sorcery 0.7.6 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. data/.travis.yml +3 -0
  2. data/Gemfile +9 -4
  3. data/Gemfile.lock +99 -58
  4. data/README.rdoc +33 -8
  5. data/Rakefile +6 -7
  6. data/VERSION +1 -1
  7. data/lib/generators/sorcery/install_generator.rb +9 -7
  8. data/lib/generators/sorcery/templates/initializer.rb +324 -127
  9. data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +2 -0
  10. data/lib/sorcery/controller/submodules/brute_force_protection.rb +1 -2
  11. data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +2 -2
  12. data/lib/sorcery/controller/submodules/external/providers/facebook.rb +16 -4
  13. data/lib/sorcery/controller/submodules/external/providers/github.rb +6 -4
  14. data/lib/sorcery/controller/submodules/external/providers/google.rb +4 -4
  15. data/lib/sorcery/controller/submodules/external/providers/linkedin.rb +101 -0
  16. data/lib/sorcery/controller/submodules/external/providers/liveid.rb +1 -1
  17. data/lib/sorcery/controller/submodules/external/providers/vkontakte.rb +94 -0
  18. data/lib/sorcery/controller/submodules/external.rb +83 -15
  19. data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -1
  20. data/lib/sorcery/controller/submodules/remember_me.rb +11 -2
  21. data/lib/sorcery/controller.rb +14 -6
  22. data/lib/sorcery/crypto_providers/bcrypt.rb +1 -0
  23. data/lib/sorcery/model/adapters/active_record.rb +9 -4
  24. data/lib/sorcery/model/adapters/mongo_mapper.rb +16 -14
  25. data/lib/sorcery/model/adapters/mongoid.rb +12 -6
  26. data/lib/sorcery/model/submodules/brute_force_protection.rb +44 -13
  27. data/lib/sorcery/model/submodules/remember_me.rb +4 -6
  28. data/lib/sorcery/model/submodules/reset_password.rb +14 -7
  29. data/lib/sorcery/model/submodules/user_activation.rb +14 -6
  30. data/lib/sorcery/model.rb +40 -39
  31. data/lib/sorcery/railties/tasks.rake +2 -0
  32. data/lib/sorcery.rb +3 -1
  33. data/sorcery.gemspec +31 -141
  34. data/spec/Gemfile +1 -1
  35. data/spec/Gemfile.lock +20 -19
  36. data/spec/README.md +8 -8
  37. data/spec/rails3/Gemfile +1 -0
  38. data/spec/rails3/Gemfile.lock +27 -24
  39. data/spec/rails3/app/controllers/application_controller.rb +54 -0
  40. data/spec/rails3/app/mailers/sorcery_mailer.rb +7 -0
  41. data/spec/rails3/app/views/sorcery_mailer/send_unlock_token_email.text.erb +1 -0
  42. data/spec/rails3/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +2 -0
  43. data/spec/rails3/spec/controller_activity_logging_spec.rb +3 -0
  44. data/spec/rails3/spec/controller_brute_force_protection_spec.rb +23 -1
  45. data/spec/rails3/spec/controller_oauth2_spec.rb +162 -24
  46. data/spec/rails3/spec/controller_oauth_spec.rb +111 -6
  47. data/spec/rails3/spec/controller_spec.rb +7 -0
  48. data/spec/rails3_mongo_mapper/Gemfile +2 -1
  49. data/spec/rails3_mongo_mapper/Gemfile.lock +37 -39
  50. data/spec/rails3_mongo_mapper/app/controllers/application_controller.rb +14 -0
  51. data/spec/rails3_mongo_mapper/spec/controller_spec.rb +7 -0
  52. data/spec/rails3_mongoid/Gemfile +1 -0
  53. data/spec/rails3_mongoid/Gemfile.lock +28 -25
  54. data/spec/rails3_mongoid/app/controllers/application_controller.rb +14 -0
  55. data/spec/rails3_mongoid/config/mongoid.yml +1 -1
  56. data/spec/rails3_mongoid/spec/controller_activity_logging_spec.rb +11 -11
  57. data/spec/rails3_mongoid/spec/controller_spec.rb +7 -0
  58. data/spec/shared_examples/controller_oauth2_shared_examples.rb +20 -1
  59. data/spec/shared_examples/controller_oauth_shared_examples.rb +18 -0
  60. data/spec/shared_examples/user_activation_shared_examples.rb +71 -41
  61. data/spec/shared_examples/user_reset_password_shared_examples.rb +76 -31
  62. data/spec/sorcery_crypto_providers_spec.rb +9 -0
  63. metadata +159 -246
@@ -7,61 +7,118 @@ Rails.application.config.sorcery.submodules = []
7
7
  # Here you can configure each submodule's features.
8
8
  Rails.application.config.sorcery.configure do |config|
9
9
  # -- core --
10
- # config.not_authenticated_action = :not_authenticated # what controller action to call for
11
- # non-authenticated users.
12
- # You can also override 'not_authenticated'
13
- # instead.
10
+ # What controller action to call for non-authenticated users. You can also
11
+ # override the 'not_authenticated' method of course.
12
+ # Default: `:not_authenticated`
13
+ #
14
+ # config.not_authenticated_action =
15
+
16
+
17
+ # When a non logged in user tries to enter a page that requires login, save
18
+ # the URL he wanted to reach, and send him there after login, using 'redirect_back_or_to'.
19
+ # Default: `true`
20
+ #
21
+ # config.save_return_to_url =
22
+
14
23
 
