sorcery 0.10.3 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 834f45ceded7dd7507da33d0cafad5b379998102
-  data.tar.gz: 194d9e21b374a802866f293df90142725a632c66
+  metadata.gz: bc71bccb13f8e3fcbbf0b94f660a98bc34cc4826
+  data.tar.gz: 9c60fb5db29c7a41378e7c45234b0b0e9df47501
 SHA512:
-  metadata.gz: 87cc0189f538838548bb214779dadf2ee384f7d024e38db8a58ad4fbaf0ba6ea04872d745d307c47665bc2ad6016eb98cdd14eb9be64d41ce44310122e3082d0
-  data.tar.gz: bb35b65397c6ed3f8285d5d098edb475b8f7733eef644e95b0d9c56a7bad36090f6f4e92e59c5f7d332b837fde0e93948b642ce2e767d8ab77f30b6e687d2bda
+  metadata.gz: c557af8ef3828be476750ba465ea4d3c7a34f5ccbf975c5c731d0841891de4f77d56fa867dfd55be9424a2eea0eed768cdfe1a104e6ed70ae643207bb2573eb1
+  data.tar.gz: 582ea847785099a70c4866feee1b1f891a411e4f572ff89497ac353914cffe78669102d8a7a6b76c208976894ca932f83e61e590645306e7b5a9c3ebc6868bc2

data/CHANGELOG.md

@@ -1,4 +1,11 @@
 # Changelog
+## HEAD
+
+## 0.11.0
+
+* Refer to User before calling remove_const to avoid NameError [#58](https://github.com/Sorcery/sorcery/pull/58)
+* Resurrect block authentication, showing auth failure reason. [#41](https://github.com/Sorcery/sorcery/pull/41)
+* Add github scope option to initializer.rb [#50](https://github.com/Sorcery/sorcery/pull/50)
 
 ## 0.10.3
 

data/lib/generators/sorcery/templates/initializer.rb

@@ -109,12 +109,14 @@ Rails.application.config.sorcery.configure do |config|
   # config.facebook.user_info_mapping = {:email => "name"}
   # config.facebook.access_permissions = ["email", "publish_actions"]
   # config.facebook.display = "page"
-  # config.facebook.api_version = "v2.2"
+  # config.facebook.api_version = "v2.3"
+  # config.facebook.parse = :json
   #
   # config.github.key = ""
   # config.github.secret = ""
   # config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
   # config.github.user_info_mapping = {:email => "name"}
+  # config.github.scope = ""
   #
   # config.paypal.key = ""
   # config.paypal.secret = ""

data/lib/sorcery/controller.rb

@@ -30,8 +30,16 @@ module Sorcery
       # Runs hooks after login or failed login.
       def login(*credentials)
         @current_user = nil
-        user = user_class.authenticate(*credentials)
-        if user
+
+        user_class.authenticate(*credentials) do |user, failure_reason|
+          if failure_reason
+            after_failed_login!(credentials)
+
+            yield(user, failure_reason) if block_given?
+
+            return
+          end
+
           old_session = session.dup.to_hash
           reset_sorcery_session
           old_session.each_pair do |k, v|
@@ -41,10 +49,8 @@ module Sorcery
 
           auto_login(user)
           after_login!(user, credentials)
-          current_user
-        else
-          after_failed_login!(credentials)
-          nil
+
+          block_given? ? yield(current_user, nil) : current_user
         end
       end
 

data/lib/sorcery/model.rb

@@ -80,10 +80,12 @@ module Sorcery
       # Takes a username and password,
       # Finds the user by the username and compares the user's password to the one supplied to the method.
       # returns the user if success, nil otherwise.
-      def authenticate(*credentials)
+      def authenticate(*credentials, &block)
         raise ArgumentError, 'at least 2 arguments required' if credentials.size < 2
 
-        return false if credentials[0].blank?
+        if credentials[0].blank?
+          return authentication_response(return_value: false, failure: :invalid_login, &block)
+        end
 
         if @sorcery_config.downcase_username_before_authenticating
           credentials[0].downcase!
@@ -91,13 +93,29 @@ module Sorcery
 
         user = sorcery_adapter.find_by_credentials(credentials)
 
