ultra-max-kit 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/devise-5.0.4/CHANGELOG.md +88 -0
- data/devise-5.0.4/MIT-LICENSE +21 -0
- data/devise-5.0.4/README.md +776 -0
- data/devise-5.0.4/app/controllers/devise/confirmations_controller.rb +54 -0
- data/devise-5.0.4/app/controllers/devise/omniauth_callbacks_controller.rb +36 -0
- data/devise-5.0.4/app/controllers/devise/passwords_controller.rb +88 -0
- data/devise-5.0.4/app/controllers/devise/registrations_controller.rb +169 -0
- data/devise-5.0.4/app/controllers/devise/sessions_controller.rb +83 -0
- data/devise-5.0.4/app/controllers/devise/unlocks_controller.rb +52 -0
- data/devise-5.0.4/app/controllers/devise_controller.rb +226 -0
- data/devise-5.0.4/app/helpers/devise_helper.rb +5 -0
- data/devise-5.0.4/app/mailers/devise/mailer.rb +30 -0
- data/devise-5.0.4/app/views/devise/confirmations/new.html.erb +16 -0
- data/devise-5.0.4/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/devise-5.0.4/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/devise-5.0.4/app/views/devise/mailer/password_change.html.erb +3 -0
- data/devise-5.0.4/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/devise-5.0.4/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/devise-5.0.4/app/views/devise/passwords/edit.html.erb +25 -0
- data/devise-5.0.4/app/views/devise/passwords/new.html.erb +16 -0
- data/devise-5.0.4/app/views/devise/registrations/edit.html.erb +42 -0
- data/devise-5.0.4/app/views/devise/registrations/new.html.erb +29 -0
- data/devise-5.0.4/app/views/devise/sessions/new.html.erb +26 -0
- data/devise-5.0.4/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/devise-5.0.4/app/views/devise/shared/_links.html.erb +25 -0
- data/devise-5.0.4/app/views/devise/unlocks/new.html.erb +16 -0
- data/devise-5.0.4/config/locales/en.yml +65 -0
- data/devise-5.0.4/lib/devise/controllers/helpers.rb +295 -0
- data/devise-5.0.4/lib/devise/controllers/rememberable.rb +56 -0
- data/devise-5.0.4/lib/devise/controllers/responder.rb +35 -0
- data/devise-5.0.4/lib/devise/controllers/scoped_views.rb +19 -0
- data/devise-5.0.4/lib/devise/controllers/sign_in_out.rb +106 -0
- data/devise-5.0.4/lib/devise/controllers/store_location.rb +76 -0
- data/devise-5.0.4/lib/devise/controllers/url_helpers.rb +69 -0
- data/devise-5.0.4/lib/devise/delegator.rb +18 -0
- data/devise-5.0.4/lib/devise/encryptor.rb +24 -0
- data/devise-5.0.4/lib/devise/failure_app.rb +287 -0
- data/devise-5.0.4/lib/devise/hooks/activatable.rb +12 -0
- data/devise-5.0.4/lib/devise/hooks/csrf_cleaner.rb +14 -0
- data/devise-5.0.4/lib/devise/hooks/forgetable.rb +11 -0
- data/devise-5.0.4/lib/devise/hooks/lockable.rb +9 -0
- data/devise-5.0.4/lib/devise/hooks/proxy.rb +23 -0
- data/devise-5.0.4/lib/devise/hooks/rememberable.rb +9 -0
- data/devise-5.0.4/lib/devise/hooks/timeoutable.rb +35 -0
- data/devise-5.0.4/lib/devise/hooks/trackable.rb +11 -0
- data/devise-5.0.4/lib/devise/mailers/helpers.rb +87 -0
- data/devise-5.0.4/lib/devise/mapping.rb +178 -0
- data/devise-5.0.4/lib/devise/models/authenticatable.rb +302 -0
- data/devise-5.0.4/lib/devise/models/confirmable.rb +371 -0
- data/devise-5.0.4/lib/devise/models/database_authenticatable.rb +204 -0
- data/devise-5.0.4/lib/devise/models/lockable.rb +214 -0
- data/devise-5.0.4/lib/devise/models/omniauthable.rb +29 -0
- data/devise-5.0.4/lib/devise/models/recoverable.rb +156 -0
- data/devise-5.0.4/lib/devise/models/registerable.rb +29 -0
- data/devise-5.0.4/lib/devise/models/rememberable.rb +158 -0
- data/devise-5.0.4/lib/devise/models/timeoutable.rb +45 -0
- data/devise-5.0.4/lib/devise/models/trackable.rb +51 -0
- data/devise-5.0.4/lib/devise/models/validatable.rb +70 -0
