sorcery 0.6.1 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +1 -0
- data/Gemfile.lock +52 -45
- data/README.rdoc +26 -54
- data/Rakefile +26 -0
- data/VERSION +1 -1
- data/lib/generators/sorcery/USAGE +22 -0
- data/lib/generators/sorcery/install_generator.rb +71 -0
- data/lib/{sorcery/initializers → generators/sorcery/templates}/initializer.rb +82 -61
- data/lib/generators/sorcery/templates/migration/activity_logging.rb +17 -0
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +11 -0
- data/lib/generators/{sorcery_migration/templates → sorcery/templates/migration}/core.rb +3 -3
- data/lib/generators/{sorcery_migration/templates → sorcery/templates/migration}/external.rb +1 -1
- data/lib/generators/sorcery/templates/migration/remember_me.rb +15 -0
- data/lib/generators/sorcery/templates/migration/reset_password.rb +17 -0
- data/lib/generators/sorcery/templates/migration/user_activation.rb +17 -0
- data/lib/sorcery/controller/submodules/activity_logging.rb +23 -9
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +2 -1
- data/lib/sorcery/controller/submodules/external/protocols/certs/ca-bundle.crt +5182 -0
- data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +27 -8
- data/lib/sorcery/controller/submodules/external/providers/github.rb +80 -0
- data/lib/sorcery/controller/submodules/external/providers/twitter.rb +5 -0
- data/lib/sorcery/controller/submodules/external.rb +10 -3
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -1
- data/lib/sorcery/controller/submodules/remember_me.rb +15 -5
- data/lib/sorcery/controller/submodules/session_timeout.rb +1 -1
- data/lib/sorcery/controller.rb +59 -38
- data/lib/sorcery/crypto_providers/aes256.rb +7 -3
- data/lib/sorcery/engine.rb +1 -0
- data/lib/sorcery/model/adapters/active_record.rb +2 -1
- data/lib/sorcery/model/adapters/mongo_mapper.rb +49 -0
- data/lib/sorcery/model/adapters/mongoid.rb +7 -2
- data/lib/sorcery/model/submodules/brute_force_protection.rb +13 -3
- data/lib/sorcery/model/submodules/remember_me.rb +9 -2
- data/lib/sorcery/model/submodules/reset_password.rb +11 -2
- data/lib/sorcery/model/submodules/user_activation.rb +13 -2
- data/lib/sorcery/model/temporary_token.rb +5 -0
- data/lib/sorcery/model.rb +34 -15
- data/lib/sorcery/test_helpers/internal/rails.rb +1 -1
- data/lib/sorcery/test_helpers/rails.rb +2 -2
- data/lib/sorcery.rb +6 -7
- data/sorcery.gemspec +86 -203
- data/spec/Gemfile.lock +23 -12
- data/spec/README.md +31 -0
- data/spec/rails3/Gemfile +3 -1
- data/spec/rails3/Gemfile.lock +45 -28
- data/spec/rails3/app/controllers/application_controller.rb +40 -22
- data/spec/rails3/app/views/application/index.html.erb +17 -0
- data/spec/rails3/spec/controller_activity_logging_spec.rb +23 -0
- data/spec/rails3/spec/controller_oauth2_spec.rb +59 -16
- data/spec/rails3/spec/controller_remember_me_spec.rb +37 -6
- data/spec/rails3/spec/controller_spec.rb +30 -0
- data/spec/rails3/spec/integration_spec.rb +23 -0
- data/spec/rails3/spec/spec_helper.rb +6 -5
- data/spec/rails3_mongo_mapper/.gitignore +4 -0
- data/spec/rails3_mongo_mapper/.rspec +1 -0
- data/spec/{sinatra_modular → rails3_mongo_mapper}/Gemfile +5 -5
- data/spec/rails3_mongo_mapper/Gemfile.lock +159 -0
- data/spec/{sinatra → rails3_mongo_mapper}/Rakefile +3 -3
- data/spec/rails3_mongo_mapper/app/controllers/application_controller.rb +108 -0
- data/spec/rails3_mongo_mapper/app/helpers/application_helper.rb +2 -0
- data/spec/rails3_mongo_mapper/app/models/authentication.rb +6 -0
- data/spec/rails3_mongo_mapper/app/models/user.rb +5 -0
- data/spec/rails3_mongo_mapper/app/views/layouts/application.html.erb +14 -0
- data/spec/rails3_mongo_mapper/app/views/sorcery_mailer/activation_email.html.erb +17 -0
- data/spec/rails3_mongo_mapper/app/views/sorcery_mailer/activation_email.text.erb +9 -0
- data/spec/rails3_mongo_mapper/app/views/sorcery_mailer/activation_success_email.html.erb +17 -0
- data/spec/rails3_mongo_mapper/app/views/sorcery_mailer/activation_success_email.text.erb +9 -0
- data/spec/rails3_mongo_mapper/app/views/sorcery_mailer/reset_password_email.html.erb +16 -0
- data/spec/rails3_mongo_mapper/app/views/sorcery_mailer/reset_password_email.text.erb +8 -0
