sorcery 0.9.1 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sorcery might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +29 -104
- data/CHANGELOG.md +13 -1
- data/Gemfile +2 -16
- data/README.md +124 -272
- data/Rakefile +2 -2
- data/gemfiles/{mongoid-rails40.gemfile → active_record-rails42.gemfile} +1 -3
- data/lib/generators/sorcery/helpers.rb +4 -4
- data/lib/generators/sorcery/install_generator.rb +25 -19
- data/lib/generators/sorcery/templates/initializer.rb +27 -52
- data/lib/generators/sorcery/templates/migration/activity_logging.rb +2 -2
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +1 -1
- data/lib/generators/sorcery/templates/migration/core.rb +3 -3
- data/lib/generators/sorcery/templates/migration/external.rb +2 -2
- data/lib/generators/sorcery/templates/migration/remember_me.rb +2 -2
- data/lib/generators/sorcery/templates/migration/reset_password.rb +2 -2
- data/lib/generators/sorcery/templates/migration/user_activation.rb +2 -2
- data/lib/sorcery.rb +0 -28
- data/lib/sorcery/adapters/active_record_adapter.rb +7 -18
- data/lib/sorcery/controller.rb +19 -21
- data/lib/sorcery/controller/config.rb +20 -18
- data/lib/sorcery/controller/submodules/activity_logging.rb +7 -15
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +1 -2
- data/lib/sorcery/controller/submodules/external.rb +22 -14
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +16 -19
- data/lib/sorcery/controller/submodules/remember_me.rb +15 -10
- data/lib/sorcery/controller/submodules/session_timeout.rb +7 -8
- data/lib/sorcery/crypto_providers/aes256.rb +15 -15
- data/lib/sorcery/crypto_providers/bcrypt.rb +19 -21
- data/lib/sorcery/crypto_providers/common.rb +1 -1
- data/lib/sorcery/crypto_providers/md5.rb +5 -5
- data/lib/sorcery/crypto_providers/sha1.rb +5 -5
- data/lib/sorcery/crypto_providers/sha256.rb +2 -2
- data/lib/sorcery/crypto_providers/sha512.rb +3 -3
- data/lib/sorcery/engine.rb +3 -8
- data/lib/sorcery/model.rb +24 -32
- data/lib/sorcery/model/config.rb +64 -49
- data/lib/sorcery/model/submodules/activity_logging.rb +31 -12
- data/lib/sorcery/model/submodules/brute_force_protection.rb +23 -23
- data/lib/sorcery/model/submodules/external.rb +3 -7
- data/lib/sorcery/model/submodules/remember_me.rb +19 -7
- data/lib/sorcery/model/submodules/reset_password.rb +32 -36
- data/lib/sorcery/model/submodules/user_activation.rb +38 -50
- data/lib/sorcery/model/temporary_token.rb +2 -2
- data/lib/sorcery/protocols/oauth.rb +3 -9
- data/lib/sorcery/protocols/oauth2.rb +0 -2
- data/lib/sorcery/providers/base.rb +4 -4
- data/lib/sorcery/providers/facebook.rb +5 -8
- data/lib/sorcery/providers/github.rb +5 -7
- data/lib/sorcery/providers/google.rb +3 -5
- data/lib/sorcery/providers/heroku.rb +6 -8
- data/lib/sorcery/providers/jira.rb +12 -17
- data/lib/sorcery/providers/linkedin.rb +6 -8
- data/lib/sorcery/providers/liveid.rb +4 -7
- data/lib/sorcery/providers/paypal.rb +60 -0
- data/lib/sorcery/providers/salesforce.rb +3 -5
- data/lib/sorcery/providers/slack.rb +45 -0
- data/lib/sorcery/providers/twitter.rb +4 -6
- data/lib/sorcery/providers/vk.rb +3 -5
- data/lib/sorcery/providers/wechat.rb +79 -0
- data/lib/sorcery/providers/xing.rb +7 -10
- data/lib/sorcery/test_helpers/internal.rb +10 -10
- data/lib/sorcery/test_helpers/internal/rails.rb +16 -8
- data/lib/sorcery/test_helpers/rails/controller.rb +1 -1
- data/lib/sorcery/test_helpers/rails/integration.rb +5 -6
- data/lib/sorcery/version.rb +1 -1
- data/sorcery.gemspec +25 -27
- data/spec/active_record/user_activation_spec.rb +2 -3
- data/spec/active_record/user_activity_logging_spec.rb +2 -4
- data/spec/active_record/user_brute_force_protection_spec.rb +3 -4
- data/spec/active_record/user_oauth_spec.rb +3 -4
- data/spec/active_record/user_remember_me_spec.rb +3 -4
- data/spec/active_record/user_reset_password_spec.rb +2 -3
- data/spec/active_record/user_spec.rb +7 -7
- data/spec/controllers/controller_activity_logging_spec.rb +13 -24
- data/spec/controllers/controller_brute_force_protection_spec.rb +6 -8
- data/spec/controllers/controller_http_basic_auth_spec.rb +19 -20
- data/spec/controllers/controller_oauth2_spec.rb +125 -100