- data/devise-5.0.4/lib/devise/models.rb +122 -0
- data/devise-5.0.4/lib/devise/modules.rb +30 -0
- data/devise-5.0.4/lib/devise/omniauth/config.rb +47 -0
- data/devise-5.0.4/lib/devise/omniauth/url_helpers.rb +27 -0
- data/devise-5.0.4/lib/devise/omniauth.rb +27 -0
- data/devise-5.0.4/lib/devise/orm/active_record.rb +7 -0
- data/devise-5.0.4/lib/devise/orm/mongoid.rb +7 -0
- data/devise-5.0.4/lib/devise/orm.rb +80 -0
- data/devise-5.0.4/lib/devise/parameter_filter.rb +44 -0
- data/devise-5.0.4/lib/devise/parameter_sanitizer.rb +172 -0
- data/devise-5.0.4/lib/devise/rails/routes.rb +514 -0
- data/devise-5.0.4/lib/devise/rails/warden_compat.rb +15 -0
- data/devise-5.0.4/lib/devise/rails.rb +57 -0
- data/devise-5.0.4/lib/devise/strategies/authenticatable.rb +178 -0
- data/devise-5.0.4/lib/devise/strategies/base.rb +22 -0
- data/devise-5.0.4/lib/devise/strategies/database_authenticatable.rb +31 -0
- data/devise-5.0.4/lib/devise/strategies/rememberable.rb +67 -0
- data/devise-5.0.4/lib/devise/test/controller_helpers.rb +156 -0
- data/devise-5.0.4/lib/devise/test/integration_helpers.rb +63 -0
- data/devise-5.0.4/lib/devise/time_inflector.rb +16 -0
- data/devise-5.0.4/lib/devise/token_generator.rb +32 -0
- data/devise-5.0.4/lib/devise/version.rb +5 -0
- data/devise-5.0.4/lib/devise.rb +533 -0
- data/devise-5.0.4/lib/generators/active_record/devise_generator.rb +119 -0
- data/devise-5.0.4/lib/generators/active_record/templates/migration.rb +20 -0
- data/devise-5.0.4/lib/generators/active_record/templates/migration_existing.rb +27 -0
- data/devise-5.0.4/lib/generators/devise/controllers_generator.rb +46 -0
- data/devise-5.0.4/lib/generators/devise/devise_generator.rb +28 -0
- data/devise-5.0.4/lib/generators/devise/install_generator.rb +42 -0
- data/devise-5.0.4/lib/generators/devise/orm_helpers.rb +36 -0
- data/devise-5.0.4/lib/generators/devise/views_generator.rb +145 -0
- data/devise-5.0.4/lib/generators/mongoid/devise_generator.rb +57 -0
- data/devise-5.0.4/lib/generators/templates/README +36 -0
- data/devise-5.0.4/lib/generators/templates/controllers/README +14 -0
- data/devise-5.0.4/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/devise-5.0.4/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/devise-5.0.4/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/devise-5.0.4/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/devise-5.0.4/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/devise-5.0.4/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/devise-5.0.4/lib/generators/templates/devise.rb +316 -0
- data/devise-5.0.4/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
- data/devise-5.0.4/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/devise-5.0.4/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/devise-5.0.4/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
- data/devise-5.0.4/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
- data/devise-5.0.4/lib/generators/templates/simple_form_for/confirmations/new.html.erb +20 -0
- data/devise-5.0.4/lib/generators/templates/simple_form_for/passwords/edit.html.erb +27 -0
- data/devise-5.0.4/lib/generators/templates/simple_form_for/passwords/new.html.erb +18 -0
- data/devise-5.0.4/lib/generators/templates/simple_form_for/registrations/edit.html.erb +35 -0
- data/devise-5.0.4/lib/generators/templates/simple_form_for/registrations/new.html.erb +25 -0
- data/devise-5.0.4/lib/generators/templates/simple_form_for/sessions/new.html.erb +20 -0
- data/devise-5.0.4/lib/generators/templates/simple_form_for/unlocks/new.html.erb +19 -0
- data/ultra-max-kit.gemspec +12 -0
- metadata +153 -0
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'devise/strategies/base'