- data/spec/rails3_mongo_mapper/config/application.rb +51 -0
- data/spec/rails3_mongo_mapper/config/boot.rb +13 -0
- data/spec/rails3_mongo_mapper/config/environment.rb +5 -0
- data/spec/rails3_mongo_mapper/config/environments/development.rb +30 -0
- data/spec/rails3_mongo_mapper/config/environments/in_memory.rb +0 -0
- data/spec/rails3_mongo_mapper/config/environments/production.rb +49 -0
- data/spec/rails3_mongo_mapper/config/environments/test.rb +35 -0
- data/spec/rails3_mongo_mapper/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/rails3_mongo_mapper/config/initializers/inflections.rb +10 -0
- data/spec/rails3_mongo_mapper/config/initializers/mime_types.rb +5 -0
- data/spec/rails3_mongo_mapper/config/initializers/mongo.rb +2 -0
- data/spec/rails3_mongo_mapper/config/initializers/secret_token.rb +7 -0
- data/spec/rails3_mongo_mapper/config/initializers/session_store.rb +8 -0
- data/spec/rails3_mongo_mapper/config/locales/en.yml +5 -0
- data/spec/rails3_mongo_mapper/config/routes.rb +59 -0
- data/spec/rails3_mongo_mapper/config.ru +4 -0
- data/spec/rails3_mongo_mapper/db/schema.rb +23 -0
- data/spec/rails3_mongo_mapper/db/seeds.rb +7 -0
- data/spec/rails3_mongo_mapper/lib/tasks/.gitkeep +0 -0
- data/spec/rails3_mongo_mapper/public/404.html +26 -0
- data/spec/rails3_mongo_mapper/public/422.html +26 -0
- data/spec/rails3_mongo_mapper/public/500.html +26 -0
- data/spec/rails3_mongo_mapper/public/favicon.ico +0 -0
- data/spec/rails3_mongo_mapper/public/images/rails.png +0 -0
- data/spec/rails3_mongo_mapper/public/javascripts/application.js +2 -0
- data/spec/rails3_mongo_mapper/public/javascripts/controls.js +965 -0
- data/spec/rails3_mongo_mapper/public/javascripts/dragdrop.js +974 -0
- data/spec/rails3_mongo_mapper/public/javascripts/effects.js +1123 -0
- data/spec/rails3_mongo_mapper/public/javascripts/prototype.js +6001 -0
- data/spec/rails3_mongo_mapper/public/javascripts/rails.js +175 -0
- data/spec/rails3_mongo_mapper/public/robots.txt +5 -0
- data/spec/rails3_mongo_mapper/public/stylesheets/.gitkeep +0 -0
- data/spec/rails3_mongo_mapper/script/rails +6 -0
- data/spec/{sinatra → rails3_mongo_mapper}/spec/controller_spec.rb +51 -41
- data/spec/rails3_mongo_mapper/spec/spec_helper.orig.rb +27 -0
- data/spec/rails3_mongo_mapper/spec/spec_helper.rb +55 -0
- data/spec/rails3_mongo_mapper/spec/user_activation_spec.rb +9 -0
- data/spec/rails3_mongo_mapper/spec/user_activity_logging_spec.rb +8 -0
- data/spec/rails3_mongo_mapper/spec/user_brute_force_protection_spec.rb +8 -0
- data/spec/rails3_mongo_mapper/spec/user_oauth_spec.rb +8 -0
- data/spec/rails3_mongo_mapper/spec/user_remember_me_spec.rb +8 -0
- data/spec/rails3_mongo_mapper/spec/user_reset_password_spec.rb +8 -0
- data/spec/rails3_mongo_mapper/spec/user_spec.rb +37 -0
- data/spec/rails3_mongo_mapper/vendor/plugins/.gitkeep +0 -0
- data/spec/rails3_mongoid/Gemfile +1 -1
- data/spec/rails3_mongoid/Gemfile.lock +41 -34
- data/spec/rails3_mongoid/spec/controller_activity_logging_spec.rb +98 -0
- data/spec/rails3_mongoid/spec/controller_spec.rb +130 -0
- data/spec/rails3_mongoid/spec/user_spec.rb +1 -0
- data/spec/shared_examples/user_remember_me_shared_examples.rb +1 -0
- data/spec/shared_examples/user_shared_examples.rb +36 -8
- metadata +128 -234
- data/lib/generators/sorcery_migration/sorcery_migration_generator.rb +0 -24
- data/lib/generators/sorcery_migration/templates/activity_logging.rb +0 -17
- data/lib/generators/sorcery_migration/templates/brute_force_protection.rb +0 -11
- data/lib/generators/sorcery_migration/templates/remember_me.rb +0 -15
- data/lib/generators/sorcery_migration/templates/reset_password.rb +0 -13
- data/lib/generators/sorcery_migration/templates/user_activation.rb +0 -17
- data/lib/sorcery/controller/adapters/sinatra.rb +0 -104
- data/lib/sorcery/sinatra.rb +0 -4
- data/lib/sorcery/test_helpers/internal/sinatra.rb +0 -74
- data/lib/sorcery/test_helpers/internal/sinatra_modular.rb +0 -74
- data/lib/sorcery/test_helpers/sinatra.rb +0 -88
- data/spec/rails3/Rakefile.unused +0 -7
- data/spec/rails3/public/index.html +0 -239
- data/spec/sinatra/Gemfile +0 -15
- data/spec/sinatra/Gemfile.lock +0 -117
- data/spec/sinatra/authentication.rb +0 -3
