sorcery 0.6.1 → 0.7.0

data/lib/sorcery/model.rb

@@ -15,6 +15,7 @@ module Sorcery
             self.class_eval do
               extend ClassMethods # included here, before submodules, so they can be overriden by them.
               include InstanceMethods
+              include TemporaryToken
             end
             
             include_required_submodules!
@@ -52,8 +53,10 @@ module Sorcery
           # using 1.8.x hash syntax to perserve compatibility.
           def init_mongoid_support!
             self.class_eval do
-              field sorcery_config.username_attribute_name,         :type => String
-              field sorcery_config.email_attribute_name,            :type => String unless sorcery_config.username_attribute_name == sorcery_config.email_attribute_name
+              sorcery_config.username_attribute_names.each do |username|
+                field username,         :type => String
+              end
+              field sorcery_config.email_attribute_name,            :type => String unless sorcery_config.username_attribute_names.include?(sorcery_config.email_attribute_name)
               field sorcery_config.crypted_password_attribute_name, :type => String
               field sorcery_config.salt_attribute_name,             :type => String
             end
@@ -95,7 +98,7 @@ module Sorcery
         
         @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
         @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
-        CryptoProviders::AES256.key = @sorcery_config.encryption_key if @sorcery_config.encryption_algorithm == :aes256
+        CryptoProviders::AES256.key = @sorcery_config.encryption_key
         @sorcery_config.encryption_provider.encrypt(*tokens)
       end
       
@@ -141,7 +144,7 @@ module Sorcery
       # encrypts password with salt and saves it.
       def encrypt_password
         config = sorcery_config
-        self.send(:"#{config.salt_attribute_name}=", new_salt = generate_random_token) if !config.salt_attribute_name.nil?
+        self.send(:"#{config.salt_attribute_name}=", new_salt = TemporaryToken.generate_random_token) if !config.salt_attribute_name.nil?
         self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),new_salt))
       end
 
@@ -159,11 +162,6 @@ module Sorcery
           mail.deliver
         end
       end
-      
-      # Random code, used for salt and temporary tokens.
-      def generate_random_token
-        Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
-      end
     end
 
     # Each class which calls 'activate_sorcery!' receives an instance of this class.
@@ -171,7 +169,7 @@ module Sorcery
     # options will be configured from a single place.
     class Config
 
-      attr_accessor :username_attribute_name,           # change default username attribute, for example, to use :email
+      attr_accessor :username_attribute_names,           # change default username attribute, for example, to use :email
                                                         # as the login.
                                                         
                     :password_attribute_name,           # change *virtual* password attribute, the one which is used
@@ -203,7 +201,7 @@ module Sorcery
       def initialize
         @defaults = {
           :@submodules                           => [],
-          :@username_attribute_name              => :username,
+          :@username_attribute_names              => [:username],
           :@password_attribute_name              => :password,
           :@email_attribute_name                 => :email,
           :@crypted_password_attribute_name      => :crypted_password,
@@ -228,6 +226,10 @@ module Sorcery
         end       
       end
       
+      def username_attribute_names=(fields)
+        @username_attribute_names = fields.kind_of?(Array) ? fields : [fields]
+      end
+      
       def custom_encryption_provider=(provider)
         @custom_encryption_provider = @encryption_provider = provider
       end

data/lib/sorcery/model/adapters/active_record.rb

@@ -8,7 +8,8 @@ module Sorcery
 
         module ClassMethods
           def find_by_credentials(credentials)
-            where("#{@sorcery_config.username_attribute_name} = ?", credentials[0]).first
+             sql = @sorcery_config.username_attribute_names.map{|attribute| "#{attribute} = :login"}
+             where(sql.join(' OR '), :login => credentials[0]).first
           end
 
           def find_by_sorcery_token(token_attr_name, token)

