sorcery 0.9.1 → 0.10.0

data/lib/sorcery/model/config.rb

@@ -4,43 +4,49 @@
 module Sorcery
   module Model
     class Config
-
-      attr_accessor :username_attribute_names,           # change default username attribute, for example, to use :email
-                                                        # as the login.
-
-                    :password_attribute_name,           # change *virtual* password attribute, the one which is used
-                                                        # until an encrypted one is generated.
-
-                    :email_attribute_name,              # change default email attribute.
-
-                    :downcase_username_before_authenticating, # downcase the username before trying to authenticate, default is false
-
-                    :crypted_password_attribute_name,   # change default crypted_password attribute.
-                    :salt_join_token,                   # what pattern to use to join the password with the salt
-                    :salt_attribute_name,               # change default salt attribute.
-                    :stretches,                         # how many times to apply encryption to the password.
-                    :encryption_key,                    # encryption key used to encrypt reversible encryptions such as
-                                                        # AES256.
-
-                    :subclasses_inherit_config,         # make this configuration inheritable for subclasses. Useful for
-                                                        # ActiveRecord's STI.
-
-                    :submodules,                        # configured in config/application.rb
-                    :before_authenticate,               # an array of method names to call before authentication
-                                                        # completes. used internally.
-
-                    :after_config                       # an array of method names to call after configuration by user.
-                                                        # used internally.
-
-      attr_reader   :encryption_provider,               # change default encryption_provider.
-                    :custom_encryption_provider,        # use an external encryption class.
-                    :encryption_algorithm               # encryption algorithm name. See 'encryption_algorithm=' below
-                                                        # for available options.
+      # change default username attribute, for example, to use :email as the login.
+      attr_accessor :username_attribute_names
+      # change *virtual* password attribute, the one which is used until an encrypted one is generated.
+      attr_accessor :password_attribute_name
+      # change default email attribute.
+      attr_accessor :email_attribute_name
+      # downcase the username before trying to authenticate, default is false
+      attr_accessor :downcase_username_before_authenticating
+      # change default crypted_password attribute.
+      attr_accessor :crypted_password_attribute_name
+      # what pattern to use to join the password with the salt
+      attr_accessor :salt_join_token
+      # change default salt attribute.
+      attr_accessor :salt_attribute_name
+      # how many times to apply encryption to the password.
+      attr_accessor :stretches
+      # encryption key used to encrypt reversible encryptions such as AES256.
+      attr_accessor :encryption_key
+      # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
+      attr_accessor :subclasses_inherit_config
+      # configured in config/application.rb
+      attr_accessor :submodules
+      # an array of method names to call before authentication completes. used internally.
+      attr_accessor :before_authenticate
+      # method to send email related
+      # options: `:deliver_later`, `:deliver_now`, `:deliver`
+      # Default: :deliver (Rails version < 4.2) or :deliver_now (Rails version 4.2+)
+      # method to send email related
+      attr_accessor :email_delivery_method
+      # an array of method names to call after configuration by user. used internally.
+      attr_accessor :after_config
+
+      # change default encryption_provider.
+      attr_reader :encryption_provider
+      # use an external encryption class.
+      attr_reader :custom_encryption_provider
+      # encryption algorithm name. See 'encryption_algorithm=' below for available options.
+      attr_reader :encryption_algorithm
 
       def initialize
         @defaults = {
           :@submodules                           => [],
-          :@username_attribute_names              => [:email],
+          :@username_attribute_names             => [:email],
           :@password_attribute_name              => :password,
           :@downcase_username_before_authenticating => false,
           :@email_attribute_name                 => :email,
@@ -49,25 +55,26 @@ module Sorcery
           :@encryption_provider                  => CryptoProviders::BCrypt,
           :@custom_encryption_provider           => nil,
           :@encryption_key                       => nil,
-          :@salt_join_token                      => "",
+          :@salt_join_token                      => '',
           :@salt_attribute_name                  => :salt,
           :@stretches                            => nil,
           :@subclasses_inherit_config            => false,
           :@before_authenticate                  => [],
-          :@after_config                         => []
+          :@after_config                         => [],
+          :@email_delivery_method                => default_email_delivery_method
         }
         reset!
       end
 
