sorcery 0.7.6 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.travis.yml +3 -0
- data/Gemfile +9 -4
- data/Gemfile.lock +99 -58
- data/README.rdoc +33 -8
- data/Rakefile +6 -7
- data/VERSION +1 -1
- data/lib/generators/sorcery/install_generator.rb +9 -7
- data/lib/generators/sorcery/templates/initializer.rb +324 -127
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +2 -0
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +1 -2
- data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +2 -2
- data/lib/sorcery/controller/submodules/external/providers/facebook.rb +16 -4
- data/lib/sorcery/controller/submodules/external/providers/github.rb +6 -4
- data/lib/sorcery/controller/submodules/external/providers/google.rb +4 -4
- data/lib/sorcery/controller/submodules/external/providers/linkedin.rb +101 -0
- data/lib/sorcery/controller/submodules/external/providers/liveid.rb +1 -1
- data/lib/sorcery/controller/submodules/external/providers/vkontakte.rb +94 -0
- data/lib/sorcery/controller/submodules/external.rb +83 -15
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +1 -1
- data/lib/sorcery/controller/submodules/remember_me.rb +11 -2
- data/lib/sorcery/controller.rb +14 -6
- data/lib/sorcery/crypto_providers/bcrypt.rb +1 -0
- data/lib/sorcery/model/adapters/active_record.rb +9 -4
- data/lib/sorcery/model/adapters/mongo_mapper.rb +16 -14
- data/lib/sorcery/model/adapters/mongoid.rb +12 -6
- data/lib/sorcery/model/submodules/brute_force_protection.rb +44 -13
- data/lib/sorcery/model/submodules/remember_me.rb +4 -6
- data/lib/sorcery/model/submodules/reset_password.rb +14 -7
- data/lib/sorcery/model/submodules/user_activation.rb +14 -6
- data/lib/sorcery/model.rb +40 -39
- data/lib/sorcery/railties/tasks.rake +2 -0
- data/lib/sorcery.rb +3 -1
- data/sorcery.gemspec +31 -141
- data/spec/Gemfile +1 -1
- data/spec/Gemfile.lock +20 -19
- data/spec/README.md +8 -8
- data/spec/rails3/Gemfile +1 -0
- data/spec/rails3/Gemfile.lock +27 -24
- data/spec/rails3/app/controllers/application_controller.rb +54 -0
- data/spec/rails3/app/mailers/sorcery_mailer.rb +7 -0
- data/spec/rails3/app/views/sorcery_mailer/send_unlock_token_email.text.erb +1 -0
- data/spec/rails3/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +2 -0
- data/spec/rails3/spec/controller_activity_logging_spec.rb +3 -0
- data/spec/rails3/spec/controller_brute_force_protection_spec.rb +23 -1
- data/spec/rails3/spec/controller_oauth2_spec.rb +162 -24
- data/spec/rails3/spec/controller_oauth_spec.rb +111 -6
- data/spec/rails3/spec/controller_spec.rb +7 -0
- data/spec/rails3_mongo_mapper/Gemfile +2 -1
- data/spec/rails3_mongo_mapper/Gemfile.lock +37 -39
- data/spec/rails3_mongo_mapper/app/controllers/application_controller.rb +14 -0
- data/spec/rails3_mongo_mapper/spec/controller_spec.rb +7 -0
- data/spec/rails3_mongoid/Gemfile +1 -0
- data/spec/rails3_mongoid/Gemfile.lock +28 -25
- data/spec/rails3_mongoid/app/controllers/application_controller.rb +14 -0
- data/spec/rails3_mongoid/config/mongoid.yml +1 -1
- data/spec/rails3_mongoid/spec/controller_activity_logging_spec.rb +11 -11
- data/spec/rails3_mongoid/spec/controller_spec.rb +7 -0
- data/spec/shared_examples/controller_oauth2_shared_examples.rb +20 -1
- data/spec/shared_examples/controller_oauth_shared_examples.rb +18 -0
- data/spec/shared_examples/user_activation_shared_examples.rb +71 -41
- data/spec/shared_examples/user_reset_password_shared_examples.rb +76 -31
- data/spec/sorcery_crypto_providers_spec.rb +9 -0
- metadata +159 -246
|
@@ -5,7 +5,8 @@ def stub_all_oauth2_requests!
