sorcery 0.9.1 → 0.16.3

data/lib/sorcery/providers/wechat.rb

@@ -0,0 +1,81 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with open.wx.qq.com.
+    #
+    #   config.wechat.key = <key>
+    #   config.wechat.secret = <secret>
+    #   ...
+    #
+    class Wechat < Base
+      include Protocols::Oauth2
+
+      attr_reader   :mode, :param_name, :parse
+      attr_accessor :auth_url, :scope, :token_url, :user_info_path
+
+      def initialize
+        super
+
+        @scope = 'snsapi_login'
+        @auth_url = 'https://open.weixin.qq.com/connect/qrconnect'
+        @user_info_path = 'https://api.weixin.qq.com/sns/userinfo'
+        @token_url = 'https://api.weixin.qq.com/sns/oauth2/access_token'
+        @state = SecureRandom.hex(16)
+        @mode = :body
+        @parse = :json
+        @param_name = 'access_token'
+      end
+
+      def authorize_url(options = {})
+        oauth_params = {
+          appid: @key,
+          redirect_uri: @callback_url,
+          response_type: 'code',
+          scope: scope,
+          state: @state
+        }
+        "#{options[:authorize_url]}?#{oauth_params.to_query}#wechat_redirect"
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(
+          user_info_path,
+          params: {
+            access_token: access_token.token,
+            openid: access_token.params['openid']
+          }
+        )
+
+        {}.tap do |h|
+          h[:user_info] = JSON.parse(response.body)
+          h[:uid] = h[:user_info]['unionid']
+        end
+      end
+
+      def get_access_token(args, options = {})
+        client = build_client(options)
+        client.auth_code.get_token(
+          args[:code],
+          { appid: @key, secret: @secret, parse: parse },
+          options
+        )
+      end
+
+      def login_url(_params, _session)
+        authorize_url authorize_url: auth_url
+      end
+
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+
+        get_access_token(
+          args,
+          token_url: token_url,
+          mode: mode,
+          param_name: param_name
+        )
+      end
+    end
+  end
+end

data/lib/sorcery/providers/xing.rb

@@ -7,19 +7,17 @@ module Sorcery
     #   ...
     #
     class Xing < Base
-
       include Protocols::Oauth
 
       attr_accessor :access_token_path, :authorize_path, :request_token_path,
                     :user_info_path
 
-
       def initialize
         @configuration = {
-            site: 'https://api.xing.com/v1',
-            authorize_path: '/authorize',
-            request_token_path: '/request_token',
-            access_token_path: '/access_token'
+          site: 'https://api.xing.com/v1',
+          authorize_path: '/authorize',
+          request_token_path: '/request_token',
+          access_token_path: '/access_token'
         }
         @user_info_path = '/users/me'
       end
@@ -40,11 +38,11 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
+      def login_url(_params, session)
         req_token = get_request_token
         session[:request_token]         = req_token.token
         session[:request_token_secret]  = req_token.secret
-        authorize_url({ request_token: req_token.token, request_token_secret: req_token.secret })
+        authorize_url(request_token: req_token.token, request_token_secret: req_token.secret)
       end
 
       # tries to login the user from access token
@@ -55,10 +53,9 @@ module Sorcery
           request_token_secret: session[:request_token_secret]
         }
 
-        args.merge!({ code: params[:code] }) if params[:code]
+        args[:code] = params[:code] if params[:code]
         get_access_token(args)
       end
-
     end
   end
 end

data/lib/sorcery/test_helpers/internal/rails.rb

@@ -4,11 +4,11 @@ module Sorcery
       module Rails
         include ::Sorcery::TestHelpers::Rails::Controller
 
-        SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS = [
-          :register_last_activity_time_to_db,
-          :deny_banned_user,
-          :validate_session
-        ]
+        SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS = %i[
+          register_last_activity_time_to_db
+          deny_banned_user
+          validate_session
+        ].freeze
 
         def sorcery_reload!(submodules = [], options = {})
           reload_user_class
@@ -17,34 +17,34 @@ module Sorcery
           ::Sorcery::Controller::Config.init!
           ::Sorcery::Controller::Config.reset!
 
