sorcery 0.8.5 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +3 -1
- data/.travis.yml +122 -5
- data/CHANGELOG.md +37 -1
- data/Gemfile +10 -18
- data/README.md +159 -88
- data/gemfiles/active_record-rails40.gemfile +7 -0
- data/gemfiles/active_record-rails41.gemfile +7 -0
- data/gemfiles/mongo_mapper-rails40.gemfile +9 -0
- data/gemfiles/mongo_mapper-rails41.gemfile +9 -0
- data/gemfiles/mongoid-rails40.gemfile +9 -0
- data/gemfiles/mongoid-rails41.gemfile +9 -0
- data/gemfiles/mongoid3-rails32.gemfile +9 -0
- data/lib/generators/sorcery/USAGE +1 -1
- data/lib/generators/sorcery/install_generator.rb +19 -5
- data/lib/generators/sorcery/templates/initializer.rb +34 -9
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +3 -1
- data/lib/generators/sorcery/templates/migration/core.rb +2 -2
- data/lib/generators/sorcery/templates/migration/external.rb +3 -1
- data/lib/sorcery/adapters/active_record_adapter.rb +120 -0
- data/lib/sorcery/adapters/base_adapter.rb +30 -0
- data/lib/sorcery/adapters/data_mapper_adapter.rb +176 -0
- data/lib/sorcery/adapters/mongo_mapper_adapter.rb +110 -0
- data/lib/sorcery/adapters/mongoid_adapter.rb +97 -0
- data/lib/sorcery/controller/config.rb +65 -0
- data/lib/sorcery/controller/submodules/activity_logging.rb +16 -21
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +6 -6
- data/lib/sorcery/controller/submodules/external.rb +35 -40
- data/lib/sorcery/controller/submodules/remember_me.rb +4 -4
- data/lib/sorcery/controller/submodules/session_timeout.rb +10 -6
- data/lib/sorcery/controller.rb +10 -74
- data/lib/sorcery/model/config.rb +96 -0
- data/lib/sorcery/model/submodules/activity_logging.rb +30 -13
- data/lib/sorcery/model/submodules/brute_force_protection.rb +21 -21
- data/lib/sorcery/model/submodules/external.rb +53 -9
- data/lib/sorcery/model/submodules/remember_me.rb +15 -19
- data/lib/sorcery/model/submodules/reset_password.rb +33 -34
- data/lib/sorcery/model/submodules/user_activation.rb +36 -47
- data/lib/sorcery/model/temporary_token.rb +4 -4
- data/lib/sorcery/model.rb +73 -173
- data/lib/sorcery/protocols/oauth.rb +42 -0
- data/lib/sorcery/protocols/oauth2.rb +47 -0
- data/lib/sorcery/providers/base.rb +38 -0
- data/lib/sorcery/providers/facebook.rb +63 -0
- data/lib/sorcery/providers/github.rb +51 -0
- data/lib/sorcery/providers/google.rb +51 -0
- data/lib/sorcery/providers/heroku.rb +57 -0
- data/lib/sorcery/providers/jira.rb +77 -0
- data/lib/sorcery/providers/linkedin.rb +66 -0
- data/lib/sorcery/providers/liveid.rb +53 -0
- data/lib/sorcery/providers/salesforce.rb +50 -0
- data/lib/sorcery/providers/twitter.rb +59 -0
- data/lib/sorcery/providers/vk.rb +63 -0
- data/lib/sorcery/providers/xing.rb +64 -0
- data/lib/sorcery/test_helpers/internal/rails.rb +14 -3
- data/lib/sorcery/test_helpers/internal.rb +7 -3
- data/lib/sorcery/test_helpers/rails/controller.rb +21 -0
- data/lib/sorcery/test_helpers/rails/integration.rb +26 -0
- data/lib/sorcery/version.rb +3 -0
- data/lib/sorcery.rb +82 -58
- data/sorcery.gemspec +19 -19
- data/spec/active_record/user_activation_spec.rb +1 -1
- data/spec/active_record/user_activity_logging_spec.rb +10 -1
- data/spec/active_record/user_brute_force_protection_spec.rb +1 -1
- data/spec/active_record/user_oauth_spec.rb +1 -1
- data/spec/active_record/user_remember_me_spec.rb +1 -1
- data/spec/active_record/user_reset_password_spec.rb +1 -1
- data/spec/active_record/user_spec.rb +7 -8
- data/spec/controllers/controller_activity_logging_spec.rb +124 -0
- data/spec/controllers/controller_brute_force_protection_spec.rb +43 -0
- data/spec/controllers/controller_http_basic_auth_spec.rb +68 -0
- data/spec/controllers/controller_oauth2_spec.rb +414 -0
- data/spec/controllers/controller_oauth_spec.rb +240 -0
