sorcery 0.9.1 → 0.16.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +1 -0
- data/.github/ISSUE_TEMPLATE.md +24 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +7 -0
- data/.github/workflows/ruby.yml +70 -0
- data/.gitignore +3 -0
- data/.rubocop.yml +55 -0
- data/.rubocop_todo.yml +163 -0
- data/CHANGELOG.md +132 -34
- data/CODE_OF_CONDUCT.md +14 -0
- data/Gemfile +3 -17
- data/{LICENSE.txt → LICENSE.md} +1 -1
- data/MAINTAINING.md +64 -0
- data/README.md +146 -269
- data/Rakefile +4 -2
- data/SECURITY.md +19 -0
- data/gemfiles/rails_52.gemfile +7 -0
- data/gemfiles/rails_60.gemfile +7 -0
- data/gemfiles/rails_61.gemfile +7 -0
- data/gemfiles/rails_70.gemfile +7 -0
- data/lib/generators/sorcery/USAGE +1 -1
- data/lib/generators/sorcery/helpers.rb +8 -4
- data/lib/generators/sorcery/install_generator.rb +41 -35
- data/lib/generators/sorcery/templates/initializer.rb +216 -112
- data/lib/generators/sorcery/templates/migration/activity_logging.rb +7 -7
- data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +5 -5
- data/lib/generators/sorcery/templates/migration/core.rb +5 -7
- data/lib/generators/sorcery/templates/migration/external.rb +4 -4
- data/lib/generators/sorcery/templates/migration/magic_login.rb +9 -0
- data/lib/generators/sorcery/templates/migration/remember_me.rb +5 -5
- data/lib/generators/sorcery/templates/migration/reset_password.rb +7 -6
- data/lib/generators/sorcery/templates/migration/user_activation.rb +6 -6
- data/lib/sorcery/adapters/active_record_adapter.rb +11 -21
- data/lib/sorcery/adapters/mongoid_adapter.rb +23 -11
- data/lib/sorcery/controller/config.rb +27 -23
- data/lib/sorcery/controller/submodules/activity_logging.rb +16 -18
- data/lib/sorcery/controller/submodules/brute_force_protection.rb +1 -2
- data/lib/sorcery/controller/submodules/external.rb +69 -44
- data/lib/sorcery/controller/submodules/http_basic_auth.rb +18 -19
- data/lib/sorcery/controller/submodules/remember_me.rb +16 -16
- data/lib/sorcery/controller/submodules/session_timeout.rb +33 -11
- data/lib/sorcery/controller.rb +50 -35
- data/lib/sorcery/crypto_providers/aes256.rb +17 -16
- data/lib/sorcery/crypto_providers/bcrypt.rb +26 -22
- data/lib/sorcery/crypto_providers/common.rb +1 -1
- data/lib/sorcery/crypto_providers/md5.rb +5 -5
- data/lib/sorcery/crypto_providers/sha1.rb +5 -5
- data/lib/sorcery/crypto_providers/sha256.rb +2 -2
- data/lib/sorcery/crypto_providers/sha512.rb +3 -3
- data/lib/sorcery/engine.rb +19 -11
- data/lib/sorcery/model/config.rb +73 -50
- data/lib/sorcery/model/submodules/activity_logging.rb +31 -12
- data/lib/sorcery/model/submodules/brute_force_protection.rb +38 -31
- data/lib/sorcery/model/submodules/external.rb +22 -10
- data/lib/sorcery/model/submodules/magic_login.rb +130 -0
- data/lib/sorcery/model/submodules/remember_me.rb +19 -7
- data/lib/sorcery/model/submodules/reset_password.rb +64 -42
- data/lib/sorcery/model/submodules/user_activation.rb +52 -54
- data/lib/sorcery/model/temporary_token.rb +30 -7
- data/lib/sorcery/model.rb +65 -40
- data/lib/sorcery/protocols/oauth.rb +4 -9
- data/lib/sorcery/protocols/oauth2.rb +0 -2
- data/lib/sorcery/providers/auth0.rb +46 -0
- data/lib/sorcery/providers/base.rb +4 -4
- data/lib/sorcery/providers/battlenet.rb +51 -0
- data/lib/sorcery/providers/discord.rb +52 -0
- data/lib/sorcery/providers/facebook.rb +8 -11
- data/lib/sorcery/providers/github.rb +5 -7
- data/lib/sorcery/providers/google.rb +3 -5
- data/lib/sorcery/providers/heroku.rb +7 -8
- data/lib/sorcery/providers/instagram.rb +73 -0
- data/lib/sorcery/providers/jira.rb +12 -17
- data/lib/sorcery/providers/line.rb +63 -0
- data/lib/sorcery/providers/linkedin.rb +44 -35
