sorcery 0.8.1 → 0.8.2

data/spec/rails3/spec/controller_activity_logging_spec.rb

@@ -10,6 +10,7 @@ describe ApplicationController do
     sorcery_controller_property_set(:register_login_time, true)
     sorcery_controller_property_set(:register_logout_time, true)
     sorcery_controller_property_set(:register_last_activity_time, true)
+    sorcery_controller_property_set(:last_login_from_ip_address, true)
   end
   
   # ----------------- ACTIVITY LOGGING -----------------------
@@ -57,6 +58,12 @@ describe ApplicationController do
       User.first.last_activity_at.to_s(:db).should <= (now+2).to_s(:db)
     end
 
+    it "should log last IP address when logged in" do
+      login_user
+      get :some_action
+      User.first.last_login_from_ip_address.should == "0.0.0.0"
+    end
+
     it "should update nothing but activity fields" do
       original_user_name = User.first.username
       login_user
@@ -111,5 +118,13 @@ describe ApplicationController do
       get :some_action
       @user.last_activity_at.should be_nil
     end
+
+    it "should not register last IP address if configured so" do
+      sorcery_controller_property_set(:register_last_ip_address, false)
+      ip_address = "127.0.0.1"
+      login_user
+      get :some_action
+      @user.last_activity_at.should be_nil
+    end
   end
 end

data/spec/rails3/spec/controller_brute_force_protection_spec.rb

@@ -4,18 +4,18 @@ describe ApplicationController do
   before(:all) do
     ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/brute_force_protection")
   end
-  
+
   after(:all) do
     ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/brute_force_protection")
   end
-  
+
   # ----------------- SESSION TIMEOUT -----------------------
   describe ApplicationController, "with brute force protection features" do
     before(:all) do
       sorcery_reload!([:brute_force_protection])
       create_new_user
     end
-    
+
     after(:each) do
       Sorcery::Controller::Config.reset!
       sorcery_controller_property_set(:user_class, User)
@@ -26,7 +26,7 @@ describe ApplicationController do
       3.times {get :test_login, :username => 'gizmo', :password => 'blabla'}
       User.find_by_username('gizmo').failed_logins_count.should == 3
     end
-    
+
     it "should generate unlock token after user locked" do
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
       sorcery_model_property_set(:login_lock_time_period, 0)
@@ -35,6 +35,14 @@ describe ApplicationController do
       User.find_by_username('gizmo').unlock_token.should_not be_nil
     end
 
+    it "should generate unlock token before mail is sent" do
+      sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
+      sorcery_model_property_set(:login_lock_time_period, 0)
+      sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
+      3.times {get :test_login, :username => "gizmo", :password => "blabla"}
+      ActionMailer::Base.deliveries.last.body.to_s.match(User.find_by_username('gizmo').unlock_token).should_not be_nil
+    end
+
     it "should unlock after entering unlock token" do
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
       sorcery_model_property_set(:login_lock_time_period, 0)
@@ -48,14 +56,14 @@ describe ApplicationController do
       User.load_from_unlock_token(token).should be_nil
     end
 
-    
+
     it "should reset the counter on a good login" do
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
       3.times {get :test_login, :username => 'gizmo', :password => 'blabla'}
       get :test_login, :username => 'gizmo', :password => 'secret'
       User.find_by_username('gizmo').failed_logins_count.should == 0
     end
-    
+
     it "should lock user when number of retries reached the limit" do
       User.find_by_username('gizmo').lock_expires_at.should be_nil
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)

data/spec/rails3/spec/controller_spec.rb

@@ -1,28 +1,28 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
 describe ApplicationController do
- 
+
   # ----------------- PLUGIN CONFIGURATION -----------------------
   describe ApplicationController, "plugin configuration" do
     before(:all) do
       sorcery_reload!
     end
-    
+
     after(:each) do
       Sorcery::Controller::Config.reset!
       sorcery_reload!
     end
-    
+
     it "should enable configuration option 'user_class'" do
       sorcery_controller_property_set(:user_class, "TestUser")
       Sorcery::Controller::Config.user_class.should == "TestUser"
     end
-    
+
     it "should enable configuration option 'not_authenticated_action'" do
       sorcery_controller_property_set(:not_authenticated_action, :my_action)
       Sorcery::Controller::Config.not_authenticated_action.should equal(:my_action)
     end
-    
+
   end
 