- data/spec/controllers/controller_oauth_spec.rb +86 -66
- data/spec/controllers/controller_remember_me_spec.rb +35 -30
- data/spec/controllers/controller_session_timeout_spec.rb +14 -15
- data/spec/controllers/controller_spec.rb +77 -111
- data/spec/orm/active_record.rb +1 -1
- data/spec/rails_app/app/active_record/authentication.rb +1 -1
- data/spec/rails_app/app/active_record/user.rb +2 -2
- data/spec/rails_app/app/controllers/sorcery_controller.rb +89 -24
- data/spec/rails_app/app/mailers/sorcery_mailer.rb +16 -17
- data/spec/rails_app/config.ru +1 -1
- data/spec/rails_app/config/application.rb +7 -7
- data/spec/rails_app/config/boot.rb +1 -1
- data/spec/rails_app/config/environments/test.rb +1 -1
- data/spec/rails_app/config/initializers/compatible_legacy_migration.rb +11 -0
- data/spec/rails_app/config/initializers/session_store.rb +3 -3
- data/spec/rails_app/config/routes.rb +11 -1
- data/spec/rails_app/db/migrate/activation/20101224223622_add_activation_to_users.rb +4 -4
- data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +8 -8
- data/spec/rails_app/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +5 -5
- data/spec/rails_app/db/migrate/core/20101224223620_create_users.rb +5 -5
- data/spec/rails_app/db/migrate/external/20101224223628_create_authentications_and_user_providers.rb +3 -3
- data/spec/rails_app/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +6 -6
- data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +5 -5
- data/spec/shared_examples/user_activation_shared_examples.rb +99 -58
- data/spec/shared_examples/user_activity_logging_shared_examples.rb +47 -41
- data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +19 -24
- data/spec/shared_examples/user_oauth_shared_examples.rb +7 -10
- data/spec/shared_examples/user_remember_me_shared_examples.rb +90 -21
- data/spec/shared_examples/user_reset_password_shared_examples.rb +52 -54
- data/spec/shared_examples/user_shared_examples.rb +215 -118
- data/spec/sorcery_crypto_providers_spec.rb +63 -76
- data/spec/spec_helper.rb +17 -13
- metadata +28 -83
- data/gemfiles/mongo_mapper-rails40.gemfile +0 -9
- data/gemfiles/mongo_mapper-rails41.gemfile +0 -9
- data/gemfiles/mongoid-rails41.gemfile +0 -9
- data/gemfiles/mongoid3-rails32.gemfile +0 -9
- data/lib/sorcery/adapters/data_mapper_adapter.rb +0 -176
- data/lib/sorcery/adapters/mongo_mapper_adapter.rb +0 -110
- data/lib/sorcery/adapters/mongoid_adapter.rb +0 -97
- data/lib/sorcery/railties/tasks.rake +0 -6
- data/spec/data_mapper/user_activation_spec.rb +0 -10
- data/spec/data_mapper/user_activity_logging_spec.rb +0 -14
- data/spec/data_mapper/user_brute_force_protection_spec.rb +0 -9
- data/spec/data_mapper/user_oauth_spec.rb +0 -9
- data/spec/data_mapper/user_remember_me_spec.rb +0 -8
- data/spec/data_mapper/user_reset_password_spec.rb +0 -8
- data/spec/data_mapper/user_spec.rb +0 -27
- data/spec/mongo_mapper/user_activation_spec.rb +0 -9
- data/spec/mongo_mapper/user_activity_logging_spec.rb +0 -8
- data/spec/mongo_mapper/user_brute_force_protection_spec.rb +0 -8
- data/spec/mongo_mapper/user_oauth_spec.rb +0 -8
- data/spec/mongo_mapper/user_remember_me_spec.rb +0 -8
- data/spec/mongo_mapper/user_reset_password_spec.rb +0 -8
- data/spec/mongo_mapper/user_spec.rb +0 -37
- data/spec/mongoid/user_activation_spec.rb +0 -9
- data/spec/mongoid/user_activity_logging_spec.rb +0 -8
- data/spec/mongoid/user_brute_force_protection_spec.rb +0 -8
- data/spec/mongoid/user_oauth_spec.rb +0 -8
- data/spec/mongoid/user_remember_me_spec.rb +0 -8
- data/spec/mongoid/user_reset_password_spec.rb +0 -8
- data/spec/mongoid/user_spec.rb +0 -51
- data/spec/orm/data_mapper.rb +0 -48
- data/spec/orm/mongo_mapper.rb +0 -10
- data/spec/orm/mongoid.rb +0 -22
- data/spec/rails_app/app/data_mapper/authentication.rb +0 -8
- data/spec/rails_app/app/data_mapper/user.rb +0 -7
- data/spec/rails_app/app/mongo_mapper/authentication.rb +0 -6
- data/spec/rails_app/app/mongo_mapper/user.rb +0 -7
- data/spec/rails_app/app/mongoid/authentication.rb +0 -7
- data/spec/rails_app/app/mongoid/user.rb +0 -7
@@ -4,12 +4,36 @@ require 'spec_helper'
|
|
4
4
|
require 'ostruct'
|
5
5
|
|
6
6
|
def stub_all_oauth_requests!
