CI against Ruby 2.2.8/2.3.5/2.4.2

* add new ArgumentError for not defined user_class in config

* updated grammar

…orcery#89 (Sorcery#94)

Most users use BCrypt and don't change defaults, which means that the default value would be 10. That makes tests run slowly.

Setting the number of stretches in test env to 1 can decrease the test suite up to 2x times (although BCrypt minimal cost is 4, we can use 1 for SHA algorithms).

* Add magic login feature

* Use `.nil?` instead of `== nil`

* Prepare for setting up database

- create a migration file for spec
- create a spec to be run and a shared_expmple file

* Add configration tests

change the default of `@magic_login_mailer_disabled` into true because
 the default breaks the tests

* Change the configuration key, magic_login_mailer into magic_login_mailer_class

* Add specs of `.generate_magic_login_token`

* Add specs of `.clear_magic_login_token`

* Add faliure case specs of `.magic_login_email`

* Add success case specs of `.magic_login_email`

* Refactoring: split the success case of the `.generate_magic_login_token` spec into two

* Fix posix compliance offence: No newline at end of file

Another choice of implemention is like this:

```
@model.class.find_by(:"#{primary_key}" =>
@model.send(:"#{primary_key}")).update(attrs)
```

but for some reasons I don't adopt it.
First it makes 2 queries instead of one.
Secondly it has potential risk to race conditions.

Added PR Sorcery#99 and removed duplicate entry for PR Sorcery#100

* Add rubocop config and todo

* Update changelog.md

Sorcery#109)

* Add required version parameter when requesting user information from vk provider
[fix Sorcery#108]

Seems like now vk provider requires v (version) parameter to be present when calling their API:

```
curl -XGET https://api.vk.com/method/getProfiles\?user_id\=1
=> {"error":{"error_code":8,"error_msg":"Invalid request: v (version) is required","request_params":[{"key":"oauth","value":"1"},{"key":"method","value":"getProfiles"},{"key":"user_id","value":"1"}]}}

curl -XGET https://api.vk.com/method/getProfiles\?user_id\=1\&v\=5.71
{"response":[{"id":1,"first_name":"Павел","last_name":"Дуров"}]}
```

* Developer can specify vk API version in sorcery config
[Sorcery#108]

* Fix indentation

* Extract authorize with vk request stub into a method

* Add VK api version to the sorcery initializer template
[Sorcery#108]

* Update changelog.md

[CI] Test against Ruby 2.5

* Add access_count_to_reset_password_page to migration/reset_password.rb

* Add #increment_password_reset_page_access_counter and #reset_password_reset_page_access_counter.

* Add #increment_password_reset_page_access_counter and #reset_password_reset_page_access_counter

* Add test suites related to #increment_password_reset_page_access_counter and #reset_password_reset_page_access_counter.

* Refactor `#increment_password_reset_page_access_counter`

Change manual increment into using
Sorcery::Adapters::ActiveRecordAdapter.increment.

* Add the request spec helper method, #login_user.

* Fix codacy failure because of `Redundant `self` detected.`

Add CHANGELOG entries for Sorcery#56 and Sorcery#57

Rails 5.2 appears to have deprecations that break our test suite, and solving
the issue would take more time than I have available currently. Updating to
5.1 for now.

* Rails 5.2 support

* Fix specs for Rails 4

Sorcery::Generators::InstallGenerator::ActiveRecord is not defined
and the purpose of this guard is to know whether orm is ActiveRecord or not.
Therefore, return early when top-level ActiveRecord is not defined.

Rails API apps use the lighter alternative to ActionController::Base.
This adds support for injecting these helpers into either action
controller base class that the consuming application happens to inherit
from.

…rcery#130)

* send activation email after the commit in transactional databases

* extract callback_name to separate method

* fix typo in parameter

* disable transactional fixtures to be able to test after_commit

* Raise on failure when change_password!

…orcery#110)

* Add an opt in invalidate_activate_sessions!  method to session timeout

Spike on adding a configurable `invalid_active_sessions! method to the session_timeouts module. Configurable, but expects an `invalidate_sessions_before` timestamp column on user. Does not invalidate the session if `invalidate_sessions_before` is not set meaning that if it is deployed it won't log out currently logged in users.

