RubyGems - sorcery - Versions diffs - 0.8.4 → 0.8.5 - Mend

sorcery 0.8.4 → 0.8.5

Potentially problematic release.

This version of sorcery might be problematic. Click here for more details.

Files changed (281) hide show

data/Rakefile CHANGED

@@ -1,82 +1,6 @@
-# require 'bundler'
-# -- Commented because it's slow
-# begin
-#   Bundler.setup(:default, :development)
-# rescue Bundler::BundlerError => e
-#   $stderr.puts e.message
-#   $stderr.puts "Run `bundle install` to install missing gems"
-#   exit e.status_code
-# end
-# --
+require "bundler/gem_tasks"
-require 'rake'
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "sorcery"
-  gem.homepage = "http://github.com/NoamB/sorcery"
-  gem.license = "MIT"
-  gem.summary = "Magical authentication for Rails 3 applications"
-  gem.description = "Provides common authentication needs such as signing in/out, activating by email and resetting password."
-  gem.email = "nbenari@gmail.com"
-  gem.authors = ["Noam Ben Ari"]
-  # Include your dependencies below. Runtime dependencies are required when using your gem,
-  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
-  #  gem.add_runtime_dependency 'jabber4r', '> 0.1'
-  #  gem.add_development_dependency 'rspec', '> 1.2.3'
-end
-Jeweler::RubygemsDotOrgTasks.new
-require 'rspec/core'
 require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
-RSpec::Core::RakeTask.new(:spec) do |spec|
-  spec.pattern = FileList['spec/**/*_spec.rb']
-end
-require 'yard'
-YARD::Rake::YardocTask.new
-desc 'Default: Run all sorcery specs.'
-task :default => :all_sorcery_specs
-desc "Run all sorcery specs"
-task :all_sorcery_specs do
-  # we need to be empty, otherwise bundler will use parent bundler.
-  env = {
-    'BUNDLE_GEMFILE' => nil,
-    'GEM_HOME'       => nil
-  }
-  Dir['spec/**/Rakefile'].each do |rakefile|
-    directory_name = File.dirname(rakefile)
-    system(env, "cd #{directory_name} && bundle && bundle exec rake")
-    abort unless $?.success?
-  end
-end
-desc "Bundle all folders"
-task :bundle do
-  sh "bundle"
-  Dir['spec', 'spec/**'].each do |dir|
-    if Dir.exists?(dir) && File.exists?(dir + "/Gemfile")
-      sh <<-CMD
-        cd #{dir}
-        bundle
-      CMD
-    end
-  end
-end
-desc "Bundle update all folders"
-task :bundle_update do
-  sh "bundle update"
-  Dir['spec', 'spec/**'].each do |dir|
-    if Dir.exists?(dir) && File.exists?(dir + "/Gemfile")
-      sh <<-CMD
-        cd #{dir}
-        bundle update
-      CMD
-    end
-  end
-end
+task :default => :spec

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.8.4
1	+ 0.8.2

data/lib/generators/sorcery/helpers.rb ADDED

@@ -0,0 +1,40 @@
+module Sorcery
+  module Generators
+    module Helpers
+      private
+      def sorcery_config_path
+        "config/initializers/sorcery.rb"
+      end
+      # Either return the model passed in a classified form or return the default "User".
+      def model_class_name
+        options[:model] ? options[:model].classify : "User"
+      end
+      def model_path
+        @model_path ||= File.join("app", "models", "#{file_path}.rb")
+      end
+      def file_path
+        model_name.underscore
+      end
+      def namespace
+        Rails::Generators.namespace if Rails::Generators.respond_to?(:namespace)
+      end
+      def namespaced?
+        !!namespace
+      end
+      def model_name
+        if namespaced?
+          [namespace.to_s] + [model_class_name]
+        else
+          [model_class_name]
+        end.join("::")
+      end
+    end
+  end
+end

