sorcery 0.8.6 → 0.9.0

data/spec/{active_record → controllers}/controller_oauth_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-require 'shared_examples/controller_oauth_shared_examples'
+# require 'shared_examples/controller_oauth_shared_examples'
 require 'ostruct'
 
 def stub_all_oauth_requests!
@@ -21,21 +21,25 @@ def stub_all_oauth_requests!
   allow(acc_token).to receive(:get) { response }
 end
 
-describe SorceryController, :active_record => true do
-  before(:all) do
-    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
-    User.reset_column_information
+describe SorceryController do
+
+  let(:user) { double('user', id: 42) }
 
+  before(:all) do
     sorcery_reload!([:external])
-    sorcery_controller_property_set(:external_providers, [:twitter])
+    sorcery_controller_property_set(:external_providers, [:twitter, :jira])
     sorcery_controller_external_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
     sorcery_controller_external_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
     sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
-  end
 
-  after(:all) do
-    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+    sorcery_controller_external_property_set(:jira, :key, "7810b8e317ebdc81601c72f8daecc0f1")
+    sorcery_controller_external_property_set(:jira, :secret, "MyAppUsingJira")
+    sorcery_controller_external_property_set(:jira, :site, "http://jira.mycompany.com/plugins/servlet/oauth")
+    sorcery_controller_external_property_set(:jira, :signature_method, "RSA-SHA1")
+    sorcery_controller_external_property_set(:jira, :private_key_file, "myrsakey.pem")
+    sorcery_controller_external_property_set(:jira, :callback_url, "http://myappusingjira.com/home")
   end
+
   # ----------------- OAuth -----------------------
   describe SorceryController, "'using external API to login'" do
 
@@ -43,17 +47,11 @@ describe SorceryController, :active_record => true do
       stub_all_oauth_requests!
     end
 
-    after(:each) do
-      User.delete_all
-      Authentication.delete_all
-    end
-
     context "when callback_url begin with /" do
       before do
         sorcery_controller_external_property_set(:twitter, :callback_url, "/oauth/twitter/callback")
       end
       it "login_at redirects correctly" do
-        create_new_user
         get :login_at_test
         expect(response).to be_a_redirect
         expect(response).to redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=")
@@ -65,7 +63,6 @@ describe SorceryController, :active_record => true do
 
     context "when callback_url begin with http://" do
       it "login_at redirects correctly", pending: true do
-        create_new_user
         get :login_at_test
         expect(response).to be_a_redirect
         expect(response).to redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
@@ -73,123 +70,149 @@ describe SorceryController, :active_record => true do
     end
 
     it "logins if user exists" do
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:twitter)
+      expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
+
       get :test_login_from, :oauth_verifier => "blablaRERASDFcxvSDFA"
       expect(flash[:notice]).to eq "Success!"
     end
 
     it "'login_from' fails if user doesn't exist" do
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_user
+      expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(nil)
+
       get :test_login_from, :oauth_verifier => "blablaRERASDFcxvSDFA"
       expect(flash[:alert]).to eq "Failed!"
     end
 
     it "on successful 'login_from' the user is redirected to the url he originally wanted" do
-      sorcery_model_property_set(:authentications_class, Authentication)
-      create_new_external_user(:twitter)
+      expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
       get :test_return_to_with_external, {}, :return_to_url => "fuu"
       expect(response).to redirect_to("fuu")
       expect(flash[:notice]).to eq "Success!"
     end
 
+    context "when jira" do
+      it "user logins successfully" do
+        get :login_at_test_jira
+        expect(session[:request_token]).not_to be_nil
+        expect(response).to be_a_redirect
+      end
+    end
+
   end
 
   describe SorceryController do
-    it_behaves_like "oauth_controller"
-  end
+    describe "using 'create_from'" do
+      before(:each) do
+        stub_all_oauth_requests!
+      end
 
-  describe SorceryController, "using OAuth with User Activation features" do
-    before(:all) do
-      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
-      sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
-    end
+      it "creates a new user" do
+        sorcery_controller_external_property_set(:twitter, :user_info_mapping, {:username => "screen_name"})
+        expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
+        expect(User).to receive(:create_from_provider).with('twitter', '123', {username: 'nbenari'}).and_return(user)
 