- data/lib/sorcery/providers/liveid.rb +4 -7
- data/lib/sorcery/providers/microsoft.rb +59 -0
- data/lib/sorcery/providers/paypal.rb +60 -0
- data/lib/sorcery/providers/salesforce.rb +3 -5
- data/lib/sorcery/providers/slack.rb +45 -0
- data/lib/sorcery/providers/twitter.rb +4 -6
- data/lib/sorcery/providers/vk.rb +8 -9
- data/lib/sorcery/providers/wechat.rb +81 -0
- data/lib/sorcery/providers/xing.rb +7 -10
- data/lib/sorcery/test_helpers/internal/rails.rb +25 -17
- data/lib/sorcery/test_helpers/internal.rb +15 -14
- data/lib/sorcery/test_helpers/rails/controller.rb +1 -1
- data/lib/sorcery/test_helpers/rails/integration.rb +5 -6
- data/lib/sorcery/test_helpers/rails/request.rb +20 -0
- data/lib/sorcery/version.rb +1 -1
- data/lib/sorcery.rb +4 -17
- data/sorcery.gemspec +43 -28
- data/spec/active_record/user_activation_spec.rb +4 -5
- data/spec/active_record/user_activity_logging_spec.rb +4 -6
- data/spec/active_record/user_brute_force_protection_spec.rb +5 -6
- data/spec/active_record/user_magic_login_spec.rb +15 -0
- data/spec/active_record/user_oauth_spec.rb +5 -6
- data/spec/active_record/user_remember_me_spec.rb +5 -6
- data/spec/active_record/user_reset_password_spec.rb +4 -5
- data/spec/active_record/user_spec.rb +7 -17
- data/spec/controllers/controller_activity_logging_spec.rb +13 -24
- data/spec/controllers/controller_brute_force_protection_spec.rb +8 -10
- data/spec/controllers/controller_http_basic_auth_spec.rb +20 -21
- data/spec/controllers/controller_oauth2_spec.rb +297 -158
- data/spec/controllers/controller_oauth_spec.rb +97 -71
- data/spec/controllers/controller_remember_me_spec.rb +49 -36
- data/spec/controllers/controller_session_timeout_spec.rb +106 -20
- data/spec/controllers/controller_spec.rb +87 -111
- data/spec/orm/active_record.rb +3 -3
- data/spec/providers/example_provider_spec.rb +17 -0
- data/spec/providers/example_spec.rb +17 -0
- data/spec/providers/examples_spec.rb +17 -0
- data/spec/providers/vk_spec.rb +42 -0
- data/spec/rails_app/app/active_record/authentication.rb +1 -1
- data/spec/rails_app/app/active_record/user.rb +2 -2
- data/spec/rails_app/app/assets/config/manifest.js +1 -0
- data/spec/rails_app/app/controllers/application_controller.rb +2 -0
- data/spec/rails_app/app/controllers/sorcery_controller.rb +250 -46
- data/spec/rails_app/app/mailers/sorcery_mailer.rb +23 -17
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.html.erb +13 -0
- data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.text.erb +6 -0
- data/spec/rails_app/config/application.rb +14 -9
- data/spec/rails_app/config/boot.rb +2 -2
- data/spec/rails_app/config/environment.rb +1 -1
- data/spec/rails_app/config/environments/test.rb +1 -1
- data/spec/rails_app/config/initializers/compatible_legacy_migration.rb +11 -0
- data/spec/rails_app/config/initializers/session_store.rb +3 -3
- data/spec/rails_app/config/routes.rb +31 -1
- data/spec/rails_app/config/secrets.yml +4 -0
- data/spec/rails_app/config.ru +1 -1
- data/spec/rails_app/db/migrate/activation/20101224223622_add_activation_to_users.rb +4 -4
- data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +10 -10
- data/spec/rails_app/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +5 -5
- data/spec/rails_app/db/migrate/core/20101224223620_create_users.rb +5 -5
- data/spec/rails_app/db/migrate/external/20101224223628_create_authentications_and_user_providers.rb +3 -3
- data/spec/rails_app/db/migrate/invalidate_active_sessions/20180221093235_add_invalidate_active_sessions_before_to_users.rb +9 -0
- data/spec/rails_app/db/migrate/magic_login/20170924151831_add_magic_login_to_users.rb +17 -0
