RubyGems - sorcery - Versions diffs - 0.8.1 → 0.8.2 - Mend

sorcery 0.8.1 → 0.8.2

Potentially problematic release.

This version of sorcery might be problematic. Click here for more details.

Files changed (43) hide show

data/Gemfile +4 -4
data/Gemfile.lock +5 -22
data/README.rdoc +2 -2
data/Rakefile +1 -0
data/VERSION +1 -1
data/lib/generators/sorcery/templates/initializer.rb +24 -13
data/lib/generators/sorcery/templates/migration/activity_logging.rb +2 -0
data/lib/sorcery/controller/submodules/activity_logging.rb +12 -1
data/lib/sorcery/controller/submodules/external/protocols/oauth1.rb +14 -3
data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb +5 -1
data/lib/sorcery/controller/submodules/external/providers/base.rb +21 -0
data/lib/sorcery/controller/submodules/external/providers/facebook.rb +13 -12
data/lib/sorcery/controller/submodules/external/providers/github.rb +4 -3
data/lib/sorcery/controller/submodules/external/providers/google.rb +4 -3
data/lib/sorcery/controller/submodules/external/providers/linkedin.rb +13 -12
data/lib/sorcery/controller/submodules/external/providers/liveid.rb +5 -4
data/lib/sorcery/controller/submodules/external/providers/twitter.rb +15 -14
data/lib/sorcery/controller/submodules/external/providers/vk.rb +6 -5
data/lib/sorcery/controller/submodules/external/providers/xing.rb +97 -0
data/lib/sorcery/controller/submodules/external.rb +72 -39
data/lib/sorcery/controller.rb +5 -2
data/lib/sorcery/model/submodules/activity_logging.rb +3 -0
data/lib/sorcery/model/submodules/brute_force_protection.rb +14 -12
data/lib/sorcery/model.rb +1 -1
data/lib/sorcery/railties/tasks.rake +1 -7
data/lib/sorcery.rb +3 -1
data/sorcery.gemspec +11 -12
data/spec/Gemfile +1 -1
data/spec/Gemfile.lock +1 -1
data/spec/rails3/Gemfile.lock +3 -3
data/spec/rails3/app/models/user.rb +1 -1
data/spec/rails3/app/views/sorcery_mailer/send_unlock_token_email.text.erb +1 -1
data/spec/rails3/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb +2 -0
data/spec/rails3/spec/controller_activity_logging_spec.rb +15 -0
data/spec/rails3/spec/controller_brute_force_protection_spec.rb +14 -6
data/spec/rails3/spec/controller_spec.rb +32 -27
data/spec/rails3_mongo_mapper/Gemfile.lock +3 -3
data/spec/rails3_mongo_mapper/spec/controller_spec.rb +32 -27
data/spec/rails3_mongoid/Gemfile.lock +3 -3
data/spec/rails3_mongoid/spec/controller_activity_logging_spec.rb +6 -0
data/spec/rails3_mongoid/spec/controller_spec.rb +33 -28
data/spec/shared_examples/user_activity_logging_shared_examples.rb +5 -0
metadata +138 -59

data/Gemfile CHANGED Viewed

@@ -1,4 +1,4 @@
-source :rubygems
+source 'https://rubygems.org'
 # Add dependencies required to use your gem here.
 # Example:
 #   gem "activesupport", ">= 2.3.5"
@@ -11,11 +11,11 @@ gem 'bcrypt-ruby', "~> 3.0.0"
 group :development do
   gem 'abstract', '>= 1.0.0'
   gem "rails", ">= 3.0.0"
-  gem 'json', ">= 1.5.1"
+  gem 'json', ">= 1.7.7"
   gem "rspec", "~> 2.5.0"
   gem 'rspec-rails', "~> 2.5.0"
-  gem 'ruby-debug19'
-  gem 'sqlite3-ruby', :require => 'sqlite3'
+  #gem 'ruby-debug19'
+  gem 'sqlite3'
   gem "yard", "~> 0.6.0"
   gem "bundler", ">= 1.1.0"
   gem "jeweler", "~> 1.8.3"