15
- # config.save_return_to_url = true # when a non logged in user tries to enter
16
- # a page that requires login,
17
- # save the URL he wanted to reach,
18
- # and send him there after login, using
19
- # 'redirect_back_or_to'.
24
+ # Set domain option for cookies; Useful for remember_me submodule.
25
+ # Default: `nil`
26
+ #
27
+ # config.cookie_domain =
20
28
 
21
- # config.cookie_domain = nil # set domain option for cookies
22
- # Useful for remember_me submodule
29
+
30
+ # -- remember_me --
31
+ # allow the remember_me cookie to settable through AJAX
32
+ # Default: `true`
33
+ #
34
+ # user.remember_me_httponly =
35
+
23
36
 
24
37
  # -- session timeout --
25
- # config.session_timeout = 3600 # how long in seconds to keep the session alive.
26
- # config.session_timeout_from_last_action = false # use the last action as the beginning of
27
- # session timeout.
38
+ # How long in seconds to keep the session alive.
39
+ # Default: `3600`
40
+ #
41
+ # config.session_timeout =
42
+
43
+
44
+ # Use the last action as the beginning of session timeout.
45
+ # Default: `false`
46
+ #
47
+ # config.session_timeout_from_last_action =
48
+
28
49
 
29
50
  # -- http_basic_auth --
30
- # config.controller_to_realm_map = {"application" => "Application"} # What realm to display for which controller name.
31
- # For example {"My App" => "Application"}
51
+ # What realm to display for which controller name. For example {"My App" => "Application"}
52
+ # Default: `{"application" => "Application"}`
53
+ #
54
+ # config.controller_to_realm_map =
55
+
32
56
 
33
57
  # -- activity logging --
34
- # config.register_login_time = true # will register the time of last user login, every login.
35
- # config.register_logout_time = true # will register the time of last user logout, every logout.
36
- # config.register_last_activity_time = true # will register the time of last user action, every action.
58
+ # will register the time of last user login, every login.
59
+ # Default: `true`
60
+ #
61
+ # config.register_login_time =
62
+
63
+
64
+ # will register the time of last user logout, every logout.
65
+ # Default: `true`
66
+ #
67
+ # config.register_logout_time =
68
+
69
+
70
+ # will register the time of last user action, every action.
71
+ # Default: `true`
72
+ #
73
+ # config.register_last_activity_time =
74
+
37
75
 