data/lib/generators/sorcery/install_generator.rb CHANGED

@@ -1,24 +1,26 @@
 require 'rails/generators/migration'
+require 'generators/sorcery/helpers'
 module Sorcery
   module Generators
     class InstallGenerator < Rails::Generators::Base
       include Rails::Generators::Migration
+      include Sorcery::Generators::Helpers
       source_root File.expand_path('../templates', __FILE__)
       argument :submodules, :optional => true, :type => :array, :banner => "submodules"
       class_option :model, :optional => true, :type => :string, :banner => "model",
                    :desc => "Specify the model class name if you will use anything other than 'User'"
       class_option :migrations, :optional => true, :type => :boolean, :banner => "migrations",
                    :desc => "Specify if you want to add submodules to an existing model\n\t\t\t     # (will generate migrations files, and add submodules to config file)"
       # Copy the initializer file to config/initializers folder.
       def copy_initializer_file
-        template "initializer.rb", "config/initializers/sorcery.rb" unless options[:migrations]
+        template "initializer.rb", sorcery_config_path unless options[:migrations]
       end
       def configure_initializer_file
@@ -26,19 +28,28 @@ module Sorcery
         if submodules
           submodule_names = submodules.collect{ |submodule| ':' + submodule }
-          gsub_file "config/initializers/sorcery.rb", /submodules = \[.*\]/ do |str|
+          gsub_file sorcery_config_path, /submodules = \[.*\]/ do |str|
             current_submodule_names = (str =~ /\[(.*)\]/ ? $1 : '').delete(' ').split(',')
             "submodules = [#{(current_submodule_names | submodule_names).join(', ')}]"
           end
         end
+      end
+      def configure_model
         # Generate the model and add 'authenticates_with_sorcery!' unless you passed --migrations
         unless options[:migrations]
           generate "model #{model_class_name} --skip-migration"
-          insert_into_file "app/models/#{model_class_name.underscore}.rb", "  authenticates_with_sorcery!\n", :after => "class #{model_class_name} < ActiveRecord::Base\n"
+          inject_sorcery_to_model
         end
       end
+      def inject_sorcery_to_model
+        indents = "  " * (namespaced? ? 2 : 1)
+        inject_into_class(model_path, model_class_name, "#{indents}authenticates_with_sorcery!\n")
+      end
       # Copy the migrations files to db/migrate folder
       def copy_migration_files
         # Copy core migration file in all cases except when you pass --migrations.
@@ -52,10 +63,9 @@ module Sorcery
             end
           end
         end
       end
       # Define the next_migration_number method (necessary for the migration_template method to work)
       def self.next_migration_number(dirname)
         if ActiveRecord::Base.timestamped_migrations
@@ -65,13 +75,7 @@ module Sorcery
           "%.3d" % (current_migration_number(dirname) + 1)
         end
       end
-      private
-      # Either return the model passed in a classified form or return the default "User".
-      def model_class_name
-        options[:model] ? options[:model].classify : "User"
-      end
     end
   end
 end

data/lib/generators/sorcery/templates/initializer.rb CHANGED

@@ -144,7 +144,7 @@ Rails.application.config.sorcery.configure do |config|
   config.user_config do |user|
     # -- core --
     # specify username attributes, for example: [:username, :email].
-    # Default: `[:username]`
+    # Default: `[:email]`
     #
     # user.username_attribute_names =

data/lib/generators/sorcery/templates/migration/activity_logging.rb CHANGED

@@ -1,19 +1,10 @@
 class SorceryActivityLogging < ActiveRecord::Migration
-  def self.up
+  def change
     add_column :<%= model_class_name.tableize %>, :last_login_at,     :datetime, :default => nil
     add_column :<%= model_class_name.tableize %>, :last_logout_at,    :datetime, :default => nil
     add_column :<%= model_class_name.tableize %>, :last_activity_at,  :datetime, :default => nil
     add_column :<%= model_class_name.tableize %>, :last_login_from_ip_address, :string, :default => nil
-    add_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
-  end
-  def self.down
-    remove_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
-    remove_column :<%= model_class_name.tableize %>, :last_login_from_ip_address
-    remove_column :<%= model_class_name.tableize %>, :last_activity_at
-    remove_column :<%= model_class_name.tableize %>, :last_logout_at
-    remove_column :<%= model_class_name.tableize %>, :last_login_at
+    add_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
   end
 end

data/lib/generators/sorcery/templates/migration/brute_force_protection.rb CHANGED

