sorcery 0.9.1 → 0.10.0

data/lib/sorcery/model/submodules/user_activation.rb

@@ -8,33 +8,24 @@ module Sorcery
       module UserActivation
         def self.included(base)
           base.sorcery_config.class_eval do
-            attr_accessor :activation_state_attribute_name,               # the attribute name to hold activation state
-                                                                          # (active/pending).
-
-                          :activation_token_attribute_name,               # the attribute name to hold activation code
-                                                                          # (sent by email).
-
-                          :activation_token_expires_at_attribute_name,    # the attribute name to hold activation code
-                                                                          # expiration date.
-
-                          :activation_token_expiration_period,            # how many seconds before the activation code
-                                                                          # expires. nil for never expires.
-
-                          :user_activation_mailer,                        # your mailer class. Required when
-                                                                          # activation_mailer_disabled == false.
-
-                          :activation_mailer_disabled,                    # when true sorcery will not automatically
-                                                                          # email activation details and allow you to
-                                                                          # manually handle how and when email is sent
-
-                          :activation_needed_email_method_name,           # activation needed email method on your
-                                                                          # mailer class.
-
-                          :activation_success_email_method_name,          # activation success email method on your
-                                                                          # mailer class.
-
-                          :prevent_non_active_users_to_login              # do you want to prevent or allow users that
-                                                                          # did not activate by email to login?
+            # The attribute name to hold activation state (active/pending).
+            attr_accessor :activation_state_attribute_name
+            # The attribute name to hold activation code (sent by email).
+            attr_accessor :activation_token_attribute_name
+            # The attribute name to hold activation code expiration date.
+            attr_accessor :activation_token_expires_at_attribute_name
+            # How many seconds before the activation code expires. nil for never expires.
+            attr_accessor :activation_token_expiration_period
+            # Your mailer class. Required when activation_mailer_disabled == false.
+            attr_accessor :user_activation_mailer
+            # When true sorcery will not automatically email activation details and allow you to manually handle how and when email is sent
+            attr_accessor :activation_mailer_disabled
+            # Activation needed email method on your mailer class.
+            attr_accessor :activation_needed_email_method_name
+            # Activation success email method on your mailer class.
+            attr_accessor :activation_success_email_method_name
+            # Do you want to prevent or allow users that did not activate by email to login?
+            attr_accessor :prevent_non_active_users_to_login
           end
 
           base.sorcery_config.instance_eval do
@@ -52,9 +43,9 @@ module Sorcery
 
           base.class_eval do
             # don't setup activation if no password supplied - this user is created automatically
-            sorcery_adapter.define_callback :before, :create, :setup_activation, :if => Proc.new { |user| user.send(sorcery_config.password_attribute_name).present? }
+            sorcery_adapter.define_callback :before, :create, :setup_activation, if: proc { |user| user.send(sorcery_config.password_attribute_name).present? }
             # don't send activation needed email if no crypted password created - this user is external (OAuth etc.)
-            sorcery_adapter.define_callback :after, :create, :send_activation_needed_email!, :if => :send_activation_needed_email?
+            sorcery_adapter.define_callback :after, :create, :send_activation_needed_email!, if: :send_activation_needed_email?
           end
 
           base.sorcery_config.after_config << :validate_mailer_defined
@@ -63,8 +54,6 @@ module Sorcery
 
           base.extend(ClassMethods)
           base.send(:include, InstanceMethods)
-
-
         end
 
         module ClassMethods
@@ -81,12 +70,12 @@ module Sorcery
           # This submodule requires the developer to define his own mailer class to be used by it
           # when activation_mailer_disabled is false
           def validate_mailer_defined
-            msg = "To use user_activation submodule, you must define a mailer (config.user_activation_mailer = YourMailerClass)."
-            raise ArgumentError, msg if @sorcery_config.user_activation_mailer == nil and @sorcery_config.activation_mailer_disabled == false
+            message = 'To use user_activation submodule, you must define a mailer (config.user_activation_mailer = YourMailerClass).'
+            raise ArgumentError, message if @sorcery_config.user_activation_mailer.nil? && @sorcery_config.activation_mailer_disabled == false
           end
 
