sorcery 0.8.6 → 0.9.0

data/lib/sorcery/controller/config.rb

@@ -0,0 +1,65 @@
+module Sorcery
+  module Controller
+    module Config
+      class << self
+        attr_accessor :submodules,
+                      :user_class,                    # what class to use as the user class.
+                      :not_authenticated_action,      # what controller action to call for non-authenticated users.
+
+                      :save_return_to_url,            # when a non logged in user tries to enter a page that requires
+                                                      # login, save the URL he wanted to reach,
+                                                      # and send him there after login.
+
+                      :cookie_domain,                 # set domain option for cookies
+
+                      :login_sources,
+                      :after_login,
+                      :after_failed_login,
+                      :before_logout,
+                      :after_logout
+
+        def init!
+          @defaults = {
+            :@user_class                           => nil,
+            :@submodules                           => [],
+            :@not_authenticated_action             => :not_authenticated,
+            :@login_sources                        => [],
+            :@after_login                          => [],
+            :@after_failed_login                   => [],
+            :@before_logout                        => [],
+            :@after_logout                         => [],
+            :@save_return_to_url                   => true,
+            :@cookie_domain                        => nil
+          }
+        end
+
+        # Resets all configuration options to their default values.
+        def reset!
+          @defaults.each do |k,v|
+            instance_variable_set(k,v)
+          end
+        end
+
+        def update!
+          @defaults.each do |k,v|
+            instance_variable_set(k,v) if !instance_variable_defined?(k)
+          end
+        end
+
+        def user_config(&blk)
+          block_given? ? @user_config = blk : @user_config
+        end
+
+        def configure(&blk)
+          @configure_blk = blk
+        end
+
+        def configure!
+          @configure_blk.call(self) if @configure_blk
+        end
+      end
+      init!
+      reset!
+    end
+  end
+end

data/lib/sorcery/controller/submodules/activity_logging.rb

@@ -1,13 +1,13 @@
 module Sorcery
   module Controller
     module Submodules
-      # This submodule keeps track of events such as login, logout, 
+      # This submodule keeps track of events such as login, logout,
       # and last activity time, per user.
       # It helps in estimating which users are active now in the site.
-      # This cannot be determined absolutely because a user might be 
+      # This cannot be determined absolutely because a user might be
       # reading a page without clicking anything for a while.
-      # This is the controller part of the submodule, which adds hooks 
-      # to register user events, 
+      # This is the controller part of the submodule, which adds hooks
+      # to register user events,
       # and methods to collect active users data for use in the app.
       # see Socery::Model::Submodules::ActivityLogging for configuration
       # options.
@@ -20,7 +20,7 @@ module Sorcery
               attr_accessor :register_logout_time
               attr_accessor :register_last_activity_time
               attr_accessor :register_last_ip_address
-            
+
               def merge_activity_logging_defaults!
                 @defaults.merge!(:@register_login_time         => true,
                                  :@register_logout_time        => true,
@@ -36,49 +36,44 @@ module Sorcery
           Config.before_logout  << :register_logout_time_to_db
           base.after_filter :register_last_activity_time_to_db
         end
-        
+
         module InstanceMethods
           # Returns an array of the active users.
           def current_users
+            ActiveSupport::Deprecation.warn("Sorcery: `current_users` method is deprecated. Read more on Github: https://github.com/NoamB/sorcery/issues/602")
+
             user_class.current_users
-            # A possible patch here:
-            # we'll add the current_user to the users list if he's not in it
-            # (can happen when he was inactive for more than activity timeout):
-            #
-            #   users.unshift!(current_user) if logged_in? && users.find {|u| u.id == current_user.id}.nil?
-            #
-            # disadvantages: can hurt performance.
           end
-          
+
           protected
-          
+
           # registers last login time on every login.
           # This runs as a hook just after a successful login.
           def register_login_time_to_db(user, credentials)
             return unless Config.register_login_time
-            user.update_single_attribute(user.sorcery_config.last_login_at_attribute_name, Time.now.in_time_zone)
+            user.set_last_login_at(Time.now.in_time_zone)
           end
-          
+
           # registers last logout time on every logout.
           # This runs as a hook just before a logout.
           def register_logout_time_to_db(user)
             return unless Config.register_logout_time
-            user.update_single_attribute(user.sorcery_config.last_logout_at_attribute_name, Time.now.in_time_zone)
+            user.set_last_logout_at(Time.now.in_time_zone)
           end
-          
+
           # Updates last activity time on every request.
           # The only exception is logout - we do not update activity on logout
           def register_last_activity_time_to_db
             return unless Config.register_last_activity_time
             return unless logged_in?
-            current_user.update_single_attribute(current_user.sorcery_config.last_activity_at_attribute_name, Time.now.in_time_zone)
+            current_user.set_last_activity_at(Time.now.in_time_zone)
           end
 