       # Resets all configuration options to their default values.
       def reset!
-        @defaults.each do |k,v|
-          instance_variable_set(k,v)
+        @defaults.each do |k, v|
+          instance_variable_set(k, v)
         end
       end
 
       def username_attribute_names=(fields)
-        @username_attribute_names = fields.kind_of?(Array) ? fields : [fields]
+        @username_attribute_names = fields.is_a?(Array) ? fields : [fields]
       end
 
       def custom_encryption_provider=(provider)
@@ -77,20 +84,28 @@ module Sorcery
       def encryption_algorithm=(algo)
         @encryption_algorithm = algo
         @encryption_provider = case @encryption_algorithm.to_sym
-        when :none   then nil
-        when :md5    then CryptoProviders::MD5
-        when :sha1   then CryptoProviders::SHA1
-        when :sha256 then CryptoProviders::SHA256
-        when :sha512 then CryptoProviders::SHA512
-        when :aes256 then CryptoProviders::AES256
-        when :bcrypt then CryptoProviders::BCrypt
-        when :custom then @custom_encryption_provider
-        else raise ArgumentError.new("Encryption algorithm supplied, #{algo}, is invalid")
+                               when :none   then nil
+                               when :md5    then CryptoProviders::MD5
+                               when :sha1   then CryptoProviders::SHA1
+                               when :sha256 then CryptoProviders::SHA256
+                               when :sha512 then CryptoProviders::SHA512
+                               when :aes256 then CryptoProviders::AES256
+                               when :bcrypt then CryptoProviders::BCrypt
+                               when :custom then @custom_encryption_provider
+                               else raise ArgumentError, "Encryption algorithm supplied, #{algo}, is invalid"
         end
       end
 
-    end
+      private
+
+      def default_email_delivery_method
+        # Rails 4.2 deprecates #deliver
+        rails_version_bigger_than_or_equal?('4.2.0') ? :deliver_now : :deliver
+      end
 
+      def rails_version_bigger_than_or_equal?(version)
+        Gem::Version.new(version) <= Gem::Version.new(Rails.version)
+      end
+    end
   end
 end
-

data/lib/sorcery/model/submodules/activity_logging.rb

@@ -12,12 +12,16 @@ module Sorcery
           base.send(:include, InstanceMethods)
 
           base.sorcery_config.class_eval do
-            attr_accessor :last_login_at_attribute_name,                  # last login attribute name.
-                          :last_logout_at_attribute_name,                 # last logout attribute name.
-                          :last_activity_at_attribute_name,               # last activity attribute name.
-                          :last_login_from_ip_address_name,               # last activity login source
-                          :activity_timeout                               # how long since last activity is
-                                                                          #the user defined logged out?
+            # last login attribute name.
+            attr_accessor :last_login_at_attribute_name
+            # last logout attribute name.
+            attr_accessor :last_logout_at_attribute_name
+            # last activity attribute name.
+            attr_accessor :last_activity_at_attribute_name
+            # last activity login source
+            attr_accessor :last_login_from_ip_address_name
+            # how long since last activity is the user defined offline
+            attr_accessor :activity_timeout
           end
 
           base.sorcery_config.instance_eval do
@@ -45,18 +49,33 @@ module Sorcery
             sorcery_adapter.update_attribute(sorcery_config.last_activity_at_attribute_name, time)
           end
 
-          def set_last_ip_addess(ip_address)
+          def set_last_ip_address(ip_address)
             sorcery_adapter.update_attribute(sorcery_config.last_login_from_ip_address_name, ip_address)
           end
-        end
 
