sparkly-auth 1.0.0

data/spec/generators/sparkly_spec.rb

@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+describe :sparkly do
+  before(:each) do
+    Auth.configure do |config|
+      config.authenticate :user
+    end
+  end
+
+  context "with :remember_me behavior" do
+    before(:each) { Auth.configure { |c| c.behaviors << :remember_me } }
+    
+    with_args :migrations do
+      it "should generate a remembered_tokens migration" do
+        subject.should generate("db/migrate/002_create_sparkly_remembered_tokens.rb")
+      end
+    end
+  end
+  
+  
+  with_args :migrations do
+    it "should generate db/migrate" do
+      subject.should generate("db/migrate")
+      subject.should generate("db/migrate/001_create_sparkly_passwords.rb")
+    end
+  end
+
+  with_args :config do
+    it "should generate the sparkly initializers" do
+      subject.should generate('lib/tasks/sparkly_migration.rb')
+      subject.should generate('config/initializers/sparkly_authentication.rb')
+    end
+  end
+  
+  with_args :controllers do
+    it "should generate the sparkly controllers" do
+      Auth.configuration.authenticate(:user, :accounts_controller => 'users', :sessions_controller => 'user_sessions')
+      Auth.kick!
+      
+      subject.should generate("app/controllers/users_controller.rb")
+      subject.should generate("app/controllers/user_sessions_controller.rb")
+      subject.should generate("app/helpers/users_helper.rb")
+      subject.should generate("app/helpers/user_sessions_helper.rb")
+    end
+  end
+  
+  with_args :views do
+    it "should generate the sparkly views with /users if given the users controller" do
+      Auth.configuration.authenticate(:user, :accounts_controller => 'users', :sessions_controller => 'user_sessions')
+      Auth.kick!
+      
+      subject.should generate("app/views/users/edit.html.erb")
+      subject.should generate("app/views/users/new.html.erb")
+      subject.should generate("app/views/users/show.html.erb")
+      subject.should generate("app/views/user_sessions/new.html.erb")
+    end
+  end
+  
+  with_args :help do
+    it "should generate the sparkly help" do
+      subject.should generate('doc/sparkly_authentication.txt')
+    end
+  end
+end

