sorcery 0.7.12 → 0.7.13

data/lib/sorcery/model/submodules/brute_force_protection.rb

@@ -72,7 +72,7 @@ module Sorcery
             config = sorcery_config
             return if !unlocked?
             self.increment(config.failed_logins_count_attribute_name)
-            self.save!(:validate => false)
+            self.update_many_attributes(config.failed_logins_count_attribute_name => self.send(config.failed_logins_count_attribute_name))
             self.lock! if self.send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_limit
           end
           
@@ -81,23 +81,23 @@ module Sorcery
           # /!\
           def unlock!
             config = sorcery_config
-            self.send(:"#{config.lock_expires_at_attribute_name}=", nil)
-            self.send(:"#{config.failed_logins_count_attribute_name}=", 0)
-            self.send(:"#{config.unlock_token_attribute_name}=", nil) unless config.unlock_token_mailer_disabled or config.unlock_token_mailer.nil?
-            self.save!(:validate => false)
+            attributes = {config.lock_expires_at_attribute_name => nil,
+                          config.failed_logins_count_attribute_name => 0}
+            attributes[config.unlock_token_attribute_name] = nil unless config.unlock_token_mailer_disabled or config.unlock_token_mailer.nil?
+            self.update_many_attributes(attributes)
           end
 
           protected
 
           def lock!
             config = sorcery_config
-            self.send(:"#{config.lock_expires_at_attribute_name}=", Time.now.in_time_zone + config.login_lock_time_period)
+            attributes = {config.lock_expires_at_attribute_name => Time.now.in_time_zone + config.login_lock_time_period}
 
             unless config.unlock_token_mailer_disabled || config.unlock_token_mailer.nil?
-              self.send(:"#{config.unlock_token_attribute_name}=", TemporaryToken.generate_random_token) 
+              attributes[config.unlock_token_attribute_name] = TemporaryToken.generate_random_token
               send_unlock_token_email!
             end
-            self.save!(:validate => false)
+            self.update_many_attributes(attributes)
           end
           
           def unlocked?

data/lib/sorcery/model/submodules/remember_me.rb

@@ -49,17 +49,15 @@ module Sorcery
           # You shouldn't really use this one yourself - it's called by the controller's 'remember_me!' method.
           def remember_me!
             config = sorcery_config
-            self.send(:"#{config.remember_me_token_attribute_name}=", TemporaryToken.generate_random_token)
-            self.send(:"#{config.remember_me_token_expires_at_attribute_name}=", Time.now.in_time_zone + config.remember_me_for)
-            self.save!(:validate => false)
+            self.update_many_attributes(config.remember_me_token_attribute_name => TemporaryToken.generate_random_token,
+                                        config.remember_me_token_expires_at_attribute_name => Time.now.in_time_zone + config.remember_me_for)
           end
           
           # You shouldn't really use this one yourself - it's called by the controller's 'forget_me!' method.
           def forget_me!
             config = sorcery_config
-            self.send(:"#{config.remember_me_token_attribute_name}=", nil)
-            self.send(:"#{config.remember_me_token_expires_at_attribute_name}=", nil)
-            self.save!(:validate => false)
+            self.update_many_attributes(config.remember_me_token_attribute_name => nil,
+                                        config.remember_me_token_expires_at_attribute_name => nil)
           end
         end
       end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -96,11 +96,11 @@ module Sorcery
             config = sorcery_config
             # hammering protection
             return false if config.reset_password_time_between_emails && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.ago.utc
-            self.send(:"#{config.reset_password_token_attribute_name}=", TemporaryToken.generate_random_token)
-            self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", Time.now.in_time_zone + config.reset_password_expiration_period) if config.reset_password_expiration_period
-            self.send(:"#{config.reset_password_email_sent_at_attribute_name}=", Time.now.in_time_zone)
+            attributes = {config.reset_password_token_attribute_name => TemporaryToken.generate_random_token,
+                          config.reset_password_email_sent_at_attribute_name => Time.now.in_time_zone}
+            attributes[config.reset_password_token_expires_at_attribute_name] = Time.now.in_time_zone + config.reset_password_expiration_period if config.reset_password_expiration_period
             self.class.transaction do
-              self.save!(:validate => false)
+              self.update_many_attributes(attributes)
               generic_send_email(:reset_password_email_method_name, :reset_password_mailer) unless config.reset_password_mailer_disabled
             end
           end

