sorcery 0.9.1 → 0.16.3

data/lib/sorcery/model.rb

@@ -17,7 +17,7 @@ module Sorcery
       include_required_submodules!
 
       # This runs the options block set in the initializer on the model class.
-      ::Sorcery::Controller::Config.user_config.tap{|blk| blk.call(@sorcery_config) if blk}
+      ::Sorcery::Controller::Config.user_config.tap { |blk| blk.call(@sorcery_config) if blk }
 
       define_base_fields
       init_orm_hooks!
@@ -29,7 +29,7 @@ module Sorcery
     private
 
     def define_base_fields
-      self.class_eval do
+      class_eval do
         sorcery_config.username_attribute_names.each do |username|
           sorcery_adapter.define_field username, String, length: 255
         end
@@ -39,32 +39,34 @@ module Sorcery
         sorcery_adapter.define_field sorcery_config.crypted_password_attribute_name, String, length: 255
         sorcery_adapter.define_field sorcery_config.salt_attribute_name, String, length: 255
       end
-
     end
 
     # includes required submodules into the model class,
     # which usually is called User.
     def include_required_submodules!
-      self.class_eval do
+      class_eval do
         @sorcery_config.submodules = ::Sorcery::Controller::Config.submodules
         @sorcery_config.submodules.each do |mod|
+          # TODO: Is there a cleaner way to handle missing submodules?
+          # rubocop:disable Lint/HandleExceptions
           begin
-            include Submodules.const_get(mod.to_s.split('_').map {|p| p.capitalize}.join)
+            include Submodules.const_get(mod.to_s.split('_').map(&:capitalize).join)
           rescue NameError
             # don't stop on a missing submodule. Needed because some submodules are only defined
             # in the controller side.
           end
+          # rubocop:enable Lint/HandleExceptions
         end
       end
     end
 
     # add virtual password accessor and ORM callbacks.
     def init_orm_hooks!
-      sorcery_adapter.define_callback :before, :validation, :encrypt_password, if: Proc.new {|record|
+      sorcery_adapter.define_callback :before, :validation, :encrypt_password, if: proc { |record|
         record.send(sorcery_config.password_attribute_name).present?
       }
 
-      sorcery_adapter.define_callback :after, :save, :clear_virtual_password, if: Proc.new {|record|
+      sorcery_adapter.define_callback :after, :save, :clear_virtual_password, if: proc { |record|
         record.send(sorcery_config.password_attribute_name).present?
       }
 
@@ -81,10 +83,12 @@ module Sorcery
       # Takes a username and password,
       # Finds the user by the username and compares the user's password to the one supplied to the method.
       # returns the user if success, nil otherwise.
-      def authenticate(*credentials)
-        raise ArgumentError, "at least 2 arguments required" if credentials.size < 2
+      def authenticate(*credentials, &block)
+        raise ArgumentError, 'at least 2 arguments required' if credentials.size < 2
 
-        return false if credentials[0].blank?
+        if credentials[0].blank?
+          return authentication_response(return_value: false, failure: :invalid_login, &block)
+        end
 
         if @sorcery_config.downcase_username_before_authenticating
           credentials[0].downcase!
@@ -92,34 +96,59 @@ module Sorcery
 
         user = sorcery_adapter.find_by_credentials(credentials)
 
-        if user.respond_to?(:active_for_authentication?)
-          return nil if !user.active_for_authentication?
+        unless user
+          return authentication_response(failure: :invalid_login, &block)
         end
 
         set_encryption_attributes
 
-        user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && user.valid_password?(credentials[1])
+        if user.respond_to?(:active_for_authentication?) && !user.active_for_authentication?
+          return authentication_response(user: user, failure: :inactive, &block)
+        end
+
+        @sorcery_config.before_authenticate.each do |callback|
+          success, reason = user.send(callback)
+
+          unless success
+            return authentication_response(user: user, failure: reason, &block)
+          end
+        end
+
+        unless user.valid_password?(credentials[1])
+          return authentication_response(user: user, failure: :invalid_password, &block)
+        end
+
+        authentication_response(user: user, return_value: user, &block)
       end
 
       # encrypt tokens using current encryption_provider.
       def encrypt(*tokens)
         return tokens.first if @sorcery_config.encryption_provider.nil?
 