|
|
|
5
5
|
auth_code = OAuth2::Strategy::AuthCode.any_instance
|
|
6
6
|
access_token = mock(OAuth2::AccessToken)
|
|
7
7
|
access_token.stub(:token_param=)
|
|
8
|
-
|
|
8
|
+
response = mock(OAuth2::Response)
|
|
9
|
+
response.stub(:body).and_return({
|
|
9
10
|
"id"=>"123",
|
|
10
11
|
"name"=>"Noam Ben Ari",
|
|
11
12
|
"first_name"=>"Noam",
|
|
@@ -21,26 +22,31 @@ def stub_all_oauth2_requests!
|
|
|
21
22
|
"languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}],
|
|
22
23
|
"verified"=>true,
|
|
23
24
|
"updated_time"=>"2011-02-16T20:59:38+0000"}.to_json)
|
|
24
|
-
|
|
25
|
+
access_token.stub(:get).and_return(response)
|
|
26
|
+
auth_code.stub(:get_token).and_return(access_token)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def set_external_property
|
|
30
|
+
sorcery_controller_property_set(:external_providers, [:facebook, :github, :google, :liveid])
|
|
31
|
+
sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
|
|
32
|
+
sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
33
|
+
sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
|
|
34
|
+
sorcery_controller_external_property_set(:github, :key, "eYVNBjBDi33aa9GkA3w")
|
|
35
|
+
sorcery_controller_external_property_set(:github, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
36
|
+
sorcery_controller_external_property_set(:github, :callback_url, "http://blabla.com")
|
|
37
|
+
sorcery_controller_external_property_set(:google, :key, "eYVNBjBDi33aa9GkA3w")
|
|
38
|
+
sorcery_controller_external_property_set(:google, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
39
|
+
sorcery_controller_external_property_set(:google, :callback_url, "http://blabla.com")
|
|
40
|
+
sorcery_controller_external_property_set(:liveid, :key, "eYVNBjBDi33aa9GkA3w")
|
|
41
|
+
sorcery_controller_external_property_set(:liveid, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
42
|
+
sorcery_controller_external_property_set(:liveid, :callback_url, "http://blabla.com")
|
|
25
43
|
end
|
|
26
44
|
|
|
27
45
|
describe ApplicationController do
|
|
28
46
|
before(:all) do
|
|
29
47
|
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
|
30
48
|
sorcery_reload!([:external])
|
|
31
|
-
|
|
32
|
-
sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
|
|
33
|
-
sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
34
|
-
sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
|
|
35
|
-
sorcery_controller_external_property_set(:github, :key, "eYVNBjBDi33aa9GkA3w")
|
|
36
|
-
sorcery_controller_external_property_set(:github, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
37
|
-
sorcery_controller_external_property_set(:github, :callback_url, "http://blabla.com")
|
|
38
|
-
sorcery_controller_external_property_set(:google, :key, "eYVNBjBDi33aa9GkA3w")
|
|
39
|
-
sorcery_controller_external_property_set(:google, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
40
|
-
sorcery_controller_external_property_set(:google, :callback_url, "http://blabla.com")
|
|
41
|
-
sorcery_controller_external_property_set(:liveid, :key, "eYVNBjBDi33aa9GkA3w")
|
|
42
|
-
sorcery_controller_external_property_set(:liveid, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
|
|
43
|
-
sorcery_controller_external_property_set(:liveid, :callback_url, "http://blabla.com")
|
|
49
|
+
set_external_property
|
|
44
50
|
end
|
|
45
51
|
|
|
46
52
|
after(:all) do
|
|
@@ -58,13 +64,30 @@ describe ApplicationController do
|
|
|
58
64
|
Authentication.delete_all
|
|
59
65
|
end
|
|
60
66
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
67
|
+
context "when callback_url begin with /" do