-        if user.respond_to?(:active_for_authentication?)
-          return nil unless user.active_for_authentication?
+        unless user
+          return authentication_response(failure: :invalid_login, &block)
         end
 
         set_encryption_attributes
 
-        user if user && @sorcery_config.before_authenticate.all? { |c| user.send(c) } && user.valid_password?(credentials[1])
+        unless user.valid_password?(credentials[1])
+          return authentication_response(user: user, failure: :invalid_password, &block)
+        end
+
+        if user.respond_to?(:active_for_authentication?) && !user.active_for_authentication?
+          return authentication_response(user: user, failure: :inactive, &block)
+        end
+
+        @sorcery_config.before_authenticate.each do |callback|
+          success, reason = user.send(callback)
+
+          unless success
+            return authentication_response(user: user, failure: reason, &block)
+          end
+        end
+
+        authentication_response(user: user, return_value: user, &block)
       end
 
       # encrypt tokens using current encryption_provider.
@@ -112,6 +130,12 @@ module Sorcery
 
       protected
 
+      def authentication_response(options = {})
+        yield(options[:user], options[:failure]) if block_given?
+
+        options[:return_value]
+      end
+
       def set_encryption_attributes
         @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
         @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token

data/lib/sorcery/model/submodules/brute_force_protection.rb

@@ -41,10 +41,15 @@ module Sorcery
         end
 
         module ClassMethods
-          def load_from_unlock_token(token)
-            return nil if token.blank?
-            user = sorcery_adapter.find_by_token(sorcery_config.unlock_token_attribute_name, token)
-            user
+          # This doesn't check to see if the account is still locked
+          def load_from_unlock_token(token, &block)
+            return if token.blank?
+
+            load_from_token(
+              token,
+              sorcery_config.unlock_token_attribute_name,
+              &block
+            )
           end
 
           protected
@@ -116,7 +121,10 @@ module Sorcery
             if !login_unlocked? && config.login_lock_time_period != 0
               login_unlock! if send(config.lock_expires_at_attribute_name) <= Time.now.in_time_zone
             end
-            login_unlocked?
+
+            return false, :locked unless login_unlocked?
+
+            true
           end
         end
       end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -55,10 +55,13 @@ module Sorcery
         module ClassMethods
           # Find user by token, also checks for expiration.
           # Returns the user if token found and is valid.
-          def load_from_reset_password_token(token)
-            token_attr_name = @sorcery_config.reset_password_token_attribute_name
-            token_expiration_date_attr = @sorcery_config.reset_password_token_expires_at_attribute_name
-            load_from_token(token, token_attr_name, token_expiration_date_attr)
+          def load_from_reset_password_token(token, &block)
+            load_from_token(
+              token,
+              @sorcery_config.reset_password_token_attribute_name,
+              @sorcery_config.reset_password_token_expires_at_attribute_name,
+              &block
+            )
           end
 
           protected

data/lib/sorcery/model/submodules/user_activation.rb

@@ -59,10 +59,13 @@ module Sorcery
         module ClassMethods
           # Find user by token, also checks for expiration.
           # Returns the user if token found and is valid.
-          def load_from_activation_token(token)
-            token_attr_name = @sorcery_config.activation_token_attribute_name
-            token_expiration_date_attr = @sorcery_config.activation_token_expires_at_attribute_name
-            load_from_token(token, token_attr_name, token_expiration_date_attr)
+          def load_from_activation_token(token, &block)
+            load_from_token(
+              token,
+              @sorcery_config.activation_token_attribute_name,
+              @sorcery_config.activation_token_expires_at_attribute_name,
+              &block
+            )
           end
 
           protected
@@ -128,7 +131,14 @@ module Sorcery
 
           def prevent_non_active_login
             config = sorcery_config
-            config.prevent_non_active_users_to_login ? send(config.activation_state_attribute_name) == 'active' : true
+
+            if config.prevent_non_active_users_to_login
+              unless send(config.activation_state_attribute_name) == 'active'
+                return false, :inactive
+              end
+            end
+
+            true
           end
         end
       end