           # Updates IP address on every login.
           # This runs as a hook just after a successful login.
           def register_last_ip_address(user, credentials)
             return unless Config.register_last_ip_address
-            current_user.update_single_attribute(current_user.sorcery_config.last_login_from_ip_address_name, request.remote_ip)
+            current_user.set_last_ip_addess(request.remote_ip)
           end
         end
       end

data/lib/sorcery/controller/submodules/brute_force_protection.rb

@@ -14,22 +14,22 @@ module Sorcery
           Config.after_login << :reset_failed_logins_count!
           Config.after_failed_login << :update_failed_logins_count!
         end
-        
+
         module InstanceMethods
-          
+
           protected
-          
+
           # Increments the failed logins counter on every failed login.
           # Runs as a hook after a failed login.
           def update_failed_logins_count!(credentials)
-            user = user_class.find_by_credentials(credentials)
+            user = user_class.sorcery_adapter.find_by_credentials(credentials)
             user.register_failed_login! if user
           end
-          
+
           # Resets the failed logins counter.
           # Runs as a hook after a successful login.
           def reset_failed_logins_count!(user, credentials)
-            user.update_many_attributes(user_class.sorcery_config.failed_logins_count_attribute_name => 0)
+            user.sorcery_adapter.update_attribute(user_class.sorcery_config.failed_logins_count_attribute_name, 0)
           end
         end
       end

data/lib/sorcery/controller/submodules/external.rb

@@ -15,7 +15,10 @@ module Sorcery
           require 'sorcery/providers/liveid'
           require 'sorcery/providers/xing'
           require 'sorcery/providers/github'
+          require 'sorcery/providers/heroku'
           require 'sorcery/providers/google'
+          require 'sorcery/providers/jira'
+          require 'sorcery/providers/salesforce'
 
           Config.module_eval do
             class << self
@@ -133,15 +136,7 @@ module Sorcery
             sorcery_fetch_user_hash provider_name
             config = user_class.sorcery_config
 
-            # first check to see if user has a particular authentication already
-            unless (current_user.send(config.authentications_class.name.underscore.pluralize).send("find_by_#{config.provider_attribute_name}_and_#{config.provider_uid_attribute_name}", provider_name, @user_hash[:uid].to_s))
-              user = current_user.send(config.authentications_class.name.underscore.pluralize).build(config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name.to_s)
-              user.sorcery_save(:validate => false)
-            else
-              user = false
-            end
-
-            return user
+            current_user.add_provider_to_user(provider_name.to_s, @user_hash[:uid].to_s)
           end
 
           # Initialize new user from provider informations.
@@ -153,13 +148,12 @@ module Sorcery
 
             attrs = user_attrs(@provider.user_info_mapping, @user_hash)
 
-            user = user_class.new(attrs)
-            user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name)
+            user, saved = user_class.create_and_validate_from_provider(provider_name, @user_hash[:uid], attrs)
 
             session[:incomplete_user] = {
               :provider => {config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name},
               :user_hash => attrs
-            } unless user.sorcery_save
+            } unless saved
 
             return user
           end
@@ -180,26 +174,12 @@ module Sorcery
           #
           #   create_from(provider) {|user| user.some_check }
           #
-          def create_from(provider_name)
+          def create_from(provider_name, &block)
             sorcery_fetch_user_hash provider_name
             config = user_class.sorcery_config
 
             attrs = user_attrs(@provider.user_info_mapping, @user_hash)
-
-            user_class.transaction do
-              @user = user_class.new()
-              attrs.each do |k,v|
-                @user.send(:"#{k}=", v)
-              end
-
-              if block_given?
-                return false unless yield @user
-              end
-
-              @user.sorcery_save(:validate => false)
-              user_class.sorcery_config.authentications_class.create!({config.authentications_user_id_attribute_name => @user.id, config.provider_attribute_name => provider_name, config.provider_uid_attribute_name => @user_hash[:uid]})
-            end
-            @user
+            @user = user_class.create_from_provider(provider_name, @user_hash[:uid], attrs, &block)
           end
 