-    after(:all) do
-      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
-    end
+        get :test_create_from_provider, :provider => "twitter"
+      end
 
-    after(:each) do
-      User.delete_all
-      Authentication.delete_all
-    end
+      it "supports nested attributes" do
+        sorcery_controller_external_property_set(:twitter, :user_info_mapping, {:username => "status/text"})
+        expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
+        expect(User).to receive(:create_from_provider).with('twitter', '123', {username: 'coming soon to sorcery gem: twitter and facebook authentication support.'}).and_return(user)
 
-    it "does not send activation email to external users" do
-      old_size = ActionMailer::Base.deliveries.size
-      create_new_external_user(:twitter)
-      expect(ActionMailer::Base.deliveries.size).to eq old_size
-    end
+        get :test_create_from_provider, :provider => "twitter"
+      end
+
+      it "does not crash on missing nested attributes" do
+        sorcery_controller_external_property_set(:twitter, :user_info_mapping, {:username => "status/text", :created_at => "does/not/exist"})
+        expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
+        expect(User).to receive(:create_from_provider).with('twitter', '123', {username: 'coming soon to sorcery gem: twitter and facebook authentication support.'}).and_return(user)
+
+        get :test_create_from_provider, :provider => "twitter"
+      end
+
+      it "binds new provider" do
+        sorcery_model_property_set(:authentications_class, UserProvider)
+
+        allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
+        allow(user).to receive(:username).and_return('bla@bla.com')
+        login_user(user)
+
+        expect(user).to receive(:add_provider_to_user).with('twitter', '123')
+        get :test_add_second_provider, :provider => "twitter"
+      end
+
+      describe "with a block" do
+        it "does not create user" do
+          sorcery_model_property_set(:authentications_class, Authentication)
+          sorcery_controller_external_property_set(:twitter, :user_info_mapping, {:username => "screen_name"})
+
+          u = double('user')
+          expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
+          expect(User).to receive(:create_from_provider).with('twitter', '123', {username: 'nbenari'}).and_return(u).and_yield(u)
 
-    it "does not send external users an activation success email" do
-      sorcery_model_property_set(:activation_success_email_method_name, nil)
-      create_new_external_user(:twitter)
-      old_size = ActionMailer::Base.deliveries.size
-      @user.activate!
-      expect(ActionMailer::Base.deliveries.size).to eq old_size
+          get :test_create_from_provider_with_block, :provider => "twitter"
+        end
+
+      end
     end
   end
 
   describe SorceryController, "OAuth with user activation features"  do
     before(:all) do
-      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
-      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
-      User.reset_column_information
       sorcery_reload!([:activity_logging, :external])
     end
 
-    after(:all) do
-      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
-      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
-      User.reset_column_information
-    end
-
     context "when twitter" do
       before(:each) do
-        User.delete_all
-        Authentication.delete_all
         sorcery_controller_property_set(:register_login_time, true)
+        sorcery_controller_property_set(:register_logout_time, false)
+        sorcery_controller_property_set(:register_last_activity_time, false)
+        sorcery_controller_property_set(:register_last_ip_address, false)
         stub_all_oauth_requests!
-        sorcery_model_property_set(:authentications_class, Authentication)
-        create_new_external_user(:twitter)
       end
 
       it "registers login time" do
         now = Time.now.in_time_zone
+        Timecop.freeze(now)
+        expect(User).to receive(:load_from_provider).and_return(user)
+        expect(user).to receive(:set_last_login_at).with(be_within(0.1).of(now))
         get :test_login_from
-        expect(User.last.last_login_at).not_to be_nil
-        expect(User.last.last_login_at.to_s(:db)).to be >= now.to_s(:db)
-        expect(User.last.last_login_at.to_s(:db)).to be <= (now+2).to_s(:db)
+        Timecop.return
       end
 
       it "does not register login time if configured so" do
         sorcery_controller_property_set(:register_login_time, false)
         now = Time.now.in_time_zone
+        Timecop.freeze(now)
+        expect(User).to receive(:load_from_provider).and_return(user)
+        expect(user).to receive(:set_last_login_at).never
         get :test_login_from
-        expect(User.last.last_login_at).to be_nil
+        Timecop.return
       end
     end
   end
 
