sorcery 0.8.5 → 0.8.6

data/lib/sorcery/test_helpers/internal.rb

@@ -30,14 +30,14 @@ module Sorcery
 
       def create_new_user(attributes_hash = nil)
         @user = build_new_user(attributes_hash)
-        @user.save!
+        @user.sorcery_save(:raise_on_failure => true)
         @user
       end
 
       def create_new_external_user(provider, attributes_hash = nil)
         user_attributes_hash = attributes_hash || {:username => 'gizmo'}
         @user = User.new(user_attributes_hash)
-        @user.save!
+        @user.sorcery_save(:raise_on_failure => true)
         @user.authentications.create!({:provider => provider, :uid => 123})
         @user
       end
@@ -47,7 +47,7 @@ module Sorcery
 
         user_attributes_hash = attributes_hash || {:username => 'gizmo'}
         @user = User.new(user_attributes_hash)
-        @user.save!
+        @user.sorcery_save(:raise_on_failure => true)
         @user.send(authentication_association).create!({:provider => provider, :uid => 123})
         @user
       end

data/lib/sorcery/test_helpers/internal/rails.rb

@@ -2,9 +2,9 @@ module Sorcery
   module TestHelpers
     module Internal
       module Rails
-        include ::Sorcery::TestHelpers::Rails
+        include ::Sorcery::TestHelpers::Rails::Controller
 
-        SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS = [
+        SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS = [
           :register_last_activity_time_to_db,
           :deny_banned_user,
           :validate_session
@@ -20,7 +20,13 @@ module Sorcery
           # remove all plugin before_filters so they won't fail other tests.
           # I don't like this way, but I didn't find another.
           # hopefully it won't break until Rails 4.
-          SorceryController._process_action_callbacks.delete_if {|c| SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
+          chain = if Gem::Version.new(::Rails::VERSION::STRING) >= Gem::Version.new("4.1.0")
+                    SorceryController._process_action_callbacks.send :chain
+                  else
+                    SorceryController._process_action_callbacks
+                  end
+
+          chain.delete_if {|c| SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
 
           # configure
           ::Sorcery::Controller::Config.submodules = submodules
@@ -34,6 +40,11 @@ module Sorcery
             end
           end
           User.authenticates_with_sorcery!
+          if defined?(DataMapper) and User.ancestors.include?(DataMapper::Resource)
+            DataMapper.auto_migrate!
+            User.finalize
+            Authentication.finalize
+          end
         end
 
         def sorcery_controller_property_set(property, value)

data/lib/sorcery/test_helpers/rails.rb

@@ -1,16 +1,7 @@
 module Sorcery
   module TestHelpers
     module Rails
-      # logins a user and calls all callbacks
-      def login_user(user = nil)
-        user ||= @user
-        @controller.send(:auto_login, user)
-        @controller.send(:after_login!, user, [user.send(user.sorcery_config.username_attribute_names.first), 'secret'])
-      end
 
-      def logout_user
-        @controller.send(:logout)
-      end
     end
   end
-end
+end

data/lib/sorcery/test_helpers/rails/controller.rb

@@ -0,0 +1,17 @@
+module Sorcery
+  module TestHelpers
+    module Rails
+      module Controller 
+        def login_user(user = nil, test_context = {})
+          user ||= @user
+          @controller.send(:auto_login, user)
+          @controller.send(:after_login!, user, [user.send(user.sorcery_config.username_attribute_names.first), 'secret'])
+        end
+
+        def logout_user
+          @controller.send(:logout)
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/test_helpers/rails/integration.rb

@@ -0,0 +1,26 @@
+module Sorcery
+  module TestHelpers
+    module Rails
+      module Integration
+        
+        #Accepts arguments for user to login, route to use and HTTP method
+        #Defaults - @user, 'sessions_url' and POST
+        def login_user(user = nil, route = nil, http_method = :post)
+          user ||= @user
+          route ||= sessions_url
+
+          username_attr = user.sorcery_config.username_attribute_names.first
+          username = user.send(username_attr)
+          page.driver.send(http_method, route, { :"#{username_attr}" => username, :password => 'secret' })
+        end
+
+        #Accepts route and HTTP method arguments
+        #Default - 'logout_url' and GET
+        def logout_user(route = nil, http_method = :get)
+          route ||= logout_url
+          page.driver.send(http_method, route)
+        end
+      end
+    end
+  end
+end

data/sorcery.gemspec

@@ -1,10 +1,10 @@
 Gem::Specification.new do |s|
   s.name = "sorcery"
-  s.version = "0.8.5"
-  s.authors = ["Noam Ben Ari", "Kir Shatrov"]
+  s.version = "0.8.6"
+  s.authors = ["Noam Ben Ari", "Kir Shatrov", "Grzegorz Witek"]
   s.email = "nbenari@gmail.com"
   s.description = "Provides common authentication needs such as signing in/out, activating by email and resetting password."
-  s.summary = "Magical authentication for Rails 3 applications"
+  s.summary = "Magical authentication for Rails 3 & 4 applications"
   s.homepage = "http://github.com/NoamB/sorcery"
 
   s.files         = `git ls-files`.split($/)
@@ -14,21 +14,17 @@ Gem::Specification.new do |s|
 
   s.required_ruby_version = '>= 1.9.3'
 