- data/spec/sinatra/db/migrate/activation/20101224223622_add_activation_to_users.rb +0 -17
- data/spec/sinatra/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +0 -17
- data/spec/sinatra/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +0 -11
- data/spec/sinatra/db/migrate/core/20101224223620_create_users.rb +0 -16
- data/spec/sinatra/db/migrate/external/20101224223628_create_authentications.rb +0 -14
- data/spec/sinatra/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +0 -15
- data/spec/sinatra/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +0 -13
- data/spec/sinatra/filters.rb +0 -27
- data/spec/sinatra/modular.rb +0 -157
- data/spec/sinatra/myapp.rb +0 -133
- data/spec/sinatra/spec/controller_activity_logging_spec.rb +0 -85
- data/spec/sinatra/spec/controller_brute_force_protection_spec.rb +0 -70
- data/spec/sinatra/spec/controller_http_basic_auth_spec.rb +0 -53
- data/spec/sinatra/spec/controller_oauth2_spec.rb +0 -99
- data/spec/sinatra/spec/controller_oauth_spec.rb +0 -100
- data/spec/sinatra/spec/controller_remember_me_spec.rb +0 -64
- data/spec/sinatra/spec/controller_session_timeout_spec.rb +0 -57
- data/spec/sinatra/spec/spec_helper.rb +0 -45
- data/spec/sinatra/user.rb +0 -6
- data/spec/sinatra/views/test_login.erb +0 -4
- data/spec/sinatra_modular/Gemfile.lock +0 -117
- data/spec/sinatra_modular/Rakefile +0 -11
- data/spec/sinatra_modular/authentication.rb +0 -3
- data/spec/sinatra_modular/db/migrate/activation/20101224223622_add_activation_to_users.rb +0 -17
- data/spec/sinatra_modular/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +0 -17
- data/spec/sinatra_modular/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +0 -11
- data/spec/sinatra_modular/db/migrate/core/20101224223620_create_users.rb +0 -16
- data/spec/sinatra_modular/db/migrate/external/20101224223628_create_authentications.rb +0 -14
- data/spec/sinatra_modular/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +0 -15
- data/spec/sinatra_modular/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +0 -13
- data/spec/sinatra_modular/filters.rb +0 -27
- data/spec/sinatra_modular/modular.rb +0 -157
- data/spec/sinatra_modular/myapp.rb +0 -133
- data/spec/sinatra_modular/sorcery_mailer.rb +0 -25
- data/spec/sinatra_modular/spec_modular/controller_activity_logging_spec.rb +0 -85
- data/spec/sinatra_modular/spec_modular/controller_brute_force_protection_spec.rb +0 -70
- data/spec/sinatra_modular/spec_modular/controller_http_basic_auth_spec.rb +0 -53
- data/spec/sinatra_modular/spec_modular/controller_oauth2_spec.rb +0 -99
- data/spec/sinatra_modular/spec_modular/controller_oauth_spec.rb +0 -100
- data/spec/sinatra_modular/spec_modular/controller_remember_me_spec.rb +0 -64
- data/spec/sinatra_modular/spec_modular/controller_session_timeout_spec.rb +0 -57
- data/spec/sinatra_modular/spec_modular/controller_spec.rb +0 -116
- data/spec/sinatra_modular/spec_modular/spec.opts +0 -2
- data/spec/sinatra_modular/spec_modular/spec_helper.rb +0 -51
- data/spec/sinatra_modular/user.rb +0 -6
- data/spec/sinatra_modular/views/test_login.erb +0 -4
- /data/spec/{sinatra → rails3_mongo_mapper/app/mailers}/sorcery_mailer.rb +0 -0
- /data/spec/{sinatra → rails3_mongo_mapper}/spec/spec.opts +0 -0
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
class AddBruteForceProtectionToUsers < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
add_column :users, :failed_logins_count, :integer, :default => 0
|
|
4
|
-
add_column :users, :lock_expires_at, :datetime, :default => nil
|
|
5
|
-
end
|
|
6
|
-
|
|
7
|
-
def self.down
|
|
8
|
-
remove_column :users, :lock_expires_at
|
|
9
|
-
remove_column :users, :failed_logins_count
|
|
10
|
-
end
|
|
11
|
-
end
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
class CreateUsers < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :users do |t|
|
|
4
|
-
t.string :username, :null => false
|
|
5
|
-
t.string :email, :default => nil
|
|
6
|
-
t.string :crypted_password, :default => nil
|
|
7
|
-
t.string :salt, :default => nil
|
|
8
|
-
|
|
9
|
-
t.timestamps
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def self.down
|
|
14
|
-
drop_table :users
|
|
15
|
-
end
|
|
16
|
-
end