|
|
4
|
+
|
|
5
|
+
module Devise
|
|
6
|
+
module Strategies
|
|
7
|
+
# This strategy should be used as basis for authentication strategies. It retrieves
|
|
8
|
+
# parameters both from params or from http authorization headers. See database_authenticatable
|
|
9
|
+
# for an example.
|
|
10
|
+
class Authenticatable < Base
|
|
11
|
+
attr_accessor :authentication_hash, :authentication_type, :password
|
|
12
|
+
|
|
13
|
+
def store?
|
|
14
|
+
super && !mapping.to.skip_session_storage.include?(authentication_type)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def valid?
|
|
18
|
+
valid_for_params_auth? || valid_for_http_auth?
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# Override and set to false for things like OmniAuth that technically
|
|
22
|
+
# run through Authentication (user_set) very often, which would normally
|
|
23
|
+
# reset CSRF data in the session
|
|
24
|
+
def clean_up_csrf?
|
|
25
|
+
true
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
# Receives a resource and check if it is valid by calling valid_for_authentication?
|
|
31
|
+
# A block that will be triggered while validating can be optionally
|
|
32
|
+
# given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
|
|
33
|
+
# for more information.
|
|
34
|
+
#
|
|
35
|
+
# In case the resource can't be validated, it will fail with the given
|
|
36
|
+
# unauthenticated_message.
|
|
37
|
+
def validate(resource, &block)
|
|
38
|
+
result = resource && resource.valid_for_authentication?(&block)
|
|
39
|
+
|
|
40
|
+
if result
|
|
41
|
+
true
|
|
42
|
+
else
|
|
43
|
+
if resource
|
|
44
|
+
fail!(resource.unauthenticated_message)
|
|
45
|
+
end
|
|
46
|
+
false
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# Get values from params and set in the resource.
|
|
51
|
+
def remember_me(resource)
|
|
52
|
+
resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# Should this resource be marked to be remembered?
|
|
56
|
+
def remember_me?
|
|
57
|
+
valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
# Check if this is a valid strategy for http authentication by:
|
|
61
|
+
#
|
|
62
|
+
# * Validating if the model allows http authentication;
|
|
63
|
+
# * If any of the authorization headers were sent;
|
|
64
|
+
# * If all authentication keys are present;
|
|
65
|
+
#
|
|
66
|
+
def valid_for_http_auth?
|
|
67
|
+
http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
# Check if this is a valid strategy for params authentication by:
|
|
71
|
+
#
|
|
72
|
+
# * Validating if the model allows params authentication;
|
|
73
|
+
# * If the request hits the sessions controller through POST;
|
|
74
|
+
# * If the params[scope] returns a hash with credentials;
|
|
75
|
+
# * If all authentication keys are present;
|
|
76
|
+
#
|
|
77
|
+
def valid_for_params_auth?
|
|
78
|
+
params_authenticatable? && valid_params_request? &&
|
|
79
|
+
valid_params? && with_authentication_hash(:params_auth, params_auth_hash)
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
# Check if the model accepts this strategy as http authenticatable.
|
|
83
|
+
def http_authenticatable?
|
|
84
|
+
mapping.to.http_authenticatable?(authenticatable_name)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
# Check if the model accepts this strategy as params authenticatable.
|
|
88
|
+
def params_authenticatable?
|
|
89
|
+
mapping.to.params_authenticatable?(authenticatable_name)
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# Extract the appropriate subhash for authentication from params.
|
|
93
|
+
def params_auth_hash
|
|
94
|
+
params[scope]
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# Extract a hash with attributes:values from the http params.
|
|
98
|
+
def http_auth_hash
|
|
99
|
+
keys = [http_authentication_key, :password]
|
|
100
|
+
Hash[*keys.zip(decode_credentials).flatten]
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
# By default, a request is valid if the controller set the proper env variable.
|
|
104
|
+
def valid_params_request?
|
|
105
|
+
!!env["devise.allow_params_authentication"]
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
# If the request is valid, finally check if params_auth_hash returns a hash.
|
|
109
|
+
def valid_params?
|
|
110
|
+
params_auth_hash.is_a?(Hash)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
# Note: unlike `Model.valid_password?`, this method does not actually
|
|
114
|
+
# ensure that the password in the params matches the password stored in
|
|
115
|
+
# the database. It only checks if the password is *present*. Do not rely
|
|
116
|
+
# on this method for validating that a given password is correct.
|
|
117
|
+
def valid_password?
|
|
118
|
+
password.present?
