sorcery 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +1 -1
- data/VERSION +1 -1
- data/lib/sorcery/crypto_providers/bcrypt.rb +2 -4
- data/lib/sorcery/initializers/initializer.rb +58 -58
- data/lib/sorcery/model/submodules/activity_logging.rb +1 -1
- data/lib/sorcery/model/submodules/brute_force_protection.rb +1 -1
- data/lib/sorcery/model/submodules/reset_password.rb +1 -1
- data/lib/sorcery/model.rb +21 -1
- data/lib/sorcery/test_helpers/internal/rails.rb +52 -0
- data/lib/sorcery/test_helpers/internal/sinatra.rb +122 -0
- data/lib/sorcery/test_helpers/internal.rb +55 -0
- data/lib/sorcery/test_helpers/rails.rb +5 -43
- data/lib/sorcery/test_helpers/sinatra.rb +59 -102
- data/lib/sorcery/test_helpers.rb +0 -47
- data/lib/sorcery.rb +7 -0
- data/sorcery.gemspec +5 -2
- data/spec/Gemfile +1 -1
- data/spec/Gemfile.lock +12 -4
- data/spec/rails3/Gemfile +1 -1
- data/spec/rails3/Gemfile.lock +2 -2
- data/spec/rails3/spec/controller_activity_logging_spec.rb +2 -4
- data/spec/rails3/spec/controller_oauth_spec.rb +3 -3
- data/spec/rails3/spec/controller_session_timeout_spec.rb +20 -19
- data/spec/rails3/spec/controller_spec.rb +6 -16
- data/spec/rails3/spec/spec_helper.rb +2 -2
- data/spec/rails3/spec/user_activation_spec.rb +2 -12
- data/spec/rails3/spec/user_brute_force_protection_spec.rb +2 -30
- data/spec/rails3/spec/user_remember_me_spec.rb +3 -11
- data/spec/rails3/spec/user_reset_password_spec.rb +13 -14
- data/spec/rails3/spec/user_spec.rb +18 -2
- data/spec/sinatra/Gemfile +1 -1
- data/spec/sinatra/Gemfile.lock +2 -2
- data/spec/sinatra/spec/controller_session_timeout_spec.rb +23 -22
- data/spec/sinatra/spec/spec_helper.rb +2 -1
- metadata +5 -2
data/README.rdoc
CHANGED
|
@@ -28,7 +28,7 @@ Example Rails 3 app using sorcery: https://github.com/NoamB/sorcery-example-app
|
|
|
28
28
|
|
|
29
29
|
Example Sinatra app using sorcery: https://github.com/NoamB/sorcery-example-app-sinatra
|
|
30
30
|
|
|
31
|
-
Documentation: http://rubydoc.info/gems/sorcery/0.4.
|
|
31
|
+
Documentation: http://rubydoc.info/gems/sorcery/0.4.2/frames
|
|
32
32
|
|
|
33
33
|
Check out the tutorials in the github wiki!
|
|
34
34
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.4.
|
|
1
|
+
0.4.2
|
|
@@ -30,11 +30,9 @@ module Sorcery
|
|
|
30
30
|
#
|
|
31
31
|
# gem install bcrypt-ruby
|
|
32
32
|
#
|
|
33
|
-
#
|
|
33
|
+
# Update your initializer to use it:
|
|
34
34
|
#
|
|
35
|
-
#
|
|
36
|
-
# c.encryption_algorithm = :bcrypt
|
|
37
|
-
# end
|
|
35
|
+
# config.encryption_algorithm = :bcrypt
|
|
38
36
|
#
|
|
39
37
|
# You are good to go!
|
|
40
38
|
class BCrypt
|
|
@@ -1,25 +1,26 @@
|
|
|
1
1
|
# The first thing you need to configure is which modules you need in your app.
|
|
2
2
|
# The default is nothing which will include only core features (password encryption, login/logout).
|
|
3
3
|
# Available submodules are: :user_activation, :http_basic_auth, :remember_me, :reset_password, :session_timeout, :brute_force_protection, :activity_logging, :external
|
|
4
|
-
|
|
4
|
+
Rails.application.config.sorcery.submodules = []