           def user_attrs(user_info_mapping, user_hash)

data/lib/sorcery/controller/submodules/remember_me.rb

@@ -38,7 +38,7 @@ module Sorcery
           # Override.
           # logins a user instance, and optionally remembers him.
           def auto_login(user, should_remember = false)
-            session[:user_id] = user.id
+            session[:user_id] = user.id.to_s
             @current_user = user
             remember_me! if should_remember
           end
@@ -55,10 +55,10 @@ module Sorcery
           # and logs the user in if found.
           # Runs as a login source. See 'current_user' method for how it is used.
           def login_from_cookie
-            user = cookies.signed[:remember_me_token] && user_class.find_by_remember_me_token(cookies.signed[:remember_me_token])
-            if user && user.remember_me_token?
+            user = cookies.signed[:remember_me_token] && user_class.sorcery_adapter.find_by_remember_me_token(cookies.signed[:remember_me_token])
+            if user && user.has_remember_me_token?
               set_remember_me_cookie!(user)
-              session[:user_id] = user.id
+              session[:user_id] = user.id.to_s
               @current_user = user
             else
               @current_user = false

data/lib/sorcery/controller/submodules/session_timeout.rb

@@ -9,10 +9,10 @@ module Sorcery
           Config.module_eval do
             class << self
               attr_accessor :session_timeout,                     # how long in seconds to keep the session alive.
-              
+
                             :session_timeout_from_last_action     # use the last action as the beginning of session
                                                                   # timeout.
-                            
+
               def merge_session_timeout_defaults!
                 @defaults.merge!(:@session_timeout                      => 3600, # 1.hour
                                  :@session_timeout_from_last_action     => false)
@@ -23,21 +23,21 @@ module Sorcery
           Config.after_login << :register_login_time
           base.prepend_before_filter :validate_session
         end
-        
+
         module InstanceMethods
           protected
-          
+
           # Registers last login to be used as the timeout starting point.
           # Runs as a hook after a successful login.
           def register_login_time(user, credentials)
             session[:login_time] = session[:last_action_time] = Time.now.in_time_zone
           end
-          
+
           # Checks if session timeout was reached and expires the current session if so.
           # To be used as a before_filter, before require_login
           def validate_session
             session_to_use = Config.session_timeout_from_last_action ? session[:last_action_time] : session[:login_time]
-            if session_to_use && (Time.now.in_time_zone - session_to_use.to_time > Config.session_timeout)
+            if session_to_use && sorcery_session_expired?(session_to_use.to_time)
               reset_sorcery_session
               @current_user = nil
             else
@@ -45,6 +45,10 @@ module Sorcery
             end
           end
 
+          def sorcery_session_expired?(time)
+            Time.now.in_time_zone - time > Config.session_timeout
+          end
+
         end
       end
     end

data/lib/sorcery/model.rb

@@ -19,17 +19,28 @@ module Sorcery
       # This runs the options block set in the initializer on the model class.
       ::Sorcery::Controller::Config.user_config.tap{|blk| blk.call(@sorcery_config) if blk}
 
-      init_mongoid_support! if defined?(Mongoid) and self.ancestors.include?(Mongoid::Document)
-      init_mongo_mapper_support! if defined?(MongoMapper) and self.ancestors.include?(MongoMapper::Document)
-      init_datamapper_support! if defined?(DataMapper) and self.ancestors.include?(DataMapper::Resource)
-
+      define_base_fields
       init_orm_hooks!
 
       @sorcery_config.after_config << :add_config_inheritance if @sorcery_config.subclasses_inherit_config
       @sorcery_config.after_config.each { |c| send(c) }
     end
 
-    protected
+    private
+
+    def define_base_fields
+      self.class_eval do
+        sorcery_config.username_attribute_names.each do |username|
+          sorcery_adapter.define_field username, String, length: 255
+        end
+        unless sorcery_config.username_attribute_names.include?(sorcery_config.email_attribute_name)
+          sorcery_adapter.define_field sorcery_config.email_attribute_name, String, length: 255
+        end
+        sorcery_adapter.define_field sorcery_config.crypted_password_attribute_name, String, length: 255
+        sorcery_adapter.define_field sorcery_config.salt_attribute_name, String, length: 255
+      end
+
+    end
 
     # includes required submodules into the model class,
     # which usually is called User.
@@ -47,77 +58,17 @@ module Sorcery
       end
     end
 