-          # remove all plugin before_filters so they won't fail other tests.
+          # remove all plugin before_actions so they won't fail other tests.
           # I don't like this way, but I didn't find another.
           # hopefully it won't break until Rails 4.
-          chain = if Gem::Version.new(::Rails::VERSION::STRING) >= Gem::Version.new("4.1.0")
+          chain = if Gem::Version.new(::Rails::VERSION::STRING) >= Gem::Version.new('4.1.0')
                     SorceryController._process_action_callbacks.send :chain
                   else
                     SorceryController._process_action_callbacks
                   end
 
-          chain.delete_if {|c| SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
+          chain.delete_if { |c| SUBMODULES_AUTO_ADDED_CONTROLLER_FILTERS.include?(c.filter) }
 
           # configure
           ::Sorcery::Controller::Config.submodules = submodules
           ::Sorcery::Controller::Config.user_class = nil
-          ActionController::Base.send(:include,::Sorcery::Controller)
-          ::Sorcery::Controller::Config.user_class = "User"
+          ActionController::Base.send(:include, ::Sorcery::Controller)
+          ::Sorcery::Controller::Config.user_class = 'User'
 
           ::Sorcery::Controller::Config.user_config do |user|
-            options.each do |property,value|
+            options.each do |property, value|
               user.send(:"#{property}=", value)
             end
           end
           User.authenticates_with_sorcery!
-          if defined?(DataMapper) and User.ancestors.include?(DataMapper::Resource)
-            DataMapper.auto_migrate!
-            User.finalize
-            Authentication.finalize
-          end
+          return unless defined?(DataMapper) && User.ancestors.include?(DataMapper::Resource)
+
+          DataMapper.auto_migrate!
+          User.finalize
+          Authentication.finalize
         end
 
         def sorcery_controller_property_set(property, value)
@@ -60,7 +60,15 @@ module Sorcery
         # all this without calling the :logout action explicitly.
         # A dirty dirty hack.
         def clear_user_without_logout
-          subject.instance_variable_set(:@current_user,nil)
+          subject.instance_variable_set(:@current_user, nil)
+        end
+
+        if ::Rails.version < '5.0.0'
+          %w[get post put].each do |method|
+            define_method(method) do |action, options = {}|
+              super action, options[:params] || {}, options[:session]
+            end
+          end
         end
       end
     end

data/lib/sorcery/test_helpers/internal.rb

@@ -3,7 +3,7 @@ module Sorcery
     # Internal TestHelpers are used to test the gem, internally, and should not be used to test apps *using* sorcery.
     # This file will be included in the spec_helper file.
     module Internal
-      def self.included(base)
+      def self.included(_base)
         # reducing default cost for specs speed
         CryptoProviders::BCrypt.class_eval do
           class << self
@@ -17,38 +17,38 @@ module Sorcery
       # a patch to fix a bug in testing that happens when you 'destroy' a session twice.
       # After the first destroy, the session is an ordinary hash, and then when destroy
       # is called again there's an exception.
-      class ::Hash
+      class ::Hash # rubocop:disable Style/ClassAndModuleChildren
         def destroy
           clear
         end
       end
 
       def build_new_user(attributes_hash = nil)
-        user_attributes_hash = attributes_hash || {:username => 'gizmo', :email => "bla@bla.com", :password => 'secret'}
+        user_attributes_hash = attributes_hash || { username: 'gizmo', email: 'bla@bla.com', password: 'secret' }
         @user = User.new(user_attributes_hash)
       end
 
       def create_new_user(attributes_hash = nil)
         @user = build_new_user(attributes_hash)
-        @user.sorcery_adapter.save(:raise_on_failure => true)
+        @user.sorcery_adapter.save(raise_on_failure: true)
         @user
       end
 
       def create_new_external_user(provider, attributes_hash = nil)
-        user_attributes_hash = attributes_hash || {:username => 'gizmo'}
+        user_attributes_hash = attributes_hash || { username: 'gizmo' }
         @user = User.new(user_attributes_hash)
-        @user.sorcery_adapter.save(:raise_on_failure => true)
-        @user.authentications.create!({:provider => provider, :uid => 123})
+        @user.sorcery_adapter.save(raise_on_failure: true)
+        @user.authentications.create!(provider: provider, uid: 123)
         @user
       end
 
       def custom_create_new_external_user(provider, authentication_class, attributes_hash = nil)
         authentication_association = authentication_class.name.underscore.pluralize
 
-        user_attributes_hash = attributes_hash || {:username => 'gizmo'}
+        user_attributes_hash = attributes_hash || { username: 'gizmo' }
         @user = User.new(user_attributes_hash)
-        @user.sorcery_adapter.save(:raise_on_failure => true)
-        @user.send(authentication_association).create!({:provider => provider, :uid => 123})
+        @user.sorcery_adapter.save(raise_on_failure: true)
+        @user.send(authentication_association).create!(provider: provider, uid: 123)
         @user
       end
 
