RubyGems - sorcery - Versions diffs - 0.3.1 → 0.4.0 - Mend

sorcery 0.3.1 → 0.4.0

Potentially problematic release.

This version of sorcery might be problematic. Click here for more details.

Files changed (131) hide show

data/Gemfile CHANGED Viewed

@@ -9,12 +9,13 @@ gem 'oauth2', ">= 0.1.1"
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
-  gem "rspec", "~> 2.3.0"
-  gem 'rspec-rails'
+  gem "rspec", "~> 2.5.0"
+  gem 'rspec-rails', "~> 2.5.0"
   gem 'ruby-debug19'
   gem 'sqlite3-ruby', :require => 'sqlite3'
   gem "yard", "~> 0.6.0"
   gem "bundler", "~> 1.0.0"
   gem "jeweler", "~> 1.5.2"
   gem 'simplecov', '>= 0.3.8', :require => false # Will install simplecov-html as a dependency
+  gem 'timecop'
 end

data/Gemfile.lock CHANGED Viewed

@@ -81,19 +81,19 @@ GEM
       rake (>= 0.8.7)
       thor (~> 0.14.4)
     rake (0.8.7)
-    rspec (2.3.0)
-      rspec-core (~> 2.3.0)
-      rspec-expectations (~> 2.3.0)
-      rspec-mocks (~> 2.3.0)
-    rspec-core (2.3.1)
-    rspec-expectations (2.3.0)
+    rspec (2.5.0)
+      rspec-core (~> 2.5.0)
+      rspec-expectations (~> 2.5.0)
+      rspec-mocks (~> 2.5.0)
+    rspec-core (2.5.1)
+    rspec-expectations (2.5.0)
       diff-lcs (~> 1.1.2)
-    rspec-mocks (2.3.0)
-    rspec-rails (2.3.1)
+    rspec-mocks (2.5.0)
+    rspec-rails (2.5.0)
       actionpack (~> 3.0)
       activesupport (~> 3.0)
       railties (~> 3.0)
-      rspec (~> 2.3.0)
+      rspec (~> 2.5.0)
     ruby-debug-base19 (0.11.24)
       columnize (>= 0.3.1)
       linecache19 (>= 0.5.11)
@@ -109,6 +109,7 @@ GEM
     simplecov-html (0.3.9)
     sqlite3-ruby (1.3.2)
     thor (0.14.6)
+    timecop (0.3.5)
     treetop (1.4.9)
       polyglot (>= 0.3.1)
     tzinfo (0.3.23)
@@ -124,9 +125,10 @@ DEPENDENCIES
   oauth (>= 0.4.4)
   oauth2 (>= 0.1.1)
   rails (>= 3.0.0)
-  rspec (~> 2.3.0)
-  rspec-rails
+  rspec (~> 2.5.0)
+  rspec-rails (~> 2.5.0)
   ruby-debug19
   simplecov (>= 0.3.8)
   sqlite3-ruby
+  timecop
   yard (~> 0.6.0)

