RubyGems - sorcery - Versions diffs - 0.9.1 → 0.16.3 - Mend

sorcery 0.9.1 → 0.16.3

Files changed (199) hide show

checksums.yaml +5 -5
data/.github/FUNDING.yml +1 -0
data/.github/ISSUE_TEMPLATE.md +24 -0
data/.github/PULL_REQUEST_TEMPLATE.md +7 -0
data/.github/workflows/ruby.yml +70 -0
data/.gitignore +3 -0
data/.rubocop.yml +55 -0
data/.rubocop_todo.yml +163 -0
data/CHANGELOG.md +132 -34
data/CODE_OF_CONDUCT.md +14 -0
data/Gemfile +3 -17
data/{LICENSE.txt → LICENSE.md} +1 -1
data/MAINTAINING.md +64 -0
data/README.md +146 -269
data/Rakefile +4 -2
data/SECURITY.md +19 -0
data/gemfiles/rails_52.gemfile +7 -0
data/gemfiles/rails_60.gemfile +7 -0
data/gemfiles/rails_61.gemfile +7 -0
data/gemfiles/rails_70.gemfile +7 -0
data/lib/generators/sorcery/USAGE +1 -1
data/lib/generators/sorcery/helpers.rb +8 -4
data/lib/generators/sorcery/install_generator.rb +41 -35
data/lib/generators/sorcery/templates/initializer.rb +216 -112
data/lib/generators/sorcery/templates/migration/activity_logging.rb +7 -7
data/lib/generators/sorcery/templates/migration/brute_force_protection.rb +5 -5
data/lib/generators/sorcery/templates/migration/core.rb +5 -7
data/lib/generators/sorcery/templates/migration/external.rb +4 -4
data/lib/generators/sorcery/templates/migration/magic_login.rb +9 -0
data/lib/generators/sorcery/templates/migration/remember_me.rb +5 -5
data/lib/generators/sorcery/templates/migration/reset_password.rb +7 -6
data/lib/generators/sorcery/templates/migration/user_activation.rb +6 -6
data/lib/sorcery/adapters/active_record_adapter.rb +11 -21
data/lib/sorcery/adapters/mongoid_adapter.rb +23 -11
data/lib/sorcery/controller/config.rb +27 -23
data/lib/sorcery/controller/submodules/activity_logging.rb +16 -18
data/lib/sorcery/controller/submodules/brute_force_protection.rb +1 -2
data/lib/sorcery/controller/submodules/external.rb +69 -44
data/lib/sorcery/controller/submodules/http_basic_auth.rb +18 -19
data/lib/sorcery/controller/submodules/remember_me.rb +16 -16
data/lib/sorcery/controller/submodules/session_timeout.rb +33 -11
data/lib/sorcery/controller.rb +50 -35
data/lib/sorcery/crypto_providers/aes256.rb +17 -16
data/lib/sorcery/crypto_providers/bcrypt.rb +26 -22
data/lib/sorcery/crypto_providers/common.rb +1 -1
data/lib/sorcery/crypto_providers/md5.rb +5 -5
data/lib/sorcery/crypto_providers/sha1.rb +5 -5
data/lib/sorcery/crypto_providers/sha256.rb +2 -2
data/lib/sorcery/crypto_providers/sha512.rb +3 -3
data/lib/sorcery/engine.rb +19 -11
data/lib/sorcery/model/config.rb +73 -50
data/lib/sorcery/model/submodules/activity_logging.rb +31 -12
data/lib/sorcery/model/submodules/brute_force_protection.rb +38 -31
data/lib/sorcery/model/submodules/external.rb +22 -10
data/lib/sorcery/model/submodules/magic_login.rb +130 -0
data/lib/sorcery/model/submodules/remember_me.rb +19 -7
data/lib/sorcery/model/submodules/reset_password.rb +64 -42
data/lib/sorcery/model/submodules/user_activation.rb +52 -54
data/lib/sorcery/model/temporary_token.rb +30 -7
data/lib/sorcery/model.rb +65 -40
data/lib/sorcery/protocols/oauth.rb +4 -9
data/lib/sorcery/protocols/oauth2.rb +0 -2
data/lib/sorcery/providers/auth0.rb +46 -0
data/lib/sorcery/providers/base.rb +4 -4
data/lib/sorcery/providers/battlenet.rb +51 -0
data/lib/sorcery/providers/discord.rb +52 -0
data/lib/sorcery/providers/facebook.rb +8 -11
data/lib/sorcery/providers/github.rb +5 -7
data/lib/sorcery/providers/google.rb +3 -5
data/lib/sorcery/providers/heroku.rb +7 -8
data/lib/sorcery/providers/instagram.rb +73 -0
