sorcery 0.3.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (138) hide show
  1. data/Gemfile +3 -2
  2. data/Gemfile.lock +13 -11
  3. data/README.rdoc +89 -61
  4. data/Rakefile +4 -4
  5. data/VERSION +1 -1
  6. data/lib/generators/sorcery_migration/templates/core.rb +2 -2
  7. data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -1
  8. data/lib/sorcery/controller.rb +16 -18
  9. data/lib/sorcery/crypto_providers/bcrypt.rb +3 -5
  10. data/lib/sorcery/crypto_providers/common.rb +35 -0
  11. data/lib/sorcery/crypto_providers/md5.rb +3 -23
  12. data/lib/sorcery/crypto_providers/sha1.rb +4 -16
  13. data/lib/sorcery/crypto_providers/sha256.rb +3 -23
  14. data/lib/sorcery/crypto_providers/sha512.rb +3 -23
  15. data/lib/sorcery/engine.rb +4 -0
  16. data/lib/sorcery/initializers/initializer.rb +86 -0
  17. data/lib/sorcery/model/submodules/activity_logging.rb +1 -1
  18. data/lib/sorcery/model/submodules/brute_force_protection.rb +1 -1
  19. data/lib/sorcery/model/submodules/reset_password.rb +1 -1
  20. data/lib/sorcery/model.rb +25 -3
  21. data/lib/sorcery/railties/tasks.rake +10 -0
  22. data/lib/sorcery/sinatra.rb +0 -9
  23. data/lib/sorcery/test_helpers/internal/rails.rb +52 -0
  24. data/lib/sorcery/test_helpers/internal/sinatra.rb +122 -0
  25. data/lib/sorcery/test_helpers/internal.rb +55 -0
  26. data/lib/sorcery/test_helpers/rails.rb +5 -46
  27. data/lib/sorcery/test_helpers/sinatra.rb +58 -104
  28. data/lib/sorcery/test_helpers.rb +0 -35
  29. data/lib/sorcery.rb +8 -0
  30. data/sorcery.gemspec +140 -146
  31. data/spec/Gemfile +2 -2
  32. data/spec/Gemfile.lock +20 -12
  33. data/spec/Rakefile +1 -0
  34. data/spec/rails3/.rspec +1 -1
  35. data/spec/rails3/{app_root/Gemfile → Gemfile} +4 -4
  36. data/spec/rails3/{app_root/Gemfile.lock → Gemfile.lock} +20 -20
  37. data/spec/rails3/{app_root/Rakefile → Rakefile} +1 -0
  38. data/spec/rails3/config/database.yml +27 -0
  39. data/spec/rails3/{app_root/spec → spec}/controller_activity_logging_spec.rb +2 -4
  40. data/spec/rails3/{app_root/spec → spec}/controller_brute_force_protection_spec.rb +3 -2
  41. data/spec/rails3/{app_root/spec → spec}/controller_oauth2_spec.rb +10 -9
  42. data/spec/rails3/{app_root/spec → spec}/controller_oauth_spec.rb +8 -8
  43. data/spec/rails3/spec/controller_session_timeout_spec.rb +55 -0
  44. data/spec/rails3/{app_root/spec → spec}/controller_spec.rb +6 -16
  45. data/spec/rails3/spec/spec.opts +2 -0
  46. data/spec/rails3/spec/spec_helper.rb +70 -0
  47. data/spec/rails3/{app_root/spec → spec}/user_activation_spec.rb +7 -13
  48. data/spec/rails3/{app_root/spec → spec}/user_brute_force_protection_spec.rb +2 -30
  49. data/spec/rails3/{app_root/spec → spec}/user_oauth_spec.rb +3 -3
  50. data/spec/rails3/{app_root/spec → spec}/user_remember_me_spec.rb +3 -11
  51. data/spec/rails3/{app_root/spec → spec}/user_reset_password_spec.rb +20 -17
  52. data/spec/rails3/{app_root/spec → spec}/user_spec.rb +19 -9
  53. data/spec/sinatra/Gemfile +3 -3
  54. data/spec/sinatra/Gemfile.lock +17 -17
  55. data/spec/sinatra/Rakefile +1 -0
  56. data/spec/sinatra/spec/controller_brute_force_protection_spec.rb +3 -2
  57. data/spec/sinatra/spec/controller_oauth2_spec.rb +10 -9
  58. data/spec/sinatra/spec/controller_oauth_spec.rb +5 -5
  59. data/spec/sinatra/spec/controller_session_timeout_spec.rb +28 -23
  60. data/spec/sinatra/spec/spec.opts +2 -4
  61. data/spec/sinatra/spec/spec_helper.rb +4 -2
  62. data/spec/sorcery_crypto_providers_spec.rb +5 -4
  63. data/spec/spec.opts +2 -0
