sorcery 0.5.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (97) hide show
  1. data/README.rdoc +9 -1
  2. data/VERSION +1 -1
  3. data/lib/sorcery/controller/adapters/sinatra.rb +35 -28
  4. data/lib/sorcery/controller/submodules/activity_logging.rb +11 -7
  5. data/lib/sorcery/controller/submodules/brute_force_protection.rb +8 -5
  6. data/lib/sorcery/controller/submodules/external.rb +11 -6
  7. data/lib/sorcery/controller/submodules/http_basic_auth.rb +12 -7
  8. data/lib/sorcery/controller/submodules/remember_me.rb +14 -5
  9. data/lib/sorcery/controller/submodules/session_timeout.rb +3 -1
  10. data/lib/sorcery/controller.rb +12 -9
  11. data/lib/sorcery/crypto_providers/aes256.rb +8 -5
  12. data/lib/sorcery/crypto_providers/bcrypt.rb +12 -6
  13. data/lib/sorcery/crypto_providers/sha256.rb +2 -1
  14. data/lib/sorcery/crypto_providers/sha512.rb +2 -1
  15. data/lib/sorcery/engine.rb +0 -7
  16. data/lib/sorcery/initializers/initializer.rb +127 -36
  17. data/lib/sorcery/model/adapters/active_record.rb +2 -2
  18. data/lib/sorcery/model/adapters/mongoid.rb +4 -4
  19. data/lib/sorcery/model/submodules/activity_logging.rb +7 -6
  20. data/lib/sorcery/model/submodules/brute_force_protection.rb +10 -6
  21. data/lib/sorcery/model/submodules/external.rb +4 -2
  22. data/lib/sorcery/model/submodules/remember_me.rb +4 -3
  23. data/lib/sorcery/model/submodules/reset_password.rb +16 -8
  24. data/lib/sorcery/model/submodules/user_activation.rb +23 -10
  25. data/lib/sorcery/model/temporary_token.rb +3 -2
  26. data/lib/sorcery/model.rb +59 -28
  27. data/lib/sorcery/test_helpers/internal/rails.rb +6 -1
  28. data/lib/sorcery/test_helpers/internal/sinatra.rb +3 -3
  29. data/lib/sorcery/test_helpers/internal/sinatra_modular.rb +74 -0
  30. data/lib/sorcery/test_helpers/internal.rb +2 -1
  31. data/lib/sorcery.rb +3 -5
  32. data/sorcery.gemspec +72 -2
  33. data/spec/Gemfile.lock +1 -1
  34. data/spec/rails3/Gemfile.lock +1 -1
  35. data/spec/rails3/spec/controller_oauth2_spec.rb +3 -24
  36. data/spec/rails3/spec/controller_oauth_spec.rb +3 -24
  37. data/spec/rails3/spec/controller_spec.rb +2 -2
  38. data/spec/rails3/spec/user_activation_spec.rb +2 -168
  39. data/spec/rails3/spec/user_activity_logging_spec.rb +2 -30
  40. data/spec/rails3/spec/user_brute_force_protection_spec.rb +2 -35
  41. data/spec/rails3/spec/user_oauth_spec.rb +2 -26
  42. data/spec/rails3/spec/user_remember_me_spec.rb +2 -45
  43. data/spec/rails3/spec/user_reset_password_spec.rb +3 -168
  44. data/spec/rails3/spec/user_spec.rb +3 -293
  45. data/spec/rails3_mongoid/Gemfile.lock +1 -1
  46. data/spec/rails3_mongoid/app/models/authentication.rb +3 -3
  47. data/spec/rails3_mongoid/spec/user_activation_spec.rb +2 -171
  48. data/spec/rails3_mongoid/spec/user_activity_logging_spec.rb +2 -25
  49. data/spec/rails3_mongoid/spec/user_brute_force_protection_spec.rb +2 -35
  50. data/spec/rails3_mongoid/spec/user_oauth_spec.rb +2 -28
  51. data/spec/rails3_mongoid/spec/user_remember_me_spec.rb +2 -45
  52. data/spec/rails3_mongoid/spec/user_reset_password_spec.rb +2 -176
  53. data/spec/rails3_mongoid/spec/user_spec.rb +3 -295
  54. data/spec/shared_examples/controller_oauth2_shared_examples.rb +37 -0
  55. data/spec/shared_examples/controller_oauth_shared_examples.rb +37 -0
  56. data/spec/shared_examples/user_activation_shared_examples.rb +173 -0
  57. data/spec/shared_examples/user_activity_logging_shared_examples.rb +27 -0
  58. data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +37 -0
  59. data/spec/shared_examples/user_oauth_shared_examples.rb +31 -0
  60. data/spec/shared_examples/user_remember_me_shared_examples.rb +47 -0
  61. data/spec/shared_examples/user_reset_password_shared_examples.rb +177 -0
  62. data/spec/shared_examples/user_shared_examples.rb +292 -0
  63. data/spec/sinatra/Gemfile.lock +1 -1
  64. data/spec/sinatra/Rakefile +1 -1
  65. data/spec/sinatra/filters.rb +20 -14
  66. data/spec/sinatra/modular.rb +157 -0
  67. data/spec/sinatra/spec/controller_oauth2_spec.rb +3 -24
  68. data/spec/sinatra/spec/controller_oauth_spec.rb +3 -24
  69. data/spec/sinatra/spec/controller_spec.rb +2 -2
  70. data/spec/sinatra_modular/Gemfile +15 -0
  71. data/spec/sinatra_modular/Gemfile.lock +117 -0
  72. data/spec/sinatra_modular/Rakefile +11 -0
  73. data/spec/sinatra_modular/authentication.rb +3 -0
  74. data/spec/sinatra_modular/db/migrate/activation/20101224223622_add_activation_to_users.rb +17 -0
  75. data/spec/sinatra_modular/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +17 -0
  76. data/spec/sinatra_modular/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +11 -0
  77. data/spec/sinatra_modular/db/migrate/core/20101224223620_create_users.rb +16 -0
  78. data/spec/sinatra_modular/db/migrate/external/20101224223628_create_authentications.rb +14 -0
  79. data/spec/sinatra_modular/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +15 -0
  80. data/spec/sinatra_modular/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +13 -0
  81. data/spec/sinatra_modular/filters.rb +27 -0
  82. data/spec/sinatra_modular/modular.rb +157 -0
  83. data/spec/sinatra_modular/myapp.rb +133 -0
  84. data/spec/sinatra_modular/sorcery_mailer.rb +25 -0
  85. data/spec/sinatra_modular/spec_modular/controller_activity_logging_spec.rb +85 -0
  86. data/spec/sinatra_modular/spec_modular/controller_brute_force_protection_spec.rb +70 -0
  87. data/spec/sinatra_modular/spec_modular/controller_http_basic_auth_spec.rb +53 -0
  88. data/spec/sinatra_modular/spec_modular/controller_oauth2_spec.rb +99 -0
  89. data/spec/sinatra_modular/spec_modular/controller_oauth_spec.rb +100 -0
  90. data/spec/sinatra_modular/spec_modular/controller_remember_me_spec.rb +64 -0
  91. data/spec/sinatra_modular/spec_modular/controller_session_timeout_spec.rb +57 -0
  92. data/spec/sinatra_modular/spec_modular/controller_spec.rb +116 -0
  93. data/spec/sinatra_modular/spec_modular/spec.opts +2 -0
  94. data/spec/sinatra_modular/spec_modular/spec_helper.rb +51 -0
  95. data/spec/sinatra_modular/user.rb +6 -0
  96. data/spec/sinatra_modular/views/test_login.erb +4 -0
  97. metadata +72 -2
@@ -1,26 +1,35 @@
1
1
  # The first thing you need to configure is which modules you need in your app.
2
2
  # The default is nothing which will include only core features (password encryption, login/logout).
3
- # Available submodules are: :user_activation, :http_basic_auth, :remember_me, :reset_password, :session_timeout, :brute_force_protection, :activity_logging, :external
3
+ # Available submodules are: :user_activation, :http_basic_auth, :remember_me,
4
+ # :reset_password, :session_timeout, :brute_force_protection, :activity_logging, :external
4
5
  Rails.application.config.sorcery.submodules = []
5
6
 