38
76
  # -- external --
39
- # config.external_providers = [] # What providers are supported by this app,
40
- # i.e. [:twitter, :facebook, :github, :google, :liveid] .
41
- # config.ca_file = 'path/to/ca_file' # Path to ca_file. By default use a internal ca-bundle.crt.
42
- # You can change it by your local ca_file.
43
- # i.e. '/etc/pki/tls/certs/ca-bundle.crt'
77
+ # What providers are supported by this app, i.e. [:twitter, :facebook, :github, :google, :liveid] .
78
+ # Default: `[]`
79
+ #
80
+ # config.external_providers =
81
+
82
+
83
+ # You can change it by your local ca_file. i.e. '/etc/pki/tls/certs/ca-bundle.crt'
84
+ # Path to ca_file. By default use a internal ca-bundle.crt.
85
+ # Default: `'path/to/ca_file'`
86
+ #
87
+ # config.ca_file =
88
+
44
89
 
90
+ # For information about LinkedIn API:
91
+ # - user info fields go to https://developer.linkedin.com/documents/profile-fields
92
+ # - access permissions go to https://developer.linkedin.com/documents/authentication#granting
93
+ #
94
+ # config.linkedin.key = ""
95
+ # config.linkedin.secret = ""
96
+ # config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
97
+ # config.linkedin.user_info_fields = ['first-name', 'last-name']
98
+ # config.linkedin.user_info_mapping = {first_name: "firstName", last_name: "lastName"}
99
+ # config.linkedin.access_permissions = ['r_basicprofile']
100
+ #
45
101
  # Twitter wil not accept any requests nor redirect uri containing localhost,
46
102
  # make sure you use 0.0.0.0:3000 to access your app in development
47
103
  #
48
- # config.twitter.key = "eYVNBjBDi33aa9GkA3w"
49
- # config.twitter.secret = "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8"
104
+ # config.twitter.key = ""
105
+ # config.twitter.secret = ""
50
106
  # config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter"
51
107
  # config.twitter.user_info_mapping = {:email => "screen_name"}
52
108
  #
53
- # config.facebook.key = "34cebc81c08a521bc66e212f947d73ec"
54
- # config.facebook.secret = "5b458d179f61d4f036ee66a497ffbcd0"
109
+ # config.facebook.key = ""
110
+ # config.facebook.secret = ""
55
111
  # config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
56
112
  # config.facebook.user_info_mapping = {:email => "name"}
113
+ # config.facebook.access_permissions = ["email", "publish_stream"]
57
114
  #
58
115
  # config.github.key = ""
59
116
  # config.github.secret = ""
60
117
  # config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
61
118
  # config.github.user_info_mapping = {:email => "name"}
62
119
  #
63
- # config.google.key = "491253340633.apps.googleusercontent.com"
64
- # config.google.secret = "4oE6kXqbL_LN-VGcGcg7qgdL"
120
+ # config.google.key = ""
121
+ # config.google.secret = ""
65
122
  # config.google.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=google"
66
123
  # config.google.user_info_mapping = {:email => "email", :username => "name"}
67
124
  #
@@ -74,147 +131,287 @@ Rails.application.config.sorcery.configure do |config|
74
131
  # config.liveid.callback_url = "http://mydomain.com:3000/oauth/callback?provider=liveid"
75
132
  # config.liveid.user_info_mapping = {:username => "name"}
76
133
 
134
+
77
135
  # --- user config ---
78
136
  config.user_config do |user|
79
137
  # -- core --
80
- # user.username_attribute_names = [:username] # specify username
81
- # attributes, for example:
82
- # [:username, :email].
138
+ # specify username attributes, for example: [:username, :email].
139
+ # Default: `[:username]`
140
+ #
141
+ # user.username_attribute_names =
142
+
143
+
144
+ # change *virtual* password attribute, the one which is used until an encrypted one is generated.
145
+ # Default: `:password`
146
+ #
147
+ # user.password_attribute_name =
148
+
149
+
150
+ # downcase the username before trying to authenticate, default is false
151
+ # Default: `false`
152
+ #
153
+ # user.downcase_username_before_authenticating =
154
+
155
+
156
+ # change default email attribute.
157
+ # Default: `:email`
158
+ #
159
+ # user.email_attribute_name =
160
+
161
+
162
+ # change default crypted_password attribute.
163
+ # Default: `:crypted_password`
164
+ #
165
+ # user.crypted_password_attribute_name =
166
+
83
167
 
