sorcery 0.8.5 → 0.8.6

data/spec/active_record/controller_http_basic_auth_spec.rb

@@ -1,14 +1,15 @@
 require 'spec_helper'
 
-describe SorceryController do
+describe SorceryController, :active_record => true do
+
+  let!(:user) { create_new_user }
 
   # ----------------- HTTP BASIC AUTH -----------------------
-  describe SorceryController, "with http basic auth features" do
+  describe  "with http basic auth features" do
     before(:all) do
       sorcery_reload!([:http_basic_auth])
 
       sorcery_controller_property_set(:controller_to_realm_map, {"sorcery" => "sorcery"})
-      create_new_user
     end
 
     after(:each) do
@@ -17,43 +18,48 @@ describe SorceryController do
 
     it "requests basic authentication when before_filter is used" do
       get :test_http_basic_auth
-      response.code.should == "401"
+
+      expect(response.code).to eq "401"
     end
 
     it "authenticates from http basic if credentials are sent" do
       # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+      allow(subject).to receive(:register_last_activity_time_to_db)
 
-      @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{@user.email}:secret")
+      @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{user.email}:secret")
       get :test_http_basic_auth, nil, :http_authentication_used => true
-      response.should be_a_success
+
+      expect(response).to be_a_success
     end
 
     it "fails authentication if credentials are wrong" do
-      @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{@user.email}:wrong!")
+      @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{user.email}:wrong!")
       get :test_http_basic_auth, nil, :http_authentication_used => true
-      response.code.should redirect_to root_url
+
+      expect(response).to redirect_to root_url
     end
 
-    it "should allow configuration option 'controller_to_realm_map'" do
+    it "allows configuration option 'controller_to_realm_map'" do
       sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
-      Sorcery::Controller::Config.controller_to_realm_map.should == {"1" => "2"}
+
+      expect(Sorcery::Controller::Config.controller_to_realm_map).to eq({"1" => "2"})
     end
 
-    it "should display the correct realm name configured for the controller" do
+    it "displays the correct realm name configured for the controller" do
       sorcery_controller_property_set(:controller_to_realm_map, {"sorcery" => "Salad"})
-
       get :test_http_basic_auth
-      response.headers["WWW-Authenticate"].should == "Basic realm=\"Salad\""
+
+      expect(response.headers["WWW-Authenticate"]).to eq "Basic realm=\"Salad\""
     end
 
-    it "should sign in the user's session on successful login" do
+    it "signs in the user's session on successful login" do
       # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+      allow(controller).to receive(:register_last_activity_time_to_db)
 
-      @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{@user.email}:secret")
+      @request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64::encode64("#{user.email}:secret")
       get :test_http_basic_auth, nil, :http_authentication_used => true
-      session[:user_id].should == User.find_by_email(@user.email).id
+
+      expect(session[:user_id]).to be User.find_by_email(user.email).id
     end
   end
 end

data/spec/active_record/controller_oauth2_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 require 'shared_examples/controller_oauth2_shared_examples'
 
-describe SorceryController do
+describe SorceryController, :active_record => true do
   before(:all) do
     ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
     User.reset_column_information
@@ -14,8 +14,11 @@ describe SorceryController do
   after(:all) do
     ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
   end
+
+  it_behaves_like "oauth2_controller"
+
   # ----------------- OAuth -----------------------
-  describe SorceryController, "with OAuth features" do
+  context "with OAuth features" do
 
     before(:each) do
       stub_all_oauth2_requests!
@@ -32,15 +35,15 @@ describe SorceryController do
       end
       it "login_at redirects correctly" do
         create_new_user
-        get :login_at_test2
-        response.should be_a_redirect
-        response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&scope=email%2Coffline_access&display=page&state")
+        get :login_at_test_facebook
+        expect(response).to be_a_redirect
+        expect(response).to redirect_to("https://graph.facebook.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.facebook.key}&display=page&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&response_type=code&scope=email%2Coffline_access&state=")
       end
       it "logins with state" do
         create_new_user
         get :login_at_test_with_state
-        response.should be_a_redirect
-        response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&scope=email%2Coffline_access&display=page&state=bla")
+        expect(response).to be_a_redirect
+        expect(response).to redirect_to("https://graph.facebook.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.facebook.key}&display=page&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&response_type=code&scope=email%2Coffline_access&state=bla")
       end
       after do
         sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
@@ -60,148 +63,83 @@ describe SorceryController do
 =end
     it "'login_from' logins if user exists" do
       # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+      allow(subject).to receive(:register_last_activity_time_to_db)
 