-        set_encryption_attributes()
+        set_encryption_attributes
 
         CryptoProviders::AES256.key = @sorcery_config.encryption_key
         @sorcery_config.encryption_provider.encrypt(*tokens)
       end
 
-      protected
-
-      def set_encryption_attributes()
+      # FIXME: This method of passing config to the hashing provider is
+      #        questionable, and has been refactored in Sorcery v1.
+      def set_encryption_attributes
         @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
         @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
+        @sorcery_config.encryption_provider.pepper = @sorcery_config.pepper if @sorcery_config.encryption_provider.respond_to?(:pepper) && @sorcery_config.pepper
       end
-      
+
+      protected
+
+      def authentication_response(options = {})
+        yield(options[:user], options[:failure]) if block_given?
+
+        options[:return_value]
+      end
+
       def add_config_inheritance
-        self.class_eval do
+        class_eval do
           def self.inherited(subclass)
             subclass.class_eval do
               class << self
@@ -131,7 +160,6 @@ module Sorcery
           end
         end
       end
-
     end
 
     module InstanceMethods
@@ -148,12 +176,15 @@ module Sorcery
 
       # Calls the configured encryption provider to compare the supplied password with the encrypted one.
       def valid_password?(pass)
-        _crypted = self.send(sorcery_config.crypted_password_attribute_name)  
-        return _crypted == pass if sorcery_config.encryption_provider.nil?
+        crypted = send(sorcery_config.crypted_password_attribute_name)
+        return crypted == pass if sorcery_config.encryption_provider.nil?
+
+        # Ensure encryption provider is using configured values
+        self.class.set_encryption_attributes
 
-        _salt = self.send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
+        salt = send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
 
-        sorcery_config.encryption_provider.matches?(_crypted, pass, _salt)
+        sorcery_config.encryption_provider.matches?(crypted, pass, salt)
       end
 
       protected
@@ -162,34 +193,28 @@ module Sorcery
       # encrypts password with salt and saves it.
       def encrypt_password
         config = sorcery_config
-        self.send(:"#{config.salt_attribute_name}=", new_salt = TemporaryToken.generate_random_token) if !config.salt_attribute_name.nil?
-        self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),new_salt))
+        send(:"#{config.salt_attribute_name}=", new_salt = TemporaryToken.generate_random_token) unless config.salt_attribute_name.nil?
+        send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(send(config.password_attribute_name), new_salt))
       end
 
       def clear_virtual_password
         config = sorcery_config
-        self.send(:"#{config.password_attribute_name}=", nil)
+        send(:"#{config.password_attribute_name}=", nil)
 
-        if respond_to?(:"#{config.password_attribute_name}_confirmation=")
-          self.send(:"#{config.password_attribute_name}_confirmation=", nil)
-        end
+        return unless respond_to?(:"#{config.password_attribute_name}_confirmation=")
+
+        send(:"#{config.password_attribute_name}_confirmation=", nil)
       end
 
       # calls the requested email method on the configured mailer
       # supports both the ActionMailer 3 way of calling, and the plain old Ruby object way.
       def generic_send_email(method, mailer)
         config = sorcery_config
-        mail = config.send(mailer).send(config.send(method),self)
-        if defined?(ActionMailer) and config.send(mailer).kind_of?(Class) and config.send(mailer) < ActionMailer::Base
-          # Rails 4.2 deprecates #deliver
-          if mail.respond_to?(:deliver_now)
-            mail.deliver_now
-          else
-            mail.deliver
-          end
-        end
+        mail = config.send(mailer).send(config.send(method), self)
+        return unless mail.respond_to?(config.email_delivery_method)
+
+        mail.send(config.email_delivery_method)
       end
     end
-
   end
 end

data/lib/sorcery/protocols/oauth.rb

@@ -3,13 +3,13 @@ require 'oauth'
 module Sorcery
   module Protocols
     module Oauth
-
       def oauth_version
         '1.0'
       end
 
-      def get_request_token(token=nil,secret=nil)
+      def get_request_token(token = nil, secret = nil)
         return ::OAuth::RequestToken.new(get_consumer, token, secret) if token && secret
+
         get_consumer.get_request_token(oauth_callback: @callback_url)
       end
 
