sorcery 0.4.2 → 0.5.0

data/spec/rails3_mongoid/public/javascripts/rails.js

@@ -0,0 +1,175 @@
+(function() {
+  // Technique from Juriy Zaytsev
+  // http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
+  function isEventSupported(eventName) {
+    var el = document.createElement('div');
+    eventName = 'on' + eventName;
+    var isSupported = (eventName in el);
+    if (!isSupported) {
+      el.setAttribute(eventName, 'return;');
+      isSupported = typeof el[eventName] == 'function';
+    }
+    el = null;
+    return isSupported;
+  }
+
+  function isForm(element) {
+    return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
+  }
+
+  function isInput(element) {
+    if (Object.isElement(element)) {
+      var name = element.nodeName.toUpperCase()
+      return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
+    }
+    else return false
+  }
+
+  var submitBubbles = isEventSupported('submit'),
+      changeBubbles = isEventSupported('change')
+
+  if (!submitBubbles || !changeBubbles) {
+    // augment the Event.Handler class to observe custom events when needed
+    Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
+      function(init, element, eventName, selector, callback) {
+        init(element, eventName, selector, callback)
+        // is the handler being attached to an element that doesn't support this event?
+        if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
+             (!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
+          // "submit" => "emulated:submit"
+          this.eventName = 'emulated:' + this.eventName
+        }
+      }
+    )
+  }
+
+  if (!submitBubbles) {
+    // discover forms on the page by observing focus events which always bubble
+    document.on('focusin', 'form', function(focusEvent, form) {
+      // special handler for the real "submit" event (one-time operation)
+      if (!form.retrieve('emulated:submit')) {
+        form.on('submit', function(submitEvent) {
+          var emulated = form.fire('emulated:submit', submitEvent, true)
+          // if custom event received preventDefault, cancel the real one too
+          if (emulated.returnValue === false) submitEvent.preventDefault()
+        })
+        form.store('emulated:submit', true)
+      }
+    })
+  }
+
+  if (!changeBubbles) {
+    // discover form inputs on the page
+    document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
+      // special handler for real "change" events
+      if (!input.retrieve('emulated:change')) {
+        input.on('change', function(changeEvent) {
+          input.fire('emulated:change', changeEvent, true)
+        })
+        input.store('emulated:change', true)
+      }
+    })
+  }
+
+  function handleRemote(element) {
+    var method, url, params;
+
+    var event = element.fire("ajax:before");
+    if (event.stopped) return false;
+
+    if (element.tagName.toLowerCase() === 'form') {
+      method = element.readAttribute('method') || 'post';
+      url    = element.readAttribute('action');
+      params = element.serialize();
+    } else {
+      method = element.readAttribute('data-method') || 'get';
+      url    = element.readAttribute('href');
+      params = {};
+    }
+
+    new Ajax.Request(url, {
+      method: method,
+      parameters: params,
+      evalScripts: true,
+
+      onComplete:    function(request) { element.fire("ajax:complete", request); },
+      onSuccess:     function(request) { element.fire("ajax:success",  request); },
+      onFailure:     function(request) { element.fire("ajax:failure",  request); }
+    });
+
+    element.fire("ajax:after");
+  }
+
+  function handleMethod(element) {
+    var method = element.readAttribute('data-method'),
+        url = element.readAttribute('href'),
+        csrf_param = $$('meta[name=csrf-param]')[0],
+        csrf_token = $$('meta[name=csrf-token]')[0];
+
+    var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
+    element.parentNode.insert(form);
+
+    if (method !== 'post') {
+      var field = new Element('input', { type: 'hidden', name: '_method', value: method });
+      form.insert(field);
+    }
+
+    if (csrf_param) {
+      var param = csrf_param.readAttribute('content'),
+          token = csrf_token.readAttribute('content'),
+          field = new Element('input', { type: 'hidden', name: param, value: token });
+      form.insert(field);
+    }
+
+    form.submit();
+  }
+
+
+  document.on("click", "*[data-confirm]", function(event, element) {
+    var message = element.readAttribute('data-confirm');
+    if (!confirm(message)) event.stop();
+  });
+
+  document.on("click", "a[data-remote]", function(event, element) {
+    if (event.stopped) return;
+    handleRemote(element);
+    event.stop();
+  });
+
+  document.on("click", "a[data-method]", function(event, element) {
+    if (event.stopped) return;
+    handleMethod(element);
+    event.stop();
+  });
+
+  document.on("submit", function(event) {
+    var element = event.findElement(),
+        message = element.readAttribute('data-confirm');
+    if (message && !confirm(message)) {
+      event.stop();
+      return false;
+    }
+
+    var inputs = element.select("input[type=submit][data-disable-with]");
+    inputs.each(function(input) {
+      input.disabled = true;
+      input.writeAttribute('data-original-value', input.value);
+      input.value = input.readAttribute('data-disable-with');
+    });
+
+    var element = event.findElement("form[data-remote]");
+    if (element) {
+      handleRemote(element);
+      event.stop();
+    }
+  });
+
+  document.on("ajax:after", "form", function(event, element) {
+    var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
+    inputs.each(function(input) {
+      input.value = input.readAttribute('data-original-value');
+      input.removeAttribute('data-original-value');
+      input.disabled = false;
+    });
+  });
+})();