- data/spec/controllers/controller_remember_me_spec.rb +117 -0
- data/spec/controllers/controller_session_timeout_spec.rb +80 -0
- data/spec/controllers/controller_spec.rb +218 -0
- data/spec/data_mapper/user_activation_spec.rb +10 -0
- data/spec/data_mapper/user_activity_logging_spec.rb +14 -0
- data/spec/data_mapper/user_brute_force_protection_spec.rb +9 -0
- data/spec/data_mapper/user_oauth_spec.rb +9 -0
- data/spec/data_mapper/user_remember_me_spec.rb +8 -0
- data/spec/data_mapper/user_reset_password_spec.rb +8 -0
- data/spec/data_mapper/user_spec.rb +27 -0
- data/spec/mongo_mapper/user_activation_spec.rb +1 -2
- data/spec/mongo_mapper/user_activity_logging_spec.rb +1 -1
- data/spec/mongo_mapper/user_brute_force_protection_spec.rb +1 -1
- data/spec/mongo_mapper/user_oauth_spec.rb +1 -1
- data/spec/mongo_mapper/user_remember_me_spec.rb +1 -1
- data/spec/mongo_mapper/user_reset_password_spec.rb +1 -1
- data/spec/mongo_mapper/user_spec.rb +7 -8
- data/spec/mongoid/user_activation_spec.rb +1 -2
- data/spec/mongoid/user_activity_logging_spec.rb +1 -2
- data/spec/mongoid/user_brute_force_protection_spec.rb +1 -2
- data/spec/mongoid/user_oauth_spec.rb +1 -2
- data/spec/mongoid/user_remember_me_spec.rb +1 -2
- data/spec/mongoid/user_reset_password_spec.rb +1 -2
- data/spec/mongoid/user_spec.rb +21 -9
- data/spec/orm/active_record.rb +14 -0
- data/spec/orm/data_mapper.rb +48 -0
- data/spec/orm/mongo_mapper.rb +1 -1
- data/spec/orm/mongoid.rb +5 -0
- data/spec/rails_app/app/controllers/sorcery_controller.rb +125 -59
- data/spec/rails_app/app/data_mapper/authentication.rb +8 -0
- data/spec/rails_app/app/data_mapper/user.rb +7 -0
- data/spec/rails_app/app/mongo_mapper/user.rb +2 -0
- data/spec/rails_app/config/routes.rb +27 -13
- data/spec/rails_app/db/migrate/core/20101224223620_create_users.rb +2 -2
- data/spec/shared_examples/user_activation_shared_examples.rb +108 -91
- data/spec/shared_examples/user_activity_logging_shared_examples.rb +83 -15
- data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +140 -21
- data/spec/shared_examples/user_oauth_shared_examples.rb +21 -16
- data/spec/shared_examples/user_remember_me_shared_examples.rb +36 -24
- data/spec/shared_examples/user_reset_password_shared_examples.rb +138 -117
- data/spec/shared_examples/user_shared_examples.rb +297 -150
- data/spec/sorcery_crypto_providers_spec.rb +28 -28
- data/spec/spec_helper.rb +12 -18
- metadata +99 -165
- data/Gemfile.rails4 +0 -24
- data/VERSION +0 -1
- data/lib/sorcery/controller/submodules/external/protocols/oauth1.rb +0 -46
- data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +0 -50
- data/lib/sorcery/controller/submodules/external/providers/base.rb +0 -21
- data/lib/sorcery/controller/submodules/external/providers/facebook.rb +0 -99
- data/lib/sorcery/controller/submodules/external/providers/github.rb +0 -93
- data/lib/sorcery/controller/submodules/external/providers/google.rb +0 -92
- data/lib/sorcery/controller/submodules/external/providers/linkedin.rb +0 -103
- data/lib/sorcery/controller/submodules/external/providers/liveid.rb +0 -93
- data/lib/sorcery/controller/submodules/external/providers/twitter.rb +0 -94
- data/lib/sorcery/controller/submodules/external/providers/vk.rb +0 -101
- data/lib/sorcery/controller/submodules/external/providers/xing.rb +0 -98
- data/lib/sorcery/model/adapters/active_record.rb +0 -49
- data/lib/sorcery/model/adapters/mongo_mapper.rb +0 -56
- data/lib/sorcery/model/adapters/mongoid.rb +0 -88
- data/lib/sorcery/test_helpers/rails.rb +0 -16
- data/lib/sorcery/test_helpers.rb +0 -5
- data/spec/active_record/controller_activity_logging_spec.rb +0 -140
- data/spec/active_record/controller_brute_force_protection_spec.rb +0 -136
- data/spec/active_record/controller_http_basic_auth_spec.rb +0 -59