-    # defines mongoid fields on the model class,
-    # using 1.8.x hash syntax to perserve compatibility.
-    def init_mongoid_support!
-      self.class_eval do
-        sorcery_config.username_attribute_names.each do |username|
-          field username,         :type => String
-        end
-        field sorcery_config.email_attribute_name,            :type => String unless sorcery_config.username_attribute_names.include?(sorcery_config.email_attribute_name)
-        field sorcery_config.crypted_password_attribute_name, :type => String
-        field sorcery_config.salt_attribute_name,             :type => String
-      end
-    end
-
-    # defines mongo_mapper fields on the model class,
-    def init_mongo_mapper_support!
-      self.class_eval do
-        sorcery_config.username_attribute_names.each do |username|
-          key username, String
-        end
-        key sorcery_config.email_attribute_name, String unless sorcery_config.username_attribute_names.include?(sorcery_config.email_attribute_name)
-        key sorcery_config.crypted_password_attribute_name, String
-        key sorcery_config.salt_attribute_name, String
-      end
-    end
-
-    # defines datamapper fields on the model class
-    def init_datamapper_support!
-      self.class_eval do
-        sorcery_config.username_attribute_names.each do |username|
-          property username, String, :length => 255
-        end
-        unless sorcery_config.username_attribute_names.include?(sorcery_config.email_attribute_name)
-          property sorcery_config.email_attribute_name, String, :length => 255
-        end
-        property sorcery_config.crypted_password_attribute_name, String, :length => 255
-        property sorcery_config.salt_attribute_name, String, :length => 255
-      end
-    end
-
     # add virtual password accessor and ORM callbacks.
     def init_orm_hooks!
-      if defined?(DataMapper) and self.ancestors.include?(DataMapper::Resource)
-        init_datamapper_hooks!
-        return
-      end
-      self.class_eval do
-        attr_accessor @sorcery_config.password_attribute_name
-        #attr_protected @sorcery_config.crypted_password_attribute_name, @sorcery_config.salt_attribute_name
-        before_save :encrypt_password, :if => Proc.new { |record|
-          record.send(sorcery_config.password_attribute_name).present?
-        }
-        after_save :clear_virtual_password, :if => Proc.new { |record|
-          record.send(sorcery_config.password_attribute_name).present?
-        }
-      end
-    end
+      sorcery_adapter.define_callback :before, :validation, :encrypt_password, if: Proc.new {|record|
+        record.send(sorcery_config.password_attribute_name).present?
+      }
 
-    def init_datamapper_hooks!
-      self.class_eval do
-        attr_accessor @sorcery_config.password_attribute_name
-        before :valid? do
-          if self.send(sorcery_config.password_attribute_name).present?
-            encrypt_password
-          end
-        end
-        after :save do
-          if self.send(sorcery_config.password_attribute_name).present?
-            clear_virtual_password
-          end
-        end
-      end
+      sorcery_adapter.define_callback :after, :save, :clear_virtual_password, if: Proc.new {|record|
+        record.send(sorcery_config.password_attribute_name).present?
+      }
+
+      attr_accessor sorcery_config.password_attribute_name
     end
 
     module ClassMethods
@@ -139,12 +90,11 @@ module Sorcery
           credentials[0].downcase!
         end
 
-        user = find_by_credentials(credentials)
+        user = sorcery_adapter.find_by_credentials(credentials)
 
         set_encryption_attributes
 
-        _salt = user.send(@sorcery_config.salt_attribute_name) if user && !@sorcery_config.salt_attribute_name.nil? && !@sorcery_config.encryption_provider.nil?
-        user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && credentials_match?(user.send(@sorcery_config.crypted_password_attribute_name),credentials[1],_salt)
+        user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && user.valid_password?(credentials[1])
       end
 
       # encrypt tokens using current encryption_provider.
@@ -163,13 +113,7 @@ module Sorcery
         @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
         @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
       end
-
-      # Calls the configured encryption provider to compare the supplied password with the encrypted one.
-      def credentials_match?(crypted, *tokens)
-        return crypted == tokens.join if @sorcery_config.encryption_provider.nil?
-        @sorcery_config.encryption_provider.matches?(crypted, *tokens)
-      end
-
+      
       def add_config_inheritance
         self.class_eval do
           def self.inherited(subclass)
@@ -198,6 +142,16 @@ module Sorcery
         send(sorcery_config.crypted_password_attribute_name).nil?
       end
 
