sorcery 0.9.1 → 0.16.3

data/lib/generators/sorcery/templates/migration/core.rb

@@ -1,13 +1,11 @@
-class SorceryCore < ActiveRecord::Migration
+class SorceryCore < <%= migration_class_name %>
   def change
-    create_table :<%= model_class_name.tableize %> do |t|
-      t.string :email,            :null => false
+    create_table :<%= tableized_model_class %> do |t|
+      t.string :email,            null: false, index: { unique: true }
       t.string :crypted_password
       t.string :salt
 
-      t.timestamps
+      t.timestamps                null: false
     end
-
-    add_index :<%= model_class_name.tableize %>, :email, unique: true
   end
-end
+end

data/lib/generators/sorcery/templates/migration/external.rb

@@ -1,10 +1,10 @@
-class SorceryExternal < ActiveRecord::Migration
+class SorceryExternal < <%= migration_class_name %>
   def change
     create_table :authentications do |t|
-      t.integer :<%= model_class_name.tableize.singularize %>_id, :null => false
-      t.string :provider, :uid, :null => false
+      t.integer :<%= tableized_model_class.singularize %>_id, null: false
+      t.string :provider, :uid, null: false
 
-      t.timestamps
+      t.timestamps              null: false
     end
 
     add_index :authentications, [:provider, :uid]

data/lib/generators/sorcery/templates/migration/magic_login.rb

@@ -0,0 +1,9 @@
+class SorceryMagicLogin < <%= migration_class_name %>
+  def change
+    add_column :<%= tableized_model_class %>, :magic_login_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :magic_login_token_expires_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :magic_login_email_sent_at, :datetime, default: nil
+
+    add_index :<%= tableized_model_class %>, :magic_login_token
+  end
+end

data/lib/generators/sorcery/templates/migration/remember_me.rb

@@ -1,8 +1,8 @@
-class SorceryRememberMe < ActiveRecord::Migration
+class SorceryRememberMe < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :remember_me_token, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :remember_me_token_expires_at, :datetime, :default => nil
+    add_column :<%= tableized_model_class %>, :remember_me_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :remember_me_token_expires_at, :datetime, default: nil
 
-    add_index :<%= model_class_name.tableize %>, :remember_me_token
+    add_index :<%= tableized_model_class %>, :remember_me_token
   end
-end
+end

data/lib/generators/sorcery/templates/migration/reset_password.rb

@@ -1,9 +1,10 @@
-class SorceryResetPassword < ActiveRecord::Migration
+class SorceryResetPassword < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :reset_password_token, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :reset_password_token_expires_at, :datetime, :default => nil
-    add_column :<%= model_class_name.tableize %>, :reset_password_email_sent_at, :datetime, :default => nil
+    add_column :<%= tableized_model_class %>, :reset_password_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :reset_password_token_expires_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :reset_password_email_sent_at, :datetime, default: nil
+    add_column :<%= tableized_model_class %>, :access_count_to_reset_password_page, :integer, default: 0
 
-    add_index :<%= model_class_name.tableize %>, :reset_password_token
+    add_index :<%= tableized_model_class %>, :reset_password_token
   end
-end
+end

data/lib/generators/sorcery/templates/migration/user_activation.rb

@@ -1,9 +1,9 @@
-class SorceryUserActivation < ActiveRecord::Migration
+class SorceryUserActivation < <%= migration_class_name %>
   def change
-    add_column :<%= model_class_name.tableize %>, :activation_state, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :activation_token, :string, :default => nil
-    add_column :<%= model_class_name.tableize %>, :activation_token_expires_at, :datetime, :default => nil
+    add_column :<%= tableized_model_class %>, :activation_state, :string, default: nil
+    add_column :<%= tableized_model_class %>, :activation_token, :string, default: nil
+    add_column :<%= tableized_model_class %>, :activation_token_expires_at, :datetime, default: nil
 
-    add_index :<%= model_class_name.tableize %>, :activation_token
+    add_index :<%= tableized_model_class %>, :activation_token
   end
-end
+end

data/lib/sorcery/adapters/active_record_adapter.rb

@@ -6,12 +6,13 @@ module Sorcery
           @model.send(:"#{name}=", value)
         end
         primary_key = @model.class.primary_key
-        @model.class.where(:"#{primary_key}" => @model.send(:"#{primary_key}")).update_all(attrs)
+        updated_count = @model.class.where(:"#{primary_key}" => @model.send(:"#{primary_key}")).update_all(attrs)
+        updated_count == 1
       end
 
       def save(options = {})
         mthd = options.delete(:raise_on_failure) ? :save! : :save
-        @model.send(mthd, options)
+        @model.send(mthd, **options)
       end
 
       def increment(field)
@@ -29,12 +30,12 @@ module Sorcery
       end
 
       class << self
-        def define_field(name, type, options={})
+        def define_field(name, type, options = {})
           # AR fields are defined through migrations, only validator here
         end
 