- data/spec/active_record/controller_oauth2_spec.rb +0 -417
- data/spec/active_record/controller_oauth_spec.rb +0 -212
- data/spec/active_record/controller_remember_me_spec.rb +0 -96
- data/spec/active_record/controller_session_timeout_spec.rb +0 -55
- data/spec/active_record/controller_spec.rb +0 -182
- data/spec/active_record/integration_spec.rb +0 -23
- data/spec/mongo_mapper/controller_spec.rb +0 -175
- data/spec/mongoid/controller_activity_logging_spec.rb +0 -111
- data/spec/mongoid/controller_spec.rb +0 -186
- data/spec/rails_app/public/404.html +0 -26
- data/spec/rails_app/public/422.html +0 -26
- data/spec/rails_app/public/500.html +0 -26
- data/spec/rails_app/public/favicon.ico +0 -0
- data/spec/rails_app/public/images/rails.png +0 -0
- data/spec/rails_app/public/javascripts/application.js +0 -2
- data/spec/rails_app/public/javascripts/controls.js +0 -965
- data/spec/rails_app/public/javascripts/dragdrop.js +0 -974
- data/spec/rails_app/public/javascripts/effects.js +0 -1123
- data/spec/rails_app/public/javascripts/prototype.js +0 -6001
- data/spec/rails_app/public/javascripts/rails.js +0 -175
- data/spec/rails_app/public/robots.txt +0 -5
- data/spec/rails_app/public/stylesheets/.gitkeep +0 -0
- data/spec/shared_examples/controller_oauth2_shared_examples.rb +0 -56
- data/spec/shared_examples/controller_oauth_shared_examples.rb +0 -69
- /data/lib/sorcery/{controller/submodules/external/protocols → protocols}/certs/ca-bundle.crt +0 -0
|
@@ -1,96 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe SorceryController do
|
|
4
|
-
|
|
5
|
-
# ----------------- REMEMBER ME -----------------------
|
|
6
|
-
describe SorceryController, "with remember me features" do
|
|
7
|
-
|
|
8
|
-
before(:all) do
|
|
9
|
-
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
|
|
10
|
-
User.reset_column_information
|
|
11
|
-
sorcery_reload!([:remember_me])
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
before(:each) do
|
|
15
|
-
create_new_user
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
after(:all) do
|
|
19
|
-
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/remember_me")
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
after(:each) do
|
|
23
|
-
session = nil
|
|
24
|
-
cookies = nil
|
|
25
|
-
User.delete_all
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
it "should set cookie on remember_me!" do
|
|
29
|
-
post :test_login_with_remember, :email => 'bla@bla.com', :password => 'secret'
|
|
30
|
-
# @request.cookies.merge!(cookies)
|
|
31
|
-
# cookies = ActionDispatch::Cookies::CookieJar.build(@request)
|
|
32
|
-
cookies.signed["remember_me_token"].should == assigns[:current_user].remember_me_token
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
it "should clear cookie on forget_me!" do
|
|
36
|
-
cookies["remember_me_token"] == {:value => 'asd54234dsfsd43534', :expires => 3600}
|
|
37
|
-
get :test_logout
|
|
38
|
-
cookies["remember_me_token"].should be_nil
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
it "login(email,password,remember_me) should login and remember" do
|
|
42
|
-
post :test_login_with_remember_in_login, :email => 'bla@bla.com', :password => 'secret', :remember => "1"
|
|
43
|
-
# cookies = ActionDispatch::Cookies::CookieJar.build(@request)
|
|
44
|
-
cookies.signed["remember_me_token"].should_not be_nil
|
|
45
|
-
cookies.signed["remember_me_token"].should == assigns[:user].remember_me_token
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
it "logout should also forget_me!" do
|
|
49
|
-
session[:user_id] = @user.id
|
|
50
|
-
get :test_logout_with_remember
|
|
51
|
-
cookies["remember_me_token"].should be_nil
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
it "should login_from_cookie" do
|
|
55
|
-
session[:user_id] = @user.id
|
|
56
|
-
subject.remember_me!