@@ -67,11 +67,12 @@ module Sorcery
       # reload user class between specs
       # so it will be possible to test the different submodules in isolation
       def reload_user_class
-        Object.send(:remove_const, "User")
+        User && Object.send(:remove_const, 'User')
         load 'user.rb'
-        if User.respond_to?(:reset_column_information)
-          User.reset_column_information
-        end
+
+        return unless User.respond_to?(:reset_column_information)
+
+        User.reset_column_information
       end
     end
   end

data/lib/sorcery/test_helpers/rails/controller.rb

@@ -2,7 +2,7 @@ module Sorcery
   module TestHelpers
     module Rails
       module Controller
-        def login_user(user = nil, test_context = {})
+        def login_user(user = nil, _test_context = {})
           user ||= @user
           @controller.send(:auto_login, user)
           @controller.send(:after_login!, user, [user.send(user.sorcery_config.username_attribute_names.first), 'secret'])

data/lib/sorcery/test_helpers/rails/integration.rb

@@ -2,20 +2,19 @@ module Sorcery
   module TestHelpers
     module Rails
       module Integration
-        
-        #Accepts arguments for user to login, route to use and HTTP method
-        #Defaults - @user, 'sessions_url' and POST
+        # Accepts arguments for user to login, route to use and HTTP method
+        # Defaults - @user, 'sessions_url' and POST
         def login_user(user = nil, route = nil, http_method = :post)
           user ||= @user
           route ||= sessions_url
 
           username_attr = user.sorcery_config.username_attribute_names.first
           username = user.send(username_attr)
-          page.driver.send(http_method, route, { :"#{username_attr}" => username, :password => 'secret' })
+          page.driver.send(http_method, route, :"#{username_attr}" => username, :password => 'secret')
         end
 
-        #Accepts route and HTTP method arguments
-        #Default - 'logout_url' and GET
+        # Accepts route and HTTP method arguments
+        # Default - 'logout_url' and GET
         def logout_user(route = nil, http_method = :get)
           route ||= logout_url
           page.driver.send(http_method, route)

data/lib/sorcery/test_helpers/rails/request.rb

@@ -0,0 +1,20 @@
+module Sorcery
+  module TestHelpers
+    module Rails
+      module Request
+        # Accepts arguments for user to login, the password, route to use and HTTP method
+        # Defaults - @user, 'secret', 'user_sessions_url' and http_method: POST
+        def login_user(user = nil, password = 'secret', route = nil, http_method = :post)
+          user ||= @user
+          route ||= user_sessions_url
+
+          username_attr = user.sorcery_config.username_attribute_names.first
+          username = user.send(username_attr)
+          password_attr = user.sorcery_config.password_attribute_name
+
+          send(http_method, route, params: { "#{username_attr}": username, "#{password_attr}": password })
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = "0.9.1"
+  VERSION = '0.16.3'.freeze
 end

data/lib/sorcery.rb

@@ -1,7 +1,6 @@
 require 'sorcery/version'
 
 module Sorcery
-
   require 'sorcery/model'
 
   module Adapters
@@ -12,7 +11,6 @@ module Sorcery
     require 'sorcery/model/temporary_token'
     require 'sorcery/model/config'
 
-
     module Submodules
       require 'sorcery/model/submodules/user_activation'
       require 'sorcery/model/submodules/reset_password'
@@ -20,6 +18,7 @@ module Sorcery
       require 'sorcery/model/submodules/activity_logging'
       require 'sorcery/model/submodules/brute_force_protection'
       require 'sorcery/model/submodules/external'
+      require 'sorcery/model/submodules/magic_login'
     end
   end
 
@@ -58,17 +57,17 @@ module Sorcery
     module Rails
       require 'sorcery/test_helpers/rails/controller'
       require 'sorcery/test_helpers/rails/integration'
+      require 'sorcery/test_helpers/rails/request'
     end
 
     module Internal
       require 'sorcery/test_helpers/internal/rails'
     end
-
   end
 
   require 'sorcery/adapters/base_adapter'
 
-  if defined?(ActiveRecord)
+  if defined?(ActiveRecord::Base)
     require 'sorcery/adapters/active_record_adapter'
     ActiveRecord::Base.extend Sorcery::Model
 
@@ -81,7 +80,7 @@ module Sorcery
     end
   end
 
-  if defined?(Mongoid)
+  if defined?(Mongoid::Document)
     require 'sorcery/adapters/mongoid_adapter'
     Mongoid::Document::ClassMethods.send :include, Sorcery::Model
 