data/spec/rails3_mongoid/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-Agent: *
+# Disallow: /

data/spec/rails3_mongoid/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/rails3_mongoid/spec/spec.opts

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/spec/rails3_mongoid/spec/spec_helper.orig.rb

@@ -0,0 +1,27 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../config/environment", __FILE__)
+require 'rspec/rails'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
+
+RSpec.configure do |config|
+  # == Mock Framework
+  #
+  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+  config.mock_with :rspec
+
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true
+end

data/spec/rails3_mongoid/spec/spec_helper.rb

@@ -0,0 +1,55 @@
+$: << File.join(File.dirname(__FILE__), '..', '..', 'lib' )
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV['RAILS_ENV'] ||= 'test'
+require File.expand_path("../../config/environment", __FILE__)
+require 'rspec/rails'
+require 'timecop'
+
+# require 'simplecov'
+# SimpleCov.root File.join(File.dirname(__FILE__), "..", "..", "rails3" )
+# SimpleCov.start do
+#   add_filter "/config/"
+#   
+#   add_group 'Controllers', 'app/controllers'
+#   add_group 'Models', 'app/models'
+#   add_group 'Helpers', 'app/helpers'
+#   add_group 'Libraries', 'lib'
+#   add_group 'Plugins', 'vendor/plugins'
+#   add_group 'Migrations', 'db/migrate'
+# end
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
+
+
+
+RSpec.configure do |config|
+  config.include RSpec::Rails::ControllerExampleGroup, :example_group => { :file_path => /controller(.)*_spec.rb$/ }
+  # == Mock Framework
+  #
+  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+  config.mock_with :rspec
+end
+
+#----------------------------------------------------------------
+# needed when running individual specs
+require File.join(File.dirname(__FILE__), '..','app','models','user')
+require File.join(File.dirname(__FILE__), '..','app','models','authentication')
+
+class TestUser
+  include Mongoid::Document
+  authenticates_with_sorcery!
+end
+
+class TestMailer < ActionMailer::Base
+
+end
+
+include ::Sorcery::TestHelpers::Internal
+include ::Sorcery::TestHelpers::Internal::Rails
+