   describe SorceryController, "OAuth with session timeout features" do
     before(:all) do
-      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
-      User.reset_column_information
+      if SORCERY_ORM == :active_record
+        ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
+        User.reset_column_information
+      end
+
       sorcery_reload!([:session_timeout, :external])
     end
 
     after(:all) do
-      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+      if SORCERY_ORM == :active_record
+        ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+      end
     end
 
     context "when twitter" do
       before(:each) do
-        User.delete_all
-        Authentication.delete_all
         sorcery_model_property_set(:authentications_class, Authentication)
         sorcery_controller_property_set(:session_timeout,0.5)
         stub_all_oauth_requests!
-        create_new_external_user(:twitter)
       end
 
       after(:each) do
@@ -197,6 +220,7 @@ describe SorceryController, :active_record => true do
       end
 
       it "does not reset session before session timeout" do
+        expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
         get :test_login_from
 
         expect(session[:user_id]).not_to be_nil

data/spec/{active_record → controllers}/controller_remember_me_spec.rb

@@ -1,29 +1,32 @@
 require 'spec_helper'
 
-describe SorceryController, :active_record => true do
+describe SorceryController do
 
-  let!(:user) { create_new_user }
+  let!(:user) { double('user', id: 42) }
 
   # ----------------- REMEMBER ME -----------------------
   context "with remember me features" do
 
     before(:all) do
-      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
-      User.reset_column_information
       sorcery_reload!([:remember_me])
     end
 
-    after(:all) do
-      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/remember_me")
-    end
-
     after(:each) do
       session = nil
       cookies = nil
-      User.delete_all
+    end
+
+    before(:each) do
+      allow(user).to receive(:remember_me_token)
+      allow(user).to receive(:remember_me_token_expires_at)
+      allow(user).to receive_message_chain(:sorcery_config, :remember_me_token_attribute_name).and_return(:remember_me_token)
+      allow(user).to receive_message_chain(:sorcery_config, :remember_me_token_expires_at_attribute_name).and_return(:remember_me_token_expires_at)
     end
 
     it "sets cookie on remember_me!" do
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+      expect(user).to receive(:remember_me!)
+
       post :test_login_with_remember, :email => 'bla@bla.com', :password => 'secret'
 
       expect(cookies.signed["remember_me_token"]).to eq assigns[:current_user].remember_me_token
@@ -37,6 +40,10 @@ describe SorceryController, :active_record => true do
     end
 
     it "login(email,password,remember_me) logs user in and remembers" do
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret', '1').and_return(user)
+      expect(user).to receive(:remember_me!)
+      expect(user).to receive(:remember_me_token).and_return('abracadabra').twice
+
       post :test_login_with_remember_in_login, :email => 'bla@bla.com', :password => 'secret', :remember => "1"
 
       expect(cookies.signed["remember_me_token"]).not_to be_nil
@@ -44,19 +51,30 @@ describe SorceryController, :active_record => true do
     end
 
     it "logout also calls forget_me!" do
-      session[:user_id] = user.id
+      session[:user_id] = user.id.to_s
+			expect(User.sorcery_adapter).to receive(:find_by_id).with(user.id.to_s).and_return(user)
+      expect(user).to receive(:remember_me!)
+      expect(user).to receive(:forget_me!)
       get :test_logout_with_remember
 
       expect(cookies["remember_me_token"]).to be_nil
     end
 
     it "logs user in from cookie" do
-      session[:user_id] = user.id
+			session[:user_id] = user.id.to_s
+			expect(User.sorcery_adapter).to receive(:find_by_id).with(user.id.to_s).and_return(user)
+      expect(user).to receive(:remember_me!)
+      expect(user).to receive(:remember_me_token).and_return('token').twice
+      expect(user).to receive(:has_remember_me_token?) { true }
+
       subject.remember_me!
       subject.instance_eval do
         remove_instance_variable :@current_user
       end
       session[:user_id] = nil
+
+      expect(User.sorcery_adapter).to receive(:find_by_remember_me_token).with('token').and_return(user)
+
       get :test_login_from_cookie
 
       expect(assigns[:current_user]).to eq user
@@ -87,11 +105,13 @@ describe SorceryController, :active_record => true do
 
     it "auto_login(user, true) logs in an user instance with remembering" do
       session[:user_id] = nil
+      expect(user).to receive(:remember_me!)
       subject.auto_login(user, true)
+
       get :test_login_from_cookie
 
       expect(assigns[:current_user]).to eq user
       expect(cookies["remember_me_token"]).not_to be_nil
     end
   end
-end
+end

data/spec/{active_record → controllers}/controller_session_timeout_spec.rb

@@ -1,8 +1,8 @@
 require 'spec_helper'
 
