sorcery 0.7.12 → 0.7.13

data/Gemfile

@@ -3,12 +3,13 @@ source :rubygems
 # Example:
 #   gem "activesupport", ">= 2.3.5"
 gem 'oauth', "~> 0.4.4"
-gem 'oauth2', "~> 0.5.1"
+gem 'oauth2', "~> 0.6.0"
 gem 'bcrypt-ruby', "~> 3.0.0"
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
+  gem 'abstract', '>= 1.0.0'
   gem "rails", ">= 3.0.0"
   gem 'json', ">= 1.5.1"
   gem "rspec", "~> 2.5.0"
@@ -20,7 +21,7 @@ group :development do
   gem "jeweler", "~> 1.8.3"
   gem 'simplecov', '>= 0.3.8', :require => false # Will install simplecov-html as a dependency
   gem 'timecop'
-	gem 'capybara'
-	gem 'mongo_mapper'
-	gem 'mongoid', "~> 2.4.4"
+  gem 'capybara'
+  gem 'mongo_mapper'
+  gem 'mongoid', "~> 2.4.4"
 end

data/Gemfile.lock

@@ -1,6 +1,7 @@
 GEM
   remote: http://rubygems.org/
   specs:
+    abstract (1.0.0)
     actionmailer (3.2.2)
       actionpack (= 3.2.2)
       mail (~> 2.4.0)
@@ -28,7 +29,6 @@ GEM
     activesupport (3.2.2)
       i18n (~> 0.6)
       multi_json (~> 1.0)
-    addressable (2.2.7)
     archive-tar-minitar (0.5.2)
     arel (3.0.2)
     bcrypt-ruby (3.0.1)
@@ -46,13 +46,12 @@ GEM
     columnize (0.3.6)
     diff-lcs (1.1.3)
     erubis (2.7.0)
-    faraday (0.7.6)
-      addressable (~> 2.2)
+    faraday (0.8.1)
       multipart-post (~> 1.1)
-      rack (~> 1.1)
     ffi (1.0.11)
     git (1.2.5)
     hike (1.2.1)
+    httpauth (0.1)
     i18n (0.6.0)
     jeweler (1.8.3)
       bundler (~> 1.0)
@@ -82,9 +81,10 @@ GEM
     multipart-post (1.1.5)
     nokogiri (1.5.2)
     oauth (0.4.5)
-    oauth2 (0.5.2)
+    oauth2 (0.6.1)
       faraday (~> 0.7)
-      multi_json (~> 1.0)
+      httpauth (~> 0.1)
+      multi_json (~> 1.3)
     plucky (0.4.4)
       mongo (~> 1.5)
     polyglot (0.3.3)
@@ -168,6 +168,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  abstract (>= 1.0.0)
   bcrypt-ruby (~> 3.0.0)
   bundler (>= 1.1.0)
   capybara
@@ -176,7 +177,7 @@ DEPENDENCIES
   mongo_mapper
   mongoid (~> 2.4.4)
   oauth (~> 0.4.4)
-  oauth2 (~> 0.5.1)
+  oauth2 (~> 0.6.0)
   rails (>= 3.0.0)
   rspec (~> 2.5.0)
   rspec-rails (~> 2.5.0)

data/README.rdoc

@@ -29,7 +29,7 @@ Railscast: http://railscasts.com/episodes/283-authentication-with-sorcery
 
 Example Rails 3 app using sorcery: https://github.com/NoamB/sorcery-example-app
 
-Documentation: http://rubydoc.info/gems/sorcery/0.7.12/frames
+Documentation: http://rubydoc.info/gems/sorcery/0.7.13/frames
 
 Check out the tutorials in the github wiki!
 
@@ -138,6 +138,10 @@ the `config/initializers/sorcery.rb` file. After that all emails will be sent as
   end
 
 
+== Single Table Inheritance (STI) Support
+STI is supported via a single setting in config/initializers/sorcery.rb.
+
+
 == Full Features List by module:
 
 

data/VERSION

@@ -1 +1 @@
-0.7.12
+0.7.13

data/lib/generators/sorcery/templates/initializer.rb

@@ -218,14 +218,14 @@ Rails.application.config.sorcery.configure do |config|
     # Default: `nil`
     #
     # user.user_activation_mailer =
-    
-    
+
+
     # when true sorcery will not automatically
     # email activation details and allow you to
     # manually handle how and when email is sent.
     # Default: `false`
     #
-    # user.activation_mailer_disabled = 
+    # user.activation_mailer_disabled =
 
 
     # activation needed email method on your mailer class.
@@ -282,17 +282,9 @@ Rails.application.config.sorcery.configure do |config|
     # manually handle how and when email is sent
     # Default: `false`
     #
-    # user.reset_password_mailer_disabled =                                      
+    # user.reset_password_mailer_disabled =
 
-                                                                          
-    # reset password email                                                                                   
-    # method on your mailer
-    # class.
-    # Default: `:reset_password_email`
-    #
-    # user.reset_password_email_method_name =                            
 
-                                                                                         
     # how many seconds before the reset request expires. nil for never expires.
     # Default: `nil`
     #
@@ -347,7 +339,7 @@ Rails.application.config.sorcery.configure do |config|
 