- data/spec/rails_app/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +6 -6
- data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +7 -5
- data/spec/rails_app/db/schema.rb +7 -9
- data/spec/shared_examples/user_activation_shared_examples.rb +177 -58
- data/spec/shared_examples/user_activity_logging_shared_examples.rb +47 -41
- data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +19 -24
- data/spec/shared_examples/user_magic_login_shared_examples.rb +150 -0
- data/spec/shared_examples/user_oauth_shared_examples.rb +7 -10
- data/spec/shared_examples/user_remember_me_shared_examples.rb +91 -22
- data/spec/shared_examples/user_reset_password_shared_examples.rb +153 -58
- data/spec/shared_examples/user_shared_examples.rb +328 -145
- data/spec/sorcery_crypto_providers_spec.rb +122 -75
- data/spec/sorcery_temporary_token_spec.rb +27 -0
- data/spec/spec.opts +1 -1
- data/spec/spec_helper.rb +19 -14
- data/spec/support/migration_helper.rb +29 -0
- data/spec/support/providers/example.rb +11 -0
- data/spec/support/providers/example_provider.rb +11 -0
- data/spec/support/providers/examples.rb +11 -0
- metadata +119 -89
- data/.travis.yml +0 -132
- data/gemfiles/active_record-rails40.gemfile +0 -7
- data/gemfiles/active_record-rails41.gemfile +0 -7
- data/gemfiles/mongo_mapper-rails40.gemfile +0 -9
- data/gemfiles/mongo_mapper-rails41.gemfile +0 -9
- data/gemfiles/mongoid-rails40.gemfile +0 -9
- data/gemfiles/mongoid-rails41.gemfile +0 -9
- data/gemfiles/mongoid3-rails32.gemfile +0 -9
- data/lib/sorcery/adapters/data_mapper_adapter.rb +0 -176
- data/lib/sorcery/adapters/mongo_mapper_adapter.rb +0 -110
- data/lib/sorcery/railties/tasks.rake +0 -6
- data/spec/data_mapper/user_activation_spec.rb +0 -10
- data/spec/data_mapper/user_activity_logging_spec.rb +0 -14
- data/spec/data_mapper/user_brute_force_protection_spec.rb +0 -9
- data/spec/data_mapper/user_oauth_spec.rb +0 -9
- data/spec/data_mapper/user_remember_me_spec.rb +0 -8
- data/spec/data_mapper/user_reset_password_spec.rb +0 -8
- data/spec/data_mapper/user_spec.rb +0 -27
- data/spec/mongo_mapper/user_activation_spec.rb +0 -9
- data/spec/mongo_mapper/user_activity_logging_spec.rb +0 -8
- data/spec/mongo_mapper/user_brute_force_protection_spec.rb +0 -8
- data/spec/mongo_mapper/user_oauth_spec.rb +0 -8
- data/spec/mongo_mapper/user_remember_me_spec.rb +0 -8
- data/spec/mongo_mapper/user_reset_password_spec.rb +0 -8
- data/spec/mongo_mapper/user_spec.rb +0 -37
- data/spec/mongoid/user_activation_spec.rb +0 -9
- data/spec/mongoid/user_activity_logging_spec.rb +0 -8
- data/spec/mongoid/user_brute_force_protection_spec.rb +0 -8
- data/spec/mongoid/user_oauth_spec.rb +0 -8
- data/spec/mongoid/user_remember_me_spec.rb +0 -8
- data/spec/mongoid/user_reset_password_spec.rb +0 -8
- data/spec/mongoid/user_spec.rb +0 -51
- data/spec/orm/data_mapper.rb +0 -48
- data/spec/orm/mongo_mapper.rb +0 -10
- data/spec/orm/mongoid.rb +0 -22
- data/spec/rails_app/app/data_mapper/authentication.rb +0 -8
- data/spec/rails_app/app/data_mapper/user.rb +0 -7
- data/spec/rails_app/app/mongo_mapper/authentication.rb +0 -6
- data/spec/rails_app/app/mongo_mapper/user.rb +0 -7
- data/spec/rails_app/app/mongoid/authentication.rb +0 -7
- data/spec/rails_app/app/mongoid/user.rb +0 -7
- data/spec/rails_app/config/initializers/secret_token.rb +0 -7
- data/spec/rails_app/log/development.log +0 -1791
@@ -2,36 +2,26 @@ require 'spec_helper'
|
|
2
2
|
require 'rails_app/app/mailers/sorcery_mailer'
|
3
3
|
require 'shared_examples/user_shared_examples'
|
4
4
|
|
5
|
-
describe User,
|
5
|
+
describe User, 'with no submodules (core)', active_record: true do
|
6
6
|
before(:all) do
|
7
7
|
sorcery_reload!