-  s.add_dependency("oauth", "~> 0.4.4")
-  s.add_dependency("oauth2", ">= 0.8.0", "< 1.0.0")
-  s.add_dependency("bcrypt-ruby", ">= 3.0")
+  s.add_dependency "oauth", "~> 0.4", ">= 0.4.4"
+  s.add_dependency "oauth2", ">= 0.8.0", "< 1.0.0"
+  s.add_dependency "bcrypt", "~> 3.1"
 
-  s.add_development_dependency("abstract", ">= 1.0.0")
-  s.add_development_dependency("rails", ">= 3.2.15")
-  s.add_development_dependency("json", ">= 1.7.7")
-  s.add_development_dependency("rspec", "~> 2.5.0")
-  s.add_development_dependency("rspec-rails", "~> 2.5.0")
-  s.add_development_dependency("sqlite3", ">= 0")
-  s.add_development_dependency("yard", "~> 0.6.0")
-  s.add_development_dependency("bundler", ">= 1.1.0")
-  s.add_development_dependency("simplecov", ">= 0.3.8")
-  s.add_development_dependency("timecop", ">= 0")
-  s.add_development_dependency("mongo_mapper", ">= 0")
-  s.add_development_dependency("mongoid", "~> 2.4.4")
+  s.add_development_dependency "abstract", ">= 1.0.0"
+  s.add_development_dependency "json", ">= 1.7.7"
+  s.add_development_dependency "yard", "~> 0.6.0"
+
+  s.add_development_dependency "timecop"
+  s.add_development_dependency "simplecov", ">= 0.3.8"
+  s.add_development_dependency "rspec", "~> 3.0.0"
+  s.add_development_dependency "rspec-rails", "~> 3.0.0"
 end
 

data/spec/active_record/controller_activity_logging_spec.rb

@@ -1,6 +1,8 @@
 require 'spec_helper'
 
-describe SorceryController do
+require 'shared_examples/controller_activity_logging_shared_examples'
+
+describe SorceryController, :active_record => true do
   before(:all) do
     ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
     User.reset_column_information
@@ -16,125 +18,12 @@ describe SorceryController do
   end
 
   # ----------------- ACTIVITY LOGGING -----------------------
-  describe SorceryController, "with activity logging features" do
-    before(:all) do
-      sorcery_reload!([:activity_logging])
-    end
-
-    before(:each) do
-      create_new_user
-    end
-
+  context "with activity logging features" do
     after(:each) do
       User.delete_all
     end
 
-    specify { subject.should respond_to(:current_users) }
-
-    it "'current_users' should be empty when no users are logged in" do
-      subject.current_users.size.should == 0
-    end
-
-    it "should log login time on login" do
-      now = Time.now.in_time_zone
-      login_user
-      @user.last_login_at.should_not be_nil
-      @user.last_login_at.to_s(:db).should >= now.to_s(:db)
-      @user.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
-    end
+    it_behaves_like "controller_activity_logging"
 