data/lib/sorcery/model/temporary_token.rb

@@ -16,13 +16,34 @@ module Sorcery
       end
 
       module ClassMethods
-        def load_from_token(token, token_attr_name, token_expiration_date_attr)
-          return nil if token.blank?
+        def load_from_token(token, token_attr_name, token_expiration_date_attr = nil, &block)
+          return token_response(failure: :invalid_token, &block) if token.blank?
+
           user = sorcery_adapter.find_by_token(token_attr_name, token)
-          if !user.blank? && !user.send(token_expiration_date_attr).nil?
-            return Time.now.in_time_zone < user.send(token_expiration_date_attr) ? user : nil
+
+          return token_response(failure: :user_not_found, &block) unless user
+
+          unless check_expiration_date(user, token_expiration_date_attr)
+            return token_response(user: user, failure: :token_expired, &block)
           end
-          user
+
+          token_response(user: user, return_value: user, &block)
+        end
+
+        protected
+
+        def check_expiration_date(user, token_expiration_date_attr)
+          return true unless token_expiration_date_attr
+
+          expires_at = user.send(token_expiration_date_attr)
+
+          !expires_at || (Time.now.in_time_zone < expires_at)
+        end
+
+        def token_response(options = {})
+          yield(options[:user], options[:failure]) if block_given?
+
+          options[:return_value]
         end
       end
     end

data/lib/sorcery/providers/facebook.rb

@@ -9,9 +9,9 @@ module Sorcery
     class Facebook < Base
       include Protocols::Oauth2
 
-      attr_reader   :mode, :param_name, :parse
+      attr_reader   :mode, :param_name
       attr_accessor :access_permissions, :display, :scope, :token_url,
-                    :user_info_path, :auth_path, :api_version
+                    :user_info_path, :auth_path, :api_version, :parse
 
       def initialize
         super
@@ -24,7 +24,7 @@ module Sorcery
         @token_url      = 'oauth/access_token'
         @auth_path      = 'dialog/oauth'
         @mode           = :query
-        @parse          = :query
+        @parse          = :json
         @param_name     = 'access_token'
       end
 

data/lib/sorcery/test_helpers/internal.rb

@@ -67,7 +67,7 @@ module Sorcery
       # reload user class between specs
       # so it will be possible to test the different submodules in isolation
       def reload_user_class
-        Object.send(:remove_const, 'User')
+        User && Object.send(:remove_const, 'User')
         load 'user.rb'
         if User.respond_to?(:reset_column_information)
           User.reset_column_information

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = '0.10.3'
+  VERSION = '0.11.0'
 end

data/spec/controllers/controller_brute_force_protection_spec.rb

@@ -20,7 +20,7 @@ describe SorceryController, type: :controller do
     end
 
     it 'counts login retries' do
-      allow(User).to receive(:authenticate)
+      allow(User).to receive(:authenticate) { |&block| block.call(nil, :other) }
       allow(User.sorcery_adapter).to receive(:find_by_credentials).with(['bla@bla.com', 'blabla']).and_return(user)
 
       expect(user).to receive(:register_failed_login!).exactly(3).times
@@ -32,7 +32,7 @@ describe SorceryController, type: :controller do
       # dirty hack for rails 4
       allow(@controller).to receive(:register_last_activity_time_to_db)
 
-      allow(User).to receive(:authenticate).and_return(user)
+      allow(User).to receive(:authenticate) { |&block| block.call(user, nil) }
       expect(user).to receive_message_chain(:sorcery_adapter, :update_attribute).with(:failed_logins_count, 0)
 
       get :test_login, params: { email: 'bla@bla.com', password: 'secret' }

data/spec/controllers/controller_remember_me_spec.rb

@@ -22,7 +22,7 @@ describe SorceryController, type: :controller do
     end
 
     it 'sets cookie on remember_me!' do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
       expect(user).to receive(:remember_me!)
 