|
|
57
|
-
subject.instance_eval do
|
|
58
|
-
@current_user = nil
|
|
59
|
-
end
|
|
60
|
-
session[:user_id] = nil
|
|
61
|
-
get :test_login_from_cookie
|
|
62
|
-
assigns[:current_user].should == @user
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
it "should not remember_me! when not asked to, even if third parameter is used" do
|
|
66
|
-
post :test_login_with_remember_in_login, :email => 'bla@bla.com', :password => 'secret', :remember => "0"
|
|
67
|
-
cookies["remember_me_token"].should be_nil
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
it "should not remember_me! when not asked to" do
|
|
71
|
-
post :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
72
|
-
cookies["remember_me_token"].should be_nil
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
# --- login_user(user) ---
|
|
76
|
-
specify { should respond_to(:auto_login) }
|
|
77
|
-
|
|
78
|
-
it "auto_login(user) should login a user instance without remembering" do
|
|
79
|
-
create_new_user
|
|
80
|
-
session[:user_id] = nil
|
|
81
|
-
subject.auto_login(@user)
|
|
82
|
-
get :test_login_from_cookie
|
|
83
|
-
assigns[:current_user].should == @user
|
|
84
|
-
cookies["remember_me_token"].should be_nil
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
it "auto_login(user, true) should login a user instance with remembering" do
|
|
88
|
-
create_new_user
|
|
89
|
-
session[:user_id] = nil
|
|
90
|
-
subject.auto_login(@user, true)
|
|
91
|
-
get :test_login_from_cookie
|
|
92
|
-
assigns[:current_user].should == @user
|
|
93
|
-
cookies["remember_me_token"].should_not be_nil
|
|
94
|
-
end
|
|
95
|
-
end
|
|
96
|
-
end
|
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe SorceryController do
|
|
4
|
-
|
|
5
|
-
# ----------------- SESSION TIMEOUT -----------------------
|
|
6
|
-
describe SorceryController, "with session timeout features" do
|
|
7
|
-
before(:all) do
|
|
8
|
-
sorcery_reload!([:session_timeout])
|
|
9
|
-
sorcery_controller_property_set(:session_timeout,0.5)
|
|
10
|
-
create_new_user
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
after(:each) do
|
|
14
|
-
Timecop.return
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
it "should not reset session before session timeout" do
|
|
18
|
-
login_user
|
|
19
|
-
get :test_should_be_logged_in
|
|
20
|
-
session[:user_id].should_not be_nil
|
|
21
|
-
response.should be_a_success
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
it "should reset session after session timeout" do
|
|
25
|
-
login_user
|
|
26
|
-
Timecop.travel(Time.now.in_time_zone+0.6)
|
|
27
|
-
get :test_should_be_logged_in
|
|
28
|
-
session[:user_id].should be_nil
|
|
29
|
-
response.should be_a_redirect
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
context "with 'session_timeout_from_last_action'" do
|
|
33
|
-
it "should not logout if there was activity" do
|
|
34
|
-
sorcery_controller_property_set(:session_timeout_from_last_action, true)
|
|
35
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
36
|
-
Timecop.travel(Time.now.in_time_zone+0.3)
|
|
37
|
-
get :test_should_be_logged_in
|
|
38
|
-
session[:user_id].should_not be_nil
|
|
39
|
-
Timecop.travel(Time.now.in_time_zone+0.3)
|
|
40
|
-
get :test_should_be_logged_in
|
|
41
|
-
session[:user_id].should_not be_nil
|
|
42
|
-
response.should be_a_success
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
it "with 'session_timeout_from_last_action' should logout if there was no activity" do
|
|
46
|
-
sorcery_controller_property_set(:session_timeout_from_last_action, true)
|
|
47
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
48
|
-
Timecop.travel(Time.now.in_time_zone+0.6)
|
|
49
|
-
get :test_should_be_logged_in
|
|
50
|
-
session[:user_id].should be_nil
|
|
51
|
-
response.should be_a_redirect
|
|
52
|
-
end
|
|
53
|
-
end
|
|
54
|
-
end
|
|
55
|
-
end
|
|
@@ -1,182 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe SorceryController do
|
|
4
|
-
|
|
5
|
-
# ----------------- PLUGIN CONFIGURATION -----------------------
|
|
6
|
-
describe SorceryController, "plugin configuration" do
|
|
7
|
-
before(:all) do
|
|
8
|
-
sorcery_reload!
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
after(:each) do
|
|
12
|
-
Sorcery::Controller::Config.reset!
|
|
13
|
-
sorcery_reload!
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
it "should enable configuration option 'user_class'" do
|
|
17
|
-
sorcery_controller_property_set(:user_class, "TestUser")
|
|
18
|
-
Sorcery::Controller::Config.user_class.should == "TestUser"
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
it "should enable configuration option 'not_authenticated_action'" do
|
|
22
|
-
sorcery_controller_property_set(:not_authenticated_action, :my_action)
|
|
23
|
-
Sorcery::Controller::Config.not_authenticated_action.should equal(:my_action)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
# ----------------- PLUGIN ACTIVATED -----------------------
|
|
29
|
-
describe SorceryController, "when activated with sorcery" do
|
|
30
|
-
before(:all) do
|
|
31
|
-
sorcery_reload!
|
|
32
|
-
User.delete_all
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
before(:each) do
|
|
36
|
-
create_new_user
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
after(:each) do
|
|
40
|
-
Sorcery::Controller::Config.reset!
|
|
41
|
-
sorcery_reload!