data/lib/sorcery/model/adapters/mongoid.rb

@@ -15,7 +15,11 @@ module Sorcery
 
         module ClassMethods
           def find_by_credentials(credentials)
-            where(sorcery_config.username_attribute_name => credentials[0]).first
+            @sorcery_config.username_attribute_names.each do |attribute|
+              @user = where(attribute => credentials[0]).first
+              break if @user
+            end
+            @user
           end
 
           def find_by_provider_and_uid(provider, uid)
@@ -36,7 +40,8 @@ module Sorcery
           end
 
           def find_by_username(username)
-            where(sorcery_config.username_attribute_name => username).first
+            query = sorcery_config.username_attribute_names.map {|name| {name => username}}
+            where(query).first
           end
 
           def transaction(&blk)

data/lib/sorcery/model/submodules/brute_force_protection.rb

@@ -54,13 +54,15 @@ module Sorcery
 
           def lock!
             config = sorcery_config
-            self.update_attributes!(config.lock_expires_at_attribute_name => Time.now.utc + config.login_lock_time_period)
+            self.send(:"#{config.lock_expires_at_attribute_name}=", Time.now.utc + config.login_lock_time_period)
+            self.save!
           end
 
           def unlock!
             config = sorcery_config
-            self.update_attributes!(config.lock_expires_at_attribute_name => nil, 
-                                    config.failed_logins_count_attribute_name => 0)
+            self.send(:"#{config.lock_expires_at_attribute_name}=", nil)
+            self.send(:"#{config.failed_logins_count_attribute_name}=", 0)
+            self.save!
           end
           
           def unlocked?

data/lib/sorcery/model/submodules/remember_me.rb

@@ -42,7 +42,7 @@ module Sorcery
           # You shouldn't really use this one yourself - it's called by the controller's 'remember_me!' method.
           def remember_me!
             config = sorcery_config
-            self.send(:"#{config.remember_me_token_attribute_name}=", generate_random_token)
+            self.send(:"#{config.remember_me_token_attribute_name}=", TemporaryToken.generate_random_token)
             self.send(:"#{config.remember_me_token_expires_at_attribute_name}=", Time.now + config.remember_me_for)
             self.save!(:validate => false)
           end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -46,7 +46,6 @@ module Sorcery
           base.sorcery_config.after_config << :validate_mailer_defined
           base.sorcery_config.after_config << :define_reset_password_mongoid_fields if defined?(Mongoid) and base.ancestors.include?(Mongoid::Document)
 
-          base.send(:include, TemporaryToken)
           base.send(:include, InstanceMethods)
 
         end
@@ -81,7 +80,7 @@ module Sorcery
             config = sorcery_config
             # hammering protection
             return if config.reset_password_time_between_emails && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.ago.utc
-            self.send(:"#{config.reset_password_token_attribute_name}=", generate_random_token)
+            self.send(:"#{config.reset_password_token_attribute_name}=", TemporaryToken.generate_random_token)
             self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", Time.now.utc + config.reset_password_expiration_period) if config.reset_password_expiration_period
             self.send(:"#{config.reset_password_email_sent_at_attribute_name}=", Time.now.utc)
             self.class.transaction do

data/lib/sorcery/model/submodules/user_activation.rb

@@ -55,7 +55,6 @@ module Sorcery
           base.sorcery_config.before_authenticate << :prevent_non_active_login
           
           base.extend(ClassMethods)
-          base.send(:include, TemporaryToken)
           base.send(:include, InstanceMethods)
 
 
@@ -101,7 +100,7 @@ module Sorcery
 
           def setup_activation
             config = sorcery_config
-            generated_activation_token = generate_random_token
+            generated_activation_token = TemporaryToken.generate_random_token
             self.send(:"#{config.activation_token_attribute_name}=", generated_activation_token)
             self.send(:"#{config.activation_state_attribute_name}=", "pending")
             self.send(:"#{config.activation_token_expires_at_attribute_name}=", Time.now.utc + config.activation_token_expiration_period) if config.activation_token_expiration_period

data/lib/sorcery/model/temporary_token.rb

@@ -8,6 +8,11 @@ module Sorcery
         base.extend(ClassMethods)
       end
       
+      # Random code, used for salt and temporary tokens.
+      def self.generate_random_token
+        Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+      end
+      
       module ClassMethods
         def load_from_token(token, token_attr_name, token_expiration_date_attr)
           return nil if token.blank?