data/spec/rails3_mongoid/spec/user_activation_spec.rb

@@ -0,0 +1,178 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require File.expand_path(File.dirname(__FILE__) + '/../app/mailers/sorcery_mailer')
+
+describe "User with activation submodule" do
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    it "should enable configuration option 'activation_state_attribute_name'" do
+      sorcery_model_property_set(:activation_state_attribute_name, :status)
+      User.sorcery_config.activation_state_attribute_name.should equal(:status)    
+    end
+    
+    it "should enable configuration option 'activation_token_attribute_name'" do
+      sorcery_model_property_set(:activation_token_attribute_name, :code)
+      User.sorcery_config.activation_token_attribute_name.should equal(:code)    
+    end
+    
+    it "should enable configuration option 'user_activation_mailer'" do
+      sorcery_model_property_set(:user_activation_mailer, TestMailer)
+      User.sorcery_config.user_activation_mailer.should equal(TestMailer)    
+    end
+    
+    it "should enable configuration option 'activation_needed_email_method_name'" do
+      sorcery_model_property_set(:activation_needed_email_method_name, :my_activation_email)
+      User.sorcery_config.activation_needed_email_method_name.should equal(:my_activation_email)
+    end
+    
+    it "should enable configuration option 'activation_success_email_method_name'" do
+      sorcery_model_property_set(:activation_success_email_method_name, :my_activation_email)
+      User.sorcery_config.activation_success_email_method_name.should equal(:my_activation_email)
+    end
+    
+    it "if mailer is nil on activation, throw exception!" do
+      expect{sorcery_reload!([:user_activation])}.to raise_error(ArgumentError)
+    end
+  end
+
+  # ----------------- ACTIVATION PROCESS -----------------------
+  describe User, "activation process" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    before(:each) do
+      create_new_user
+    end
+    
+    it "should initialize user state to 'pending'" do
+      @user.activation_state.should == "pending"
+    end
+    
+    specify { @user.should respond_to(:activate!) }
+    
+    it "should clear activation code and change state to 'active' on activation" do
+      activation_token = @user.activation_token
+      @user.activate!
+      @user2 = User.find(@user.id) # go to db to make sure it was saved and not just in memory
+      @user2.activation_token.should be_nil
+      @user2.activation_state.should == "active"
+      User.find_by_activation_token(activation_token).should be_nil
+    end
+    
+    it "should send the user an activation email" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_user
+      ActionMailer::Base.deliveries.size.should == old_size + 1
+    end
+    
+    it "subsequent saves do not send activation email" do
+      old_size = ActionMailer::Base.deliveries.size
+      @user.username = "Shauli"
+      @user.save!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "should send the user an activation success email on successful activation" do
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size + 1
+    end
+    
+    it "subsequent saves do not send activation success email" do
+      @user.activate!
+      old_size = ActionMailer::Base.deliveries.size
+      @user.username = "Shauli"
+      @user.save!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "activation needed email is optional" do
+      sorcery_model_property_set(:activation_needed_email_method_name, nil)
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_user
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "activation success email is optional" do
+      sorcery_model_property_set(:activation_success_email_method_name, nil)
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+  end
+
+  describe User, "prevent non-active login feature" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+
+    before(:each) do
+      User.delete_all
+      create_new_user
+    end
+
+    it "should not allow a non-active user to authenticate" do
+      User.authenticate(@user.username,'secret').should be_false
+    end
+    
+    it "should allow a non-active user to authenticate if configured so" do
+      sorcery_model_property_set(:prevent_non_active_users_to_login, false)
+      User.authenticate(@user.username,'secret').should be_true
+    end
+  end
+  
+  describe User, "load_from_activation_token" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    after(:each) do
+      Timecop.return
+    end
+    
+    it "load_from_activation_token should return user when token is found" do
+      create_new_user
+      User.load_from_activation_token(@user.activation_token).should == @user
+    end
+    
+    it "load_from_activation_token should NOT return user when token is NOT found" do
+      create_new_user
+      User.load_from_activation_token("a").should == nil
+    end
+    
+    it "load_from_activation_token should return user when token is found and not expired" do
+      sorcery_model_property_set(:activation_token_expiration_period, 500)
+      create_new_user
+      User.load_from_activation_token(@user.activation_token).should == @user
+    end
+    
+    it "load_from_activation_token should NOT return user when token is found and expired" do
+      sorcery_model_property_set(:activation_token_expiration_period, 0.1)
+      create_new_user
+      Timecop.travel(Time.now+0.5)
+      User.load_from_activation_token(@user.activation_token).should == nil
+    end
+    
+    it "load_from_activation_token should return nil if token is blank" do
+      User.load_from_activation_token(nil).should == nil
+      User.load_from_activation_token("").should == nil
+    end
+    
+    it "load_from_activation_token should always be valid if expiration period is nil" do
+      sorcery_model_property_set(:activation_token_expiration_period, nil)
+      create_new_user
+      User.load_from_activation_token(@user.activation_token).should == @user
+    end
+  end
+  
+end

data/spec/rails3_mongoid/spec/user_activity_logging_spec.rb

@@ -0,0 +1,31 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "User with activity logging submodule" do
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    before(:all) do
+      sorcery_reload!([:activity_logging])
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+    
+    it "should allow configuration option 'last_login_at_attribute_name'" do
+      sorcery_model_property_set(:last_login_at_attribute_name, :login_time)
+      User.sorcery_config.last_login_at_attribute_name.should equal(:login_time)
+    end
+    
+    it "should allow configuration option 'last_logout_at_attribute_name'" do
+      sorcery_model_property_set(:last_logout_at_attribute_name, :logout_time)
+      User.sorcery_config.last_logout_at_attribute_name.should equal(:logout_time)
+    end
+    
+    it "should allow configuration option 'last_activity_at_attribute_name'" do
+      sorcery_model_property_set(:last_activity_at_attribute_name, :activity_time)
+      User.sorcery_config.last_activity_at_attribute_name.should equal(:activity_time)
+    end
+  end
+
+end