|
|
42
|
-
User.delete_all
|
|
43
|
-
sorcery_controller_property_set(:user_class, User)
|
|
44
|
-
sorcery_model_property_set(:username_attribute_names, [:email])
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
specify { should respond_to(:login) }
|
|
48
|
-
|
|
49
|
-
specify { should respond_to(:logout) }
|
|
50
|
-
|
|
51
|
-
specify { should respond_to(:logged_in?) }
|
|
52
|
-
|
|
53
|
-
specify { should respond_to(:current_user) }
|
|
54
|
-
|
|
55
|
-
it "login(username,password) should return the user when success and set the session with user.id" do
|
|
56
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
57
|
-
assigns[:user].should == @user
|
|
58
|
-
session[:user_id].should == @user.id
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
it "login(email,password) should return the user when success and set the session with user.id" do
|
|
62
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
63
|
-
assigns[:user].should == @user
|
|
64
|
-
session[:user_id].should == @user.id
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
it "login(username,password) should return nil and not set the session when failure" do
|
|
68
|
-
get :test_login, :email => 'bla@bla.com', :password => 'opensesame!'
|
|
69
|
-
assigns[:user].should be_nil
|
|
70
|
-
session[:user_id].should be_nil
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
it "login(email,password) should return the user when success and set the session with the _csrf_token" do
|
|
74
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
75
|
-
session[:_csrf_token].should_not be_nil
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
it "login(username,password) should return nil and not set the session when upper case username" do
|
|
79
|
-
get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
|
|
80
|
-
assigns[:user].should be_nil
|
|
81
|
-
session[:user_id].should be_nil
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
it "login(username,password) should return the user and set the session with user.id when upper case username and config is downcase before authenticating" do
|
|
85
|
-
sorcery_model_property_set(:downcase_username_before_authenticating, true)
|
|
86
|
-
get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
|
|
87
|
-
assigns[:user].should == @user
|
|
88
|
-
session[:user_id].should == @user.id
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
it "login(username,password) should return nil and not set the session when user was created with upper case username, config is default, and log in username is lower case" do
|
|
92
|
-
create_new_user({:username => "", :email => "BLA1@BLA.COM", :password => 'secret1'})
|
|
93
|
-
get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
|
|
94
|
-
assigns[:user].should be_nil
|
|
95
|
-
session[:user_id].should be_nil
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
it "login(username,password) should return the user and set the session with user.id when user was created with upper case username and config is downcase before authenticating" do
|
|
99
|
-
sorcery_model_property_set(:downcase_username_before_authenticating, true)
|
|
100
|
-
create_new_user({:username => "", :email => "BLA1@BLA.COM", :password => 'secret1'})
|
|
101
|
-
get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
|
|
102
|
-
assigns[:user].should == @user
|
|
103
|
-
session[:user_id].should == @user.id
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
it "logout should clear the session" do
|
|
107
|
-
cookies[:remember_me_token] = nil
|
|
108
|
-
session[:user_id] = @user.id
|
|
109
|
-
get :test_logout
|
|
110
|
-
session[:user_id].should be_nil
|
|
111
|
-
end
|
|
112
|
-
|
|
113
|
-
it "logged_in? should return true if logged in" do
|
|
114
|
-
session[:user_id] = @user.id
|
|
115
|
-
subject.logged_in?.should be_true
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
it "logged_in? should return false if not logged in" do
|
|
119
|
-
session[:user_id] = nil
|
|
120
|
-
subject.logged_in?.should be_false
|
|
121
|
-
end
|
|
122
|
-
|
|
123
|
-
it "current_user should return the user instance if logged in" do
|
|
124
|
-
create_new_user
|
|
125
|
-
session[:user_id] = @user.id
|
|
126
|
-
2.times { subject.current_user.should == @user } # memoized!
|
|
127
|
-
end
|
|
128
|
-
|
|
129
|
-
it "current_user should return false if not logged in" do
|
|
130
|
-
session[:user_id] = nil
|
|
131
|
-
2.times { subject.current_user.should == false } # memoized!
|
|
132
|
-
end
|
|
133
|
-
|
|
134
|
-
specify { should respond_to(:require_login) }
|
|
135
|
-
|
|
136
|
-
it "should call the configured 'not_authenticated_action' when authenticate before_filter fails" do
|
|
137
|
-
session[:user_id] = nil
|
|
138
|
-
sorcery_controller_property_set(:not_authenticated_action, :test_not_authenticated_action)
|
|
139
|
-
get :test_logout
|
|
140
|
-
response.body.should == "test_not_authenticated_action"
|
|
141
|
-
end
|
|
142
|
-
|
|
143
|
-
it "require_login before_filter should save the url that the user originally wanted" do
|
|
144
|
-
get :some_action
|
|
145
|
-
session[:return_to_url].should == "http://test.host/some_action"
|
|
146
|
-
response.should redirect_to("http://test.host/")
|
|
147
|
-
end
|
|
148
|
-
|
|
149
|
-
it "require_login before_filter should not save the url that the user originally wanted upon all non-get http methods" do
|
|
150
|
-
[:post, :put, :delete].each do |m|
|
|
151
|
-
self.send(m, :some_action)
|
|
152
|
-
session[:return_to_url].should be_nil
|
|
153
|
-
end
|
|
154
|
-
end
|
|
155
|
-
|
|
156
|
-
it "on successful login the user should be redirected to the url he originally wanted" do
|
|
157
|
-
session[:return_to_url] = "http://test.host/some_action"
|
|
158
|
-
post :test_return_to, :email => 'bla@bla.com', :password => 'secret'
|
|
159
|
-
response.should redirect_to("http://test.host/some_action")
|
|
160
|
-
flash[:notice].should == "haha!"