  64. data/spec/spec_helper.rb +3 -4
  65. metadata +151 -149
  66. data/lib/sorcery/controller/submodules/email.rb +0 -44
  67. data/lib/sorcery/controller/submodules/oauth.rb +0 -95
  68. data/spec/rails3/app_root/.rspec +0 -1
  69. data/spec/rails3/app_root/config/database.yml +0 -27
  70. data/spec/rails3/app_root/spec/controller_session_timeout_spec.rb +0 -50
  71. data/spec/rails3/app_root/spec/spec_helper.rb +0 -62
  72. data/spec/sinatra/spec/user_activation_spec.rb +0 -188
  73. data/spec/sinatra/spec/user_activity_logging_spec.rb +0 -36
  74. data/spec/sinatra/spec/user_brute_force_protection_spec.rb +0 -76
  75. data/spec/sinatra/spec/user_oauth_spec.rb +0 -39
  76. data/spec/sinatra/spec/user_remember_me_spec.rb +0 -66
  77. data/spec/sinatra/spec/user_reset_password_spec.rb +0 -178
  78. data/spec/sinatra/spec/user_spec.rb +0 -317
  79. /data/spec/rails3/{app_root/.gitignore → .gitignore} +0 -0
  80. /data/spec/rails3/{app_root/README → README} +0 -0
  81. /data/spec/rails3/{app_root/Rakefile.unused → Rakefile.unused} +0 -0
  82. /data/spec/rails3/{app_root/app → app}/controllers/application_controller.rb +0 -0
  83. /data/spec/rails3/{app_root/app → app}/helpers/application_helper.rb +0 -0
  84. /data/spec/rails3/{app_root/app → app}/mailers/sorcery_mailer.rb +0 -0
  85. /data/spec/rails3/{app_root/app → app}/models/authentication.rb +0 -0
  86. /data/spec/rails3/{app_root/app → app}/models/user.rb +0 -0
  87. /data/spec/rails3/{app_root/app → app}/views/layouts/application.html.erb +0 -0
  88. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_email.html.erb +0 -0
  89. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_email.text.erb +0 -0
  90. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_success_email.html.erb +0 -0
  91. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/activation_success_email.text.erb +0 -0
  92. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/reset_password_email.html.erb +0 -0
  93. /data/spec/rails3/{app_root/app → app}/views/sorcery_mailer/reset_password_email.text.erb +0 -0
  94. /data/spec/rails3/{app_root/config → config}/application.rb +0 -0
  95. /data/spec/rails3/{app_root/config → config}/boot.rb +0 -0
  96. /data/spec/rails3/{app_root/config → config}/environment.rb +0 -0
  97. /data/spec/rails3/{app_root/config → config}/environments/development.rb +0 -0
  98. /data/spec/rails3/{app_root/config → config}/environments/in_memory.rb +0 -0
  99. /data/spec/rails3/{app_root/config → config}/environments/production.rb +0 -0
  100. /data/spec/rails3/{app_root/config → config}/environments/test.rb +0 -0
  101. /data/spec/rails3/{app_root/config → config}/initializers/backtrace_silencers.rb +0 -0
  102. /data/spec/rails3/{app_root/config → config}/initializers/inflections.rb +0 -0
  103. /data/spec/rails3/{app_root/config → config}/initializers/mime_types.rb +0 -0
  104. /data/spec/rails3/{app_root/config → config}/initializers/secret_token.rb +0 -0
  105. /data/spec/rails3/{app_root/config → config}/initializers/session_store.rb +0 -0
  106. /data/spec/rails3/{app_root/config → config}/locales/en.yml +0 -0
  107. /data/spec/rails3/{app_root/config → config}/routes.rb +0 -0
  108. /data/spec/rails3/{app_root/config.ru → config.ru} +0 -0
  109. /data/spec/rails3/{app_root/db → db}/migrate/activation/20101224223622_add_activation_to_users.rb +0 -0
  110. /data/spec/rails3/{app_root/db → db}/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +0 -0
  111. /data/spec/rails3/{app_root/db → db}/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +0 -0