data/lib/sorcery/providers/jira.rb +12 -17
data/lib/sorcery/providers/line.rb +63 -0
data/lib/sorcery/providers/linkedin.rb +44 -35
data/lib/sorcery/providers/liveid.rb +4 -7
data/lib/sorcery/providers/microsoft.rb +59 -0
data/lib/sorcery/providers/paypal.rb +60 -0
data/lib/sorcery/providers/salesforce.rb +3 -5
data/lib/sorcery/providers/slack.rb +45 -0
data/lib/sorcery/providers/twitter.rb +4 -6
data/lib/sorcery/providers/vk.rb +8 -9
data/lib/sorcery/providers/wechat.rb +81 -0
data/lib/sorcery/providers/xing.rb +7 -10
data/lib/sorcery/test_helpers/internal/rails.rb +25 -17
data/lib/sorcery/test_helpers/internal.rb +15 -14
data/lib/sorcery/test_helpers/rails/controller.rb +1 -1
data/lib/sorcery/test_helpers/rails/integration.rb +5 -6
data/lib/sorcery/test_helpers/rails/request.rb +20 -0
data/lib/sorcery/version.rb +1 -1
data/lib/sorcery.rb +4 -17
data/sorcery.gemspec +43 -28
data/spec/active_record/user_activation_spec.rb +4 -5
data/spec/active_record/user_activity_logging_spec.rb +4 -6
data/spec/active_record/user_brute_force_protection_spec.rb +5 -6
data/spec/active_record/user_magic_login_spec.rb +15 -0
data/spec/active_record/user_oauth_spec.rb +5 -6
data/spec/active_record/user_remember_me_spec.rb +5 -6
data/spec/active_record/user_reset_password_spec.rb +4 -5
data/spec/active_record/user_spec.rb +7 -17
data/spec/controllers/controller_activity_logging_spec.rb +13 -24
data/spec/controllers/controller_brute_force_protection_spec.rb +8 -10
data/spec/controllers/controller_http_basic_auth_spec.rb +20 -21
data/spec/controllers/controller_oauth2_spec.rb +297 -158
data/spec/controllers/controller_oauth_spec.rb +97 -71
data/spec/controllers/controller_remember_me_spec.rb +49 -36
data/spec/controllers/controller_session_timeout_spec.rb +106 -20
data/spec/controllers/controller_spec.rb +87 -111
data/spec/orm/active_record.rb +3 -3
data/spec/providers/example_provider_spec.rb +17 -0
data/spec/providers/example_spec.rb +17 -0
data/spec/providers/examples_spec.rb +17 -0
data/spec/providers/vk_spec.rb +42 -0
data/spec/rails_app/app/active_record/authentication.rb +1 -1
data/spec/rails_app/app/active_record/user.rb +2 -2
data/spec/rails_app/app/assets/config/manifest.js +1 -0
data/spec/rails_app/app/controllers/application_controller.rb +2 -0
data/spec/rails_app/app/controllers/sorcery_controller.rb +250 -46
data/spec/rails_app/app/mailers/sorcery_mailer.rb +23 -17
data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.html.erb +13 -0
data/spec/rails_app/app/views/sorcery_mailer/magic_login_email.text.erb +6 -0
data/spec/rails_app/config/application.rb +14 -9
data/spec/rails_app/config/boot.rb +2 -2
data/spec/rails_app/config/environment.rb +1 -1
data/spec/rails_app/config/environments/test.rb +1 -1
data/spec/rails_app/config/initializers/compatible_legacy_migration.rb +11 -0
data/spec/rails_app/config/initializers/session_store.rb +3 -3
data/spec/rails_app/config/routes.rb +31 -1
data/spec/rails_app/config/secrets.yml +4 -0
data/spec/rails_app/config.ru +1 -1
data/spec/rails_app/db/migrate/activation/20101224223622_add_activation_to_users.rb +4 -4
data/spec/rails_app/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +10 -10
data/spec/rails_app/db/migrate/brute_force_protection/20101224223626_add_brute_force_protection_to_users.rb +5 -5
data/spec/rails_app/db/migrate/core/20101224223620_create_users.rb +5 -5
data/spec/rails_app/db/migrate/external/20101224223628_create_authentications_and_user_providers.rb +3 -3