data/Gemfile.lock CHANGED Viewed

@@ -1,5 +1,5 @@
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
     abstract (1.0.0)
     actionmailer (3.2.2)
@@ -29,7 +29,6 @@ GEM
     activesupport (3.2.2)
       i18n (~> 0.6)
       multi_json (~> 1.0)
-    archive-tar-minitar (0.5.2)
     arel (3.0.2)
     bcrypt-ruby (3.0.1)
     bson (1.6.1)
@@ -43,7 +42,6 @@ GEM
       xpath (~> 0.1.4)
     childprocess (0.3.1)
       ffi (~> 1.0.6)
-    columnize (0.3.6)
     diff-lcs (1.1.3)
     erubis (2.7.0)
     faraday (0.8.4)
@@ -59,11 +57,9 @@ GEM
       rake
       rdoc
     journey (1.0.3)
-    json (1.6.6)
+    json (1.7.7)
     jwt (0.1.5)
       multi_json (>= 1.0)
-    linecache19 (0.5.12)
-      ruby_core_source (>= 0.1.4)
     mail (2.4.4)
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
@@ -130,16 +126,6 @@ GEM
       activesupport (~> 3.0)
       railties (~> 3.0)
       rspec (~> 2.5.0)
-    ruby-debug-base19 (0.11.25)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby_core_source (>= 0.1.4)
-    ruby-debug19 (0.11.6)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby-debug-base19 (>= 0.11.19)
-    ruby_core_source (0.1.5)
-      archive-tar-minitar (>= 0.5.2)
     rubyzip (0.9.6.1)
     selenium-webdriver (2.20.0)
       childprocess (>= 0.2.5)
@@ -154,9 +140,7 @@ GEM
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.5)
-    sqlite3-ruby (1.3.3)
-      sqlite3 (>= 1.3.3)
+    sqlite3 (1.3.7)
     thor (0.14.6)
     tilt (1.3.3)
     timecop (0.3.5)
@@ -177,7 +161,7 @@ DEPENDENCIES
   bundler (>= 1.1.0)
   capybara
   jeweler (~> 1.8.3)
-  json (>= 1.5.1)
+  json (>= 1.7.7)
   mongo_mapper
   mongoid (~> 2.4.4)
   oauth (~> 0.4.4)
@@ -185,8 +169,7 @@ DEPENDENCIES
   rails (>= 3.0.0)
   rspec (~> 2.5.0)
   rspec-rails (~> 2.5.0)
-  ruby-debug19
   simplecov (>= 0.3.8)
-  sqlite3-ruby
+  sqlite3
   timecop
   yard (~> 0.6.0)

data/README.rdoc CHANGED Viewed

@@ -29,7 +29,7 @@ Railscast: http://railscasts.com/episodes/283-authentication-with-sorcery
 Example Rails 3 app using sorcery: https://github.com/NoamB/sorcery-example-app
-Documentation: http://rubydoc.info/gems/sorcery/0.8.1/frames
+Documentation: http://rubydoc.info/gems/sorcery/0.8.2/frames
 Check out the tutorials in the github wiki!
@@ -182,7 +182,7 @@ Basic HTTP Authentication (see lib/sorcery/controller/submodules/http_basic_auth
 * automatic login is disabled if session key changed.
 Activity Logging (see lib/sorcery/model/submodules/activity_logging.rb):
-* automatic logging of last login, last logout and last activity time.
+* automatic logging of last login, last logout, last activity time and IP address for last login.
 * an easy method of collecting the list of currently logged in users.
 * configurable timeout by which to decide whether to include a user in the list of logged in users.

data/Rakefile CHANGED Viewed

@@ -51,6 +51,7 @@ task :all_sorcery_specs do
   Dir['spec/**/Rakefile'].each do |rakefile|
     directory_name = File.dirname(rakefile)
     system(env, "cd #{directory_name} && bundle && bundle exec rake")
+    abort unless $?.success?
   end
 end

