sorcery 0.9.1 → 0.16.3

data/spec/sorcery_crypto_providers_spec.rb

@@ -1,198 +1,245 @@
 require 'spec_helper'
 
-describe "Crypto Providers wrappers" do
-
+describe 'Crypto Providers wrappers' do
   describe Sorcery::CryptoProviders::MD5 do
-
     after(:each) do
       Sorcery::CryptoProviders::MD5.reset!
     end
 
-    it "encrypt works via wrapper like normal lib" do
-      expect(Sorcery::CryptoProviders::MD5.encrypt 'Noam Ben-Ari').to eq Digest::MD5.hexdigest('Noam Ben-Ari')
+    it 'encrypt works via wrapper like normal lib' do
+      expect(Sorcery::CryptoProviders::MD5.encrypt('Noam Ben-Ari')).to eq Digest::MD5.hexdigest('Noam Ben-Ari')
     end
 
-    it "works with multiple stretches" do
+    it 'works with multiple stretches' do
       Sorcery::CryptoProviders::MD5.stretches = 3
-      expect(Sorcery::CryptoProviders::MD5.encrypt 'Noam Ben-Ari').to eq Digest::MD5.hexdigest(Digest::MD5.hexdigest(Digest::MD5.hexdigest('Noam Ben-Ari')))
+      expect(Sorcery::CryptoProviders::MD5.encrypt('Noam Ben-Ari')).to eq Digest::MD5.hexdigest(Digest::MD5.hexdigest(Digest::MD5.hexdigest('Noam Ben-Ari')))
     end
 
-    it "matches? returns true when matches" do
-      expect(Sorcery::CryptoProviders::MD5.matches? Digest::MD5.hexdigest('Noam Ben-Ari'), 'Noam Ben-Ari').to be true
+    it 'matches? returns true when matches' do
+      expect(Sorcery::CryptoProviders::MD5.matches?(Digest::MD5.hexdigest('Noam Ben-Ari'), 'Noam Ben-Ari')).to be true
     end
 
-    it "matches? returns false when no match" do
-      expect(Sorcery::CryptoProviders::MD5.matches? Digest::MD5.hexdigest('Noam Ben-Ari'), 'Some Dude').to be false
+    it 'matches? returns false when no match' do
+      expect(Sorcery::CryptoProviders::MD5.matches?(Digest::MD5.hexdigest('Noam Ben-Ari'), 'Some Dude')).to be false
     end
-
   end
 
   describe Sorcery::CryptoProviders::SHA1 do
-
     before(:all) do
       @digest = 'Noam Ben-Ari'
-      Sorcery::CryptoProviders::SHA1.stretches.times {@digest = Digest::SHA1.hexdigest(@digest)}
+      Sorcery::CryptoProviders::SHA1.stretches.times { @digest = Digest::SHA1.hexdigest(@digest) }
     end
 
     after(:each) do
       Sorcery::CryptoProviders::SHA1.reset!
     end
 
-    it "encrypt works via wrapper like normal lib" do
-      expect(Sorcery::CryptoProviders::SHA1.encrypt 'Noam Ben-Ari').to eq @digest
+    it 'encrypt works via wrapper like normal lib' do
+      expect(Sorcery::CryptoProviders::SHA1.encrypt('Noam Ben-Ari')).to eq @digest
     end
 
-    it "works with multiple stretches" do
+    it 'works with multiple stretches' do
       Sorcery::CryptoProviders::SHA1.stretches = 3
-      expect(Sorcery::CryptoProviders::SHA1.encrypt 'Noam Ben-Ari').to eq Digest::SHA1.hexdigest(Digest::SHA1.hexdigest(Digest::SHA1.hexdigest('Noam Ben-Ari')))
+      expect(Sorcery::CryptoProviders::SHA1.encrypt('Noam Ben-Ari')).to eq Digest::SHA1.hexdigest(Digest::SHA1.hexdigest(Digest::SHA1.hexdigest('Noam Ben-Ari')))
     end
 
-    it "matches? returns true when matches" do
-      expect(Sorcery::CryptoProviders::SHA1.matches? @digest, 'Noam Ben-Ari').to be true
+    it 'matches? returns true when matches' do
+      expect(Sorcery::CryptoProviders::SHA1.matches?(@digest, 'Noam Ben-Ari')).to be true
     end
 