@@ -17,18 +17,14 @@ module Sorcery
         get_request_token(
           args[:request_token],
           args[:request_token_secret]
-        ).authorize_url({
-          oauth_callback: @callback_url
-        })
+        ).authorize_url(oauth_callback: @callback_url)
       end
 
       def get_access_token(args)
         get_request_token(
           args[:request_token],
           args[:request_token_secret]
-        ).get_access_token({
-          oauth_verifier: args[:oauth_verifier]
-        })
+        ).get_access_token(oauth_verifier: args[:oauth_verifier])
       end
 
       protected
@@ -36,7 +32,6 @@ module Sorcery
       def get_consumer
         ::OAuth::Consumer.new(@key, @secret, site: @site)
       end
-
     end
   end
 end

data/lib/sorcery/protocols/oauth2.rb

@@ -3,7 +3,6 @@ require 'oauth2'
 module Sorcery
   module Protocols
     module Oauth2
-
       def oauth_version
         '2.0'
       end
@@ -41,7 +40,6 @@ module Sorcery
           defaults.merge!(options)
         )
       end
-
     end
   end
 end

data/lib/sorcery/providers/auth0.rb

@@ -0,0 +1,46 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with Auth0.com
+    #
+    #   config.auth0.key = <key>
+    #   config.auth0.secret = <secret>
+    #   config.auth0.domain = <domain>
+    #   ...
+    #
+    class Auth0 < Base
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :token_path, :user_info_path, :scope
+
+      def initialize
+        super
+
+        @auth_path      = '/authorize'
+        @token_path     = '/oauth/token'
+        @user_info_path = '/userinfo'
+        @scope          = 'openid profile email'
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = JSON.parse(response.body)
+          h[:uid] = h[:user_info]['sub']
+        end
+      end
+
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+
+        get_access_token(args, token_url: token_path, token_method: :post)
+      end
+    end
+  end
+end

data/lib/sorcery/providers/base.rb

@@ -1,19 +1,20 @@
 module Sorcery
   module Providers
     class Base
-
       attr_reader   :access_token
 
       attr_accessor :callback_url, :key, :original_callback_url, :secret,
                     :site, :state, :user_info_mapping
 
-      def has_callback?; true; end
+      def has_callback?
+        true
+      end
 
       def initialize
         @user_info_mapping = {}
       end
 
-      def auth_hash(access_token, hash={})
+      def auth_hash(access_token, hash = {})
         return hash if access_token.nil?
 
         token_hash = hash.dup
@@ -32,7 +33,6 @@ module Sorcery
       def self.descendants
         ObjectSpace.each_object(Class).select { |klass| klass < self }
       end
-
     end
   end
 end

data/lib/sorcery/providers/battlenet.rb

@@ -0,0 +1,51 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with BattleNet
+
+    class Battlenet < Base
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :scope, :token_url, :user_info_path
+
+      def initialize
+        super
+
+        @scope          = 'openid'
+        @site           = 'https://eu.battle.net/'
+        @auth_path      = '/oauth/authorize'
+        @token_url      = '/oauth/token'
+        @user_info_path = '/oauth/userinfo'
+        @state          = SecureRandom.hex(16)
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+        body = JSON.parse(response.body)
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = body
+          h[:battletag] = body['battletag']
+          h[:uid] = body['id']
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, _session)
+        args = { code: params[:code] }
+        get_access_token(
+          args,
+          token_url: token_url,
+          client_id: @key,
+          client_secret: @secret,
+          grant_type: 'authorization_code',
+          token_method: :post
+        )
+      end
+    end
+  end
+end

data/lib/sorcery/providers/discord.rb

@@ -0,0 +1,52 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with discordapp.com
+
+    class Discord < Base
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :scope, :token_url, :user_info_path
+
+      def initialize
+        super
+
+        @scope          = 'identify'
+        @site           = 'https://discordapp.com/'
+        @auth_path      = '/api/oauth2/authorize'
+        @token_url      = '/api/oauth2/token'
+        @user_info_path = '/api/users/@me'
+        @state          = SecureRandom.hex(16)
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+        body = JSON.parse(response.body)
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = body
+          h[:uid] = body['id']
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+        get_access_token(
+          args,
+          token_url: token_url,
+          client_id: @key,
+          client_secret: @secret,
+          grant_type: 'authorization_code',
+          token_method: :post
+        )
+      end
+    end
+  end
+end

data/lib/sorcery/providers/facebook.rb

@@ -7,12 +7,11 @@ module Sorcery
     #   ...
     #
     class Facebook < Base
-
       include Protocols::Oauth2
 