-        def define_callback(time, event, method_name, options={})
-          @klass.send "#{time}_#{event}", method_name, options.slice(:if)
+        def define_callback(time, event, method_name, options = {})
+          @klass.send "#{time}_#{event}", method_name, **options.slice(:if, :on)
         end
 
         def find_by_oauth_credentials(provider, uid)
@@ -61,11 +62,11 @@ module Sorcery
               condition = @klass.arel_table[attribute].eq(credentials[0])
             end
 
-            if relation.nil?
-              relation = condition
-            else
-              relation = relation.or(condition)
-            end
+            relation = if relation.nil?
+                         condition
+                       else
+                         relation.or(condition)
+                       end
           end
 
           @klass.where(relation).first
@@ -100,21 +101,10 @@ module Sorcery
           @klass.where(@klass.sorcery_config.email_attribute_name => email).first
         end
 
-        def get_current_users
-          config = @klass.sorcery_config
-
-          @klass
-            .where("#{config.last_activity_at_attribute_name} IS NOT NULL") \
-            .where("#{config.last_logout_at_attribute_name} IS NULL OR #{config.last_activity_at_attribute_name} > #{config.last_logout_at_attribute_name}") \
-            .where("#{config.last_activity_at_attribute_name} > ? ", config.activity_timeout.seconds.ago.utc.to_s(:db))
-        end
-
         def transaction(&blk)
           @klass.tap(&blk)
         end
       end
     end
-
-
   end
 end

data/lib/sorcery/adapters/mongoid_adapter.rb

@@ -10,7 +10,7 @@ module Sorcery
           attrs[name] = value.utc if value.is_a?(ActiveSupport::TimeWithZone)
           @model.send(:"#{name}=", value)
         end
-        @model.class.where(:_id => @model.id).update_all(attrs)
+        @model.class.where(_id: @model.id).update_all(attrs)
       end
 
       def update_attribute(name, value)
@@ -23,21 +23,29 @@ module Sorcery
       end
 
       def mongoid_4?
-        Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new("4.0.0.alpha")
+        Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new('4.0.0.alpha')
       end
 
       class << self
-
-        def define_field(name, type, options={})
+        def define_field(name, type, options = {})
           @klass.field name, options.slice(:default).merge(type: type)
         end
 
-        def define_callback(time, event, method_name, options={})
-          @klass.send "#{time}_#{event}", method_name, options.slice(:if)
+        def define_callback(time, event, method_name, options = {})
+          @klass.send callback_name(time, event, options), method_name, **options.slice(:if)
+        end
+
+        def callback_name(time, event, options)
+          if event == :commit
+            options[:on] == :create ? "#{time}_create" : "#{time}_save"
+          else
+            "#{time}_#{event}"
+          end
         end
 
         def credential_regex(credential)
-          return { :$regex =>  /^#{Regexp.escape(credential)}$/i  } if (@klass.sorcery_config.downcase_username_before_authenticating)
+          return { :$regex => /^#{Regexp.escape(credential)}$/i } if @klass.sorcery_config.downcase_username_before_authenticating
+
           credential
         end
 
@@ -73,7 +81,7 @@ module Sorcery
         end
 
         def find_by_username(username)
-          query = @klass.sorcery_config.username_attribute_names.map {|name| {name => username}}
+          query = @klass.sorcery_config.username_attribute_names.map { |name| { name => username } }
           @klass.any_of(*query).first
         end
 
@@ -87,9 +95,13 @@ module Sorcery
 
         def get_current_users
           config = @klass.sorcery_config
-          @klass.where(config.last_activity_at_attribute_name.ne => nil) \
-          .where("this.#{config.last_logout_at_attribute_name} == null || this.#{config.last_activity_at_attribute_name} > this.#{config.last_logout_at_attribute_name}") \
-          .where(config.last_activity_at_attribute_name.gt => config.activity_timeout.seconds.ago.utc).order_by([:_id,:asc])
+          @klass.where(
+            config.last_activity_at_attribute_name.ne => nil
+          ).where(
+            "this.#{config.last_logout_at_attribute_name} == null || this.#{config.last_activity_at_attribute_name} > this.#{config.last_logout_at_attribute_name}"
+          ).where(
+            config.last_activity_at_attribute_name.gt => config.activity_timeout.seconds.ago.utc
+          ).order_by(%i[_id asc])
         end
       end
     end