|
|
68
|
+
before do
|
|
69
|
+
sorcery_controller_external_property_set(:facebook, :callback_url, "/oauth/twitter/callback")
|
|
70
|
+
end
|
|
71
|
+
it "login_at redirects correctly" do
|
|
72
|
+
create_new_user
|
|
73
|
+
get :login_at_test2
|
|
74
|
+
response.should be_a_redirect
|
|
75
|
+
response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&scope=email%2Coffline_access&display=page")
|
|
76
|
+
end
|
|
77
|
+
after do
|
|
78
|
+
sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
|
|
79
|
+
end
|
|
66
80
|
end
|
|
67
81
|
|
|
82
|
+
context "when callback_url begin with http://" do
|
|
83
|
+
it "login_at redirects correctly" do
|
|
84
|
+
create_new_user
|
|
85
|
+
get :login_at_test2
|
|
86
|
+
response.should be_a_redirect
|
|
87
|
+
response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
|
|
68
91
|
it "'login_from' logins if user exists" do
|
|
69
92
|
sorcery_model_property_set(:authentications_class, Authentication)
|
|
70
93
|
create_new_external_user(:facebook)
|
|
@@ -79,12 +102,20 @@ describe ApplicationController do
|
|
|
79
102
|
flash[:alert].should == "Failed!"
|
|
80
103
|
end
|
|
81
104
|
|
|
105
|
+
it "on successful login_from the user should be redirected to the url he originally wanted" do
|
|
106
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
107
|
+
create_new_external_user(:facebook)
|
|
108
|
+
get :test_return_to_with_external2, {}, :return_to_url => "fuu"
|
|
109
|
+
response.should redirect_to("fuu")
|
|
110
|
+
flash[:notice].should == "Success!"
|
|
111
|
+
end
|
|
112
|
+
|
|
82
113
|
# provider: github
|
|
83
114
|
it "login_at redirects correctly (github)" do
|
|
84
115
|
create_new_user
|
|
85
116
|
get :login_at_test3
|
|
86
117
|
response.should be_a_redirect
|
|
87
|
-
response.should redirect_to("https://github.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.github.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope
|
|
118
|
+
response.should redirect_to("https://github.com/login/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.github.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope&display")
|
|
88
119
|
end
|
|
89
120
|
|
|
90
121
|
it "'login_from' logins if user exists (github)" do
|
|
@@ -101,12 +132,20 @@ describe ApplicationController do
|
|
|
101
132
|
flash[:alert].should == "Failed!"
|
|
102
133
|
end
|
|
103
134
|
|
|
135
|
+
it "on successful login_from the user should be redirected to the url he originally wanted (github)" do
|
|
136
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
137
|
+
create_new_external_user(:github)
|
|
138
|
+
get :test_return_to_with_external3, {}, :return_to_url => "fuu"
|
|
139
|
+
response.should redirect_to("fuu")
|
|
140
|
+
flash[:notice].should == "Success!"
|
|
141
|
+
end
|
|
142
|
+
|
|
104
143
|
# provider: google
|
|
105
144
|
it "login_at redirects correctly (google)" do
|
|
106
145
|
create_new_user
|
|
107
146
|
get :login_at_test4
|
|
108
147
|
response.should be_a_redirect
|
|
109
|
-
response.should redirect_to("https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=#{::Sorcery::Controller::Config.google.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%
|
|
148
|
+
response.should redirect_to("https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=#{::Sorcery::Controller::Config.google.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&display")
|
|
110
149
|
end
|
|
111
150
|
|
|
112
151
|
it "'login_from' logins if user exists (google)" do
|
|
@@ -123,12 +162,20 @@ describe ApplicationController do
|
|
|
123
162
|
flash[:alert].should == "Failed!"