           def define_user_activation_fields
-            self.class_eval do
+            class_eval do
               sorcery_adapter.define_field sorcery_config.activation_state_attribute_name, String
               sorcery_adapter.define_field sorcery_config.activation_token_attribute_name, String
               sorcery_adapter.define_field sorcery_config.activation_token_expires_at_attribute_name, Time
@@ -98,20 +87,22 @@ module Sorcery
           def setup_activation
             config = sorcery_config
             generated_activation_token = TemporaryToken.generate_random_token
-            self.send(:"#{config.activation_token_attribute_name}=", generated_activation_token)
-            self.send(:"#{config.activation_state_attribute_name}=", "pending")
-            self.send(:"#{config.activation_token_expires_at_attribute_name}=", Time.now.in_time_zone + config.activation_token_expiration_period) if config.activation_token_expiration_period
+            send(:"#{config.activation_token_attribute_name}=", generated_activation_token)
+            send(:"#{config.activation_state_attribute_name}=", 'pending')
+            send(:"#{config.activation_token_expires_at_attribute_name}=", Time.now.in_time_zone + config.activation_token_expiration_period) if config.activation_token_expiration_period
           end
 
           # clears activation code, sets the user as 'active' and optionaly sends a success email.
           def activate!
             config = sorcery_config
-            self.send(:"#{config.activation_token_attribute_name}=", nil)
-            self.send(:"#{config.activation_state_attribute_name}=", "active")
+            send(:"#{config.activation_token_attribute_name}=", nil)
+            send(:"#{config.activation_state_attribute_name}=", 'active')
             send_activation_success_email! if send_activation_success_email?
-            sorcery_adapter.save(:validate => false, :raise_on_failure => true)
+            sorcery_adapter.save(validate: false, raise_on_failure: true)
           end
 
+          attr_accessor :skip_activation_needed_email, :skip_activation_success_email
+
           protected
 
           # called automatically after user initial creation.
@@ -124,24 +115,21 @@ module Sorcery
           end
 
           def send_activation_success_email?
-            !external? && (
-              !(sorcery_config.activation_success_email_method_name.nil? ||
-                sorcery_config.activation_mailer_disabled == true)
-            )
+            !external? &&
+              !(sorcery_config.activation_success_email_method_name.nil? || sorcery_config.activation_mailer_disabled == true) &&
+              !skip_activation_success_email
           end
 
           def send_activation_needed_email?
-            !external? && (
-              !(sorcery_config.activation_needed_email_method_name.nil? ||
-                sorcery_config.activation_mailer_disabled == true)
-            )
+            !external? &&
+              !(sorcery_config.activation_needed_email_method_name.nil? || sorcery_config.activation_mailer_disabled == true) &&
+              !skip_activation_needed_email
           end
 
           def prevent_non_active_login
             config = sorcery_config
-            config.prevent_non_active_users_to_login ? self.send(config.activation_state_attribute_name) == "active" : true
+            config.prevent_non_active_users_to_login ? send(config.activation_state_attribute_name) == 'active' : true
           end
-
         end
       end
     end

data/lib/sorcery/model/temporary_token.rb

@@ -12,13 +12,13 @@ module Sorcery
 
       # Random code, used for salt and temporary tokens.
       def self.generate_random_token
-        SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
+        SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz')
       end
 
       module ClassMethods
         def load_from_token(token, token_attr_name, token_expiration_date_attr)
           return nil if token.blank?
-          user = sorcery_adapter.find_by_token(token_attr_name,token)
+          user = sorcery_adapter.find_by_token(token_attr_name, token)
           if !user.blank? && !user.send(token_expiration_date_attr).nil?
             return Time.now.in_time_zone < user.send(token_expiration_date_attr) ? user : nil
           end

data/lib/sorcery/protocols/oauth.rb

@@ -3,12 +3,11 @@ require 'oauth'
 module Sorcery
   module Protocols
     module Oauth
-
       def oauth_version
         '1.0'
       end
 