84
- # user.password_attribute_name = :password # change *virtual* password
85
- # attribute, the one which is used
86
- # until an encrypted one is
87
- # generated.
168
+ # what pattern to use to join the password with the salt
169
+ # Default: `""`
170
+ #
171
+ # user.salt_join_token =
88
172
 
89
- # user.downcase_username_before_authenticating = false # downcase the username before
90
- # trying to authenticate, default
91
- # is false
92
173
 
93
- # user.email_attribute_name = :email # change default email attribute.
174
+ # change default salt attribute.
175
+ # Default: `:salt`
176
+ #
177
+ # user.salt_attribute_name =
94
178
 
95
- # user.crypted_password_attribute_name = :crypted_password # change default crypted_password
96
- # attribute.
97
179
 
98
- # user.salt_join_token = "" # what pattern to use to join the
99
- # password with the salt
180
+ # how many times to apply encryption to the password.
181
+ # Default: `nil`
182
+ #
183
+ # user.stretches =
100
184
 
101
- # user.salt_attribute_name = :salt # change default salt attribute.
102
185
 
103
- # user.stretches = nil # how many times to apply
104
- # encryption to the password.
186
+ # encryption key used to encrypt reversible encryptions such as AES256.
187
+ # WARNING: If used for users' passwords, changing this key will leave passwords undecryptable!
188
+ # Default: `nil`
189
+ #
190
+ # user.encryption_key =
105
191
 
106
- # user.encryption_key = nil # encryption key used to encrypt
107
- # reversible encryptions such as
108
- # AES256.
109
- #
110
- # WARNING:
111
- #
112
- # If used for users' passwords, changing this key
113
- # will leave passwords undecryptable!
114
192
 
115
- # user.custom_encryption_provider = nil # use an external encryption
116
- # class.
193
+ # use an external encryption class.
194
+ # Default: `nil`
195
+ #
196
+ # user.custom_encryption_provider =
117
197
 
118
- # user.encryption_algorithm = :bcrypt # encryption algorithm name. See
119
- # 'encryption_algorithm=' for
120
- # available options.
121
198
 
122
- # user.subclasses_inherit_config = false # make this configuration
123
- # inheritable for subclasses.
124
- # Useful for ActiveRecord's STI.
199
+ # encryption algorithm name. See 'encryption_algorithm=' for available options.
200
+ # Default: `:bcrypt`
201
+ #
202
+ # user.encryption_algorithm =
203
+
204
+
205
+ # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
206
+ # Default: `false`
207
+ #
208
+ # user.subclasses_inherit_config =
209
+
125
210
 
126
211
  # -- user_activation --
127
- # user.activation_state_attribute_name = :activation_state # the attribute name to hold
128
- # activation state
129
- # (active/pending).
212
+ # the attribute name to hold activation state (active/pending).
213
+ # Default: `:activation_state`
214
+ #
215
+ # user.activation_state_attribute_name =
216
+
217
+
218
+ # the attribute name to hold activation code (sent by email).
219
+ # Default: `:activation_token`
220
+ #
221
+ # user.activation_token_attribute_name =
222
+
223
+
224
+ # the attribute name to hold activation code expiration date.
225
+ # Default: `:activation_token_expires_at`
226
+ #
227
+ # user.activation_token_expires_at_attribute_name =
228
+
229
+
230
+ # how many seconds before the activation code expires. nil for never expires.
231
+ # Default: `nil`
232
+ #
233
+ # user.activation_token_expiration_period =
234
+
130
235
 
131
- # user.activation_token_attribute_name = :activation_token # the attribute name to hold
132
- # activation code (sent by email).
236
+ # your mailer class. Required.
237
+ # Default: `nil`
238
+ #
239
+ # user.user_activation_mailer =
133
240
 