6
7
  # Here you can configure each submodule's features.
7
8
  Rails.application.config.sorcery.configure do |config|
8
9
  # -- core --
9
- # config.not_authenticated_action = :not_authenticated # what controller action to call for non-authenticated users. You can also override 'not_authenticated' instead.
10
- # config.save_return_to_url = true # when a non logged in user tries to enter a page that requires login, save the URL he wanted to reach,
11
- # and send him there after login, using 'redirect_back_or_to'.
12
- # subclasses_inherit_config = false # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
10
+ # config.not_authenticated_action = :not_authenticated # what controller action to call for
11
+ # non-authenticated users.
12
+ # You can also override 'not_authenticated'
13
+ # instead.
13
14
 
15
+ # config.save_return_to_url = true # when a non logged in user tries to enter
16
+ # a page that requires login,
17
+ # save the URL he wanted to reach,
18
+ # and send him there after login, using
19
+ # 'redirect_back_or_to'.
20
+
14
21
  # -- session timeout --
15
22
  # config.session_timeout = 3600 # how long in seconds to keep the session alive.
16
- # config.session_timeout_from_last_action = false # use the last action as the beginning of session timeout.
23
+ # config.session_timeout_from_last_action = false # use the last action as the beginning of
24
+ # session timeout.
17
25
 