* Add a test that you can login after calling `invalidate_active_sessions!`

There was concern that because `invalidate_sessions_before` is never cleared, there may be an issue where sessions would be cleared immediately after login. Add a spec to verify that sessions logged in after the `invalidate_sessions_before` timestamp can login and make additional requests without being cleared.

* Update the RREADME to document `invalidate_acitve_sessions!` method

* Move `invalidate_active_sessions!` method to no longer be protected

This method never should have been private as it was meant to be part of the public API if enabled

* Make the time check to invalidate the session more defensive

This would throw an error if session login_time and last_action_time were not set, be more defensive and default to current time if those values aren't set.

This fixes a conflict with attr_encrypted, making both gems work
in the same model.

This reverts commit ff46dc5.

When overriding the `#auto_login` method when implementing our own
session handling we never got passed the `should_remember` value from
the `#login` method.

The `Sorcery::Controller::Submodules::RememberMe` never used the value
of the `should_remember` arguments passed to the `#auto_login` method
and instead relied on a callback being executed.

This commits removes the callback and instead calls the `#remember_me!`
method from the `#auto_login` method instead.

Before, an unlimited session was created on login from cookie (remember me)
even if the SessionTimeout submodule was active. Logging in via the remember
me function will now correctly set the session timeout.

…orcery#147)

* demodulize added on authentication class name association name fetch

* changelog entry added for PR Sorcery#147

* Add missing `#` to changelog entry

* Remove gemnasium badge

* Add changelog.md entry

* Move changelog entries for recent pulls to HEAD instead of v0.12.0

* Add missing changelog entries for PRs since v0.12.0

* Add Instagram Provider

* Changed how scope is set

* Code style for unused method argument

* changed parse attr to read/write

* add facebook.parse to config

* Add changelog entry

* Remove `publish_actions` permission from template

* Add a change log entry for PR Sorcery#139

* fix rails injection

* only add helper_methods to ActionController::Base

* Remove jruby references

jruby was added previously, but never fully supported. Removing for now, pending
proper support.

* Match min ruby requirement with lowest tested ruby version

* Add maintainer to gemspec author list

* Update license to md format

* Remove excess whitespace

* Update rubocop ruby lock and regen TODO list

* Disable rubocop for migration files (breaks)