data/lib/sorcery/test_helpers/internal/rails.rb

@@ -12,7 +12,7 @@ module Sorcery
 
         def sorcery_reload!(submodules = [], options = {})
           reload_user_class
-
+          
           # return to no-module configuration
           ::Sorcery::Controller::Config.init!
           ::Sorcery::Controller::Config.reset!

data/lib/sorcery/test_helpers/rails.rb

@@ -4,8 +4,8 @@ module Sorcery
       # logins a user and calls all callbacks
       def login_user(user = nil)
         user ||= @user
-        @controller.send(:login_user,user)
-        @controller.send(:after_login!,user,[user.send(user.sorcery_config.username_attribute_name),'secret'])
+        @controller.send(:auto_login,user)
+        @controller.send(:after_login!,user,[user.send(user.sorcery_config.username_attribute_names.first),'secret'])
       end
 
       def logout_user

data/lib/sorcery/test_helpers/sinatra.rb

@@ -37,7 +37,7 @@ module Sorcery
         def login_user(user=nil)
           user ||= @user
           get_sinatra_app(app).send(:login_user, user)
-          get_sinatra_app(app).send(:after_login!, user, [user.send(user.sorcery_config.username_attribute_name), 'secret'])
+          get_sinatra_app(app).send(:after_login!, user, [user.send(user.sorcery_config.username_attribute_names.first), 'secret'])
         end
 