  112. /data/spec/rails3/{app_root/db → db}/migrate/core/20101224223620_create_users.rb +0 -0
  113. /data/spec/rails3/{app_root/db → db}/migrate/external/20101224223628_create_authentications.rb +0 -0
  114. /data/spec/rails3/{app_root/db → db}/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +0 -0
  115. /data/spec/rails3/{app_root/db → db}/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +0 -0
  116. /data/spec/rails3/{app_root/db → db}/schema.rb +0 -0
  117. /data/spec/rails3/{app_root/db → db}/seeds.rb +0 -0
  118. /data/spec/rails3/{app_root/lib → lib}/tasks/.gitkeep +0 -0
  119. /data/spec/rails3/{app_root/public → public}/404.html +0 -0
  120. /data/spec/rails3/{app_root/public → public}/422.html +0 -0
  121. /data/spec/rails3/{app_root/public → public}/500.html +0 -0
  122. /data/spec/rails3/{app_root/public → public}/favicon.ico +0 -0
  123. /data/spec/rails3/{app_root/public → public}/images/rails.png +0 -0
  124. /data/spec/rails3/{app_root/public → public}/index.html +0 -0
  125. /data/spec/rails3/{app_root/public → public}/javascripts/application.js +0 -0
  126. /data/spec/rails3/{app_root/public → public}/javascripts/controls.js +0 -0
  127. /data/spec/rails3/{app_root/public → public}/javascripts/dragdrop.js +0 -0
  128. /data/spec/rails3/{app_root/public → public}/javascripts/effects.js +0 -0
  129. /data/spec/rails3/{app_root/public → public}/javascripts/prototype.js +0 -0
  130. /data/spec/rails3/{app_root/public → public}/javascripts/rails.js +0 -0
  131. /data/spec/rails3/{app_root/public → public}/robots.txt +0 -0
  132. /data/spec/rails3/{app_root/public → public}/stylesheets/.gitkeep +0 -0
  133. /data/spec/rails3/{app_root/script → script}/rails +0 -0
  134. /data/spec/rails3/{app_root/spec → spec}/controller_http_basic_auth_spec.rb +0 -0
  135. /data/spec/rails3/{app_root/spec → spec}/controller_remember_me_spec.rb +0 -0
  136. /data/spec/rails3/{app_root/spec → spec}/spec_helper.orig.rb +0 -0
  137. /data/spec/rails3/{app_root/spec → spec}/user_activity_logging_spec.rb +0 -0
  138. /data/spec/rails3/{app_root/vendor → vendor}/plugins/.gitkeep +0 -0
@@ -0,0 +1,86 @@
1
+ # The first thing you need to configure is which modules you need in your app.
2
+ # The default is nothing which will include only core features (password encryption, login/logout).
3
+ # Available submodules are: :user_activation, :http_basic_auth, :remember_me, :reset_password, :session_timeout, :brute_force_protection, :activity_logging, :external
4
+ Rails.application.config.sorcery.submodules = []
5
+
6
+ # Here you can configure each submodule's features.
7
+ Rails.application.config.sorcery.configure do |config|
8
+ # -- core --
9
+ # config.not_authenticated_action = :not_authenticated # what controller action to call for non-authenticated users. You can also override 'not_authenticated' instead.
10
+ # config.save_return_to_url = true # when a non logged in user tries to enter a page that requires login, save the URL he wanted to reach,
11
+ # and send him there after login, using 'redirect_back_or_to'.
12
+ # subclasses_inherit_config = false # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
13
+
14
+ # -- session timeout --
15
+ # config.session_timeout = 3600 # how long in seconds to keep the session alive.
16
+ # config.session_timeout_from_last_action = false # use the last action as the beginning of session timeout.
17
+
18
+ # -- http_basic_auth --
19
+ # config.controller_to_realm_map = {"application" => "Application"} # What realm to display for which controller name.