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.8.1
1	+ 0.8.2

data/lib/generators/sorcery/templates/initializer.rb CHANGED Viewed

@@ -26,17 +26,6 @@ Rails.application.config.sorcery.configure do |config|
   #
   # config.cookie_domain =
-  # -- remember_me --
-  # allow the remember_me cookie to settable through AJAX
-  # Default: `true`
-  #
-  # user.remember_me_httponly =
-  # How long in seconds the session length will be
-  # Default: `604800`
-  #
-  # user.remember_me_for =
   # -- session timeout --
   # How long in seconds to keep the session alive.
@@ -78,7 +67,7 @@ Rails.application.config.sorcery.configure do |config|
   # -- external --
-  # What providers are supported by this app, i.e. [:twitter, :facebook, :github, :google, :liveid] .
+  # What providers are supported by this app, i.e. [:twitter, :facebook, :github, :linkedin, :xing, :google, :liveid] .
   # Default: `[]`
   #
   # config.external_providers =
@@ -100,7 +89,17 @@ Rails.application.config.sorcery.configure do |config|
   # config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
   # config.linkedin.user_info_fields = ['first-name', 'last-name']
   # config.linkedin.user_info_mapping = {first_name: "firstName", last_name: "lastName"}
-  # config.linkedin.access_permissions = ['r_basicprofile']
+  # config.linkedin.access_permissions = ['r_basicprofile']
+  #
+  #
+  # For information about XING API:
+  # - user info fields go to https://dev.xing.com/docs/get/users/me
+  #
+  # config.xing.key = ""
+  # config.xing.secret = ""
+  # config.xing.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=xing"
+  # config.xing.user_info_mapping = {first_name: "first_name", last_name: "last_name"}
+  #
   #
   # Twitter wil not accept any requests nor redirect uri containing localhost,
   # make sure you use 0.0.0.0:3000 to access your app in development
@@ -217,6 +216,18 @@ Rails.application.config.sorcery.configure do |config|
     # user.subclasses_inherit_config =
+    # -- remember_me --
+    # allow the remember_me cookie to settable through AJAX
+    # Default: `true`
+    #
+    # user.remember_me_httponly =
+    # How long in seconds the session length will be
+    # Default: `604800`
+    #
+    # user.remember_me_for =
     # -- user_activation --
     # the attribute name to hold activation state (active/pending).
     # Default: `:activation_state`

data/lib/generators/sorcery/templates/migration/activity_logging.rb CHANGED Viewed

@@ -3,6 +3,7 @@ class SorceryActivityLogging < ActiveRecord::Migration
     add_column :<%= model_class_name.tableize %>, :last_login_at,     :datetime, :default => nil
     add_column :<%= model_class_name.tableize %>, :last_logout_at,    :datetime, :default => nil
     add_column :<%= model_class_name.tableize %>, :last_activity_at,  :datetime, :default => nil
+    add_column :<%= model_class_name.tableize %>, :last_login_from_ip_address, :string, :default => nil
     add_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
   end
@@ -10,6 +11,7 @@ class SorceryActivityLogging < ActiveRecord::Migration
   def self.down
     remove_index :<%= model_class_name.tableize %>, [:last_logout_at, :last_activity_at]
+    remove_column :<%= model_class_name.tableize %>, :last_login_from_ip_address
     remove_column :<%= model_class_name.tableize %>, :last_activity_at
     remove_column :<%= model_class_name.tableize %>, :last_logout_at
     remove_column :<%= model_class_name.tableize %>, :last_login_at