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
class CreateAuthentications < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :authentications do |t|
|
|
4
|
-
t.integer :user_id, :null => false
|
|
5
|
-
t.string :provider, :uid, :null => false
|
|
6
|
-
|
|
7
|
-
t.timestamps
|
|
8
|
-
end
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def self.down
|
|
12
|
-
drop_table :authentications
|
|
13
|
-
end
|
|
14
|
-
end
|
data/spec/sinatra_modular/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
class AddRememberMeTokenToUsers < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
add_column :users, :remember_me_token, :string, :default => nil
|
|
4
|
-
add_column :users, :remember_me_token_expires_at, :datetime, :default => nil
|
|
5
|
-
|
|
6
|
-
add_index :users, :remember_me_token
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
def self.down
|
|
10
|
-
remove_index :users, :remember_me_token
|
|
11
|
-
|
|
12
|
-
remove_column :users, :remember_me_token_expires_at
|
|
13
|
-
remove_column :users, :remember_me_token
|
|
14
|
-
end
|
|
15
|
-
end
|
data/spec/sinatra_modular/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb
DELETED
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
class AddResetPasswordToUsers < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
add_column :users, :reset_password_token, :string, :default => nil
|
|
4
|
-
add_column :users, :reset_password_token_expires_at, :datetime, :default => nil
|
|
5
|
-
add_column :users, :reset_password_email_sent_at, :datetime, :default => nil
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
def self.down
|
|
9
|
-
remove_column :users, :reset_password_email_sent_at
|
|
10
|
-
remove_column :users, :reset_password_token_expires_at
|
|
11
|
-
remove_column :users, :reset_password_token
|
|
12
|
-
end
|
|
13
|
-
end
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
# --- before filters
|
|
2
|
-
module Filters
|
|
3
|
-
|
|
4
|
-
def self.included(klass)
|
|
5
|
-
klass.class_eval do
|
|
6
|
-
['/test_logout', '/some_action', '/test_should_be_logged_in'].each do |pattern|
|
|
7
|
-
before pattern do
|
|
8
|
-
require_login
|
|
9
|
-
end
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
before '/test_http_basic_auth' do
|
|
13
|
-
require_login_from_http_basic
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
# ----- test filters
|
|
17
|
-
|
|
18
|
-
before do
|
|
19
|
-
self.class.sorcery_vars = {}
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
after do
|
|
23
|
-
save_instance_vars
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
end
|
|
@@ -1,157 +0,0 @@
|
|
|
1
|
-
require 'sinatra/base'
|
|
2
|
-
#enable :sessions
|
|
3
|
-
|
|
4
|
-
require 'sqlite3'
|
|
5
|
-
require 'active_record'
|
|
6
|
-
|
|
7
|
-
# establish connection
|
|
8
|
-
ActiveRecord::Base.establish_connection(
|
|
9
|
-
:adapter => "sqlite3",
|
|
10
|
-
:database => ":memory:",
|
|
11
|
-
:verbosity => "quiet"
|
|
12
|
-
)
|
|
13
|
-
|
|
14
|
-
require 'action_mailer'
|
|
15
|
-
ActionMailer::Base.delivery_method = :test
|
|
16
|
-
require File.join(File.dirname(__FILE__), 'sorcery_mailer')
|
|
17
|
-
|
|
18
|
-
# models
|
|
19
|
-
require File.join(File.dirname(__FILE__), 'user')
|
|
20
|
-
require 'sorcery'
|
|
21
|
-
|
|
22
|
-
APP_ROOT = File.dirname(__FILE__)
|
|
23
|
-
|
|
24
|
-
class Modular < Sinatra::Base
|
|
25
|
-
set :sessions, true
|
|
26
|
-
|
|
27
|
-
# ['/test_logout', '/some_action', '/test_should_be_logged_in'].each do |patt|
|
|
28
|
-
# before patt do
|
|
29
|
-
# require_login
|
|
30
|
-
# end
|
|
31
|
-
# end
|
|
32
|
-
#
|
|
33
|
-
# before '/test_http_basic_auth' do
|
|
34
|
-
# require_login_from_http_basic
|
|
35
|
-
# end
|
|
36
|
-
#
|
|
37
|
-
## ----- test filters
|
|
38
|
-
#
|
|
39
|
-
# before do
|
|
40
|
-
# self.class.sorcery_vars = {}
|
|
41
|
-
# end
|
|
42
|
-
#
|
|
43
|
-
# after do
|
|
44
|
-
# save_instance_vars
|
|
45
|
-
# end
|
|
46
|
-
|
|
47
|
-
get '/' do
|
|
48
|
-
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
get '/test_login' do
|
|
52
|
-
@user = login(params[:username], params[:password])
|
|
53
|
-
@current_user = current_user
|
|
54
|
-
@logged_in = logged_in?