|
|
124
163
|
end
|
|
125
164
|
|
|
165
|
+
it "on successful login_from the user should be redirected to the url he originally wanted (google)" do
|
|
166
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
167
|
+
create_new_external_user(:google)
|
|
168
|
+
get :test_return_to_with_external4, {}, :return_to_url => "fuu"
|
|
169
|
+
response.should redirect_to("fuu")
|
|
170
|
+
flash[:notice].should == "Success!"
|
|
171
|
+
end
|
|
172
|
+
|
|
126
173
|
# provider: liveid
|
|
127
174
|
it "login_at redirects correctly (liveid)" do
|
|
128
175
|
create_new_user
|
|
129
176
|
get :login_at_test5
|
|
130
177
|
response.should be_a_redirect
|
|
131
|
-
response.should redirect_to("https://oauth.live.com/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.liveid.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=wl.basic
|
|
178
|
+
response.should redirect_to("https://oauth.live.com/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.liveid.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=wl.basic+wl.emails+wl.offline_access&display")
|
|
132
179
|
end
|
|
133
180
|
|
|
134
181
|
it "'login_from' logins if user exists (liveid)" do
|
|
@@ -145,6 +192,14 @@ describe ApplicationController do
|
|
|
145
192
|
flash[:alert].should == "Failed!"
|
|
146
193
|
end
|
|
147
194
|
|
|
195
|
+
it "on successful login_from the user should be redirected to the url he originally wanted (liveid)" do
|
|
196
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
197
|
+
create_new_external_user(:liveid)
|
|
198
|
+
get :test_return_to_with_external5, {}, :return_to_url => "fuu"
|
|
199
|
+
response.should redirect_to("fuu")
|
|
200
|
+
flash[:notice].should == "Success!"
|
|
201
|
+
end
|
|
202
|
+
|
|
148
203
|
end
|
|
149
204
|
|
|
150
205
|
|
|
@@ -239,4 +294,87 @@ describe ApplicationController do
|
|
|
239
294
|
ActionMailer::Base.deliveries.size.should == old_size
|
|
240
295
|
end
|
|
241
296
|
end
|
|
242
|
-
|
|
297
|
+
|
|
298
|
+
describe ApplicationController, "OAuth with user activation features" do
|
|
299
|
+
before(:all) do
|
|
300
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
|
301
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
|
|
302
|
+
sorcery_reload!([:activity_logging, :external])
|
|
303
|
+
end
|
|
304
|
+
|
|
305
|
+
after(:all) do
|
|
306
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
|
|
307
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
|
|
308
|
+
end
|
|
309
|
+
|
|
310
|
+
%w(facebook github google liveid).each.with_index(2) do |provider, index|
|
|
311
|
+
context "when #{provider}" do
|
|
312
|
+
before(:each) do
|
|
313
|
+
User.delete_all
|
|
314
|
+
Authentication.delete_all
|
|
315
|
+
sorcery_controller_property_set(:register_login_time, true)
|
|
316
|
+
stub_all_oauth2_requests!
|
|
317
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
318
|
+
create_new_external_user(provider.to_sym)
|
|
319
|
+
end
|
|
320
|
+
|
|
321
|
+
it "should register login time" do
|
|
322
|
+
now = Time.now.in_time_zone
|
|
323
|
+
get "test_login_from#{index}".to_sym
|
|
324
|
+
User.last.last_login_at.should_not be_nil
|
|
325
|
+
User.last.last_login_at.to_s(:db).should >= now.to_s(:db)
|
|
326
|
+
User.last.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
|
|
327
|
+
end
|
|
328
|
+
|
|
329
|
+
it "should not register login time if configured so" do
|
|
330
|
+
sorcery_controller_property_set(:register_login_time, false)
|
|
331
|
+
now = Time.now.in_time_zone
|
|
332
|
+
get "test_login_from#{index}".to_sym
|
|
333
|
+
User.last.last_login_at.should be_nil
|
|
334
|
+
end
|
|
335
|
+
end
|
|
336
|
+
end
|
|
337
|
+
end
|
|
338
|
+
|
|
339
|
+
describe ApplicationController, "OAuth with session timeout features" do
|
|
340
|
+
before(:all) do
|
|
341
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
|
342
|
+
sorcery_reload!([:session_timeout, :external])
|
|
343
|
+
end
|
|
344
|
+
|
|
345
|
+
after(:all) do
|
|
346
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
|
|
347
|
+
end
|
|
348
|
+
|
|
349
|
+
%w(facebook github google liveid).each.with_index(2) do |provider, index|
|
|
350
|
+
context "when #{provider}" do
|
|
351
|
+
before(:each) do
|
|
352
|
+
User.delete_all
|
|
353
|
+
Authentication.delete_all
|
|
354
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
355
|
+
sorcery_controller_property_set(:session_timeout,0.5)
|
|
356
|
+
stub_all_oauth2_requests!