     # Unlock token mailer class
     # Default: `nil`
-    # 
+    #
     # user.unlock_token_mailer = UserMailer
 
     # -- activity logging --

data/lib/sorcery/controller.rb

@@ -21,7 +21,7 @@ module Sorcery
       # If all attempts to auto-login fail, the failure callback will be called.
       def require_login
         if !logged_in?
-          session[:return_to_url] = request.url if Config.save_return_to_url
+          session[:return_to_url] = request.url if Config.save_return_to_url && request.get?
           self.send(Config.not_authenticated_action)
         end
       end
@@ -110,10 +110,13 @@ module Sorcery
       end
 
       def login_from_session
-        @current_user = (user_class.find_by_id(session[:user_id]) if session[:user_id]) || false
+        @current_user = (user_class.find(session[:user_id]) if session[:user_id]) || false
+      rescue => exception
+        return false if defined?(Mongoid) and exception.is_a?(Mongoid::Errors::DocumentNotFound)
+        raise exception
       end
 
-      def after_login!(user, credentials)
+      def after_login!(user, credentials = [])
         Config.after_login.each {|c| self.send(c, user, credentials)}
       end
 

data/lib/sorcery/controller/submodules/brute_force_protection.rb

@@ -29,8 +29,7 @@ module Sorcery
           # Resets the failed logins counter.
           # Runs as a hook after a successful login.
           def reset_failed_logins_count!(user, credentials)
-            user.send(:"#{user_class.sorcery_config.failed_logins_count_attribute_name}=", 0)
-            user.save!(:validate => false)
+            user.update_many_attributes(user_class.sorcery_config.failed_logins_count_attribute_name => 0)
           end
         end
       end

data/lib/sorcery/controller/submodules/external.rb

@@ -10,12 +10,12 @@ module Sorcery
             class << self
               attr_reader :external_providers                           # external providers like twitter.
               attr_accessor :ca_file                                    # path to ca_file. By default use a internal ca-bundle.crt.
-                                          
+
               def merge_external_defaults!
                 @defaults.merge!(:@external_providers => [],
                                  :@ca_file => File.join(File.expand_path(File.dirname(__FILE__)), 'external/protocols/certs/ca-bundle.crt'))
               end
-              
+
               def external_providers=(providers)
                 providers.each do |provider|
                   include Providers.const_get(provider.to_s.split("_").map {|p| p.capitalize}.join(""))
@@ -28,18 +28,26 @@ module Sorcery
 
         module InstanceMethods
           protected
-          
+
           # sends user to authenticate at the provider's website.
           # after authentication the user is redirected to the callback defined in the provider config
           def login_at(provider, args = {})
             @provider = Config.send(provider)
+            if @provider.callback_url.present? && @provider.callback_url[0] == '/'
+              uri = URI.parse(request.url.gsub(/\?.*$/,''))
+              uri.path = ''
+              uri.query = nil
+              uri.scheme = 'https' if(request.env['HTTP_X_FORWARDED_PROTO'] == 'https')
+              host = uri.to_s
+              @provider.callback_url = "#{host}#{@provider.callback_url}"
+            end
             if @provider.has_callback?
               redirect_to @provider.login_url(params,session)
             else
               #@provider.login(args)
             end
           end
-          
+
           # tries to login the user from provider's callback
           def login_from(provider)
             @provider = Config.send(provider)
@@ -50,6 +58,7 @@ module Sorcery
               reset_session
               session[:return_to_url] = return_to_url
               auto_login(user)
+              after_login!(user)
               user
             end
           end
@@ -59,7 +68,48 @@ module Sorcery
             @provider = Config.send(provider)
             @provider.access_token
           end
-          
+
+          # If user is logged, he can add all available providers into his account
+          def add_provider_to_user(provider)
+            provider_name = provider.to_sym
+            @provider = Config.send(provider_name)
+            @provider.process_callback(params,session)
+            @user_hash = @provider.get_user_hash
+            config = user_class.sorcery_config
+
+            # first check to see if user has a particular authentication already
+            unless (current_user.send(config.authentications_class.to_s.downcase.pluralize).send("find_by_#{config.provider_attribute_name}_and_#{config.provider_uid_attribute_name}", provider, @user_hash[:uid]))
+              user = current_user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name.to_s)
+              user.save(:validate => false)
+            else
+              user = false
+            end
+
+            return user
+          end
+
+          # Initialize new user from provider informations.
+          # If a provider doesn't give required informations or username/email is already taken,
+          # we store provider/user infos into a session and can be rendered into registration form
+          def create_and_validate_from(provider)
+            provider = provider.to_sym
+            @provider = Config.send(provider)
+            @user_hash = @provider.get_user_hash
+            config = user_class.sorcery_config
+
+            attrs = user_attrs(@provider.user_info_mapping, @user_hash)
+
+            user = user_class.new(attrs)
+            user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider)
+
+            session[:incomplete_user] = {
+              :provider => {config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider},
+              :user_hash => attrs
+            } unless user.save
+
+            return user
+          end
+
           # this method automatically creates a new user from the data in the external user hash.
           # The mappings from user hash fields to user db fields are set at controller config.
           # If the hash field you would like to map is nested, use slashes. For example, Given a hash like:
@@ -72,30 +122,46 @@ module Sorcery
           #
           # And this will cause 'moishe' to be set as the value of :username field.
           # Note: Be careful. This method skips validations model.
+          # Instead you can pass a block, if the block returns false the user will not be created
+          #
+          #   create_from(provider) {|user| user.some_check }
+          #
           def create_from(provider)
             provider = provider.to_sym
             @provider = Config.send(provider)
             @user_hash = @provider.get_user_hash
             config = user_class.sorcery_config
-            attrs = {}
-            @provider.user_info_mapping.each do |k,v|
-              if (varr = v.split("/")).size > 1
-                attribute_value = varr.inject(@user_hash[:user_info]) {|hsh,v| hsh[v] } rescue nil
-                attribute_value.nil? ? attrs : attrs.merge!(k => attribute_value)
-              else
-                attrs.merge!(k => @user_hash[:user_info][v])
-              end
-            end
+
+            attrs = user_attrs(@provider.user_info_mapping, @user_hash)
+
             user_class.transaction do
               @user = user_class.new()
               attrs.each do |k,v|
                 @user.send(:"#{k}=", v)
               end
+
+              if block_given?
+                return false unless yield @user
+              end
+
               @user.save(:validate => false)
               user_class.sorcery_config.authentications_class.create!({config.authentications_user_id_attribute_name => @user.id, config.provider_attribute_name => provider, config.provider_uid_attribute_name => @user_hash[:uid]})
             end
             @user
           end
+
+          def user_attrs(user_info_mapping, user_hash)
+            attrs = {}
+            user_info_mapping.each do |k,v|
+              if (varr = v.split("/")).size > 1
+                attribute_value = varr.inject(user_hash[:user_info]) {|hash, value| hash[value]} rescue nil
+                attribute_value.nil? ? attrs : attrs.merge!(k => attribute_value)
+              else
+                attrs.merge!(k => user_hash[:user_info][v])
+              end
+            end
+            return attrs
+          end
         end
       end
     end