|
|
161
|
-
end
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
# --- auto_login(user) ---
|
|
165
|
-
specify { should respond_to(:auto_login) }
|
|
166
|
-
|
|
167
|
-
it "auto_login(user) should login a user instance" do
|
|
168
|
-
session[:user_id] = nil
|
|
169
|
-
subject.auto_login(@user)
|
|
170
|
-
subject.logged_in?.should be_true
|
|
171
|
-
end
|
|
172
|
-
|
|
173
|
-
it "auto_login(user) should work even if current_user was already set to false" do
|
|
174
|
-
get :test_logout
|
|
175
|
-
session[:user_id].should be_nil
|
|
176
|
-
subject.current_user.should be_false
|
|
177
|
-
get :test_auto_login
|
|
178
|
-
assigns[:result].should == User.find(:first)
|
|
179
|
-
end
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
end
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe "the login process", :type => :request do
|
|
4
|
-
before(:all) do
|
|
5
|
-
sorcery_reload!
|
|
6
|
-
create_new_user
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
after(:all) do
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
# it "handles unverified request", :js => true do
|
|
13
|
-
# visit root_path
|
|
14
|
-
# #save_and_open_page
|
|
15
|
-
# fill_in 'Username', :with => 'gizmo1'
|
|
16
|
-
# fill_in 'Password', :with => 'secret'
|
|
17
|
-
# # <input name="authenticity_token" type="hidden" value="+8M9lXnjnhAW/mAuzwI9Mmy6hM+00qZJa8VMQUg+NmM=">
|
|
18
|
-
# page.execute_script("$$('hidden').value='mezuza'")
|
|
19
|
-
# #save_and_open_page
|
|
20
|
-
# click_button 'Login'
|
|
21
|
-
# save_and_open_page
|
|
22
|
-
# end
|
|
23
|
-
# end
|
|
@@ -1,175 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe SorceryController do
|
|
4
|
-
|
|
5
|
-
# ----------------- PLUGIN CONFIGURATION -----------------------
|
|
6
|
-
describe SorceryController, "plugin configuration" do
|
|
7
|
-
before(:all) do
|
|
8
|
-
sorcery_reload!
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
after(:each) do
|
|
12
|
-
Sorcery::Controller::Config.reset!
|
|
13
|
-
sorcery_reload!
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
it "should enable configuration option 'user_class'" do
|
|
17
|
-
sorcery_controller_property_set(:user_class, "TestUser")
|
|
18
|
-
Sorcery::Controller::Config.user_class.should == "TestUser"
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
it "should enable configuration option 'not_authenticated_action'" do
|
|
22
|
-
sorcery_controller_property_set(:not_authenticated_action, :my_action)
|
|
23
|
-
Sorcery::Controller::Config.not_authenticated_action.should equal(:my_action)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
# ----------------- PLUGIN ACTIVATED -----------------------
|
|
29
|
-
describe SorceryController, "when activated with sorcery" do
|
|
30
|
-
before(:all) do
|
|
31
|
-
sorcery_reload!
|
|
32
|
-
User.delete_all
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
before(:each) do
|
|
36
|
-
create_new_user
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
after(:each) do
|
|
40
|
-
Sorcery::Controller::Config.reset!
|
|
41
|
-
sorcery_reload!
|
|
42
|
-
User.delete_all
|
|
43
|
-
sorcery_controller_property_set(:user_class, User)
|
|
44
|
-
sorcery_model_property_set(:username_attribute_names, [:username, :email])
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
specify { should respond_to(:login) }
|
|
48
|
-
|
|
49
|
-
specify { should respond_to(:logout) }
|
|
50
|
-
|
|
51
|
-
specify { should respond_to(:logged_in?) }
|
|
52
|
-
|
|
53
|
-
specify { should respond_to(:current_user) }
|
|
54
|
-
|
|
55
|
-
it "login(username,password) should return the user when success and set the session with user.id" do
|
|
56
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
57
|
-
assigns[:user].should == @user
|
|
58
|
-
session[:user_id].should == @user.id
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
it "login(email,password) should return the user when success and set the session with user.id" do
|
|
62
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
63
|
-
assigns[:user].should == @user
|
|
64
|
-
session[:user_id].should == @user.id
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
it "login(username,password) should return nil and not set the session when failure" do
|
|
68
|
-
get :test_login, :email => 'bla@bla.com', :password => 'opensesame!'