       sorcery_model_property_set(:authentications_class, Authentication)
       create_new_external_user(:facebook)
-      get :test_login_from2
-      flash[:notice].should == "Success!"
+      get :test_login_from_facebook
+
+      expect(flash[:notice]).to eq "Success!"
     end
 
     it "'login_from' fails if user doesn't exist" do
       sorcery_model_property_set(:authentications_class, Authentication)
       create_new_user
-      get :test_login_from2
-      flash[:alert].should == "Failed!"
-    end
-
-    it "on successful login_from the user should be redirected to the url he originally wanted" do
-      # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
-
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:facebook)
-      get :test_return_to_with_external2, {}, :return_to_url => "fuu"
-      response.should redirect_to("fuu")
-      flash[:notice].should == "Success!"
-    end
+      get :test_login_from_facebook
 
-  # provider: github
-    it "login_at redirects correctly (github)" do
-      create_new_user
-      get :login_at_test3
-      response.should be_a_redirect
-      response.should redirect_to("https://github.com/login/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.github.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope&display&state")
+      expect(flash[:alert]).to eq "Failed!"
     end
 
-    it "'login_from' logins if user exists (github)" do
+    it "on successful login_from the user is redirected to the url he originally wanted" do
       # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+      allow(subject).to receive(:register_last_activity_time_to_db)
 
       sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:github)
-      get :test_login_from3
-      flash[:notice].should == "Success!"
-    end
-
-    it "'login_from' fails if user doesn't exist (github)" do
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_user
-      get :test_login_from3
-      flash[:alert].should == "Failed!"
-    end
-
-    it "on successful login_from the user should be redirected to the url he originally wanted (github)" do
-      # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+      create_new_external_user(:facebook)
+      get :test_return_to_with_external_facebook, {}, :return_to_url => "fuu"
 
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:github)
-      get :test_return_to_with_external3, {}, :return_to_url => "fuu"
-      response.should redirect_to("fuu")
-      flash[:notice].should == "Success!"
+      expect(response).to redirect_to("fuu")
+      expect(flash[:notice]).to eq "Success!"
     end
 
-  # provider: google
-    it "login_at redirects correctly (google)" do
-      create_new_user
-      get :login_at_test4
-      response.should be_a_redirect
-      response.should redirect_to("https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=#{::Sorcery::Controller::Config.google.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&display&state")
-    end
+    [:github, :google, :liveid].each do |provider|
 
-    it "'login_from' logins if user exists (google)" do
-      # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+      describe "with #{provider}" do
 
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:google)
-      get :test_login_from4
-      flash[:notice].should == "Success!"
-    end
+        it "login_at redirects correctly" do
+          create_new_user
+          get :"login_at_test_#{provider}"
 
-    it "'login_from' fails if user doesn't exist (google)" do
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_user
-      get :test_login_from4
-      flash[:alert].should == "Failed!"
-    end
+          expect(response).to be_a_redirect
+          expect(response).to redirect_to(provider_url provider)
+        end
 
-    it "on successful login_from the user should be redirected to the url he originally wanted (google)" do
-      # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+        it "'login_from' logins if user exists" do
+          # dirty hack for rails 4
+          allow(subject).to receive(:register_last_activity_time_to_db)
 
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:google)
-      get :test_return_to_with_external4, {}, :return_to_url => "fuu"
-      response.should redirect_to("fuu")
-      flash[:notice].should == "Success!"
-    end
+          sorcery_model_property_set(:authentications_class, Authentication)
+          create_new_external_user(provider)
+          get :"test_login_from_#{provider}"
 
-  # provider: liveid
-    it "login_at redirects correctly (liveid)" do
-      create_new_user
-      get :login_at_test5
-      response.should be_a_redirect
-      response.should redirect_to("https://oauth.live.com/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.liveid.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=wl.basic+wl.emails+wl.offline_access&display&state")
-    end
+          expect(flash[:notice]).to eq "Success!"
+        end
 
-    it "'login_from' logins if user exists (liveid)" do
-      # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+        it "'login_from' fails if user doesn't exist" do
+          sorcery_model_property_set(:authentications_class, Authentication)
+          create_new_user
+          get :"test_login_from_#{provider}"
 
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:liveid)
-      get :test_login_from5
-      flash[:notice].should == "Success!"
-    end
+          expect(flash[:alert]).to eq "Failed!"
+        end
 