   # ----------------- PLUGIN ACTIVATED -----------------------
@@ -31,11 +31,11 @@ describe ApplicationController do
       sorcery_reload!
       User.delete_all
     end
-    
+
     before(:each) do
       create_new_user
     end
-  
+
     after(:each) do
       Sorcery::Controller::Config.reset!
       sorcery_reload!
@@ -43,21 +43,21 @@ describe ApplicationController do
       sorcery_controller_property_set(:user_class, User)
       sorcery_model_property_set(:username_attribute_names, [:username, :email])
     end
-    
+
     specify { should respond_to(:login) }
 
     specify { should respond_to(:logout) }
-  
+
     specify { should respond_to(:logged_in?) }
-    
+
     specify { should respond_to(:current_user) }
-  
+
     it "login(username,password) should return the user when success and set the session with user.id" do
       get :test_login, :username => 'gizmo', :password => 'secret'
       assigns[:user].should == @user
       session[:user_id].should == @user.id
     end
-    
+
     it "login(email,password) should return the user when success and set the session with user.id" do
       get :test_login, :username => 'bla@bla.com', :password => 'secret'
       assigns[:user].should == @user
@@ -70,12 +70,17 @@ describe ApplicationController do
       session[:user_id].should be_nil
     end
 
+    it "login(email,password) should return the user when success and set the session with the _csrf_token" do
+      get :test_login, :username => 'gizmo', :password => 'secret'
+      session[:_csrf_token].should_not be_nil
+    end
+
     it "login(username,password) should return nil and not set the session when upper case username" do
       get :test_login, :username => 'GIZMO', :password => 'secret'
       assigns[:user].should be_nil
       session[:user_id].should be_nil
     end
-  
+
     it "login(username,password) should return the user and set the session with user.id when upper case username and config is downcase before authenticating" do
       sorcery_model_property_set(:downcase_username_before_authenticating, true)
       get :test_login, :username => 'GIZMO', :password => 'secret'
@@ -104,67 +109,67 @@ describe ApplicationController do
       get :test_logout
       session[:user_id].should be_nil
     end
-  
+
     it "logged_in? should return true if logged in" do
       session[:user_id] = @user.id
       subject.logged_in?.should be_true
     end
-  
+
     it "logged_in? should return false if not logged in" do
       session[:user_id] = nil
       subject.logged_in?.should be_false
     end
-    
+
     it "current_user should return the user instance if logged in" do
       create_new_user
       session[:user_id] = @user.id
       subject.current_user.should == @user
     end
-    
+
     it "current_user should return false if not logged in" do
       session[:user_id] = nil
       subject.current_user.should == false
     end
-    
+
     specify { should respond_to(:require_login) }
-    
+
     it "should call the configured 'not_authenticated_action' when authenticate before_filter fails" do
       session[:user_id] = nil
       sorcery_controller_property_set(:not_authenticated_action, :test_not_authenticated_action)
       get :test_logout
       response.body.should == "test_not_authenticated_action"
     end
-    
+
     it "require_login before_filter should save the url that the user originally wanted" do
       get :some_action
       session[:return_to_url].should == "http://test.host/application/some_action"
       response.should redirect_to("http://test.host/")
     end
-    
+
     it "require_login before_filter should not save the url that the user originally wanted upon all non-get http methods" do
       [:post, :put, :delete].each do |m|
         self.send(m, :some_action)
         session[:return_to_url].should be_nil
       end
     end
-    
+
     it "on successful login the user should be redirected to the url he originally wanted" do
       session[:return_to_url] = "http://test.host/some_action"
       post :test_return_to, :username => 'gizmo', :password => 'secret'
       response.should redirect_to("http://test.host/some_action")
       flash[:notice].should == "haha!"
     end
-    
-    
+
+
     # --- auto_login(user) ---
     specify { should respond_to(:auto_login) }
-        
+
     it "auto_login(user) should login a user instance" do
       session[:user_id] = nil
       subject.auto_login(@user)
       subject.logged_in?.should be_true
     end
-    
+
     it "auto_login(user) should work even if current_user was already set to false" do
       get :test_logout
       session[:user_id].should be_nil
@@ -173,5 +178,5 @@ describe ApplicationController do
       assigns[:result].should == User.find(:first)
     end
   end
-  
+
 end