20
+ # For example {"My App" => "Application"}
21
+
22
+ # -- external --
23
+ # config.external_providers = [] # What providers are supported by this app, i.e. [:twitter, :facebook] .
24
+ #
25
+ # config.twitter.key = "eYVNBjBDi33aa9GkA3w"
26
+ # config.twitter.secret = "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8"
27
+ # config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter"
28
+ # config.twitter.user_info_mapping = {:email => "screen_name"}
29
+ #
30
+ # config.facebook.key = "34cebc81c08a521bc66e212f947d73ec"
31
+ # config.facebook.secret = "5b458d179f61d4f036ee66a497ffbcd0"
32
+ # config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
33
+ # config.facebook.user_info_mapping = {:email => "name"}
34
+
35
+ # --- user config ---
36
+ config.user_config do |user|
37
+ # -- core --
38
+ # user.username_attribute_name = :username # change default username attribute, for example, to use :email as the login.
39
+ # user.password_attribute_name = :password # change *virtual* password attribute, the one which is used until an encrypted one is generated.
40
+ # user.email_attribute_name = :email # change default email attribute.
41
+ # user.crypted_password_attribute_name = :crypted_password # change default crypted_password attribute.
42
+ # user.salt_join_token = "" # what pattern to use to join the password with the salt
43
+ # user.salt_attribute_name = :salt # change default salt attribute.
44
+ # user.stretches = nil # how many times to apply encryption to the password.
45
+ # user.encryption_key = nil # encryption key used to encrypt reversible encryptions such as AES256.
46
+ # user.custom_encryption_provider = nil # use an external encryption class.
47
+ # user.encryption_algorithm = :bcrypt # encryption algorithm name. See 'encryption_algorithm=' for available options.
48
+
49
+ # -- user_activation --
50
+ # user.activation_state_attribute_name = :activation_state # the attribute name to hold activation state (active/pending).
51
+ # user.activation_token_attribute_name = :activation_token # the attribute name to hold activation code (sent by email).
52
+ # user.activation_token_expires_at_attribute_name = :activation_token_expires_at # the attribute name to hold activation code expiration date.
53
+ # user.activation_token_expiration_period = nil # how many seconds before the activation code expires. nil for never expires.
54
+ # user.user_activation_mailer = nil # your mailer class. Required.
55
+ # user.activation_needed_email_method_name = :activation_needed_email # activation needed email method on your mailer class.
56
+ # user.activation_success_email_method_name = :activation_success_email # activation success email method on your mailer class.
57
+ # user.prevent_non_active_users_to_login = true # do you want to prevent or allow users that did not activate by email to login?
58
+
59
+ # -- reset_password --
60
+ # user.reset_password_token_attribute_name = :reset_password_token # reset password code attribute name.
61
+ # user.reset_password_token_expires_at_attribute_name = :reset_password_token_expires_at # expires at attribute name.
62
+ # user.reset_password_email_sent_at_attribute_name = :reset_password_email_sent_at # when was email sent, used for hammering protection.
63
+ # user.reset_password_mailer = nil # mailer class. Needed.
64
+ # user.reset_password_email_method_name = :reset_password_email # reset password email method on your mailer class.
65
+ # user.reset_password_expiration_period = nil # how many seconds before the reset request expires. nil for never expires.
66
+ # user.reset_password_time_between_emails = 5 * 60 # hammering protection, how long to wait before allowing another email to be sent.
67
+
68
+ # -- brute_force_protection --
69
+ # user.failed_logins_count_attribute_name = :failed_logins_count # failed logins attribute name.
70
+ # user.lock_expires_at_attribute_name = :lock_expires_at # this field indicates whether user is banned and when it will be active again.
71
+ # user.consecutive_login_retries_amount_limit = 50 # how many failed logins allowed.
72
+ # user.login_lock_time_period = 60 * 60 # how long the user should be banned. in seconds. 0 for permanent.
73
+
74
+ # -- activity logging --
75
+ # user.last_login_at_attribute_name = :last_login_at # last login attribute name.
76
+ # user.last_logout_at_attribute_name = :last_logout_at # last logout attribute name.
77
+ # user.last_activity_at_attribute_name = :last_activity_at # last activity attribute name.
78
+ # user.activity_timeout = 10 * 60 # how long since last activity is the user defined logged out?