|
7
|
-
consumer = OAuth::Consumer.new(
|
7
|
+
consumer = OAuth::Consumer.new('key', 'secret', site: 'http://myapi.com')
|
8
8
|
req_token = OAuth::RequestToken.new(consumer)
|
9
9
|
acc_token = OAuth::AccessToken.new(consumer)
|
10
10
|
|
11
|
-
response = OpenStruct.new
|
12
|
-
response.body = {
|
11
|
+
response = OpenStruct.new
|
12
|
+
response.body = {
|
13
|
+
'following' => false, 'listed_count' => 0, 'profile_link_color' => '0084B4',
|
14
|
+
'profile_image_url' => 'http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg',
|
15
|
+
'description' => 'Programmer/Heavy Metal Fan/New Father',
|
16
|
+
'status' => {
|
17
|
+
'text' => 'coming soon to sorcery gem: twitter and facebook authentication support.',
|
18
|
+
'truncated' => false, 'favorited' => false, 'source' => 'web', 'geo' => nil,
|
19
|
+
'in_reply_to_screen_name' => nil, 'in_reply_to_user_id' => nil,
|
20
|
+
'in_reply_to_status_id_str' => nil, 'created_at' => 'Sun Mar 06 23:01:12 +0000 2011',
|
21
|
+
'contributors' => nil, 'place' => nil, 'retweeted' => false, 'in_reply_to_status_id' => nil,
|
22
|
+
'in_reply_to_user_id_str' => nil, 'coordinates' => nil, 'retweet_count' => 0,
|
23
|
+
'id' => 44533012284706816, 'id_str' => '44533012284706816'
|
24
|
+
},
|
25
|
+
'show_all_inline_media' => false, 'geo_enabled' => true,
|
26
|
+
'profile_sidebar_border_color' => 'a8c7f7', 'url' => nil, 'followers_count' => 10,
|
27
|
+
'screen_name' => 'nbenari', 'profile_use_background_image' => true, 'location' => 'Israel',
|
28
|
+
'statuses_count' => 25, 'profile_background_color' => '022330', 'lang' => 'en',
|
29
|
+
'verified' => false, 'notifications' => false,
|
30
|
+
'profile_background_image_url' => 'http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg',
|
31
|
+
'favourites_count' => 5, 'created_at' => 'Fri Nov 20 21:58:19 +0000 2009',
|
32
|
+
'is_translator' => false, 'contributors_enabled' => false, 'protected' => false,
|
33
|
+
'follow_request_sent' => false, 'time_zone' => 'Greenland', 'profile_text_color' => '333333',
|
34
|
+
'name' => 'Noam Ben Ari', 'friends_count' => 10, 'profile_sidebar_fill_color' => 'C0DFEC',
|
35
|
+
'id' => 123, 'id_str' => '91434812', 'profile_background_tile' => false, 'utc_offset' => -10800
|
36
|
+
}.to_json
|
13
37
|
|
14
38
|
session[:request_token] = req_token.token
|
15
39
|
session[:request_token_secret] = req_token.secret
|
@@ -21,83 +45,80 @@ def stub_all_oauth_requests!