data/lib/sorcery/railties/tasks.rake

@@ -3,6 +3,8 @@ require 'fileutils'
 namespace :sorcery do
   desc "Adds sorcery's initializer file"
   task :bootstrap do
+    warn "This task is obsolete.\nUse \"rails g sorcery:install\" now.\nSee README for more information."
+
     src = File.join(File.dirname(__FILE__), '..', 'initializers', 'initializer.rb')
     target = File.join(Rails.root, "config", "initializers", "sorcery.rb")
     FileUtils.cp(src, target)

data/sorcery.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "sorcery"
-  s.version = "0.7.12"
+  s.version = "0.7.13"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Noam Ben Ari"]
-  s.date = "2012-05-06"
+  s.date = "2012-07-22"
   s.description = "Provides common authentication needs such as signing in/out, activating by email and resetting password."
   s.email = "nbenari@gmail.com"
   s.extra_rdoc_files = [
@@ -302,7 +302,7 @@ Gem::Specification.new do |s|
   s.homepage = "http://github.com/NoamB/sorcery"
   s.licenses = ["MIT"]
   s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.10"
+  s.rubygems_version = "1.8.21"
   s.summary = "Magical authentication for Rails 3 applications"
 
   if s.respond_to? :specification_version then
@@ -310,8 +310,9 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<oauth>, ["~> 0.4.4"])
-      s.add_runtime_dependency(%q<oauth2>, ["~> 0.5.1"])
+      s.add_runtime_dependency(%q<oauth2>, ["~> 0.6.0"])
       s.add_runtime_dependency(%q<bcrypt-ruby>, ["~> 3.0.0"])
+      s.add_development_dependency(%q<abstract>, [">= 1.0.0"])
       s.add_development_dependency(%q<rails>, [">= 3.0.0"])
       s.add_development_dependency(%q<json>, [">= 1.5.1"])
       s.add_development_dependency(%q<rspec>, ["~> 2.5.0"])
@@ -328,8 +329,9 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<mongoid>, ["~> 2.4.4"])
     else
       s.add_dependency(%q<oauth>, ["~> 0.4.4"])
-      s.add_dependency(%q<oauth2>, ["~> 0.5.1"])
+      s.add_dependency(%q<oauth2>, ["~> 0.6.0"])
       s.add_dependency(%q<bcrypt-ruby>, ["~> 3.0.0"])
+      s.add_dependency(%q<abstract>, [">= 1.0.0"])
       s.add_dependency(%q<rails>, [">= 3.0.0"])
       s.add_dependency(%q<json>, [">= 1.5.1"])
       s.add_dependency(%q<rspec>, ["~> 2.5.0"])
@@ -347,8 +349,9 @@ Gem::Specification.new do |s|
     end
   else
     s.add_dependency(%q<oauth>, ["~> 0.4.4"])
-    s.add_dependency(%q<oauth2>, ["~> 0.5.1"])
+    s.add_dependency(%q<oauth2>, ["~> 0.6.0"])
     s.add_dependency(%q<bcrypt-ruby>, ["~> 3.0.0"])
+    s.add_dependency(%q<abstract>, [">= 1.0.0"])
     s.add_dependency(%q<rails>, [">= 3.0.0"])
     s.add_dependency(%q<json>, [">= 1.5.1"])
     s.add_dependency(%q<rspec>, ["~> 2.5.0"])

