sorcery 0.5.21 → 0.5.30

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sorcery might be problematic. Click here for more details.

Files changed (54) hide show
  1. data/README.rdoc +1 -1
  2. data/VERSION +1 -1
  3. data/lib/sorcery/controller.rb +5 -3
  4. data/lib/sorcery/controller/submodules/activity_logging.rb +10 -6
  5. data/lib/sorcery/controller/submodules/brute_force_protection.rb +6 -3
  6. data/lib/sorcery/controller/submodules/http_basic_auth.rb +10 -5
  7. data/lib/sorcery/controller/submodules/remember_me.rb +13 -4
  8. data/lib/sorcery/controller/submodules/session_timeout.rb +3 -1
  9. data/lib/sorcery/crypto_providers/aes256.rb +8 -5
  10. data/lib/sorcery/crypto_providers/bcrypt.rb +12 -6
  11. data/lib/sorcery/crypto_providers/sha256.rb +2 -1
  12. data/lib/sorcery/crypto_providers/sha512.rb +2 -1
  13. data/lib/sorcery/initializers/initializer.rb +125 -36
  14. data/lib/sorcery/model.rb +28 -15
  15. data/lib/sorcery/model/adapters/active_record.rb +2 -2
  16. data/lib/sorcery/model/adapters/mongoid.rb +2 -2
  17. data/lib/sorcery/model/submodules/activity_logging.rb +7 -6
  18. data/lib/sorcery/model/submodules/brute_force_protection.rb +10 -6
  19. data/lib/sorcery/model/submodules/external.rb +4 -2
  20. data/lib/sorcery/model/submodules/remember_me.rb +4 -3
  21. data/lib/sorcery/model/submodules/reset_password.rb +16 -8
  22. data/lib/sorcery/model/submodules/user_activation.rb +23 -10
  23. data/lib/sorcery/model/temporary_token.rb +3 -2
  24. data/lib/sorcery/test_helpers/internal.rb +2 -1
  25. data/lib/sorcery/test_helpers/internal/rails.rb +5 -1
  26. data/sorcery.gemspec +16 -2
  27. data/spec/Gemfile.lock +1 -1
  28. data/spec/rails3/Gemfile.lock +1 -1
  29. data/spec/rails3/spec/user_activation_spec.rb +2 -168
  30. data/spec/rails3/spec/user_activity_logging_spec.rb +2 -30
  31. data/spec/rails3/spec/user_brute_force_protection_spec.rb +2 -35
  32. data/spec/rails3/spec/user_oauth_spec.rb +2 -26
  33. data/spec/rails3/spec/user_remember_me_spec.rb +2 -45
  34. data/spec/rails3/spec/user_reset_password_spec.rb +3 -168
  35. data/spec/rails3/spec/user_spec.rb +3 -283
  36. data/spec/rails3_mongoid/Gemfile.lock +1 -1
  37. data/spec/rails3_mongoid/app/models/authentication.rb +3 -3
  38. data/spec/rails3_mongoid/spec/user_activation_spec.rb +2 -171
  39. data/spec/rails3_mongoid/spec/user_activity_logging_spec.rb +2 -25
  40. data/spec/rails3_mongoid/spec/user_brute_force_protection_spec.rb +2 -35
  41. data/spec/rails3_mongoid/spec/user_oauth_spec.rb +2 -28
  42. data/spec/rails3_mongoid/spec/user_remember_me_spec.rb +2 -45
  43. data/spec/rails3_mongoid/spec/user_reset_password_spec.rb +2 -176
  44. data/spec/rails3_mongoid/spec/user_spec.rb +3 -285
  45. data/spec/shared_examples/user_activation_shared_examples.rb +173 -0
  46. data/spec/shared_examples/user_activity_logging_shared_examples.rb +27 -0
  47. data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +37 -0
  48. data/spec/shared_examples/user_oauth_shared_examples.rb +30 -0
  49. data/spec/shared_examples/user_remember_me_shared_examples.rb +47 -0
  50. data/spec/shared_examples/user_reset_password_shared_examples.rb +177 -0
  51. data/spec/shared_examples/user_shared_examples.rb +292 -0
  52. data/spec/sinatra/Gemfile.lock +1 -1
  53. data/spec/sinatra_modular/Gemfile.lock +1 -1
  54. metadata +16 -2
@@ -1,36 +1,8 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_activity_logging_shared_examples')
2
3
 