|
|
21
45
|
allow(acc_token).to receive(:get) { response }
|
22
46
|
end
|
23
47
|
|
24
|
-
describe SorceryController do
|
25
|
-
|
48
|
+
describe SorceryController, type: :controller do
|
26
49
|
let(:user) { double('user', id: 42) }
|
27
50
|
|
28
51
|
before(:all) do
|
29
52
|
sorcery_reload!([:external])
|
30
53
|
sorcery_controller_property_set(:external_providers, [:twitter, :jira])
|
31
|
-
sorcery_controller_external_property_set(:twitter, :key,
|
32
|
-
sorcery_controller_external_property_set(:twitter, :secret,
|
33
|
-
sorcery_controller_external_property_set(:twitter, :callback_url,
|
34
|
-
|
35
|
-
sorcery_controller_external_property_set(:jira, :key,
|
36
|
-
sorcery_controller_external_property_set(:jira, :secret,
|
37
|
-
sorcery_controller_external_property_set(:jira, :site,
|
38
|
-
sorcery_controller_external_property_set(:jira, :signature_method,
|
39
|
-
sorcery_controller_external_property_set(:jira, :private_key_file,
|
40
|
-
sorcery_controller_external_property_set(:jira, :callback_url,
|
54
|
+
sorcery_controller_external_property_set(:twitter, :key, 'eYVNBjBDi33aa9GkA3w')
|
55
|
+
sorcery_controller_external_property_set(:twitter, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
|
56
|
+
sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
|
57
|
+
|
58
|
+
sorcery_controller_external_property_set(:jira, :key, '7810b8e317ebdc81601c72f8daecc0f1')
|
59
|
+
sorcery_controller_external_property_set(:jira, :secret, 'MyAppUsingJira')
|
60
|
+
sorcery_controller_external_property_set(:jira, :site, 'http://jira.mycompany.com/plugins/servlet/oauth')
|
61
|
+
sorcery_controller_external_property_set(:jira, :signature_method, 'RSA-SHA1')
|
62
|
+
sorcery_controller_external_property_set(:jira, :private_key_file, 'myrsakey.pem')
|
63
|
+
sorcery_controller_external_property_set(:jira, :callback_url, 'http://myappusingjira.com/home')
|
41
64
|
end
|
42
65
|
|
43
66
|
# ----------------- OAuth -----------------------
|
44
67
|
describe SorceryController, "'using external API to login'" do
|
45
|
-
|
46
68
|
before(:each) do
|
47
69
|
stub_all_oauth_requests!
|
48
70
|
end
|
49
71
|
|
50
|
-
context
|
72
|
+
context 'when callback_url begin with /' do
|
51
73
|
before do
|
52
|
-
sorcery_controller_external_property_set(:twitter, :callback_url,
|
74
|
+
sorcery_controller_external_property_set(:twitter, :callback_url, '/oauth/twitter/callback')
|
53
75
|
end
|
54
|
-
it
|
76
|
+
it 'login_at redirects correctly' do
|
55
77
|
get :login_at_test
|
56
78
|
expect(response).to be_a_redirect
|
57
|
-
expect(response).to redirect_to(
|
79
|
+
expect(response).to redirect_to('http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=')
|
58
80
|
end
|
59
81
|
after do
|
60
|
-
sorcery_controller_external_property_set(:twitter, :callback_url,
|
82
|
+
sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
|
61
83
|
end
|
62
84
|
end
|
63
85
|
|
64
|
-
context
|
65
|
-
it
|
86
|
+
context 'when callback_url begin with http://' do
|
87
|
+
it 'login_at redirects correctly', pending: true do
|
66
88
|
get :login_at_test
|
67
89
|
expect(response).to be_a_redirect
|
68
|
-
expect(response).to redirect_to(
|
90
|
+
expect(response).to redirect_to('http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=')
|
69
91
|
end
|
70
92
|
end
|
71
93
|
|
72
|
-
it
|
94
|
+
it 'logins if user exists' do
|
73
95
|
expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
|
74
96
|
|
75
|
-
get :test_login_from, :oauth_verifier
|
76
|
-
expect(flash[:notice]).to eq
|
97
|
+
get :test_login_from, params: { oauth_verifier: 'blablaRERASDFcxvSDFA' }
|
98
|
+
expect(flash[:notice]).to eq 'Success!'
|
77
99
|
end
|
78
100
|
|
79
101
|
it "'login_from' fails if user doesn't exist" do
|
80
102
|
expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(nil)
|
81
103
|
|
82
|
-
get :test_login_from, :oauth_verifier
|
83
|
-
expect(flash[:alert]).to eq
|
104
|
+
get :test_login_from, params: { oauth_verifier: 'blablaRERASDFcxvSDFA' }
|
105
|
+
expect(flash[:alert]).to eq 'Failed!'
|
84
106
|
end
|
85
107
|
|
86
108
|
it "on successful 'login_from' the user is redirected to the url he originally wanted" do
|
87
109
|
expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
|
88
|
-
get :test_return_to_with_external, {}, :return_to_url
|
89
|
-
expect(response).to redirect_to(
|
90
|
-
expect(flash[:notice]).to eq
|
110
|
+
get :test_return_to_with_external, params: {}, session: { return_to_url: 'fuu' }
|
111
|
+
expect(response).to redirect_to('fuu')
|
112
|
+
expect(flash[:notice]).to eq 'Success!'
