sorcery 0.9.1 → 0.16.3

data/spec/controllers/controller_session_timeout_spec.rb

@@ -1,14 +1,13 @@
 require 'spec_helper'
 
-describe SorceryController do
-
+describe SorceryController, type: :controller do
   let!(:user) { double('user', id: 42) }
 
   # ----------------- SESSION TIMEOUT -----------------------
-  context "with session timeout features" do
+  context 'with session timeout features' do
     before(:all) do
       sorcery_reload!([:session_timeout])
-      sorcery_controller_property_set(:session_timeout,0.5)
+      sorcery_controller_property_set(:session_timeout, 0.5)
     end
 
     after(:each) do
@@ -20,61 +19,148 @@ describe SorceryController do
       allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
     end
 
-    it "does not reset session before session timeout" do
+    it 'does not reset session before session timeout' do
       login_user user
       get :test_should_be_logged_in
 
       expect(session[:user_id]).not_to be_nil
-      expect(response).to be_a_success
+      expect(response).to be_successful
     end
 
-    it "resets session after session timeout" do
+    it 'resets session after session timeout' do
       login_user user
-      Timecop.travel(Time.now.in_time_zone+0.6)
+      Timecop.travel(Time.now.in_time_zone + 0.6)
       get :test_should_be_logged_in
 
       expect(session[:user_id]).to be_nil
       expect(response).to be_a_redirect
     end
 
-    it "works if the session is stored as a string or a Time" do
+    context "with 'invalidate_active_sessions_enabled'" do
+      it 'does not reset the session if invalidate_sessions_before is nil' do
+        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
+        login_user user
+        allow(user).to receive(:invalidate_sessions_before) { nil }
+
+        get :test_should_be_logged_in
+
+        expect(session[:user_id]).not_to be_nil
+        expect(response).to be_successful
+      end
+
+      it 'does not reset the session if it was not created before invalidate_sessions_before' do
+        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
+        login_user user
+        allow(user).to receive(:invalidate_sessions_before) { Time.now.in_time_zone - 10.minutes }
+
+        get :test_should_be_logged_in
+
+        expect(session[:user_id]).not_to be_nil
+        expect(response).to be_successful
+      end
+
+      it 'resets the session if the session was created before invalidate_sessions_before' do
+        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
+        login_user user
+        allow(user).to receive(:invalidate_sessions_before) { Time.now.in_time_zone }
+        get :test_should_be_logged_in
+
+        expect(session[:user_id]).to be_nil
+        expect(response).to be_a_redirect
+      end
+
+      it 'resets active sessions on next action if invalidate_active_sessions! is called' do
+        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
+        # precondition that the user is logged in
+        login_user user
+        get :test_should_be_logged_in
+        expect(response).to be_successful
+
+        allow(user).to receive(:send) { |_method, value| allow(user).to receive(:invalidate_sessions_before) { value } }
+        allow(user).to receive(:save)
+        get :test_invalidate_active_session
+        expect(response).to be_successful
+
+        get :test_should_be_logged_in
+        expect(session[:user_id]).to be_nil
+        expect(response).to be_a_redirect
+      end
+
+      it 'allows login after invalidate_active_sessions! is called' do
+        sorcery_controller_property_set(:session_timeout_invalidate_active_sessions_enabled, true)
+        # precondition that the user is logged in
+        login_user user
+        get :test_should_be_logged_in
+        expect(response).to be_successful
+
+        allow(user).to receive(:send) { |_method, value| allow(user).to receive(:invalidate_sessions_before) { value } }
+        allow(user).to receive(:save)
+        # Call to invalidate
+        get :test_invalidate_active_session
+        expect(response).to be_successful
+
+        # Check that existing sessions were logged out
+        get :test_should_be_logged_in
+        expect(session[:user_id]).to be_nil
+        expect(response).to be_a_redirect
+
+        # Check that new session is allowed to login
+        login_user user
+        get :test_should_be_logged_in
+        expect(response).to be_successful
+        expect(session[:user_id]).not_to be_nil
+
+        # Check an additional request to make sure not logged out on next request
+        get :test_should_be_logged_in
+        expect(response).to be_successful
+        expect(session[:user_id]).not_to be_nil
+      end
+    end
+
+    it 'works if the session is stored as a string or a Time' do
       session[:login_time] = Time.now.to_s
       # TODO: ???
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
 