data/spec/rails_app/db/migrate/invalidate_active_sessions/20180221093235_add_invalidate_active_sessions_before_to_users.rb +9 -0
data/spec/rails_app/db/migrate/magic_login/20170924151831_add_magic_login_to_users.rb +17 -0
data/spec/rails_app/db/migrate/remember_me/20101224223623_add_remember_me_token_to_users.rb +6 -6
data/spec/rails_app/db/migrate/reset_password/20101224223622_add_reset_password_to_users.rb +7 -5
data/spec/rails_app/db/schema.rb +7 -9
data/spec/shared_examples/user_activation_shared_examples.rb +177 -58
data/spec/shared_examples/user_activity_logging_shared_examples.rb +47 -41
data/spec/shared_examples/user_brute_force_protection_shared_examples.rb +19 -24
data/spec/shared_examples/user_magic_login_shared_examples.rb +150 -0
data/spec/shared_examples/user_oauth_shared_examples.rb +7 -10
data/spec/shared_examples/user_remember_me_shared_examples.rb +91 -22
data/spec/shared_examples/user_reset_password_shared_examples.rb +153 -58
data/spec/shared_examples/user_shared_examples.rb +328 -145
data/spec/sorcery_crypto_providers_spec.rb +122 -75
data/spec/sorcery_temporary_token_spec.rb +27 -0
data/spec/spec.opts +1 -1
data/spec/spec_helper.rb +19 -14
data/spec/support/migration_helper.rb +29 -0
data/spec/support/providers/example.rb +11 -0
data/spec/support/providers/example_provider.rb +11 -0
data/spec/support/providers/examples.rb +11 -0
metadata +119 -89
data/.travis.yml +0 -132
data/gemfiles/active_record-rails40.gemfile +0 -7
data/gemfiles/active_record-rails41.gemfile +0 -7
data/gemfiles/mongo_mapper-rails40.gemfile +0 -9
data/gemfiles/mongo_mapper-rails41.gemfile +0 -9
data/gemfiles/mongoid-rails40.gemfile +0 -9
data/gemfiles/mongoid-rails41.gemfile +0 -9
data/gemfiles/mongoid3-rails32.gemfile +0 -9
data/lib/sorcery/adapters/data_mapper_adapter.rb +0 -176
data/lib/sorcery/adapters/mongo_mapper_adapter.rb +0 -110
data/lib/sorcery/railties/tasks.rake +0 -6
data/spec/data_mapper/user_activation_spec.rb +0 -10
data/spec/data_mapper/user_activity_logging_spec.rb +0 -14
data/spec/data_mapper/user_brute_force_protection_spec.rb +0 -9
data/spec/data_mapper/user_oauth_spec.rb +0 -9
data/spec/data_mapper/user_remember_me_spec.rb +0 -8
data/spec/data_mapper/user_reset_password_spec.rb +0 -8
data/spec/data_mapper/user_spec.rb +0 -27
data/spec/mongo_mapper/user_activation_spec.rb +0 -9
data/spec/mongo_mapper/user_activity_logging_spec.rb +0 -8
data/spec/mongo_mapper/user_brute_force_protection_spec.rb +0 -8
data/spec/mongo_mapper/user_oauth_spec.rb +0 -8
data/spec/mongo_mapper/user_remember_me_spec.rb +0 -8
data/spec/mongo_mapper/user_reset_password_spec.rb +0 -8
data/spec/mongo_mapper/user_spec.rb +0 -37
data/spec/mongoid/user_activation_spec.rb +0 -9
data/spec/mongoid/user_activity_logging_spec.rb +0 -8
data/spec/mongoid/user_brute_force_protection_spec.rb +0 -8
data/spec/mongoid/user_oauth_spec.rb +0 -8
data/spec/mongoid/user_remember_me_spec.rb +0 -8
data/spec/mongoid/user_reset_password_spec.rb +0 -8
data/spec/mongoid/user_spec.rb +0 -51
data/spec/orm/data_mapper.rb +0 -48
data/spec/orm/mongo_mapper.rb +0 -10
data/spec/orm/mongoid.rb +0 -22
data/spec/rails_app/app/data_mapper/authentication.rb +0 -8
data/spec/rails_app/app/data_mapper/user.rb +0 -7
data/spec/rails_app/app/mongo_mapper/authentication.rb +0 -6
data/spec/rails_app/app/mongo_mapper/user.rb +0 -7
data/spec/rails_app/app/mongoid/authentication.rb +0 -7
data/spec/rails_app/app/mongoid/user.rb +0 -7
data/spec/rails_app/config/initializers/secret_token.rb +0 -7
data/spec/rails_app/log/development.log +0 -1791