-    it "matches? returns false when no match" do
-      expect(Sorcery::CryptoProviders::SHA1.matches? @digest, 'Some Dude').to be false
+    it 'matches? returns false when no match' do
+      expect(Sorcery::CryptoProviders::SHA1.matches?(@digest, 'Some Dude')).to be false
     end
 
-    it "matches password encrypted using salt and join token from upstream" do
-      Sorcery::CryptoProviders::SHA1.join_token = "test"
-      expect(Sorcery::CryptoProviders::SHA1.encrypt ['password', 'gq18WBnJYNh2arkC1kgH']).to eq '894b5bf1643b8d0e1b2eaddb22426be7036dab70'
+    it 'matches password encrypted using salt and join token from upstream' do
+      Sorcery::CryptoProviders::SHA1.join_token = 'test'
+      expect(Sorcery::CryptoProviders::SHA1.encrypt(%w[password gq18WBnJYNh2arkC1kgH])).to eq '894b5bf1643b8d0e1b2eaddb22426be7036dab70'
     end
   end
 
   describe Sorcery::CryptoProviders::SHA256 do
-
     before(:all) do
       @digest = 'Noam Ben-Ari'
-      Sorcery::CryptoProviders::SHA256.stretches.times {@digest = Digest::SHA256.hexdigest(@digest)}
+      Sorcery::CryptoProviders::SHA256.stretches.times { @digest = Digest::SHA256.hexdigest(@digest) }
     end
 
     after(:each) do
       Sorcery::CryptoProviders::SHA256.reset!
     end
 
-    it "encrypt works via wrapper like normal lib" do
-      expect(Sorcery::CryptoProviders::SHA256.encrypt 'Noam Ben-Ari').to eq @digest
+    it 'encrypt works via wrapper like normal lib' do
+      expect(Sorcery::CryptoProviders::SHA256.encrypt('Noam Ben-Ari')).to eq @digest
     end
 
-    it "works with multiple stretches" do
+    it 'works with multiple stretches' do
       Sorcery::CryptoProviders::SHA256.stretches = 3
-      expect(Sorcery::CryptoProviders::SHA256.encrypt 'Noam Ben-Ari').to eq Digest::SHA256.hexdigest(Digest::SHA256.hexdigest(Digest::SHA256.hexdigest('Noam Ben-Ari')))
+      expect(Sorcery::CryptoProviders::SHA256.encrypt('Noam Ben-Ari')).to eq Digest::SHA256.hexdigest(Digest::SHA256.hexdigest(Digest::SHA256.hexdigest('Noam Ben-Ari')))
     end
 
-    it "matches? returns true when matches" do
-      expect(Sorcery::CryptoProviders::SHA256.matches? @digest, 'Noam Ben-Ari').to be true
+    it 'matches? returns true when matches' do
+      expect(Sorcery::CryptoProviders::SHA256.matches?(@digest, 'Noam Ben-Ari')).to be true
     end
 
-    it "matches? returns false when no match" do
-      expect(Sorcery::CryptoProviders::SHA256.matches? @digest, 'Some Dude').to be false
+    it 'matches? returns false when no match' do
+      expect(Sorcery::CryptoProviders::SHA256.matches?(@digest, 'Some Dude')).to be false
     end
-
   end
 
   describe Sorcery::CryptoProviders::SHA512 do
-
     before(:all) do
       @digest = 'Noam Ben-Ari'
-      Sorcery::CryptoProviders::SHA512.stretches.times {@digest = Digest::SHA512.hexdigest(@digest)}
+      Sorcery::CryptoProviders::SHA512.stretches.times { @digest = Digest::SHA512.hexdigest(@digest) }
     end
 
     after(:each) do
       Sorcery::CryptoProviders::SHA512.reset!
     end
 
-    it "encrypt works via wrapper like normal lib" do
-      expect(Sorcery::CryptoProviders::SHA512.encrypt 'Noam Ben-Ari').to eq @digest
+    it 'encrypt works via wrapper like normal lib' do
+      expect(Sorcery::CryptoProviders::SHA512.encrypt('Noam Ben-Ari')).to eq @digest
     end
 