-        module ClassMethods
-          # get all users with last_activity within timeout
-          def current_users
-            sorcery_adapter.get_current_users
+          # online method shows if user is active (logout action makes user inactive too)
+          def online?
+            return false if send(sorcery_config.last_activity_at_attribute_name).nil?
+
+            logged_in? && send(sorcery_config.last_activity_at_attribute_name) > sorcery_config.activity_timeout.seconds.ago
+          end
+
+          #  shows if user is logged in, but it not show if user is online - see online?
+          def logged_in?
+            return false if send(sorcery_config.last_login_at_attribute_name).nil?
+            return true if send(sorcery_config.last_login_at_attribute_name).present? && send(sorcery_config.last_logout_at_attribute_name).nil?
+
+            send(sorcery_config.last_login_at_attribute_name) > send(sorcery_config.last_logout_at_attribute_name)
           end
 
+          def logged_out?
+            !logged_in?
+          end
+        end
+
+        module ClassMethods
           protected
+
           def define_activity_logging_fields
             sorcery_adapter.define_field sorcery_config.last_login_at_attribute_name,    Time
             sorcery_adapter.define_field sorcery_config.last_logout_at_attribute_name,   Time

data/lib/sorcery/model/submodules/brute_force_protection.rb

@@ -10,15 +10,15 @@ module Sorcery
           base.sorcery_config.class_eval do
             attr_accessor :failed_logins_count_attribute_name,        # failed logins attribute name.
                           :lock_expires_at_attribute_name,            # this field indicates whether user
-                                                                      # is banned and when it will be active again.
+                          # is banned and when it will be active again.
                           :consecutive_login_retries_amount_limit,    # how many failed logins allowed.
                           :login_lock_time_period,                    # how long the user should be banned.
-                                                                      # in seconds. 0 for permanent.
+                          # in seconds. 0 for permanent.
 
                           :unlock_token_attribute_name,               # Unlock token attribute name
                           :unlock_token_email_method_name,            # Mailer method name
                           :unlock_token_mailer_disabled,              # When true, dont send unlock token via email
-                          :unlock_token_mailer                        # Mailer class
+                          :unlock_token_mailer                        # Mailer class
           end
 
           base.sorcery_config.instance_eval do
@@ -43,14 +43,14 @@ module Sorcery
         module ClassMethods
           def load_from_unlock_token(token)
             return nil if token.blank?
-            user = sorcery_adapter.find_by_token(sorcery_config.unlock_token_attribute_name,token)
+            user = sorcery_adapter.find_by_token(sorcery_config.unlock_token_attribute_name, token)
             user
           end
 
           protected
 
           def define_brute_force_protection_fields
-            sorcery_adapter.define_field sorcery_config.failed_logins_count_attribute_name, Integer, :default => 0
+            sorcery_adapter.define_field sorcery_config.failed_logins_count_attribute_name, Integer, default: 0
             sorcery_adapter.define_field sorcery_config.lock_expires_at_attribute_name, Time
             sorcery_adapter.define_field sorcery_config.unlock_token_attribute_name, String
           end
@@ -58,39 +58,39 @@ module Sorcery
 
         module InstanceMethods
           # Called by the controller to increment the failed logins counter.
-          # Calls 'lock!' if login retries limit was reached.
+          # Calls 'login_lock!' if login retries limit was reached.
           def register_failed_login!
             config = sorcery_config
-            return if !unlocked?
+            return unless login_unlocked?
 
             sorcery_adapter.increment(config.failed_logins_count_attribute_name)
 
-            if self.send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_limit
-              lock!
+            if send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_limit
+              login_lock!
             end
           end
 
           # /!\
           # Moved out of protected for use like activate! in controller
           # /!\
-          def unlock!
+          def login_unlock!
             config = sorcery_config
-            attributes = {config.lock_expires_at_attribute_name => nil,
-                          config.failed_logins_count_attribute_name => 0,
-                          config.unlock_token_attribute_name => nil}
+            attributes = { config.lock_expires_at_attribute_name => nil,
+                           config.failed_logins_count_attribute_name => 0,
+                           config.unlock_token_attribute_name => nil }
             sorcery_adapter.update_attributes(attributes)
           end
 
