RubyGems - sorcery - Versions diffs - 0.8.4 → 0.8.5 - Mend

sorcery 0.8.4 → 0.8.5

Potentially problematic release.

This version of sorcery might be problematic. Click here for more details.

Files changed (281) hide show

data/Gemfile.lock DELETED

@@ -1,175 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    abstract (1.0.0)
-    actionmailer (3.2.2)
-      actionpack (= 3.2.2)
-      mail (~> 2.4.0)
-    actionpack (3.2.2)
-      activemodel (= 3.2.2)
-      activesupport (= 3.2.2)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.1)
-      rack (~> 1.4.0)
-      rack-cache (~> 1.1)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.1.2)
-    activemodel (3.2.2)
-      activesupport (= 3.2.2)
-      builder (~> 3.0.0)
-    activerecord (3.2.2)
-      activemodel (= 3.2.2)
-      activesupport (= 3.2.2)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.2)
-      activemodel (= 3.2.2)
-      activesupport (= 3.2.2)
-    activesupport (3.2.2)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    arel (3.0.2)
-    bcrypt-ruby (3.0.1)
-    bson (1.6.1)
-    builder (3.0.0)
-    capybara (1.1.2)
-      mime-types (>= 1.16)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      selenium-webdriver (~> 2.0)
-      xpath (~> 0.1.4)
-    childprocess (0.3.1)
-      ffi (~> 1.0.6)
-    diff-lcs (1.1.3)
-    erubis (2.7.0)
-    faraday (0.8.4)
-      multipart-post (~> 1.1)
-    ffi (1.0.11)
-    git (1.2.5)
-    hike (1.2.1)
-    httpauth (0.2.0)
-    i18n (0.6.0)
-    jeweler (1.8.3)
-      bundler (~> 1.0)
-      git (>= 1.2.5)
-      rake
-      rdoc
-    journey (1.0.3)
-    json (1.7.7)
-    jwt (0.1.5)
-      multi_json (>= 1.0)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.18)
-    mongo (1.6.1)
-      bson (~> 1.6.1)
-    mongo_mapper (0.11.1)
-      activemodel (~> 3.0)
-      activesupport (~> 3.0)
-      plucky (~> 0.4.0)
-    mongoid (2.4.7)
-      activemodel (~> 3.1)
-      mongo (~> 1.3)
-      tzinfo (~> 0.3.22)
-    multi_json (1.3.2)
-    multipart-post (1.1.5)
-    nokogiri (1.5.2)
-    oauth (0.4.5)
-    oauth2 (0.8.0)
-      faraday (~> 0.8)
-      httpauth (~> 0.1)
-      jwt (~> 0.1.4)
-      multi_json (~> 1.0)
-      rack (~> 1.2)
-    plucky (0.4.4)
-      mongo (~> 1.5)
-    polyglot (0.3.3)
-    rack (1.4.1)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.1)
-      rack (>= 1.0)
-    rails (3.2.2)
-      actionmailer (= 3.2.2)
-      actionpack (= 3.2.2)
-      activerecord (= 3.2.2)
-      activeresource (= 3.2.2)
-      activesupport (= 3.2.2)
-      bundler (~> 1.0)
-      railties (= 3.2.2)
-    railties (3.2.2)
-      actionpack (= 3.2.2)
-      activesupport (= 3.2.2)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (~> 0.14.6)
-    rake (0.9.2.2)
-    rdoc (3.12)
-      json (~> 1.4)
-    rspec (2.5.0)
-      rspec-core (~> 2.5.0)
-      rspec-expectations (~> 2.5.0)
-      rspec-mocks (~> 2.5.0)
-    rspec-core (2.5.2)
-    rspec-expectations (2.5.0)
-      diff-lcs (~> 1.1.2)
-    rspec-mocks (2.5.0)
-    rspec-rails (2.5.0)
-      actionpack (~> 3.0)
-      activesupport (~> 3.0)
-      railties (~> 3.0)
-      rspec (~> 2.5.0)
-    rubyzip (0.9.6.1)
-    selenium-webdriver (2.20.0)
-      childprocess (>= 0.2.5)
-      ffi (~> 1.0)
-      multi_json (~> 1.0)
-      rubyzip
-    simplecov (0.6.1)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.5.3)
-    simplecov-html (0.5.3)
-    sprockets (2.1.2)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.7)
-    thor (0.14.6)
-    tilt (1.3.3)
-    timecop (0.3.5)
-    treetop (1.4.10)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.32)
-    xpath (0.1.4)
-      nokogiri (~> 1.3)
-    yard (0.6.8)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  abstract (>= 1.0.0)
-  bcrypt-ruby (~> 3.0.0)
-  bundler (>= 1.1.0)
-  capybara
-  jeweler (~> 1.8.3)
-  json (>= 1.7.7)
-  mongo_mapper
-  mongoid (~> 2.4.4)
-  oauth (~> 0.4.4)
-  oauth2 (~> 0.8.0)
-  rails (>= 3.0.0)
-  rspec (~> 2.5.0)
-  rspec-rails (~> 2.5.0)
-  simplecov (>= 0.3.8)
-  sqlite3
-  timecop
-  yard (~> 0.6.0)