         def logout_user

data/sorcery.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "sorcery"
-  s.version = "0.6.1"
+  s.version = "0.7.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Noam Ben Ari"]
-  s.date = "2011-09-02"
+  s.date = "2011-09-30"
   s.description = "Provides common authentication needs such as signing in/out, activating by email and resetting password."
   s.email = "nbenari@gmail.com"
   s.extra_rdoc_files = [
@@ -39,9 +39,11 @@ Gem::Specification.new do |s|
     "lib/sorcery/controller/submodules/activity_logging.rb",
     "lib/sorcery/controller/submodules/brute_force_protection.rb",
     "lib/sorcery/controller/submodules/external.rb",
+    "lib/sorcery/controller/submodules/external/protocols/certs/ca-bundle.crt",
     "lib/sorcery/controller/submodules/external/protocols/oauth1.rb",
     "lib/sorcery/controller/submodules/external/protocols/oauth2.rb",
     "lib/sorcery/controller/submodules/external/providers/facebook.rb",
+    "lib/sorcery/controller/submodules/external/providers/github.rb",
     "lib/sorcery/controller/submodules/external/providers/twitter.rb",
     "lib/sorcery/controller/submodules/http_basic_auth.rb",
     "lib/sorcery/controller/submodules/remember_me.rb",
@@ -77,6 +79,7 @@ Gem::Specification.new do |s|
     "sorcery.gemspec",
     "spec/Gemfile",
     "spec/Gemfile.lock",
+    "spec/README.md",
     "spec/Rakefile",
     "spec/rails3/.gitignore",
     "spec/rails3/.rspec",
@@ -90,6 +93,7 @@ Gem::Specification.new do |s|
     "spec/rails3/app/mailers/sorcery_mailer.rb",
     "spec/rails3/app/models/authentication.rb",
     "spec/rails3/app/models/user.rb",
+    "spec/rails3/app/views/application/index.html.erb",
     "spec/rails3/app/views/layouts/application.html.erb",
     "spec/rails3/app/views/sorcery_mailer/activation_email.html.erb",
     "spec/rails3/app/views/sorcery_mailer/activation_email.text.erb",
@@ -128,7 +132,6 @@ Gem::Specification.new do |s|
     "spec/rails3/public/500.html",
     "spec/rails3/public/favicon.ico",
     "spec/rails3/public/images/rails.png",
-    "spec/rails3/public/index.html",
     "spec/rails3/public/javascripts/application.js",
     "spec/rails3/public/javascripts/controls.js",
     "spec/rails3/public/javascripts/dragdrop.js",
@@ -146,6 +149,7 @@ Gem::Specification.new do |s|
     "spec/rails3/spec/controller_remember_me_spec.rb",
     "spec/rails3/spec/controller_session_timeout_spec.rb",
     "spec/rails3/spec/controller_spec.rb",
+    "spec/rails3/spec/integration_spec.rb",
     "spec/rails3/spec/spec.opts",
     "spec/rails3/spec/spec_helper.orig.rb",
     "spec/rails3/spec/spec_helper.rb",
@@ -207,6 +211,7 @@ Gem::Specification.new do |s|
     "spec/rails3_mongoid/public/robots.txt",
     "spec/rails3_mongoid/public/stylesheets/.gitkeep",
     "spec/rails3_mongoid/script/rails",
+    "spec/rails3_mongoid/spec/controller_spec.rb",
     "spec/rails3_mongoid/spec/spec.opts",
     "spec/rails3_mongoid/spec/spec_helper.orig.rb",
     "spec/rails3_mongoid/spec/spec_helper.rb",
@@ -326,6 +331,7 @@ Gem::Specification.new do |s|
     "spec/rails3/spec/controller_remember_me_spec.rb",
     "spec/rails3/spec/controller_session_timeout_spec.rb",
     "spec/rails3/spec/controller_spec.rb",
+    "spec/rails3/spec/integration_spec.rb",
     "spec/rails3/spec/spec_helper.orig.rb",
     "spec/rails3/spec/spec_helper.rb",
     "spec/rails3/spec/user_activation_spec.rb",
@@ -355,6 +361,7 @@ Gem::Specification.new do |s|
     "spec/rails3_mongoid/config/routes.rb",
     "spec/rails3_mongoid/db/schema.rb",
     "spec/rails3_mongoid/db/seeds.rb",
+    "spec/rails3_mongoid/spec/controller_spec.rb",
     "spec/rails3_mongoid/spec/spec_helper.orig.rb",
     "spec/rails3_mongoid/spec/spec_helper.rb",
     "spec/rails3_mongoid/spec/user_activation_spec.rb",
@@ -426,7 +433,7 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<oauth>, ["~> 0.4.4"])
-      s.add_runtime_dependency(%q<oauth2>, ["~> 0.4.1"])
+      s.add_runtime_dependency(%q<oauth2>, ["~> 0.5.1"])
       s.add_development_dependency(%q<rails>, [">= 3.0.0"])
       s.add_development_dependency(%q<json>, [">= 1.5.1"])
       s.add_development_dependency(%q<mongoid>, ["~> 2.0"])
@@ -442,10 +449,10 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<timecop>, [">= 0"])
       s.add_runtime_dependency(%q<bcrypt-ruby>, ["~> 3.0.0"])
       s.add_runtime_dependency(%q<oauth>, ["~> 0.4.4"])
-      s.add_runtime_dependency(%q<oauth2>, ["~> 0.4.1"])
+      s.add_runtime_dependency(%q<oauth2>, ["~> 0.5.1"])
     else
       s.add_dependency(%q<oauth>, ["~> 0.4.4"])
-      s.add_dependency(%q<oauth2>, ["~> 0.4.1"])
+      s.add_dependency(%q<oauth2>, ["~> 0.5.1"])
       s.add_dependency(%q<rails>, [">= 3.0.0"])
       s.add_dependency(%q<json>, [">= 1.5.1"])
       s.add_dependency(%q<mongoid>, ["~> 2.0"])
@@ -461,11 +468,11 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<timecop>, [">= 0"])
       s.add_dependency(%q<bcrypt-ruby>, ["~> 3.0.0"])
       s.add_dependency(%q<oauth>, ["~> 0.4.4"])
-      s.add_dependency(%q<oauth2>, ["~> 0.4.1"])
+      s.add_dependency(%q<oauth2>, ["~> 0.5.1"])
     end
   else
     s.add_dependency(%q<oauth>, ["~> 0.4.4"])
-    s.add_dependency(%q<oauth2>, ["~> 0.4.1"])
+    s.add_dependency(%q<oauth2>, ["~> 0.5.1"])
     s.add_dependency(%q<rails>, [">= 3.0.0"])
     s.add_dependency(%q<json>, [">= 1.5.1"])
     s.add_dependency(%q<mongoid>, ["~> 2.0"])
@@ -481,7 +488,7 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<timecop>, [">= 0"])
     s.add_dependency(%q<bcrypt-ruby>, ["~> 3.0.0"])
     s.add_dependency(%q<oauth>, ["~> 0.4.4"])
-    s.add_dependency(%q<oauth2>, ["~> 0.4.1"])
+    s.add_dependency(%q<oauth2>, ["~> 0.5.1"])
   end
 end
 