-    it "should log logout time on logout" do
-      login_user
-      now = Time.now.in_time_zone
-      logout_user
-
-      User.last.last_logout_at.should_not be_nil
-
-      User.last.last_logout_at.to_s(:db).should >= now.to_s(:db)
-      User.last.last_logout_at.to_s(:db).should <= (now+2).to_s(:db)
-    end
-
-    it "should log last activity time when logged in" do
-      sorcery_controller_property_set(:register_last_activity_time, true)
-
-      login_user
-      now = Time.now.in_time_zone
-      get :some_action
-
-      last_activity_at = User.last.last_activity_at
-
-      last_activity_at.should be_present
-      last_activity_at.to_s(:db).should >= now.to_s(:db)
-      last_activity_at.to_s(:db).should <= (now+2).to_s(:db)
-    end
-
-    it "should log last IP address when logged in" do
-      login_user
-      get :some_action
-      User.last.last_login_from_ip_address.should == "0.0.0.0"
-    end
-
-    it "should update nothing but activity fields" do
-      original_user_name = User.last.username
-      login_user
-      get :some_action_making_a_non_persisted_change_to_the_user
-      User.last.username.should == original_user_name
-    end
-
-    it "'current_users' should hold the user object when 1 user is logged in" do
-      login_user
-      get :some_action
-      subject.current_users.size.should == 1
-      subject.current_users[0].should == @user
-    end
-
-    it "'current_users' should show all current_users, whether they have logged out before or not." do
-      user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
-      login_user(user1)
-      get :some_action
-      clear_user_without_logout
-      user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
-      login_user(user2)
-      get :some_action
-      clear_user_without_logout
-      user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
-      login_user(user3)
-      get :some_action
-      subject.current_users.size.should == 3
-      subject.current_users[0].should == user1
-      subject.current_users[1].should == user2
-      subject.current_users[2].should == user3
-    end
-
-    it "should not register login time if configured so" do
-      sorcery_controller_property_set(:register_login_time, false)
-      now = Time.now.in_time_zone
-      login_user
-      @user.last_login_at.should be_nil
-    end
-
-    it "should not register logout time if configured so" do
-      sorcery_controller_property_set(:register_logout_time, false)
-      now = Time.now.in_time_zone
-      login_user
-      logout_user
-      @user.last_logout_at.should be_nil
-    end
-
-    it "should not register last activity time if configured so" do
-      sorcery_controller_property_set(:register_last_activity_time, false)
-      now = Time.now.in_time_zone
-      login_user
-      get :some_action
-      @user.last_activity_at.should be_nil
-    end
-
-    it "should not register last IP address if configured so" do
-      sorcery_controller_property_set(:register_last_ip_address, false)
-      ip_address = "127.0.0.1"
-      login_user
-      get :some_action
-      @user.last_activity_at.should be_nil
-    end
   end
 end

data/spec/active_record/controller_brute_force_protection_spec.rb

@@ -1,6 +1,14 @@
 require 'spec_helper'
 
-describe SorceryController do
+describe SorceryController, :active_record => true do
+
+  let(:db_user) { User.find_by_email 'bla@bla.com' }
+  let!(:user) { create_new_user }
+
+  def request_test_login
+    get :test_login, :email => 'bla@bla.com', :password => 'blabla'
+  end
+
   before(:all) do
     ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/brute_force_protection")
     User.reset_column_information
@@ -11,81 +19,91 @@ describe SorceryController do
   end
 
   # ----------------- SESSION TIMEOUT -----------------------
-  describe SorceryController, "with brute force protection features" do
+  describe "brute force protection features" do
+
     before(:all) do
       sorcery_reload!([:brute_force_protection])
-      create_new_user
     end
 
+
     after(:each) do
       Sorcery::Controller::Config.reset!
       sorcery_controller_property_set(:user_class, User)
       Timecop.return
     end
 
-    it "should count login retries" do
-      3.times {get :test_login, :email => 'bla@bla.com', :password => 'blabla'}
-      User.find_by_email('bla@bla.com').failed_logins_count.should == 3
+    it "counts login retries" do
+      3.times { request_test_login }
+      expect(db_user.failed_logins_count).to eq 3
     end
 
-    it "should generate unlock token before mail is sent" do
+    it "generates unlock token before mail is sent" do
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
       sorcery_model_property_set(:login_lock_time_period, 0)
       sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
-      3.times {get :test_login, :email => "bla@bla.com", :password => "blabla"}
-      ActionMailer::Base.deliveries.last.body.to_s.match(User.find_by_email('bla@bla.com').unlock_token).should_not be_nil
+      3.times { request_test_login }
+      expect(ActionMailer::Base.deliveries.last.body.to_s.match(db_user.unlock_token)).not_to be_nil
     end
 
-    it "should unlock after entering unlock token" do
+    it "unlocks after entering unlock token" do
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
       sorcery_model_property_set(:login_lock_time_period, 0)
       sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
-      3.times {get :test_login, :email => "bla@bla.com", :password => "blabla"}
-      User.find_by_email('bla@bla.com').unlock_token.should_not be_nil
-      token = User.find_by_email('bla@bla.com').unlock_token
+      3.times { request_test_login }
+
+      expect(db_user.unlock_token).not_to be_nil
+
+      token = db_user.unlock_token
       user = User.load_from_unlock_token(token)
-      user.should_not be_nil
+
+      expect(user).not_to be_nil
+
       user.unlock!
-      User.load_from_unlock_token(token).should be_nil
+      expect(User.load_from_unlock_token(db_user.unlock_token)).to be_nil
     end
 