data/spec/Gemfile

@@ -4,7 +4,7 @@ gem "rails", '3.0.3'
 gem 'bcrypt-ruby', :require => 'bcrypt'
 gem "sorcery", '>= 0.1.0', :path => '../'
 gem 'oauth', "~> 0.4.4"
-gem 'oauth2', "~> 0.5.1"
+gem 'oauth2', "~> 0.6.0"
 group :development do
   gem "rspec", "~> 2.5.0"
   gem 'ruby-debug19'

data/spec/Gemfile.lock

@@ -1,12 +1,10 @@
 PATH
   remote: ../
   specs:
-    sorcery (0.7.10)
+    sorcery (0.7.13)
       bcrypt-ruby (~> 3.0.0)
-      bundler (>= 1.1.0)
       oauth (~> 0.4.4)
-      oauth2 (~> 0.5.1)
-      sorcery
+      oauth2 (~> 0.6.0)
 
 GEM
   remote: http://rubygems.org/
@@ -38,7 +36,6 @@ GEM
       activemodel (= 3.0.3)
       activesupport (= 3.0.3)
     activesupport (3.0.3)
-    addressable (2.2.7)
     archive-tar-minitar (0.5.2)
     arel (2.0.10)
     bcrypt-ruby (3.0.1)
@@ -47,10 +44,9 @@ GEM
     diff-lcs (1.1.3)
     erubis (2.6.6)
       abstract (>= 1.0.0)
-    faraday (0.7.6)
-      addressable (~> 2.2)
+    faraday (0.8.1)
       multipart-post (~> 1.1)
-      rack (~> 1.1)
+    httpauth (0.1)
     i18n (0.6.0)
     linecache19 (0.5.12)
       ruby_core_source (>= 0.1.4)
@@ -63,8 +59,9 @@ GEM
     multi_json (1.1.0)
     multipart-post (1.1.5)
     oauth (0.4.5)
-    oauth2 (0.5.2)
+    oauth2 (0.6.0)
       faraday (~> 0.7)
+      httpauth (~> 0.1)
       multi_json (~> 1.0)
     polyglot (0.3.3)
     rack (1.2.5)
@@ -120,7 +117,7 @@ PLATFORMS
 DEPENDENCIES
   bcrypt-ruby
   oauth (~> 0.4.4)
-  oauth2 (~> 0.5.1)
+  oauth2 (~> 0.6.0)
   rails (= 3.0.3)
   rspec (~> 2.5.0)
   ruby-debug19

data/spec/rails3/Gemfile.lock

@@ -1,12 +1,10 @@
 PATH
   remote: ../../
   specs:
-    sorcery (0.7.10)
+    sorcery (0.7.13)
       bcrypt-ruby (~> 3.0.0)
-      bundler (>= 1.1.0)
       oauth (~> 0.4.4)
-      oauth2 (~> 0.5.1)
-      sorcery
+      oauth2 (~> 0.6.0)
 
 GEM
   remote: http://rubygems.org/
@@ -56,11 +54,10 @@ GEM
     diff-lcs (1.1.3)
     erubis (2.6.6)
       abstract (>= 1.0.0)
-    faraday (0.7.6)
-      addressable (~> 2.2)
+    faraday (0.8.1)
       multipart-post (~> 1.1)
-      rack (~> 1.1)
     ffi (1.0.11)
+    httpauth (0.1)
     i18n (0.6.0)
     launchy (2.0.5)
       addressable (~> 2.2.6)
@@ -75,9 +72,10 @@ GEM
     multi_json (1.1.0)
     multipart-post (1.1.5)
     nokogiri (1.5.0)
-    oauth (0.4.5)
-    oauth2 (0.5.2)
+    oauth (0.4.6)
+    oauth2 (0.6.0)
       faraday (~> 0.7)
+      httpauth (~> 0.1)
       multi_json (~> 1.0)
     polyglot (0.3.3)
     rack (1.2.5)