data/spec/active_record/user_spec.rb CHANGED Viewed

@@ -2,36 +2,26 @@ require 'spec_helper'
 require 'rails_app/app/mailers/sorcery_mailer'
 require 'shared_examples/user_shared_examples'
-describe User, "with no submodules (core)", :active_record => true do
+describe User, 'with no submodules (core)', active_record: true do
   before(:all) do
     sorcery_reload!
   end
-  context "when app has plugin loaded" do
-    it "responds to the plugin activation class method" do
+  context 'when app has plugin loaded' do
+    it 'responds to the plugin activation class method' do
       expect(ActiveRecord::Base).to respond_to :authenticates_with_sorcery!
     end
-    it "User responds to .authenticates_with_sorcery!" do
+    it 'User responds to .authenticates_with_sorcery!' do
       expect(User).to respond_to :authenticates_with_sorcery!
     end
   end
   # ----------------- PLUGIN CONFIGURATION -----------------------
-  it_should_behave_like "rails_3_core_model"
+  it_should_behave_like 'rails_3_core_model'
-  describe "external users" do
-    before(:all) do
-      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
-      User.reset_column_information
-      sorcery_reload!
-    end
-    after(:all) do
-      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
-    end
-    it_should_behave_like "external_user"
+  describe 'external users' do
+    it_should_behave_like 'external_user'
   end
 end