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
# Helper to decode credentials from HTTP.
|
|
122
|
+
def decode_credentials
|
|
123
|
+
return [] unless request.authorization && request.authorization =~ /^Basic (.*)/mi
|
|
124
|
+
Base64.decode64($1).split(/:/, 2)
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# Sets the authentication hash and the password from params_auth_hash or http_auth_hash.
|
|
128
|
+
def with_authentication_hash(auth_type, auth_values)
|
|
129
|
+
self.authentication_hash, self.authentication_type = {}, auth_type
|
|
130
|
+
self.password = auth_values[:password]
|
|
131
|
+
|
|
132
|
+
parse_authentication_key_values(auth_values, authentication_keys) &&
|
|
133
|
+
parse_authentication_key_values(request_values, request_keys)
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
def authentication_keys
|
|
137
|
+
@authentication_keys ||= mapping.to.authentication_keys
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
def http_authentication_key
|
|
141
|
+
@http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys
|
|
142
|
+
when Array then authentication_keys.first
|
|
143
|
+
when Hash then authentication_keys.keys.first
|
|
144
|
+
end
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
def request_keys
|
|
148
|
+
@request_keys ||= mapping.to.request_keys
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
def request_values
|
|
152
|
+
keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys
|
|
153
|
+
values = keys.map { |k| self.request.send(k) }
|
|
154
|
+
Hash[keys.zip(values)]
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
def parse_authentication_key_values(hash, keys)
|
|
158
|
+
keys.each do |key, enforce|
|
|
159
|
+
value = hash[key].presence
|
|
160
|
+
if value
|
|
161
|
+
self.authentication_hash[key] = value
|
|
162
|
+
else
|
|
163
|
+
return false unless enforce == false
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
true
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
# Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable
|
|
170
|
+
# becomes simply :database.
|
|
171
|
+
def authenticatable_name
|
|
172
|
+
@authenticatable_name ||=
|
|
173
|
+
ActiveSupport::Inflector.underscore(self.class.name.split("::").last).
|
|
174
|
+
sub("_authenticatable", "").to_sym
|
|
175
|
+
end
|
|
176
|
+
end
|
|
177
|
+
end
|
|
178
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Strategies
|
|
5
|
+
# Base strategy for Devise. Responsible for verifying correct scope and mapping.
|
|
6
|
+
class Base < ::Warden::Strategies::Base
|
|
7
|
+
# Whenever CSRF cannot be verified, we turn off any kind of storage
|
|
8
|
+
def store?
|
|
9
|
+
!env["devise.skip_storage"]
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# Checks if a valid scope was given for devise and find mapping based on this scope.
|
|
13
|
+
def mapping
|
|
14
|
+
@mapping ||= begin
|
|
15
|
+
mapping = Devise.mappings[scope]
|
|
16
|
+
raise "Could not find mapping for #{scope}" unless mapping
|
|
17
|
+
mapping
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'devise/strategies/authenticatable'
|
|
4
|
+
|
|
5
|
+
module Devise
|
|
6
|
+
module Strategies
|
|
7
|
+
# Default strategy for signing in a user, based on their email and password in the database.
|
|
8
|
+
class DatabaseAuthenticatable < Authenticatable
|
|
9
|
+
def authenticate!
|
|
10
|
+
resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
|
|
11
|
+
hashed = false
|
|
12
|
+
|
|
13
|
+
if validate(resource){ hashed = true; resource.valid_password?(password) }
|
|
14
|
+
remember_me(resource)
|
|
15
|
+
resource.after_database_authentication
|
|
16
|
+
success!(resource)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key.