-          def locked?
-            !unlocked?
+          def login_locked?
+            !login_unlocked?
           end
 
           protected
 
-          def lock!
+          def login_lock!
             config = sorcery_config
-            attributes = {config.lock_expires_at_attribute_name => Time.now.in_time_zone + config.login_lock_time_period,
-                          config.unlock_token_attribute_name => TemporaryToken.generate_random_token}
+            attributes = { config.lock_expires_at_attribute_name => Time.now.in_time_zone + config.login_lock_time_period,
+                           config.unlock_token_attribute_name => TemporaryToken.generate_random_token }
             sorcery_adapter.update_attributes(attributes)
 
             unless config.unlock_token_mailer_disabled || config.unlock_token_mailer.nil?
@@ -98,9 +98,9 @@ module Sorcery
             end
           end
 
-          def unlocked?
+          def login_unlocked?
             config = sorcery_config
-            self.send(config.lock_expires_at_attribute_name).nil?
+            send(config.lock_expires_at_attribute_name).nil?
           end
 
           def send_unlock_token_email!
@@ -113,10 +113,10 @@ module Sorcery
           # Runs as a hook before authenticate.
           def prevent_locked_user_login
             config = sorcery_config
-            if !self.unlocked? && config.login_lock_time_period != 0
-              self.unlock! if self.send(config.lock_expires_at_attribute_name) <= Time.now.in_time_zone
+            if !login_unlocked? && config.login_lock_time_period != 0
+              login_unlock! if send(config.lock_expires_at_attribute_name) <= Time.now.in_time_zone
             end
-            unlocked?
+            login_unlocked?
           end
         end
       end

data/lib/sorcery/model/submodules/external.rb

@@ -20,7 +20,6 @@ module Sorcery
                           :authentications_user_id_attribute_name,
                           :provider_attribute_name,
                           :provider_uid_attribute_name
-
           end
 
           base.sorcery_config.instance_eval do
@@ -34,12 +33,11 @@ module Sorcery
 
           base.send(:include, InstanceMethods)
           base.extend(ClassMethods)
-
         end
 
         module ClassMethods
           # takes a provider and uid and finds a user by them.
-          def load_from_provider(provider,uid)
+          def load_from_provider(provider, uid)
             config = sorcery_config
             authentication = config.authentications_class.sorcery_adapter.find_by_oauth_credentials(provider, uid)
             user = sorcery_adapter.find_by_id(authentication.send(config.authentications_user_id_attribute_name)) if authentication
@@ -57,7 +55,7 @@ module Sorcery
 
           def create_from_provider(provider, uid, attrs)
             user = new
-            attrs.each do |k,v|
+            attrs.each do |k, v|
               user.send(:"#{k}=", v)
             end
 
@@ -66,7 +64,7 @@ module Sorcery
             end
 
             sorcery_adapter.transaction do
-              user.sorcery_adapter.save(:validate => false)
+              user.sorcery_adapter.save(validate: false)
               sorcery_config.authentications_class.create!(
                 sorcery_config.authentications_user_id_attribute_name => user.id,
                 sorcery_config.provider_attribute_name => provider,
@@ -91,9 +89,7 @@ module Sorcery
 
             user
           end
-
         end
-
       end
     end
   end

data/lib/sorcery/model/submodules/remember_me.rb

@@ -9,13 +9,14 @@ module Sorcery
           base.sorcery_config.class_eval do
             attr_accessor :remember_me_token_attribute_name,              # the attribute in the model class.
                           :remember_me_token_expires_at_attribute_name,   # the expires attribute in the model class.
+                          :remember_me_token_persist_globally,            # persist a single token globally for all logins/logouts (supporting multiple simultaneous browsers)
                           :remember_me_for                                # how long in seconds to remember.
-
           end
 
           base.sorcery_config.instance_eval do
             @defaults.merge!(:@remember_me_token_attribute_name            => :remember_me_token,
                              :@remember_me_token_expires_at_attribute_name => :remember_me_token_expires_at,
+                             :@remember_me_token_persist_globally          => false,
                              :@remember_me_for                             => 7 * 60 * 60 * 24)
 