-      def get_request_token(token=nil,secret=nil)
+      def get_request_token(token = nil, secret = nil)
         return ::OAuth::RequestToken.new(get_consumer, token, secret) if token && secret
         get_consumer.get_request_token(oauth_callback: @callback_url)
       end
@@ -17,18 +16,14 @@ module Sorcery
         get_request_token(
           args[:request_token],
           args[:request_token_secret]
-        ).authorize_url({
-          oauth_callback: @callback_url
-        })
+        ).authorize_url(oauth_callback: @callback_url)
       end
 
       def get_access_token(args)
         get_request_token(
           args[:request_token],
           args[:request_token_secret]
-        ).get_access_token({
-          oauth_verifier: args[:oauth_verifier]
-        })
+        ).get_access_token(oauth_verifier: args[:oauth_verifier])
       end
 
       protected
@@ -36,7 +31,6 @@ module Sorcery
       def get_consumer
         ::OAuth::Consumer.new(@key, @secret, site: @site)
       end
-
     end
   end
 end

data/lib/sorcery/protocols/oauth2.rb

@@ -3,7 +3,6 @@ require 'oauth2'
 module Sorcery
   module Protocols
     module Oauth2
-
       def oauth_version
         '2.0'
       end
@@ -41,7 +40,6 @@ module Sorcery
           defaults.merge!(options)
         )
       end
-
     end
   end
 end

data/lib/sorcery/providers/base.rb

@@ -1,19 +1,20 @@
 module Sorcery
   module Providers
     class Base
-
       attr_reader   :access_token
 
       attr_accessor :callback_url, :key, :original_callback_url, :secret,
                     :site, :state, :user_info_mapping
 
-      def has_callback?; true; end
+      def has_callback?
+        true
+      end
 
       def initialize
         @user_info_mapping = {}
       end
 
-      def auth_hash(access_token, hash={})
+      def auth_hash(access_token, hash = {})
         return hash if access_token.nil?
 
         token_hash = hash.dup
@@ -32,7 +33,6 @@ module Sorcery
       def self.descendants
         ObjectSpace.each_object(Class).select { |klass| klass < self }
       end
-
     end
   end
 end

data/lib/sorcery/providers/facebook.rb

@@ -7,7 +7,6 @@ module Sorcery
     #   ...
     #
     class Facebook < Base
-
       include Protocols::Oauth2
 
       attr_reader   :mode, :param_name, :parse
@@ -40,18 +39,17 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
+      def login_url(_params, _session)
         authorize_url
       end
 
       # overrides oauth2#authorize_url to allow customized scope.
       def authorize_url
-
         # Fix: replace default oauth2 options, specially to prevent the Faraday gem which
         # concatenates with "/", removing the Facebook api version
         options = {
-          site:          File::join(@site, api_version.to_s),
-          authorize_url: File::join(@auth_site, api_version.to_s, auth_path),
+          site:          File.join(@site, api_version.to_s),
+          authorize_url: File.join(@auth_site, api_version.to_s, auth_path),
           token_url:     token_url
         }
 
@@ -60,15 +58,14 @@ module Sorcery
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
+      def process_callback(params, _session)
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
 
         get_access_token(args, token_url: token_url, mode: mode,
-          param_name: param_name, parse: parse)
+                               param_name: param_name, parse: parse)
       end
-
     end
   end
 end

data/lib/sorcery/providers/github.rb

@@ -7,7 +7,6 @@ module Sorcery
     #   ...
     #
     class Github < Base
-
       include Protocols::Oauth2
 
       attr_accessor :auth_path, :scope, :token_url, :user_info_path
@@ -35,12 +34,12 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
-        authorize_url({ authorize_url: auth_path })
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
+      def process_callback(params, _session)
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
@@ -49,12 +48,11 @@ module Sorcery
       end
 