-    it "works with multiple stretches" do
+    it 'works with multiple stretches' do
       Sorcery::CryptoProviders::SHA512.stretches = 3
-      expect(Sorcery::CryptoProviders::SHA512.encrypt 'Noam Ben-Ari').to eq Digest::SHA512.hexdigest(Digest::SHA512.hexdigest(Digest::SHA512.hexdigest('Noam Ben-Ari')))
+      expect(Sorcery::CryptoProviders::SHA512.encrypt('Noam Ben-Ari')).to eq Digest::SHA512.hexdigest(Digest::SHA512.hexdigest(Digest::SHA512.hexdigest('Noam Ben-Ari')))
     end
 
-    it "matches? returns true when matches" do
-      expect(Sorcery::CryptoProviders::SHA512.matches? @digest, 'Noam Ben-Ari').to be true
+    it 'matches? returns true when matches' do
+      expect(Sorcery::CryptoProviders::SHA512.matches?(@digest, 'Noam Ben-Ari')).to be true
     end
 
-    it "matches? returns false when no match" do
-      expect(Sorcery::CryptoProviders::SHA512.matches? @digest, 'Some Dude').to be false
+    it 'matches? returns false when no match' do
+      expect(Sorcery::CryptoProviders::SHA512.matches?(@digest, 'Some Dude')).to be false
     end
-
   end
 
   describe Sorcery::CryptoProviders::AES256 do
-
     before(:all) do
-      aes = OpenSSL::Cipher::Cipher.new("AES-256-ECB")
+      aes = OpenSSL::Cipher.new('AES-256-ECB')
       aes.encrypt
-      @key = "asd234dfs423fddsmndsflktsdf32343"
+      @key = 'asd234dfs423fddsmndsflktsdf32343'
       aes.key = @key
       @digest = 'Noam Ben-Ari'
-      @digest = [aes.update(@digest) + aes.final].pack("m").chomp
+      @digest = [aes.update(@digest) + aes.final].pack('m').chomp
       Sorcery::CryptoProviders::AES256.key = @key
     end
 
-    it "encrypt works via wrapper like normal lib" do
-      expect(Sorcery::CryptoProviders::AES256.encrypt 'Noam Ben-Ari').to eq @digest
+    it 'encrypt works via wrapper like normal lib' do
+      expect(Sorcery::CryptoProviders::AES256.encrypt('Noam Ben-Ari')).to eq @digest
     end
 
-    it "matches? returns true when matches" do
-      expect(Sorcery::CryptoProviders::AES256.matches? @digest, 'Noam Ben-Ari').to be true
+    it 'matches? returns true when matches' do
+      expect(Sorcery::CryptoProviders::AES256.matches?(@digest, 'Noam Ben-Ari')).to be true
     end
 
-    it "matches? returns false when no match" do
-      expect(Sorcery::CryptoProviders::AES256.matches? @digest, 'Some Dude').to be false
+    it 'matches? returns false when no match' do
+      expect(Sorcery::CryptoProviders::AES256.matches?(@digest, 'Some Dude')).to be false
     end
 
-    it "can be decrypted" do
-      aes = OpenSSL::Cipher::Cipher.new("AES-256-ECB")
+    it 'can be decrypted' do
+      aes = OpenSSL::Cipher.new('AES-256-ECB')
       aes.decrypt
       aes.key = @key
-      expect(aes.update(@digest.unpack("m").first) + aes.final).to eq "Noam Ben-Ari"
+      expect(aes.update(@digest.unpack('m').first) + aes.final).to eq 'Noam Ben-Ari'
     end
-
   end
 
   describe Sorcery::CryptoProviders::BCrypt do
-
     before(:all) do
       Sorcery::CryptoProviders::BCrypt.cost = 1
-      @digest = BCrypt::Password.create('Noam Ben-Ari', :cost => Sorcery::CryptoProviders::BCrypt.cost)
+      @digest = BCrypt::Password.create('Noam Ben-Ari', cost: Sorcery::CryptoProviders::BCrypt.cost)
+      @tokens = %w[password gq18WBnJYNh2arkC1kgH]
     end
 
     after(:each) do
       Sorcery::CryptoProviders::BCrypt.reset!
     end
 
-    it "is comparable with original secret" do
-      expect(BCrypt::Password.new Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari')).to eq 'Noam Ben-Ari'
+    it 'is comparable with original secret' do
+      expect(BCrypt::Password.new(Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari'))).to eq 'Noam Ben-Ari'
     end
 