|
|
5
5
|
|
|
6
6
|
# Here you can configure each submodule's features.
|
|
7
|
-
|
|
7
|
+
Rails.application.config.sorcery.configure do |config|
|
|
8
8
|
# -- core --
|
|
9
|
-
# config.not_authenticated_action = :not_authenticated
|
|
10
|
-
# config.save_return_to_url = true
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
#
|
|
15
|
-
# config.
|
|
9
|
+
# config.not_authenticated_action = :not_authenticated # what controller action to call for non-authenticated users. You can also override 'not_authenticated' instead.
|
|
10
|
+
# config.save_return_to_url = true # when a non logged in user tries to enter a page that requires login, save the URL he wanted to reach,
|
|
11
|
+
# and send him there after login, using 'redirect_back_or_to'.
|
|
12
|
+
# subclasses_inherit_config = false # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
|
|
13
|
+
|
|
14
|
+
# -- session timeout --
|
|
15
|
+
# config.session_timeout = 3600 # how long in seconds to keep the session alive.
|
|
16
|
+
# config.session_timeout_from_last_action = false # use the last action as the beginning of session timeout.
|
|
16
17
|
|
|
17
18
|
# -- http_basic_auth --
|
|
18
19
|
# config.controller_to_realm_map = {"application" => "Application"} # What realm to display for which controller name.
|
|
19
20
|
# For example {"My App" => "Application"}
|
|
20
21
|
|
|
21
22
|
# -- external --
|
|
22
|
-
# config.external_providers = []
|
|
23
|
+
# config.external_providers = [] # What providers are supported by this app, i.e. [:twitter, :facebook] .
|
|
23
24
|
#
|
|
24
25
|
# config.twitter.key = "eYVNBjBDi33aa9GkA3w"
|
|
25
26
|
# config.twitter.secret = "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8"
|
|
@@ -34,53 +35,52 @@ Collaboration::Application.config.sorcery.configure do |config|
|
|
|
34
35
|
# --- user config ---
|
|
35
36
|
config.user_config do |user|
|
|
36
37
|
# -- core --
|
|
37
|
-
# user.username_attribute_name =
|
|
38
|
-
# user.password_attribute_name =
|
|
39
|
-
# user.email_attribute_name =
|
|
40
|
-
# user.crypted_password_attribute_name =
|
|
41
|
-
# user.salt_join_token =
|
|
42
|
-
# user.salt_attribute_name =
|
|
43
|
-
# user.stretches =
|
|
44
|
-
# user.encryption_key =
|
|
45
|
-
# user.
|
|
46
|
-
# user.
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
#
|
|
50
|
-
# user.
|
|
51
|
-
# user.
|
|
52
|
-
# user.
|
|
53
|
-
# user.
|
|
54
|
-
# user.
|
|
55
|
-
# user.
|
|
56
|
-
# user.
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
#
|
|
60
|
-
# user.
|
|
61
|
-
# user.
|
|
62
|
-
# user.
|
|
63
|
-
# user.
|
|
64
|
-
# user.
|
|
65
|
-
# user.
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
#
|
|
69
|
-
# user.
|
|
70
|
-
# user.
|
|
71
|
-
# user.
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
#
|
|
75
|
-
# user.
|
|
76
|
-
# user.
|
|
77
|
-
# user.
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
#
|
|
81
|
-
# user.
|
|
82
|
-
# user.
|
|
83
|
-
# user.
|
|
84
|
-
# user.provider_uid_attribute_name = # user's external unique identifier in authentications class.
|
|
38
|
+
# user.username_attribute_name = :username # change default username attribute, for example, to use :email as the login.
|
|
39
|
+
# user.password_attribute_name = :password # change *virtual* password attribute, the one which is used until an encrypted one is generated.