|
|
20
|
+
# This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't
|
|
21
|
+
# exist in the database if the password hashing algorithm is not called.
|
|
22
|
+
mapping.to.new.password = password if !hashed && Devise.paranoid
|
|
23
|
+
unless resource
|
|
24
|
+
Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database)
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
Warden::Strategies.add(:database_authenticatable, Devise::Strategies::DatabaseAuthenticatable)
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'devise/strategies/authenticatable'
|
|
4
|
+
|
|
5
|
+
module Devise
|
|
6
|
+
module Strategies
|
|
7
|
+
# Remember the user through the remember token. This strategy is responsible
|
|
8
|
+
# to verify whether there is a cookie with the remember token, and to
|
|
9
|
+
# recreate the user from this cookie if it exists. Must be called *before*
|
|
10
|
+
# authenticatable.
|
|
11
|
+
class Rememberable < Authenticatable
|
|
12
|
+
# A valid strategy for rememberable needs a remember token in the cookies.
|
|
13
|
+
def valid?
|
|
14
|
+
@remember_cookie = nil
|
|
15
|
+
remember_cookie.present?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# To authenticate a user we deserialize the cookie and attempt finding
|
|
19
|
+
# the record in the database. If the attempt fails, we pass to another
|
|
20
|
+
# strategy handle the authentication.
|
|
21
|
+
def authenticate!
|
|
22
|
+
resource = mapping.to.serialize_from_cookie(*remember_cookie)
|
|
23
|
+
|
|
24
|
+
unless resource
|
|
25
|
+
cookies.delete(remember_key)
|
|
26
|
+
return pass
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
if validate(resource)
|
|
30
|
+
remember_me(resource) if extend_remember_me?(resource)
|
|
31
|
+
resource.after_remembered
|
|
32
|
+
success!(resource)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# No need to clean up the CSRF when using rememberable.
|
|
37
|
+
# In fact, cleaning it up here would be a bug because
|
|
38
|
+
# rememberable is triggered on GET requests which means
|
|
39
|
+
# we would render a page on first access with all csrf
|
|
40
|
+
# tokens expired.
|
|
41
|
+
def clean_up_csrf?
|
|
42
|
+
false
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
private
|
|
46
|
+
|
|
47
|
+
def extend_remember_me?(resource)
|
|
48
|
+
resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def remember_me?
|
|
52
|
+
true
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def remember_key
|
|
56
|
+
mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def remember_cookie
|
|
60
|
+
@remember_cookie ||= cookies.signed[remember_key]
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Test
|
|
5
|
+
# `Devise::Test::ControllerHelpers` provides a facility to test controllers
|
|
6
|
+
# in isolation when using `ActionController::TestCase` allowing you to
|
|
7
|
+
# quickly sign_in or sign_out a user. Do not use
|
|
8
|
+
# `Devise::Test::ControllerHelpers` in integration tests.
|
|
9
|
+
#
|
|
10
|
+
# Examples
|
|
11
|
+
#
|
|
12
|
+
# class PostsTest < ActionController::TestCase
|
|
13
|
+
# include Devise::Test::ControllerHelpers
|
|
14
|
+
#
|
|
15
|
+
# test 'authenticated users can GET index' do
|
|
16
|
+
# sign_in users(:bob)
|
|
17
|
+
#
|
|
18
|
+
# get :index
|
|
19
|
+
# assert_response :success
|
|
20
|
+
# end
|
|
21
|
+
# end
|
|
22
|
+
#
|
|
23
|
+
# Important: you should not test Warden specific behavior (like callbacks)
|
|
24
|
+
# using `Devise::Test::ControllerHelpers` since it is a stub of the actual
|
|
25
|
+
# behavior. Such callbacks should be tested in your integration suite instead.
|
|
26
|
+
module ControllerHelpers
|
|
27
|
+
extend ActiveSupport::Concern
|
|
28
|
+
|
|
29
|
+
included do
|
|
30
|
+
setup :setup_controller_for_warden, :warden
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# Override process to consider warden.
|
|
34
|
+
def process(*)
|
|
35
|
+
_catch_warden { super }
|
|
36
|
+
|
|
37
|
+
@response
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
|
|
41
|
+
|
|
42
|
+
# We need to set up the environment variables and the response in the controller.
|
|
43
|
+
def setup_controller_for_warden #:nodoc:
|
|
44
|
+
@request.env['action_controller.instance'] = @controller
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# Quick access to Warden::Proxy.