       post :test_login_with_remember, params: { email: 'bla@bla.com', password: 'secret' }
@@ -45,7 +45,7 @@ describe SorceryController, type: :controller do
     end
 
     it 'login(email,password,remember_me) logs user in and remembers' do
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret', '1').and_return(user)
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret', '1') { |&block| block.call(user, nil) }
       expect(user).to receive(:remember_me!)
       expect(user).to receive(:remember_me_token).and_return('abracadabra').twice
 

data/spec/controllers/controller_session_timeout_spec.rb

@@ -39,7 +39,7 @@ describe SorceryController, type: :controller do
     it 'works if the session is stored as a string or a Time' do
       session[:login_time] = Time.now.to_s
       # TODO: ???
-      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+      expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
 
       get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
 
@@ -50,7 +50,7 @@ describe SorceryController, type: :controller do
     context "with 'session_timeout_from_last_action'" do
       it 'does not logout if there was activity' do
         sorcery_controller_property_set(:session_timeout_from_last_action, true)
-        expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+        expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
 
         get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
         Timecop.travel(Time.now.in_time_zone + 0.3)

data/spec/controllers/controller_spec.rb

@@ -52,7 +52,7 @@ describe SorceryController, type: :controller do
     describe '#login' do
       context 'when succeeds' do
         before do
-          expect(User).to receive(:authenticate).with('bla@bla.com', 'secret').and_return(user)
+          expect(User).to receive(:authenticate).with('bla@bla.com', 'secret') { |&block| block.call(user, nil) }
           get :test_login, params: { email: 'bla@bla.com', password: 'secret' }
         end
 

data/spec/shared_examples/user_activation_shared_examples.rb

@@ -235,6 +235,27 @@ shared_examples_for 'rails_3_activation_model' do
 
       expect(User.authenticate(user.email, 'secret')).to be_truthy
     end
+
+    context 'in block mode' do
+      it 'does not allow a non-active user to authenticate' do
+        sorcery_model_property_set(:prevent_non_active_users_to_login, true)
+
+        User.authenticate(user.email, 'secret') do |user2, failure|
+          expect(user2).to eq user
+          expect(user2.activation_state).to eq 'pending'
+          expect(failure).to eq :inactive
+        end
+      end
+
+      it 'allows a non-active user to authenticate if configured so' do
+        sorcery_model_property_set(:prevent_non_active_users_to_login, false)
+
+        User.authenticate(user.email, 'secret') do |user2, failure|
+          expect(user2).to eq user
+          expect(failure).to be_nil
+        end
+      end
+    end
   end
 
   describe 'load_from_activation_token' do
@@ -279,5 +300,62 @@ shared_examples_for 'rails_3_activation_model' do
 
       expect(User.load_from_activation_token(user.activation_token)).to eq user
     end
+
+    describe '#load_from_activation_token' do
+      context 'in block mode' do
+        it 'yields user when token is found' do
+          User.load_from_activation_token(user.activation_token) do |user2, failure|
+            expect(user2).to eq user
+            expect(failure).to be_nil
+          end
+        end
+
+        it 'does NOT yield user when token is NOT found' do
+          User.load_from_activation_token('a') do |user2, failure|
+            expect(user2).to be_nil
+            expect(failure).to eq :user_not_found
+          end
+        end
+
+        it 'yields user when token is found and not expired' do
+          sorcery_model_property_set(:activation_token_expiration_period, 500)
+
+          User.load_from_activation_token(user.activation_token) do |user2, failure|
+            expect(user2).to eq user
+            expect(failure).to be_nil
+          end
+        end
+
+        it 'yields the user and failure reason when token is found and expired' do
+          sorcery_model_property_set(:activation_token_expiration_period, 0.1)
+          user
+
+          Timecop.travel(Time.now.in_time_zone + 0.5)
+
+          User.load_from_activation_token(user.activation_token) do |user2, failure|
+            expect(user2).to eq user
+            expect(failure).to eq :token_expired
+          end
+        end
+
+        it 'yields a failure reason if token is blank' do
+          [nil, ''].each do |token|
+            User.load_from_activation_token(token) do |user2, failure|
+              expect(user2).to be_nil
+              expect(failure).to eq :invalid_token
+            end
+          end
+        end
+
+        it 'is always valid if expiration period is nil' do
+          sorcery_model_property_set(:activation_token_expiration_period, nil)
+
+          User.load_from_activation_token(user.activation_token) do |user2, failure|
+            expect(user2).to eq user
+            expect(failure).to be_nil
+          end
+        end
+      end
+    end
   end
 end

data/spec/shared_examples/user_reset_password_shared_examples.rb

@@ -128,6 +128,71 @@ shared_examples_for 'rails_3_reset_password_model' do
       expect(User.load_from_reset_password_token('')).to be_nil
     end
 