data/lib/sorcery/controller/submodules/activity_logging.rb CHANGED Viewed

@@ -19,16 +19,20 @@ module Sorcery
               attr_accessor :register_login_time
               attr_accessor :register_logout_time
               attr_accessor :register_last_activity_time
+              attr_accessor :register_last_ip_address
               def merge_activity_logging_defaults!
                 @defaults.merge!(:@register_login_time         => true,
                                  :@register_logout_time        => true,
-                                 :@register_last_activity_time => true)
+                                 :@register_last_activity_time => true,
+                                 :@register_last_ip_address    => true
+                                 )
               end
             end
             merge_activity_logging_defaults!
           end
           Config.after_login    << :register_login_time_to_db
+          Config.after_login    << :register_last_ip_address
           Config.before_logout  << :register_logout_time_to_db
           base.after_filter :register_last_activity_time_to_db
         end
@@ -69,6 +73,13 @@ module Sorcery
             return unless logged_in?
             current_user.update_single_attribute(current_user.sorcery_config.last_activity_at_attribute_name, Time.now.in_time_zone)
           end
+          # Updates IP address on every login.
+          # This runs as a hook just after a successful login.
+          def register_last_ip_address(user, credentials)
+            return unless Config.register_last_ip_address
+            current_user.update_single_attribute(current_user.sorcery_config.last_login_from_ip_address_name, request.remote_ip)
+          end
         end
       end
     end

data/lib/sorcery/controller/submodules/external/protocols/oauth1.rb CHANGED Viewed

@@ -10,16 +10,27 @@ module Sorcery
             end
             def get_request_token(token=nil,secret=nil)
-              return ::OAuth::RequestToken.new(get_consumer,token,secret) if token && secret
+              return ::OAuth::RequestToken.new(get_consumer(), token, secret) if token && secret
               get_consumer.get_request_token(:oauth_callback => @callback_url)
             end
             def authorize_url(args)
-              get_request_token(args[:request_token],args[:request_token_secret]).authorize_url(:oauth_callback => @callback_url)
+              get_request_token(
+                args[:request_token],
+                args[:request_token_secret]
+              ).authorize_url({
+                :oauth_callback => @callback_url
+              })
             end
             def get_access_token(args)
-              get_request_token(args[:request_token],args[:request_token_secret]).get_access_token(:oauth_verifier => args[:oauth_verifier])
+              get_request_token(
+                args[:request_token],
+                args[:request_token_secret]
+              ).get_access_token({
+                :oauth_verifier => args[:oauth_verifier]
+              })
             end
             protected

data/lib/sorcery/controller/submodules/external/protocols/oauth2.rb CHANGED Viewed

@@ -22,7 +22,11 @@ module Sorcery
               client = build_client(options)
               client.auth_code.get_token(
                 args[:code],
-                { :redirect_uri => @callback_url, :parse => options.delete(:parse) }, options
+                {
+                  :redirect_uri => @callback_url,
+                  :parse => options.delete(:parse)
+                },
+                options
               )
             end

data/lib/sorcery/controller/submodules/external/providers/base.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module Sorcery
+  module Controller
+    module Submodules
+      module External
+        module Providers
+          module Base
+            module BaseClient
+              def self.included(base)
+                base.module_eval do
+                  class << self
+                    attr_accessor :original_callback_url
+                  end
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sorcery/controller/submodules/external/providers/facebook.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Sorcery
               base.module_eval do
                 class << self
                   attr_reader :facebook                           # access to facebook_client.
                   def merge_facebook_defaults!
                     @defaults.merge!(:@facebook => FacebookClient)
                   end
@@ -25,8 +25,9 @@ module Sorcery
                 update!
               end
             end
             module FacebookClient
+              include Base::BaseClient
               class << self
                 attr_accessor :key,
                               :secret,
@@ -40,7 +41,7 @@ module Sorcery
                 attr_reader   :access_token
                 include Protocols::Oauth2
                 def init
                   @site           = "https://graph.facebook.com"
                   @user_info_path = "/me"
@@ -52,19 +53,19 @@ module Sorcery
                   @parse          = :query
                   @param_name     = "access_token"
                 end
-                def get_user_hash
+                def get_user_hash(access_token)
                   user_hash = {}
-                  response = @access_token.get(@user_info_path)
+                  response = access_token.get(@user_info_path)
                   user_hash[:user_info] = JSON.parse(response.body)
                   user_hash[:uid] = user_hash[:user_info]['id']
                   user_hash
                 end
                 def has_callback?
                   true
                 end
                 # calculates and returns the url to which the user should be redirected,
                 # to get authenticated at the external provider's site.
                 def login_url(params,session)
@@ -82,15 +83,15 @@ module Sorcery
                   args = {}
                   options = { :token_url => @token_url, :mode => @mode, :param_name => @param_name, :parse => @parse }
                   args.merge!({:code => params[:code]}) if params[:code]
-                  @access_token = self.get_access_token(args, options)
+                  return self.get_access_token(args, options)
                 end
               end
               init
             end
           end
-        end
+        end
       end
     end
   end

data/lib/sorcery/controller/submodules/external/providers/github.rb CHANGED Viewed