|
|
48
|
+
def warden #:nodoc:
|
|
49
|
+
@request.env['warden'] ||= begin
|
|
50
|
+
manager = Warden::Manager.new(nil) do |config|
|
|
51
|
+
config.merge! Devise.warden_config
|
|
52
|
+
end
|
|
53
|
+
Warden::Proxy.new(@request.env, manager)
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# sign_in a given resource by storing its keys in the session.
|
|
58
|
+
# This method bypass any warden authentication callback.
|
|
59
|
+
#
|
|
60
|
+
# * +resource+ - The resource that should be authenticated
|
|
61
|
+
# * +scope+ - An optional +Symbol+ with the scope where the resource
|
|
62
|
+
# should be signed in with.
|
|
63
|
+
# Examples:
|
|
64
|
+
#
|
|
65
|
+
# sign_in users(:alice)
|
|
66
|
+
# sign_in users(:alice), scope: :admin
|
|
67
|
+
def sign_in(resource, scope: nil)
|
|
68
|
+
scope ||= Devise::Mapping.find_scope!(resource)
|
|
69
|
+
|
|
70
|
+
warden.instance_variable_get(:@users).delete(scope)
|
|
71
|
+
warden.session_serializer.store(resource, scope)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
# Sign out a given resource or scope by calling logout on Warden.
|
|
75
|
+
# This method bypass any warden logout callback.
|
|
76
|
+
#
|
|
77
|
+
# Examples:
|
|
78
|
+
#
|
|
79
|
+
# sign_out :user # sign_out(scope)
|
|
80
|
+
# sign_out @user # sign_out(resource)
|
|
81
|
+
#
|
|
82
|
+
def sign_out(resource_or_scope)
|
|
83
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
84
|
+
@controller.instance_variable_set(:"@current_#{scope}", nil)
|
|
85
|
+
user = warden.instance_variable_get(:@users).delete(scope)
|
|
86
|
+
warden.session_serializer.delete(scope, user)
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
protected
|
|
90
|
+
|
|
91
|
+
# Catch warden continuations and handle like the middleware would.
|
|
92
|
+
# Returns nil when interrupted, otherwise the normal result of the block.
|
|
93
|
+
def _catch_warden(&block)
|
|
94
|
+
result = catch(:warden, &block)
|
|
95
|
+
|
|
96
|
+
env = @controller.request.env
|
|
97
|
+
|
|
98
|
+
result ||= {}
|
|
99
|
+
|
|
100
|
+
# Set the response. In production, the rack result is returned
|
|
101
|
+
# from Warden::Manager#call, which the following is modelled on.
|
|
102
|
+
case result
|
|
103
|
+
when Array
|
|
104
|
+
if result.first == 401 && intercept_401?(env) # does this happen during testing?
|
|
105
|
+
_process_unauthenticated(env)
|
|
106
|
+
else
|
|
107
|
+
result
|
|
108
|
+
end
|
|
109
|
+
when Hash
|
|
110
|
+
_process_unauthenticated(env, result)
|
|
111
|
+
else
|
|
112
|
+
result
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
def _process_unauthenticated(env, options = {})
|
|
117
|
+
options[:action] ||= :unauthenticated
|
|
118
|
+
proxy = request.env['warden']
|
|
119
|
+
result = options[:result] || proxy.result
|
|
120
|
+
|
|
121
|
+
ret = case result
|
|
122
|
+
when :redirect
|
|
123
|
+
body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
|
|
124
|
+
[proxy.status, proxy.headers, [body]]
|
|
125
|
+
when :custom
|
|
126
|
+
proxy.custom_response
|
|
127
|
+
else
|
|
128
|
+
request.env["PATH_INFO"] = "/#{options[:action]}"
|
|
129
|
+
request.env["warden.options"] = options
|
|
130
|
+
Warden::Manager._run_callbacks(:before_failure, env, options)
|
|
131
|
+
|
|
132
|
+
status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
|
|
133
|
+
@controller.response.headers.merge!(headers)