-describe SorceryController, :active_record => true do
+describe SorceryController do
 
-  let!(:user) { create_new_user }
+  let!(:user) { double('user', id: 42) }
 
   # ----------------- SESSION TIMEOUT -----------------------
   context "with session timeout features" do
@@ -15,8 +15,13 @@ describe SorceryController, :active_record => true do
       Timecop.return
     end
 
+    before(:each) do
+      allow(user).to receive(:username)
+      allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
+    end
+
     it "does not reset session before session timeout" do
-      login_user
+      login_user user
       get :test_should_be_logged_in
 
       expect(session[:user_id]).not_to be_nil
@@ -24,7 +29,7 @@ describe SorceryController, :active_record => true do
     end
 
     it "resets session after session timeout" do
-      login_user
+      login_user user
       Timecop.travel(Time.now.in_time_zone+0.6)
       get :test_should_be_logged_in
 
@@ -34,6 +39,9 @@ describe SorceryController, :active_record => true do
 
     it "works if the session is stored as a string or a Time" do
       session[:login_time] = Time.now.to_s
+      # TODO: ???
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+
       get :test_login, :email => 'bla@bla.com', :password => 'secret'
 
       expect(session[:user_id]).not_to be_nil
@@ -43,6 +51,8 @@ describe SorceryController, :active_record => true do
     context "with 'session_timeout_from_last_action'" do
       it "does not logout if there was activity" do
         sorcery_controller_property_set(:session_timeout_from_last_action, true)
+        expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+
         get :test_login, :email => 'bla@bla.com', :password => 'secret'
         Timecop.travel(Time.now.in_time_zone+0.3)
         get :test_should_be_logged_in
@@ -67,4 +77,4 @@ describe SorceryController, :active_record => true do
       end
     end
   end
-end
+end

data/spec/{shared_examples/controller_shared_examples.rb → controllers/controller_spec.rb}

@@ -1,5 +1,6 @@
-shared_examples_for "sorcery_controller" do
+require 'spec_helper'
 
+describe SorceryController do
   describe "plugin configuration" do
     before(:all) do
       sorcery_reload!
@@ -26,17 +27,15 @@ shared_examples_for "sorcery_controller" do
 
   # ----------------- PLUGIN ACTIVATED -----------------------
   context "when activated with sorcery" do
-    let!(:user) { create_new_user }
+    let(:user) { double('user', id: 42) }
 
     before(:all) do
       sorcery_reload!
-      User.delete_all
     end
 
     after(:each) do
       Sorcery::Controller::Config.reset!
       sorcery_reload!
-      User.delete_all
       sorcery_controller_property_set(:user_class, User)
       sorcery_model_property_set(:username_attribute_names, [:email])
     end
@@ -50,20 +49,26 @@ shared_examples_for "sorcery_controller" do
     specify { should respond_to(:current_user) }
 
     it "login(username,password) returns the user when success and set the session with user.id" do
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+
       get :test_login, :email => 'bla@bla.com', :password => 'secret'
 
       expect(assigns[:user]).to eq user
-      expect(session[:user_id]).to eq user.id
+      expect(session[:user_id]).to eq "42"
     end
 
     it "login(email,password) returns the user when success and set the session with user.id" do
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+
       get :test_login, :email => 'bla@bla.com', :password => 'secret'
 
       expect(assigns[:user]).to eq user
-      expect(session[:user_id]).to eq user.id
+      expect(session[:user_id]).to eq user.id.to_s
     end
 
     it "login(username,password) returns nil and not set the session when failure" do
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'opensesame!').and_return(nil)
+
       get :test_login, :email => 'bla@bla.com', :password => 'opensesame!'
 