data/lib/sorcery/crypto_providers/bcrypt.rb

@@ -48,6 +48,7 @@ module Sorcery
           @cost ||= 10
         end
         attr_writer :cost
+        alias :stretches :cost
         alias :stretches= :cost=
         
         # Creates a BCrypt hash for the password passed.

data/lib/sorcery/model/adapters/active_record.rb

@@ -8,11 +8,16 @@ module Sorcery
         end
 
         module InstanceMethods
-          def update_single_attribute(name, value)
-            self.send(:"#{name}=", value)
-            
+          def update_many_attributes(attrs)
+            attrs.each do |name, value|
+              self.send(:"#{name}=", value)
+            end
             primary_key = self.class.primary_key
-            self.class.where(:"#{primary_key}" => self.send(:"#{primary_key}")).update_all(name => value)
+            self.class.where(:"#{primary_key}" => self.send(:"#{primary_key}")).update_all(attrs)
+          end
+
+          def update_single_attribute(name, value)
+            update_many_attributes(name => value)
           end
         end
         

data/lib/sorcery/model/adapters/mongo_mapper.rb

@@ -3,19 +3,21 @@ module Sorcery
     module Adapters
       module MongoMapper
         extend ActiveSupport::Concern
-        
+
         included do
           include Sorcery::Model
         end
-        
-        module InstanceMethods
-          def increment(attr)
-            self.class.increment(id, attr => 1)
-          end
-          
-          def save!(options = {})
-            save(options)
-          end
+
+        def increment(attr)
+          self.class.increment(id, attr => 1)
+        end
+
+        def save!(options = {})
+          save(options)
+        end
+
+        def update_many_attributes(attrs)
+          update_attributes(attrs)
         end
 
         module ClassMethods
@@ -31,19 +33,19 @@ module Sorcery
             end
             @user
           end
-          
+
           def find_by_id(id)
             find(id)
           end
-          
+
           def find_by_activation_token(token)
             where(sorcery_config.activation_token_attribute_name => token).first
           end
-          
+
           def transaction(&blk)
             tap(&blk)
           end
-          
+
           def find_by_sorcery_token(token_attr_name, token)
             where(token_attr_name => token).first
           end

data/lib/sorcery/model/adapters/mongoid.rb

@@ -11,11 +11,17 @@ module Sorcery
           def increment(attr)
             self.inc(attr,1)
           end
-          
+
+          def update_many_attributes(attrs)
+            attrs.each do |name, value|
+              attrs[name] = value.utc if value.is_a?(ActiveSupport::TimeWithZone)
+              self.send(:"#{name}=", value)
+            end
+            self.class.where(:_id => self.id).update_all(attrs)
+          end
+
           def update_single_attribute(name, value)
-            value = value.utc if value.is_a?(ActiveSupport::TimeWithZone)
-            self.send(:"#{name}=", value)
-            self.class.where(:_id => self.id).update_all(name => value)
+            update_many_attributes(name => value)
           end
         end