@@ -94,17 +93,5 @@ module Sorcery
     end
   end
 
-  if defined?(MongoMapper)
-    require 'sorcery/adapters/mongo_mapper_adapter'
-    MongoMapper::Document.send(:plugin, Sorcery::Adapters::MongoMapperAdapter::Wrapper)
-  end
-
-  if defined?(DataMapper)
-    require 'sorcery/adapters/data_mapper_adapter'
-    DataMapper::Model.append_extensions(Sorcery::Model)
-
-    DataMapper::Model.append_inclusions(Sorcery::Adapters::DataMapperAdapter::Wrapper)
-  end
-
   require 'sorcery/engine' if defined?(Rails)
 end

data/sorcery.gemspec

@@ -1,34 +1,49 @@
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'sorcery/version'
 
+# rubocop:disable Metrics/BlockLength
 Gem::Specification.new do |s|
-  s.name = "sorcery"
+  s.name = 'sorcery'
   s.version = Sorcery::VERSION
-  s.authors = ["Noam Ben Ari", "Kir Shatrov", "Grzegorz Witek"]
-  s.email = "nbenari@gmail.com"
-  s.description = "Provides common authentication needs such as signing in/out, activating by email and resetting password."
-  s.summary = "Magical authentication for Rails 3 & 4 applications"
-  s.homepage = "http://github.com/NoamB/sorcery"
-
-  s.files         = `git ls-files`.split($/)
-  s.require_paths = ["lib"]
-
-  s.licenses = ["MIT"]
-
-  s.required_ruby_version = '>= 1.9.3'
-
-  s.add_dependency "oauth", "~> 0.4", ">= 0.4.4"
-  s.add_dependency "oauth2", ">= 0.8.0"
-  s.add_dependency "bcrypt", "~> 3.1"
-
-  s.add_development_dependency "abstract", ">= 1.0.0"
-  s.add_development_dependency "json", ">= 1.7.7"
-  s.add_development_dependency "yard", "~> 0.6.0"
-
-  s.add_development_dependency "timecop"
-  s.add_development_dependency "simplecov", ">= 0.3.8"
-  s.add_development_dependency "rspec", "~> 3.0.0"
-  s.add_development_dependency "rspec-rails", "~> 3.0.0"
+  s.authors = [
+    'Noam Ben Ari',
+    'Kir Shatrov',
+    'Grzegorz Witek',
+    'Chase Gilliam',
+    'Josh Buker'
+  ]
+  s.email = [
+    'crypto@joshbuker.com'
+  ]
+
+  # TODO: Cleanup formatting.
+  # rubocop:disable Layout/LineLength
+  s.description = 'Provides common authentication needs such as signing in/out, activating by email and resetting password.'
+  s.summary = 'Magical authentication for Rails applications'
+  s.homepage = 'https://github.com/Sorcery/sorcery'
+  s.post_install_message = "As of version 1.0 oauth/oauth2 won't be automatically bundled so you may need to add those dependencies to your Gemfile.\n"
+  s.post_install_message += 'You may need oauth2 if you use external providers such as any of these: https://github.com/Sorcery/sorcery/tree/master/lib/sorcery/providers'
+  # rubocop:enable Layout/LineLength
+
+  s.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
+  s.require_paths = ['lib']
+
+  s.licenses = ['MIT']
+
+  s.required_ruby_version = '>= 2.4.9'
+
+  s.add_dependency 'bcrypt', '~> 3.1'
+  s.add_dependency 'oauth', '~> 0.5', '>= 0.5.5'
+  s.add_dependency 'oauth2', '~> 1.0', '>= 0.8.0'
+
+  s.add_development_dependency 'byebug', '~> 10.0.0'
+  s.add_development_dependency 'rspec-rails', '~> 3.7.0'
+  s.add_development_dependency 'rubocop'
+  s.add_development_dependency 'simplecov', '>= 0.3.8'
+  s.add_development_dependency 'test-unit', '~> 3.2.0'
+  s.add_development_dependency 'timecop'
+  s.add_development_dependency 'webmock', '~> 3.3.0'
+  s.add_development_dependency 'yard', '~> 0.9.0', '>= 0.9.12'
 end
-
+# rubocop:enable Metrics/BlockLength

data/spec/active_record/user_activation_spec.rb

@@ -3,16 +3,15 @@ require 'spec_helper'
 require 'rails_app/app/mailers/sorcery_mailer'
 require 'shared_examples/user_activation_shared_examples'
 
-describe User, "with activation submodule", :active_record => true do
+describe User, 'with activation submodule', active_record: true do
   before(:all) do
-    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
+    MigrationHelper.migrate("#{Rails.root}/db/migrate/activation")
     User.reset_column_information
   end
 
   after(:all) do
-    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
+    MigrationHelper.rollback("#{Rails.root}/db/migrate/activation")
   end
 