data/lib/sorcery/controller/config.rb

@@ -2,32 +2,35 @@ module Sorcery
   module Controller
     module Config
       class << self
-        attr_accessor :submodules,
-                      :user_class,                    # what class to use as the user class.
-                      :not_authenticated_action,      # what controller action to call for non-authenticated users.
+        attr_accessor :submodules
+        # what class to use as the user class.
+        attr_accessor :user_class
+        # what controller action to call for non-authenticated users.
+        attr_accessor :not_authenticated_action
+        # when a non logged in user tries to enter a page that requires login,
+        # save the URL he wanted to reach, and send him there after login.
+        attr_accessor :save_return_to_url
+        # set domain option for cookies
+        attr_accessor :cookie_domain
 
-                      :save_return_to_url,            # when a non logged in user tries to enter a page that requires
-                                                      # login, save the URL he wanted to reach,
-                                                      # and send him there after login.
-
-                      :cookie_domain,                 # set domain option for cookies
-
-                      :login_sources,
-                      :after_login,
-                      :after_failed_login,
-                      :before_logout,
-                      :after_logout
+        attr_accessor :login_sources
+        attr_accessor :after_login
+        attr_accessor :after_failed_login
+        attr_accessor :before_logout
+        attr_accessor :after_logout
+        attr_accessor :after_remember_me
 
         def init!
           @defaults = {
             :@user_class                           => nil,
             :@submodules                           => [],
             :@not_authenticated_action             => :not_authenticated,
-            :@login_sources                        => [],
-            :@after_login                          => [],
-            :@after_failed_login                   => [],
-            :@before_logout                        => [],
-            :@after_logout                         => [],
+            :@login_sources                        => Set.new,
+            :@after_login                          => Set.new,
+            :@after_failed_login                   => Set.new,
+            :@before_logout                        => Set.new,
+            :@after_logout                         => Set.new,
+            :@after_remember_me                    => Set.new,
             :@save_return_to_url                   => true,
             :@cookie_domain                        => nil
           }
@@ -35,14 +38,14 @@ module Sorcery
 
         # Resets all configuration options to their default values.
         def reset!
-          @defaults.each do |k,v|
-            instance_variable_set(k,v)
+          @defaults.each do |k, v|
+            instance_variable_set(k, v)
           end
         end
 
         def update!
-          @defaults.each do |k,v|
-            instance_variable_set(k,v) if !instance_variable_defined?(k)
+          @defaults.each do |k, v|
+            instance_variable_set(k, v) unless instance_variable_defined?(k)
           end
         end
 
@@ -58,6 +61,7 @@ module Sorcery
           @configure_blk.call(self) if @configure_blk
         end
       end
+
       init!
       reset!
     end

data/lib/sorcery/controller/submodules/activity_logging.rb

@@ -25,40 +25,36 @@ module Sorcery
                 @defaults.merge!(:@register_login_time         => true,
                                  :@register_logout_time        => true,
                                  :@register_last_activity_time => true,
-                                 :@register_last_ip_address    => true
-                                 )
+                                 :@register_last_ip_address    => true)
               end
             end
             merge_activity_logging_defaults!
           end
-          Config.after_login    << :register_login_time_to_db
-          Config.after_login    << :register_last_ip_address
-          Config.before_logout  << :register_logout_time_to_db
-          base.after_filter :register_last_activity_time_to_db
-        end
 
-        module InstanceMethods
-          # Returns an array of the active users.
-          def current_users
-            ActiveSupport::Deprecation.warn("Sorcery: `current_users` method is deprecated. Read more on Github: https://github.com/NoamB/sorcery/issues/602")
+          Config.after_login << :register_login_time_to_db
+          Config.after_login << :register_last_ip_address
+          Config.before_logout << :register_logout_time_to_db
 
-            user_class.current_users
-          end
+          base.after_action :register_last_activity_time_to_db
+        end
 
+        module InstanceMethods
           protected
 
           # registers last login time on every login.
           # This runs as a hook just after a successful login.
-          def register_login_time_to_db(user, credentials)
+          def register_login_time_to_db(user, _credentials)
             return unless Config.register_login_time
+
             user.set_last_login_at(Time.now.in_time_zone)
           end
 
           # registers last logout time on every logout.
           # This runs as a hook just before a logout.
-          def register_logout_time_to_db(user)
+          def register_logout_time_to_db
             return unless Config.register_logout_time
-            user.set_last_logout_at(Time.now.in_time_zone)
+
+            current_user.set_last_logout_at(Time.now.in_time_zone)
           end
 