|
91
113
|
end
|
92
114
|
|
93
|
-
context
|
94
|
-
it
|
115
|
+
context 'when jira' do
|
116
|
+
it 'user logins successfully' do
|
95
117
|
get :login_at_test_jira
|
96
118
|
expect(session[:request_token]).not_to be_nil
|
97
119
|
expect(response).to be_a_redirect
|
98
120
|
end
|
99
121
|
end
|
100
|
-
|
101
122
|
end
|
102
123
|
|
103
124
|
describe SorceryController do
|
@@ -106,31 +127,31 @@ describe SorceryController do
|
|
106
127
|
stub_all_oauth_requests!
|
107
128
|
end
|
108
129
|
|
109
|
-
it
|
110
|
-
sorcery_controller_external_property_set(:twitter, :user_info_mapping,
|
130
|
+
it 'creates a new user' do
|
131
|
+
sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'screen_name')
|
111
132
|
expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
|
112
|
-
expect(User).to receive(:create_from_provider).with('twitter', '123',
|
133
|
+
expect(User).to receive(:create_from_provider).with('twitter', '123', username: 'nbenari').and_return(user)
|
113
134
|
|
114
|
-
get :test_create_from_provider, :provider
|
135
|
+
get :test_create_from_provider, params: { provider: 'twitter' }
|
115
136
|
end
|
116
137
|
|
117
|
-
it
|
118
|
-
sorcery_controller_external_property_set(:twitter, :user_info_mapping,
|
138
|
+
it 'supports nested attributes' do
|
139
|
+
sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'status/text')
|
119
140
|
expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
|
120
|
-
expect(User).to receive(:create_from_provider).with('twitter', '123',
|
141
|
+
expect(User).to receive(:create_from_provider).with('twitter', '123', username: 'coming soon to sorcery gem: twitter and facebook authentication support.').and_return(user)
|
121
142
|
|
122
|
-
get :test_create_from_provider, :provider
|
143
|
+
get :test_create_from_provider, params: { provider: 'twitter' }
|
123
144
|
end
|
124
145
|
|
125
|
-
it
|
126
|
-
sorcery_controller_external_property_set(:twitter, :user_info_mapping,
|
146
|
+
it 'does not crash on missing nested attributes' do
|
147
|
+
sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'status/text', created_at: 'does/not/exist')
|
127
148
|
expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
|
128
|
-
expect(User).to receive(:create_from_provider).with('twitter', '123',
|
149
|
+
expect(User).to receive(:create_from_provider).with('twitter', '123', username: 'coming soon to sorcery gem: twitter and facebook authentication support.').and_return(user)
|
129
150
|
|
130
|
-
get :test_create_from_provider, :provider
|
151
|
+
get :test_create_from_provider, params: { provider: 'twitter' }
|
131
152
|
end
|
132
153
|
|
133
|
-
it
|
154
|
+
it 'binds new provider' do
|
134
155
|
sorcery_model_property_set(:authentications_class, UserProvider)
|
135
156
|
|
136
157
|
allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
|
@@ -138,31 +159,30 @@ describe SorceryController do
|
|
138
159
|
login_user(user)
|
139
160
|
|
140
161
|
expect(user).to receive(:add_provider_to_user).with('twitter', '123')
|
141
|
-
get :test_add_second_provider, :provider
|
162
|
+
get :test_add_second_provider, params: { provider: 'twitter' }
|
142
163
|
end
|
143
164
|
|
144
|
-
describe
|
145
|
-
it
|
165
|
+
describe 'with a block' do
|
166
|
+
it 'does not create user' do
|
146
167
|
sorcery_model_property_set(:authentications_class, Authentication)
|
147
|
-
sorcery_controller_external_property_set(:twitter, :user_info_mapping,
|
168
|
+
sorcery_controller_external_property_set(:twitter, :user_info_mapping, username: 'screen_name')
|
148
169
|
|
149
170
|
u = double('user')
|
150
171
|
expect(User).to receive(:load_from_provider).with('twitter', '123').and_return(nil)
|
151
|
-
expect(User).to receive(:create_from_provider).with('twitter', '123',
|
172
|
+
expect(User).to receive(:create_from_provider).with('twitter', '123', username: 'nbenari').and_return(u).and_yield(u)
|
152
173
|
|
153
|
-
get :test_create_from_provider_with_block, :provider
|
174
|
+
get :test_create_from_provider_with_block, params: { provider: 'twitter' }
|
154
175
|
end
|
155
|
-
|
156
176
|
end
|
157
177
|
end
|
158
178
|
end
|
159
179
|
|
160
|
-
describe SorceryController,
|
180
|
+
describe SorceryController, 'OAuth with user activation features' do
|
161
181
|
before(:all) do
|
162
182
|
sorcery_reload!([:activity_logging, :external])
|
163
183
|
end
|
164
184
|
|
165
|
-
context
|
185
|
+
context 'when twitter' do
|
166
186
|
before(:each) do
|
167
187
|
sorcery_controller_property_set(:register_login_time, true)
|
168
188
|
sorcery_controller_property_set(:register_logout_time, false)
|
@@ -171,7 +191,7 @@ describe SorceryController do
|
|
171
191
|
stub_all_oauth_requests!