-      get :test_login, :email => 'bla@bla.com', :password => 'secret'
+      get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
 
       expect(session[:user_id]).not_to be_nil
-      expect(response).to be_a_success
+      expect(response).to be_successful
     end
 
     context "with 'session_timeout_from_last_action'" do
-      it "does not logout if there was activity" do
+      it 'does not logout if there was activity' do
         sorcery_controller_property_set(:session_timeout_from_last_action, true)
-        expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+        expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
 
-        get :test_login, :email => 'bla@bla.com', :password => 'secret'
-        Timecop.travel(Time.now.in_time_zone+0.3)
+        get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
+        Timecop.travel(Time.now.in_time_zone + 0.3)
         get :test_should_be_logged_in
 
         expect(session[:user_id]).not_to be_nil
 
-        Timecop.travel(Time.now.in_time_zone+0.3)
+        Timecop.travel(Time.now.in_time_zone + 0.3)
         get :test_should_be_logged_in
 
         expect(session[:user_id]).not_to be_nil
-        expect(response).to be_a_success
+        expect(response).to be_successful
       end
 
       it "with 'session_timeout_from_last_action' logs out if there was no activity" do
         sorcery_controller_property_set(:session_timeout_from_last_action, true)
-        get :test_login, :email => 'bla@bla.com', :password => 'secret'
-        Timecop.travel(Time.now.in_time_zone+0.6)
+        get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
+        Timecop.travel(Time.now.in_time_zone + 0.6)
         get :test_should_be_logged_in
 
         expect(session[:user_id]).to be_nil
         expect(response).to be_a_redirect
       end
     end
+
+    it 'registers login time on remember_me callback' do
+      expect(subject).to receive(:register_login_time).with(user)
+
+      subject.send(:after_remember_me!, user)
+    end
   end
 end

data/spec/controllers/controller_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
-describe SorceryController do
-  describe "plugin configuration" do
+describe SorceryController, type: :controller do
+  describe 'plugin configuration' do
     before(:all) do
       sorcery_reload!
     end
@@ -12,9 +12,9 @@ describe SorceryController do
     end
 
     it "enables configuration option 'user_class'" do
-      sorcery_controller_property_set(:user_class, "TestUser")
+      sorcery_controller_property_set(:user_class, 'TestUser')
 
-      expect(Sorcery::Controller::Config.user_class).to eq "TestUser"
+      expect(Sorcery::Controller::Config.user_class).to eq 'TestUser'
     end
 
     it "enables configuration option 'not_authenticated_action'" do
@@ -22,11 +22,10 @@ describe SorceryController do
 
       expect(Sorcery::Controller::Config.not_authenticated_action).to eq :my_action
     end
-
   end
 
   # ----------------- PLUGIN ACTIVATED -----------------------
-  context "when activated with sorcery" do
+  context 'when activated with sorcery' do
     let(:user) { double('user', id: 42) }
 
     before(:all) do
@@ -48,160 +47,138 @@ describe SorceryController do
 
     specify { should respond_to(:current_user) }
 
-    it "login(username,password) returns the user when success and set the session with user.id" do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
-
-      get :test_login, :email => 'bla@bla.com', :password => 'secret'
-
-      expect(assigns[:user]).to eq user
-      expect(session[:user_id]).to eq "42"
-    end
-
-    it "login(email,password) returns the user when success and set the session with user.id" do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
-
-      get :test_login, :email => 'bla@bla.com', :password => 'secret'
-
-      expect(assigns[:user]).to eq user
-      expect(session[:user_id]).to eq user.id.to_s
-    end
-
-    it "login(username,password) returns nil and not set the session when failure" do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'opensesame!').and_return(nil)
-
-      get :test_login, :email => 'bla@bla.com', :password => 'opensesame!'
-
-      expect(assigns[:user]).to be_nil
-      expect(session[:user_id]).to be_nil
-    end
+    specify { should respond_to(:require_login) }
 