3
4
  describe "User with activity logging submodule" do
4
- before(:all) do
5
- end
6
-
7
- after(:all) do
8
- end
9
5
 
10
- # ----------------- PLUGIN CONFIGURATION -----------------------
11
- describe User, "loaded plugin configuration" do
12
- before(:all) do
13
- sorcery_reload!([:activity_logging])
14
- end
15
-
16
- after(:each) do
17
- User.sorcery_config.reset!
18
- end
19
-
20
- it "should allow configuration option 'last_login_at_attribute_name'" do
21
- sorcery_model_property_set(:last_login_at_attribute_name, :login_time)
22
- User.sorcery_config.last_login_at_attribute_name.should equal(:login_time)
23
- end
24
-
25
- it "should allow configuration option 'last_logout_at_attribute_name'" do
26
- sorcery_model_property_set(:last_logout_at_attribute_name, :logout_time)
27
- User.sorcery_config.last_logout_at_attribute_name.should equal(:logout_time)
28
- end
29
-
30
- it "should allow configuration option 'last_activity_at_attribute_name'" do
31
- sorcery_model_property_set(:last_activity_at_attribute_name, :activity_time)
32
- User.sorcery_config.last_activity_at_attribute_name.should equal(:activity_time)
33
- end
34
- end
6
+ it_behaves_like "rails_3_activity_logging_model"
35
7
 
36
8
  end
@@ -1,4 +1,5 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_brute_force_protection_shared_examples')
2
3
 
3
4
  describe "User with brute_force_protection submodule" do
4
5
  before(:all) do
@@ -9,40 +10,6 @@ describe "User with brute_force_protection submodule" do
9
10
  ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/brute_force_protection")
10
11
  end
11
12
 
12
- # ----------------- PLUGIN CONFIGURATION -----------------------
13
- describe User, "loaded plugin configuration" do
14
-
15
- before(:all) do
16
- sorcery_reload!([:brute_force_protection])
17
- create_new_user
18
- end
19
-
20
- after(:each) do
21
- User.sorcery_config.reset!
22
- end
23
-
24
- specify { @user.should respond_to(:failed_logins_count) }
25
- specify { @user.should respond_to(:lock_expires_at) }
26
-
27
- it "should enable configuration option 'failed_logins_count_attribute_name'" do
28
- sorcery_model_property_set(:failed_logins_count_attribute_name, :my_count)
29
- User.sorcery_config.failed_logins_count_attribute_name.should equal(:my_count)
30
- end
31
-
32
- it "should enable configuration option 'lock_expires_at_attribute_name'" do
33
- sorcery_model_property_set(:lock_expires_at_attribute_name, :expires)
34
- User.sorcery_config.lock_expires_at_attribute_name.should equal(:expires)
35
- end
36
-
37
- it "should enable configuration option 'consecutive_login_retries_amount_allowed'" do
38
- sorcery_model_property_set(:consecutive_login_retries_amount_limit, 34)
39
- User.sorcery_config.consecutive_login_retries_amount_limit.should equal(34)
40
- end
41
-
42
- it "should enable configuration option 'login_lock_time_period'" do
43
- sorcery_model_property_set(:login_lock_time_period, 2.hours)
44
- User.sorcery_config.login_lock_time_period.should == 2.hours
45
- end
46
- end
13
+ it_behaves_like "rails_3_brute_force_protection_model"
47
14
 
48
15
  end
@@ -1,4 +1,5 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_oauth_shared_examples')
2
3
 
3
4
  describe "User with oauth submodule" do
4
5
  before(:all) do
@@ -9,31 +10,6 @@ describe "User with oauth submodule" do
9
10
  ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
10
11
  end
11
12
 
12
- # ----------------- PLUGIN CONFIGURATION -----------------------
13
- describe User, "loaded plugin configuration" do
14
-
15
- before(:all) do
16
- sorcery_reload!([:external])
17
- sorcery_controller_property_set(:external_providers, [:twitter])
18
- sorcery_model_property_set(:authentications_class, Authentication)
19
- sorcery_controller_external_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
20
- sorcery_controller_external_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
21
- sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
22
- create_new_external_user(:twitter)
23
- end
24
-
25
- it "should respond to 'load_from_provider'" do
26
- User.should respond_to(:load_from_provider)
27
- end
28
-
29
- it "'load_from_provider' should load user if exists" do
30
- User.load_from_provider(:twitter,123).should == @user
31
- end
32
-
33
- it "'load_from_provider' should return nil if user doesn't exist" do
34
- User.load_from_provider(:twitter,980342).should be_nil
35
- end
36
-
37
- end
13
+ it_behaves_like "rails_3_oauth_model"
38
14
 