134
- # user.activation_token_expires_at_attribute_name = :activation_token_expires_at # the attribute name to hold
135
- # activation code expiration date.
136
241
 
137
- # user.activation_token_expiration_period = nil # how many seconds before the
138
- # activation code expires. nil for
139
- # never expires.
242
+ # when true sorcery will not automatically
243
+ # email activation details and allow you to
244
+ # manually handle how and when email is sent.
245
+ # Default: `false`
246
+ #
247
+ # user.activation_mailer_disabled =
140
248
 
141
- # user.user_activation_mailer = nil # your mailer class. Required.
142
249
 
143
- # user.activation_needed_email_method_name = :activation_needed_email # activation needed email method
144
- # on your mailer class.
250
+ # activation needed email method on your mailer class.
251
+ # Default: `:activation_needed_email`
252
+ #
253
+ # user.activation_needed_email_method_name =
145
254
 
146
- # user.activation_success_email_method_name = :activation_success_email # activation success email method
147
- # on your mailer class.
148
255
 
149
- # user.prevent_non_active_users_to_login = true # do you want to prevent or allow
150
- # users that did not activate by
151
- # email to login?
256
+ # activation success email method on your mailer class.
257
+ # Default: `:activation_success_email`
258
+ #
259
+ # user.activation_success_email_method_name =
260
+
261
+
262
+ # do you want to prevent or allow users that did not activate by email to login?
263
+ # Default: `true`
264
+ #
265
+ # user.prevent_non_active_users_to_login =
266
+
152
267
 
153
268
  # -- reset_password --
154
- # user.reset_password_token_attribute_name = :reset_password_token # reset password code
155
- # attribute name.
269
+ # reset password code attribute name.
270
+ # Default: `:reset_password_token`
271
+ #
272
+ # user.reset_password_token_attribute_name =
273
+
274
+
275
+ # expires at attribute name.
276
+ # Default: `:reset_password_token_expires_at`
277
+ #
278
+ # user.reset_password_token_expires_at_attribute_name =
279
+
280
+
281
+ # when was email sent, used for hammering protection.
282
+ # Default: `:reset_password_email_sent_at`
283
+ #
284
+ # user.reset_password_email_sent_at_attribute_name =
285
+
286
+
287
+ # mailer class. Needed.
288
+ # Default: `nil`
289
+ #
290
+ # user.reset_password_mailer =
291
+
156
292
 
157
- # user.reset_password_token_expires_at_attribute_name = :reset_password_token_expires_at # expires at attribute
158
- # name.
293
+ # reset password email method on your mailer class.
294
+ # Default: `:reset_password_email`
295
+ #
296
+ # user.reset_password_email_method_name =
159
297
 
160
- # user.reset_password_email_sent_at_attribute_name = :reset_password_email_sent_at # when was email sent,
161
- # used for hammering
162
- # protection.
163
298
 
164
- # user.reset_password_mailer = nil # mailer class. Needed.
299
+ # when true sorcery will not automatically
300
+ # email password reset details and allow you to
301
+ # manually handle how and when email is sent
302
+ # Default: `false`
303
+ #
304
+ # user.reset_password_mailer_disabled =
165
305
 
166
- # user.reset_password_email_method_name = :reset_password_email # reset password email
167
- # method on your mailer
168
- # class.
169
306
 
170
- # user.reset_password_expiration_period = nil # how many seconds
171
- # before the reset
172
- # request expires. nil
173
- # for never expires.
307
+ # how many seconds before the reset request expires. nil for never expires.
308
+ # Default: `nil`
309
+ #
310
+ # user.reset_password_expiration_period =
311
+
312
+
313
+ # hammering protection, how long to wait before allowing another email to be sent.
314
+ # Default: `5 * 60`
315
+ #
316
+ # user.reset_password_time_between_emails =
174
317
 