data/spec/lib/auth/behavior/core_spec.rb

@@ -0,0 +1,184 @@
+require 'spec_helper'
+
+describe "Behavior: Core" do
+  subject { Auth::Model.new(:user, :behaviors => [:core], :password_update_frequency => 30.days) }
+  
+  before(:each) do
+    subject.apply_options!
+  end
+  
+  context "user" do
+    it "should not be able to reuse a previous password" do
+      u = User.new(:email => "generic1@example.com")
+      u.password = u.password_confirmation = "Generic12"
+      u.save!
+      u.password = u.password_confirmation = "Generic13"
+      u.save!
+      u.password = u.password_confirmation = "Generic12"
+      
+      proc { u.save! }.should raise_error(ActiveRecord::RecordInvalid)
+    end
+    
+    it "should produce multiple password models" do
+      u = User.new(:email => "generic2@example.com")
+      u.password = u.password_confirmation = "Generic12"
+      u.save!
+      u.password = u.password_confirmation = "Generic13"
+      u.save!
+      
+      u.passwords.length.should == 2
+    end
+    
+    it "should not store more than 4 passwords" do
+      User.destroy_all
+      u = User.new(:email => "generic3@example.com")
+      %w(Generic12 Generic13 Generic14 Generic15 Generic16 Generic17 Generic18).each do |pw|
+        u.password = u.password_confirmation = pw
+        u.save!
+      end
+
+      u.passwords.length.should == 4
+    end
+    
+    it "should not be valid if password and confirmation are skipped" do
+      u = User.new(:email => "generic@example.com")
+      u.should_not be_valid
+    end
+    
+    it "should create a user that can have a password validated against it" do
+      email = "generic@example.com"
+      password = "Ab12345"
+      
+      User.destroy_all
+      returning(User.new(:email => email)) { |user|
+        user.password = password
+        user.password_confirmation = password
+        user.save!
+      }
+
+      User.find_by_email(email).password_matches?(password).should == true
+    end
+    
+    it "should not produce error messages that contain 'secret' or are duplicates" do
+      u = User.new(:email => "generic@example.com")
+      u.password = u.password_confirmation = nil
+      u.valid?
+      u.errors.to_a.should == u.errors.to_a.uniq
+      u.errors.to_a.collect { |ar| ar.first }.should_not include('secret')
+      u.errors.to_a.collect { |ar| ar.first }.should_not include('secret_confirmation')
+    end
+    
+    it "should create #password" do
+      u = User.new
+      u.password.should be_blank
+    end
+    
+    it "should create #password=" do
+      u = User.new
+      u.password = "hi there"
+      u.password.should_not be_blank
+    end
+    
+    it "should encrypt password assignments" do
+      u = User.new
+      u.password = "hi there"
+      u.password.should_not == "hi there"
+    end
+    
+    it "should create #password_confirmation" do
+      u = User.new
+      u.password_confirmation.should be_blank
+    end
+    
+    it "should create #password_confirmation=" do
+      u = User.new
+      u.password_confirmation = "hi there"
+      u.password_confirmation.should_not be_blank
+    end
+    
+    it "should encrypt password confirmation assignments" do
+      u = User.new
+      u.password_confirmation = "hi there"
+      u.password_confirmation.should_not == "hi there"
+    end
+    
+    it "should delegate persistence token to password model" do
+      u = User.new
+      u.password = "hi there"
+      u.persistence_token.should_not be_blank
+    end
+  end
+  
+  it "should reset the persistence token when password is assigned" do
+    pw = Password.new
+    pw.secret = "Hello12"
+    pw.persistence_token.should_not be_blank
+  end
+  
+  it "should encrypt the :secret and :secret_confirmation upon assignment in Password" do
+    u = User.new
+    pw = u.passwords.build
+    pw.secret = "Hello12"
+    pw.secret_confirmation = "Hello12"
+
+    pw.secret.should_not == "Hello12" # ...but we don't know what it actually should equal, 'cause that's randomized.
+    pw.secret_confirmation.should_not == "Hello12"
+    pw.secret.should == pw.secret_confirmation
+  end
+  
+  it "should force confirmation of the :secret on Password" do
+    u = User.new
+    pw = u.passwords.build
+    pw.secret = "Hello12" 
+    pw.valid?
+    pw.errors.to_a.should_not be_empty
+    
+    pw.secret_confirmation = "Hello1"
+    pw.valid?
+    pw.errors.on(:secret).should == "doesn't match confirmation"
+    
+    pw.secret_confirmation = "Hello12"
+    pw.should be_valid
+  end
+  
+  it 'should validate presence of :secret on Password' do
+    error_on(Password, :secret).should == "can't be blank"
+  end
+  
+  it 'should validate password length >= 7' do    
+    error_on(Password, :secret, "123456").should include("must be at least 7 characters")
+  end
+
+  it 'should validate password complexity' do
+    error_on(Password, :secret, "Ab12345").should == nil
+    error_on(Password, :secret, "1234567").should ==
+             "must contain at least 1 uppercase, 1 lowercase and 1 number"
+    error_on(Password, :secret, "abcdefg").should ==
+             "must contain at least 1 uppercase, 1 lowercase and 1 number"
+    error_on(Password, :secret, "ABCDEFG").should ==
+             "must contain at least 1 uppercase, 1 lowercase and 1 number"
+  end
+  
+  it 'should add has_many :passwords to User' do
+    User.new.should respond_to(:passwords)
+  end
+  
+  it "should expire passwords after 30 days or if no password is available" do
+    (u = User.new).password_expired?.should be_true
+    p = u.passwords.build(:created_at => 1.month.ago)
+    p.authenticatable = u # need to build the reverse relationship cause it's not saved yet... i hate that.
+    p.should be_expired
+  end
+  
+  context "with password update frequency 90 days" do
+    subject { Auth::Model.new(:user, :behaviors => [:core], :password_update_frequency => 90.days) }
+
+    it "should expire passwords after 90 days or if no password is available" do
+      (u = User.new).password_expired?.should be_true # because there're no passwords yet
+      
+      p = u.passwords.build(:created_at => 1.month.ago)
+      p.authenticatable = u # need to build the reverse relationship cause it's not saved yet... i hate that.
+      p.should_not be_expired
+    end
+  end
+end