|
|
134
|
+
@controller.status = status
|
|
135
|
+
@controller.response_body = response.body
|
|
136
|
+
nil # causes process return @response
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
# ensure that the controller response is set up. In production, this is
|
|
140
|
+
# not necessary since warden returns the results to rack. However, at
|
|
141
|
+
# testing time, we want the response to be available to the testing
|
|
142
|
+
# framework to verify what would be returned to rack.
|
|
143
|
+
if ret.is_a?(Array)
|
|
144
|
+
status, headers, body = *ret
|
|
145
|
+
# ensure the controller response is set to our response.
|
|
146
|
+
@controller.response ||= @response
|
|
147
|
+
@response.status = status
|
|
148
|
+
@response.headers.merge!(headers)
|
|
149
|
+
@response.body = body
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
ret
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
end
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
# Devise::Test::IntegrationHelpers is a helper module for facilitating
|
|
5
|
+
# authentication on Rails integration tests to bypass the required steps for
|
|
6
|
+
# signin in or signin out a record.
|
|
7
|
+
#
|
|
8
|
+
# Examples
|
|
9
|
+
#
|
|
10
|
+
# class PostsTest < ActionDispatch::IntegrationTest
|
|
11
|
+
# include Devise::Test::IntegrationHelpers
|
|
12
|
+
#
|
|
13
|
+
# test 'authenticated users can see posts' do
|
|
14
|
+
# sign_in users(:bob)
|
|
15
|
+
#
|
|
16
|
+
# get '/posts'
|
|
17
|
+
# assert_response :success
|
|
18
|
+
# end
|
|
19
|
+
# end
|
|
20
|
+
module Test
|
|
21
|
+
module IntegrationHelpers
|
|
22
|
+
def self.included(base)
|
|
23
|
+
base.class_eval do
|
|
24
|
+
include Warden::Test::Helpers
|
|
25
|
+
|
|
26
|
+
setup :setup_integration_for_devise
|
|
27
|
+
teardown :teardown_integration_for_devise
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Signs in a specific resource, mimicking a successful sign in
|
|
32
|
+
# operation through +Devise::SessionsController#create+.
|
|
33
|
+
#
|
|
34
|
+
# * +resource+ - The resource that should be authenticated
|
|
35
|
+
# * +scope+ - An optional +Symbol+ with the scope where the resource
|
|
36
|
+
# should be signed in with.
|
|
37
|
+
def sign_in(resource, scope: nil)
|
|
38
|
+
scope ||= Devise::Mapping.find_scope!(resource)
|
|
39
|
+
|
|
40
|
+
login_as(resource, scope: scope)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Signs out a specific scope from the session.
|
|
44
|
+
#
|
|
45
|
+
# * +resource_or_scope+ - The resource or scope that should be signed out.
|
|
46
|
+
def sign_out(resource_or_scope)
|
|
47
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
48
|
+
|
|
49
|
+
logout scope
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
protected
|
|
53
|
+
|
|
54
|
+
def setup_integration_for_devise
|
|
55
|
+
Warden.test_mode!
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def teardown_integration_for_devise
|
|
59
|
+
Warden.test_reset!
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "active_support/core_ext/module/delegation"
|
|
4
|
+
|
|
5
|
+
module Devise
|
|
6
|
+
class TimeInflector
|
|
7
|
+
include ActionView::Helpers::DateHelper
|
|
8
|
+
|
|
9
|
+
class << self
|
|
10
|
+
attr_reader :instance
|
|
11
|
+
delegate :time_ago_in_words, to: :instance
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
@instance = new
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'openssl'
|
|
4
|
+
|
|
5
|
+
module Devise
|
|
6
|
+
class TokenGenerator
|
|
7
|
+
def initialize(key_generator, digest = "SHA256")
|
|
8
|
+
@key_generator = key_generator
|
|
9
|
+
@digest = digest
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def digest(klass, column, value)
|
|
13
|
+
value.present? && OpenSSL::HMAC.hexdigest(@digest, key_for(column), value.to_s)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def generate(klass, column)
|
|
17
|
+
key = key_for(column)
|
|
18
|
+
|
|
19
|
+
loop do
|
|
20
|
+
raw = Devise.friendly_token
|
|
21
|
+
enc = OpenSSL::HMAC.hexdigest(@digest, key, raw)
|
|
22
|
+
break [raw, enc] unless klass.to_adapter.find_first({ column => enc })
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def key_for(column)
|
|
29
|
+
@key_generator.generate_key("Devise #{column}")
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|