data/README.rdoc DELETED

@@ -1,261 +0,0 @@
-{<img src="https://secure.travis-ci.org/NoamB/sorcery.png" />}[http://travis-ci.org/NoamB/sorcery]
-= sorcery
-Magical Authentication for Rails 3.
-Supports ActiveRecord, Mongoid and MongoMapper.
-Inspired by restful_authentication, Authlogic and Devise.
-Crypto code taken almost unchanged from Authlogic.
-OAuth code inspired by OmniAuth and Ryan Bates's railscasts about it.
-== Philosophy
-Sorcery is a stripped-down, bare-bones authentication library, with which you can write your own authentication flow.
-It was built with a few goals in mind:
-* Less is more - less than 20 public methods to remember for the entire feature-set make the lib easy to 'get'.
-* No built-in or generated code - use the library's methods inside *your own* MVC structures, and don't fight to fix someone else's.
-* Magic yes, Voodoo no - the lib should be easy to hack for most developers.
-* Configuration over Confusion - Centralized (1 file), Simple & short configuration as possible, not drowning in syntactic sugar.
-* Keep MVC cleanly separated - DB is for models, sessions are for controllers. Models stay unaware of sessions.
-Hopefully, I've achieved this. If not, let me know.
-== Useful Links:
-Railscast: http://railscasts.com/episodes/283-authentication-with-sorcery
-Example Rails 3 app using sorcery: https://github.com/NoamB/sorcery-example-app
-Documentation: http://rubydoc.info/gems/sorcery/0.8.2/frames
-Check out the tutorials in the github wiki!
-== API Summary
-Below is a summary of the library methods. Most method names are self explaining and the rest are commented:
-  # core
-  require_login # this is a before filter
-  login(username,password,remember_me = false)
-  auto_login(user)# login without credentials
-  logout
-  logged_in?      # available to view
-  current_user    # available to view
-  redirect_back_or_to # used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
-  @user.external? # external users, such as facebook/twitter etc.
-  User.authenticates_with_sorcery!
-  # activity logging
-  current_users
-  # http basic auth
-  require_login_from_http_basic # this is a before filter
-  # external
-  login_at(provider) # sends the user to an external service (twitter etc.) to authenticate.
-  login_from(provider) # tries to login from the external provider's callback.
-  create_from(provider) # create the user in the local app db.
-  # remember me
-  auto_login(user, should_remember=false)  # login without credentials, optional remember_me
-  remember_me!
-  forget_me!
-  # reset password
-  User.load_from_reset_password_token(token)
-  @user.deliver_reset_password_instructions!
-  @user.change_password!(new_password)
-  # user activation
-  User.load_from_activation_token(token)
-  @user.activate!
-Please see the tutorials in the github wiki for detailed usage information.
-== Installation:
-If using bundler, first add 'sorcery' to your Gemfile:
-    gem "sorcery"
-And run
-    bundle install
-Otherwise simply
-    gem install sorcery
-== Rails 3 Configuration:
-    rails generate sorcery:install
-This will generate the core migration file, the initializer file and the 'User' model class.
-    rails generate sorcery:install remember_me reset_password
-This will generate the migrations files for remember_me and reset_password submodules
-and will create the initializer file (and add submodules to it), and create the 'User' model class.
-    rails generate sorcery:install --model Person
-This will generate the core migration file, the initializer and change the model class
-(in the initializer and migration files) to the class 'Person' (and its pluralized version, 'people')
-    rails generate sorcery:install http_basic_auth external remember_me --migrations
-This will generate only the migration files for the specified submodules and will
-add them to the initializer file.
-Inside the initializer, the comments will tell you what each setting does.
-== DelayedJob Integration
-By default emails are sent synchronously. You can send them asynchronously by using the
-[delayed_job gem](https://github.com/collectiveidea/delayed_job).
-After implementing the `delayed_job` into your project add the code below at the end of
-the `config/initializers/sorcery.rb` file. After that all emails will be sent asynchronously.
-  module Sorcery
-    module Model
-      module InstanceMethods
-        def generic_send_email(method, mailer)
-          config = sorcery_config
-          mail = config.send(mailer).delay.send(config.send(method), self)
-        end
-      end
-    end
-  end
-== Single Table Inheritance (STI) Support
-STI is supported via a single setting in config/initializers/sorcery.rb.