data/README.rdoc CHANGED Viewed

@@ -28,11 +28,53 @@ Example Rails 3 app using sorcery: https://github.com/NoamB/sorcery-example-app
 Example Sinatra app using sorcery: https://github.com/NoamB/sorcery-example-app-sinatra
-Documentation: http://rubydoc.info/gems/sorcery/0.3.1/frames
+Documentation: http://rubydoc.info/gems/sorcery/0.4.0/frames
 Check out the tutorials in the github wiki!
+== API Summary
+Below is a summary of the library methods. Most method names are self explaining and the rest are commented:
+  # core
+  require_login # this is a before filter
+  login(username,password,remember_me = false)
+  logout
+  logged_in?
+  current_user
+  redirect_back_or_to # used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
+  @user.external? # external users, such as facebook/twitter etc.
+  User.authenticates_with_sorcery!
+  # activity logging
+  current_users
+  # http basic auth
+  require_login_from_http_basic # this is a before filter
+  # external
+  login_at(provider) # sends the user to an external service (twitter etc.) to authenticate.
+  login_from(provider) # tries to login from the external provider's callback.
+  create_from(provider) # create the user in the local app db.
+  # remember me
+  remember_me!
+  forget_me!
+  # reset password
+  User.load_from_reset_password_token(token)
+  @user.deliver_reset_password_instructions!
+  @user.reset_password!(params)
+  # user activation
+  User.load_from_activation_token(token)
+  @user.activate!
+Please see the tutorials in the github wiki for detailed usage information.
 == Installation:
@@ -49,29 +91,15 @@ Otherwise simply
 	gem install sorcery
-== Configuration:
+== Rails 3 Configuration:
-1. config/application.rb
-	config.sorcery.submodules = [:user_activation, :remember_me] # add the submodules you want to use
-	# You can also configure here any controller and any controller-submodule option here. For example:
-	config.sorcery.session_timeout = 10.minutes
+For Rails 3 create an initializer file using:
-2. app/models/user.rb (or another model of your choice, but a User class is assumed by default)
+    rake sorcery:bootstrap
-	activate_sorcery! do |config|
-  	  config.user_activation_mailer = MyMailer
-	  config.username_attribute_name = :email
-	end
-3. app/controllers/application_controller.rb (OPTIONAL: this is actually needed only in some cases)
-	activate_sorcery! do |config|
-  	  config.session_timeout = 10.minutes
-	end
-The configuration options vary with the submodules you've chosen to use, so check the documentation or the wiki tutorials regarding the specific submodule.
+This will create the file as config/initializers/sorcery.rb .
+Inside it the comments will tell you everything you need to know.
 For your convenience, Sorcery includes a migrations generator for Rails, which can be used like so:
@@ -88,44 +116,30 @@ To generate migrations for both the core AND 'remember_me' submodule:
 These migrations use the default fields. You can choose to use these migrations or make your own tables and fields. Sorcery tries not to impose a database structure and naming scheme on your application.
-== API Summary
-Below is a summary of the library methods. Most method names are self explaining and the rest are commented:
-  # core
-  require_login # this is a before filter
-  login(username,password,remember_me = false)
-  logout
-  logged_in?
-  current_user
-  redirect_back_or_to # used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
-  @user.external? # external users, such as facebook/twitter etc.
-  # activity logging
-  current_users
-  # http basic auth
-  require_login_from_http_basic # this is a before filter
+== Sinatra Configuration:
-  # external
-  login_at(provider) # sends the user to an external service (twitter etc.) to authenticate.
-  login_from(provider) # tries to login from the external provider's callback.
-  create_from(provider) # create the user in the local app db.
-  # remember me
-  remember_me!
-  forget_me!
+For Sinatra you'll need to create the initializer manually. You can do it in the main app file or in a separate file you require (see example in example app). The code looks as follows:
-  # reset password
-  User.load_from_reset_password_token(token)
-  @user.deliver_reset_password_instructions!
-  @user.reset_password!(params)
+    Sorcery::Controller::Config.submodules = [] # specify here the submodules you want to include
+    Sorcery::Controller::Config.configure do |config|
+      config.session_timeout = 10.minutes
+      ...
+      ...
+      config.user_config do |user|
+        user.username_attribute_name                      = :email
+        ...
+    	...
+      end
+    end
-  # user activation
-  User.load_from_activation_token(token)
-  @user.activate!
+Finally, to make all the code above take effect, we'll need to re-include the sorcery controller module:
-Please see the tutorials in the github wiki for detailed usage information.
+    include Sorcery::Controller::Adapters::Sinatra
+    include Sorcery::Controller
 == Full Features List by module:
@@ -180,19 +194,32 @@ External (see lib/sorcery/controller/submodules/external.rb):
 I've got many plans which include (by priority):
+* Forgot username, maybe as part of the reset_password module
 * Scoping logins (to a subdomain or another arbitrary field)
-* Simple auth (no user)
-* Switching authentication mode at runtime (Maintenance mode)
 * Mongoid support
 * Other reset password strategies (security questions?)
 * Other brute force protection strategies (captcha)
 * Have an idea? Let me know, and it might get into the gem!
 Other stuff:
+* Improve specs speed
+* Provide an easy way to run specs after install
 * Improve documentation
 * Tty to reduce the number of library methods, and find better names to some
+== Backward compatibility
+While the lib is young and evolving fast I'm breaking backward compatibility quite often.
+I'm constantly finding better ways to do things and throwing away old ways.
+To let you know when things are changing in a non-compatible way, I'm bumping the minor version of the gem.
+The patch version changes are backward compatible.
+In short, an app that works with x.3.1 should be able to upgrade to x.3.2 with no code changes.
+The same cannot be said about upgrading to x.4.0 and above, however.
 == Contributing to sorcery
@@ -200,17 +227,18 @@ Your feedback is very welcome and will make this gem much much better for you, m
 Besides feedback on code, features, suggestions and bug reports, you may want to actually make an impact on the code.
 For this:
-* Fork the project.
-* Make your feature addition or bug fix.
-* Add tests for it. I've used RSpec so far, please remain consistent with it.
-* Commit, do not mess with Rakefiles, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
-* Send me a pull request. Bonus points for topic branches.
+* Fork it.
+* Fix it.
+* Test it.
+* Commit it.
+* Send me a pull request so I'll... Pull it.
-If you feel my work has made your life easier, and you would like to thank me through a donation, my paypal email is in the contact details.
+If you feel sorcery has made your life easier, and you would like to express your thanks via a donation, my paypal email is in the contact details.
 == Contact
 Feel free to ask questions using these contact details:
 	email: nbenari@gmail.com ( also for paypal )

data/Rakefile CHANGED Viewed

@@ -41,11 +41,11 @@ end
 require 'yard'
 YARD::Rake::YardocTask.new
-desc 'Default: Run all specs.'
-task :default => :all_specs
+desc 'Default: Run all sorcery specs.'
+task :default => :all_sorcery_specs
-desc "Run all specs"
-task :all_specs do
+desc "Run all sorcery specs"
+task :all_sorcery_specs do
   Dir['spec/**/Rakefile'].each do |rakefile|
     directory_name = File.dirname(rakefile)
     sh <<-CMD