* Fix Bundler/OrderedGems

* Fix rails 6 deprecation warning

* Add missing newline

* Fix Gemspec/OrderedDependencies

* Fix Gemspec/RequiredRubyVersion and regen TODO

* Fix Layout/AlignHash

* Fix Layout/ClosingParenthesisIndentation

* Fix Layout/EmptyLineAfterGuardClause

* Fix Layout/EmptyLineBetweenDefs

* Fix Layout/EmptyLines

Fixed by last commit

* Fix Layout/EmptyLinesAroundArguments

* Fix Layout/EmptyLinesAroundBlockBody

* Fix Layout/EmptyLinesAroundClassBody

* Fixed Layout/EmptyLinesAroundModuleBody on previous commit

* Fix Layout/EndAlignment

* Fix Layout/ExtraSpacing

* Fix Layout/FirstParameterIndentation

* Fix Layout/IndentHash

* Fix Layout/MultilineMethodCallBraceLayout

* Fix Layout/MultilineMethodCallIndentation

* Fix Layout/MultilineOperationIndentation

* Fix Layout/SpaceAfterComma

* Fix Layout/SpaceAroundEqualsInParameterDefault

* Fix Layout/SpaceAroundOperators

* Fix Layout/SpaceBeforeBlockBraces

* Fix Layout/SpaceInsideBlockBraces

* Fix Layout/SpaceInsideHashLiteralBraces

* Fix Layout/TrailingBlankLines

* Fix Layout/TrailingWhitespace

* Fix Lint/AmbiguousBlockAssociation

* Fix Lint/AssignmentInCondition

* Fix Lint/DuplicateMethods

* Add rubocop to development dependencies

* Rails 4.1 has been released, remove rescue statement

* Fix Lint/HandleExceptions

* Fix Lint/NonLocalExitFromIterator

* Fix Lint/ParenthesesAsGroupedExpression

* Fix Lint/UnderscorePrefixedVariableName

* Fix Lint/UselessAssignment

* Fix Lint/Void - Found potentially broken specs for remember_me functionality

* Fix Naming/FileName

* Fix Style/AndOr

* Fix Style/BracesAroundHashParameters

* Add Github issue template

* Fix Style/TrailingCommaInHashLiteral

* Fix Style/TrailingCommaInArguments

* Fix Style/SymbolArray

* Fix Style/StringLiterals

* Fix Style/RescueStandardError

* Fix Style/RegexpLiteral

* Fix Style/RedundantSelf

* Fix Style/RedundantReturn

* Fix Style/RedundantParentheses

* Move harder to solve rubocop issues to prepare for 1.0.0

* Naming conventions will be fixed by rewrite in 1.0.0

* Fix Naming/MemoizedInstanceVariableName

* Naming conventions will be fixed by rewrite in 1.0.0

* Fix Style/PercentLiteralDelimiters

* Fix Style/ParenthesesAroundCondition

Fixed by previous commit

* Fix Style/NumericLiterals

* Fix Style/MutableConstant

* Fix Style/MultipleComparison

* Fix Style/IfUnlessModifier

Fixed on previous commit

* Fix Style/HashSyntax

* Fix Style/GuardClause

* Fix Style/FormatString

* Fix Style/ExpandPathArguments

* Fix Style/EvalWithLocation

* Fix Style/EmptyLiteral

* Disable Style/DoubleNegation

* Documentation will be fixed by rewrite in 1.0.0

* Fix Style/Dir

* Fix Style/ConditionalAssignment

Fixed by previous commit

* Fix Style/ClassAndModuleChildren

* Regenerate rubocop TODO

* Add maintainer to gemspec email list

…ler::Base (Sorcery#159)

* Add Auth0 provider to external

Used github/google providers as reference, as well as the Omniauth/Auth0
strategy.

* Add Auth0 initializer template

* Require new auth0 provider file

* Add specs for Auth0 provider

* Update Auth0 to use sub instead of user_id

https://community.auth0.com/t/authentication-api-userinfo-missing-the-user-id/8747/3

* Add 'sub' to spec hash to fix Auth0 specs

* Update changelog

Sorcery#171)

* Remove before_install entirely from travis.yml per @BanzaiMan feedback

* Fix version conflict with Rails 4 gemfiles

Rails 4 requires bundler <2.0, but Rails 4 is on the way out,
and Rails 6 is on the horizon. I think it makes sense to drop support
rather than fight the TravisCI configuration between versions.

* Update CHANGELOG.md

…#163)

* Fix engine initializer

* Update controller callbacks to safeguard against double inclusion

* Update sqlite3 dependency per TravisCI error

* Add magic_login to initializer comments

* Clean up initializer comments

* Add #change_password method to reset_password module.

Serves the same function as `#change_password!` but without raising exceptions on save. Useful for returning validation errors back to the view, for example, when `:password_confirmation` did not match `:password`.

* Update documentation.

* Rework tests per review comments.

* Clarify what's happening with save methods in specs.

* Introduce pepper option (currently available with BCrypt)

Before this change, config option 'salt_join_token' has been ignored
when BCrypt is chosen as crypto-provider (default).
This patch introduces its alternative option that allows users to add
app-specific secret token with BCrypt.
To ensure compatibility, this change only takes place when the new
option 'pepper' is provided, and does NOT affect on those who have
already set salt_join_token.

* fix typos and remove an unnecessary block

* add test to describe behaviors with empty-string pepper

* line provider
* require line provider
* spec
* fix response params
* set state
* fix spec

* Update changelog

* Update LinkedIn provider to use OAuth2 per v1 deprecation

* Update changelog

* Allow for custom providers with multi-word class names.