data/spec/rails3/app/controllers/application_controller.rb

@@ -186,6 +186,20 @@ class ApplicationController < ActionController::Base
       redirect_to "blu", :alert => "Failed!"
     end
   end
+  
+  def test_create_from_provider_with_block
+    provider = params[:provider]
+    login_from(provider)
+    @user = create_from(provider) do |user|
+      # check uniqueness of username
+      User.where(:username => user.username).empty?
+    end
+    if @user 
+      redirect_to "bla", :notice => "Success!"
+    else
+      redirect_to "blu", :alert => "Failed!"
+    end
+  end
 
   protected
 

data/spec/rails3/spec/controller_activity_logging_spec.rb

@@ -7,6 +7,9 @@ describe ApplicationController do
   
   after(:all) do
     ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
+    sorcery_controller_property_set(:register_login_time, true)
+    sorcery_controller_property_set(:register_logout_time, true)
+    sorcery_controller_property_set(:register_last_activity_time, true)
   end
   
   # ----------------- ACTIVITY LOGGING -----------------------

data/spec/rails3/spec/controller_oauth2_spec.rb

@@ -26,23 +26,27 @@ def stub_all_oauth2_requests!
   auth_code.stub(:get_token).and_return(access_token)
 end
 
+def set_external_property
+  sorcery_controller_property_set(:external_providers, [:facebook, :github, :google, :liveid])
+  sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
+  sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+  sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+  sorcery_controller_external_property_set(:github, :key, "eYVNBjBDi33aa9GkA3w")
+  sorcery_controller_external_property_set(:github, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+  sorcery_controller_external_property_set(:github, :callback_url, "http://blabla.com")
+  sorcery_controller_external_property_set(:google, :key, "eYVNBjBDi33aa9GkA3w")
+  sorcery_controller_external_property_set(:google, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+  sorcery_controller_external_property_set(:google, :callback_url, "http://blabla.com")
+  sorcery_controller_external_property_set(:liveid, :key, "eYVNBjBDi33aa9GkA3w")
+  sorcery_controller_external_property_set(:liveid, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+  sorcery_controller_external_property_set(:liveid, :callback_url, "http://blabla.com")
+end
+
 describe ApplicationController do
   before(:all) do
     ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
     sorcery_reload!([:external])
-    sorcery_controller_property_set(:external_providers, [:facebook, :github, :google, :liveid])
-    sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
-    sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
-    sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
-    sorcery_controller_external_property_set(:github, :key, "eYVNBjBDi33aa9GkA3w")
-    sorcery_controller_external_property_set(:github, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
-    sorcery_controller_external_property_set(:github, :callback_url, "http://blabla.com")
-    sorcery_controller_external_property_set(:google, :key, "eYVNBjBDi33aa9GkA3w")
-    sorcery_controller_external_property_set(:google, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
-    sorcery_controller_external_property_set(:google, :callback_url, "http://blabla.com")
-    sorcery_controller_external_property_set(:liveid, :key, "eYVNBjBDi33aa9GkA3w")
-    sorcery_controller_external_property_set(:liveid, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
-    sorcery_controller_external_property_set(:liveid, :callback_url, "http://blabla.com")
+    set_external_property
   end
 
   after(:all) do
@@ -60,13 +64,30 @@ describe ApplicationController do
       Authentication.delete_all
     end
 
-    it "login_at redirects correctly" do
-      create_new_user
-      get :login_at_test2
-      response.should be_a_redirect
-      response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+    context "when callback_url begin with /" do 
+      before do
+        sorcery_controller_external_property_set(:facebook, :callback_url, "/oauth/twitter/callback")
+      end
+      it "login_at redirects correctly" do
+        create_new_user
+        get :login_at_test2
+        response.should be_a_redirect
+        response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&scope=email%2Coffline_access&display=page")
+      end
+      after do
+        sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+      end
     end
 