+      # Calls the configured encryption provider to compare the supplied password with the encrypted one.
+      def valid_password?(pass)
+        _crypted = self.send(sorcery_config.crypted_password_attribute_name)  
+        return _crypted == pass if sorcery_config.encryption_provider.nil?
+
+        _salt = self.send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
+
+        sorcery_config.encryption_provider.matches?(_crypted, pass, _salt)
+      end
+
       protected
 
       # creates new salt and saves it.
@@ -223,100 +177,14 @@ module Sorcery
         config = sorcery_config
         mail = config.send(mailer).send(config.send(method),self)
         if defined?(ActionMailer) and config.send(mailer).kind_of?(Class) and config.send(mailer) < ActionMailer::Base
-          mail.deliver
-        end
-      end
-    end
-
-    # Each class which calls 'activate_sorcery!' receives an instance of this class.
-    # Every submodule which gets loaded may add accessors to this class so that all
-    # options will be configured from a single place.
-    class Config
-
-      attr_accessor :username_attribute_names,           # change default username attribute, for example, to use :email
-                                                        # as the login.
-
-                    :password_attribute_name,           # change *virtual* password attribute, the one which is used
-                                                        # until an encrypted one is generated.
-
-                    :email_attribute_name,              # change default email attribute.
-
-                    :downcase_username_before_authenticating, # downcase the username before trying to authenticate, default is false
-
-                    :crypted_password_attribute_name,   # change default crypted_password attribute.
-                    :salt_join_token,                   # what pattern to use to join the password with the salt
-                    :salt_attribute_name,               # change default salt attribute.
-                    :stretches,                         # how many times to apply encryption to the password.
-                    :encryption_key,                    # encryption key used to encrypt reversible encryptions such as
-                                                        # AES256.
-
-                    :subclasses_inherit_config,         # make this configuration inheritable for subclasses. Useful for
-                                                        # ActiveRecord's STI.
-
-                    :submodules,                        # configured in config/application.rb
-                    :before_authenticate,               # an array of method names to call before authentication
-                                                        # completes. used internally.
-
-                    :after_config                       # an array of method names to call after configuration by user.
-                                                        # used internally.
-
-      attr_reader   :encryption_provider,               # change default encryption_provider.
-                    :custom_encryption_provider,        # use an external encryption class.
-                    :encryption_algorithm               # encryption algorithm name. See 'encryption_algorithm=' below
-                                                        # for available options.
-
-      def initialize
-        @defaults = {
-          :@submodules                           => [],
-          :@username_attribute_names              => [:email],
-          :@password_attribute_name              => :password,
-          :@downcase_username_before_authenticating => false,
-          :@email_attribute_name                 => :email,
-          :@crypted_password_attribute_name      => :crypted_password,
-          :@encryption_algorithm                 => :bcrypt,
-          :@encryption_provider                  => CryptoProviders::BCrypt,
-          :@custom_encryption_provider           => nil,
-          :@encryption_key                       => nil,
-          :@salt_join_token                      => "",
-          :@salt_attribute_name                  => :salt,
-          :@stretches                            => nil,
-          :@subclasses_inherit_config            => false,
-          :@before_authenticate                  => [],
-          :@after_config                         => []
-        }
-        reset!
-      end
-
-      # Resets all configuration options to their default values.
-      def reset!
-        @defaults.each do |k,v|
-          instance_variable_set(k,v)
-        end
-      end
-
-      def username_attribute_names=(fields)
-        @username_attribute_names = fields.kind_of?(Array) ? fields : [fields]
-      end
-
-      def custom_encryption_provider=(provider)
-        @custom_encryption_provider = @encryption_provider = provider
-      end
-
-      def encryption_algorithm=(algo)
-        @encryption_algorithm = algo
-        @encryption_provider = case @encryption_algorithm.to_sym
-        when :none   then nil
-        when :md5    then CryptoProviders::MD5
-        when :sha1   then CryptoProviders::SHA1
-        when :sha256 then CryptoProviders::SHA256
-        when :sha512 then CryptoProviders::SHA512
-        when :aes256 then CryptoProviders::AES256
-        when :bcrypt then CryptoProviders::BCrypt
-        when :custom then @custom_encryption_provider
-        else raise ArgumentError.new("Encryption algorithm supplied, #{algo}, is invalid")
+          # Rails 4.2 deprecates #deliver
+          if mail.respond_to?(:deliver_now)
+            mail.deliver_now
+          else
+            mail.deliver
+          end
         end
       end
-
     end
 
   end