-    it "'login_from' fails if user doesn't exist (liveid)" do
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_user
-      get :test_login_from5
-      flash[:alert].should == "Failed!"
-    end
+        it "on successful login_from the user is redirected to the url he originally wanted (github)" do
+          # dirty hack for rails 4
+          allow(subject).to receive(:register_last_activity_time_to_db)
 
-    it "on successful login_from the user should be redirected to the url he originally wanted (liveid)" do
-      # dirty hack for rails 4
-      @controller.stub(:register_last_activity_time_to_db)
+          sorcery_model_property_set(:authentications_class, Authentication)
+          create_new_external_user(provider)
+          get :"test_return_to_with_external_#{provider}", {}, :return_to_url => "fuu"
 
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:liveid)
-      get :test_return_to_with_external5, {}, :return_to_url => "fuu"
-      response.should redirect_to("fuu")
-      flash[:notice].should == "Success!"
+          expect(response).to redirect_to "fuu"
+          expect(flash[:notice]).to eq "Success!"
+        end
+      end
     end
 
   end
 
-
-  describe SorceryController do
-    it_behaves_like "oauth2_controller"
-  end
-
-  describe SorceryController, "OAuth with User Activation features" do
+  describe "OAuth with User Activation features" do
     before(:all) do
       ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
       sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
@@ -229,67 +167,42 @@ describe SorceryController do
       User.delete_all
     end
 
-    it "should not send activation email to external users" do
+    it "does not send activation email to external users" do
       old_size = ActionMailer::Base.deliveries.size
       create_new_external_user(:facebook)
-      ActionMailer::Base.deliveries.size.should == old_size
+
+      expect(ActionMailer::Base.deliveries.size).to eq old_size
     end
 
-    it "should not send external users an activation success email" do
+    it "does not send external users an activation success email" do
       sorcery_model_property_set(:activation_success_email_method_name, nil)
       create_new_external_user(:facebook)
       old_size = ActionMailer::Base.deliveries.size
       @user.activate!
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
 
-  # provider: github
-    it "should not send activation email to external users (github)" do
-      old_size = ActionMailer::Base.deliveries.size
-      create_new_external_user(:github)
-      ActionMailer::Base.deliveries.size.should == old_size
+      expect(ActionMailer::Base.deliveries.size).to eq old_size
     end
 
-    it "should not send external users an activation success email (github)" do
-      sorcery_model_property_set(:activation_success_email_method_name, nil)
-      create_new_external_user(:github)
-      old_size = ActionMailer::Base.deliveries.size
-      @user.activate!
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
-
-  # provider: google
-    it "should not send activation email to external users (google)" do
-      old_size = ActionMailer::Base.deliveries.size
-      create_new_external_user(:google)
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
-
-    it "should not send external users an activation success email (google)" do
-      sorcery_model_property_set(:activation_success_email_method_name, nil)
-      create_new_external_user(:google)
-      old_size = ActionMailer::Base.deliveries.size
-      @user.activate!
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
+  # provider: github
+    [:github, :google, :liveid].each do |provider|
+      it "does not send activation email to external users (github)" do
+        old_size = ActionMailer::Base.deliveries.size
+        create_new_external_user provider
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
 
-  # provider: liveid
-    it "should not send activation email to external users (liveid)" do
-      old_size = ActionMailer::Base.deliveries.size
-      create_new_external_user(:liveid)
-      ActionMailer::Base.deliveries.size.should == old_size
-    end
+      it "does not send external users an activation success email (github)" do
+        sorcery_model_property_set(:activation_success_email_method_name, nil)
+        create_new_external_user provider
+        old_size = ActionMailer::Base.deliveries.size
+        @user.activate!
 
-    it "should not send external users an activation success email (liveid)" do
-      sorcery_model_property_set(:activation_success_email_method_name, nil)
-      create_new_external_user(:liveid)
-      old_size = ActionMailer::Base.deliveries.size
-      @user.activate!
-      ActionMailer::Base.deliveries.size.should == old_size
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
     end
   end
 
-  describe SorceryController, "OAuth with user activation features"  do
+  describe "OAuth with user activation features"  do
     before(:all) do
       ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
       ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
@@ -302,7 +215,7 @@ describe SorceryController do
       ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
     end
 
-    %w(facebook github google liveid).each.with_index(2) do |provider, index|
+    %w(facebook github google liveid).each do |provider|
       context "when #{provider}" do
         before(:each) do
           User.delete_all
@@ -313,25 +226,27 @@ describe SorceryController do
           create_new_external_user(provider.to_sym)
         end
 