|
8
8
|
end
|
9
9
|
|
10
|
-
context
|
11
|
-
it
|
10
|
+
context 'when app has plugin loaded' do
|
11
|
+
it 'responds to the plugin activation class method' do
|
12
12
|
expect(ActiveRecord::Base).to respond_to :authenticates_with_sorcery!
|
13
13
|
end
|
14
14
|
|
15
|
-
it
|
15
|
+
it 'User responds to .authenticates_with_sorcery!' do
|
16
16
|
expect(User).to respond_to :authenticates_with_sorcery!
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
20
|
# ----------------- PLUGIN CONFIGURATION -----------------------
|
21
21
|
|
22
|
-
it_should_behave_like
|
22
|
+
it_should_behave_like 'rails_3_core_model'
|
23
23
|
|
24
|
-
describe
|
25
|
-
|
26
|
-
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
|
27
|
-
User.reset_column_information
|
28
|
-
sorcery_reload!
|
29
|
-
end
|
30
|
-
|
31
|
-
after(:all) do
|
32
|
-
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
|
33
|
-
end
|
34
|
-
|
35
|
-
it_should_behave_like "external_user"
|
24
|
+
describe 'external users' do
|
25
|
+
it_should_behave_like 'external_user'
|
36
26
|
end
|
37
27
|
end
|
@@ -2,7 +2,7 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
# require 'shared_examples/controller_activity_logging_shared_examples'
|
4
4
|
|
5
|
-
describe SorceryController do
|
5
|
+
describe SorceryController, type: :controller do
|
6
6
|
after(:all) do
|
7
7
|
sorcery_controller_property_set(:register_login_time, true)
|
8
8
|
sorcery_controller_property_set(:register_logout_time, true)
|
@@ -11,8 +11,7 @@ describe SorceryController do
|
|
11
11
|
end
|
12
12
|
|
13
13
|
# ----------------- ACTIVITY LOGGING -----------------------
|
14
|
-
context
|
15
|
-
|
14
|
+
context 'with activity logging features' do
|
16
15
|
let(:adapter) { double('sorcery_adapter') }
|
17
16
|
let(:user) { double('user', id: 42, sorcery_adapter: adapter) }
|
18
17
|
|
@@ -20,8 +19,6 @@ describe SorceryController do
|
|
20
19
|
sorcery_reload!([:activity_logging])
|
21
20
|
end
|
22
21
|
|
23
|
-
specify { expect(subject).to respond_to(:current_users) }
|
24
|
-
|
25
22
|
before(:each) do
|
26
23
|
allow(user).to receive(:username)
|
27
24
|
allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
|
@@ -33,14 +30,7 @@ describe SorceryController do
|
|
33
30
|
sorcery_controller_property_set(:register_last_activity_time, false)
|
34
31
|
end
|
35
32
|
|
36
|
-
it
|
37
|
-
expect(User).to receive(:current_users).with(no_args)
|
38
|
-
|
39
|
-
subject.current_users
|
40
|
-
end
|
41
|
-
|
42
|
-
|
43
|
-
it "logs login time on login" do
|
33
|
+
it 'logs login time on login' do
|
44
34
|
now = Time.now.in_time_zone
|
45
35
|
Timecop.freeze(now)
|
46
36
|
|
@@ -51,7 +41,7 @@ describe SorceryController do
|
|
51
41
|
Timecop.return
|
52
42
|
end
|
53
43
|
|
54
|
-
it
|
44
|
+
it 'logs logout time on logout' do
|
55
45
|
login_user(user)
|
56
46
|
now = Time.now.in_time_zone
|
57
47
|
Timecop.freeze(now)
|
@@ -62,7 +52,7 @@ describe SorceryController do
|
|
62
52
|
Timecop.return
|
63
53
|
end
|
64
54
|
|
65
|
-
it
|
55
|
+
it 'logs last activity time when logged in' do
|
66
56
|
sorcery_controller_property_set(:register_last_activity_time, true)
|
67
57
|
|
68
58
|
login_user(user)
|
@@ -75,14 +65,14 @@ describe SorceryController do
|
|
75
65
|
Timecop.return
|
76
66
|
end
|
77
67
|
|
78
|
-
it
|
68
|
+