|
|
55
|
-
erb :test_login
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
get '/test_logout' do
|
|
59
|
-
session[:user_id] = User.first.id
|
|
60
|
-
logout
|
|
61
|
-
@current_user = current_user
|
|
62
|
-
@logged_in = logged_in?
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
get '/test_current_user' do
|
|
66
|
-
session[:user_id] = params[:id]
|
|
67
|
-
current_user
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
get '/some_action' do
|
|
71
|
-
erb ''
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
post '/test_return_to' do
|
|
75
|
-
session[:return_to_url] = params[:return_to_url] if params[:return_to_url]
|
|
76
|
-
@user = login(params[:username], params[:password])
|
|
77
|
-
redirect_back_or_to(:some_action)
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
get '/test_should_be_logged_in' do
|
|
81
|
-
erb ''
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
def test_not_authenticated_action
|
|
85
|
-
halt "test_not_authenticated_action"
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
def not_authenticated2
|
|
89
|
-
@session = session
|
|
90
|
-
save_instance_vars
|
|
91
|
-
redirect '/'
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
# remember me
|
|
95
|
-
|
|
96
|
-
post '/test_login_with_remember' do
|
|
97
|
-
@user = login(params[:username], params[:password])
|
|
98
|
-
remember_me!
|
|
99
|
-
erb ''
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
post '/test_login_with_remember_in_login' do
|
|
103
|
-
@user = login(params[:username], params[:password], params[:remember])
|
|
104
|
-
erb ''
|
|
105
|
-
end
|
|
106
|
-
|
|
107
|
-
get '/test_login_from_cookie' do
|
|
108
|
-
@user = current_user
|
|
109
|
-
erb ''
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
# http_basic
|
|
113
|
-
|
|
114
|
-
get '/test_http_basic_auth' do
|
|
115
|
-
erb "HTTP Basic Auth"
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
# oauth
|
|
119
|
-
|
|
120
|
-
get '/login_at_test' do
|
|
121
|
-
login_at(:twitter)
|
|
122
|
-
end
|
|
123
|
-
|
|
124
|
-
get '/test_login_from' do
|
|
125
|
-
if @user = login_from(:twitter)
|
|
126
|
-
erb "Success!"
|
|
127
|
-
else
|
|
128
|
-
erb "Failed!"
|
|
129
|
-
end
|
|
130
|
-
end
|
|
131
|
-
|
|
132
|
-
# oauth2
|
|
133
|
-
|
|
134
|
-
get '/login_at_test2' do
|
|
135
|
-
login_at(:facebook)
|
|
136
|
-
end
|
|
137
|
-
|
|
138
|
-
get '/test_login_from2' do
|
|
139
|
-
if @user = login_from(:facebook)
|
|
140
|
-
erb "Success!"
|
|
141
|
-
else
|
|
142
|
-
erb "Failed!"
|
|
143
|
-
end
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
get '/test_create_from_provider' do
|
|
147
|
-
provider = params[:provider]
|
|
148
|
-
login_from(provider)
|
|
149
|
-
if @user = create_from(provider)
|
|
150
|
-
erb "Success!"
|
|
151
|
-
else
|
|
152
|
-
erb "Failed!"