39
15
  end
@@ -1,4 +1,5 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_remember_me_shared_examples')
2
3
 
3
4
  describe "User with remember_me submodule" do
4
5
  before(:all) do
@@ -9,50 +10,6 @@ describe "User with remember_me submodule" do
9
10
  ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/remember_me")
10
11
  end
11
12
 
12
- # ----------------- PLUGIN CONFIGURATION -----------------------
13
- describe User, "loaded plugin configuration" do
14
- before(:all) do
15
- sorcery_reload!([:remember_me])
16
- create_new_user
17
- end
18
-
19
- after(:each) do
20
- User.sorcery_config.reset!
21
- end
22
-
23
- it "should allow configuration option 'remember_me_token_attribute_name'" do
24
- sorcery_model_property_set(:remember_me_token_attribute_name, :my_token)
25
- User.sorcery_config.remember_me_token_attribute_name.should equal(:my_token)
26
- end
27
-
28
- it "should allow configuration option 'remember_me_token_expires_at_attribute_name'" do
29
- sorcery_model_property_set(:remember_me_token_expires_at_attribute_name, :my_expires)
30
- User.sorcery_config.remember_me_token_expires_at_attribute_name.should equal(:my_expires)
31
- end
32
-
33
- specify { @user.should respond_to(:remember_me!) }
34
-
35
- specify { @user.should respond_to(:forget_me!) }
36
-
37
- it "should generate a new token on 'remember_me!'" do
38
- @user.remember_me_token.should be_nil
39
- @user.remember_me!
40
- @user.remember_me_token.should_not be_nil
41
- end
42
-
43
- it "should set an expiration based on 'remember_me_for' attribute" do
44
- sorcery_model_property_set(:remember_me_for, 2 * 60 * 60 * 24)
45
- @user.remember_me!
46
- @user.remember_me_token_expires_at.to_s.should == (Time.now + 2 * 60 * 60 * 24).utc.to_s
47
- end
48
-
49
- it "should delete the token and expiration on 'forget_me!'" do
50
- @user.remember_me!
51
- @user.remember_me_token.should_not be_nil
52
- @user.forget_me!
53
- @user.remember_me_token.should be_nil
54
- @user.remember_me_token_expires_at.should be_nil
55
- end
56
- end
13
+ it_behaves_like "rails_3_remember_me_model"
57
14
 
58
15
  end
@@ -1,4 +1,6 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_reset_password_shared_examples')
3
+
2
4
 
3
5
  describe "User with reset_password submodule" do
4
6
  before(:all) do
@@ -9,173 +11,6 @@ describe "User with reset_password submodule" do
9
11
  ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/reset_password")
10
12
  end
11
13
 