-    it "should reset the counter on a good login" do
+    it "resets the counter on a good login" do
       # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+      allow(@controller).to receive(:register_last_activity_time_to_db)
 
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 5)
-      3.times {get :test_login, :email => 'bla@bla.com', :password => 'blabla'}
+      3.times { request_test_login }
       get :test_login, :email => 'bla@bla.com', :password => 'secret'
-      User.find_by_email('bla@bla.com').failed_logins_count.should == 0
+
+      expect(db_user.failed_logins_count).to eq 0
     end
 
-    it "should lock user when number of retries reached the limit" do
-      User.find_by_email('bla@bla.com').lock_expires_at.should be_nil
+    it "locks user when number of retries reached the limit" do
+      expect(db_user.lock_expires_at).to be_nil
+
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 1)
-      get :test_login, :email => 'bla@bla.com', :password => 'blabla'
-      User.find_by_email('bla@bla.com').lock_expires_at.should_not be_nil
+      request_test_login
+
+      expect(db_user.reload.lock_expires_at).not_to be_nil
     end
 
-    it "should unlock after lock time period passes" do
+    it "unlocks after lock time period passes" do
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
       sorcery_model_property_set(:login_lock_time_period, 0.2)
-      get :test_login, :email => 'bla@bla.com', :password => 'blabla'
-      get :test_login, :email => 'bla@bla.com', :password => 'blabla'
-      User.find_by_email('bla@bla.com').lock_expires_at.should_not be_nil
+      2.times { request_test_login }
+
+      expect(db_user.reload.lock_expires_at).not_to be_nil
+
       Timecop.travel(Time.now.in_time_zone + 0.3)
-      get :test_login, :email => 'bla@bla.com', :password => 'blabla'
-      User.find_by_email('bla@bla.com').lock_expires_at.should be_nil
+      request_test_login
+
+      expect(db_user.reload.lock_expires_at).to be_nil
     end
 
-    it "should not unlock if time period is 0 (permanent lock)" do
+    it "doest not unlock if time period is 0 (permanent lock)" do
       sorcery_model_property_set(:consecutive_login_retries_amount_limit, 2)
       sorcery_model_property_set(:login_lock_time_period, 0)
-      get :test_login, :email => 'bla@bla.com', :password => 'blabla'
-      get :test_login, :email => 'bla@bla.com', :password => 'blabla'
-      unlock_date = User.find_by_email('bla@bla.com').lock_expires_at
+      2.times { request_test_login }
+      unlock_date = db_user.lock_expires_at
       Timecop.travel(Time.now.in_time_zone + 1)
-      get :test_login, :email => 'bla@bla.com', :password => 'blabla'
-      User.find_by_email('bla@bla.com').lock_expires_at.to_s.should == unlock_date.to_s
+      request_test_login
+
+      expect(db_user.lock_expires_at.to_s).to eq unlock_date.to_s
     end
 
     context "unlock_token_mailer_disabled is true" do
@@ -97,15 +115,17 @@ describe SorceryController do
         sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
       end
 
-      it "should generate unlock token after user locked" do
-        3.times {get :test_login, :email => "bla@bla.com", :password => "blabla"}
-        User.find_by_email('bla@bla.com').unlock_token.should_not be_nil
+      it "generates unlock token after user locked" do
+        3.times { request_test_login }
+
+        expect(db_user.unlock_token).not_to be_nil
       end
 
-      it "should *not* automatically send unlock mail" do
+      it "doest *not* automatically send unlock mail" do
         old_size = ActionMailer::Base.deliveries.size
-        3.times {get :test_login, :email => "bla@bla.com", :password => "blabla"}
-        ActionMailer::Base.deliveries.size.should == old_size
+        3.times { request_test_login }
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
       end
 
     end
@@ -119,15 +139,17 @@ describe SorceryController do
         sorcery_model_property_set(:unlock_token_mailer, SorceryMailer)
       end
 
-      it "should set the unlock token after user locked" do
-        3.times {get :test_login, :email => "bla@bla.com", :password => "blabla"}
-        User.find_by_email('bla@bla.com').unlock_token.should_not be_nil
+      it "sets the unlock token after user locked" do
+        3.times { request_test_login }
+
+        expect(db_user.unlock_token).not_to be_nil
       end
 
-      it "should automatically send unlock mail" do
+      it "automatically sends unlock mail" do
         old_size = ActionMailer::Base.deliveries.size
-        3.times {get :test_login, :email => "bla@bla.com", :password => "blabla"}
-        ActionMailer::Base.deliveries.size.should == old_size + 1
+        3.times { request_test_login }
+
+        expect(ActionMailer::Base.deliveries.size).to eq old_size + 1
       end
 
     end