18
26
  # -- http_basic_auth --
19
27
  # config.controller_to_realm_map = {"application" => "Application"} # What realm to display for which controller name.
20
28
  # For example {"My App" => "Application"}
21
29
 
22
30
  # -- external --
23
- # config.external_providers = [] # What providers are supported by this app, i.e. [:twitter, :facebook] .
31
+ # config.external_providers = [] # What providers are supported by this app,
32
+ # i.e. [:twitter, :facebook] .
24
33
  #
25
34
  # config.twitter.key = "eYVNBjBDi33aa9GkA3w"
26
35
  # config.twitter.secret = "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8"
@@ -35,53 +44,135 @@ Rails.application.config.sorcery.configure do |config|
35
44
  # --- user config ---
36
45
  config.user_config do |user|
37
46
  # -- core --
38
- # user.username_attribute_name = :username # change default username attribute, for example, to use :email as the login.
39
- # user.password_attribute_name = :password # change *virtual* password attribute, the one which is used until an encrypted one is generated.
47
+ # user.username_attribute_name = :username # change default username
48
+ # attribute, for example,
49
+ # to use :email as the login.
50
+
51
+ # user.password_attribute_name = :password # change *virtual* password
52
+ # attribute, the one which is used
53
+ # until an encrypted one is
54
+ # generated.
55
+
40
56
  # user.email_attribute_name = :email # change default email attribute.
41
- # user.crypted_password_attribute_name = :crypted_password # change default crypted_password attribute.
42
- # user.salt_join_token = "" # what pattern to use to join the password with the salt
57
+
58
+ # user.crypted_password_attribute_name = :crypted_password # change default crypted_password
59
+ # attribute.
60
+
61
+ # user.salt_join_token = "" # what pattern to use to join the
62
+ # password with the salt
63
+
43
64
  # user.salt_attribute_name = :salt # change default salt attribute.
44
- # user.stretches = nil # how many times to apply encryption to the password.
45
- # user.encryption_key = nil # encryption key used to encrypt reversible encryptions such as AES256.
46
- # user.custom_encryption_provider = nil # use an external encryption class.
47
- # user.encryption_algorithm = :bcrypt # encryption algorithm name. See 'encryption_algorithm=' for available options.
48
- # user.subclasses_inherit_config = false # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
65
+
66
+ # user.stretches = nil # how many times to apply
67
+ # encryption to the password.
68
+
69
+ # user.encryption_key = nil # encryption key used to encrypt
70
+ # reversible encryptions such as
71
+ # AES256.
72
+
73
+ # user.custom_encryption_provider = nil # use an external encryption
74
+ # class.
75
+
76
+ # user.encryption_algorithm = :bcrypt # encryption algorithm name. See
77
+ # 'encryption_algorithm=' for
78
+ # available options.
79
+
80
+ # user.subclasses_inherit_config = false # make this configuration
81
+ # inheritable for subclasses.
82
+ # Useful for ActiveRecord's STI.
49
83
 
50
84
  # -- user_activation --
51
- # user.activation_state_attribute_name = :activation_state # the attribute name to hold activation state (active/pending).
52
- # user.activation_token_attribute_name = :activation_token # the attribute name to hold activation code (sent by email).
53
- # user.activation_token_expires_at_attribute_name = :activation_token_expires_at # the attribute name to hold activation code expiration date.
54
- # user.activation_token_expiration_period = nil # how many seconds before the activation code expires. nil for never expires.
85
+ # user.activation_state_attribute_name = :activation_state # the attribute name to hold
86
+ # activation state
87
+ # (active/pending).
88
+
89
+ # user.activation_token_attribute_name = :activation_token # the attribute name to hold
90
+ # activation code (sent by email).
91
+
92
+ # user.activation_token_expires_at_attribute_name = :activation_token_expires_at # the attribute name to hold
93
+ # activation code expiration date.
94
+
95
+ # user.activation_token_expiration_period = nil # how many seconds before the
96
+ # activation code expires. nil for
97
+ # never expires.
98
+
55
99
  # user.user_activation_mailer = nil # your mailer class. Required.
56
- # user.activation_needed_email_method_name = :activation_needed_email # activation needed email method on your mailer class.
57
- # user.activation_success_email_method_name = :activation_success_email # activation success email method on your mailer class.
58
- # user.prevent_non_active_users_to_login = true # do you want to prevent or allow users that did not activate by email to login?
100
+
101
+ # user.activation_needed_email_method_name = :activation_needed_email # activation needed email method
102
+ # on your mailer class.
103
+
104
+ # user.activation_success_email_method_name = :activation_success_email # activation success email method
105
+ # on your mailer class.
106
+
107
+ # user.prevent_non_active_users_to_login = true # do you want to prevent or allow
108
+ # users that did not activate by
109
+ # email to login?
59
110
 