             reset!
@@ -34,26 +35,37 @@ module Sorcery
             sorcery_adapter.define_field sorcery_config.remember_me_token_attribute_name, String
             sorcery_adapter.define_field sorcery_config.remember_me_token_expires_at_attribute_name, Time
           end
-
         end
 
         module InstanceMethods
           # You shouldn't really use this one yourself - it's called by the controller's 'remember_me!' method.
           def remember_me!
             config = sorcery_config
-            self.sorcery_adapter.update_attributes(config.remember_me_token_attribute_name => TemporaryToken.generate_random_token,
-                                        config.remember_me_token_expires_at_attribute_name => Time.now.in_time_zone + config.remember_me_for)
+
+            update_options = { config.remember_me_token_expires_at_attribute_name => Time.now.in_time_zone + config.remember_me_for }
+
+            unless config.remember_me_token_persist_globally && has_remember_me_token?
+              update_options[config.remember_me_token_attribute_name] = TemporaryToken.generate_random_token
+            end
+
+            sorcery_adapter.update_attributes(update_options)
           end
 
           def has_remember_me_token?
-            self.send(sorcery_config.remember_me_token_attribute_name).present?
+            send(sorcery_config.remember_me_token_attribute_name).present?
           end
 
           # You shouldn't really use this one yourself - it's called by the controller's 'forget_me!' method.
+          # We only clear the token value if remember_me_token_persist_globally = true.
           def forget_me!
+            sorcery_config.remember_me_token_persist_globally || force_forget_me!
+          end
+
+          # You shouldn't really use this one yourself - it's called by the controller's 'force_forget_me!' method.
+          def force_forget_me!
             config = sorcery_config
-            self.sorcery_adapter.update_attributes(config.remember_me_token_attribute_name => nil,
-                                        config.remember_me_token_expires_at_attribute_name => nil)
+            sorcery_adapter.update_attributes(config.remember_me_token_attribute_name => nil,
+                                              config.remember_me_token_expires_at_attribute_name => nil)
           end
         end
       end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -12,26 +12,23 @@ module Sorcery
       module ResetPassword
         def self.included(base)
           base.sorcery_config.class_eval do
-            attr_accessor :reset_password_token_attribute_name,              # reset password code attribute name.
-                          :reset_password_token_expires_at_attribute_name,   # expires at attribute name.
-                          :reset_password_email_sent_at_attribute_name,      # when was email sent, used for hammering
-                                                                             # protection.
-
-                          :reset_password_mailer,                            # mailer class. Needed.
-
-                          :reset_password_mailer_disabled,                   # when true sorcery will not automatically
-                                                                             # email password reset details and allow you to
-                                                                             # manually handle how and when email is sent
-
-                          :reset_password_email_method_name,                 # reset password email method on your
-                                                                             # mailer class.
-
-                          :reset_password_expiration_period,                 # how many seconds before the reset request
-                                                                             # expires. nil for never expires.
-
-                          :reset_password_time_between_emails                # hammering protection, how long to wait
-                                                                             # before allowing another email to be sent.
-
+            # Reset password code attribute name.
+            attr_accessor :reset_password_token_attribute_name
+            # Expires at attribute name.
+            attr_accessor :reset_password_token_expires_at_attribute_name
+            # When was email sent, used for hammering protection.
+            attr_accessor :reset_password_email_sent_at_attribute_name
+            # Mailer class (needed)
+            attr_accessor :reset_password_mailer
+            # When true sorcery will not automatically email password reset details and allow you to
+            # manually handle how and when email is sent
+            attr_accessor :reset_password_mailer_disabled
+            # Reset password email method on your mailer class.
+            attr_accessor :reset_password_email_method_name
+            # How many seconds before the reset request expires. nil for never expires.
+            attr_accessor :reset_password_expiration_period
+            # Hammering protection, how long to wait before allowing another email to be sent.
+            attr_accessor :reset_password_time_between_emails
           end
 