12
- # ----------------- PLUGIN CONFIGURATION -----------------------
13
- describe User, "loaded plugin configuration" do
14
-
15
- before(:all) do
16
- sorcery_reload!([:reset_password], :reset_password_mailer => ::SorceryMailer)
17
- end
18
-
19
- after(:each) do
20
- User.sorcery_config.reset!
21
- end
22
-
23
- context "API" do
24
- before(:all) do
25
- create_new_user
26
- end
27
-
28
- specify { @user.should respond_to(:deliver_reset_password_instructions!) }
29
-
30
- specify { @user.should respond_to(:change_password!) }
31
-
32
- it "should respond to .load_from_reset_password_token" do
33
- User.should respond_to(:load_from_reset_password_token)
34
- end
35
- end
36
-
37
- it "should allow configuration option 'reset_password_token_attribute_name'" do
38
- sorcery_model_property_set(:reset_password_token_attribute_name, :my_code)
39
- User.sorcery_config.reset_password_token_attribute_name.should equal(:my_code)
40
- end
41
-
42
- it "should allow configuration option 'reset_password_mailer'" do
43
- sorcery_model_property_set(:reset_password_mailer, TestUser)
44
- User.sorcery_config.reset_password_mailer.should equal(TestUser)
45
- end
46
-
47
- it "should allow configuration option 'reset_password_email_method_name'" do
48
- sorcery_model_property_set(:reset_password_email_method_name, :my_mailer_method)
49
- User.sorcery_config.reset_password_email_method_name.should equal(:my_mailer_method)
50
- end
51
-
52
- it "should allow configuration option 'reset_password_expiration_period'" do
53
- sorcery_model_property_set(:reset_password_expiration_period, 16)
54
- User.sorcery_config.reset_password_expiration_period.should equal(16)
55
- end
56
-
57
- it "should allow configuration option 'reset_password_email_sent_at_attribute_name'" do
58
- sorcery_model_property_set(:reset_password_email_sent_at_attribute_name, :blabla)
59
- User.sorcery_config.reset_password_email_sent_at_attribute_name.should equal(:blabla)
60
- end
61
-
62
- it "should allow configuration option 'reset_password_time_between_emails'" do
63
- sorcery_model_property_set(:reset_password_time_between_emails, 16)
64
- User.sorcery_config.reset_password_time_between_emails.should equal(16)
65
- end
66
- end
67
-
68
- # ----------------- PLUGIN ACTIVATED -----------------------
69
- describe User, "when activated with sorcery" do
70
-
71
- before(:all) do
72
- sorcery_reload!([:reset_password], :reset_password_mailer => ::SorceryMailer)
73
- end
74
-
75
- before(:each) do
76
- User.delete_all
77
- end
78
-
79
- after(:each) do
80
- Timecop.return
81
- end
82
-
83
- it "load_from_reset_password_token should return user when token is found" do
84
- create_new_user
85
- @user.deliver_reset_password_instructions!
86
- User.load_from_reset_password_token(@user.reset_password_token).should == @user
87
- end
88
-
89
- it "load_from_reset_password_token should NOT return user when token is NOT found" do
90
- create_new_user
91
- @user.deliver_reset_password_instructions!
92
- User.load_from_reset_password_token("a").should == nil
93
- end
94
-
95
- it "load_from_reset_password_token should return user when token is found and not expired" do
96
- create_new_user
97
- sorcery_model_property_set(:reset_password_expiration_period, 500)
98
- @user.deliver_reset_password_instructions!
99
- User.load_from_reset_password_token(@user.reset_password_token).should == @user
100
- end
101