175
- # user.reset_password_time_between_emails = 5 * 60 # hammering protection,
176
- # how long to wait
177
- # before allowing
178
- # another email to be
179
- # sent.
180
318
 
181
319
  # -- brute_force_protection --
182
- # user.failed_logins_count_attribute_name = :failed_logins_count # failed logins attribute name.
320
+ # Failed logins attribute name.
321
+ # Default: `:failed_logins_count`
322
+ #
323
+ # user.failed_logins_count_attribute_name =
324
+
325
+
326
+ # This field indicates whether user is banned and when it will be active again.
327
+ # Default: `:lock_expires_at`
328
+ #
329
+ # user.lock_expires_at_attribute_name =
330
+
183
331
 
184
- # user.lock_expires_at_attribute_name = :lock_expires_at # this field indicates whether
185
- # user is banned and when it will
186
- # be active again.
332
+ # How many failed logins allowed.
333
+ # Default: `50`
334
+ #
335
+ # user.consecutive_login_retries_amount_limit =
187
336
 
188
- # user.consecutive_login_retries_amount_limit = 50 # how many failed logins allowed.
189
337
 
190
- # user.login_lock_time_period = 60 * 60 # how long the user should be
191
- # banned. in seconds. 0 for
192
- # permanent.
338
+ # How long the user should be banned. in seconds. 0 for permanent.
339
+ # Default: `60 * 60`
340
+ #
341
+ # user.login_lock_time_period =
342
+
343
+ # Unlock token attribute name
344
+ # Default: `:unlock_token`
345
+ #
346
+ # user.unlock_token_attribute_name =
347
+
348
+ # Unlock token mailer method
349
+ # Default: `:send_unlock_token_email`
350
+ #
351
+ # user.unlock_token_email_method_name =
352
+
353
+ # when true sorcery will not automatically
354
+ # send email with unlock token
355
+ # Default: `false`
356
+ #
357
+ # user.unlock_token_mailer_disabled = true
358
+
359
+ # Unlock token mailer class
360
+ # Default: `nil`
361
+ #
362
+ # user.unlock_token_mailer = UserMailer
193
363
 
194
364
  # -- activity logging --
195
- # user.last_login_at_attribute_name = :last_login_at # last login attribute name.
196
- # user.last_logout_at_attribute_name = :last_logout_at # last logout attribute name.
197
- # user.last_activity_at_attribute_name = :last_activity_at # last activity attribute name.
198
- # user.activity_timeout = 10 * 60 # how long since last activity is
199
- # the user defined logged out?
365
+ # Last login attribute name.
366
+ # Default: `:last_login_at`
367
+ #
368
+ # user.last_login_at_attribute_name =
369
+
370
+
371
+ # Last logout attribute name.
372
+ # Default: `:last_logout_at`
373
+ #
374
+ # user.last_logout_at_attribute_name =
375
+
376
+
377
+ # Last activity attribute name.
378
+ # Default: `:last_activity_at`
379
+ #
380
+ # user.last_activity_at_attribute_name =
381
+
382
+
383
+ # How long since last activity is he user defined logged out?
384
+ # Default: `10 * 60`
385
+ #
386
+ # user.activity_timeout =
387
+
200
388
 
201
389
  # -- external --
202
- # user.authentications_class = nil # class which holds the various
203
- # external provider data for this
204
- # user.
390
+ # Class which holds the various external provider data for this user.
391
+ # Default: `nil`
392
+ #
393
+ # user.authentications_class =
394
+
395
+
396
+ # User's identifier in authentications class.
397
+ # Default: `:user_id`
398
+ #
399
+ # user.authentications_user_id_attribute_name =
400
+
205
401
 
206
- # user.authentications_user_id_attribute_name = :user_id # user's identifier in
207
- # authentications class.
402
+ # Provider's identifier in authentications class.
403
+ # Default: `:provider`
404
+ #
405
+ # user.provider_attribute_name =
208
406
 
209
- # user.provider_attribute_name = :provider # provider's identifier in
210
- # authentications class.
211
407
 