-    it "login(email,password) returns the user when success and set the session with the _csrf_token" do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
-      get :test_login, :email => 'bla@bla.com', :password => 'secret'
+    describe '#login' do
+      context 'when succeeds' do
+        before do
+          expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
+          get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
+        end
 
-      expect(session[:_csrf_token]).not_to be_nil
-    end
+        it 'assigns user to @user variable' do
+          expect(assigns[:user]).to eq user
+        end
 
-    it "login(username,password) returns nil and not set the session when upper case username" do
-      skip('DM Adapter dependant') if SORCERY_ORM == :data_mapper
-      get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
+        it 'writes user id in session' do
+          expect(session[:user_id]).to eq user.id.to_s
+        end
 
-      expect(assigns[:user]).to be_nil
-      expect(session[:user_id]).to be_nil
-    end
-
-    # TODO: move test to model
-    it "login(username,password) returns the user and set the session with user.id when upper case username and config is downcase before authenticating" do
-      sorcery_model_property_set(:downcase_username_before_authenticating, true)
-      expect(User).to receive(:authenticate).with('BLA@BLA.COM', 'secret').and_return(user)
-      get :test_login, :email => 'BLA@BLA.COM', :password => 'secret'
+        it 'sets csrf token in session' do
+          expect(session[:_csrf_token]).not_to be_nil
+        end
+      end
 
-      expect(assigns[:user]).to eq user
-      expect(session[:user_id]).to eq user.id.to_s
-    end
+      context 'when fails' do
+        before do
+          expect(User).to receive(:authenticate).with('bla@bla.com', 'opensesame!').and_return(nil)
+          get :test_login, params: { email: 'bla@bla.com', password: 'opensesame!' }
+        end
 
-    # TODO: move test to model
-    it "login(username,password) returns nil and not set the session when user was created with upper case username, config is default, and log in username is lower case" do
-      skip('DM Adapter dependant') if SORCERY_ORM == :data_mapper
-      expect(User).to receive(:authenticate).with('bla1@bla.com', 'secret1').and_return(nil)
-      get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
+        it 'sets @user variable to nil' do
+          expect(assigns[:user]).to be_nil
+        end
 
-      expect(assigns[:user]).to be_nil
-      expect(session[:user_id]).to be_nil
-    end
-
-    # TODO: move test to model
-    it "login(username,password) returns the user and set the session with user.id when user was created with upper case username and config is downcase before authenticating" do
-      skip('DM Adapter dependant') if SORCERY_ORM == :data_mapper
-      sorcery_model_property_set(:downcase_username_before_authenticating, true)
-      expect(User).to receive(:authenticate).with('bla1@bla.com', 'secret1').and_return(user)
-      get :test_login, :email => 'bla1@bla.com', :password => 'secret1'
-
-      expect(assigns[:user]).to eq user
-      expect(session[:user_id]).to eq user.id.to_s
+        it 'sets user_id in session to nil' do
+          expect(session[:user_id]).to be_nil
+        end
+      end
     end
 
-    it "logout clears the session" do
-      cookies[:remember_me_token] = nil
-      session[:user_id] = user.id.to_s
-      expect(User.sorcery_adapter).to receive(:find_by_id).with("42") { user }
-      get :test_logout
+    describe '#logout' do
+      it 'clears the session' do
+        cookies[:remember_me_token] = nil
+        session[:user_id] = user.id.to_s
+        expect(User.sorcery_adapter).to receive(:find_by_id).with('42') { user }
+        get :test_logout
 
-      expect(session[:user_id]).to be_nil
+        expect(session[:user_id]).to be_nil
+      end
     end
 
-    it "logged_in? returns true if logged in" do
-      session[:user_id] = user.id.to_s
-      expect(User.sorcery_adapter).to receive(:find_by_id).with("42") { user }
+    describe '#logged_in?' do
+      it 'returns true when user is logged in' do
+        session[:user_id] = user.id.to_s
+        expect(User.sorcery_adapter).to receive(:find_by_id).with('42') { user }
 