data/spec/rails3_mongo_mapper/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../../
   specs:
-    sorcery (0.7.13)
+    sorcery (0.8.1)
       bcrypt-ruby (~> 3.0.0)
       oauth (~> 0.4.4)
       oauth2 (~> 0.8.0)
@@ -48,7 +48,7 @@ GEM
     diff-lcs (1.1.3)
     erubis (2.6.6)
       abstract (>= 1.0.0)
-    faraday (0.8.4)
+    faraday (0.8.5)
       multipart-post (~> 1.1)
     httpauth (0.2.0)
     i18n (0.6.0)
@@ -72,7 +72,7 @@ GEM
     multi_json (1.1.0)
     multipart-post (1.1.5)
     oauth (0.4.7)
-    oauth2 (0.8.0)
+    oauth2 (0.8.1)
       faraday (~> 0.8)
       httpauth (~> 0.1)
       jwt (~> 0.1.4)

data/spec/rails3_mongo_mapper/spec/controller_spec.rb

@@ -1,28 +1,28 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 
 describe ApplicationController do
- 
+
   # ----------------- PLUGIN CONFIGURATION -----------------------
   describe ApplicationController, "plugin configuration" do
     before(:all) do
       sorcery_reload!
     end
-    
+
     after(:each) do
       Sorcery::Controller::Config.reset!
       sorcery_reload!
     end
-    
+
     it "should enable configuration option 'user_class'" do
       sorcery_controller_property_set(:user_class, "TestUser")
       Sorcery::Controller::Config.user_class.should == "TestUser"
     end
-    
+
     it "should enable configuration option 'not_authenticated_action'" do
       sorcery_controller_property_set(:not_authenticated_action, :my_action)
       Sorcery::Controller::Config.not_authenticated_action.should equal(:my_action)
     end
-    
+
   end
 
   # ----------------- PLUGIN ACTIVATED -----------------------
@@ -35,7 +35,7 @@ describe ApplicationController do
     before(:each) do
       create_new_user
     end
-  
+
     after(:each) do
       Sorcery::Controller::Config.reset!
       sorcery_reload!
@@ -43,27 +43,27 @@ describe ApplicationController do
       sorcery_controller_property_set(:user_class, User)
       sorcery_model_property_set(:username_attribute_names, [:username, :email])
     end
-    
+
     specify { should respond_to(:login) }
 