@@ -27,6 +27,7 @@ module Sorcery
             end
             module GithubClient
+              include Base::BaseClient
               class << self
                 attr_accessor :key,
                               :secret,
@@ -50,9 +51,9 @@ module Sorcery
                   @user_info_mapping = {}
                 end
-                def get_user_hash
+                def get_user_hash(access_token)
                   user_hash = {}
-                  response = @access_token.get(@user_info_path)
+                  response = access_token.get(@user_info_path)
                   user_hash[:user_info] = JSON.parse(response.body)
                   user_hash[:uid] = user_hash[:user_info]['id']
                   user_hash
@@ -76,7 +77,7 @@ module Sorcery
                     :token_url    => @token_path,
                     :token_method => :post
                   }
-                  @access_token = self.get_access_token(args, options)
+                  return self.get_access_token(args, options)
                 end
               end

data/lib/sorcery/controller/submodules/external/providers/google.rb CHANGED Viewed

@@ -27,6 +27,7 @@ module Sorcery
             end
             module GoogleClient
+              include Base::BaseClient
               class << self
                 attr_accessor :key,
                               :secret,
@@ -50,9 +51,9 @@ module Sorcery
                   @user_info_mapping = {}
                 end
-                def get_user_hash
+                def get_user_hash(access_token)
                   user_hash = {}
-                  response = @access_token.get(@user_info_url)
+                  response = access_token.get(@user_info_url)
                   user_hash[:user_info] = JSON.parse(response.body)
                   user_hash[:uid] = user_hash[:user_info]['id']
                   user_hash
@@ -76,7 +77,7 @@ module Sorcery
                     :token_url => @token_url,
                     :token_method => :post
                   }
-                  @access_token = self.get_access_token(args, options)
+                  return self.get_access_token(args, options)
                 end
               end
               init

data/lib/sorcery/controller/submodules/external/providers/linkedin.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Sorcery
             def self.included(base)
               base.module_eval do
                 class << self
-                  attr_reader :linkedin
+                  attr_reader :linkedin
                   def merge_linkedin_defaults!
                     @defaults.merge!(:@linkedin => LinkedinClient)
@@ -25,8 +25,9 @@ module Sorcery
                 update!
               end
             end
             module LinkedinClient
+              include Base::BaseClient
               class << self
                 attr_accessor :key,
                               :secret,
@@ -42,14 +43,14 @@ module Sorcery
                 attr_reader   :access_token
                 include Protocols::Oauth1
                 # Override included get_consumer method to provide authorize_path
                 def get_consumer
                   # Add access permissions to request token path
                   @configuration[:request_token_path] += "?scope=" + self.access_permissions.join('+') unless self.access_permissions.blank? or @configuration[:request_token_path].include? "?scope="
                   ::OAuth::Consumer.new(@key, @secret, @configuration)
                 end
                 def init
                   @configuration = {
                     site: "https://api.linkedin.com",
@@ -59,20 +60,20 @@ module Sorcery
                   }
                   @user_info_path = "/v1/people/~"
                 end
-                def get_user_hash
+                def get_user_hash(access_token)
                   user_hash = {}
                   fields = self.user_info_fields.join(',')
-                  response = @access_token.get("#{@user_info_path}:(#{fields})", 'x-li-format' => 'json')
+                  response = access_token.get("#{@user_info_path}:(#{fields})", 'x-li-format' => 'json')
                   user_hash[:user_info] = JSON.parse(response.body)
                   user_hash[:uid] = user_hash[:user_info]['id'].to_s
                   user_hash
                 end
                 def has_callback?
                   true
                 end
                 # calculates and returns the url to which the user should be redirected,
                 # to get authenticated at the external provider's site.
                 def login_url(params,session)
@@ -81,16 +82,16 @@ module Sorcery
                   session[:request_token_secret]  = req_token.secret
                   self.authorize_url({:request_token => req_token.token, :request_token_secret => req_token.secret})
                 end
                 # tries to login the user from access token
                 def process_callback(params,session)
                   args = {}
                   args.merge!({:oauth_verifier => params[:oauth_verifier], :request_token => session[:request_token], :request_token_secret => session[:request_token_secret]})
                   args.merge!({:code => params[:code]}) if params[:code]
-                  @access_token = self.get_access_token(args)
+                  return self.get_access_token(args)
                 end
-              end
+              end
               init
             end
           end