|
|
153
|
-
end
|
|
154
|
-
end
|
|
155
|
-
|
|
156
|
-
#run! if app_file == $2
|
|
157
|
-
end
|
|
@@ -1,133 +0,0 @@
|
|
|
1
|
-
require 'sinatra'
|
|
2
|
-
enable :sessions
|
|
3
|
-
|
|
4
|
-
require 'sqlite3'
|
|
5
|
-
require 'active_record'
|
|
6
|
-
|
|
7
|
-
# establish connection
|
|
8
|
-
ActiveRecord::Base.establish_connection(
|
|
9
|
-
:adapter => "sqlite3",
|
|
10
|
-
:database => ":memory:",
|
|
11
|
-
:verbosity => "quiet"
|
|
12
|
-
)
|
|
13
|
-
|
|
14
|
-
require 'action_mailer'
|
|
15
|
-
ActionMailer::Base.delivery_method = :test
|
|
16
|
-
require File.join(File.dirname(__FILE__),'sorcery_mailer')
|
|
17
|
-
|
|
18
|
-
# models
|
|
19
|
-
require File.join(File.dirname(__FILE__),'user')
|
|
20
|
-
require 'sorcery'
|
|
21
|
-
|
|
22
|
-
APP_ROOT = File.dirname(__FILE__)
|
|
23
|
-
|
|
24
|
-
require File.join(File.dirname(__FILE__),'filters')
|
|
25
|
-
|
|
26
|
-
get '/' do
|
|
27
|
-
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
get '/test_login' do
|
|
31
|
-
@user = login(params[:username],params[:password])
|
|
32
|
-
@current_user = current_user
|
|
33
|
-
@logged_in = logged_in?
|
|
34
|
-
erb :test_login
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
get '/test_logout' do
|
|
38
|
-
session[:user_id] = User.first.id
|
|
39
|
-
logout
|
|
40
|
-
@current_user = current_user
|
|
41
|
-
@logged_in = logged_in?
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
get '/test_current_user' do
|
|
45
|
-
session[:user_id] = params[:id]
|
|
46
|
-
current_user
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
get '/some_action' do
|
|
50
|
-
erb ''
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
post '/test_return_to' do
|
|
54
|
-
session[:return_to_url] = params[:return_to_url] if params[:return_to_url]
|
|
55
|
-
@user = login(params[:username], params[:password])
|
|
56
|
-
redirect_back_or_to(:some_action)
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
get '/test_should_be_logged_in' do
|
|
60
|
-
erb ''
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
def test_not_authenticated_action
|
|
64
|
-
halt "test_not_authenticated_action"
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
def not_authenticated2
|
|
68
|
-
@session = session
|
|
69
|
-
save_instance_vars
|
|
70
|
-
redirect '/'
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
# remember me
|
|
74
|
-
|
|
75
|
-
post '/test_login_with_remember' do
|
|
76
|
-
@user = login(params[:username], params[:password])
|
|
77
|
-
remember_me!
|
|
78
|
-
erb ''
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
post '/test_login_with_remember_in_login' do
|
|
82
|
-
@user = login(params[:username], params[:password], params[:remember])
|
|
83
|
-
erb ''
|
|
84
|
-
end
|
|
85
|
-
|
|
86
|
-
get '/test_login_from_cookie' do
|
|
87
|
-
@user = current_user
|
|
88
|
-
erb ''
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
# http_basic
|
|
92
|
-
|
|
93
|
-
get '/test_http_basic_auth' do
|
|
94
|
-
erb "HTTP Basic Auth"
|
|
95
|
-
end
|
|
96
|
-
|
|
97
|
-
# oauth
|
|
98
|
-
|
|
99
|
-
get '/login_at_test' do
|
|
100
|
-
login_at(:twitter)
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
get '/test_login_from' do
|
|
104
|
-
if @user = login_from(:twitter)
|
|
105
|
-
erb "Success!"
|
|
106
|
-
else
|
|
107
|
-
erb "Failed!"
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
# oauth2
|
|
112
|
-
|
|
113
|
-
get '/login_at_test2' do
|
|
114
|
-
login_at(:facebook)
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
get '/test_login_from2' do
|
|
118
|
-
if @user = login_from(:facebook)
|
|
119
|
-
erb "Success!"
|
|
120
|
-
else
|
|
121
|
-
erb "Failed!"
|
|
122
|
-
end
|
|
123
|
-
end
|
|
124
|
-
|
|
125
|
-
get '/test_create_from_provider' do
|
|
126
|
-
provider = params[:provider]
|
|
127
|
-
login_from(provider)
|
|
128
|
-
if @user = create_from(provider)
|
|
129
|
-
erb "Success!"
|
|
130
|
-
else
|
|
131
|
-
erb "Failed!"