-      attr_reader   :mode, :param_name, :parse
+      attr_reader   :mode, :param_name
       attr_accessor :access_permissions, :display, :scope, :token_url,
-                    :user_info_path, :auth_path, :api_version
+                    :user_info_path, :auth_path, :api_version, :parse
 
       def initialize
         super
@@ -25,7 +24,7 @@ module Sorcery
         @token_url      = 'oauth/access_token'
         @auth_path      = 'dialog/oauth'
         @mode           = :query
-        @parse          = :query
+        @parse          = :json
         @param_name     = 'access_token'
       end
 
@@ -40,18 +39,17 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
+      def login_url(_params, _session)
         authorize_url
       end
 
       # overrides oauth2#authorize_url to allow customized scope.
       def authorize_url
-
         # Fix: replace default oauth2 options, specially to prevent the Faraday gem which
         # concatenates with "/", removing the Facebook api version
         options = {
-          site:          File::join(@site, api_version.to_s),
-          authorize_url: File::join(@auth_site, api_version.to_s, auth_path),
+          site:          File.join(@site, api_version.to_s),
+          authorize_url: File.join(@auth_site, api_version.to_s, auth_path),
           token_url:     token_url
         }
 
@@ -60,15 +58,14 @@ module Sorcery
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
+      def process_callback(params, _session)
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
 
         get_access_token(args, token_url: token_url, mode: mode,
-          param_name: param_name, parse: parse)
+                               param_name: param_name, parse: parse)
       end
-
     end
   end
 end

data/lib/sorcery/providers/github.rb

@@ -7,7 +7,6 @@ module Sorcery
     #   ...
     #
     class Github < Base
-
       include Protocols::Oauth2
 
       attr_accessor :auth_path, :scope, :token_url, :user_info_path
@@ -35,12 +34,12 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
-        authorize_url({ authorize_url: auth_path })
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
+      def process_callback(params, _session)
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
@@ -49,12 +48,11 @@ module Sorcery
       end
 
       def primary_email(access_token)
-        response = access_token.get(user_info_path + "/emails")
+        response = access_token.get(user_info_path + '/emails')
         emails = JSON.parse(response.body)
-        primary = emails.find{|i| i['primary'] }
+        primary = emails.find { |i| i['primary'] }
         primary && primary['email'] || emails.first && emails.first['email']
       end
-
     end
   end
 end

data/lib/sorcery/providers/google.rb

@@ -7,7 +7,6 @@ module Sorcery
     #   ...
     #
     class Google < Base
-
       include Protocols::Oauth2
 
       attr_accessor :auth_url, :scope, :token_url, :user_info_url
@@ -33,19 +32,18 @@ module Sorcery
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(params, session)
-        authorize_url({ authorize_url: auth_url })
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_url)
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
+      def process_callback(params, _session)
         args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
 
         get_access_token(args, token_url: token_url, token_method: :post)
       end
-
     end
   end
 end

data/lib/sorcery/providers/heroku.rb

@@ -1,6 +1,5 @@
 module Sorcery
   module Providers
-
     # This class adds support for OAuth with heroku.com.
 
     # config.heroku.key = <key>
@@ -13,7 +12,6 @@ module Sorcery
     # The full path must be set for OAuth Callback URL when configuring the API Client Information on Heroku.
 
     class Heroku < Base
-
       include Protocols::Oauth2
 
       attr_accessor :auth_path, :scope, :token_url, :user_info_path
@@ -40,18 +38,19 @@ module Sorcery
         end
       end
 
-      def login_url(params, session)
-        authorize_url({ authorize_url: auth_path })
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
-        raise "Invalid state. Potential Cross Site Forgery" if params[:state] != state
-        args = { }.tap do |a|
+      def process_callback(params, _session)
+        raise 'Invalid state. Potential Cross Site Forgery' if params[:state] != state
+
+        args = {}.tap do |a|
           a[:code] = params[:code] if params[:code]
         end
         get_access_token(args, token_url: token_url, token_method: :post)
       end
     end
   end
-end
+end