-== Full Features List by module:
-Core (see lib/sorcery/model.rb and lib/sorcery/controller.rb):
-* login/logout, optional return user to requested url on login, configurable redirect for non-logged-in users.
-* password encryption, algorithms: bcrypt(default), md5, sha1, sha256, sha512, aes256, custom(yours!), none. Configurable stretches and salt.
-* configurable attribute names for username, password and email.
-* allow multiple fields to serve as username.
-User Activation (see lib/sorcery/model/submodules/user_activation.rb):
-* User activation by email with optional success email.
-* configurable attribute names.
-* configurable mailer, method name, and attribute name.
-* configurable temporary token expiration.
-* Optionally prevent non-active users to login.
-Reset Password (see lib/sorcery/model/submodules/reset_password.rb):
-* Reset password with email verification.
-* configurable mailer, method name, and attribute name.
-* configurable temporary token expiration.
-* configurable time between emails (hammering protection).
-Remember Me (see lib/sorcery/model/submodules/remember_me.rb):
-* Remember me with configurable expiration.
-* configurable attribute names.
-Session Timeout (see lib/sorcery/controller/submodules/session_timeout.rb):
-* Configurable session timeout.
-* Optionally session timeout will be calculated from last user action.
-Brute Force Protection (see lib/sorcery/model/submodules/brute_force_protection.rb):
-* Brute force login hammering protection.
-* configurable logins before lock and lock duration.
-Basic HTTP Authentication (see lib/sorcery/controller/submodules/http_basic_auth.rb):
-* A before filter for requesting authentication with HTTP Basic.
-* automatic login from HTTP Basic.
-* automatic login is disabled if session key changed.
-Activity Logging (see lib/sorcery/model/submodules/activity_logging.rb):
-* automatic logging of last login, last logout, last activity time and IP address for last login.
-* an easy method of collecting the list of currently logged in users.
-* configurable timeout by which to decide whether to include a user in the list of logged in users.
-External (see lib/sorcery/controller/submodules/external.rb):
-* OAuth1 and OAuth2 support (currently twitter & facebook)
-* configurable db field names and authentications table.
-== Next Planned Features:
-I've got some thoughts which include (unordered):
-* Passing a block to encrypt, allowing the developer to define his own mix of salting and encrypting
-* Forgot username, maybe as part of the reset_password module
-* Scoping logins (to a subdomain or another arbitrary field)
-* Allowing storing the salt and crypted password in the same DB field for extra security
-* Other reset password strategies (security questions?)
-* Other brute force protection strategies (captcha)
-Have an idea? Let me know, and it might get into the gem!
-== Backward compatibility
-While the lib is young and evolving fast I'm breaking backward compatibility quite often.
-I'm constantly finding better ways to do things and throwing away old ways.
-To let you know when things are changing in a non-compatible way, I'm bumping the minor version of the gem.
-The patch version changes are backward compatible.
-In short, an app that works with x.3.1 should be able to upgrade to x.3.2 with no code changes.
-The same cannot be said about upgrading to x.4.0 and above, however.
-== Upgrading
-Important notes while upgrading:
-* If upgrading from <= 0.6.1 to >= 0.7.0 you need to change 'username_attribute_name' to 'username_attribute_names' in initializer.
-* If upgrading from <= v0.5.1 to >= v0.5.2 you need to explicitly set your user_class model in the initializer file.
-    # This line must come after the 'user config' block.
-    config.user_class = User
-* Sinatra support existed until v0.7.0 (including), but was dropped later due to being a maintenance nightmare.
-== Contributing to sorcery
-Your feedback is very welcome and will make this gem much much better for you, me and everyone else.
-Besides feedback on code, features, suggestions and bug reports, you may want to actually make an impact on the code.
-For this:
-* Fork it.
-* Fix it.
-* Test it.
-* Commit it.
-* Send me a pull request so I'll... Pull it.
-If you feel sorcery has made your life easier, and you would like to express your thanks via a donation, my paypal email is in the contact details.
-== Contact
-Feel free to ask questions using these contact details:
-	email: nbenari@gmail.com ( also for paypal )
-	twitter: @nbenari
-== Copyright
-Copyright (c) 2010 Noam Ben Ari (nbenari@gmail.com). See LICENSE.txt for further details.