|
|
132
|
-
end
|
|
133
|
-
end
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
class SorceryMailer < ActionMailer::Base
|
|
2
|
-
|
|
3
|
-
default :from => "notifications@example.com"
|
|
4
|
-
|
|
5
|
-
def activation_needed_email(user)
|
|
6
|
-
@user = user
|
|
7
|
-
@url = "http://example.com/login"
|
|
8
|
-
mail(:to => user.email,
|
|
9
|
-
:subject => "Welcome to My Awesome Site")
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def activation_success_email(user)
|
|
13
|
-
@user = user
|
|
14
|
-
@url = "http://example.com/login"
|
|
15
|
-
mail(:to => user.email,
|
|
16
|
-
:subject => "Your account is now activated")
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def reset_password_email(user)
|
|
20
|
-
@user = user
|
|
21
|
-
@url = "http://example.com/login"
|
|
22
|
-
mail(:to => user.email,
|
|
23
|
-
:subject => "Your password has been reset")
|
|
24
|
-
end
|
|
25
|
-
end
|
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
-
|
|
3
|
-
describe Modular do
|
|
4
|
-
before(:all) do
|
|
5
|
-
ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/activity_logging")
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
after(:all) do
|
|
9
|
-
ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/activity_logging")
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
# ----------------- ACTIVITY LOGGING -----------------------
|
|
13
|
-
describe Modular, "with activity logging features" do
|
|
14
|
-
before(:all) do
|
|
15
|
-
sorcery_reload!([:activity_logging])
|
|
16
|
-
clear_cookies
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
before(:each) do
|
|
20
|
-
create_new_user
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
after(:each) do
|
|
24
|
-
User.delete_all
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
it "should respond to 'current_users'" do
|
|
28
|
-
get_sinatra_app(subject).should respond_to(:current_users)
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
it "'current_users' should be empty when no users are logged in" do
|
|
32
|
-
get_sinatra_app(subject).current_users.size.should == 0
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
it "should log login time on login" do
|
|
36
|
-
now = Time.now.utc
|
|
37
|
-
get "/test_login", :username => 'gizmo', :password => 'secret'
|
|
38
|
-
User.first.last_login_at.should_not be_nil
|
|
39
|
-
User.first.last_login_at.to_s(:db).should >= now.to_s(:db)
|
|
40
|
-
User.first.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
it "should log logout time on logout" do
|
|
44
|
-
get "/test_login", :username => 'gizmo', :password => 'secret'
|
|
45
|
-
now = Time.now.utc
|
|
46
|
-
get "/test_logout"
|
|
47
|
-
User.first.last_logout_at.should_not be_nil
|
|
48
|
-
User.first.last_logout_at.to_s(:db).should >= now.to_s(:db)
|
|
49
|
-
User.first.last_logout_at.to_s(:db).should <= (now+2).to_s(:db)
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
it "should log last activity time when logged in" do
|
|
53
|
-
get "/test_login", :username => 'gizmo', :password => 'secret'
|
|
54
|
-
now = Time.now.utc
|
|
55
|
-
get "/some_action"
|
|
56
|
-
User.first.last_activity_at.to_s.should >= now.to_s(:db)
|
|
57
|
-
User.first.last_activity_at.to_s.should <= (now+2).to_s(:db)
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
it "'current_users' should hold the user object when 1 user is logged in" do
|
|
61
|
-
get "/test_login", :username => 'gizmo', :password => 'secret'
|
|
62
|
-
get "/some_action"
|
|
63
|
-
get_sinatra_app(subject).current_users.size.should == 1
|
|
64
|
-
get_sinatra_app(subject).current_users[0].should == @user
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
it "'current_users' should show all current_users, whether they have logged out before or not." do
|
|
68
|
-
user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
|
|
69
|
-
get "/test_login", :username => 'gizmo1', :password => 'secret1'
|
|
70
|
-
get "/some_action"
|
|
71
|
-
clear_user_without_logout
|
|
72
|
-
user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
|
|
73
|
-
get "/test_login", :username => 'gizmo2', :password => 'secret2'
|
|
74
|
-
get "/some_action"
|
|
75
|
-
clear_user_without_logout
|
|
76
|
-
user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
|
|
77
|
-
get "/test_login", :username => 'gizmo3', :password => 'secret3'
|
|
78
|
-
get "/some_action"
|
|
79
|
-
get_sinatra_app(subject).current_users.size.should == 3
|
|
80
|
-
get_sinatra_app(subject).current_users[0].should == user1
|
|
81
|
-
get_sinatra_app(subject).current_users[1].should == user2
|
|
82
|
-
get_sinatra_app(subject).current_users[2].should == user3
|
|
83
|
-
end
|
|
84
|
-
end
|
|
85
|
-
end
|
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
-
|
|
3
|
-
describe Modular do
|
|
4
|
-
before(:all) do
|
|
5
|
-
ActiveRecord::Migrator.migrate("#{APP_ROOT}/db/migrate/brute_force_protection")
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
after(:all) do
|
|
9
|
-
ActiveRecord::Migrator.rollback("#{APP_ROOT}/db/migrate/brute_force_protection")
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
# ----------------- SESSION TIMEOUT -----------------------
|
|
13
|
-
describe Modular, "with brute force protection features" do
|
|
14
|
-
before(:all) do
|
|
15
|
-
sorcery_reload!([:brute_force_protection])
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
before(:each) do
|
|
19
|
-
create_new_user
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
after(:each) do
|
|
23
|
-
Sorcery::Controller::Config.reset!