|
|
40
|
+
# user.email_attribute_name = :email # change default email attribute.
|
|
41
|
+
# user.crypted_password_attribute_name = :crypted_password # change default crypted_password attribute.
|
|
42
|
+
# user.salt_join_token = "" # what pattern to use to join the password with the salt
|
|
43
|
+
# user.salt_attribute_name = :salt # change default salt attribute.
|
|
44
|
+
# user.stretches = nil # how many times to apply encryption to the password.
|
|
45
|
+
# user.encryption_key = nil # encryption key used to encrypt reversible encryptions such as AES256.
|
|
46
|
+
# user.custom_encryption_provider = nil # use an external encryption class.
|
|
47
|
+
# user.encryption_algorithm = :bcrypt # encryption algorithm name. See 'encryption_algorithm=' for available options.
|
|
48
|
+
|
|
49
|
+
# -- user_activation --
|
|
50
|
+
# user.activation_state_attribute_name = :activation_state # the attribute name to hold activation state (active/pending).
|
|
51
|
+
# user.activation_token_attribute_name = :activation_token # the attribute name to hold activation code (sent by email).
|
|
52
|
+
# user.activation_token_expires_at_attribute_name = :activation_token_expires_at # the attribute name to hold activation code expiration date.
|
|
53
|
+
# user.activation_token_expiration_period = nil # how many seconds before the activation code expires. nil for never expires.
|
|
54
|
+
# user.user_activation_mailer = nil # your mailer class. Required.
|
|
55
|
+
# user.activation_needed_email_method_name = :activation_needed_email # activation needed email method on your mailer class.
|
|
56
|
+
# user.activation_success_email_method_name = :activation_success_email # activation success email method on your mailer class.
|
|
57
|
+
# user.prevent_non_active_users_to_login = true # do you want to prevent or allow users that did not activate by email to login?
|
|
58
|
+
|
|
59
|
+
# -- reset_password --
|
|
60
|
+
# user.reset_password_token_attribute_name = :reset_password_token # reset password code attribute name.
|
|
61
|
+
# user.reset_password_token_expires_at_attribute_name = :reset_password_token_expires_at # expires at attribute name.
|
|
62
|
+
# user.reset_password_email_sent_at_attribute_name = :reset_password_email_sent_at # when was email sent, used for hammering protection.
|
|
63
|
+
# user.reset_password_mailer = nil # mailer class. Needed.
|
|
64
|
+
# user.reset_password_email_method_name = :reset_password_email # reset password email method on your mailer class.
|
|
65
|
+
# user.reset_password_expiration_period = nil # how many seconds before the reset request expires. nil for never expires.
|
|
66
|
+
# user.reset_password_time_between_emails = 5 * 60 # hammering protection, how long to wait before allowing another email to be sent.
|
|
67
|
+
|
|
68
|
+
# -- brute_force_protection --
|
|
69
|
+
# user.failed_logins_count_attribute_name = :failed_logins_count # failed logins attribute name.
|
|
70
|
+
# user.lock_expires_at_attribute_name = :lock_expires_at # this field indicates whether user is banned and when it will be active again.
|
|
71
|
+
# user.consecutive_login_retries_amount_limit = 50 # how many failed logins allowed.
|
|
72
|
+
# user.login_lock_time_period = 60 * 60 # how long the user should be banned. in seconds. 0 for permanent.
|
|
73
|
+
|
|
74
|
+
# -- activity logging --
|
|
75
|
+
# user.last_login_at_attribute_name = :last_login_at # last login attribute name.
|
|
76
|
+
# user.last_logout_at_attribute_name = :last_logout_at # last logout attribute name.
|
|
77
|
+
# user.last_activity_at_attribute_name = :last_activity_at # last activity attribute name.
|
|
78
|
+
# user.activity_timeout = 10 * 60 # how long since last activity is the user defined logged out?
|
|
79
|
+
|
|
80
|
+
# -- external --
|
|
81
|
+
# user.authentications_class = nil # class which holds the various external provider data for this user.
|
|
82
|
+
# user.authentications_user_id_attribute_name = :user_id # user's identifier in authentications class.
|
|
83
|
+
# user.provider_attribute_name = :provider # provider's identifier in authentications class.
|
|
84
|
+
# user.provider_uid_attribute_name = :uid # user's external unique identifier in authentications class.
|
|
85
85
|
end
|
|
86
86
|
end
|
|
@@ -20,7 +20,7 @@ module Sorcery
|
|
|
20
20
|
@defaults.merge!(:@last_login_at_attribute_name => :last_login_at,
|
|
21
21
|
:@last_logout_at_attribute_name => :last_logout_at,
|
|
22
22
|
:@last_activity_at_attribute_name => :last_activity_at,
|
|
23
|
-
:@activity_timeout => 10
|
|
23
|
+
:@activity_timeout => 10 * 60)
|
|
24
24
|
reset!