|
172
192
|
end
|
173
193
|
|
174
|
-
it
|
194
|
+
it 'registers login time' do
|
175
195
|
now = Time.now.in_time_zone
|
176
196
|
Timecop.freeze(now)
|
177
197
|
expect(User).to receive(:load_from_provider).and_return(user)
|
@@ -180,7 +200,7 @@ describe SorceryController do
|
|
180
200
|
Timecop.return
|
181
201
|
end
|
182
202
|
|
183
|
-
it
|
203
|
+
it 'does not register login time if configured so' do
|
184
204
|
sorcery_controller_property_set(:register_login_time, false)
|
185
205
|
now = Time.now.in_time_zone
|
186
206
|
Timecop.freeze(now)
|
@@ -192,7 +212,7 @@ describe SorceryController do
|
|
192
212
|
end
|
193
213
|
end
|
194
214
|
|
195
|
-
describe SorceryController,
|
215
|
+
describe SorceryController, 'OAuth with session timeout features' do
|
196
216
|
before(:all) do
|
197
217
|
if SORCERY_ORM == :active_record
|
198
218
|
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
@@ -208,10 +228,10 @@ describe SorceryController do
|
|
208
228
|
end
|
209
229
|
end
|
210
230
|
|
211
|
-
context
|
231
|
+
context 'when twitter' do
|
212
232
|
before(:each) do
|
213
233
|
sorcery_model_property_set(:authentications_class, Authentication)
|
214
|
-
sorcery_controller_property_set(:session_timeout,0.5)
|
234
|
+
sorcery_controller_property_set(:session_timeout, 0.5)
|
215
235
|
stub_all_oauth_requests!
|
216
236
|
end
|
217
237
|
|
@@ -219,17 +239,17 @@ describe SorceryController do
|
|
219
239
|
Timecop.return
|
220
240
|
end
|
221
241
|
|
222
|
-
it
|
242
|
+
it 'does not reset session before session timeout' do
|
223
243
|
expect(User).to receive(:load_from_provider).with(:twitter, '123').and_return(user)
|
224
244
|
get :test_login_from
|
225
245
|
|
226
246
|
expect(session[:user_id]).not_to be_nil
|
227
|
-
expect(flash[:notice]).to eq
|
247
|
+
expect(flash[:notice]).to eq 'Success!'
|
228
248
|
end
|
229
249
|
|
230
|
-
it
|
250
|
+
it 'resets session after session timeout' do
|
231
251
|
get :test_login_from
|
232
|
-
Timecop.travel(Time.now.in_time_zone+0.6)
|
252
|
+
Timecop.travel(Time.now.in_time_zone + 0.6)
|
233
253
|
get :test_should_be_logged_in
|
234
254
|
|
235
255
|
expect(session[:user_id]).to be_nil
|
@@ -1,12 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe SorceryController do
|
4
|
-
|
3
|
+
describe SorceryController, type: :controller do
|
5
4
|
let!(:user) { double('user', id: 42) }
|
6
5
|
|
7
6
|
# ----------------- REMEMBER ME -----------------------
|
8
|
-
context
|
9
|
-
|
7
|
+
context 'with remember me features' do
|
10
8
|
before(:all) do
|
11
9
|
sorcery_reload!([:remember_me])
|
12
10
|
end
|
@@ -23,46 +21,53 @@ describe SorceryController do
|
|
23
21
|
allow(user).to receive_message_chain(:sorcery_config, :remember_me_token_expires_at_attribute_name).and_return(:remember_me_token_expires_at)
|
24
22
|
end
|
25
23
|
|
26
|
-
it
|
24
|
+
it 'sets cookie on remember_me!' do
|
27
25
|
expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
|
28
26
|
expect(user).to receive(:remember_me!)