-      expect(subject.logged_in?).to be true
-    end
+        expect(subject.logged_in?).to be true
+      end
 
-    it "logged_in? returns false if not logged in" do
-      session[:user_id] = nil
+      it 'returns false when user is not logged in' do
+        session[:user_id] = nil
 
-      expect(subject.logged_in?).to be false
+        expect(subject.logged_in?).to be false
+      end
     end
 
-    it "current_user returns the user instance if logged in" do
-      session[:user_id] = user.id.to_s
-      expect(User.sorcery_adapter).to receive(:find_by_id).with("42") { user }
+    describe '#current_user' do
+      it 'current_user returns the user instance if logged in' do
+        session[:user_id] = user.id.to_s
+        expect(User.sorcery_adapter).to receive(:find_by_id).once.with('42') { user }
 
-      2.times { expect(subject.current_user).to eq user } # memoized!
-    end
+        2.times { expect(subject.current_user).to eq user } # memoized!
+      end
 
-    it "current_user returns false if not logged in" do
-      session[:user_id] = nil
-      expect(User.sorcery_adapter).to_not receive(:find_by_id)
+      it 'current_user returns false if not logged in' do
+        session[:user_id] = nil
+        expect(User.sorcery_adapter).to_not receive(:find_by_id)
 
-      2.times { expect(subject.current_user).to be_nil } # memoized!
+        2.times { expect(subject.current_user).to be_nil } # memoized!
+      end
     end
 
-    specify { should respond_to(:require_login) }
-
-    it "calls the configured 'not_authenticated_action' when authenticate before_filter fails" do
+    it "calls the configured 'not_authenticated_action' when authenticate before_action fails" do
       session[:user_id] = nil
       sorcery_controller_property_set(:not_authenticated_action, :test_not_authenticated_action)
       get :test_logout
 
-      expect(response.body).to eq "test_not_authenticated_action"
+      expect(response).to be_successful
     end
 
-    it "require_login before_filter saves the url that the user originally wanted" do
+    it 'require_login before_action saves the url that the user originally wanted' do
       get :some_action
 
-      expect(session[:return_to_url]).to eq "http://test.host/some_action"
-      expect(response).to redirect_to("http://test.host/")
+      expect(session[:return_to_url]).to eq 'http://test.host/some_action'
+      expect(response).to redirect_to('http://test.host/')
     end
 
-    it "require_login before_filter does not save the url that the user originally wanted upon all non-get http methods" do
-      [:post, :put, :delete].each do |m|
-        self.send(m, :some_action)
+    it 'require_login before_action does not save the url that the user originally wanted upon all non-get http methods' do
+      %i[post put delete].each do |m|
+        send(m, :some_action)
 
         expect(session[:return_to_url]).to be_nil
       end
     end
 
-    it "on successful login the user is redirected to the url he originally wanted" do
-      session[:return_to_url] = "http://test.host/some_action"
-      post :test_return_to, :email => 'bla@bla.com', :password => 'secret'
+    it 'require_login before_action does not save the url for JSON requests' do
+      get :some_action, format: :json
+      expect(session[:return_to_url]).to be_nil
+    end
 
-      expect(response).to redirect_to("http://test.host/some_action")
-      expect(flash[:notice]).to eq "haha!"
+    it 'require_login before_action does not save the url for XHR requests' do
+      get :some_action, xhr: true
+      expect(session[:return_to_url]).to be_nil
     end
 
+    it 'on successful login the user is redirected to the url he originally wanted' do
+      session[:return_to_url] = 'http://test.host/some_action'
+      post :test_return_to, params: { email: 'bla@bla.com', password: 'secret' }
+
+      expect(response).to redirect_to('http://test.host/some_action')
+      expect(flash[:notice]).to eq 'haha!'
+    end
 