data/spec/Gemfile DELETED

@@ -1,12 +0,0 @@
-source 'https://rubygems.org'
-gem "rails", '3.0.3'
-gem 'bcrypt-ruby', :require => 'bcrypt'
-gem "sorcery", '>= 0.1.0', :path => '../'
-gem 'oauth', "~> 0.4.4"
-gem 'oauth2', "~> 0.8.0"
-group :development do
-  gem "rspec", "~> 2.5.0"
-  gem 'ruby-debug19'
-  gem 'simplecov', '>= 0.3.8', :require => false # Will install simplecov-html as a dependency
-end

data/spec/Gemfile.lock DELETED

@@ -1,129 +0,0 @@
-PATH
-  remote: ../
-  specs:
-    sorcery (0.8.1)
-      bcrypt-ruby (~> 3.0.0)
-      oauth (~> 0.4.4)
-      oauth2 (~> 0.8.0)
-GEM
-  remote: http://rubygems.org/
-  specs:
-    abstract (1.0.0)
-    actionmailer (3.0.3)
-      actionpack (= 3.0.3)
-      mail (~> 2.2.9)
-    actionpack (3.0.3)
-      activemodel (= 3.0.3)
-      activesupport (= 3.0.3)
-      builder (~> 2.1.2)
-      erubis (~> 2.6.6)
-      i18n (~> 0.4)
-      rack (~> 1.2.1)
-      rack-mount (~> 0.6.13)
-      rack-test (~> 0.5.6)
-      tzinfo (~> 0.3.23)
-    activemodel (3.0.3)
-      activesupport (= 3.0.3)
-      builder (~> 2.1.2)
-      i18n (~> 0.4)
-    activerecord (3.0.3)
-      activemodel (= 3.0.3)
-      activesupport (= 3.0.3)
-      arel (~> 2.0.2)
-      tzinfo (~> 0.3.23)
-    activeresource (3.0.3)
-      activemodel (= 3.0.3)
-      activesupport (= 3.0.3)
-    activesupport (3.0.3)
-    archive-tar-minitar (0.5.2)
-    arel (2.0.10)
-    bcrypt-ruby (3.0.1)
-    builder (2.1.2)
-    columnize (0.3.6)
-    diff-lcs (1.1.3)
-    erubis (2.6.6)
-      abstract (>= 1.0.0)
-    faraday (0.8.4)
-      multipart-post (~> 1.1)
-    httpauth (0.2.0)
-    i18n (0.6.0)
-    jwt (0.1.5)
-      multi_json (>= 1.0)
-    linecache19 (0.5.12)
-      ruby_core_source (>= 0.1.4)
-    mail (2.2.19)
-      activesupport (>= 2.3.6)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.17.2)
-    multi_json (1.1.0)
-    multipart-post (1.1.5)
-    oauth (0.4.5)
-    oauth2 (0.8.0)
-      faraday (~> 0.8)
-      httpauth (~> 0.1)
-      jwt (~> 0.1.4)
-      multi_json (~> 1.0)
-      rack (~> 1.2)
-    polyglot (0.3.3)
-    rack (1.2.5)
-    rack-mount (0.6.14)
-      rack (>= 1.0.0)
-    rack-test (0.5.7)
-      rack (>= 1.0)
-    rails (3.0.3)
-      actionmailer (= 3.0.3)
-      actionpack (= 3.0.3)
-      activerecord (= 3.0.3)
-      activeresource (= 3.0.3)
-      activesupport (= 3.0.3)
-      bundler (~> 1.0)
-      railties (= 3.0.3)
-    railties (3.0.3)
-      actionpack (= 3.0.3)
-      activesupport (= 3.0.3)
-      rake (>= 0.8.7)
-      thor (~> 0.14.4)
-    rake (0.9.2.2)
-    rspec (2.5.0)
-      rspec-core (~> 2.5.0)
-      rspec-expectations (~> 2.5.0)
-      rspec-mocks (~> 2.5.0)
-    rspec-core (2.5.2)
-    rspec-expectations (2.5.0)
-      diff-lcs (~> 1.1.2)
-    rspec-mocks (2.5.0)
-    ruby-debug-base19 (0.11.25)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby_core_source (>= 0.1.4)
-    ruby-debug19 (0.11.6)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby-debug-base19 (>= 0.11.19)
-    ruby_core_source (0.1.5)
-      archive-tar-minitar (>= 0.5.2)
-    simplecov (0.6.1)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.5.3)
-    simplecov-html (0.5.3)
-    thor (0.14.6)
-    treetop (1.4.10)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.31)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  bcrypt-ruby
-  oauth (~> 0.4.4)
-  oauth2 (~> 0.8.0)
-  rails (= 3.0.3)
-  rspec (~> 2.5.0)
-  ruby-debug19
-  simplecov (>= 0.3.8)
-  sorcery (>= 0.1.0)!