-  it_behaves_like "rails_3_activation_model"
-
+  it_behaves_like 'rails_3_activation_model'
 end

data/spec/active_record/user_activity_logging_spec.rb

@@ -1,17 +1,15 @@
 require 'spec_helper'
 require 'shared_examples/user_activity_logging_shared_examples'
 
-describe User, "with activity logging submodule", :active_record => true do
-
+describe User, 'with activity logging submodule', active_record: true do
   before(:all) do
-    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
+    MigrationHelper.migrate("#{Rails.root}/db/migrate/activity_logging")
     User.reset_column_information
   end
 
   after(:all) do
-    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
+    MigrationHelper.rollback("#{Rails.root}/db/migrate/activity_logging")
   end
 
-  it_behaves_like "rails_3_activity_logging_model"
-
+  it_behaves_like 'rails_3_activity_logging_model'
 end

data/spec/active_record/user_brute_force_protection_spec.rb

@@ -1,16 +1,15 @@
 require 'spec_helper'
 require 'shared_examples/user_brute_force_protection_shared_examples'
 
-describe User, "with brute_force_protection submodule", :active_record => true do
+describe User, 'with brute_force_protection submodule', active_record: true do
   before(:all) do
-    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/brute_force_protection")
+    MigrationHelper.migrate("#{Rails.root}/db/migrate/brute_force_protection")
     User.reset_column_information
   end
 
   after(:all) do
-    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/brute_force_protection")
+    MigrationHelper.rollback("#{Rails.root}/db/migrate/brute_force_protection")
   end
 
-  it_behaves_like "rails_3_brute_force_protection_model"
-
-end
+  it_behaves_like 'rails_3_brute_force_protection_model'
+end

data/spec/active_record/user_magic_login_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+require 'shared_examples/user_magic_login_shared_examples'
+
+describe User, 'with magic_login submodule', active_record: true do
+  before(:all) do
+    MigrationHelper.migrate("#{Rails.root}/db/migrate/magic_login")
+    User.reset_column_information
+  end
+
+  after(:all) do
+    MigrationHelper.rollback("#{Rails.root}/db/migrate/magic_login")
+  end
+
+  it_behaves_like 'magic_login_model'
+end

data/spec/active_record/user_oauth_spec.rb

@@ -1,16 +1,15 @@
 require 'spec_helper'
 require 'shared_examples/user_oauth_shared_examples'
 
-describe User, "with oauth submodule", :active_record => true do
+describe User, 'with oauth submodule', active_record: true do
   before(:all) do
-    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
+    MigrationHelper.migrate("#{Rails.root}/db/migrate/external")
     User.reset_column_information
   end
 
   after(:all) do
-    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+    MigrationHelper.rollback("#{Rails.root}/db/migrate/external")
   end
 
-  it_behaves_like "rails_3_oauth_model"
-
-end
+  it_behaves_like 'rails_3_oauth_model'
+end

data/spec/active_record/user_remember_me_spec.rb

@@ -1,16 +1,15 @@
 require 'spec_helper'
 require 'shared_examples/user_remember_me_shared_examples'
 
-describe User, "with remember_me submodule", :active_record => true do
+describe User, 'with remember_me submodule', active_record: true do
   before(:all) do
-    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
+    MigrationHelper.migrate("#{Rails.root}/db/migrate/remember_me")
     User.reset_column_information
   end
 
   after(:all) do
-    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/remember_me")
+    MigrationHelper.rollback("#{Rails.root}/db/migrate/remember_me")
   end
 
-  it_behaves_like "rails_3_remember_me_model"
-
-end
+  it_behaves_like 'rails_3_remember_me_model'
+end

data/spec/active_record/user_reset_password_spec.rb

@@ -1,16 +1,15 @@
 require 'spec_helper'
 require 'shared_examples/user_reset_password_shared_examples'
 
-describe User, "with reset_password submodule", :active_record => true do
+describe User, 'with reset_password submodule', active_record: true do
   before(:all) do
-    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/reset_password")
+    MigrationHelper.migrate("#{Rails.root}/db/migrate/reset_password")
     User.reset_column_information
   end
 
   after(:all) do
-    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/reset_password")
+    MigrationHelper.rollback("#{Rails.root}/db/migrate/reset_password")
   end
 
-  it_behaves_like "rails_3_reset_password_model"
-
+  it_behaves_like 'rails_3_reset_password_model'
 end