-
102
- it "load_from_reset_password_token should NOT return user when token is found and expired" do
103
- create_new_user
104
- sorcery_model_property_set(:reset_password_expiration_period, 0.1)
105
- @user.deliver_reset_password_instructions!
106
- Timecop.travel(Time.now+0.5)
107
- User.load_from_reset_password_token(@user.reset_password_token).should == nil
108
- end
109
-
110
- it "load_from_reset_password_token should always be valid if expiration period is nil" do
111
- create_new_user
112
- sorcery_model_property_set(:reset_password_expiration_period, nil)
113
- @user.deliver_reset_password_instructions!
114
- User.load_from_reset_password_token(@user.reset_password_token).should == @user
115
- end
116
-
117
- it "load_from_reset_password_token should return nil if token is blank" do
118
- User.load_from_reset_password_token(nil).should == nil
119
- User.load_from_reset_password_token("").should == nil
120
- end
121
-
122
- it "'deliver_reset_password_instructions!' should generate a reset_password_token" do
123
- create_new_user
124
- @user.reset_password_token.should be_nil
125
- @user.deliver_reset_password_instructions!
126
- @user.reset_password_token.should_not be_nil
127
- end
128
-
129
- it "the reset_password_token should be random" do
130
- create_new_user
131
- sorcery_model_property_set(:reset_password_time_between_emails, 0)
132
- @user.deliver_reset_password_instructions!
133
- old_password_code = @user.reset_password_token
134
- @user.deliver_reset_password_instructions!
135
- @user.reset_password_token.should_not == old_password_code
136
- end
137
-
138
- it "should send an email on reset" do
139
- create_new_user
140
- old_size = ActionMailer::Base.deliveries.size
141
- @user.deliver_reset_password_instructions!
142
- ActionMailer::Base.deliveries.size.should == old_size + 1
143
- end
144
-
145
- it "when change_password! is called, should delete reset_password_token" do
146
- create_new_user
147
- @user.deliver_reset_password_instructions!
148
- @user.reset_password_token.should_not be_nil
149
- @user.change_password!("blabulsdf")
150
- @user.save!
151
- @user.reset_password_token.should be_nil
152
- end
153
-
154
- it "should not send an email if time between emails has not passed since last email" do
155
- create_new_user
156
- sorcery_model_property_set(:reset_password_time_between_emails, 10000)
157
- old_size = ActionMailer::Base.deliveries.size
158
- @user.deliver_reset_password_instructions!
159
- ActionMailer::Base.deliveries.size.should == old_size + 1
160
- @user.deliver_reset_password_instructions!
161
- ActionMailer::Base.deliveries.size.should == old_size + 1
162
- end
163
-
164
- it "should send an email if time between emails has passed since last email" do
165
- create_new_user
166
- sorcery_model_property_set(:reset_password_time_between_emails, 0.5)
167
- old_size = ActionMailer::Base.deliveries.size
168
- @user.deliver_reset_password_instructions!
169
- ActionMailer::Base.deliveries.size.should == old_size + 1
170
- Timecop.travel(Time.now+0.5)
171
- @user.deliver_reset_password_instructions!
172
- ActionMailer::Base.deliveries.size.should == old_size + 2
173
- end
174
-
175
- it "if mailer is nil on activation, throw exception!" do
176
- expect{sorcery_reload!([:reset_password])}.to raise_error(ArgumentError)
177
- end
178
-
179
- end
14
+ it_behaves_like "rails_3_reset_password_model"
180
15
 
181
16
  end
@@ -1,5 +1,6 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
2
  require File.expand_path(File.dirname(__FILE__) + '/../app/mailers/sorcery_mailer')
3
+ require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_shared_examples')
3
4
 
4
5
  describe "User with no submodules (core)" do
5
6
  before(:all) do
@@ -17,272 +18,8 @@ describe "User with no submodules (core)" do
17
18
  end
18
19
 
19
20
  # ----------------- PLUGIN CONFIGURATION -----------------------
20
- describe User, "loaded plugin configuration" do
21
- after(:each) do
22
- User.sorcery_config.reset!
23
- end
24
-
25
- it "should enable configuration option 'username_attribute_name'" do
26
- sorcery_model_property_set(:username_attribute_name, :email)
27
- User.sorcery_config.username_attribute_name.should equal(:email)
28
- end
29
-
30
- it "should enable configuration option 'password_attribute_name'" do
31
- sorcery_model_property_set(:password_attribute_name, :mypassword)
32
- User.sorcery_config.password_attribute_name.should equal(:mypassword)
33
- end
34
-
35
- it "should enable configuration option 'email_attribute_name'" do
36
- sorcery_model_property_set(:email_attribute_name, :my_email)
37
- User.sorcery_config.email_attribute_name.should equal(:my_email)
38
- end
39
-
40
- it "should enable configuration option 'crypted_password_attribute_name'" do
41
- sorcery_model_property_set(:crypted_password_attribute_name, :password)
42
- User.sorcery_config.crypted_password_attribute_name.should equal(:password)
43
- end
44
-
45
- it "should enable configuration option 'salt_attribute_name'" do
46
- sorcery_model_property_set(:salt_attribute_name, :my_salt)
47
- User.sorcery_config.salt_attribute_name.should equal(:my_salt)
48
- end
49
-
50
- it "should enable configuration option 'encryption_algorithm'" do
51
- sorcery_model_property_set(:encryption_algorithm, :none)
52
- User.sorcery_config.encryption_algorithm.should equal(:none)
53
- end
54
-
55
- it "should enable configuration option 'encryption_key'" do
56
- sorcery_model_property_set(:encryption_key, 'asdadas424234242')
57
- User.sorcery_config.encryption_key.should == 'asdadas424234242'
58
- end
59
-
60
- it "should enable configuration option 'custom_encryption_provider'" do
61
- sorcery_model_property_set(:encryption_algorithm, :custom)
62
- sorcery_model_property_set(:custom_encryption_provider, Array)
63
- User.sorcery_config.custom_encryption_provider.should equal(Array)
64
- end
65
-
66
- it "should enable configuration option 'salt_join_token'" do
67
- salt_join_token = "--%%*&-"
68
- sorcery_model_property_set(:salt_join_token, salt_join_token)
69
- User.sorcery_config.salt_join_token.should equal(salt_join_token)
70
- end
71
-
72
- it "should enable configuration option 'stretches'" do
73
- stretches = 15
74
- sorcery_model_property_set(:stretches, stretches)
75
- User.sorcery_config.stretches.should equal(stretches)
76
- end
77
-
78
- end
79
-
80
- # ----------------- PLUGIN ACTIVATED -----------------------
81
- describe User, "when activated with sorcery" do
82
- before(:all) do
83
- sorcery_reload!()
84
- end
85
-
86
- before(:each) do
87
- User.delete_all
88
- end
89
-
90
- it "should respond to class method authenticate" do
91
- ActiveRecord::Base.should_not respond_to(:authenticate)
92
- User.should respond_to(:authenticate)
93
- end
94
-
95
- it "authenticate should return true if credentials are good" do
96
- create_new_user
97
- User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
98
- end
99
-
100
- it "authenticate should return false if credentials are bad" do
101
- create_new_user
102
- User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'wrong!').should be_false
103
- end
104
-
105
- specify { User.should respond_to(:encrypt) }
106
-
107
- it "subclass should inherit config if defined so" do
108
- sorcery_reload!([],{:subclasses_inherit_config => true})
109
- class Admin < User
110
- end
111
- Admin.sorcery_config.should_not be_nil
112
- Admin.sorcery_config.should == User.sorcery_config
113
- end
114
-
115
- it "subclass should not inherit config if not defined so" do
116
- sorcery_reload!([],{:subclasses_inherit_config => false})
117
- class Admin2 < User
118
- end
119
- Admin2.sorcery_config.should be_nil
120
- end
121
- end
122
-
123
- # ----------------- REGISTRATION -----------------------
124
- describe User, "registration" do
125
-
126
- before(:all) do
127
- sorcery_reload!()
128
- end
129
-
130
- before(:each) do
131
- User.delete_all
132
- end
133
-
134
- it "by default, encryption_provider should not be nil" do
135
- User.sorcery_config.encryption_provider.should_not be_nil
136
- end
137
-
138
- it "should encrypt password when a new user is saved" do
139
- create_new_user
140
- User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_true
141
- end
142
-
143
- it "should clear the virtual password field if the encryption process worked" do
144
- create_new_user
145
- @user.password.should be_nil
146
- end
147
-
148
- it "should not clear the virtual password field if save failed due to validity" do
149
- create_new_user
150
- User.class_eval do
151
- validates_format_of :email, :with => /^(.)+@(.)+$/, :if => Proc.new {|r| r.email}, :message => "is invalid"
152
- end
153
- @user.password = 'blupush'
154
- @user.email = 'asd'
155
- @user.save
156
- @user.password.should_not be_nil
157
- end
158
-
159
- it "should not clear the virtual password field if save failed due to exception" do
160
- create_new_user
161
- @user.password = 'blupush'
162
- @user.username = nil
163
- begin
164
- @user.save # triggers SQL exception since username field is defined not null.
165
- rescue
166
- end
167
- @user.password.should_not be_nil
168
- end
169
-
170
- it "should not encrypt the password twice when a user is updated" do
171
- create_new_user
172
- @user.email = "blup@bla.com"
173
- @user.save!
174
- User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_true
175
- end
176
-
177
- it "should replace the crypted_password in case a new password is set" do
178
- create_new_user
179
- @user.password = 'new_secret'
180
- @user.save!
181
- User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_false
182
- end
183
-
184
- end
185
21
 