it 'logs last IP address when logged in' do
|
79
69
|
sorcery_controller_property_set(:register_last_ip_address, true)
|
80
|
-
expect(user).to receive(:
|
70
|
+
expect(user).to receive(:set_last_ip_address).with('0.0.0.0')
|
81
71
|
|
82
72
|
login_user(user)
|
83
73
|
end
|
84
74
|
|
85
|
-
it
|
75
|
+
it 'updates nothing but activity fields' do
|
86
76
|
pending 'Move to model'
|
87
77
|
original_user_name = User.last.username
|
88
78
|
login_user(user)
|
@@ -91,14 +81,14 @@ describe SorceryController do
|
|
91
81
|
expect(User.last.username).to eq original_user_name
|
92
82
|
end
|
93
83
|
|
94
|
-
it
|
84
|
+
it 'does not register login time if configured so' do
|
95
85
|
sorcery_controller_property_set(:register_login_time, false)
|
96
86
|
|
97
87
|
expect(user).to receive(:set_last_login_at).never
|
98
88
|
login_user(user)
|
99
89
|
end
|
100
90
|
|
101
|
-
it
|
91
|
+
it 'does not register logout time if configured so' do
|
102
92
|
sorcery_controller_property_set(:register_logout_time, false)
|
103
93
|
login_user(user)
|
104
94
|
|
@@ -106,19 +96,18 @@ describe SorceryController do
|
|
106
96
|
logout_user
|
107
97
|
end
|
108
98
|
|
109
|
-
it
|
99
|
+
it 'does not register last activity time if configured so' do
|
110
100
|
sorcery_controller_property_set(:register_last_activity_time, false)
|
111
101
|
|
112
102
|
expect(user).to receive(:set_last_activity_at).never
|
113
103
|
login_user(user)
|
114
104
|
end
|
115
105
|
|
116
|
-
it
|
106
|
+
it 'does not register last IP address if configured so' do
|
117
107
|
sorcery_controller_property_set(:register_last_ip_address, false)
|
118
|
-
expect(user).to receive(:
|
108
|
+
expect(user).to receive(:set_last_ip_address).never
|
119
109
|
|
120
110
|
login_user(user)
|
121
111
|
end
|
122
|
-
|
123
112
|
end
|
124
113
|
end
|
@@ -1,16 +1,14 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe SorceryController do
|
4
|
-
|
3
|
+
describe SorceryController, type: :controller do
|
5
4
|
let(:user) { double('user', id: 42, email: 'bla@bla.com') }
|
6
5
|
|
7
6
|
def request_test_login
|
8
|
-
get :test_login, email: 'bla@bla.com', password: 'blabla'
|
7
|
+
get :test_login, params: { email: 'bla@bla.com', password: 'blabla' }
|
9
8
|
end
|
10
9
|
|
11
10
|
# ----------------- SESSION TIMEOUT -----------------------
|
12
|
-
describe
|
13
|
-
|
11
|
+
describe 'brute force protection features' do
|
14
12
|
before(:all) do
|
15
13
|
sorcery_reload!([:brute_force_protection])
|
16
14
|
end
|
@@ -21,8 +19,8 @@ describe SorceryController do
|
|
21
19
|
Timecop.return
|
22
20
|
end
|
23
21
|
|
24
|
-
it
|
25
|
-
allow(User).to receive(:authenticate)
|
22
|
+
it 'counts login retries' do
|
23
|
+
allow(User).to receive(:authenticate) { |&block| block.call(nil, :other) }
|
26
24
|
allow(User.sorcery_adapter).to receive(:find_by_credentials).with(['bla@bla.com', 'blabla']).and_return(user)
|
27
25
|
|
28
26
|
expect(user).to receive(:register_failed_login!).exactly(3).times
|
@@ -30,14 +28,14 @@ describe SorceryController do
|
|
30
28
|
3.times { request_test_login }
|
31
29
|
end
|
32
30
|
|
33
|
-
it
|
31
|
+
it 'resets the counter on a good login' do
|
34
32
|
# dirty hack for rails 4
|
35
33
|
allow(@controller).to receive(:register_last_activity_time_to_db)
|
36
34
|
|
37
|
-
allow(User).to receive(:authenticate).