data/spec/controllers/controller_activity_logging_spec.rb CHANGED Viewed

@@ -2,7 +2,7 @@ require 'spec_helper'
 # require 'shared_examples/controller_activity_logging_shared_examples'
-describe SorceryController do
+describe SorceryController, type: :controller do
   after(:all) do
     sorcery_controller_property_set(:register_login_time, true)
     sorcery_controller_property_set(:register_logout_time, true)
@@ -11,8 +11,7 @@ describe SorceryController do
   end
   # ----------------- ACTIVITY LOGGING -----------------------
-  context "with activity logging features" do
+  context 'with activity logging features' do
     let(:adapter) { double('sorcery_adapter') }
     let(:user) { double('user', id: 42, sorcery_adapter: adapter) }
@@ -20,8 +19,6 @@ describe SorceryController do
       sorcery_reload!([:activity_logging])
     end
-    specify { expect(subject).to respond_to(:current_users) }
     before(:each) do
       allow(user).to receive(:username)
       allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
@@ -33,14 +30,7 @@ describe SorceryController do
       sorcery_controller_property_set(:register_last_activity_time, false)
     end
-    it "'current_users' should proxy to User.current_users" do
-      expect(User).to receive(:current_users).with(no_args)
-      subject.current_users
-    end
-    it "logs login time on login" do
+    it 'logs login time on login' do
       now = Time.now.in_time_zone
       Timecop.freeze(now)
@@ -51,7 +41,7 @@ describe SorceryController do
       Timecop.return
     end
-    it "logs logout time on logout" do
+    it 'logs logout time on logout' do
       login_user(user)
       now = Time.now.in_time_zone
       Timecop.freeze(now)
@@ -62,7 +52,7 @@ describe SorceryController do
       Timecop.return
     end
-    it "logs last activity time when logged in" do
+    it 'logs last activity time when logged in' do
       sorcery_controller_property_set(:register_last_activity_time, true)
       login_user(user)
@@ -75,14 +65,14 @@ describe SorceryController do
       Timecop.return
     end
-    it "logs last IP address when logged in" do
+    it 'logs last IP address when logged in' do
       sorcery_controller_property_set(:register_last_ip_address, true)
-      expect(user).to receive(:set_last_ip_addess).with('0.0.0.0')
+      expect(user).to receive(:set_last_ip_address).with('0.0.0.0')
       login_user(user)
     end
-    it "updates nothing but activity fields" do
+    it 'updates nothing but activity fields' do
       pending 'Move to model'
       original_user_name = User.last.username
       login_user(user)
@@ -91,14 +81,14 @@ describe SorceryController do
       expect(User.last.username).to eq original_user_name
     end
-    it "does not register login time if configured so" do
+    it 'does not register login time if configured so' do
       sorcery_controller_property_set(:register_login_time, false)
       expect(user).to receive(:set_last_login_at).never
       login_user(user)
     end
-    it "does not register logout time if configured so" do
+    it 'does not register logout time if configured so' do
       sorcery_controller_property_set(:register_logout_time, false)
       login_user(user)
@@ -106,19 +96,18 @@ describe SorceryController do
       logout_user
     end
-    it "does not register last activity time if configured so" do
+    it 'does not register last activity time if configured so' do
       sorcery_controller_property_set(:register_last_activity_time, false)
       expect(user).to receive(:set_last_activity_at).never
       login_user(user)
     end
-    it "does not register last IP address if configured so" do
+    it 'does not register last IP address if configured so' do
       sorcery_controller_property_set(:register_last_ip_address, false)
-      expect(user).to receive(:set_last_ip_addess).never
+      expect(user).to receive(:set_last_ip_address).never
       login_user(user)
     end
   end
 end

data/spec/controllers/controller_brute_force_protection_spec.rb CHANGED Viewed

@@ -1,16 +1,14 @@
 require 'spec_helper'
-describe SorceryController do
+describe SorceryController, type: :controller do
   let(:user) { double('user', id: 42, email: 'bla@bla.com') }
   def request_test_login
-    get :test_login, email: 'bla@bla.com', password: 'blabla'
+    get :test_login, params: { email: 'bla@bla.com', password: 'blabla' }
   end
   # ----------------- SESSION TIMEOUT -----------------------
-  describe "brute force protection features" do
+  describe 'brute force protection features' do
     before(:all) do
       sorcery_reload!([:brute_force_protection])
     end
@@ -21,8 +19,8 @@ describe SorceryController do
       Timecop.return
     end
-    it "counts login retries" do
-      allow(User).to receive(:authenticate)
+    it 'counts login retries' do
+      allow(User).to receive(:authenticate) { |&block| block.call(nil, :other) }
       allow(User.sorcery_adapter).to receive(:find_by_credentials).with(['bla@bla.com', 'blabla']).and_return(user)
       expect(user).to receive(:register_failed_login!).exactly(3).times
@@ -30,14 +28,14 @@ describe SorceryController do
       3.times { request_test_login }
     end
-    it "resets the counter on a good login" do
+    it 'resets the counter on a good login' do
       # dirty hack for rails 4
       allow(@controller).to receive(:register_last_activity_time_to_db)
-      allow(User).to receive(:authenticate).and_return(user)
+      allow(User).to receive(:authenticate) { |&block| block.call(user, nil) }
       expect(user).to receive_message_chain(:sorcery_adapter, :update_attribute).with(:failed_logins_count, 0)
-      get :test_login, email: 'bla@bla.com', password: 'secret'
+      get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
     end
   end
 end