60
111
  # -- reset_password --
61
- # user.reset_password_token_attribute_name = :reset_password_token # reset password code attribute name.
62
- # user.reset_password_token_expires_at_attribute_name = :reset_password_token_expires_at # expires at attribute name.
63
- # user.reset_password_email_sent_at_attribute_name = :reset_password_email_sent_at # when was email sent, used for hammering protection.
112
+ # user.reset_password_token_attribute_name = :reset_password_token # reset password code
113
+ # attribute name.
114
+
115
+ # user.reset_password_token_expires_at_attribute_name = :reset_password_token_expires_at # expires at attribute
116
+ # name.
117
+
118
+ # user.reset_password_email_sent_at_attribute_name = :reset_password_email_sent_at # when was email sent,
119
+ # used for hammering
120
+ # protection.
121
+
64
122
  # user.reset_password_mailer = nil # mailer class. Needed.
65
- # user.reset_password_email_method_name = :reset_password_email # reset password email method on your mailer class.
66
- # user.reset_password_expiration_period = nil # how many seconds before the reset request expires. nil for never expires.
67
- # user.reset_password_time_between_emails = 5 * 60 # hammering protection, how long to wait before allowing another email to be sent.
123
+
124
+ # user.reset_password_email_method_name = :reset_password_email # reset password email
125
+ # method on your mailer
126
+ # class.
127
+
128
+ # user.reset_password_expiration_period = nil # how many seconds
129
+ # before the reset
130
+ # request expires. nil
131
+ # for never expires.
132
+
133
+ # user.reset_password_time_between_emails = 5 * 60 # hammering protection,
134
+ # how long to wait
135
+ # before allowing
136
+ # another email to be
137
+ # sent.
68
138
 
69
139
  # -- brute_force_protection --
70
140
  # user.failed_logins_count_attribute_name = :failed_logins_count # failed logins attribute name.
71
- # user.lock_expires_at_attribute_name = :lock_expires_at # this field indicates whether user is banned and when it will be active again.
141
+
142
+ # user.lock_expires_at_attribute_name = :lock_expires_at # this field indicates whether
143
+ # user is banned and when it will
144
+ # be active again.
145
+
72
146
  # user.consecutive_login_retries_amount_limit = 50 # how many failed logins allowed.
73
- # user.login_lock_time_period = 60 * 60 # how long the user should be banned. in seconds. 0 for permanent.
147
+
148
+ # user.login_lock_time_period = 60 * 60 # how long the user should be
149
+ # banned. in seconds. 0 for
150
+ # permanent.
74
151
 
75
152
  # -- activity logging --
76
153
  # user.last_login_at_attribute_name = :last_login_at # last login attribute name.
77
154
  # user.last_logout_at_attribute_name = :last_logout_at # last logout attribute name.
78
155
  # user.last_activity_at_attribute_name = :last_activity_at # last activity attribute name.
79
- # user.activity_timeout = 10 * 60 # how long since last activity is the user defined logged out?
156
+ # user.activity_timeout = 10 * 60 # how long since last activity is
157
+ # the user defined logged out?
80
158
 
81
159
  # -- external --
82
- # user.authentications_class = nil # class which holds the various external provider data for this user.
83
- # user.authentications_user_id_attribute_name = :user_id # user's identifier in authentications class.
84
- # user.provider_attribute_name = :provider # provider's identifier in authentications class.
85
- # user.provider_uid_attribute_name = :uid # user's external unique identifier in authentications class.
160
+ # user.authentications_class = nil # class which holds the various
161
+ # external provider data for this
162
+ # user.
163
+
164
+ # user.authentications_user_id_attribute_name = :user_id # user's identifier in
165
+ # authentications class.
166
+
167
+ # user.provider_attribute_name = :provider # provider's identifier in
168
+ # authentications class.
169
+
170
+ # user.provider_uid_attribute_name = :uid # user's external unique
171
+ # identifier in authentications
172
+ # class.
86
173
  end
174
+
175
+ # This line must come after the 'user config' block.
176
+ config.user_class = "User" # define which model authenticates
177
+ # with sorcery.
87
178
  end
@@ -11,7 +11,7 @@ module Sorcery
11
11
  where("#{@sorcery_config.username_attribute_name} = ?", credentials[0]).first
12
12
  end
13
13
 
14
- def find_by_token(token_attr_name, token)
14
+ def find_by_sorcery_token(token_attr_name, token)
15
15
  where("#{token_attr_name} = ?", token).first
16
16
  end
17
17
 
@@ -25,4 +25,4 @@ module Sorcery
25
25
  end
26
26
  end
27
27
  end
28
- end
28
+ end
@@ -19,8 +19,8 @@ module Sorcery
19
19
  end
20
20
 