212
- # user.provider_uid_attribute_name = :uid # user's external unique
213
- # identifier in authentications
214
- # class.
408
+ # User's external unique identifier in authentications class.
409
+ # Default: `:uid`
410
+ #
411
+ # user.provider_uid_attribute_name =
215
412
  end
216
413
 
217
414
  # This line must come after the 'user config' block.
218
- config.user_class = "<%= model_class_name %>" # define which model authenticates
219
- # with sorcery.
415
+ # Define which model authenticates with sorcery.
416
+ config.user_class = "<%= model_class_name %>"
220
417
  end
@@ -2,10 +2,12 @@ class SorceryBruteForceProtection < ActiveRecord::Migration
2
2
  def self.up
3
3
  add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, :default => 0
4
4
  add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, :default => nil
5
+ add_column :<%= model_class_name.tableize %>, :unlock_token, :string, :default => nil
5
6
  end
6
7
 
7
8
  def self.down
8
9
  remove_column :<%= model_class_name.tableize %>, :lock_expires_at
9
10
  remove_column :<%= model_class_name.tableize %>, :failed_logins_count
11
+ remove_column :<%= model_class_name.tableize %>, :unlock_token
10
12
  end
11
13
  end
@@ -29,8 +29,7 @@ module Sorcery
29
29
  # Resets the failed logins counter.
30
30
  # Runs as a hook after a successful login.
31
31
  def reset_failed_logins_count!(user, credentials)
32
- user.send(:"#{user_class.sorcery_config.failed_logins_count_attribute_name}=", 0)
33
- user.save!(:validate => false)
32
+ user.update_many_attributes(user_class.sorcery_config.failed_logins_count_attribute_name => 0)
34
33
  end
35
34
  end
36
35
  end
@@ -20,9 +20,9 @@ module Sorcery
20
20
 
21
21
  def get_access_token(args, options = {})
22
22
  client = build_client(options)
23
- client.auth_code.get_access_token(
23
+ client.auth_code.get_token(
24
24
  args[:code],
25
- :redirect_uri => @callback_url
25
+ { :redirect_uri => @callback_url, :parse => options.delete(:parse) }, options
26
26
  )
27
27
  end
28
28
 
@@ -35,7 +35,8 @@ module Sorcery
35
35
  :user_info_path,
36
36
  :scope,
37
37
  :user_info_mapping,
38
- :display
38
+ :display,
39
+ :access_permissions
39
40
  attr_reader :access_token
40
41
 
41
42
  include Protocols::Oauth2
@@ -46,12 +47,16 @@ module Sorcery
46
47
  @scope = "email,offline_access"
47
48
  @user_info_mapping = {}
48
49
  @display = "page"
50
+ @token_url = "oauth/access_token"
51
+ @mode = :query
52
+ @parse = :query
53
+ @param_name = "access_token"
49
54
  end
50
55
 
51
56
  def get_user_hash
52
57
  user_hash = {}
53
58
  response = @access_token.get(@user_info_path)
54
- user_hash[:user_info] = JSON.parse(response)
59
+ user_hash[:user_info] = JSON.parse(response.body)
55
60
  user_hash[:uid] = user_hash[:user_info]['id']
56
61
  user_hash
57
62
  end
@@ -65,12 +70,19 @@ module Sorcery
65
70
  def login_url(params,session)
66
71
  self.authorize_url
67
72
  end
68
-
73
+
74
+ # overrides oauth2#authorize_url to allow customized scope.
75
+ def authorize_url
76
+ @scope = self.access_permissions.present? ? self.access_permissions.join(",") : @scope
77
+ super
78
+ end
79
+
69
80
  # tries to login the user from access token
70
81
  def process_callback(params,session)
71
82
  args = {}
83
+ options = { :token_url => @token_url, :mode => @mode, :param_name => @param_name, :parse => @parse }
72
84
  args.merge!({:code => params[:code]}) if params[:code]
73
- @access_token = self.get_access_token(args)
85
+ @access_token = self.get_access_token(args, options)
74
86
  end
75
87
 
76
88
  end