-    it "works with multiple costs" do
+    it 'works with multiple costs' do
       Sorcery::CryptoProviders::BCrypt.cost = 3
-      expect(BCrypt::Password.new(Sorcery::CryptoProviders::BCrypt.encrypt 'Noam Ben-Ari')).to eq 'Noam Ben-Ari'
+      expect(BCrypt::Password.new(Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari'))).to eq 'Noam Ben-Ari'
     end
 
-    it "matches? returns true when matches" do
-      expect(Sorcery::CryptoProviders::BCrypt.matches? @digest, 'Noam Ben-Ari').to be true
+    it 'matches? returns true when matches' do
+      expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'Noam Ben-Ari')).to be true
     end
 
-    it "matches? returns false when no match" do
-      expect(Sorcery::CryptoProviders::BCrypt.matches? @digest, 'Some Dude').to be false
+    it 'matches? returns false when no match' do
+      expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'Some Dude')).to be false
     end
 
-    it "respond_to?(:stretches) returns true" do
-      expect(Sorcery::CryptoProviders::BCrypt.respond_to? :stretches).to be true
+    it 'respond_to?(:stretches) returns true' do
+      expect(Sorcery::CryptoProviders::BCrypt.respond_to?(:stretches)).to be true
     end
 
-    it "sets cost when stretches is set" do
+    it 'sets cost when stretches is set' do
       Sorcery::CryptoProviders::BCrypt.stretches = 4
 
       # stubbed in Sorcery::TestHelpers::Internal
       expect(Sorcery::CryptoProviders::BCrypt.cost).to eq 1
     end
 
-  end
+    it 'matches token encrypted with salt from upstream' do
+      # note: actual comparison is done by BCrypt::Password#==(raw_token)
+      expect(Sorcery::CryptoProviders::BCrypt.encrypt(@tokens)).to eq @tokens.flatten.join
+    end
 
+    it 'respond_to?(:pepper) returns true' do
+      expect(Sorcery::CryptoProviders::BCrypt.respond_to?(:pepper)).to be true
+    end
+
+    context 'when pepper is provided' do
+      before(:each) do
+        Sorcery::CryptoProviders::BCrypt.pepper = 'pepper'
+        @digest = Sorcery::CryptoProviders::BCrypt.encrypt(@tokens) # a BCrypt::Password object
+      end
+
+      it 'matches token encrypted with salt and pepper from upstream' do
+        # note: actual comparison is done by BCrypt::Password#==(raw_token)
+        expect(@digest).to eq @tokens.flatten.join.concat('pepper')
+      end
+
+      it 'matches? returns true when matches' do
+        expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, *@tokens)).to be true
+      end
+
+      it 'matches? returns false when pepper is replaced with empty string' do
+        Sorcery::CryptoProviders::BCrypt.pepper = ''
+        expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, *@tokens)).to be false
+      end
+
+      it 'matches? returns false when no match' do
+        expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'a_random_incorrect_password')).to be false
+      end
+    end
+
+    context "when pepper is an empty string (default)" do
+      before(:each) do
+        Sorcery::CryptoProviders::BCrypt.pepper = ''
+        @digest = Sorcery::CryptoProviders::BCrypt.encrypt(@tokens) # a BCrypt::Password object
+      end
+
+      # make sure the default pepper '' does nothing
+      it 'matches token encrypted with salt only (without pepper)' do
+        expect(@digest).to eq @tokens.flatten.join # keep consistency with the older versions of #join_token
+      end
+
+      it 'matches? returns true when matches' do
+        expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, *@tokens)).to be true
+      end
+
+      it 'matches? returns false when pepper has changed' do
+        Sorcery::CryptoProviders::BCrypt.pepper = 'a new pepper'
+        expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, *@tokens)).to be false
+      end
+
+      it 'matches? returns false when no match' do
+        expect(Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'a_random_incorrect_password')).to be false
+      end
+    end
+  end
 end

data/spec/sorcery_temporary_token_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe Sorcery::Model::TemporaryToken do
+  describe '.generate_random_token' do
+    before do
+      sorcery_reload!
+    end
+
+    subject { Sorcery::Model::TemporaryToken.generate_random_token.length }
+
+    context 'token_randomness is 3' do
+      before do
+        sorcery_model_property_set(:token_randomness, 3)
+      end
+
+      it { is_expected.to eq 4 }
+    end
+
+    context 'token_randomness is 15' do
+      before do
+        sorcery_model_property_set(:token_randomness, 15)
+      end
+
+      it { is_expected.to eq 20 }
+    end
+  end
+end

data/spec/spec.opts

@@ -1,2 +1,2 @@
 --color
---format documentation
+--format documentation

data/spec/spec_helper.rb

@@ -1,40 +1,35 @@
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 
-ENV["RAILS_ENV"] ||= 'test'
+ENV['RAILS_ENV'] ||= 'test'
 