+    describe '#load_from_reset_password_token' do
+      context 'in block mode' do
+        it 'yields user when token is found' do
+          user.generate_reset_password_token!
+          updated_user = User.sorcery_adapter.find(user.id)
+
+          User.load_from_reset_password_token(user.reset_password_token) do |user2, failure|
+            expect(user2).to eq updated_user
+            expect(failure).to be_nil
+          end
+        end
+
+        it 'does NOT yield user when token is NOT found' do
+          user.generate_reset_password_token!
+
+          User.load_from_reset_password_token('a') do |user2, failure|
+            expect(user2).to be_nil
+            expect(failure).to eq :user_not_found
+          end
+        end
+
+        it 'yields user when token is found and not expired' do
+          sorcery_model_property_set(:reset_password_expiration_period, 500)
+          user.generate_reset_password_token!
+          updated_user = User.sorcery_adapter.find(user.id)
+
+          User.load_from_reset_password_token(user.reset_password_token) do |user2, failure|
+            expect(user2).to eq updated_user
+            expect(failure).to be_nil
+          end
+        end
+
+        it 'yields user and failure reason when token is found and expired' do
+          sorcery_model_property_set(:reset_password_expiration_period, 0.1)
+          user.generate_reset_password_token!
+          Timecop.travel(Time.now.in_time_zone + 0.5)
+
+          User.load_from_reset_password_token(user.reset_password_token) do |user2, failure|
+            expect(user2).to eq user
+            expect(failure).to eq :token_expired
+          end
+        end
+
+        it 'is always valid if expiration period is nil' do
+          sorcery_model_property_set(:reset_password_expiration_period, nil)
+          user.generate_reset_password_token!
+          updated_user = User.sorcery_adapter.find(user.id)
+
+          User.load_from_reset_password_token(user.reset_password_token) do |user2, failure|
+            expect(user2).to eq updated_user
+            expect(failure).to be_nil
+          end
+        end
+
+        it 'returns nil if token is blank' do
+          [nil, ''].each do |token|
+            User.load_from_reset_password_token(token) do |user2, failure|
+              expect(user2).to be_nil
+              expect(failure).to eq :invalid_token
+            end
+          end
+        end
+      end
+    end
+
     it "'deliver_reset_password_instructions!' generates a reset_password_token" do
       expect(user.reset_password_token).to be_nil
 

data/spec/shared_examples/user_shared_examples.rb

@@ -146,6 +146,31 @@ shared_examples_for 'rails_3_core_model' do
           expect(User.authenticate(user.email, 'secret')).to be_nil
         end
       end
+
+      context 'in block mode' do
+        it 'yields the user if credentials are good' do
+          User.authenticate(user.email, 'secret') do |user2, failure|
+            expect(user2).to eq user
+            expect(failure).to be_nil
+          end
+        end
+
+        it 'yields the user and proper error if credentials are bad' do
+          User.authenticate(user.email, 'wrong!') do |user2, failure|
+            expect(user2).to eq user
+            expect(failure).to eq :invalid_password
+          end
+        end
+
+        it 'yields the proper error if no user exists' do
+          [nil, '', 'not@a.user'].each do |email|
+            User.authenticate(email, 'wrong!') do |user2, failure|
+              expect(user2).to be_nil
+              expect(failure).to eq :invalid_login
+            end
+          end
+        end
+      end
     end
 
     specify { expect(User).to respond_to(:encrypt) }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sorcery
 version: !ruby/object:Gem::Version
-  version: 0.10.3
+  version: 0.11.0
 platform: ruby
 authors:
 - Noam Ben Ari
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-24 00:00:00.000000000 Z
+date: 2017-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oauth
@@ -327,3 +327,4 @@ signing_key:
 specification_version: 4
 summary: Magical authentication for Rails applications
 test_files: []
+has_rdoc: