sorcery 0.5.3 → 0.5.21

data/spec/rails3_mongoid/spec/user_spec.rb

@@ -1,6 +1,5 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 require File.expand_path(File.dirname(__FILE__) + '/../app/mailers/sorcery_mailer')
-require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_shared_examples')
 
 describe "User with no submodules (core)" do
   before(:all) do
@@ -14,13 +13,296 @@ describe "User with no submodules (core)" do
   end
   
   # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+  
+    it "should enable configuration option 'username_attribute_name'" do
+      sorcery_model_property_set(:username_attribute_name, :email)
+      User.sorcery_config.username_attribute_name.should equal(:email)    
+    end
+  
+    it "should enable configuration option 'password_attribute_name'" do
+      sorcery_model_property_set(:password_attribute_name, :mypassword)
+      User.sorcery_config.password_attribute_name.should equal(:mypassword)
+    end
+    
+    it "should enable configuration option 'email_attribute_name'" do
+      sorcery_model_property_set(:email_attribute_name, :my_email)
+      User.sorcery_config.email_attribute_name.should equal(:my_email)
+    end
+
+    it "should enable configuration option 'crypted_password_attribute_name'" do
+      sorcery_model_property_set(:crypted_password_attribute_name, :password)
+      User.sorcery_config.crypted_password_attribute_name.should equal(:password)
+    end
+    
+    it "should enable configuration option 'salt_attribute_name'" do
+      sorcery_model_property_set(:salt_attribute_name, :my_salt)
+      User.sorcery_config.salt_attribute_name.should equal(:my_salt)
+    end
+
+    it "should enable configuration option 'encryption_algorithm'" do
+      sorcery_model_property_set(:encryption_algorithm, :none)
+      User.sorcery_config.encryption_algorithm.should equal(:none)
+    end
+
+    it "should enable configuration option 'encryption_key'" do
+      sorcery_model_property_set(:encryption_key, 'asdadas424234242')
+      User.sorcery_config.encryption_key.should == 'asdadas424234242'
+    end
+
+    it "should enable configuration option 'custom_encryption_provider'" do
+      sorcery_model_property_set(:encryption_algorithm, :custom)
+      sorcery_model_property_set(:custom_encryption_provider, Array)
+      User.sorcery_config.custom_encryption_provider.should equal(Array)
+    end
+  
+    it "should enable configuration option 'salt_join_token'" do
+      salt_join_token = "--%%*&-"
+      sorcery_model_property_set(:salt_join_token, salt_join_token)
+      User.sorcery_config.salt_join_token.should equal(salt_join_token)
+    end
+    
+    it "should enable configuration option 'stretches'" do
+      stretches = 15
+      sorcery_model_property_set(:stretches, stretches)
+      User.sorcery_config.stretches.should equal(stretches)
+    end
+  
+  end
+
+  # ----------------- PLUGIN ACTIVATED -----------------------
+  describe User, "when activated with sorcery" do
+    before(:all) do
+      sorcery_reload!()
+    end
+  
+    before(:each) do
+      User.delete_all
+    end
+  
+    it "should respond to class method authenticate" do
+      User.should respond_to(:authenticate)
+    end
+  
+    it "authenticate should return true if credentials are good" do
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
+    end
+  
+    it "authenticate should return false if credentials are bad" do
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'wrong!').should be_false
+    end
+  
+    specify { User.should respond_to(:encrypt) }
+    
+    it "subclass should inherit config if defined so" do
+      sorcery_reload!([],{:subclasses_inherit_config => true})
+      class Admin < User
+      end
+      Admin.sorcery_config.should_not be_nil
+      Admin.sorcery_config.should == User.sorcery_config
+    end
+    
+    it "subclass should not inherit config if not defined so" do
+      sorcery_reload!([],{:subclasses_inherit_config => false})
+      class Admin2 < User
+      end
+      Admin2.sorcery_config.should be_nil
+    end
+  end
+
+  # ----------------- REGISTRATION -----------------------
+  describe User, "registration" do
+  
+    before(:all) do
+      sorcery_reload!()
+    end
+
+    before(:each) do
+      User.delete_all
+    end
+  
+    it "by default, encryption_provider should not be nil" do
+      User.sorcery_config.encryption_provider.should_not be_nil
+    end
+    
+    it "should encrypt password when a new user is saved" do
+      create_new_user
+      User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_true
+    end
+
+    it "should clear the virtual password field if the encryption process worked" do
+      create_new_user
+      @user.password.should be_nil
+    end
+    
+    it "should not clear the virtual password field if save failed due to validity" do
+      create_new_user
+      User.class_eval do
+        validates_format_of :email, :with => /^(.)+@(.)+$/, :if => Proc.new {|r| r.email}, :message => "is invalid"
+      end
+      @user.password = 'blupush'
+      @user.email = 'asd'
+      @user.save
+      @user.password.should_not be_nil
+    end
+    
+    it "should not clear the virtual password field if save failed due to exception" do
+      create_new_user
+      @user.password = '4blupush'
+      @user.username = nil
+      User.class_eval do
+        validates_presence_of :username
+      end
+      begin
+        @user.save! # triggers validation exception since username field is required.
+      rescue
+      end
+      @user.password.should_not be_nil
+    end
+    
+    it "should not encrypt the password twice when a user is updated" do
+      create_new_user
+      @user.email = "blup@bla.com"
+      @user.save!
+      User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_true
+    end
+
+    it "should replace the crypted_password in case a new password is set" do
+      create_new_user
+      @user.password = 'new_secret'
+      @user.save!
+      User.sorcery_config.encryption_provider.matches?(@user.send(User.sorcery_config.crypted_password_attribute_name),'secret',@user.salt).should be_false
+    end
+
+  end
+
+  # ----------------- PASSWORD ENCRYPTION -----------------------
+  describe User, "special encryption cases" do
+    before(:all) do
+
+      @text = "Some Text!"
+    end
+  
+    before(:each) do
+      User.delete_all
+      sorcery_reload!()
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+    end
+  
+    it "should work with no password encryption" do
+      sorcery_model_property_set(:encryption_algorithm, :none)
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
+    end
+  
+    it "should work with custom password encryption" do
+      class MyCrypto
+        def self.encrypt(*tokens)
+          tokens.flatten.compact.join('').gsub(/e/,'A')
+        end
+        
+        def self.matches?(crypted,*tokens)
+          crypted == encrypt(*tokens)
+        end
+      end
+      sorcery_model_property_set(:encryption_algorithm, :custom)
+      sorcery_model_property_set(:custom_encryption_provider, MyCrypto)
+      create_new_user
+      User.authenticate(@user.send(User.sorcery_config.username_attribute_name), 'secret').should be_true
+    end
+  
+    it "if encryption algo is aes256, it should set key to crypto provider" do
+      sorcery_model_property_set(:encryption_algorithm, :aes256)
+      sorcery_model_property_set(:encryption_key, nil)
+      expect{User.encrypt(@text)}.to raise_error(ArgumentError)
+      sorcery_model_property_set(:encryption_key, "asd234dfs423fddsmndsflktsdf32343")
+      expect{User.encrypt(@text)}.to_not raise_error(ArgumentError)
+    end
+    
+    it "if encryption algo is aes256, it should set key to crypto provider, even if attributes are set in reverse" do
+      sorcery_model_property_set(:encryption_key, nil)
+      sorcery_model_property_set(:encryption_algorithm, :none)
+      sorcery_model_property_set(:encryption_key, "asd234dfs423fddsmndsflktsdf32343")
+      sorcery_model_property_set(:encryption_algorithm, :aes256)
+      expect{User.encrypt(@text)}.to_not raise_error(ArgumentError)
+    end
+  
+    it "if encryption algo is md5 it should work" do
+      sorcery_model_property_set(:encryption_algorithm, :md5)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::MD5.encrypt(@text)
+    end
+  
+    it "if encryption algo is sha1 it should work" do
+      sorcery_model_property_set(:encryption_algorithm, :sha1)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::SHA1.encrypt(@text)
+    end
+  
+    it "if encryption algo is sha256 it should work" do
+      sorcery_model_property_set(:encryption_algorithm, :sha256)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::SHA256.encrypt(@text)
+    end
+  
+    it "if encryption algo is sha512 it should work" do
+      sorcery_model_property_set(:encryption_algorithm, :sha512)
+      User.encrypt(@text).should == Sorcery::CryptoProviders::SHA512.encrypt(@text)
+    end
   
-  it_should_behave_like "rails_3_core_model"
+    it "salt should be random for each user and saved in db" do
+      sorcery_model_property_set(:salt_attribute_name, :salt)
+      create_new_user
+      @user.salt.should_not be_nil
+    end
+    
+    it "if salt is set should use it to encrypt" do
+      sorcery_model_property_set(:salt_attribute_name, :salt)
+      sorcery_model_property_set(:encryption_algorithm, :sha512)
+      create_new_user
+      @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret')
+      @user.crypted_password.should == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
+    end
+    
+    it "if salt_join_token is set should use it to encrypt" do
+      sorcery_model_property_set(:salt_attribute_name, :salt)
+      sorcery_model_property_set(:salt_join_token, "-@=>")
+      sorcery_model_property_set(:encryption_algorithm, :sha512)
+      create_new_user
+      @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret')
+      Sorcery::CryptoProviders::SHA512.join_token = ""
+      @user.crypted_password.should_not == Sorcery::CryptoProviders::SHA512.encrypt('secret')
+      Sorcery::CryptoProviders::SHA512.join_token = User.sorcery_config.salt_join_token
+      @user.crypted_password.should == Sorcery::CryptoProviders::SHA512.encrypt('secret',@user.salt)
+    end
+    
+  end
   
   describe User, "external users" do
 
-    it_should_behave_like "external_user"
+    before(:each) do
+      User.delete_all
+    end
+    
+    it "should respond to 'external?'" do
+      create_new_user
+      @user.should respond_to(:external?)
+    end
     
+    it "external? should be false for regular users" do
+      create_new_user
+      @user.external?.should be_false
+    end
+    
+    it "external? should be true for external users" do
+      create_new_external_user(:twitter)
+      @user.external?.should be_true
+    end
   end
 
   describe User, "when inherited" do

data/spec/sinatra/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../../
   specs:
-    sorcery (0.5.21)
+    sorcery (0.5.2)
       bcrypt-ruby (~> 2.1.4)
       oauth (>= 0.4.4)
       oauth (>= 0.4.4)

data/spec/sinatra_modular/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../../
   specs:
-    sorcery (0.5.21)
+    sorcery (0.5.2)
       bcrypt-ruby (~> 2.1.4)
       oauth (>= 0.4.4)
       oauth (>= 0.4.4)

metadata

@@ -2,7 +2,7 @@
 name: sorcery
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.5.3
+  version: 0.5.21
 platform: ruby
 authors: 
 - Noam Ben Ari
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-07-01 00:00:00 +03:00
+date: 2011-05-20 00:00:00 +03:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -422,13 +422,6 @@ files:
 - spec/rails3_mongoid/spec/user_reset_password_spec.rb
 - spec/rails3_mongoid/spec/user_spec.rb
 - spec/rails3_mongoid/vendor/plugins/.gitkeep
-- spec/shared_examples/user_activation_shared_examples.rb
-- spec/shared_examples/user_activity_logging_shared_examples.rb
-- spec/shared_examples/user_brute_force_protection_shared_examples.rb
-- spec/shared_examples/user_oauth_shared_examples.rb
-- spec/shared_examples/user_remember_me_shared_examples.rb
-- spec/shared_examples/user_reset_password_shared_examples.rb
-- spec/shared_examples/user_shared_examples.rb
 - spec/sinatra/Gemfile
 - spec/sinatra/Gemfile.lock
 - spec/sinatra/Rakefile
@@ -588,13 +581,6 @@ test_files:
 - spec/rails3_mongoid/spec/user_remember_me_spec.rb
 - spec/rails3_mongoid/spec/user_reset_password_spec.rb
 - spec/rails3_mongoid/spec/user_spec.rb
-- spec/shared_examples/user_activation_shared_examples.rb
-- spec/shared_examples/user_activity_logging_shared_examples.rb
-- spec/shared_examples/user_brute_force_protection_shared_examples.rb
-- spec/shared_examples/user_oauth_shared_examples.rb
-- spec/shared_examples/user_remember_me_shared_examples.rb
-- spec/shared_examples/user_reset_password_shared_examples.rb
-- spec/shared_examples/user_shared_examples.rb
 - spec/sinatra/authentication.rb
 - spec/sinatra/db/migrate/activation/20101224223622_add_activation_to_users.rb
 - spec/sinatra/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb

data/spec/shared_examples/user_activation_shared_examples.rb

@@ -1,173 +0,0 @@
-shared_examples_for "rails_3_activation_model" do
-  # ----------------- PLUGIN CONFIGURATION -----------------------
-  describe User, "loaded plugin configuration" do
-    before(:all) do
-      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
-    end
-  
-    after(:each) do
-      User.sorcery_config.reset!
-      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
-    end
-    
-    it "should enable configuration option 'activation_state_attribute_name'" do
-      sorcery_model_property_set(:activation_state_attribute_name, :status)
-      User.sorcery_config.activation_state_attribute_name.should equal(:status)    
-    end
-    
-    it "should enable configuration option 'activation_token_attribute_name'" do
-      sorcery_model_property_set(:activation_token_attribute_name, :code)
-      User.sorcery_config.activation_token_attribute_name.should equal(:code)    
-    end
-    
-    it "should enable configuration option 'user_activation_mailer'" do
-      sorcery_model_property_set(:user_activation_mailer, TestMailer)
-      User.sorcery_config.user_activation_mailer.should equal(TestMailer)    
-    end
-    
-    it "should enable configuration option 'activation_needed_email_method_name'" do
-      sorcery_model_property_set(:activation_needed_email_method_name, :my_activation_email)
-      User.sorcery_config.activation_needed_email_method_name.should equal(:my_activation_email)
-    end
-    
-    it "should enable configuration option 'activation_success_email_method_name'" do
-      sorcery_model_property_set(:activation_success_email_method_name, :my_activation_email)
-      User.sorcery_config.activation_success_email_method_name.should equal(:my_activation_email)
-    end
-    
-    it "if mailer is nil on activation, throw exception!" do
-      expect{sorcery_reload!([:user_activation])}.to raise_error(ArgumentError)
-    end
-  end
-
-  # ----------------- ACTIVATION PROCESS -----------------------
-  describe User, "activation process" do
-    before(:all) do
-      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
-    end
-    
-    before(:each) do
-      create_new_user
-    end
-    
-    it "should initialize user state to 'pending'" do
-      @user.activation_state.should == "pending"
-    end
-    
-    specify { @user.should respond_to(:activate!) }
-    
-    it "should clear activation code and change state to 'active' on activation" do
-      activation_token = @user.activation_token
-      @user.activate!
-      @user2 = User.find(@user.id) # go to db to make sure it was saved and not just in memory
-      @user2.activation_token.should be_nil
-      @user2.activation_state.should == "active"
-      User.find_by_activation_token(activation_token).should be_nil
-    end
-    
-    it "should send the user an activation email" do
-      old_size = ActionMailer::Base.deliveries.size
-      create_new_user
-      ActionMailer::Base.deliveries.size.should == old_size + 1
-    end
-    
-    it "subsequent saves do not send activation email" do
-      old_size = ActionMailer::Base.deliveries.size
-      @user.username = "Shauli"
-      @user.save!
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
-    
-    it "should send the user an activation success email on successful activation" do
-      old_size = ActionMailer::Base.deliveries.size
-      @user.activate!
-      ActionMailer::Base.deliveries.size.should == old_size + 1
-    end
-    
-    it "subsequent saves do not send activation success email" do
-      @user.activate!
-      old_size = ActionMailer::Base.deliveries.size
-      @user.username = "Shauli"
-      @user.save!
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
-    
-    it "activation needed email is optional" do
-      sorcery_model_property_set(:activation_needed_email_method_name, nil)
-      old_size = ActionMailer::Base.deliveries.size
-      create_new_user
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
-    
-    it "activation success email is optional" do
-      sorcery_model_property_set(:activation_success_email_method_name, nil)
-      old_size = ActionMailer::Base.deliveries.size
-      @user.activate!
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
-  end
-
-  describe User, "prevent non-active login feature" do
-    before(:all) do
-      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
-    end
-
-    before(:each) do
-      User.delete_all
-      create_new_user
-    end
-
-    it "should not allow a non-active user to authenticate" do
-      User.authenticate(@user.username,'secret').should be_false
-    end
-    
-    it "should allow a non-active user to authenticate if configured so" do
-      sorcery_model_property_set(:prevent_non_active_users_to_login, false)
-      User.authenticate(@user.username,'secret').should be_true
-    end
-  end
-  
-  describe User, "load_from_activation_token" do
-    before(:all) do
-      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
-    end
-    
-    after(:each) do
-      Timecop.return
-    end
-    
-    it "load_from_activation_token should return user when token is found" do
-      create_new_user
-      User.load_from_activation_token(@user.activation_token).should == @user
-    end
-    
-    it "load_from_activation_token should NOT return user when token is NOT found" do
-      create_new_user
-      User.load_from_activation_token("a").should == nil
-    end
-    
-    it "load_from_activation_token should return user when token is found and not expired" do
-      sorcery_model_property_set(:activation_token_expiration_period, 500)
-      create_new_user
-      User.load_from_activation_token(@user.activation_token).should == @user
-    end
-    
-    it "load_from_activation_token should NOT return user when token is found and expired" do
-      sorcery_model_property_set(:activation_token_expiration_period, 0.1)
-      create_new_user
-      Timecop.travel(Time.now+0.5)
-      User.load_from_activation_token(@user.activation_token).should == nil
-    end
-    
-    it "load_from_activation_token should return nil if token is blank" do
-      User.load_from_activation_token(nil).should == nil
-      User.load_from_activation_token("").should == nil
-    end
-    
-    it "load_from_activation_token should always be valid if expiration period is nil" do
-      sorcery_model_property_set(:activation_token_expiration_period, nil)
-      create_new_user
-      User.load_from_activation_token(@user.activation_token).should == @user
-    end
-  end
-end