186
- # ----------------- PASSWORD ENCRYPTION -----------------------
187
- describe User, "special encryption cases" do
188
- before(:all) do
189
- sorcery_reload!()
190
- @text = "Some Text!"
191
- end
192
-
193
- before(:each) do
194
- User.delete_all
195
- end
196
-
197
- after(:each) do
198
- User.sorcery_config.reset!
199
- end
200
-
201
- it "should work with no password encryption" do
202
- sorcery_model_property_set(:encryption_algorithm, :none)
203
- create_new_user
204
- User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
205
- end
206
-
207
- it "should work with custom password encryption" do
208
- class MyCrypto
209
- def self.encrypt(*tokens)
210
- tokens.flatten.join('').gsub(/e/,'A')
211
- end
212
-
213
- def self.matches?(crypted,*tokens)
214
- crypted = encrypt(*tokens)
215
- end
216
- end
217
- sorcery_model_property_set(:encryption_algorithm, :custom)
218
- sorcery_model_property_set(:custom_encryption_provider, MyCrypto)
219
- create_new_user
220
- User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
221
- end
222
-
223
- it "if encryption algo is aes256, it should set key to crypto provider" do
224
- sorcery_model_property_set(:encryption_algorithm, :aes256)
225
- sorcery_model_property_set(:encryption_key, nil)
226
- expect{User.encrypt(@text)}.to raise_error(ArgumentError)
227
- sorcery_model_property_set(:encryption_key, "asd234dfs423fddsmndsflktsdf32343")
228
- expect{User.encrypt(@text)}.to_not raise_error(ArgumentError)
229
- end
230
-
231
- it "if encryption algo is aes256, it should set key to crypto provider, even if attributes are set in reverse" do
232
- sorcery_model_property_set(:encryption_key, nil)
233
- sorcery_model_property_set(:encryption_algorithm, :none)
234
- sorcery_model_property_set(:encryption_key, "asd234dfs423fddsmndsflktsdf32343")
235
- sorcery_model_property_set(:encryption_algorithm, :aes256)
236
- expect{User.encrypt(@text)}.to_not raise_error(ArgumentError)
237
- end
238
-
239
- it "if encryption algo is md5 it should work" do
240
- sorcery_model_property_set(:encryption_algorithm, :md5)
241
- User.encrypt(@text).should == Sorcery::CryptoProviders::MD5.encrypt(@text)
242
- end
243
-
244
- it "if encryption algo is sha1 it should work" do
245
- sorcery_model_property_set(:encryption_algorithm, :sha1)
246
- User.encrypt(@text).should == Sorcery::CryptoProviders::SHA1.encrypt(@text)
247
- end
248
-
249
- it "if encryption algo is sha256 it should work" do
250
- sorcery_model_property_set(:encryption_algorithm, :sha256)
251
- User.encrypt(@text).should == Sorcery::CryptoProviders::SHA256.encrypt(@text)
252
- end
253
-
254
- it "if encryption algo is sha512 it should work" do
255
- sorcery_model_property_set(:encryption_algorithm, :sha512)
256
- User.encrypt(@text).should == Sorcery::CryptoProviders::SHA512.encrypt(@text)
257
- end
258
-
259
- it "salt should be random for each user and saved in db" do
260
- sorcery_model_property_set(:salt_attribute_name, :salt)
261
- create_new_user
262
- @user.salt.should_not be_nil
263
- end
264
-
265
- it "if salt is set should use it to encrypt" do
266
- sorcery_model_property_set(:salt_attribute_name, :salt)
267
- sorcery_model_property_set(:encryption_algorithm, :sha512)
268
- create_new_user
269
- @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret')
270
- @user.crypted_password.should == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
271
- end
272
-
273
- it "if salt_join_token is set should use it to encrypt" do
274
- sorcery_model_property_set(:salt_attribute_name, :salt)
275
- sorcery_model_property_set(:salt_join_token, "-@=>")
276
- sorcery_model_property_set(:encryption_algorithm, :sha512)
277
- create_new_user
278
- @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret')
279
- Sorcery::CryptoProviders::SHA512.join_token = ""
280
- @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
281
- Sorcery::CryptoProviders::SHA512.join_token = User.sorcery_config.salt_join_token
282
- @user.crypted_password.should == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
283
- end
284
-
285
- end
22
+ it_should_behave_like "rails_3_core_model"
286
23
 
287
24
  describe User, "external users" do
288
25
  before(:all) do
@@ -294,23 +31,6 @@ describe "User with no submodules (core)" do
294
31
  ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
295
32
  end
296
33
 
297
- before(:each) do
298
- User.delete_all
299
- end
300
-
301
- it "should respond to 'external?'" do
302
- create_new_user
303
- @user.should respond_to(:external?)
304
- end
305
-
306
- it "external? should be false for regular users" do
307
- create_new_user
308
- @user.external?.should be_false
309
- end
310
-
311
- it "external? should be true for external users" do
312
- create_new_external_user(:twitter)
313
- @user.external?.should be_true
314
- end
34
+ it_should_behave_like "external_user"
315
35
  end
316
36
  end