@@ -1,13 +1,7 @@
 class SorceryBruteForceProtection < ActiveRecord::Migration
-  def self.up
+  def change
     add_column :<%= model_class_name.tableize %>, :failed_logins_count, :integer, :default => 0
     add_column :<%= model_class_name.tableize %>, :lock_expires_at, :datetime, :default => nil
     add_column :<%= model_class_name.tableize %>, :unlock_token, :string, :default => nil
   end
-  def self.down
-    remove_column :<%= model_class_name.tableize %>, :lock_expires_at
-    remove_column :<%= model_class_name.tableize %>, :failed_logins_count
-    remove_column :<%= model_class_name.tableize %>, :unlock_token
-  end
 end

data/lib/generators/sorcery/templates/migration/core.rb CHANGED

@@ -1,16 +1,13 @@
 class SorceryCore < ActiveRecord::Migration
-  def self.up
+  def change
     create_table :<%= model_class_name.tableize %> do |t|
-      t.string :username,         :null => false  # if you use another field as a username, for example email, you can safely remove this field.
-      t.string :email,            :default => nil # if you use this field as a username, you might want to make it :null => false.
-      t.string :crypted_password, :default => nil
-      t.string :salt,             :default => nil
+      t.string :email,            :null => false
+      t.string :crypted_password, :null => false
+      t.string :salt,             :null => false
       t.timestamps
     end
-  end
-  def self.down
-    drop_table :<%= model_class_name.tableize %>
+    add_index :<%= model_class_name.tableize %>, :email, unique: true
   end
 end

data/lib/generators/sorcery/templates/migration/external.rb CHANGED

@@ -1,5 +1,5 @@
 class SorceryExternal < ActiveRecord::Migration
-  def self.up
+  def change
     create_table :authentications do |t|
       t.integer :<%= model_class_name.tableize.singularize %>_id, :null => false
       t.string :provider, :uid, :null => false
@@ -7,8 +7,4 @@ class SorceryExternal < ActiveRecord::Migration
       t.timestamps
     end
   end
-  def self.down
-    drop_table :authentications
-  end
 end

data/lib/generators/sorcery/templates/migration/remember_me.rb CHANGED

@@ -1,15 +1,8 @@
 class SorceryRememberMe < ActiveRecord::Migration
-  def self.up
+  def change
     add_column :<%= model_class_name.tableize %>, :remember_me_token, :string, :default => nil
     add_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at, :datetime, :default => nil
-    add_index :<%= model_class_name.tableize %>, :remember_me_token
-  end
-  def self.down
-    remove_index :<%= model_class_name.tableize %>, :remember_me_token
-    remove_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at
-    remove_column :<%= model_class_name.tableize %>, :remember_me_token
+    add_index :<%= model_class_name.tableize %>, :remember_me_token
   end
 end

data/lib/generators/sorcery/templates/migration/reset_password.rb CHANGED

@@ -1,17 +1,9 @@
 class SorceryResetPassword < ActiveRecord::Migration
-  def self.up
+  def change
     add_column :<%= model_class_name.tableize %>, :reset_password_token, :string, :default => nil
     add_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at, :datetime, :default => nil
     add_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at, :datetime, :default => nil
-    add_index :<%= model_class_name.tableize %>, :reset_password_token
-  end
-  def self.down
-    remove_index :<%= model_class_name.tableize %>, :reset_password_token
-    remove_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at
-    remove_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at
-    remove_column :<%= model_class_name.tableize %>, :reset_password_token
+    add_index :<%= model_class_name.tableize %>, :reset_password_token
   end
 end

data/lib/generators/sorcery/templates/migration/user_activation.rb CHANGED

@@ -1,17 +1,9 @@
 class SorceryUserActivation < ActiveRecord::Migration
-  def self.up
+  def change
     add_column :<%= model_class_name.tableize %>, :activation_state, :string, :default => nil
     add_column :<%= model_class_name.tableize %>, :activation_token, :string, :default => nil
     add_column :<%= model_class_name.tableize %>, :activation_token_expires_at, :datetime, :default => nil
-    add_index :<%= model_class_name.tableize %>, :activation_token
-  end
-  def self.down
-    remove_index :<%= model_class_name.tableize %>, :activation_token
-    remove_column :<%= model_class_name.tableize %>, :activation_token_expires_at
-    remove_column :<%= model_class_name.tableize %>, :activation_token
-    remove_column :<%= model_class_name.tableize %>, :activation_state
+    add_index :<%= model_class_name.tableize %>, :activation_token
   end
 end

data/lib/sorcery/controller.rb CHANGED

@@ -33,7 +33,7 @@ module Sorcery
         user = user_class.authenticate(*credentials)
         if user
           old_session = session.dup.to_hash
-          reset_session # protect from session fixation attacks
+          reset_sorcery_session
           old_session.each_pair do |k,v|
             session[k.to_sym] = v
           end
@@ -48,12 +48,20 @@ module Sorcery
         end
       end
+      # put this into the catch block to rescue undefined method `destroy_session'
+      # hotfix for https://github.com/NoamB/sorcery/issues/464
+      # can be removed when Rails 4.1 is out
+      def reset_sorcery_session
+        reset_session # protect from session fixation attacks
+      rescue NoMethodError
+      end
       # Resets the session and runs hooks before and after.
       def logout
         if logged_in?
           @current_user = current_user if @current_user.nil?
           before_logout!(@current_user)
-          reset_session
+          reset_sorcery_session
           after_logout!
           @current_user = nil
         end
@@ -66,7 +74,11 @@ module Sorcery
       # attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.)
       # returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).
       def current_user
-        @current_user ||= login_from_session || login_from_other_sources unless @current_user == false
+        if @current_user == false
+          false
+        else
+          @current_user ||= login_from_session || login_from_other_sources
+        end
       end
       def current_user=(user)
@@ -91,7 +103,7 @@ module Sorcery
       #
       # @param [<User-Model>] user the user instance.
       # @return - do not depend on the return value.
-      def auto_login(user)
+      def auto_login(user, should_remember = false)
         session[:user_id] = user.id
         @current_user = user
       end

data/lib/sorcery/controller/submodules/external.rb CHANGED

@@ -39,10 +39,11 @@ module Sorcery
           # get the login URL from the provider, if applicable.  Returns nil if the provider
           # does not provide a login URL.  (as of v0.8.1 all providers provide a login URL)
-          def sorcery_login_url(provider_name)
+          def sorcery_login_url(provider_name, args = {})
             @provider = sorcery_get_provider provider_name
             sorcery_fixup_callback_url @provider
             if @provider.respond_to?(:login_url) && @provider.has_callback?
+              @provider.state = args[:state] if args[:state]
               return @provider.login_url(params, session)
             else
               return nil
@@ -89,22 +90,22 @@ module Sorcery
           # sends user to authenticate at the provider's website.
           # after authentication the user is redirected to the callback defined in the provider config
           def login_at(provider_name, args = {})
-            redirect_to sorcery_login_url(provider_name)
+            redirect_to sorcery_login_url(provider_name, args)
           end
           # tries to login the user from provider's callback
-          def login_from(provider_name)
+          def login_from(provider_name, should_remember = false)
             sorcery_fetch_user_hash provider_name
             if user = user_class.load_from_provider(provider_name, @user_hash[:uid].to_s)
               # we found the user.
               # clear the session
               return_to_url = session[:return_to_url]
-              reset_session
+              reset_sorcery_session
               session[:return_to_url] = return_to_url
               # sign in the user
-              auto_login(user)
+              auto_login(user, should_remember)
               after_login!(user)
               # return the user
@@ -118,8 +119,8 @@ module Sorcery
             config = user_class.sorcery_config
             # first check to see if user has a particular authentication already
-            unless (current_user.send(config.authentications_class.to_s.downcase.pluralize).send("find_by_#{config.provider_attribute_name}_and_#{config.provider_uid_attribute_name}", provider_name, @user_hash[:uid].to_s))
-              user = current_user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name.to_s)
+            unless (current_user.send(config.authentications_class.name.underscore.pluralize).send("find_by_#{config.provider_attribute_name}_and_#{config.provider_uid_attribute_name}", provider_name, @user_hash[:uid].to_s))
+              user = current_user.send(config.authentications_class.name.underscore.pluralize).build(config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name.to_s)
               user.save(:validate => false)
             else
               user = false