionMailer::Base.deliveries.size.should == old_size
111
+ end
112
+
113
+ it "should not send external users an activation success email" do
114
+ sorcery_model_property_set(:activation_success_email_method_name, nil)
115
+ create_new_external_user(:twitter)
116
+ old_size = ActionMailer::Base.deliveries.size
117
+ @user.activate!
118
+ ActionMailer::Base.deliveries.size.should == old_size
119
+ end
120
+ end
121
+ end
@@ -0,0 +1,64 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe Sinatra::Application do
4
+
5
+ # ----------------- REMEMBER ME -----------------------
6
+ describe Sinatra::Application, "with remember me features" do
7
+ before(:all) do
8
+ ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/remember_me")
9
+ sorcery_reload!([:remember_me])
10
+ end
11
+
12
+ before(:each) do
13
+ create_new_user
14
+ end
15
+
16
+ after(:all) do
17
+ ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/remember_me")
18
+ end
19
+
20
+ after(:each) do
21
+ session = nil
22
+ clear_cookies
23
+ User.delete_all
24
+ end
25
+
26
+ it "should set cookie on remember_me!" do
27
+ post "/test_login_with_remember", :username => 'gizmo', :password => 'secret'
28
+ cookies["remember_me_token"].should == assigns[:user].remember_me_token
29
+ end
30
+
31
+ it "should clear cookie on forget_me!" do
32
+ cookies["remember_me_token"] == {:value => 'asd54234dsfsd43534', :expires => 3600}
33
+ get '/test_logout'
34
+ cookies["remember_me_token"].should == nil
35
+ end
36
+
37
+ it "login(username,password,remember_me) should login and remember" do
38
+ post '/test_login_with_remember_in_login', :username => 'gizmo', :password => 'secret', :remember => "1"
39
+ cookies["remember_me_token"].should_not be_nil
40
+ cookies["remember_me_token"].should == assigns[:user].remember_me_token
41
+ end
42
+
43
+ it "logout should also forget_me!" do
44
+ session[:user_id] = @user.id
45
+ get '/test_logout_with_remember'
46
+ cookies["remember_me_token"].should == nil
47
+ end
48
+
49
+ it "should login_from_cookie" do
50
+ post "/test_login_with_remember", :username => 'gizmo', :password => 'secret'
51
+ get_sinatra_app(subject).instance_eval do
52
+ @current_user = nil
53
+ end
54
+ session[:user_id] = nil
55
+ get '/test_login_from_cookie'
56
+ assigns[:current_user].should == @user
57
+ end
58
+
59
+ it "should not remember_me! when not asked to" do
60
+ post '/test_login', :username => 'gizmo', :password => 'secret'
61
+ cookies["remember_me_token"].should == nil
62
+ end
63
+ end
64
+ end