data/spec/Gemfile

@@ -4,7 +4,7 @@ gem "rails", '3.0.3'
 gem 'bcrypt-ruby', :require => 'bcrypt'
 gem "sorcery", '>= 0.1.0', :path => '../'
 gem 'oauth', "~> 0.4.4"
-gem 'oauth2', "~> 0.4.1"
+gem 'oauth2', "~> 0.5.1"
 group :development do
   gem "rspec", "~> 2.5.0"
   gem 'ruby-debug19'

data/spec/Gemfile.lock

@@ -1,12 +1,10 @@
 PATH
   remote: ../
   specs:
-    sorcery (0.6.0)
+    sorcery (0.6.1)
       bcrypt-ruby (~> 3.0.0)
-      oauth (>= 0.4.4)
-      oauth (>= 0.4.4)
-      oauth2 (>= 0.1.1)
-      oauth2 (>= 0.1.1)
+      oauth (~> 0.4.4)
+      oauth2 (~> 0.5.0)
 
 GEM
   remote: http://rubygems.org/
@@ -47,8 +45,8 @@ GEM
     diff-lcs (1.1.3)
     erubis (2.6.6)
       abstract (>= 1.0.0)
-    faraday (0.6.1)
-      addressable (~> 2.2.4)
+    faraday (0.7.4)
+      addressable (~> 2.2.6)
       multipart-post (~> 1.1.0)
       rack (< 2, >= 1.1.0)
     i18n (0.6.0)
@@ -63,9 +61,9 @@ GEM
     multi_json (1.0.3)
     multipart-post (1.1.3)
     oauth (0.4.5)
-    oauth2 (0.4.1)
-      faraday (~> 0.6.1)
-      multi_json (>= 0.0.5)
+    oauth2 (0.5.1)
+      faraday (~> 0.7.4)
+      multi_json (~> 1.0.3)
     polyglot (0.3.2)
     rack (1.2.3)
     rack-mount (0.6.14)
@@ -119,7 +117,7 @@ PLATFORMS
 DEPENDENCIES
   bcrypt-ruby
   oauth (~> 0.4.4)
-  oauth2 (~> 0.4.1)
+  oauth2 (~> 0.5.1)
   rails (= 3.0.3)
   rspec (~> 2.5.0)
   ruby-debug19

data/spec/README.md

@@ -0,0 +1,26 @@
+Running Sorcery's Specs
+=======================
+Sorcery is meant to be used with Rails and Sinatra so sample apps have been included in `spec/`.  
+
+Each sample app runs a set of shared specs ( `spec/shared_examples/*_example.rb`) and also includes specs that address framework specific concerns.
+
+Sorcery has one set of specs (`sorcery_crypto_providers_spec.rb`) that can be run outside of any of the frameworks. To run it simply:
+    
+    cd spec/
+    bundle install
+    rake spec
+
+Running Framework Specs
+-----------------------
+To run framework specs, cd into each directory, bundle, and run the specs. For example, to run the rails3 specs you would:
+
+    cd spec/rails3/
+    bundle install
+    rake spec
+
+**Note:** the rails3_mongoid sample app does require, well, MongoDB. Installing MongoDB on mac osx is easy with homebrew. Seeing as you're reading the readme for running specs, I'll assume you can install MongoDB on your machine. For the purpose of running these tests, I put mongod in verbose mode and in the background so I can see it log to stdout. 
+
+    cd spec/rails3_mongoid
+    bundle install
+    mongod -v &
+    rake spec