           # Updates last activity time on every request.
@@ -66,14 +62,16 @@ module Sorcery
           def register_last_activity_time_to_db
             return unless Config.register_last_activity_time
             return unless logged_in?
+
             current_user.set_last_activity_at(Time.now.in_time_zone)
           end
 
           # Updates IP address on every login.
           # This runs as a hook just after a successful login.
-          def register_last_ip_address(user, credentials)
+          def register_last_ip_address(_user, _credentials)
             return unless Config.register_last_ip_address
-            current_user.set_last_ip_addess(request.remote_ip)
+
+            current_user.set_last_ip_address(request.remote_ip)
           end
         end
       end

data/lib/sorcery/controller/submodules/brute_force_protection.rb

@@ -16,7 +16,6 @@ module Sorcery
         end
 
         module InstanceMethods
-
           protected
 
           # Increments the failed logins counter on every failed login.
@@ -28,7 +27,7 @@ module Sorcery
 
           # Resets the failed logins counter.
           # Runs as a hook after a successful login.
-          def reset_failed_logins_count!(user, credentials)
+          def reset_failed_logins_count!(user, _credentials)
             user.sorcery_adapter.update_attribute(user_class.sorcery_config.failed_logins_count_attribute_name, 0)
           end
         end

data/lib/sorcery/controller/submodules/external.rb

@@ -19,6 +19,15 @@ module Sorcery
           require 'sorcery/providers/google'
           require 'sorcery/providers/jira'
           require 'sorcery/providers/salesforce'
+          require 'sorcery/providers/paypal'
+          require 'sorcery/providers/slack'
+          require 'sorcery/providers/wechat'
+          require 'sorcery/providers/microsoft'
+          require 'sorcery/providers/instagram'
+          require 'sorcery/providers/auth0'
+          require 'sorcery/providers/line'
+          require 'sorcery/providers/discord'
+          require 'sorcery/providers/battlenet'
 
           Config.module_eval do
             class << self
@@ -29,17 +38,17 @@ module Sorcery
                 @external_providers = providers
 
                 providers.each do |name|
-                  class_eval <<-E
+                  class_eval <<-RUBY, __FILE__, __LINE__ + 1
                     def self.#{name}
-                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.capitalize).new
+                      @#{name} ||= Sorcery::Providers.const_get('#{name}'.to_s.camelcase).new
                     end
-                  E
+                  RUBY
                 end
               end
 
               def merge_external_defaults!
                 @defaults.merge!(:@external_providers => [],
-                                 :@ca_file => File.join(File.expand_path(File.dirname(__FILE__)), '../../protocols/certs/ca-bundle.crt'))
+                                 :@ca_file => File.join(__dir__, '../../protocols/certs/ca-bundle.crt'))
               end
             end
             merge_external_defaults!
@@ -52,6 +61,7 @@ module Sorcery
           # save the singleton ProviderClient instance into @provider
           def sorcery_get_provider(provider_name)
             return unless Config.external_providers.include?(provider_name.to_sym)
+
             Config.send(provider_name.to_sym)
           end
 
@@ -60,12 +70,11 @@ module Sorcery
           def sorcery_login_url(provider_name, args = {})
             @provider = sorcery_get_provider provider_name
             sorcery_fixup_callback_url @provider
-            if @provider.respond_to?(:login_url) && @provider.has_callback?
-              @provider.state = args[:state]
-              return @provider.login_url(params, session)
-            else
-              return nil
-            end
+
+            return nil unless @provider.respond_to?(:login_url) && @provider.has_callback?
+
+            @provider.state = args[:state]
+            @provider.login_url(params, session)
           end
 
           # get the user hash from a provider using information from the params and session.
@@ -84,25 +93,26 @@ module Sorcery
             # cache them in instance variables.
             @access_token ||= @provider.process_callback(params, session) # sends request to oauth agent to get the token
             @user_hash ||= @provider.get_user_hash(@access_token) # uses the token to send another request to the oauth agent requesting user info
+            nil
           end
 
           # for backwards compatibility
-          def access_token(*args)
+          def access_token(*_args)
             @access_token
           end
 