-        it "should register login time" do
+        it "registers login time" do
           now = Time.now.in_time_zone
-          get "test_login_from#{index}".to_sym
-          User.last.last_login_at.should_not be_nil
-          User.last.last_login_at.to_s(:db).should >= now.to_s(:db)
-          User.last.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
+          get "test_login_from_#{provider}".to_sym
+
+          expect(User.last.last_login_at).not_to be_nil
+          expect(User.last.last_login_at.to_s(:db)).to be >= now.to_s(:db)
+          expect(User.last.last_login_at.to_s(:db)).to be <= (now+2).to_s(:db)
         end
 
-        it "should not register login time if configured so" do
+        it "does not register login time if configured so" do
           sorcery_controller_property_set(:register_login_time, false)
           now = Time.now.in_time_zone
-          get "test_login_from#{index}".to_sym
-          User.last.last_login_at.should be_nil
+          get "test_login_from_#{provider}".to_sym
+
+          expect(User.last.last_login_at).to be_nil
         end
       end
     end
   end
 
-  describe SorceryController, "OAuth with session timeout features" do
+  describe "OAuth with session timeout features" do
     before(:all) do
       ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
       User.reset_column_information
@@ -342,7 +257,7 @@ describe SorceryController do
       ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
     end
 
-    %w(facebook github google liveid).each.with_index(2) do |provider, index|
+    %w(facebook github google liveid).each do |provider|
       context "when #{provider}" do
         before(:each) do
           User.delete_all
@@ -357,29 +272,30 @@ describe SorceryController do
           Timecop.return
         end
 
-        it "should not reset session before session timeout" do
-          get "test_login_from#{index}".to_sym
-          session[:user_id].should_not be_nil
-          flash[:notice].should == "Success!"
+        it "does not reset session before session timeout" do
+          get "test_login_from_#{provider}".to_sym
+
+          expect(session[:user_id]).not_to be_nil
+          expect(flash[:notice]).to eq "Success!"
         end
 
-        it "should reset session after session timeout" do
-          get "test_login_from#{index}".to_sym
+        it "resets session after session timeout" do
+          get "test_login_from_#{provider}".to_sym
           Timecop.travel(Time.now.in_time_zone+0.6)
           get :test_should_be_logged_in
-          session[:user_id].should be_nil
-          response.should be_a_redirect
+
+          expect(session[:user_id]).to be_nil
+          expect(response).to be_a_redirect
         end
       end
     end
   end
 
   def stub_all_oauth2_requests!
-    auth_code       = OAuth2::Strategy::AuthCode.any_instance
     access_token    = double(OAuth2::AccessToken)
-    access_token.stub(:token_param=)
+    allow(access_token).to receive(:token_param=)
     response        = double(OAuth2::Response)
-    response.stub(:body).and_return({
+    allow(response).to receive(:body) { {
       "id"=>"123",
       "name"=>"Noam Ben Ari",
       "first_name"=>"Noam",
@@ -394,9 +310,9 @@ describe SorceryController do
       "locale"=>"en_US",
       "languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}],
       "verified"=>true,
-      "updated_time"=>"2011-02-16T20:59:38+0000"}.to_json)
-    access_token.stub(:get).and_return(response)
-    auth_code.stub(:get_token).and_return(access_token)
+      "updated_time"=>"2011-02-16T20:59:38+0000"}.to_json }
+    allow(access_token).to receive(:get) { response }
+    allow_any_instance_of(OAuth2::Strategy::AuthCode).to receive(:get_token) { access_token }
   end
 
   def set_external_property
@@ -414,4 +330,13 @@ describe SorceryController do
     sorcery_controller_external_property_set(:liveid, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
     sorcery_controller_external_property_set(:liveid, :callback_url, "http://blabla.com")
   end
+
+  def provider_url(provider)
+    {
+      github: "https://github.com/login/oauth/authorize?client_id=#{::Sorcery::Controller::Config.github.key}&display=&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=&state=",
+      google: "https://accounts.google.com/o/oauth2/auth?client_id=#{::Sorcery::Controller::Config.google.key}&display=&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&state=",
+      liveid: "https://oauth.live.com/authorize?client_id=#{::Sorcery::Controller::Config.liveid.key}&display=&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=wl.basic+wl.emails+wl.offline_access&state="
+    }[provider]
+  end
+
 end