data/spec/rails3_mongoid/spec/user_brute_force_protection_spec.rb

@@ -0,0 +1,41 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "User with brute_force_protection submodule" do
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+  
+    before(:all) do
+      sorcery_reload!([:brute_force_protection])
+      create_new_user
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+    
+    specify { @user.should respond_to(:failed_logins_count) }
+    specify { @user.should respond_to(:lock_expires_at) }
+ 
+    it "should enable configuration option 'failed_logins_count_attribute_name'" do
+      sorcery_model_property_set(:failed_logins_count_attribute_name, :my_count)
+      User.sorcery_config.failed_logins_count_attribute_name.should equal(:my_count)    
+    end
+    
+    it "should enable configuration option 'lock_expires_at_attribute_name'" do
+      sorcery_model_property_set(:lock_expires_at_attribute_name, :expires)
+      User.sorcery_config.lock_expires_at_attribute_name.should equal(:expires)    
+    end
+    
+    it "should enable configuration option 'consecutive_login_retries_amount_allowed'" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 34)
+      User.sorcery_config.consecutive_login_retries_amount_limit.should equal(34)    
+    end
+    
+    it "should enable configuration option 'login_lock_time_period'" do
+      sorcery_model_property_set(:login_lock_time_period, 2.hours)
+      User.sorcery_config.login_lock_time_period.should == 2.hours    
+    end
+  end
+  
+end

data/spec/rails3_mongoid/spec/user_oauth_spec.rb

@@ -0,0 +1,34 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "User with oauth submodule" do
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+  
+    before(:all) do
+      User.delete_all
+      Authentication.delete_all
+      sorcery_reload!([:external])
+      sorcery_controller_property_set(:external_providers, [:twitter])
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_external_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
+      create_new_external_user(:twitter)
+    end
+
+    it "should respond to 'load_from_provider'" do
+      User.should respond_to(:load_from_provider)
+    end
+    
+    it "'load_from_provider' should load user if exists" do
+      User.load_from_provider(:twitter,123).should == @user
+    end
+    
+    it "'load_from_provider' should return nil if user doesn't exist" do
+      User.load_from_provider(:twitter,980342).should be_nil
+    end
+    
+  end
+  
+end

data/spec/rails3_mongoid/spec/user_remember_me_spec.rb

@@ -0,0 +1,51 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "User with remember_me submodule" do
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    before(:all) do
+      sorcery_reload!([:remember_me])
+      create_new_user
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+    
+    it "should allow configuration option 'remember_me_token_attribute_name'" do
+      sorcery_model_property_set(:remember_me_token_attribute_name, :my_token)
+      User.sorcery_config.remember_me_token_attribute_name.should equal(:my_token)
+    end
+
+    it "should allow configuration option 'remember_me_token_expires_at_attribute_name'" do
+      sorcery_model_property_set(:remember_me_token_expires_at_attribute_name, :my_expires)
+      User.sorcery_config.remember_me_token_expires_at_attribute_name.should equal(:my_expires)
+    end
+    
+    specify { @user.should respond_to(:remember_me!) }
+    
+    specify { @user.should respond_to(:forget_me!) }
+    
+    it "should generate a new token on 'remember_me!'" do
+      @user.remember_me_token.should be_nil
+      @user.remember_me!
+      @user.remember_me_token.should_not be_nil
+    end
+    
+    it "should set an expiration based on 'remember_me_for' attribute" do
+      sorcery_model_property_set(:remember_me_for, 2 * 60 * 60 * 24)
+      @user.remember_me!
+      @user.remember_me_token_expires_at.utc.to_s.should == (Time.now + 2 * 60 * 60 * 24).utc.to_s
+    end
+    
+    it "should delete the token and expiration on 'forget_me!'" do
+      @user.remember_me!
+      @user.remember_me_token.should_not be_nil
+      @user.forget_me!
+      @user.remember_me_token.should be_nil
+      @user.remember_me_token_expires_at.should be_nil
+    end
+  end
+
+end