|
29
27
|
|
30
|
-
post :test_login_with_remember, :email
|
28
|
+
post :test_login_with_remember, params: { email: 'bla@bla.com', password: 'secret' }
|
31
29
|
|
32
|
-
expect(cookies.signed[
|
30
|
+
expect(cookies.signed['remember_me_token']).to eq assigns[:current_user].remember_me_token
|
33
31
|
end
|
34
32
|
|
35
|
-
it
|
36
|
-
cookies[
|
33
|
+
it 'clears cookie on forget_me!' do
|
34
|
+
cookies['remember_me_token'] == { value: 'asd54234dsfsd43534', expires: 3600 }
|
37
35
|
get :test_logout
|
38
36
|
|
39
|
-
expect(cookies[
|
37
|
+
expect(cookies['remember_me_token']).to be_nil
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'clears cookie on force_forget_me!' do
|
41
|
+
cookies['remember_me_token'] == { value: 'asd54234dsfsd43534', expires: 3600 }
|
42
|
+
get :test_logout_with_force_forget_me
|
43
|
+
|
44
|
+
expect(cookies['remember_me_token']).to be_nil
|
40
45
|
end
|
41
46
|
|
42
|
-
it
|
47
|
+
it 'login(email,password,remember_me) logs user in and remembers' do
|
43
48
|
expect(User).to receive(:authenticate).with('bla@bla.com', 'secret', '1').and_return(user)
|
44
49
|
expect(user).to receive(:remember_me!)
|
45
50
|
expect(user).to receive(:remember_me_token).and_return('abracadabra').twice
|
46
51
|
|
47
|
-
post :test_login_with_remember_in_login, :email
|
52
|
+
post :test_login_with_remember_in_login, params: { email: 'bla@bla.com', password: 'secret', remember: '1' }
|
48
53
|
|
49
|
-
expect(cookies.signed[
|
50
|
-
expect(cookies.signed[
|
54
|
+
expect(cookies.signed['remember_me_token']).not_to be_nil
|
55
|
+
expect(cookies.signed['remember_me_token']).to eq assigns[:user].remember_me_token
|
51
56
|
end
|
52
57
|
|
53
|
-
it
|
58
|
+
it 'logout also calls forget_me!' do
|
54
59
|
session[:user_id] = user.id.to_s
|
55
|
-
|
60
|
+
expect(User.sorcery_adapter).to receive(:find_by_id).with(user.id.to_s).and_return(user)
|
56
61
|
expect(user).to receive(:remember_me!)
|
57
62
|
expect(user).to receive(:forget_me!)
|
58
63
|
get :test_logout_with_remember
|
59
64
|
|
60
|
-
expect(cookies[
|
65
|
+
expect(cookies['remember_me_token']).to be_nil
|
61
66
|
end
|
62
67
|
|
63
|
-
it
|
64
|
-
|
65
|
-
|
68
|
+
it 'logs user in from cookie' do
|
69
|
+
session[:user_id] = user.id.to_s
|
70
|
+
expect(User.sorcery_adapter).to receive(:find_by_id).with(user.id.to_s).and_return(user)
|
66
71
|
expect(user).to receive(:remember_me!)
|
67
72
|
expect(user).to receive(:remember_me_token).and_return('token').twice
|
68
73
|
expect(user).to receive(:has_remember_me_token?) { true }
|
@@ -80,30 +85,30 @@ describe SorceryController do
|
|
80
85
|
expect(assigns[:current_user]).to eq user
|
81
86
|
end
|
82
87
|
|
83
|
-
it
|
84
|
-
post :test_login_with_remember_in_login, :email
|
88
|
+
it 'doest not remember_me! when not asked to, even if third parameter is used' do
|
89
|
+
post :test_login_with_remember_in_login, params: { email: 'bla@bla.com', password: 'secret', remember: '0' }
|
85
90
|
|
86
|
-
expect(cookies[
|
91
|
+
expect(cookies['remember_me_token']).to be_nil
|
87
92
|
end
|
88
93
|
|
89
|
-
it
|
90
|
-
post :test_login, :email
|
91
|
-
expect(cookies[
|
94
|
+
it 'doest not remember_me! when not asked to' do
|
95
|
+
post :test_login, params: { email: 'bla@bla.com', password: 'secret' }
|
96
|
+
expect(cookies['remember_me_token']).to be_nil
|
92
97
|
end
|
93
98
|
|
94
99
|
# --- login_user(user) ---
|
95
100
|
specify { expect(@controller).to respond_to :auto_login }
|
96
101
|
|
97
|
-
it
|
102
|
+
it 'auto_login(user) logs in an user instance without remembering' do
|
98
103
|
session[:user_id] = nil
|
99
104
|
subject.auto_login(user)
|
100
105
|
get :test_login_from_cookie
|
101
106
|
|
102
107
|
expect(assigns[:current_user]).to eq user
|
103
|
-
expect(cookies[
|
108
|
+
expect(cookies['remember_me_token']).to be_nil
|
104
109
|
end
|
105
110
|
|
106
|
-
it
|
111
|
+
it 'auto_login(user, true) logs in an user instance with remembering' do
|
107
112
|
session[:user_id] = nil
|
108
113
|
expect(user).to receive(:remember_me!)