-
           # this method should be somewhere else.  It only does something once per application per provider.
           def sorcery_fixup_callback_url(provider)
             provider.original_callback_url ||= provider.callback_url
-            if provider.original_callback_url.present? && provider.original_callback_url[0] == '/'
-              uri = URI.parse(request.url.gsub(/\?.*$/,''))
-              uri.path = ''
-              uri.query = nil
-              uri.scheme = 'https' if(request.env['HTTP_X_FORWARDED_PROTO'] == 'https')
-              host = uri.to_s
-              provider.callback_url = "#{host}#{@provider.original_callback_url}"
-            end
+
+            return unless provider.original_callback_url.present? && provider.original_callback_url[0] == '/'
+
+            uri = URI.parse(request.url.gsub(/\?.*$/, ''))
+            uri.path = ''
+            uri.query = nil
+            uri.scheme = 'https' if request.env['HTTP_X_FORWARDED_PROTO'] == 'https'
+            host = uri.to_s
+            provider.callback_url = "#{host}#{@provider.original_callback_url}"
           end
 
           # sends user to authenticate at the provider's website.
@@ -115,31 +125,31 @@ module Sorcery
           def login_from(provider_name, should_remember = false)
             sorcery_fetch_user_hash provider_name
 
-            if user = user_class.load_from_provider(provider_name, @user_hash[:uid].to_s)
-              # we found the user.
-              # clear the session
-              return_to_url = session[:return_to_url]
-              reset_sorcery_session
-              session[:return_to_url] = return_to_url
+            return unless (user = user_class.load_from_provider(provider_name, @user_hash[:uid].to_s))
 
-              # sign in the user
-              auto_login(user, should_remember)
-              after_login!(user)
+            # we found the user.
+            # clear the session
+            return_to_url = session[:return_to_url]
+            reset_sorcery_session
+            session[:return_to_url] = return_to_url
 
-              # return the user
-              user
-            end
+            # sign in the user
+            auto_login(user, should_remember)
+            after_login!(user)
+
+            # return the user
+            user
           end
 
           # If user is logged, he can add all available providers into his account
           def add_provider_to_user(provider_name)
             sorcery_fetch_user_hash provider_name
-            config = user_class.sorcery_config
+            # config = user_class.sorcery_config # TODO: Unused, remove?
 
             current_user.add_provider_to_user(provider_name.to_s, @user_hash[:uid].to_s)
           end
 
-          # Initialize new user from provider informations.
+          # Initialize new user from provider informations.
           # If a provider doesn't give required informations or username/email is already taken,
           # we store provider/user infos into a session and can be rendered into registration form
           def create_and_validate_from(provider_name)
@@ -150,12 +160,14 @@ module Sorcery
 
             user, saved = user_class.create_and_validate_from_provider(provider_name, @user_hash[:uid], attrs)
 
-            session[:incomplete_user] = {
-              :provider => {config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name},
-              :user_hash => attrs
-            } unless saved
+            unless saved
+              session[:incomplete_user] = {
+                provider: { config.provider_uid_attribute_name => @user_hash[:uid], config.provider_attribute_name => provider_name },
+                user_hash: attrs
+              }
+            end
 
-            return user
+            user
           end
 
           # this method automatically creates a new user from the data in the external user hash.
@@ -176,23 +188,36 @@ module Sorcery
           #
           def create_from(provider_name, &block)
             sorcery_fetch_user_hash provider_name
-            config = user_class.sorcery_config
+            # config = user_class.sorcery_config # TODO: Unused, remove?
 
             attrs = user_attrs(@provider.user_info_mapping, @user_hash)
             @user = user_class.create_from_provider(provider_name, @user_hash[:uid], attrs, &block)
           end
 
+          # follows the same patterns as create_from, but builds the user instead of creating
+          def build_from(provider_name, &block)
+            sorcery_fetch_user_hash provider_name
+            # config = user_class.sorcery_config # TODO: Unused, remove?
+
+            attrs = user_attrs(@provider.user_info_mapping, @user_hash)
+            @user = user_class.build_from_provider(attrs, &block)
+          end
+
           def user_attrs(user_info_mapping, user_hash)
             attrs = {}
-            user_info_mapping.each do |k,v|
-              if (varr = v.split("/")).size > 1
-                attribute_value = varr.inject(user_hash[:user_info]) {|hash, value| hash[value]} rescue nil
+            user_info_mapping.each do |k, v|
+              if (varr = v.split('/')).size > 1
+                attribute_value = begin
+                                    varr.inject(user_hash[:user_info]) { |hash, value| hash[value] }
+                                  rescue StandardError
+                                    nil
+                                  end
                 attribute_value.nil? ? attrs : attrs.merge!(k => attribute_value)
               else
                 attrs.merge!(k => user_hash[:user_info][v])
               end
             end
-            return attrs
+            attrs
           end
         end
       end