21
21
  def find_by_provider_and_uid(provider, uid)
22
- user_klass = ::Sorcery::Controller::Config.user_class
23
- where(user_klass.sorcery_config.provider_attribute_name => provider, user_klass.sorcery_config.provider_uid_attribute_name => uid).first
22
+ @user_klass ||= ::Sorcery::Controller::Config.user_class.to_s.constantize
23
+ where(@user_klass.sorcery_config.provider_attribute_name => provider, @user_klass.sorcery_config.provider_uid_attribute_name => uid).first
24
24
  end
25
25
 
26
26
  def find_by_id(id)
@@ -43,7 +43,7 @@ module Sorcery
43
43
  tap(&blk)
44
44
  end
45
45
 
46
- def find_by_token(token_attr_name, token)
46
+ def find_by_sorcery_token(token_attr_name, token)
47
47
  where(token_attr_name => token).first
48
48
  end
49
49
 
@@ -61,4 +61,4 @@ module Sorcery
61
61
  end
62
62
  end
63
63
  end
64
- end
64
+ end
@@ -3,8 +3,8 @@ module Sorcery
3
3
  module Submodules
4
4
  # This submodule keeps track of events such as login, logout, and last activity time, per user.
5
5
  # It helps in estimating which users are active now in the site.
6
- # This cannot be determined absolutely because a user might be reading a page without clicking anything for a while.
7
-
6
+ # This cannot be determined absolutely because a user might be reading a page without clicking anything
7
+ # for a while.
8
8
  # This is the model part of the submodule, which provides configuration options.
9
9
  module ActivityLogging
10
10
  def self.included(base)
@@ -14,7 +14,8 @@ module Sorcery
14
14
  attr_accessor :last_login_at_attribute_name, # last login attribute name.
15
15
  :last_logout_at_attribute_name, # last logout attribute name.
16
16
  :last_activity_at_attribute_name, # last activity attribute name.
17
- :activity_timeout # how long since last activity is the user defined logged out?
17
+ :activity_timeout # how long since last activity is
18
+ #the user defined logged out?
18
19
  end
19
20
 
20
21
  base.sorcery_config.instance_eval do
@@ -38,9 +39,9 @@ module Sorcery
38
39
  protected
39
40
 
40
41
  def define_activity_logging_mongoid_fields
41
- field sorcery_config.last_login_at_attribute_name, type: DateTime
42
- field sorcery_config.last_logout_at_attribute_name, type: DateTime
43
- field sorcery_config.last_activity_at_attribute_name, type: DateTime
42
+ field sorcery_config.last_login_at_attribute_name, :type => DateTime
43
+ field sorcery_config.last_logout_at_attribute_name, :type => DateTime
44
+ field sorcery_config.last_activity_at_attribute_name, :type => DateTime
44
45
  end
45
46
  end
46
47
  end
@@ -1,15 +1,19 @@
1
1
  module Sorcery
2
2
  module Model
3
3
  module Submodules
4
- # This module helps protect user accounts by locking them down after too many failed attemps to login were detected.
5
- # This is the model part of the submodule which provides configuration options and methods for locking and unlocking the user.
4
+ # This module helps protect user accounts by locking them down after too many failed attemps
5
+ # to login were detected.
6
+ # This is the model part of the submodule which provides configuration options and methods
7
+ # for locking and unlocking the user.
6
8
  module BruteForceProtection
7
9
  def self.included(base)
8
10
  base.sorcery_config.class_eval do
9
11
  attr_accessor :failed_logins_count_attribute_name, # failed logins attribute name.
10
- :lock_expires_at_attribute_name, # this field indicates whether user is banned and when it will be active again.
12
+ :lock_expires_at_attribute_name, # this field indicates whether user
13
+ # is banned and when it will be active again.
11
14
  :consecutive_login_retries_amount_limit, # how many failed logins allowed.
12
- :login_lock_time_period # how long the user should be banned. in seconds. 0 for permanent.
15
+ :login_lock_time_period # how long the user should be banned.
16
+ # in seconds. 0 for permanent.
13
17
  end
14
18
 
15
19
  base.sorcery_config.instance_eval do
@@ -30,8 +34,8 @@ module Sorcery
30
34
  protected
31
35
 
32
36
  def define_brute_force_protection_mongoid_fields
33
- field sorcery_config.failed_logins_count_attribute_name, type: Integer
34
- field sorcery_config.lock_expires_at_attribute_name, type: DateTime
37
+ field sorcery_config.failed_logins_count_attribute_name, :type => Integer
38
+ field sorcery_config.lock_expires_at_attribute_name, :type => DateTime
35
39
  end
36
40
  end
37
41
 