     specify { should respond_to(:logout) }
-  
+
     specify { should respond_to(:logged_in?) }
-    
+
     specify { should respond_to(:current_user) }
-  
+
     it "login(username,password) should return the user when success and set the session with user.id" do
       get :test_login, :username => 'gizmo', :password => 'secret'
       assigns[:user].should == @user
       session[:user_id].should == @user.id
     end
-    
+
     it "login(email,password) should return the user when success and set the session with user.id" do
       get :test_login, :username => 'bla@bla.com', :password => 'secret'
       assigns[:user].should == @user
       session[:user_id].should == @user.id
     end
-  
+
     it "login(username,password) should return nil and not set the session when failure" do
       get :test_login, :username => 'gizmo', :password => 'opensesame!'
       assigns[:user].should be_nil
@@ -75,7 +75,12 @@ describe ApplicationController do
       assigns[:user].should be_nil
       session[:user_id].should be_nil
     end
-  
+
+    it "login(email,password) should return the user when success and set the session with the _csrf_token" do
+      get :test_login, :username => 'gizmo', :password => 'secret'
+      session[:_csrf_token].should_not be_nil
+    end
+
     it "login(username,password) should return the user and set the session with user.id when upper case username and config is downcase before authenticating" do
       sorcery_model_property_set(:downcase_username_before_authenticating, true)
       get :test_login, :username => 'GIZMO', :password => 'secret'
@@ -97,68 +102,68 @@ describe ApplicationController do
       assigns[:user].should == @user
       session[:user_id].should == @user.id
     end
-  
+
     it "logout should clear the session" do
       cookies[:remember_me_token] = nil
       session[:user_id] = @user.id
       get :test_logout
       session[:user_id].should be_nil
     end
-  
+
     it "logged_in? should return true if logged in" do
       session[:user_id] = @user.id
       subject.logged_in?.should be_true
     end
-  
+
     it "logged_in? should return false if not logged in" do
       session[:user_id] = nil
       subject.logged_in?.should be_false
     end
-    
+
     it "current_user should return the user instance if logged in" do
       create_new_user
       session[:user_id] = @user.id
       subject.current_user.should == @user
     end
-    
+
     it "current_user should return false if not logged in" do
       session[:user_id] = nil
       subject.current_user.should == false
     end
-    
+
     specify { should respond_to(:require_login) }
-    
+
     it "should call the configured 'not_authenticated_action' when authenticate before_filter fails" do
       session[:user_id] = nil
       sorcery_controller_property_set(:not_authenticated_action, :test_not_authenticated_action)
       get :test_logout
       response.body.should == "test_not_authenticated_action"
     end
-    
+
     it "require_login before_filter should save the url that the user originally wanted" do
       get :some_action
       session[:return_to_url].should == "http://test.host/application/some_action"
       response.should redirect_to("http://test.host/")
     end
-    
+
     it "require_login before_filter should not save the url that the user originally wanted upon all non-get http methods" do
       [:post, :put, :delete].each do |m|
         self.send(m, :some_action)
         session[:return_to_url].should be_nil
       end
     end
-    
+
     it "on successful login the user should be redirected to the url he originally wanted" do
       session[:return_to_url] = "http://test.host/some_action"
       post :test_return_to, :username => 'gizmo', :password => 'secret'
       response.should redirect_to("http://test.host/some_action")
       flash[:notice].should == "haha!"
     end
-    
-    
+
+
     # --- login_user(user) ---
     specify { should respond_to(:auto_login) }
-        
+
     it "auto_login(user) should login a user instance" do
       create_new_user
       session[:user_id] = nil
@@ -166,5 +171,5 @@ describe ApplicationController do
       subject.logged_in?.should be_true
     end
   end
-  
+
 end

data/spec/rails3_mongoid/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../../
   specs:
-    sorcery (0.7.13)
+    sorcery (0.8.1)
       bcrypt-ruby (~> 3.0.0)
       oauth (~> 0.4.4)
       oauth2 (~> 0.8.0)
@@ -47,7 +47,7 @@ GEM
     diff-lcs (1.1.3)
     erubis (2.6.6)
       abstract (>= 1.0.0)
-    faraday (0.8.4)
+    faraday (0.8.5)
       multipart-post (~> 1.1)
     httpauth (0.2.0)
     i18n (0.6.0)
@@ -70,7 +70,7 @@ GEM
     multi_json (1.1.0)
     multipart-post (1.1.5)
     oauth (0.4.7)
-    oauth2 (0.8.0)
+    oauth2 (0.8.1)
       faraday (~> 0.8)
       httpauth (~> 0.1)
       jwt (~> 0.1.4)

data/spec/rails3_mongoid/spec/controller_activity_logging_spec.rb

@@ -47,6 +47,12 @@ describe ApplicationController do
       User.first.last_activity_at.utc.should <= (now.utc+2)
     end
 
+    it "should log last IP address when logged in" do
+      login_user
+      get :some_action
+      User.first.last_login_from_ip_address.should == "0.0.0.0"
+    end
+
     it "should update nothing but activity fields" do
       original_user_name = User.first.username
       login_user