|
109
114
|
subject.auto_login(user, true)
|
@@ -111,7 +116,7 @@ describe SorceryController do
|
|
111
116
|
get :test_login_from_cookie
|
112
117
|
|
113
118
|
expect(assigns[:current_user]).to eq user
|
114
|
-
expect(cookies[
|
119
|
+
expect(cookies['remember_me_token']).not_to be_nil
|
115
120
|
end
|
116
121
|
end
|
117
122
|
end
|
@@ -1,14 +1,13 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe SorceryController do
|
4
|
-
|
3
|
+
describe SorceryController, type: :controller do
|
5
4
|
let!(:user) { double('user', id: 42) }
|
6
5
|
|
7
6
|
# ----------------- SESSION TIMEOUT -----------------------
|
8
|
-
context
|
7
|
+
context 'with session timeout features' do
|
9
8
|
before(:all) do
|
10
9
|
sorcery_reload!([:session_timeout])
|
11
|
-
sorcery_controller_property_set(:session_timeout,0.5)
|
10
|
+
sorcery_controller_property_set(:session_timeout, 0.5)
|
12
11
|
end
|
13
12
|
|
14
13
|
after(:each) do
|
@@ -20,7 +19,7 @@ describe SorceryController do
|
|
20
19
|
allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
|
21
20
|
end
|
22
21
|
|
23
|
-
it
|
22
|
+
it 'does not reset session before session timeout' do
|
24
23
|
login_user user
|
25
24
|
get :test_should_be_logged_in
|
26
25
|
|
@@ -28,38 +27,38 @@ describe SorceryController do
|
|
28
27
|
expect(response).to be_a_success
|
29
28
|
end
|
30
29
|
|
31
|
-
it
|
30
|
+
it 'resets session after session timeout' do
|
32
31
|
login_user user
|
33
|
-
Timecop.travel(Time.now.in_time_zone+0.6)
|
32
|
+
Timecop.travel(Time.now.in_time_zone + 0.6)
|
34
33
|
get :test_should_be_logged_in
|
35
34
|
|
36
35
|
expect(session[:user_id]).to be_nil
|
37
36
|
expect(response).to be_a_redirect
|
38
37
|
end
|
39
38
|
|
40
|
-
it
|
39
|
+
it 'works if the session is stored as a string or a Time' do
|
41
40
|
session[:login_time] = Time.now.to_s
|
42
41
|
# TODO: ???
|
43
42
|
expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
|
44
43
|
|
45
|
-
get :test_login, :email
|
44
|
+
get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
|
46
45
|
|
47
46
|
expect(session[:user_id]).not_to be_nil
|
48
47
|
expect(response).to be_a_success
|
49
48
|
end
|
50
49
|
|
51
50
|
context "with 'session_timeout_from_last_action'" do
|
52
|
-
it
|
51
|
+
it 'does not logout if there was activity' do
|
53
52
|
sorcery_controller_property_set(:session_timeout_from_last_action, true)
|
54
53
|
expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
|
55
54
|
|
56
|
-
get :test_login, :email
|
57
|
-
Timecop.travel(Time.now.in_time_zone+0.3)
|
55
|
+
get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
|
56
|
+
Timecop.travel(Time.now.in_time_zone + 0.3)
|
58
57
|
get :test_should_be_logged_in
|
59
58
|
|
60
59
|
expect(session[:user_id]).not_to be_nil
|
61
60
|
|
62
|
-
Timecop.travel(Time.now.in_time_zone+0.3)
|
61
|
+
Timecop.travel(Time.now.in_time_zone + 0.3)
|
63
62
|
get :test_should_be_logged_in
|
64
63
|
|
65
64
|
expect(session[:user_id]).not_to be_nil
|
@@ -68,8 +67,8 @@ describe SorceryController do
|
|
68
67
|
|
69
68
|
it "with 'session_timeout_from_last_action' logs out if there was no activity" do
|
70
69
|
sorcery_controller_property_set(:session_timeout_from_last_action, true)
|
71
|
-
get :test_login, :email
|
72
|
-
Timecop.travel(Time.now.in_time_zone+0.6)
|
70
|
+
get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
|
71
|
+
Timecop.travel(Time.now.in_time_zone + 0.6)
|
73
72
|
get :test_should_be_logged_in
|
74
73
|
|
75
74
|
expect(session[:user_id]).to be_nil
|