|
|
24
|
-
sorcery_controller_property_set(:user_class, User)
|
|
25
|
-
User.delete_all
|
|
26
|
-
Timecop.return
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it "should count login retries" do
|
|
30
|
-
3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
|
|
31
|
-
User.find_by_username('gizmo').failed_logins_count.should == 3
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
it "should reset the counter on a good login" do
|
|
35
|
-
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
|
|
36
|
-
3.times {get "/test_login", :username => 'gizmo', :password => 'blabla'}
|
|
37
|
-
get "/test_login", :username => 'gizmo', :password => 'secret'
|
|
38
|
-
User.find_by_username('gizmo').failed_logins_count.should == 0
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
it "should lock user when number of retries reached the limit" do
|
|
42
|
-
User.find_by_username('gizmo').lock_expires_at.should be_nil
|
|
43
|
-
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
|
|
44
|
-
get "/test_login", :username => 'gizmo', :password => 'blabla'
|
|
45
|
-
User.find_by_username('gizmo').lock_expires_at.should_not be_nil
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
it "should unlock after lock time period passes" do
|
|
49
|
-
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
|
|
50
|
-
sorcery_model_property_set(:login_lock_time_period, 0.2)
|
|
51
|
-
get "/test_login", :username => 'gizmo', :password => 'blabla'
|
|
52
|
-
get "/test_login", :username => 'gizmo', :password => 'blabla'
|
|
53
|
-
User.find_by_username('gizmo').lock_expires_at.should_not be_nil
|
|
54
|
-
Timecop.travel(Time.now+0.3)
|
|
55
|
-
get "/test_login", :username => 'gizmo', :password => 'blabla'
|
|
56
|
-
User.find_by_username('gizmo').lock_expires_at.should be_nil
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
it "should not unlock if time period is 0 (permanent lock)" do
|
|
60
|
-
sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
|
|
61
|
-
sorcery_model_property_set(:login_lock_time_period, 0)
|
|
62
|
-
get "/test_login", :username => 'gizmo', :password => 'blabla'
|
|
63
|
-
get "/test_login", :username => 'gizmo', :password => 'blabla'
|
|
64
|
-
unlock_date = User.find_by_username('gizmo').lock_expires_at
|
|
65
|
-
Timecop.travel(Time.now+1)
|
|
66
|
-
get "/test_login", :username => 'gizmo', :password => 'blabla'
|
|
67
|
-
User.find_by_username('gizmo').lock_expires_at.to_s.should == unlock_date.to_s
|
|
68
|
-
end
|
|
69
|
-
end
|
|
70
|
-
end
|
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
-
require 'base64'
|
|
3
|
-
|
|
4
|
-
describe Modular do
|
|
5
|
-
|
|
6
|
-
# ----------------- HTTP BASIC AUTH -----------------------
|
|
7
|
-
describe Modular, "with http basic auth features" do
|
|
8
|
-
before(:all) do
|
|
9
|
-
sorcery_reload!([:http_basic_auth])
|
|
10
|
-
create_new_user
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
after(:each) do
|
|
14
|
-
get "/test_logout"
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
it "requests basic authentication when before_filter is used" do
|
|
18
|
-
session[:http_authentication_used] = nil
|
|
19
|
-
get "/test_http_basic_auth"
|
|
20
|
-
last_response.status.should == 401
|
|
21
|
-
session[:http_authentication_used].should == true
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
it "authenticates from http basic if credentials are sent" do
|
|
25
|
-
session[:http_authentication_used] = true
|
|
26
|
-
get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
|
|
27
|
-
last_response.should be_ok
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
it "fails authentication if credentials are wrong" do
|
|
31
|
-
session[:http_authentication_used] = true
|
|
32
|
-
get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:wrong!")}
|
|
33
|
-
last_response.should redirect_to 'http://example.org/'
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
it "should allow configuration option 'controller_to_realm_map'" do
|
|
37
|
-
sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
|
|
38
|
-
Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
it "should display the correct realm name configured for the controller" do
|
|
42
|
-
sorcery_controller_property_set(:controller_to_realm_map, {"application" => "Salad"})
|
|
43
|
-
get "/test_http_basic_auth"
|
|
44
|
-
last_response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
it "should sign in the user's session on successful login" do
|
|
48
|
-
session[:http_authentication_used] = true
|
|
49
|
-
get "/test_http_basic_auth", {}, {"HTTP_AUTHORIZATION" => "Basic " + Base64::encode64("#{@user.username}:secret")}
|
|
50
|
-
session[:user_id].should == User.find_by_username(@user.username).id
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
end
|