+    context "when callback_url begin with http://" do 
+      it "login_at redirects correctly" do
+        create_new_user
+        get :login_at_test2
+        response.should be_a_redirect
+        response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+      end
+    end
+    
     it "'login_from' logins if user exists" do
       sorcery_model_property_set(:authentications_class, Authentication)
       create_new_external_user(:facebook)
@@ -94,7 +115,7 @@ describe ApplicationController do
       create_new_user
       get :login_at_test3
       response.should be_a_redirect
-      response.should redirect_to("https://github.com/login/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.github.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=&display=")
+      response.should redirect_to("https://github.com/login/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.github.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope&display")
     end
 
     it "'login_from' logins if user exists (github)" do
@@ -124,7 +145,7 @@ describe ApplicationController do
       create_new_user
       get :login_at_test4
       response.should be_a_redirect
-      response.should redirect_to("https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=#{::Sorcery::Controller::Config.google.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&display=")
+      response.should redirect_to("https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=#{::Sorcery::Controller::Config.google.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&display")
     end
 
     it "'login_from' logins if user exists (google)" do
@@ -154,7 +175,7 @@ describe ApplicationController do
       create_new_user
       get :login_at_test5
       response.should be_a_redirect
-      response.should redirect_to("https://oauth.live.com/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.liveid.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=wl.basic%20wl.emails%20wl.offline_access&display=")
+      response.should redirect_to("https://oauth.live.com/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.liveid.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=wl.basic+wl.emails+wl.offline_access&display")
     end
 
     it "'login_from' logins if user exists (liveid)" do
@@ -273,4 +294,87 @@ describe ApplicationController do
       ActionMailer::Base.deliveries.size.should == old_size
     end
   end
+
+  describe ApplicationController, "OAuth with user activation features"  do
+    before(:all) do
+      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
+      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
+      sorcery_reload!([:activity_logging, :external])
+    end
+
+    after(:all) do
+      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
+    end
+
+    %w(facebook github google liveid).each.with_index(2) do |provider, index|
+      context "when #{provider}" do
+        before(:each) do
+          User.delete_all
+          Authentication.delete_all
+          sorcery_controller_property_set(:register_login_time, true)
+          stub_all_oauth2_requests!
+          sorcery_model_property_set(:authentications_class, Authentication)
+          create_new_external_user(provider.to_sym)
+        end
+
+        it "should register login time" do
+          now = Time.now.in_time_zone
+          get "test_login_from#{index}".to_sym
+          User.last.last_login_at.should_not be_nil
+          User.last.last_login_at.to_s(:db).should >= now.to_s(:db)
+          User.last.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
+        end
+
+        it "should not register login time if configured so" do
+          sorcery_controller_property_set(:register_login_time, false)
+          now = Time.now.in_time_zone
+          get "test_login_from#{index}".to_sym
+          User.last.last_login_at.should be_nil
+        end
+      end
+    end
+  end
+
+  describe ApplicationController, "OAuth with session timeout features" do
+    before(:all) do
+      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
+      sorcery_reload!([:session_timeout, :external])
+    end
+
+    after(:all) do
+      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+    end
+
+    %w(facebook github google liveid).each.with_index(2) do |provider, index|
+      context "when #{provider}" do
+        before(:each) do
+          User.delete_all
+          Authentication.delete_all
+          sorcery_model_property_set(:authentications_class, Authentication)
+          sorcery_controller_property_set(:session_timeout,0.5)
+          stub_all_oauth2_requests!
+          create_new_external_user(provider.to_sym)
+        end
+
+        after(:each) do
+          Timecop.return
+        end
+
+        it "should not reset session before session timeout" do
+          get "test_login_from#{index}".to_sym
+          session[:user_id].should_not be_nil
+          flash[:notice].should == "Success!"
+        end
+
+        it "should reset session after session timeout" do
+          get "test_login_from#{index}".to_sym
+          Timecop.travel(Time.now.in_time_zone+0.6)
+          get :test_should_be_logged_in
+          session[:user_id].should be_nil
+          response.should be_a_redirect
+        end
+      end
+    end
+  end
 end