|
|
69
|
-
assigns[:user].should be_nil
|
|
70
|
-
session[:user_id].should be_nil
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
it "login(username,password) should return nil and not set the session when upper case username" do
|
|
74
|
-
get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
|
|
75
|
-
assigns[:user].should be_nil
|
|
76
|
-
session[:user_id].should be_nil
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
it "login(email,password) should return the user when success and set the session with the _csrf_token" do
|
|
80
|
-
get :test_login, :email => 'bla@bla.com', :password => 'secret'
|
|
81
|
-
session[:_csrf_token].should_not be_nil
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
it "login(username,password) should return the user and set the session with user.id when upper case username and config is downcase before authenticating" do
|
|
85
|
-
sorcery_model_property_set(:downcase_username_before_authenticating, true)
|
|
86
|
-
get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
|
|
87
|
-
assigns[:user].should == @user
|
|
88
|
-
session[:user_id].should == @user.id
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
it "login(username,password) should return nil and not set the session when user was created with upper case username, config is default, and log in username is lower case" do
|
|
92
|
-
create_new_user({:username => 'GIZMO1', :email => "BLA1@BLA.com", :password => 'secret1'})
|
|
93
|
-
get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
|
|
94
|
-
assigns[:user].should be_nil
|
|
95
|
-
session[:user_id].should be_nil
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
it "login(username,password) should return the user and set the session with user.id when user was created with upper case username and config is downcase before authenticating" do
|
|
99
|
-
sorcery_model_property_set(:downcase_username_before_authenticating, true)
|
|
100
|
-
create_new_user({:username => 'GIZMO1', :email => "BLA1@BLA.com", :password => 'secret1'})
|
|
101
|
-
get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
|
|
102
|
-
assigns[:user].should == @user
|
|
103
|
-
session[:user_id].should == @user.id
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
it "logout should clear the session" do
|
|
107
|
-
cookies[:remember_me_token] = nil
|
|
108
|
-
session[:user_id] = @user.id
|
|
109
|
-
get :test_logout
|
|
110
|
-
session[:user_id].should be_nil
|
|
111
|
-
end
|
|
112
|
-
|
|
113
|
-
it "logged_in? should return true if logged in" do
|
|
114
|
-
session[:user_id] = @user.id
|
|
115
|
-
subject.logged_in?.should be_true
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
it "logged_in? should return false if not logged in" do
|
|
119
|
-
session[:user_id] = nil
|
|
120
|
-
subject.logged_in?.should be_false
|
|
121
|
-
end
|
|
122
|
-
|
|
123
|
-
it "current_user should return the user instance if logged in" do
|
|
124
|
-
create_new_user
|
|
125
|
-
session[:user_id] = @user.id
|
|
126
|
-
subject.current_user.should == @user
|
|
127
|
-
end
|
|
128
|
-
|
|
129
|
-
it "current_user should return false if not logged in" do
|
|
130
|
-
session[:user_id] = nil
|
|
131
|
-
subject.current_user.should == false
|
|
132
|
-
end
|
|
133
|
-
|
|
134
|
-
specify { should respond_to(:require_login) }
|
|
135
|
-
|
|
136
|
-
it "should call the configured 'not_authenticated_action' when authenticate before_filter fails" do
|
|
137
|
-
session[:user_id] = nil
|
|
138
|
-
sorcery_controller_property_set(:not_authenticated_action, :test_not_authenticated_action)
|
|
139
|
-
get :test_logout
|
|
140
|
-
response.body.should == "test_not_authenticated_action"
|
|
141
|
-
end
|
|
142
|
-
|
|
143
|
-
it "require_login before_filter should save the url that the user originally wanted" do
|
|
144
|
-
get :some_action
|
|
145
|
-
session[:return_to_url].should == "http://test.host/some_action"
|
|
146
|
-
response.should redirect_to("http://test.host/")
|
|
147
|
-
end
|
|
148
|
-
|
|
149
|
-
it "require_login before_filter should not save the url that the user originally wanted upon all non-get http methods" do
|
|
150
|
-
[:post, :put, :delete].each do |m|
|
|
151
|
-
self.send(m, :some_action)
|
|
152
|
-
session[:return_to_url].should be_nil
|
|
153
|
-
end
|
|
154
|
-
end
|
|
155
|
-
|
|
156
|
-
it "on successful login the user should be redirected to the url he originally wanted" do
|
|
157
|
-
session[:return_to_url] = "http://test.host/some_action"
|
|
158
|
-
post :test_return_to, :username => 'gizmo', :password => 'secret'
|
|
159
|
-
response.should redirect_to("http://test.host/some_action")
|
|
160
|
-
flash[:notice].should == "haha!"