-SORCERY_ORM = (ENV["SORCERY_ORM"] || :active_record).to_sym
+SORCERY_ORM = :active_record
 
 # require 'simplecov'
 # SimpleCov.root File.join(File.dirname(__FILE__), '..', 'lib')
 # SimpleCov.start
-
-require 'rspec'
-
 require 'rails/all'
 require 'rspec/rails'
 require 'timecop'
+require 'byebug'
 
 def setup_orm; end
+
 def teardown_orm; end
 
 require "orm/#{SORCERY_ORM}"
 
-require "rails_app/config/environment"
+require 'rails_app/config/environment'
 
-class TestMailer < ActionMailer::Base;end
+class TestMailer < ActionMailer::Base; end
 
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
 
 RSpec.configure do |config|
-  config.include RSpec::Rails::ControllerExampleGroup, :file_path => /controller(.)*_spec.rb$/
-  config.filter_run_excluding :active_record => SORCERY_ORM.to_sym != :active_record
-  config.filter_run_excluding :mongo_mapper => SORCERY_ORM.to_sym != :mongo_mapper
-  config.filter_run_excluding :data_mapper => SORCERY_ORM.to_sym != :data_mapper
-  config.filter_run_excluding :mongoid => SORCERY_ORM.to_sym != :mongoid
+  config.include RSpec::Rails::ControllerExampleGroup, file_path: /controller(.)*_spec.rb$/
   config.mock_with :rspec
 
-  config.use_transactional_fixtures = true
+  config.use_transactional_fixtures = false
 
   config.before(:suite) { setup_orm }
   config.after(:suite) { teardown_orm }
@@ -42,4 +37,14 @@ RSpec.configure do |config|
 
   config.include ::Sorcery::TestHelpers::Internal
   config.include ::Sorcery::TestHelpers::Internal::Rails
+
+  if begin
+       Module.const_defined?('::Rails::Controller::Testing')
+     rescue StandardError
+       false
+     end
+    config.include ::Rails::Controller::Testing::TestProcess, type: :controller
+    config.include ::Rails::Controller::Testing::TemplateAssertions, type: :controller
+    config.include ::Rails::Controller::Testing::Integration, type: :controller
+  end
 end

data/spec/support/migration_helper.rb

@@ -0,0 +1,29 @@
+class MigrationHelper
+  class << self
+    def migrate(path)
+      if ActiveRecord.version >= Gem::Version.new('6.0.0')
+        ActiveRecord::MigrationContext.new(path, schema_migration).migrate
+      elsif ActiveRecord.version >= Gem::Version.new('5.2.0')
+        ActiveRecord::MigrationContext.new(path).migrate
+      else
+        ActiveRecord::Migrator.migrate(path)
+      end
+    end
+
+    def rollback(path)
+      if ActiveRecord.version >= Gem::Version.new('6.0.0')
+        ActiveRecord::MigrationContext.new(path, schema_migration).rollback
+      elsif ActiveRecord.version >= Gem::Version.new('5.2.0')
+        ActiveRecord::MigrationContext.new(path).rollback
+      else
+        ActiveRecord::Migrator.rollback(path)
+      end
+    end
+
+    private
+
+    def schema_migration
+      ActiveRecord::Base.connection.schema_migration
+    end
+  end
+end

data/spec/support/providers/example.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'sorcery/providers/base'
+
+module Sorcery
+  module Providers
+    class Example < Base
+      include Protocols::Oauth2
+    end
+  end
+end

data/spec/support/providers/example_provider.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'sorcery/providers/base'
+
+module Sorcery
+  module Providers
+    class ExampleProvider < Base
+      include Protocols::Oauth2
+    end
+  end
+end

data/spec/support/providers/examples.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'sorcery/providers/base'
+
+module Sorcery
+  module Providers
+    class Examples < Base
+      include Protocols::Oauth2
+    end
+  end
+end