           base.sorcery_config.instance_eval do
@@ -42,7 +39,7 @@ module Sorcery
                              :@reset_password_mailer_disabled                 => false,
                              :@reset_password_email_method_name               => :reset_password_email,
                              :@reset_password_expiration_period               => nil,
-                             :@reset_password_time_between_emails             => 5 * 60 )
+                             :@reset_password_time_between_emails             => 5 * 60)
 
             reset!
           end
@@ -53,7 +50,6 @@ module Sorcery
           base.sorcery_config.after_config << :define_reset_password_fields
 
           base.send(:include, InstanceMethods)
-
         end
 
         module ClassMethods
@@ -70,8 +66,8 @@ module Sorcery
           # This submodule requires the developer to define his own mailer class to be used by it
           # when reset_password_mailer_disabled is false
           def validate_mailer_defined
-            msg = "To use reset_password submodule, you must define a mailer (config.reset_password_mailer = YourMailerClass)."
-            raise ArgumentError, msg if @sorcery_config.reset_password_mailer == nil and @sorcery_config.reset_password_mailer_disabled == false
+            message = 'To use reset_password submodule, you must define a mailer (config.reset_password_mailer = YourMailerClass).'
+            raise ArgumentError, message if @sorcery_config.reset_password_mailer.nil? && @sorcery_config.reset_password_mailer_disabled == false
           end
 
           def define_reset_password_fields
@@ -79,35 +75,36 @@ module Sorcery
             sorcery_adapter.define_field sorcery_config.reset_password_token_expires_at_attribute_name, Time
             sorcery_adapter.define_field sorcery_config.reset_password_email_sent_at_attribute_name, Time
           end
-
         end
 
         module InstanceMethods
-          # generates a reset code with expiration
+          # Generates a reset code with expiration
           def generate_reset_password_token!
             config = sorcery_config
-            attributes = {config.reset_password_token_attribute_name => TemporaryToken.generate_random_token,
-                          config.reset_password_email_sent_at_attribute_name => Time.now.in_time_zone}
+            attributes = { config.reset_password_token_attribute_name => TemporaryToken.generate_random_token,
+                           config.reset_password_email_sent_at_attribute_name => Time.now.in_time_zone }
             attributes[config.reset_password_token_expires_at_attribute_name] = Time.now.in_time_zone + config.reset_password_expiration_period if config.reset_password_expiration_period
 
-            self.sorcery_adapter.update_attributes(attributes)
+            sorcery_adapter.update_attributes(attributes)
           end
 
-          # generates a reset code with expiration and sends an email to the user.
+          # Generates a reset code with expiration and sends an email to the user.
           def deliver_reset_password_instructions!
+            mail = false
             config = sorcery_config
             # hammering protection
-            return false if config.reset_password_time_between_emails.present? && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
+            return false if config.reset_password_time_between_emails.present? && send(config.reset_password_email_sent_at_attribute_name) && send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
             self.class.sorcery_adapter.transaction do
               generate_reset_password_token!
-              send_reset_password_email! unless config.reset_password_mailer_disabled
+              mail = send_reset_password_email! unless config.reset_password_mailer_disabled
             end
+            mail
           end
 
           # Clears token and tries to update the new password for the user.
           def change_password!(new_password)
             clear_reset_password_token
-            self.send(:"#{sorcery_config.password_attribute_name}=", new_password)
+            send(:"#{sorcery_config.password_attribute_name}=", new_password)
             sorcery_adapter.save
           end
 
@@ -120,11 +117,10 @@ module Sorcery
           # Clears the token.
           def clear_reset_password_token
             config = sorcery_config
-            self.send(:"#{config.reset_password_token_attribute_name}=", nil)
-            self.send(:"#{config.reset_password_token_expires_at_attribute_name}=", nil) if config.reset_password_expiration_period
+            send(:"#{config.reset_password_token_attribute_name}=", nil)
+            send(:"#{config.reset_password_token_expires_at_attribute_name}=", nil) if config.reset_password_expiration_period
           end
         end
-
       end
     end
   end