|
|
161
|
-
end
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
# --- login_user(user) ---
|
|
165
|
-
specify { should respond_to(:auto_login) }
|
|
166
|
-
|
|
167
|
-
it "auto_login(user) should login a user instance" do
|
|
168
|
-
create_new_user
|
|
169
|
-
session[:user_id] = nil
|
|
170
|
-
subject.auto_login(@user)
|
|
171
|
-
subject.logged_in?.should be_true
|
|
172
|
-
end
|
|
173
|
-
end
|
|
174
|
-
|
|
175
|
-
end
|
|
@@ -1,111 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe SorceryController do
|
|
4
|
-
|
|
5
|
-
# ----------------- ACTIVITY LOGGING -----------------------
|
|
6
|
-
describe SorceryController, "with activity logging features" do
|
|
7
|
-
before(:all) do
|
|
8
|
-
sorcery_reload!([:activity_logging])
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
before(:each) do
|
|
12
|
-
create_new_user
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
after(:each) do
|
|
16
|
-
User.delete_all
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
specify { subject.should respond_to(:current_users) }
|
|
20
|
-
|
|
21
|
-
it "'current_users' should be empty when no users are logged in" do
|
|
22
|
-
subject.current_users.size.should == 0
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "should log login time on login" do
|
|
26
|
-
now = Time.now.utc
|
|
27
|
-
login_user
|
|
28
|
-
@user.last_login_at.should_not be_nil
|
|
29
|
-
@user.last_login_at.utc.to_s.should >= now.utc.to_s
|
|
30
|
-
@user.last_login_at.utc.to_s.should <= (now.utc+2).to_s
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
it "should log logout time on logout" do
|
|
34
|
-
login_user
|
|
35
|
-
now = Time.now.utc
|
|
36
|
-
logout_user
|
|
37
|
-
User.first.last_logout_at.utc.should_not be_nil
|
|
38
|
-
User.first.last_logout_at.utc.to_s.should >= now.utc.to_s
|
|
39
|
-
User.first.last_logout_at.utc.to_s.should <= (now.utc+2).to_s
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
it "should log last activity time when logged in" do
|
|
43
|
-
login_user
|
|
44
|
-
now = Time.now.utc
|
|
45
|
-
get :some_action
|
|
46
|
-
User.first.last_activity_at.utc.should >= now.utc
|
|
47
|
-
User.first.last_activity_at.utc.should <= (now.utc+2)
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
it "should log last IP address when logged in" do
|
|
51
|
-
login_user
|
|
52
|
-
get :some_action
|
|
53
|
-
User.first.last_login_from_ip_address.should == "0.0.0.0"
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
it "should update nothing but activity fields" do
|
|
57
|
-
original_user_name = User.first.username
|
|
58
|
-
login_user
|
|
59
|
-
get :some_action_making_a_non_persisted_change_to_the_user
|
|
60
|
-
User.first.username.should == original_user_name
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
it "'current_users' should hold the user object when 1 user is logged in" do
|
|
64
|
-
login_user
|
|
65
|
-
get :some_action
|
|
66
|
-
subject.current_users.size.should == 1
|
|
67
|
-
subject.current_users[0].should == @user
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
it "'current_users' should show all current_users, whether they have logged out before or not." do
|
|
71
|
-
user1 = create_new_user({:username => 'gizmo1', :email => "bla1@bla.com", :password => 'secret1'})
|
|
72
|
-
login_user(user1)
|
|
73
|
-
get :some_action
|
|
74
|
-
clear_user_without_logout
|
|
75
|
-
user2 = create_new_user({:username => 'gizmo2', :email => "bla2@bla.com", :password => 'secret2'})
|
|
76
|
-
login_user(user2)
|
|
77
|
-
get :some_action
|
|
78
|
-
clear_user_without_logout
|
|
79
|
-
user3 = create_new_user({:username => 'gizmo3', :email => "bla3@bla.com", :password => 'secret3'})
|
|
80
|
-
login_user(user3)
|
|
81
|
-
get :some_action
|
|
82
|
-
subject.current_users.size.should == 3
|
|
83
|
-
subject.current_users[0].should == user1
|
|
84
|
-
subject.current_users[1].should == user2
|
|
85
|
-
subject.current_users[2].should == user3
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
it "should not register login time if configured so" do
|
|
89
|
-
sorcery_controller_property_set(:register_login_time, false)
|
|
90
|
-
now = Time.now.in_time_zone
|
|
91
|
-
login_user
|
|
92
|
-
@user.last_login_at.should be_nil
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
it "should not register logout time if configured so" do
|
|
96
|
-
sorcery_controller_property_set(:register_logout_time, false)
|
|
97
|
-
now = Time.now.in_time_zone
|
|
98
|
-
login_user
|
|
99
|
-
logout_user
|
|
100
|
-
@user.last_logout_at.should be_nil
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
it "should not register last activity time if configured so" do
|
|
104
|
-
sorcery_controller_property_set(:register_last_activity_time, false)
|
|
105
|
-
now = Time.now.in_time_zone
|
|
106
|
-
login_user
|
|
107
|
-
get :some_action
|
|
108
|
-
@user.last_activity_at.should be_nil
|
|
109
|
-
end
|
|
110
|
-
end
|
|
111
|
-
end
|