       expect(assigns[:user]).to be_nil
@@ -71,56 +76,63 @@ shared_examples_for "sorcery_controller" do
     end
 
     it "login(email,password) returns the user when success and set the session with the _csrf_token" do
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
       get :test_login, :email => 'bla@bla.com', :password => 'secret'
 
       expect(session[:_csrf_token]).not_to be_nil
     end
 
     it "login(username,password) returns nil and not set the session when upper case username" do
-      skip('DM Adapter dependant') if SORCERY_ORM == :datamapper
+      skip('DM Adapter dependant') if SORCERY_ORM == :data_mapper
       get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
 
       expect(assigns[:user]).to be_nil
       expect(session[:user_id]).to be_nil
     end
 
+    # TODO: move test to model
     it "login(username,password) returns the user and set the session with user.id when upper case username and config is downcase before authenticating" do
       sorcery_model_property_set(:downcase_username_before_authenticating, true)
+      expect(User).to receive(:authenticate).with('BLA@BLA.COM', 'secret').and_return(user)
       get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
 
       expect(assigns[:user]).to eq user
-      expect(session[:user_id]).to eq user.id
+      expect(session[:user_id]).to eq user.id.to_s
     end
 
+    # TODO: move test to model
     it "login(username,password) returns nil and not set the session when user was created with upper case username, config is default, and log in username is lower case" do
-      skip('DM Adapter dependant') if SORCERY_ORM == :datamapper
-      create_new_user({:username => "", :email => "BLA1@BLA.COM", :password => 'secret1'})
+      skip('DM Adapter dependant') if SORCERY_ORM == :data_mapper
+      expect(User).to receive(:authenticate).with('bla1@bla.com', 'secret1').and_return(nil)
       get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
 
       expect(assigns[:user]).to be_nil
       expect(session[:user_id]).to be_nil
     end
 
+    # TODO: move test to model
     it "login(username,password) returns the user and set the session with user.id when user was created with upper case username and config is downcase before authenticating" do
-      skip('DM Adapter dependant') if SORCERY_ORM == :datamapper
+      skip('DM Adapter dependant') if SORCERY_ORM == :data_mapper
       sorcery_model_property_set(:downcase_username_before_authenticating, true)
-      new_user = create_new_user({:username => "", :email => "BLA1@BLA.COM", :password => 'secret1'})
+      expect(User).to receive(:authenticate).with('bla1@bla.com', 'secret1').and_return(user)
       get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
 
-      expect(assigns[:user]).to eq new_user
-      expect(session[:user_id]).to eq new_user.id
+      expect(assigns[:user]).to eq user
+      expect(session[:user_id]).to eq user.id.to_s
     end
 
     it "logout clears the session" do
       cookies[:remember_me_token] = nil
-      session[:user_id] = user.id
+      session[:user_id] = user.id.to_s
+      expect(User.sorcery_adapter).to receive(:find_by_id).with("42") { user }
       get :test_logout
 
       expect(session[:user_id]).to be_nil
     end
 
     it "logged_in? returns true if logged in" do
-      session[:user_id] = user.id
+      session[:user_id] = user.id.to_s
+      expect(User.sorcery_adapter).to receive(:find_by_id).with("42") { user }
 
       expect(subject.logged_in?).to be true
     end
@@ -132,14 +144,15 @@ shared_examples_for "sorcery_controller" do
     end
 
     it "current_user returns the user instance if logged in" do
-      create_new_user
-      session[:user_id] = user.id
+      session[:user_id] = user.id.to_s
+      expect(User.sorcery_adapter).to receive(:find_by_id).with("42") { user }
 
       2.times { expect(subject.current_user).to eq user } # memoized!
     end
 
     it "current_user returns false if not logged in" do
       session[:user_id] = nil
+      expect(User.sorcery_adapter).to_not receive(:find_by_id)
 
       2.times { expect(subject.current_user).to be_nil } # memoized!
     end
@@ -194,9 +207,11 @@ shared_examples_for "sorcery_controller" do
       expect(session[:user_id]).to be_nil
       expect(subject.current_user).to be_nil
 
+      expect(User).to receive(:first) { user }
+
       get :test_auto_login
 
-      expect(assigns[:result]).to eq User.first
+      expect(assigns[:result]).to eq user
     end
   end