|
|
25
25
|
end
|
|
26
26
|
end
|
|
@@ -16,7 +16,7 @@ module Sorcery
|
|
|
16
16
|
@defaults.merge!(:@failed_logins_count_attribute_name => :failed_logins_count,
|
|
17
17
|
:@lock_expires_at_attribute_name => :lock_expires_at,
|
|
18
18
|
:@consecutive_login_retries_amount_limit => 50,
|
|
19
|
-
:@login_lock_time_period =>
|
|
19
|
+
:@login_lock_time_period => 60 * 60)
|
|
20
20
|
reset!
|
|
21
21
|
end
|
|
22
22
|
|
|
@@ -28,7 +28,7 @@ module Sorcery
|
|
|
28
28
|
:@reset_password_mailer => nil,
|
|
29
29
|
:@reset_password_email_method_name => :reset_password_email,
|
|
30
30
|
:@reset_password_expiration_period => nil,
|
|
31
|
-
:@reset_password_time_between_emails => 5
|
|
31
|
+
:@reset_password_time_between_emails => 5 * 60 )
|
|
32
32
|
|
|
33
33
|
reset!
|
|
34
34
|
end
|
data/lib/sorcery/model.rb
CHANGED
|
@@ -22,19 +22,23 @@ module Sorcery
|
|
|
22
22
|
begin
|
|
23
23
|
include Submodules.const_get(mod.to_s.split("_").map {|p| p.capitalize}.join(""))
|
|
24
24
|
rescue NameError
|
|
25
|
-
# don't stop on a missing submodule.
|
|
25
|
+
# don't stop on a missing submodule. Needed because some submodules are only defined in the controller side.
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
+
# This runs the options block set in the initializer on the model class.
|
|
30
31
|
::Sorcery::Controller::Config.user_config.tap{|blk| blk.call(@sorcery_config) if blk}
|
|
31
32
|
|
|
33
|
+
# add virtual password accessor and ORM callbacks
|
|
32
34
|
self.class_eval do
|
|
33
35
|
attr_accessor @sorcery_config.password_attribute_name
|
|
34
36
|
attr_protected @sorcery_config.crypted_password_attribute_name, @sorcery_config.salt_attribute_name
|
|
35
37
|
before_save :encrypt_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
|
|
36
38
|
after_save :clear_virtual_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
|
|
37
39
|
end
|
|
40
|
+
|
|
41
|
+
@sorcery_config.after_config << :add_config_inheritence if @sorcery_config.subclasses_inherit_config
|
|
38
42
|
@sorcery_config.after_config.each { |c| send(c) }
|
|
39
43
|
end
|
|
40
44
|
end
|
|
@@ -76,6 +80,20 @@ module Sorcery
|
|
|
76
80
|
@sorcery_config.encryption_provider.matches?(crypted, *tokens)
|
|
77
81
|
end
|
|
78
82
|
|
|
83
|
+
def add_config_inheritence
|
|
84
|
+
self.class_eval do
|
|
85
|
+
def self.inherited(subclass)
|
|
86
|
+
subclass.class_eval do
|
|
87
|
+
class << self
|
|
88
|
+
attr_accessor :sorcery_config
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
subclass.sorcery_config = sorcery_config
|
|
92
|
+
super
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
79
97
|
end
|
|
80
98
|
|
|
81
99
|
module InstanceMethods
|
|
@@ -133,6 +151,7 @@ module Sorcery
|
|
|
133
151
|
:salt_attribute_name, # change default salt attribute.
|
|
134
152
|
:stretches, # how many times to apply encryption to the password.