data/spec/controllers/controller_http_basic_auth_spec.rb CHANGED Viewed

@@ -1,68 +1,67 @@
 require 'spec_helper'
-describe SorceryController do
+describe SorceryController, type: :controller do
+  let(:user) { double('user', id: 42, email: 'bla@bla.com') }
-  let(:user) { double("user", id: 42, email: 'bla@bla.com') }
-  describe  "with http basic auth features" do
+  describe 'with http basic auth features' do
     before(:all) do
       sorcery_reload!([:http_basic_auth])
-      sorcery_controller_property_set(:controller_to_realm_map, {"sorcery" => "sorcery"})
+      sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'sorcery')
     end
     after(:each) do
       logout_user
     end
-    it "requests basic authentication when before_filter is used" do
+    it 'requests basic authentication when before_action is used' do
       get :test_http_basic_auth
       expect(response.status).to eq 401
     end
-    it "authenticates from http basic if credentials are sent" do
+    it 'authenticates from http basic if credentials are sent' do
       # dirty hack for rails 4
       allow(subject).to receive(:register_last_activity_time_to_db)
-      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64::encode64("#{user.email}:secret")}"
+      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
       expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
-      get :test_http_basic_auth, nil, http_authentication_used: true
+      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-      expect(response).to be_a_success
+      expect(response).to be_successful
     end
-    it "fails authentication if credentials are wrong" do
-      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64::encode64("#{user.email}:wrong!")}"
+    it 'fails authentication if credentials are wrong' do
+      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:wrong!")}"
       expect(User).to receive('authenticate').with('bla@bla.com', 'wrong!').and_return(nil)
-      get :test_http_basic_auth, nil, http_authentication_used: true
+      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
       expect(response).to redirect_to root_url
     end
     it "allows configuration option 'controller_to_realm_map'" do
-      sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
+      sorcery_controller_property_set(:controller_to_realm_map, '1' => '2')
-      expect(Sorcery::Controller::Config.controller_to_realm_map).to eq({"1" => "2"})
+      expect(Sorcery::Controller::Config.controller_to_realm_map).to eq('1' => '2')
     end
-    it "displays the correct realm name configured for the controller" do
-      sorcery_controller_property_set(:controller_to_realm_map, {"sorcery" => "Salad"})
+    it 'displays the correct realm name configured for the controller' do
+      sorcery_controller_property_set(:controller_to_realm_map, 'sorcery' => 'Salad')
       get :test_http_basic_auth
-      expect(response.headers["WWW-Authenticate"]).to eq "Basic realm=\"Salad\""
+      expect(response.headers['WWW-Authenticate']).to eq 'Basic realm="Salad"'
     end
     it "signs in the user's session on successful login" do
       # dirty hack for rails 4
       allow(controller).to receive(:register_last_activity_time_to_db)
-      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64::encode64("#{user.email}:secret")}"
+      @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("#{user.email}:secret")}"
       expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
-      get :test_http_basic_auth, nil, http_authentication_used: true
+      get :test_http_basic_auth, params: {}, session: { http_authentication_used: true }
-      expect(session[:user_id]).to eq "42"
+      expect(session[:user_id]).to eq '42'
     end
   end
 end