@@ -5,9 +5,11 @@ module Sorcery
5
5
  # This is the model part which handles finding the user using access tokens.
6
6
  # For the controller options see Sorcery::Controller::External.
7
7
  #
8
- # Socery assumes (read: requires) you will create external users in the same table where you keep your regular users,
8
+ # Socery assumes (read: requires) you will create external users in the same table where
9
+ # you keep your regular users,
9
10
  # but that you will have a separate table for keeping their external authentication data,
10
- # and that that separate table has a few rows for each user, facebook and twitter for example (a one-to-many relationship).
11
+ # and that that separate table has a few rows for each user, facebook and twitter
12
+ # for example (a one-to-many relationship).
11
13
  #
12
14
  # External users will have a null crypted_password field, since we do not hold their password.
13
15
  # They will not be sent activation emails on creation.
@@ -1,7 +1,8 @@
1
1
  module Sorcery
2
2
  module Model
3
3
  module Submodules
4
- # The Remember Me submodule takes care of setting the user's cookie so that he will be automatically logged in to the site on every visit,
4
+ # The Remember Me submodule takes care of setting the user's cookie so that he will
5
+ # be automatically logged in to the site on every visit,
5
6
  # until the cookie expires.
6
7
  module RememberMe
7
8
  def self.included(base)
@@ -31,8 +32,8 @@ module Sorcery
31
32
  protected
32
33
 
33
34
  def define_remember_me_mongoid_fields
34
- field sorcery_config.remember_me_token_attribute_name, type: String
35
- field sorcery_config.remember_me_token_expires_at_attribute_name, type: DateTime
35
+ field sorcery_config.remember_me_token_attribute_name, :type => String
36
+ field sorcery_config.remember_me_token_expires_at_attribute_name, :type => Time
36
37
  end
37
38
 
38
39
  end
@@ -5,7 +5,8 @@ module Sorcery
5
5
  # When the user requests an email is sent to him with a url.
6
6
  # The url includes a token, which is also saved with the user's record in the db.
7
7
  # The token has configurable expiration.
8
- # When the user clicks the url in the email, providing the token has not yet expired, he will be able to reset his password via a form.
8
+ # When the user clicks the url in the email, providing the token has not yet expired,
9
+ # he will be able to reset his password via a form.
9
10
  #
10
11
  # When using this submodule, supplying a mailer is mandatory.
11
12
  module ResetPassword
@@ -13,11 +14,18 @@ module Sorcery
13
14
  base.sorcery_config.class_eval do
14
15
  attr_accessor :reset_password_token_attribute_name, # reset password code attribute name.
15
16
  :reset_password_token_expires_at_attribute_name, # expires at attribute name.
16
- :reset_password_email_sent_at_attribute_name, # when was email sent, used for hammering protection.
17
+ :reset_password_email_sent_at_attribute_name, # when was email sent, used for hammering
18
+ # protection.
19
+
17
20
  :reset_password_mailer, # mailer class. Needed.
18
- :reset_password_email_method_name, # reset password email method on your mailer class.
19
- :reset_password_expiration_period, # how many seconds before the reset request expires. nil for never expires.
20
- :reset_password_time_between_emails # hammering protection, how long to wait before allowing another email to be sent.
21
+ :reset_password_email_method_name, # reset password email method on your
22
+ # mailer class.
23
+
24
+ :reset_password_expiration_period, # how many seconds before the reset request
25
+ # expires. nil for never expires.
26
+
27
+ :reset_password_time_between_emails # hammering protection, how long to wait
28
+ # before allowing another email to be sent.
21
29
 
22
30
  end
23
31
 
@@ -61,9 +69,9 @@ module Sorcery
61
69
  end
62
70
 
63
71
  def define_reset_password_mongoid_fields
64
- field sorcery_config.reset_password_token_attribute_name, type: String
65
- field sorcery_config.reset_password_token_expires_at_attribute_name, type: DateTime
66
- field sorcery_config.reset_password_email_sent_at_attribute_name, type: DateTime
72
+ field sorcery_config.reset_password_token_attribute_name, :type => String
73
+ field sorcery_config.reset_password_token_expires_at_attribute_name, :type => DateTime
74
+ field sorcery_config.reset_password_email_sent_at_attribute_name, :type => DateTime
67
75
  end
68
76
  end
69
77
 