|
|
135
153
|
:encryption_key, # encryption key used to encrypt reversible encryptions such as AES256.
|
|
154
|
+
:subclasses_inherit_config, # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
|
|
136
155
|
|
|
137
156
|
:submodules, # configured in config/application.rb
|
|
138
157
|
:before_authenticate, # an array of method names to call before authentication completes. used internally.
|
|
@@ -156,6 +175,7 @@ module Sorcery
|
|
|
156
175
|
:@salt_join_token => "",
|
|
157
176
|
:@salt_attribute_name => :salt,
|
|
158
177
|
:@stretches => nil,
|
|
178
|
+
:@subclasses_inherit_config => false,
|
|
159
179
|
:@before_authenticate => [],
|
|
160
180
|
:@after_config => []
|
|
161
181
|
}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
module Sorcery
|
|
2
|
+
module TestHelpers
|
|
3
|
+
module Internal
|
|
4
|
+
module Rails
|
|
5
|
+
include ::Sorcery::TestHelpers::Rails
|
|
6
|
+
|
|
7
|
+
SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS = [:register_last_activity_time_to_db, :deny_banned_user, :validate_session]
|
|
8
|
+
|
|
9
|
+
def sorcery_reload!(submodules = [], options = {})
|
|
10
|
+
reload_user_class
|
|
11
|
+
|
|
12
|
+
# return to no-module configuration
|
|
13
|
+
::Sorcery::Controller::Config.init!
|
|
14
|
+
::Sorcery::Controller::Config.reset!
|
|
15
|
+
|
|
16
|
+
# remove all plugin before_filters so they won't fail other tests.
|
|
17
|
+
# I don't like this way, but I didn't find another.
|
|
18
|
+
# hopefully it won't break until Rails 4.
|
|
19
|
+
ApplicationController._process_action_callbacks.delete_if {|c| SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
|
|
20
|
+
|
|
21
|
+
# configure
|
|
22
|
+
::Sorcery::Controller::Config.submodules = submodules
|
|
23
|
+
::Sorcery::Controller::Config.user_class = nil
|
|
24
|
+
ActionController::Base.send(:include,::Sorcery::Controller)
|
|
25
|
+
|
|
26
|
+
::Sorcery::Controller::Config.user_config do |user|
|
|
27
|
+
options.each do |property,value|
|
|
28
|
+
user.send(:"#{property}=", value)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
User.authenticates_with_sorcery!
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def sorcery_controller_property_set(property, value)
|
|
35
|
+
::Sorcery::Controller::Config.send(:"#{property}=", value)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def sorcery_controller_external_property_set(provider, property, value)
|
|
39
|
+
::Sorcery::Controller::Config.send(provider).send(:"#{property}=", value)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# This helper is used to fake multiple users signing in in tests.