|
|
357
|
+
create_new_external_user(provider.to_sym)
|
|
358
|
+
end
|
|
359
|
+
|
|
360
|
+
after(:each) do
|
|
361
|
+
Timecop.return
|
|
362
|
+
end
|
|
363
|
+
|
|
364
|
+
it "should not reset session before session timeout" do
|
|
365
|
+
get "test_login_from#{index}".to_sym
|
|
366
|
+
session[:user_id].should_not be_nil
|
|
367
|
+
flash[:notice].should == "Success!"
|
|
368
|
+
end
|
|
369
|
+
|
|
370
|
+
it "should reset session after session timeout" do
|
|
371
|
+
get "test_login_from#{index}".to_sym
|
|
372
|
+
Timecop.travel(Time.now.in_time_zone+0.6)
|
|
373
|
+
get :test_should_be_logged_in
|
|
374
|
+
session[:user_id].should be_nil
|
|
375
|
+
response.should be_a_redirect
|
|
376
|
+
end
|
|
377
|
+
end
|
|
378
|
+
end
|
|
379
|
+
end
|
|
380
|
+
end
|
|
@@ -43,11 +43,28 @@ describe ApplicationController do
|
|
|
43
43
|
Authentication.delete_all
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
46
|
+
context "when callback_url begin with /" do
|
|
47
|
+
before do
|
|
48
|
+
sorcery_controller_external_property_set(:twitter, :callback_url, "/oauth/twitter/callback")
|
|
49
|
+
end
|
|
50
|
+
it "login_at redirects correctly" do
|
|
51
|
+
create_new_user
|
|
52
|
+
get :login_at_test
|
|
53
|
+
response.should be_a_redirect
|
|
54
|
+
response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=")
|
|
55
|
+
end
|
|
56
|
+
after do
|
|
57
|
+
sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
context "when callback_url begin with http://" do
|
|
62
|
+
it "login_at redirects correctly" do
|
|
63
|
+
create_new_user
|
|
64
|
+
get :login_at_test
|
|
65
|
+
response.should be_a_redirect
|
|
66
|
+
response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
|
|
67
|
+
end
|
|
51
68
|
end
|
|
52
69
|
|
|
53
70
|
it "logins if user exists" do
|
|
@@ -63,6 +80,15 @@ describe ApplicationController do
|
|
|
63
80
|
get :test_login_from, :oauth_verifier => "blablaRERASDFcxvSDFA"
|
|
64
81
|
flash[:alert].should == "Failed!"
|
|
65
82
|
end
|
|
83
|
+
|
|
84
|
+
it "on successful 'login_from' the user should be redirected to the url he originally wanted" do
|
|
85
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
86
|
+
create_new_external_user(:twitter)
|
|
87
|
+
get :test_return_to_with_external, {}, :return_to_url => "fuu"
|
|
88
|
+
response.should redirect_to("fuu")
|
|
89
|
+
flash[:notice].should == "Success!"