Currently sorcery will not handle custom providers with names like: ExampleProvider. config.example_provider would search for a class called Example_provider rather than ExampleProvider. Using .classify rather than .capitalize will fix this.

I've added an example provider implementation under the spec/support directory, and have a test that ensures that it is loaded properly via config. The existing tests for existing providers are also coming back with successes.

* Add spec to cover single-word custom providers

* Used user email address from LinkedIn

* Update example user_info_mapping in initializer

* Force r_emailaddress in @scope in linkedin provider

* Load email only if r_emailaddress is in scope

* Adjust initializers Linkedin comment

(previous code skipped XHR requests, but not all JSON requests are XHR)

* Use id instead of uid for VK provider

* fix specs

* Remove MySQL database creation call

* Add missing manifest.js file

* Wrong config folder...

* add discord provider
* add initializer comment
* add discord spec

* Calling ActionController::Base causes deprecation warnings due to autoloading.

ActionController::Base is autoloaded by Rails when called from the initializer in engine.rb which causes Rails 6 to raise deprecation warnings.

* Added an empty manifest.js for specs

The latest version of sprockets (4.0.0) now requires a manifest.js file in ‘app/assets/config/‘ or else an Exception is raised.

* Deprecate Ruby Versions <= 2.3.x

Per the following article, ruby versions 2.3 and below are deprecated:

https://www.ruby-lang.org/en/news/2019/03/31/support-of-ruby-2-3-has-ended/

Ruby 2.4 will also be deprecated and should be removed by March 31, 2020.

* Update Ruby 2.5.x to latest version (2.5.7)

* Fix typo

* Fix 'an' to 'a'

…thod instead of checking inheritance from `ActionMailer` (Sorcery#211)

* Check if mail object responds to delivery method

Instead of checking for an inheritance of ActionMailer::Base,
just see if the conffigure mailer and method respond to the configured
delivery method.

Since both the mailer and the willingniess to automatically send out
messages can be configured, the message should be send if it is
sendable, regardless of which Class the configured mailer inherits
from.

* Add empty mainifest.js to rails_app

Not having a manifest was causing issues running `bundle exec rake`
with sprockets 4.

)

The authenticate method previously would return before callbacks executed if an
invalid password was provided, which causes the brute force protection to only
work for the first lockout period, and only resets after a successful login.

Fixes Sorcery#231

Signed-off-by: Steven Hoffman <[email protected]>

* CI against Ruby 2.7

* Fix keyword arguments warnings on Ruby 2.7

It fixes codes to match method signatures in rails and bcrypt.

## See also

- https://github.com/rails/rails/blob/v6.0.3/activerecord/lib/active_record/persistence.rb#L469
- https://github.com/rails/rails/blob/v6.0.3/activemodel/lib/active_model/callbacks.rb
- https://github.com/codahale/bcrypt-ruby/blob/v3.1.13/lib/bcrypt/password.rb#L43

* Update CHANGELOG.md

Co-authored-by: Josh Buker <[email protected]>

* Cache bundler on Travis

* Add support for Rails 6

Since the usage of `MigrationContext` was changed in rails/rails#36439,
adds a branch to MigrationHelper.

We are loading 'rails/all' in our test code, it implicitly load action_text from Rails 6.
ActionText requires ApplicationController, adds it.
ref: https://github.com/rails/rails/blob/v6.0.3/actiontext/lib/action_text/engine.rb#L50

* Exclude Ruby 2.4 for Rails 6

Rails 6 does't support Ruby 2.4.
ref: rails/rails#34754

…ch as "ExampleNameSpace::User" parametere which will generate a table migration with "example_name_space_user" as the table name (Sorcery#237)

Remove issue notice, solid plan is in place now.

This is essentially 1:1 with Rubocop's Code of Conduct, which itself uses Ruby's
Code of Conduct as a base. It's minimal and easy to understand, which mirrors
the ethos of the Sorcery library itself.

* Add BattleNet Provider
* Add Changelog Info for BattleNet Provider
* Add  BattleNet Tests
* Fix Errors
* Fix Typo in Battlenet Provider
* Add Site config to initializer
* Fix Typo
* Remove conditional set of code arg