@@ -8,14 +8,27 @@ module Sorcery
8
8
  module UserActivation
9
9
  def self.included(base)
10
10
  base.sorcery_config.class_eval do
11
- attr_accessor :activation_state_attribute_name, # the attribute name to hold activation state (active/pending).
12
- :activation_token_attribute_name, # the attribute name to hold activation code (sent by email).
13
- :activation_token_expires_at_attribute_name, # the attribute name to hold activation code expiration date.
14
- :activation_token_expiration_period, # how many seconds before the activation code expires. nil for never expires.
11
+ attr_accessor :activation_state_attribute_name, # the attribute name to hold activation state
12
+ # (active/pending).
13
+
14
+ :activation_token_attribute_name, # the attribute name to hold activation code
15
+ # (sent by email).
16
+
17
+ :activation_token_expires_at_attribute_name, # the attribute name to hold activation code
18
+ # expiration date.
19
+
20
+ :activation_token_expiration_period, # how many seconds before the activation code
21
+ # expires. nil for never expires.
22
+
15
23
  :user_activation_mailer, # your mailer class. Required.
16
- :activation_needed_email_method_name, # activation needed email method on your mailer class.
17
- :activation_success_email_method_name, # activation success email method on your mailer class.
18
- :prevent_non_active_users_to_login # do you want to prevent or allow users that did not activate by email to login?
24
+ :activation_needed_email_method_name, # activation needed email method on your
25
+ # mailer class.
26
+
27
+ :activation_success_email_method_name, # activation success email method on your
28
+ # mailer class.
29
+
30
+ :prevent_non_active_users_to_login # do you want to prevent or allow users that
31
+ # did not activate by email to login?
19
32
  end
20
33
 
21
34
  base.sorcery_config.instance_eval do
@@ -67,9 +80,9 @@ module Sorcery
67
80
 
68
81
  def define_user_activation_mongoid_fields
69
82
  self.class_eval do
70
- field sorcery_config.activation_state_attribute_name, type: String
71
- field sorcery_config.activation_token_attribute_name, type: String
72
- field sorcery_config.activation_token_expires_at_attribute_name, type: DateTime
83
+ field sorcery_config.activation_state_attribute_name, :type => String
84
+ field sorcery_config.activation_token_attribute_name, :type => String
85
+ field sorcery_config.activation_token_expires_at_attribute_name, :type => DateTime
73
86
  end
74
87
  end
75
88
  end
@@ -1,7 +1,8 @@
1
1
  module Sorcery
2
2
  module Model
3
3
  # This module encapsulates the logic for temporary token.
4
- # A temporary token is created to identify a user in scenarios such as reseting password and activating the user by email.
4
+ # A temporary token is created to identify a user in scenarios
5
+ # such as reseting password and activating the user by email.
5
6
  module TemporaryToken
6
7
  def self.included(base)
7
8
  base.extend(ClassMethods)
@@ -10,7 +11,7 @@ module Sorcery
10
11
  module ClassMethods
11
12
  def load_from_token(token, token_attr_name, token_expiration_date_attr)
12
13
  return nil if token.blank?
13
- user = find_by_token(token_attr_name,token)
14
+ user = find_by_sorcery_token(token_attr_name,token)
14
15
  if !user.blank? && !user.send(token_expiration_date_attr).nil?
15
16
  return Time.now.utc < user.send(token_expiration_date_attr) ? user : nil
16
17
  end
data/lib/sorcery/model.rb CHANGED
@@ -3,7 +3,8 @@ module Sorcery
3
3
  # It should be included into the ORM base class.
4
4
  # In the case of Rails this is usually ActiveRecord (actually, in that case, the plugin does this automatically).
5
5
  #
6
- # When included it defines a single method: 'activate_sorcery!' which when called adds the other capabilities to the class.
6
+ # When included it defines a single method: 'activate_sorcery!' which when called adds the other capabilities
7
+ # to the class.
7
8
  # This method is also the place to configure the plugin in the Model layer.
8
9
  module Model
9
10
  def self.included(klass)
@@ -14,40 +15,58 @@ module Sorcery
14
15
  self.class_eval do
15
16
  extend ClassMethods # included here, before submodules, so they can be overriden by them.
16
17
  include InstanceMethods
17
-
18
- # set the user_class for the controller methods which call it
19
- ::Sorcery::Controller::Config.user_class = self
18
+ end
19
+
20
+ include_required_submodules!
21
+
22
+ # This runs the options block set in the initializer on the model class.
23
+ ::Sorcery::Controller::Config.user_config.tap{|blk| blk.call(@sorcery_config) if blk}
24
+
25
+ init_mongoid_support! if defined?(Mongoid) and self.ancestors.include?(Mongoid::Document)
26
+
27
+ init_orm_hooks!
28
+
29
+ @sorcery_config.after_config << :add_config_inheritance if @sorcery_config.subclasses_inherit_config
30
+ @sorcery_config.after_config.each { |c| send(c) }
31
+ end
32
+
33
+ protected
34
+
35
+ # includes required submodules into the model class,
36
+ # which usually is called User.
37
+ def include_required_submodules!
38
+ self.class_eval do
20
39
  @sorcery_config.submodules = ::Sorcery::Controller::Config.submodules
21
40
  @sorcery_config.submodules.each do |mod|
22
41
  begin
23
42
  include Submodules.const_get(mod.to_s.split("_").map {|p| p.capitalize}.join(""))
24
43
  rescue NameError
25
- # don't stop on a missing submodule. Needed because some submodules are only defined in the controller side.
44
+ # don't stop on a missing submodule. Needed because some submodules are only defined
45
+ # in the controller side.
26
46
  end
27
47
  end
28
48
  end
29
-
30
- # This runs the options block set in the initializer on the model class.
31
- ::Sorcery::Controller::Config.user_config.tap{|blk| blk.call(@sorcery_config) if blk}
32
-
49
+ end
50
+
51
+ # defines mongoid fields on the model class,
52
+ # using 1.8.x hash syntax to perserve compatibility.
53
+ def init_mongoid_support!
33
54
  self.class_eval do
34
- field sorcery_config.username_attribute_name, type: String
35
- #field sorcery_config.password_attribute_name, type: String
36
- field sorcery_config.email_attribute_name, type: String unless sorcery_config.username_attribute_name == sorcery_config.email_attribute_name
37
- field sorcery_config.crypted_password_attribute_name, type: String
38
- field sorcery_config.salt_attribute_name, type: String
39
- end if defined?(Mongoid) and self.ancestors.include?(Mongoid::Document)
40
-
41
- # add virtual password accessor and ORM callbacks
55
+ field sorcery_config.username_attribute_name, :type => String
56
+ field sorcery_config.email_attribute_name, :type => String unless sorcery_config.username_attribute_name == sorcery_config.email_attribute_name
57
+ field sorcery_config.crypted_password_attribute_name, :type => String
58
+ field sorcery_config.salt_attribute_name, :type => String
59
+ end
60
+ end
61
+
62
+ # add virtual password accessor and ORM callbacks.
63
+ def init_orm_hooks!
42
64
  self.class_eval do
43
65
  attr_accessor @sorcery_config.password_attribute_name
44
66
  attr_protected @sorcery_config.crypted_password_attribute_name, @sorcery_config.salt_attribute_name
45
67
  before_save :encrypt_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
46
68
  after_save :clear_virtual_password, :if => Proc.new { |record| record.send(sorcery_config.password_attribute_name).present? }
47
69
  end
48
-
49
- @sorcery_config.after_config << :add_config_inheritance if @sorcery_config.subclasses_inherit_config
50
- @sorcery_config.after_config.each { |c| send(c) }
51
70
  end
52
71
  end
53
72
  end
@@ -148,26 +167,38 @@ module Sorcery
148
167
  end
149
168
 