data/spec/rails3/Gemfile

@@ -10,4 +10,6 @@ group :development, :test do
   gem 'ruby-debug19'
   gem 'simplecov', '>= 0.3.8', :require => false # Will install simplecov-html as a dependency
   gem 'timecop'
+  gem 'capybara', '~> 1.1.1'
+  gem 'launchy', '~> 2.0.5'
 end

data/spec/rails3/Gemfile.lock

@@ -1,12 +1,10 @@
 PATH
   remote: ../../../
   specs:
-    sorcery (0.6.0)
+    sorcery (0.6.1)
       bcrypt-ruby (~> 3.0.0)
-      oauth (>= 0.4.4)
-      oauth (>= 0.4.4)
-      oauth2 (>= 0.1.1)
-      oauth2 (>= 0.1.1)
+      oauth (~> 0.4.4)
+      oauth2 (~> 0.5.0)
 
 GEM
   remote: http://rubygems.org/
@@ -41,17 +39,30 @@ GEM
     addressable (2.2.6)
     archive-tar-minitar (0.5.2)
     arel (2.0.6)
-    bcrypt-ruby (3.0.0)
+    bcrypt-ruby (3.0.1)
     builder (2.1.2)
+    capybara (1.1.1)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (~> 2.0)
+      xpath (~> 0.1.4)
+    childprocess (0.2.2)
+      ffi (~> 1.0.6)
     columnize (0.3.2)
     diff-lcs (1.1.2)
     erubis (2.6.6)
       abstract (>= 1.0.0)
-    faraday (0.6.1)
-      addressable (~> 2.2.4)
+    faraday (0.7.4)
+      addressable (~> 2.2.6)
       multipart-post (~> 1.1.0)
       rack (< 2, >= 1.1.0)
+    ffi (1.0.9)
     i18n (0.5.0)
+    json_pure (1.5.1)
+    launchy (2.0.5)
+      addressable (~> 2.2.6)
     linecache19 (0.5.11)
       ruby_core_source (>= 0.1.4)
     mail (2.2.13)
@@ -62,10 +73,11 @@ GEM
     mime-types (1.16)
     multi_json (1.0.3)
     multipart-post (1.1.3)
+    nokogiri (1.4.4)
     oauth (0.4.5)
-    oauth2 (0.4.1)
-      faraday (~> 0.6.1)
-      multi_json (>= 0.0.5)
+    oauth2 (0.5.1)
+      faraday (~> 0.7.4)
+      multi_json (~> 1.0.3)
     polyglot (0.3.1)
     rack (1.2.1)
     rack-mount (0.6.13)
@@ -109,6 +121,12 @@ GEM
       ruby-debug-base19 (>= 0.11.19)
     ruby_core_source (0.1.4)
       archive-tar-minitar (>= 0.5.2)
+    rubyzip (0.9.4)
+    selenium-webdriver (2.6.0)
+      childprocess (>= 0.2.1)
+      ffi (>= 1.0.7)
+      json_pure
+      rubyzip
     simplecov (0.3.9)
       simplecov-html (>= 0.3.7)
     simplecov-html (0.3.9)
@@ -118,11 +136,15 @@ GEM
     treetop (1.4.9)
       polyglot (>= 0.3.1)
     tzinfo (0.3.23)
+    xpath (0.1.4)
+      nokogiri (~> 1.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  capybara (~> 1.1.1)
+  launchy (~> 2.0.5)
   rails (= 3.0.3)
   rspec (~> 2.5.0)
   rspec-rails (~> 2.5.0)