|
|
90
|
+
end
|
|
91
|
+
|
|
66
92
|
end
|
|
67
93
|
|
|
68
94
|
describe ApplicationController do
|
|
@@ -98,4 +124,83 @@ describe ApplicationController do
|
|
|
98
124
|
ActionMailer::Base.deliveries.size.should == old_size
|
|
99
125
|
end
|
|
100
126
|
end
|
|
101
|
-
|
|
127
|
+
|
|
128
|
+
describe ApplicationController, "OAuth with user activation features" do
|
|
129
|
+
before(:all) do
|
|
130
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
|
131
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
|
|
132
|
+
sorcery_reload!([:activity_logging, :external])
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
after(:all) do
|
|
136
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
|
|
137
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
context "when twitter" do
|
|
141
|
+
before(:each) do
|
|
142
|
+
User.delete_all
|
|
143
|
+
Authentication.delete_all
|
|
144
|
+
sorcery_controller_property_set(:register_login_time, true)
|
|
145
|
+
stub_all_oauth_requests!
|
|
146
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
147
|
+
create_new_external_user(:twitter)
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
it "should register login time" do
|
|
151
|
+
now = Time.now.in_time_zone
|
|
152
|
+
get :test_login_from
|
|
153
|
+
User.last.last_login_at.should_not be_nil
|
|
154
|
+
User.last.last_login_at.to_s(:db).should >= now.to_s(:db)
|
|
155
|
+
User.last.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
it "should not register login time if configured so" do
|
|
159
|
+
sorcery_controller_property_set(:register_login_time, false)
|
|
160
|
+
now = Time.now.in_time_zone
|
|
161
|
+
get :test_login_from
|
|
162
|
+
User.last.last_login_at.should be_nil
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
describe ApplicationController, "OAuth with session timeout features" do
|
|
168
|
+
before(:all) do
|
|
169
|
+
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
|
170
|
+
sorcery_reload!([:session_timeout, :external])
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
after(:all) do
|
|
174
|
+
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
context "when twitter" do
|
|
178
|
+
before(:each) do
|
|
179
|
+
User.delete_all
|
|
180
|
+
Authentication.delete_all
|
|
181
|
+
sorcery_model_property_set(:authentications_class, Authentication)
|
|
182
|
+
sorcery_controller_property_set(:session_timeout,0.5)
|
|
183
|
+
stub_all_oauth_requests!
|
|
184
|
+
create_new_external_user(:twitter)
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
after(:each) do
|
|
188
|
+
Timecop.return
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
it "should not reset session before session timeout" do
|
|
192
|
+
get :test_login_from
|
|
193
|
+
session[:user_id].should_not be_nil
|
|
194
|
+
flash[:notice].should == "Success!"
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
it "should reset session after session timeout" do
|
|
198
|
+
get :test_login_from
|
|
199
|
+
Timecop.travel(Time.now.in_time_zone+0.6)
|
|
200
|
+
get :test_should_be_logged_in
|
|
201
|
+
session[:user_id].should be_nil
|
|
202
|
+
response.should be_a_redirect
|
|
203
|
+
end
|
|
204
|
+
end
|
|
205
|
+
end
|
|
206
|
+
end
|
|
@@ -141,6 +141,13 @@ describe ApplicationController do
|
|
|
141
141
|
response.should redirect_to("http://test.host/")
|
|
142
142
|
end
|
|
143
143
|
|
|
144
|
+
it "require_login before_filter should not save the url that the user originally wanted upon all non-get http methods" do
|
|
145
|
+
[:post, :put, :delete].each do |m|
|
|
146
|
+
self.send(m, :some_action)
|
|
147
|
+
session[:return_to_url].should be_nil
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
|
|
144
151
|
it "on successful login the user should be redirected to the url he originally wanted" do
|
|
145
152
|
session[:return_to_url] = "http://test.host/some_action"
|
|
146
153
|
post :test_return_to, :username => 'gizmo', :password => 'secret'
|
|
@@ -1,12 +1,10 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: ../../
|
|
3
3
|
specs:
|
|
4
|
-
sorcery (0.7.