150
169
  # Each class which calls 'activate_sorcery!' receives an instance of this class.
151
- # Every submodule which gets loaded may add accessors to this class so that all options will be configured from a single place.
170
+ # Every submodule which gets loaded may add accessors to this class so that all
171
+ # options will be configured from a single place.
152
172
  class Config
153
173
 
154
- attr_accessor :username_attribute_name, # change default username attribute, for example, to use :email as the login.
155
- :password_attribute_name, # change *virtual* password attribute, the one which is used until an encrypted one is generated.
174
+ attr_accessor :username_attribute_name, # change default username attribute, for example, to use :email
175
+ # as the login.
176
+
177
+ :password_attribute_name, # change *virtual* password attribute, the one which is used
178
+ # until an encrypted one is generated.
179
+
156
180
  :email_attribute_name, # change default email attribute.
157
181
  :crypted_password_attribute_name, # change default crypted_password attribute.
158
182
  :salt_join_token, # what pattern to use to join the password with the salt
159
183
  :salt_attribute_name, # change default salt attribute.
160
184
  :stretches, # how many times to apply encryption to the password.
161
- :encryption_key, # encryption key used to encrypt reversible encryptions such as AES256.
162
- :subclasses_inherit_config, # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
185
+ :encryption_key, # encryption key used to encrypt reversible encryptions such as
186
+ # AES256.
187
+
188
+ :subclasses_inherit_config, # make this configuration inheritable for subclasses. Useful for
189
+ # ActiveRecord's STI.
163
190
 
164
191
  :submodules, # configured in config/application.rb
165
- :before_authenticate, # an array of method names to call before authentication completes. used internally.
166
- :after_config # an array of method names to call after configuration by user. used internally.
192
+ :before_authenticate, # an array of method names to call before authentication
193
+ # completes. used internally.
194
+
195
+ :after_config # an array of method names to call after configuration by user.
196
+ # used internally.
167
197
 
168
198
  attr_reader :encryption_provider, # change default encryption_provider.
169
199
  :custom_encryption_provider, # use an external encryption class.
170
- :encryption_algorithm # encryption algorithm name. See 'encryption_algorithm=' below for available options.
200
+ :encryption_algorithm # encryption algorithm name. See 'encryption_algorithm=' below
201
+ # for available options.
171
202
 
172
203
  def initialize
173
204
  @defaults = {