data/lib/sorcery/controller/submodules/external/providers/liveid.rb CHANGED Viewed

@@ -27,6 +27,7 @@ module Sorcery
             end
             module LiveidClient
+              include Base::BaseClient
               class << self
                 attr_accessor :key,
                               :secret,
@@ -50,10 +51,10 @@ module Sorcery
                   @user_info_mapping = {}
                 end
-                def get_user_hash
+                def get_user_hash(access_token)
                   user_hash = {}
-                  @access_token.token_param = "access_token"
-                  response = @access_token.get(@user_info_url)
+                  access_token.token_param = "access_token"
+                  response = access_token.get(@user_info_url)
                   user_hash[:user_info] = JSON.parse(response.body)
                   user_hash[:uid] = user_hash[:user_info]['id']
                   user_hash
@@ -77,7 +78,7 @@ module Sorcery
                     :access_token_path => @token_path,
                     :access_token_method => :post
                   }
-                  @access_token = self.get_access_token(args, options)
+                  return self.get_access_token(args, options)
                 end
               end
               init

data/lib/sorcery/controller/submodules/external/providers/twitter.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Sorcery
                   attr_reader :twitter
                   # def twitter(&blk) # allows block syntax.
                   #   yield @twitter
-                  # end
+                  # end
                   def merge_twitter_defaults!
                     @defaults.merge!(:@twitter => TwitterClient)
@@ -28,8 +28,9 @@ module Sorcery
                 update!
               end
             end
             module TwitterClient
+              include Base::BaseClient
               class << self
                 attr_accessor :key,
                               :secret,
@@ -40,30 +41,30 @@ module Sorcery
                 attr_reader   :access_token
                 include Protocols::Oauth1
 				        # Override included get_consumer method to provide authorize_path
 				        def get_consumer
                   ::OAuth::Consumer.new(@key, @secret, :site => @site, :authorize_path => "/oauth/authenticate")
                 end
                 def init
                   @site           = "https://api.twitter.com"
-                  @user_info_path = "/1/account/verify_credentials.json"
+                  @user_info_path = "/1.1/account/verify_credentials.json"
                   @user_info_mapping = {}
                 end
-                def get_user_hash
+                def get_user_hash(access_token)
                   user_hash = {}
-                  response = @access_token.get(@user_info_path)
+                  response = access_token.get(@user_info_path)
                   user_hash[:user_info] = JSON.parse(response.body)
                   user_hash[:uid] = user_hash[:user_info]['id'].to_s
                   user_hash
                 end
                 def has_callback?
                   true
                 end
                 # calculates and returns the url to which the user should be redirected,
                 # to get authenticated at the external provider's site.
                 def login_url(params,session)
@@ -72,16 +73,16 @@ module Sorcery
                   session[:request_token_secret]  = req_token.secret
                   self.authorize_url({:request_token => req_token.token, :request_token_secret => req_token.secret})
                 end
                 # tries to login the user from access token
-                def process_callback(params,session)
+                def process_callback(params, session)
                   args = {}
                   args.merge!({:oauth_verifier => params[:oauth_verifier], :request_token => session[:request_token], :request_token_secret => session[:request_token_secret]})
                   args.merge!({:code => params[:code]}) if params[:code]
-                  @access_token = self.get_access_token(args)
+                  return self.get_access_token(args)
                 end
-              end
+              end
               init
             end
           end