|
|
4
|
+
sorcery (0.7.13)
|
|
5
5
|
bcrypt-ruby (~> 3.0.0)
|
|
6
6
|
oauth (~> 0.4.4)
|
|
7
|
-
|
|
8
|
-
oauth2 (~> 0.5.1)
|
|
9
|
-
oauth2 (~> 0.5.1)
|
|
7
|
+
oauth2 (~> 0.8.0)
|
|
10
8
|
|
|
11
9
|
GEM
|
|
12
10
|
remote: http://rubygems.org/
|
|
@@ -38,23 +36,24 @@ GEM
|
|
|
38
36
|
activemodel (= 3.0.3)
|
|
39
37
|
activesupport (= 3.0.3)
|
|
40
38
|
activesupport (3.0.3)
|
|
41
|
-
addressable (2.2.6)
|
|
42
39
|
archive-tar-minitar (0.5.2)
|
|
43
40
|
arel (2.0.10)
|
|
44
41
|
bcrypt-ruby (3.0.1)
|
|
45
|
-
bson (1.
|
|
46
|
-
bson_ext (1.
|
|
42
|
+
bson (1.6.0)
|
|
43
|
+
bson_ext (1.6.0)
|
|
44
|
+
bson (= 1.6.0)
|
|
47
45
|
builder (2.1.2)
|
|
48
|
-
coderay (0.
|
|
49
|
-
columnize (0.3.
|
|
46
|
+
coderay (1.0.5)
|
|
47
|
+
columnize (0.3.6)
|
|
50
48
|
diff-lcs (1.1.3)
|
|
51
49
|
erubis (2.6.6)
|
|
52
50
|
abstract (>= 1.0.0)
|
|
53
|
-
faraday (0.
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
rack (>= 1.1.0, < 2)
|
|
51
|
+
faraday (0.8.4)
|
|
52
|
+
multipart-post (~> 1.1)
|
|
53
|
+
httpauth (0.2.0)
|
|
57
54
|
i18n (0.6.0)
|
|
55
|
+
jwt (0.1.5)
|
|
56
|
+
multi_json (>= 1.0)
|
|
58
57
|
linecache19 (0.5.12)
|
|
59
58
|
ruby_core_source (>= 0.1.4)
|
|
60
59
|
mail (2.2.19)
|
|
@@ -62,30 +61,31 @@ GEM
|
|
|
62
61
|
i18n (>= 0.4.0)
|
|
63
62
|
mime-types (~> 1.16)
|
|
64
63
|
treetop (~> 1.4.8)
|
|
65
|
-
method_source (0.
|
|
66
|
-
ruby_parser (>= 2.3.1)
|
|
64
|
+
method_source (0.7.1)
|
|
67
65
|
mime-types (1.17.2)
|
|
68
|
-
mongo (1.
|
|
69
|
-
bson (= 1.
|
|
70
|
-
mongo_mapper (0.
|
|
66
|
+
mongo (1.6.0)
|
|
67
|
+
bson (= 1.6.0)
|
|
68
|
+
mongo_mapper (0.11.0)
|
|
71
69
|
activemodel (~> 3.0)
|
|
72
70
|
activesupport (~> 3.0)
|
|
73
71
|
plucky (~> 0.4.0)
|
|
74
|
-
multi_json (1.0
|
|
75
|
-
multipart-post (1.1.
|
|
76
|
-
oauth (0.4.
|
|
77
|
-
oauth2 (0.
|
|
78
|
-
faraday (~> 0.
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
72
|
+
multi_json (1.1.0)
|
|
73
|
+
multipart-post (1.1.5)
|
|
74
|
+
oauth (0.4.7)
|
|
75
|
+
oauth2 (0.8.0)
|
|
76
|
+
faraday (~> 0.8)
|
|
77
|
+
httpauth (~> 0.1)
|
|
78
|
+
jwt (~> 0.1.4)
|
|
79
|
+
multi_json (~> 1.0)
|
|
80
|
+
rack (~> 1.2)
|
|
81
|
+
plucky (0.4.4)
|
|
82
|
+
mongo (~> 1.5)
|
|
82
83
|
polyglot (0.3.3)
|
|
83
|
-
pry (0.9.
|
|
84
|
-
coderay (~> 0.
|
|
85
|
-
method_source (~> 0.