79
+
80
+ # -- external --
81
+ # user.authentications_class = nil # class which holds the various external provider data for this user.
82
+ # user.authentications_user_id_attribute_name = :user_id # user's identifier in authentications class.
83
+ # user.provider_attribute_name = :provider # provider's identifier in authentications class.
84
+ # user.provider_uid_attribute_name = :uid # user's external unique identifier in authentications class.
85
+ end
86
+ end
@@ -20,7 +20,7 @@ module Sorcery
20
20
  @defaults.merge!(:@last_login_at_attribute_name => :last_login_at,
21
21
  :@last_logout_at_attribute_name => :last_logout_at,
22
22
  :@last_activity_at_attribute_name => :last_activity_at,
23
- :@activity_timeout => 10.minutes)
23
+ :@activity_timeout => 10 * 60)
24
24
  reset!
25
25
  end
26
26
  end
@@ -16,7 +16,7 @@ module Sorcery
16
16
  @defaults.merge!(:@failed_logins_count_attribute_name => :failed_logins_count,
17
17
  :@lock_expires_at_attribute_name => :lock_expires_at,
18
18
  :@consecutive_login_retries_amount_limit => 50,
19
- :@login_lock_time_period => 3600)
19
+ :@login_lock_time_period => 60 * 60)
20
20
  reset!
21
21
  end
22
22
 
@@ -28,7 +28,7 @@ module Sorcery
28
28
  :@reset_password_mailer => nil,
29
29
  :@reset_password_email_method_name => :reset_password_email,
30
30
  :@reset_password_expiration_period => nil,
31
- :@reset_password_time_between_emails => 5.minutes )
31
+ :@reset_password_time_between_emails => 5 * 60 )
32
32
 
33
33
  reset!
34
34
  end
data/lib/sorcery/model.rb CHANGED
@@ -9,30 +9,36 @@ module Sorcery
9
9
  def self.included(klass)
10
10
  klass.class_eval do
11
11
  class << self
12
- def activate_sorcery!
12
+ def authenticates_with_sorcery!
13
13
  @sorcery_config = Config.new
14
14
  self.class_eval do
15
15
  extend ClassMethods # included here, before submodules, so they can be overriden by them.
16
16
  include InstanceMethods
17
+
18
+ # set the user_class for the controller methods which call it
17
19
  ::Sorcery::Controller::Config.user_class = self
18
20
  @sorcery_config.submodules = ::Sorcery::Controller::Config.submodules
19
21
  @sorcery_config.submodules.each do |mod|
20
22
  begin
21
23
  include Submodules.const_get(mod.to_s.split("_").map {|p| p.capitalize}.join(""))
22
24
  rescue NameError
23
- # don't stop on a missing submodule.
25
+ # don't stop on a missing submodule. Needed because some submodules are only defined in the controller side.
24
26
  end
25
27
  end
26
28
  end
27
29
 
28
- yield @sorcery_config if block_given?
30
+ # This runs the options block set in the initializer on the model class.
31
+ ::Sorcery::Controller::Config.user_config.tap{|blk| blk.call(@sorcery_config) if blk}
29
32
 
33
+ # add virtual password accessor and ORM callbacks
30
34
  self.class_eval do
31
35
  attr_accessor @sorcery_config.password_attribute_name
32
36
  attr_protected @sorcery_config.crypted_password_attribute_name, @sorcery_config.salt_attribute_name
33
37
  before_save :encrypt_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
34
38
  after_save :clear_virtual_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
35
39
  end
40
+
41
+ @sorcery_config.after_config << :add_config_inheritence if @sorcery_config.subclasses_inherit_config
36
42
  @sorcery_config.after_config.each { |c| send(c) }
37
43
  end
38
44
  end
@@ -74,6 +80,20 @@ module Sorcery
74
80
  @sorcery_config.encryption_provider.matches?(crypted, *tokens)
75
81
  end
76
82
 
83
+ def add_config_inheritence
84
+ self.class_eval do
85
+ def self.inherited(subclass)
86
+ subclass.class_eval do
87
+ class << self
88
+ attr_accessor :sorcery_config
89
+ end
90
+ end
91
+ subclass.sorcery_config = sorcery_config
92
+ super
93
+ end
94
+ end
95
+ end
96
+
77
97
  end
78
98
 
79
99
  module InstanceMethods
@@ -131,6 +151,7 @@ module Sorcery
131
151
  :salt_attribute_name, # change default salt attribute.
132
152
  :stretches, # how many times to apply encryption to the password.
133
153
  :encryption_key, # encryption key used to encrypt reversible encryptions such as AES256.
154
+ :subclasses_inherit_config, # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
134
155
 
135
156
  :submodules, # configured in config/application.rb
136
157
  :before_authenticate, # an array of method names to call before authentication completes. used internally.
@@ -154,6 +175,7 @@ module Sorcery
154
175
  :@salt_join_token => "",
155
176
  :@salt_attribute_name => :salt,
156
177
  :@stretches => nil,
178
+ :@subclasses_inherit_config => false,
157
179
  :@before_authenticate => [],
158
180
  :@after_config => []
159
181
  }
@@ -0,0 +1,10 @@
1
+ require 'fileutils'
2
+
3
+ namespace :sorcery do
4
+ desc "Adds sorcery's initializer file"
5
+ task :bootstrap do
6
+ src = File.join(File.dirname(__FILE__), '..', 'initializers', 'initializer.rb')
7
+ target = File.join(Rails.root, "config", "initializers", "sorcery.rb")
8
+ FileUtils.cp(src, target)
9
+ end
10
+ end
@@ -2,13 +2,4 @@ ActiveRecord::Base.send(:include, Sorcery::Model) if defined?(ActiveRecord)
2
2
  if defined?(Sinatra::Base)
3
3
  Sinatra::Base.send(:include, Sorcery::Controller::Adapters::Sinatra)
4
4
  Sinatra::Base.send(:include, Sorcery::Controller)
5
- # Sorcery::Controller::Config.class_eval do
6
- # class << self
7
- # def submodules=(mods)
8
- # @submodules = mods
9
- # Sinatra::Base.send(:include, Sorcery::Controller::Adapters::Sinatra)
10
- # Sinatra::Base.send(:include, Sorcery::Controller)
11
- # end
12
- # end
13
- # end
14
5
  end
@@ -0,0 +1,52 @@
1
+ module Sorcery
2
+ module TestHelpers
3
+ module Internal
4
+ module Rails
5
+ include ::Sorcery::TestHelpers::Rails
6
+
7
+ SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS = [:register_last_activity_time_to_db, :deny_banned_user, :validate_session]
8
+
9
+ def sorcery_reload!(submodules = [], options = {})
10
+ reload_user_class
11
+
12
+ # return to no-module configuration
13
+ ::Sorcery::Controller::Config.init!
14
+ ::Sorcery::Controller::Config.reset!
15
+
16
+ # remove all plugin before_filters so they won't fail other tests.
17
+ # I don't like this way, but I didn't find another.
18
+ # hopefully it won't break until Rails 4.
19
+ ApplicationController._process_action_callbacks.delete_if {|c| SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
20
+
21
+ # configure
22
+ ::Sorcery::Controller::Config.submodules = submodules
23
+ ::Sorcery::Controller::Config.user_class = nil
24
+ ActionController::Base.send(:include,::Sorcery::Controller)
25
+
26
+ ::Sorcery::Controller::Config.user_config do |user|
27
+ options.each do |property,value|
28
+ user.send(:"#{property}=", value)
29
+ end
30
+ end
31
+ User.authenticates_with_sorcery!
32
+ end
33
+
34
+ def sorcery_controller_property_set(property, value)
35
+ ::Sorcery::Controller::Config.send(:"#{property}=", value)
36
+ end
37
+
38
+ def sorcery_controller_external_property_set(provider, property, value)
39
+ ::Sorcery::Controller::Config.send(provider).send(:"#{property}=", value)
40
+ end
41
+
42
+ # This helper is used to fake multiple users signing in in tests.
43
+ # It does so by clearing @current_user, thus allowing a new user to login,
44
+ # all this without calling the :logout action explicitly.
45
+ # A dirty dirty hack.
46
+ def clear_user_without_logout
47
+ subject.instance_variable_set(:@current_user,nil)
48
+ end
49
+ end
50
+ end
51
+ end
52
+ end
@@ -0,0 +1,122 @@
1
+ module Sorcery
2
+ module TestHelpers
3
+ module Internal
4
+ module Sinatra
5
+
6
+ class ::Sinatra::Application
7
+ class << self
8
+ attr_accessor :sorcery_vars
9
+ end
10
+ @sorcery_vars = {}
11
+
12
+ # NOTE: see before and after test filters in filters.rb
13
+
14
+ def save_instance_vars
15
+ instance_variables.each do |var|
16
+ self.class.sorcery_vars[:"#{var.to_s.delete("@")}"] = instance_variable_get(var)
17
+ end
18
+ end
19
+ end
20
+
21
+ ::RSpec::Matchers.define :redirect_to do |expected|
22
+ match do |actual|
23
+ actual.status == 302 && actual.location == expected
24
+ end
25
+ end
26
+
27
+ def get_sinatra_app(app)
28
+ while app.class != ::Sinatra::Application do
29
+ app = app.instance_variable_get(:@app)
30
+ end
31
+ app
32
+ end
33
+
34
+ def login_user(user=nil)
35
+ user ||= @user
36
+ get_sinatra_app(subject).send(:login_user,user)
37
+ get_sinatra_app(subject).send(:after_login!,user,[user.username,'secret'])
38
+ end
39
+
40
+ def logout_user
41
+ get_sinatra_app(subject).send(:logout)
42
+ end
43
+
44
+ def clear_user_without_logout
45
+ get_sinatra_app(subject).instance_variable_set(:@current_user,nil)
46
+ end
47
+
48
+ def assigns
49
+ ::Sinatra::Application.sorcery_vars
50
+ end
51
+
52
+ class SessionData
53
+ def initialize(cookies)
54
+ @cookies = cookies
55
+ @data = cookies['rack.session']
56
+ if @data
57
+ @data = @data.unpack("m*").first
58
+ @data = Marshal.load(@data)
59
+ else
60
+ @data = {}
61
+ end
62
+ end
63
+
64
+ def [](key)
65
+ @data[key]
66
+ end
67
+
68
+ def []=(key, value)
69
+ @data[key] = value
70
+ session_data = Marshal.dump(@data)
71
+ session_data = [session_data].pack("m*")
72
+ @cookies.merge("rack.session=#{Rack::Utils.escape(session_data)}", URI.parse("//example.org//"))
73
+ raise "session variable not set" unless @cookies['rack.session'] == session_data
74
+ end
75
+ end
76
+
77
+ def session
78
+ SessionData.new(rack_test_session.instance_variable_get(:@rack_mock_session).cookie_jar)
79
+ end
80
+
81
+ def cookies
82
+ rack_test_session.instance_variable_get(:@rack_mock_session).cookie_jar
83
+ end
84
+
85
+ def sorcery_reload!(submodules = [], options = {})
86
+ reload_user_class
87
+
88
+ # return to no-module configuration
89
+ ::Sorcery::Controller::Config.init!
90
+ ::Sorcery::Controller::Config.reset!
91
+
92
+ # clear all filters
93
+ ::Sinatra::Application.instance_variable_set(:@filters,{:before => [],:after => []})
94
+ ::Sinatra::Application.class_eval do
95
+ load File.join(File.dirname(__FILE__),'..','..','..','..','spec','sinatra','filters.rb')
96
+ end
97
+
98
+ # configure
99
+ ::Sorcery::Controller::Config.submodules = submodules
100
+ ::Sorcery::Controller::Config.user_class = nil
101
+ ::Sinatra::Application.send(:include, Sorcery::Controller::Adapters::Sinatra)
102
+ ::Sinatra::Application.send(:include, Sorcery::Controller)
103
+
104
+ ::Sorcery::Controller::Config.user_config do |user|
105
+ options.each do |property,value|
106
+ user.send(:"#{property}=", value)
107
+ end
108
+ end
109
+ User.authenticates_with_sorcery!
110
+ end
111
+
112
+ def sorcery_controller_property_set(property, value)
113
+ ::Sorcery::Controller::Config.send(:"#{property}=", value)
114
+ end
115
+
116
+ def sorcery_controller_external_property_set(provider, property, value)
117
+ ::Sorcery::Controller::Config.send(provider).send(:"#{property}=", value)
118
+ end
119
+ end
120
+ end
121
+ end
122
+ end
@@ -0,0 +1,55 @@
1
+ module Sorcery
2
+ module TestHelpers
3
+ # Internal TestHelpers are used to test the gem, internally, and should not be used to test apps *using* sorcery.
4
+ # This file will be included in the spec_helper file.
5
+ module Internal
6
+ def self.included(base)
7
+ # reducing default cost for specs speed
8
+ CryptoProviders::BCrypt.class_eval do
9
+ class << self
10
+ def cost
11
+ 1
12
+ end
13
+ end
14
+ end
15
+ end
16
+
17
+ # a patch to fix a bug in testing that happens when you 'destroy' a session twice.
18
+ # After the first destroy, the session is an ordinary hash, and then when destroy is called again there's an exception.
19
+ class ::Hash
20
+ def destroy
21
+ clear
22
+ end
23
+ end
24
+
25
+ def create_new_user(attributes_hash = nil)
26
+ user_attributes_hash = attributes_hash || {:username => 'gizmo', :email => "bla@bla.com", :password => 'secret'}
27
+ @user = User.new(user_attributes_hash)
28
+ @user.save!
29
+ @user
30
+ end
31
+
32
+ def create_new_external_user(provider, attributes_hash = nil)
33
+ user_attributes_hash = attributes_hash || {:username => 'gizmo', :authentications_attributes => [{:provider => provider, :uid => 123}]}
34
+ @user = User.new(user_attributes_hash)
35
+ @user.save!
36
+ @user
37
+ end
38
+
39
+ def sorcery_model_property_set(property, *values)
40
+ User.class_eval do
41
+ sorcery_config.send(:"#{property}=", *values)
42
+ end
43
+ end
44
+
45
+ private
46
+
47
+ # reload user class between specs
48
+ # so it will be possible to test the different submodules in isolation
49
+ def reload_user_class
50
+ Object.send(:remove_const,:User)
51
+ load 'user.rb'
52
+ end
53
+ end
54
+ end
55
+ end
@@ -1,57 +1,16 @@
1
1
  module Sorcery
2
2
  module TestHelpers
3
3
  module Rails
4
- SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS = [:register_last_activity_time_to_db, :deny_banned_user, :validate_session]
5
-
6
- def sorcery_reload!(submodules = [], options = {})
7
- reload_user_class
8
-
9
- # return to no-module configuration
10
- ::Sorcery::Controller::Config.init!
11
- ::Sorcery::Controller::Config.reset!
12
-
13
- # remove all plugin before_filters so they won't fail other tests.
14
- # I don't like this way, but I didn't find another.
15
- # hopefully it won't break until Rails 4.
16
- ApplicationController._process_action_callbacks.delete_if {|c| SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
17
-
18
- # configure
19
- ::Sorcery::Controller::Config.submodules = submodules
20
- ::Sorcery::Controller::Config.user_class = nil
21
- ActionController::Base.send(:include,::Sorcery::Controller)
22
-
23
- User.activate_sorcery! do |config|
24
- options.each do |property,value|
25
- config.send(:"#{property}=", value)
26
- end
27
- end
28
- end
29
-
30
- def sorcery_controller_property_set(property, value)
31
- ApplicationController.activate_sorcery! do |config|
32
- config.send(:"#{property}=", value)
33
- end
34
- end
35
-
36
- def sorcery_controller_oauth_property_set(provider, property, value)
37
- ApplicationController.activate_sorcery! do |config|
38
- config.send(provider).send(:"#{property}=", value)
39
- end
40
- end
41
-
4
+ # logins a user and calls all callbacks
42
5
  def login_user(user = nil)
43
6
  user ||= @user
44
- subject.send(:login_user,user)
45
- subject.send(:after_login!,user,[user.username,'secret'])
7
+ @controller.send(:login_user,user)
8
+ @controller.send(:after_login!,user,[user.send(user.sorcery_config.username_attribute_name),'secret'])
46
9
  end
47
10
 
48
11
  def logout_user
49
- subject.send(:logout)
50
- end
51
-
52
- def clear_user_without_logout
53
- subject.instance_variable_set(:@current_user,nil)
12
+ @controller.send(:logout)
54
13
  end
55
14
  end
56
15
  end
57
- end
16
+ end