     # --- auto_login(user) ---
     specify { should respond_to(:auto_login) }
 
-    it "auto_login(user) los in a user instance" do
+    it 'auto_login(user) logs in a user instance' do
       session[:user_id] = nil
       subject.auto_login(user)
 
       expect(subject.logged_in?).to be true
     end
 
-    it "auto_login(user) works even if current_user was already set to false" do
+    it 'auto_login(user) works even if current_user was already set to false' do
       get :test_logout
 
       expect(session[:user_id]).to be_nil
@@ -214,5 +191,4 @@ describe SorceryController do
       expect(assigns[:result]).to eq user
     end
   end
-
 end

data/spec/orm/active_record.rb

@@ -9,13 +9,13 @@ class TestUser < ActiveRecord::Base
 end
 
 def setup_orm
-  ActiveRecord::Migrator.migrate(migrations_path)
+  MigrationHelper.migrate(migrations_path)
 end
 
 def teardown_orm
-  ActiveRecord::Migrator.rollback(migrations_path)
+  MigrationHelper.rollback(migrations_path)
 end
 
 def migrations_path
-  Rails.root.join("db", "migrate", "core")
+  Rails.root.join('db', 'migrate', 'core')
 end

data/spec/providers/example_provider_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'sorcery/providers/base'
+
+describe Sorcery::Providers::ExampleProvider do
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:example_provider])
+  end
+
+  context 'fetching a multi-word custom provider' do
+    it 'returns the provider' do
+      expect(Sorcery::Controller::Config.example_provider).to be_a(Sorcery::Providers::ExampleProvider)
+    end
+  end
+end

data/spec/providers/example_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'sorcery/providers/base'
+
+describe Sorcery::Providers::Example do
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:example])
+  end
+
+  context 'fetching a single-word custom provider' do
+    it 'returns the provider' do
+      expect(Sorcery::Controller::Config.example).to be_a(Sorcery::Providers::Example)
+    end
+  end
+end

data/spec/providers/examples_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'sorcery/providers/base'
+
+describe Sorcery::Providers::Examples do
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:examples])
+  end
+
+  context 'fetching a plural custom provider' do
+    it 'returns the provider' do
+      expect(Sorcery::Controller::Config.examples).to be_a(Sorcery::Providers::Examples)
+    end
+  end
+end

data/spec/providers/vk_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+require 'sorcery/providers/base'
+require 'sorcery/providers/vk'
+require 'webmock/rspec'
+
+describe Sorcery::Providers::Vk do
+  include WebMock::API
+
+  let(:provider) { Sorcery::Controller::Config.vk }
+
+  before(:all) do
+    sorcery_reload!([:external])
+    sorcery_controller_property_set(:external_providers, [:vk])
+    sorcery_controller_external_property_set(:vk, :key, 'KEY')
+    sorcery_controller_external_property_set(:vk, :secret, 'SECRET')
+  end
+
+  def stub_vk_authorize
+    stub_request(:post, %r{https\:\/\/oauth\.vk\.com\/access_token}).to_return(
+      status: 200,
+      body: '{"access_token":"TOKEN","expires_in":86329,"user_id":1}',
+      headers: { 'content-type' => 'application/json' }
+    )
+  end
+
+  context 'getting user info hash' do
+    it 'should provide VK API version' do
+      stub_vk_authorize
+      sorcery_controller_external_property_set(:vk, :api_version, '5.71')
+
+      get_user = stub_request(
+        :get,
+        'https://api.vk.com/method/getProfiles?access_token=TOKEN&fields=&scope=email&uids=1&v=5.71'
+      ).to_return(body: '{"response":[{"id":1}]}')
+
+      token = provider.process_callback({ code: 'CODE' }, nil)
+      provider.get_user_hash(token)
+
+      expect(get_user).to have_been_requested
+    end
+  end
+end

data/spec/rails_app/app/active_record/authentication.rb

@@ -1,3 +1,3 @@
 class Authentication < ActiveRecord::Base
   belongs_to :user
-end
+end

data/spec/rails_app/app/active_record/user.rb

@@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  has_many :authentications, :dependent => :destroy
-  has_many :user_providers, :dependent => :destroy
+  has_many :authentications, dependent: :destroy
+  has_many :user_providers, dependent: :destroy
   accepts_nested_attributes_for :authentications
 end

data/spec/rails_app/app/assets/config/manifest.js

@@ -0,0 +1 @@
+{}

data/spec/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,2 @@
+class ApplicationController < ActionController::Base
+end