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
rack (1.2.4)
|
|
84
|
+
pry (0.9.8.3)
|
|
85
|
+
coderay (~> 1.0.5)
|
|
86
|
+
method_source (~> 0.7.1)
|
|
87
|
+
slop (>= 2.4.4, < 3)
|
|
88
|
+
rack (1.2.5)
|
|
89
89
|
rack-mount (0.6.14)
|
|
90
90
|
rack (>= 1.0.0)
|
|
91
91
|
rack-test (0.5.7)
|
|
@@ -127,14 +127,11 @@ GEM
|
|
|
127
127
|
ruby-debug-base19 (>= 0.11.19)
|
|
128
128
|
ruby_core_source (0.1.5)
|
|
129
129
|
archive-tar-minitar (>= 0.5.2)
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
sexp_processor (3.0.8)
|
|
133
|
-
simplecov (0.5.4)
|
|
134
|
-
multi_json (~> 1.0.3)
|
|
130
|
+
simplecov (0.6.1)
|
|
131
|
+
multi_json (~> 1.0)
|
|
135
132
|
simplecov-html (~> 0.5.3)
|
|
136
133
|
simplecov-html (0.5.3)
|
|
137
|
-
slop (2.
|
|
134
|
+
slop (2.4.4)
|
|
138
135
|
thor (0.14.6)
|
|
139
136
|
timecop (0.3.5)
|
|
140
137
|
treetop (1.4.10)
|
|
@@ -146,8 +143,9 @@ PLATFORMS
|
|
|
146
143
|
ruby
|
|
147
144
|
|
|
148
145
|
DEPENDENCIES
|
|
146
|
+
bcrypt-ruby (~> 3.0.0)
|
|
149
147
|
bson_ext (~> 1.3)
|
|
150
|
-
mongo_mapper
|
|
148
|
+
mongo_mapper (~> 0.11.0)
|
|
151
149
|
pry
|
|
152
150
|
rails (= 3.0.3)
|
|
153
151
|
rspec (~> 2.5.0)
|
|
@@ -101,6 +101,20 @@ class ApplicationController < ActionController::Base
|
|
|
101
101
|
end
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
+
def test_create_from_provider_with_block
|
|
105
|
+
provider = params[:provider]
|
|
106
|
+
login_from(provider)
|
|
107
|
+
@user = create_from(provider) do |user|
|
|
108
|
+
# check uniqueness of username
|
|
109
|
+
User.where(:username => user.username).empty?
|
|
110
|
+
end
|
|
111
|
+
if @user
|
|
112
|
+
redirect_to "bla", :notice => "Success!"
|
|
113
|
+
else
|
|
114
|
+
redirect_to "blu", :alert => "Failed!"
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
|
|
104
118
|
protected
|
|
105
119
|
|
|
106
120
|
|
|
@@ -141,6 +141,13 @@ describe ApplicationController do
|
|
|
141
141
|
response.should redirect_to("http://test.host/")
|
|
142
142
|
end
|
|
143
143
|
|
|
144
|
+
it "require_login before_filter should not save the url that the user originally wanted upon all non-get http methods" do
|
|
145
|
+
[:post, :put, :delete].each do |m|
|
|
146
|
+
self.send(m, :some_action)
|
|
147
|
+
session[:return_to_url].should be_nil
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
|
|
144
151
|
it "on successful login the user should be redirected to the url he originally wanted" do
|
|
145
152
|
session[:return_to_url] = "http://test.host/some_action"
|
|
146
153
|
post :test_return_to, :username => 'gizmo', :password => 'secret'
|