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.3.1
1	+ 0.4.0

data/lib/generators/sorcery_migration/templates/core.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 class SorceryCore < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.string :username,         :null => false
-      t.string :email,            :default => nil
+      t.string :username,         :null => false  # if you use another filed as a username, for example email, you can safely remove this field.
+      t.string :email,            :default => nil # if you use this field as a username, you might want to make it :null => false.
       t.string :crypted_password, :default => nil
       t.string :salt,             :default => nil

data/lib/sorcery.rb CHANGED Viewed

@@ -36,6 +36,7 @@ module Sorcery
     end
   end
   module CryptoProviders
+    autoload :Common, 'sorcery/crypto_providers/common'
     autoload :AES256, 'sorcery/crypto_providers/aes256'
     autoload :BCrypt, 'sorcery/crypto_providers/bcrypt'
     autoload :MD5,    'sorcery/crypto_providers/md5'

data/lib/sorcery/controller.rb CHANGED Viewed

@@ -2,7 +2,6 @@ module Sorcery
   module Controller
     def self.included(klass)
       klass.class_eval do
-        extend ClassMethods
         include InstanceMethods
         Config.submodules.each do |mod|
           begin
@@ -11,19 +10,9 @@ module Sorcery
             # don't stop on a missing submodule.
           end
         end
-        Config.update!
-      end
-    end
-    module ClassMethods
-      def activate_sorcery!(&block)
-        yield Config if block_given?
-        after_config!
-      end
-      def after_config!
-        Config.after_config.each {|c| send(c)}
       end
+      Config.update!
+      Config.configure!
     end
     module InstanceMethods
@@ -126,7 +115,7 @@ module Sorcery
       class << self
         attr_accessor :submodules,
-                      :user_class,                    # what class to use as the user class. Set automatically when you call activate_sorcery! in the User class.
+                      :user_class,                    # what class to use as the user class. Set automatically when you call authenticates_with_sorcery! in the User class.
                       :not_authenticated_action,      # what controller action to call for non-authenticated users.
@@ -137,9 +126,7 @@ module Sorcery
                       :after_login,
                       :after_failed_login,
                       :before_logout,
-                      :after_logout,
-                      :after_config
+                      :after_logout
         def init!
           @defaults = {
@@ -151,7 +138,6 @@ module Sorcery
             :@after_failed_login                   => [],
             :@before_logout                        => [],
             :@after_logout                         => [],
-            :@after_config                         => [],
             :@save_return_to_url                   => true
           }
         end
@@ -168,6 +154,18 @@ module Sorcery
             instance_variable_set(k,v) if !instance_variable_defined?(k)
           end
         end
+        def user_config(&blk)
+          block_given? ? @user_config = blk : @user_config
+        end
+        def configure(&blk)
+          @configure_blk = blk
+        end
+        def configure!
+          @configure_blk.call(self) if @configure_blk
+        end
       end
       init!
       reset!

data/lib/sorcery/controller/submodules/http_basic_auth.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module Sorcery
           base.send(:include, InstanceMethods)
           Config.module_eval do
             class << self
-              attr_accessor :controller_to_realm_map            # how many failed logins allowed.
+              attr_accessor :controller_to_realm_map            # What realm to display for which controller name.
               def merge_http_basic_auth_defaults!
                 @defaults.merge!(:@controller_to_realm_map  => {"application" => "Application"})

data/lib/sorcery/crypto_providers/bcrypt.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Sorcery
         # This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
         # Set this to whatever you want, play around with it to get that perfect balance between security and performance.
         def cost
-          @cost ||= 1
+          @cost ||= 10
         end
         attr_writer :cost
         alias :stretches= :cost=

data/lib/sorcery/crypto_providers/common.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module Sorcery
+  module CryptoProviders
+    module Common
+      def self.included(base)
+        base.class_eval do
+          class << self
+            attr_accessor :join_token
+            # The number of times to loop through the encryption.
+            def stretches
+              @stretches ||= 1
+            end
+            attr_writer :stretches
+            def encrypt(*tokens)
+              digest = tokens.flatten.join(join_token)
+              stretches.times { digest = secure_digest(digest) }
+              digest
+            end
+            # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
+            def matches?(crypted, *tokens)
+              encrypt(*tokens) == crypted
+            end
+            def reset!
+              @stretches = 1
+              @join_token = nil
+            end
+          end
+        end
+      end
+    end
+  end
+end