       def primary_email(access_token)
-        response = access_token.get(user_info_path + "/emails")
+        response = access_token.get(user_info_path + '/emails')
         emails = JSON.parse(response.body)
-        primary = emails.find{|i| i['primary'] }
+        primary = emails.find { |i| i['primary'] }
         primary && primary['email'] || emails.first && emails.first['email']
       end
-
     end
   end
 end

data/lib/sorcery/providers/google.rb

@@ -7,7 +7,6 @@ module Sorcery
     #   ...
     #
     class Google < Base
-
       include Protocols::Oauth2
 
       attr_accessor :auth_url, :scope, :token_url, :user_info_url
@@ -33,19 +32,18 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
-        authorize_url({ authorize_url: auth_url })
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_url)
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
+      def process_callback(params, _session)
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
 
         get_access_token(args, token_url: token_url, token_method: :post)
       end
-
     end
   end
 end

data/lib/sorcery/providers/heroku.rb

@@ -1,6 +1,5 @@
 module Sorcery
   module Providers
-
     # This class adds support for OAuth with heroku.com.
 
     # config.heroku.key = <key>
@@ -13,7 +12,6 @@ module Sorcery
     # The full path must be set for OAuth Callback URL when configuring the API Client Information on Heroku.
 
     class Heroku < Base
-
       include Protocols::Oauth2
 
       attr_accessor :auth_path, :scope, :token_url, :user_info_path
@@ -40,18 +38,18 @@ module Sorcery
         end
       end
 
-      def login_url(params, session)
-        authorize_url({ authorize_url: auth_path })
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
-        raise "Invalid state. Potential Cross Site Forgery" if params[:state] != state
-        args = { }.tap do |a|
+      def process_callback(params, _session)
+        raise 'Invalid state. Potential Cross Site Forgery' if params[:state] != state
+        args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
         get_access_token(args, token_url: token_url, token_method: :post)
       end
     end
   end
-end
+end

data/lib/sorcery/providers/jira.rb

@@ -7,31 +7,27 @@ module Sorcery
     #   ...
     #
     class Jira < Base
-
       include Protocols::Oauth
 
       attr_accessor :access_token_path, :authorize_path, :request_token_path,
                     :user_info_path, :site, :signature_method, :private_key_file, :callback_url
 
-
       def initialize
         @configuration = {
-            authorize_path: '/authorize',
-            request_token_path: '/request-token',
-            access_token_path: '/access-token'
+          authorize_path: '/authorize',
+          request_token_path: '/request-token',
+          access_token_path: '/access-token'
         }
         @user_info_path = '/users/me'
       end
 
       # Override included get_consumer method to provide authorize_path
-      #read extra configurations
+      # read extra configurations
       def get_consumer
-        @configuration = @configuration.merge({
-            site: site,
-            signature_method: signature_method,
-            consumer_key: key,
-            private_key_file: private_key_file
-        })
+        @configuration = @configuration.merge(site: site,
+                                              signature_method: signature_method,
+                                              consumer_key: key,
+                                              private_key_file: private_key_file)
         ::OAuth::Consumer.new(@key, @secret, @configuration)
       end
 
@@ -46,13 +42,13 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
+      def login_url(_params, session)
         req_token = get_request_token
         session[:request_token]         = req_token.token
         session[:request_token_secret]  = req_token.secret
 
-        #it was like that -> redirect_to authorize_url({ request_token: req_token.token, request_token_secret: req_token.secret })
-        #for some reason Jira does not need these parameters
+        # it was like that -> redirect_to authorize_url({ request_token: req_token.token, request_token_secret: req_token.secret })
+        # for some reason Jira does not need these parameters
 
         get_request_token(
           session[:request_token],
@@ -68,10 +64,9 @@ module Sorcery
           request_token_secret: session[:request_token_secret]
         }
 
-        args.merge!({ code: params[:code] }) if params[:code]
+        args[:code] = params[:code] if params[:code]
         get_access_token(args)
       end
-
     end
   end
 end