|
35
|
+
allow(User).to receive(:authenticate) { |&block| block.call(user, nil) }
|
38
36
|
expect(user).to receive_message_chain(:sorcery_adapter, :update_attribute).with(:failed_logins_count, 0)
|
39
37
|
|
40
|
-
get :test_login, email: 'bla@bla.com', password: 'secret'
|
38
|
+
get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
|
41
39
|
end
|
42
40
|
end
|
43
41
|
end
|
@@ -1,68 +1,67 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe SorceryController do
|
3
|
+
describe SorceryController, type: :controller do
|
4
|
+
let(:user) { double('user', id: 42, email: 'bla@bla.com') }
|
4
5
|
|
5
|
-
|
6
|
-
|
7
|
-
describe "with http basic auth features" do
|
6
|
+
describe 'with http basic auth features' do
|
8
7
|
before(:all) do
|
9
8
|
sorcery_reload!([:http_basic_auth])
|
10
9
|
|
11
|
-
sorcery_controller_property_set(:controller_to_realm_map,
|
10
|
+
sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'sorcery')
|
12
11
|
end
|
13
12
|
|
14
13
|
after(:each) do
|
15
14
|
logout_user
|
16
15
|
end
|
17
16
|
|
18
|
-
it
|
17
|
+
it 'requests basic authentication when before_action is used' do
|
19
18
|
get :test_http_basic_auth
|
20
19
|
|
21
20
|
expect(response.status).to eq 401
|
22
21
|
end
|
23
22
|
|
24
|
-
it
|
23
|
+
it 'authenticates from http basic if credentials are sent' do
|
25
24
|
# dirty hack for rails 4
|
26
25
|
allow(subject).to receive(:register_last_activity_time_to_db)
|
27
26
|
|
28
|
-
@request.env[
|
27
|
+
@request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
|
29
28
|
expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
|
30
|
-
get :test_http_basic_auth,
|
29
|
+
get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
|
31
30
|
|
32
|
-
expect(response).to
|
31
|
+
expect(response).to be_successful
|
33
32
|
end
|
34
33
|
|
35
|
-
it
|
36
|
-
@request.env[
|
34
|
+
it 'fails authentication if credentials are wrong' do
|
35
|
+
@request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:wrong!")}"
|
37
36
|
expect(User).to receive('authenticate').with('bla@bla.com', 'wrong!').and_return(nil)
|
38
|
-
get :test_http_basic_auth,
|
37
|
+
get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
|
39
38
|
|
40
39
|
expect(response).to redirect_to root_url
|
41
40
|
end
|
42
41
|
|
43
42
|
it "allows configuration option 'controller_to_realm_map'" do
|
44
|
-
sorcery_controller_property_set(:controller_to_realm_map,
|
43
|
+
sorcery_controller_property_set(:controller_to_realm_map, '1' => '2')
|
45
44
|
|
46
|
-
expect(Sorcery::Controller::Config.controller_to_realm_map).to eq(
|
45
|
+
expect(Sorcery::Controller::Config.controller_to_realm_map).to eq('1' => '2')
|
47
46
|
end
|
48
47
|
|
49
|
-
it
|
50
|
-
sorcery_controller_property_set(:controller_to_realm_map,
|
48
|
+
it 'displays the correct realm name configured for the controller' do
|
49
|
+
sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'Salad')
|
51
50
|
get :test_http_basic_auth
|
52
51
|
|
53
|
-
expect(response.headers[
|
52
|
+
expect(response.headers['WWW-Authenticate']).to eq 'Basic realm="Salad"'
|
54
53
|
end
|
55
54
|
|
56
55
|
it "signs in the user's session on successful login" do
|
57
56
|
# dirty hack for rails 4
|
58
57
|
allow(controller).to receive(:register_last_activity_time_to_db)
|
59
58
|
|
60
|
-
@request.env[
|
59
|
+
@request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
|
61
60
|
expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
|
62
61
|
|
63
|
-
get :test_http_basic_auth,
|
62
|
+
get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
|
64
63
|
|
65
|
-
expect(session[:user_id]).to eq
|
64
|
+
expect(session[:user_id]).to eq '42'
|
66
65
|
end
|
67
66
|
end
|
68
67
|
end
|