data/spec/lib/auth/behavior/remember_me_spec.rb

@@ -0,0 +1,127 @@
+require 'spec_helper' 
+require 'spec/rails'
+
+describe "Behavior: Remember Me", :type => :controller do
+  controller_name :sparkly_sessions
+  
+  def cookies
+    controller.send(:cookies)
+  end
+  
+  def reset_auth!
+    # the lack of a current user will trigger authentication of various flavors, making these tests possible.
+    controller.instance_variable_set("@current_user", nil)
+  end
+  
+  before(:each) do
+    Auth.configure do |c|
+      c.authenticate :user
+      c.behaviors = :core, :remember_me
+      c.remember_me.duration = 6.months
+    end
+    
+    Auth.kick!
+    u = User.new(:email => "generic12@example.com")
+    u.password = u.password_confirmation = "Generic12"
+    u.save!
+  end
+  
+  it "should set an auth token cookie upon successful login" do
+    post :create, { :model => "User", :user => { :email => "generic12@example.com", :password => "Generic12", :remember_me => true } }
+    
+    session[:session_token].should_not be_blank
+    
+    # There should be a token in the remebered_tokens table. We can use that data to decide
+    # what should be in the cookie.
+    RemembranceToken.count.should == 1
+    
+    # We're looking for a string containing password model ID, series token, and auth token.
+    token = RemembranceToken.first
+    
+    cookies[:remembrance_token].should == token.value
+  end
+  
+  context "a user with a remember token" do
+    before(:each) do
+      post :create, { :model => "User", :user => { :email => "generic12@example.com", :password => "Generic12", :remember_me => true } }
+    end
+    
+    shared_examples_for "an expired or missing session" do
+      it "should authenticate with the auth token cookie" do
+        controller.current_user.should_not be_nil
+      end
+      
+      it "should generate a new auth token cookie" do
+        token = cookies[:remembrance_token]
+        controller.current_user
+        cookies[:remembrance_token].should_not == token
+      end
+      
+      it "should not change the series identifier" do
+        controller.current_user
+        controller.current_user.remembrance_tokens.first.series_token == @series_identifier
+      end
+      
+      context "and an invalid token id but valid series id" do
+        before(:each) do
+          cookies[:remembrance_token] = { :value => cookies[:remembrance_token]+"1", :expires => 6.months.from_now }
+          reset_auth!
+        end
+        
+        it "should be considered a theft" do
+          # because the token is changed every time - if the wrong token is used it is due either to tampering or to
+          # using an expired token, indicating that someone has stolen and used the one-use token.
+          controller.current_user
+          flash[:error].should == Auth.remember_me.token_theft_message
+        end
+        
+        it "should delete all remembrance tokens" do
+          controller.current_user.remembrance_tokens.count.should == 0
+        end
+      end
+      
+      context "and token data is not present" do
+        before(:each) do
+          cookies[:remembrance_token] = { :value => "", :expires => 6.months.from_now }
+          reset_auth!
+        end
+        
+        it "should not authenticate the user" do
+          controller.current_user.should == false
+        end
+      end
+      
+      context "and token is missing" do
+        before(:each) do
+          cookies.delete(:remembrance_token)
+          #cookies[:remembrance_token] = nil
+          reset_auth!
+        end
+        
+        it "should not authenticate the user" do
+          controller.current_user.should == false
+        end
+      end
+    end
+    
+    context "and an expired session" do
+      before(:each) do
+        @series_identifier = controller.current_user.remembrance_tokens.first.series_token
+        session[:active_at] = 30.days.ago # i'm pretty sure this is past the session duration.
+        reset_auth!
+      end
+      
+      it_should_behave_like "an expired or missing session"
+    end
+    
+    context "and a missing session" do
+      before(:each) do
+        @series_identifier = controller.current_user.remembrance_tokens.first.series_token
+        session.clear
+        reset_auth!
+      end
+      
+      it_should_behave_like "an expired or missing session"
+    end
+  end
+end

data/spec/lib/auth/extensions/controller_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Auth::Behavior::Core::ControllerExtensions do
+  #subject { ApplicationController.new }
+  subject { ApplicationController.call(Rack::MockRequest.env_for("/").merge('REQUEST_URI' => '')).template.controller }
+  
+  before(:each) do
+    Auth.configure do |config|
+      config.session_duration = nil
+      config.authenticate :user
+    end
+    
+    Auth.kick!
+
+    unless User.count == 1
+      u = User.new(:email => "generic4@example.com")
+      u.password = u.password_confirmation = "Generic12"
+      u.save!
+    end
+  end
+  
+  it "should let users authenticate with single access token" do
+    subject.params = { :single_access_token => User.first.single_access_token }
+    subject.current_user.should be_kind_of(User)
+  end
+  
+  it "should not raise nil errors when Auth.session_duration is nil" do
+    subject.session = { :session_token => User.first.persistence_token }
+    
+    subject.current_user.should be_kind_of(User)
+  end
+end

data/spec/lib/auth/model_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe Auth::Model do
+  context "given nonexisting model name" do
+    subject { Auth::Model.new(:nonexisting_user) }
+    
+    it "should fail silently during initialization because it might not have been generated yet" do
+      proc { subject }.should_not raise_error
+    end
+  end
+  
+  context "with default options" do
+    subject { Auth::Model.new(:user) }
+    
+    before(:each) do
+      Dispatcher.cleanup_application
+      Dispatcher.reload_application
+      subject.apply_options!
+    end
+    
+    it "should validate presence of :email on User" do
+      error_on(User, :email).should == "can't be blank"
+    end
+    
+    it "should use :core behavior" do
+      subject.behaviors.should include(:core)
+    end
+  end
+  
+  context "with an empty :behaviors option" do
+    subject { Auth::Model.new(:user, :behaviors => []) }
+    before(:each) do
+      Dispatcher.cleanup_application
+      Dispatcher.reload_application
+      subject.apply_options!
+    end
+    it "should have no behaviors" do subject.behaviors.should be_empty end
+  end
+  
+  context "with a hash for :with option" do
+    subject { Auth::Model.new(:user, :with => {
+            :secret => :passwd,
+            :format => /^.{8}$/,
+            :message => "must be exactly 8 characters"
+    })}
+    
+    before(:each) do
+      Dispatcher.cleanup_application
+      Dispatcher.reload_application
+      subject.apply_options!
+    end
+    
+    it "should validate presence of :email on User" do
+      error_on(User, :email).should == "can't be blank"
+    end
+  end
+end