|
|
43
|
+
# It does so by clearing @current_user, thus allowing a new user to login,
|
|
44
|
+
# all this without calling the :logout action explicitly.
|
|
45
|
+
# A dirty dirty hack.
|
|
46
|
+
def clear_user_without_logout
|
|
47
|
+
subject.instance_variable_set(:@current_user,nil)
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
module Sorcery
|
|
2
|
+
module TestHelpers
|
|
3
|
+
module Internal
|
|
4
|
+
module Sinatra
|
|
5
|
+
|
|
6
|
+
class ::Sinatra::Application
|
|
7
|
+
class << self
|
|
8
|
+
attr_accessor :sorcery_vars
|
|
9
|
+
end
|
|
10
|
+
@sorcery_vars = {}
|
|
11
|
+
|
|
12
|
+
# NOTE: see before and after test filters in filters.rb
|
|
13
|
+
|
|
14
|
+
def save_instance_vars
|
|
15
|
+
instance_variables.each do |var|
|
|
16
|
+
self.class.sorcery_vars[:"#{var.to_s.delete("@")}"] = instance_variable_get(var)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
::RSpec::Matchers.define :redirect_to do |expected|
|
|
22
|
+
match do |actual|
|
|
23
|
+
actual.status == 302 && actual.location == expected
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def get_sinatra_app(app)
|
|
28
|
+
while app.class != ::Sinatra::Application do
|
|
29
|
+
app = app.instance_variable_get(:@app)
|
|
30
|
+
end
|
|
31
|
+
app
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def login_user(user=nil)
|
|
35
|
+
user ||= @user
|
|
36
|
+
get_sinatra_app(subject).send(:login_user,user)
|
|
37
|
+
get_sinatra_app(subject).send(:after_login!,user,[user.username,'secret'])
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def logout_user
|
|
41
|
+
get_sinatra_app(subject).send(:logout)
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def clear_user_without_logout
|
|
45
|
+
get_sinatra_app(subject).instance_variable_set(:@current_user,nil)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def assigns
|
|
49
|
+
::Sinatra::Application.sorcery_vars
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
class SessionData
|
|
53
|
+
def initialize(cookies)
|
|
54
|
+
@cookies = cookies
|
|
55
|
+
@data = cookies['rack.session']
|
|
56
|
+
if @data
|
|
57
|
+
@data = @data.unpack("m*").first
|
|
58
|
+
@data = Marshal.load(@data)
|
|
59
|
+
else
|
|
60
|
+
@data = {}
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def [](key)
|
|
65
|
+
@data[key]
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def []=(key, value)
|
|
69
|
+
@data[key] = value
|
|
70
|
+
session_data = Marshal.dump(@data)
|
|
71
|
+
session_data = [session_data].pack("m*")
|
|
72
|
+
@cookies.merge("rack.session=#{Rack::Utils.escape(session_data)}", URI.parse("//example.org//"))
|
|
73
|
+
raise "session variable not set" unless @cookies['rack.session'] == session_data
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def session
|
|
78
|
+
SessionData.new(rack_test_session.instance_variable_get(:@rack_mock_session).cookie_jar)
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def cookies
|
|
82
|
+
rack_test_session.instance_variable_get(:@rack_mock_session).cookie_jar
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def sorcery_reload!(submodules = [], options = {})
|
|
86
|
+
reload_user_class
|
|
87
|
+
|
|
88
|
+
# return to no-module configuration
|
|
89
|
+
::Sorcery::Controller::Config.init!
|
|
90
|
+
::Sorcery::Controller::Config.reset!
|
|
91
|
+
|
|
92
|
+
# clear all filters
|
|
93
|
+
::Sinatra::Application.instance_variable_set(:@filters,{:before => [],:after => []})
|
|
94
|
+
::Sinatra::Application.class_eval do
|
|
95
|
+
load File.join(File.dirname(__FILE__),'..','..','..','..','spec','sinatra','filters.rb')
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
# configure
|
|
99
|
+
::Sorcery::Controller::Config.submodules = submodules
|
|
100
|
+
::Sorcery::Controller::Config.user_class = nil
|
|
101
|
+
::Sinatra::Application.send(:include, Sorcery::Controller::Adapters::Sinatra)
|
|
102
|
+
::Sinatra::Application.send(:include, Sorcery::Controller)
|
|
103
|
+
|
|
104
|
+
::Sorcery::Controller::Config.user_config do |user|
|
|
105
|
+
options.each do |property,value|
|
|
106
|
+
user.send(:"#{property}=", value)
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
User.authenticates_with_sorcery!
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
def sorcery_controller_property_set(property, value)
|
|
113
|
+
::Sorcery::Controller::Config.send(:"#{property}=", value)
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
def sorcery_controller_external_property_set(provider, property, value)
|
|
117
|
+
::Sorcery::Controller::Config.send(provider).send(:"#{property}=", value)
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
module Sorcery
|
|
2
|
+
module TestHelpers
|
|
3
|
+
# Internal TestHelpers are used to test the gem, internally, and should not be used to test apps *using* sorcery.
|
|
4
|
+
# This file will be included in the spec_helper file.
|
|
5
|
+
module Internal
|
|
6
|
+
def self.included(base)
|
|
7
|
+
# reducing default cost for specs speed
|
|
8
|
+
CryptoProviders::BCrypt.class_eval do
|
|
9
|
+
class << self
|
|
10
|
+
def cost
|
|
11
|
+
1
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# a patch to fix a bug in testing that happens when you 'destroy' a session twice.
|
|
18
|
+
# After the first destroy, the session is an ordinary hash, and then when destroy is called again there's an exception.
|
|
19
|
+
class ::Hash
|
|
20
|
+
def destroy
|
|
21
|
+
clear
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def create_new_user(attributes_hash = nil)
|
|
26
|
+
user_attributes_hash = attributes_hash || {:username => 'gizmo', :email => "bla@bla.com", :password => 'secret'}
|
|
27
|
+
@user = User.new(user_attributes_hash)
|
|
28
|
+
@user.save!
|
|
29
|
+
@user
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def create_new_external_user(provider, attributes_hash = nil)
|
|
33
|
+
user_attributes_hash = attributes_hash || {:username => 'gizmo', :authentications_attributes => [{:provider => provider, :uid => 123}]}
|
|
34
|
+
@user = User.new(user_attributes_hash)
|
|
35
|
+
@user.save!
|
|
36
|
+
@user
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def sorcery_model_property_set(property, *values)
|
|
40
|
+
User.class_eval do
|
|
41
|
+
sorcery_config.send(:"#{property}=", *values)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
private
|
|
46
|
+
|
|
47
|
+
# reload user class between specs
|
|
48
|
+
# so it will be possible to test the different submodules in isolation
|
|
49
|
+
def reload_user_class
|
|
50
|
+
Object.send(:remove_const,:User)
|
|
51
|
+
load 'user.rb'
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -1,54 +1,16 @@
|
|
|
1
1
|
module Sorcery
|
|
2
2
|
module TestHelpers
|
|
3
3
|
module Rails
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
def sorcery_reload!(submodules = [], options = {})
|
|
7
|
-
reload_user_class
|
|
8
|
-
|
|
9
|
-
# return to no-module configuration
|
|
10
|
-
::Sorcery::Controller::Config.init!
|
|
11
|
-
::Sorcery::Controller::Config.reset!
|
|
12
|
-
|
|
13
|
-
# remove all plugin before_filters so they won't fail other tests.
|
|
14
|
-
# I don't like this way, but I didn't find another.
|
|
15
|
-
# hopefully it won't break until Rails 4.
|
|
16
|
-
ApplicationController._process_action_callbacks.delete_if {|c| SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
|
|
17
|
-
|
|
18
|
-
# configure
|
|
19
|
-
::Sorcery::Controller::Config.submodules = submodules
|
|
20
|
-
::Sorcery::Controller::Config.user_class = nil
|
|
21
|
-
ActionController::Base.send(:include,::Sorcery::Controller)
|
|
22
|
-
|
|
23
|
-
::Sorcery::Controller::Config.user_config do |user|
|
|
24
|
-
options.each do |property,value|
|
|
25
|
-
user.send(:"#{property}=", value)
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
User.authenticates_with_sorcery!
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def sorcery_controller_property_set(property, value)
|
|
32
|
-
::Sorcery::Controller::Config.send(:"#{property}=", value)
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def sorcery_controller_external_property_set(provider, property, value)
|
|
36
|
-
::Sorcery::Controller::Config.send(provider).send(:"#{property}=", value)
|
|
37
|
-
end
|
|
38
|
-
|
|
4
|
+
# logins a user and calls all callbacks
|
|
39
5
|
def login_user(user = nil)
|
|
40
6
|
user ||= @user
|
|
41
|
-
|
|
42
|
-
|
|
7
|
+
@controller.send(:login_user,user)
|
|
8
|
+
@controller.send(:after_login!,user,[user.send(user.sorcery_config.username_attribute_name),'secret'])
|
|
43
9
|
end
|
|
44
10
|
|
|
45
11
|
def logout_user
|
|
46
|
-
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
def clear_user_without_logout
|
|
50
|
-
subject.instance_variable_set(:@current_user,nil)
|
|
12
|
+
@controller.send(:logout)
|
|
51
13
|
end
|
|
52
14
|
end
|
|
53
15
|
end
|
|
54
|
-
end
|
|
16
|
+
end
|