Merge branch 'release/0.1.1'

Author: ejpcmac

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## v0.1.1
+
+* Encode the username in Base64 in the authentication cookie to allow it
+  contains dots
+
 ## v0.1.0
 
 * Login store specification

README.md

@@ -2,7 +2,7 @@
 
 [![hex.pm version](http://img.shields.io/hexpm/v/expected.svg?style=flat)](https://hex.pm/packages/expected)
 
-Expected is an Elixir module for login and session management. It enables
+Expected is an Elixir application for login and session management. It enables
 persistent logins through a cookie, following Barry Jaspan’s
 [Improved Persistent Login Cookie Best Practice](http://www.jaspan.com/improved_persistent_login_cookie_best_practice).
 It also provides an API to list and discard sessions.
@@ -12,7 +12,7 @@ It also provides an API to list and discard sessions.
 To use Expected in your app, add this to your dependencies:
 
 ```elixir
-{:expected, "~> 0.1.0"}
+{:expected, "~> 0.1.1"}
 ```
 
 ### Configuration

lib/expected.ex

@@ -537,7 +537,9 @@ defmodule Expected do
   defp put_auth_cookie(conn, login) do
     auth_cookie_name = conn.private.expected.auth_cookie
     max_age = conn.private.expected.cookie_max_age
-    auth_cookie = "#{login.username}.#{login.serial}.#{login.token}"
+
+    auth_cookie =
+      "#{Base.encode64(login.username)}.#{login.serial}.#{login.token}"
 
     put_resp_cookie(conn, auth_cookie_name, auth_cookie, max_age: max_age)
   end

lib/expected/plugs.ex

@@ -243,12 +243,11 @@ defmodule Expected.Plugs do
           {:ok, String.t(), String.t(), String.t()}
           | {:error, :invalid}
   defp parse_auth_cookie(auth_cookie) when is_binary(auth_cookie) do
-    case String.split(auth_cookie, ".") do
-      [user, serial, token] ->
-        {:ok, user, serial, token}
-
-      _ ->
-        {:error, :invalid}
+    with [encoded_user, serial, token] <- String.split(auth_cookie, "."),
+         {:ok, user} <- Base.decode64(encoded_user) do
+      {:ok, user, serial, token}
+    else
+      _ -> {:error, :invalid}
     end
   end
 

mix.exs

@@ -1,7 +1,7 @@
 defmodule Expected.Mixfile do
   use Mix.Project
 
-  @version "0.1.0"
+  @version "0.1.1"
   @repo_url "https://github.com/ejpcmac/expected"
 
   def project do
@@ -29,7 +29,7 @@ defmodule Expected.Mixfile do
         source_ref: "v#{@version}"
       ],
       package: package(),
-      description: "An Elixir module for login and session management."
+      description: "An Elixir application for login and session management."
     ]
   end
 

mix.lock

@@ -8,7 +8,7 @@
   "ex_unit_notifier": {:hex, :ex_unit_notifier, "0.1.4", "36a2dcab829f506e01bf17816590680dd1474407926d43e64c1263e627c364b8", [:mix], [], "hexpm"},
   "excoveralls": {:hex, :excoveralls, "0.8.0", "99d2691d3edf8612f128be3f9869c4d44b91c67cec92186ce49470ae7a7404cf", [:mix], [{:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: false]}, {:hackney, ">= 0.12.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"},
   "exjsx": {:hex, :exjsx, "4.0.0", "60548841e0212df401e38e63c0078ec57b33e7ea49b032c796ccad8cde794b5c", [:mix], [{:jsx, "~> 2.8.0", [hex: :jsx, repo: "hexpm", optional: false]}], "hexpm"},
-  "export_private": {:hex, :export_private, "1.0.0", "b5c312653fb6343aa97a0ccdd52bd975efc2934eb84c5d935c71a55beb8061ce", [], [], "hexpm"},
+  "export_private": {:hex, :export_private, "1.0.0", "b5c312653fb6343aa97a0ccdd52bd975efc2934eb84c5d935c71a55beb8061ce", [:mix], [], "hexpm"},
   "fs": {:hex, :fs, "0.9.2", "ed17036c26c3f70ac49781ed9220a50c36775c6ca2cf8182d123b6566e49ec59", [:rebar], [], "hexpm"},
   "hackney": {:hex, :hackney, "1.10.1", "c38d0ca52ea80254936a32c45bb7eb414e7a96a521b4ce76d00a69753b157f21", [:rebar3], [{:certifi, "2.0.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "5.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "1.0.2", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm"},
   "idna": {:hex, :idna, "5.1.0", "d72b4effeb324ad5da3cab1767cb16b17939004e789d8c0ad5b70f3cea20c89a", [:rebar3], [{:unicode_util_compat, "0.3.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm"},

test/expected/cleaner_test.exs

@@ -27,7 +27,7 @@ defmodule Expected.CleanerTest do
       # Wait for the cleaning to trigger.
       Process.sleep(1100)
 
-      assert MemoryStore.list_user_logins("user", @server) == [@login]
+      assert MemoryStore.list_user_logins(@username, @server) == [@login]
     end
 
     test "does not trigger login cleaning before timeout" do
@@ -38,7 +38,7 @@ defmodule Expected.CleanerTest do
       # Wait a millisecond to let the cleaner start.
       Process.sleep(1)
 
-      assert MemoryStore.list_user_logins("user", @server) == [
+      assert MemoryStore.list_user_logins(@username, @server) == [
                @login,
                @old_login
              ]

test/expected/plugs_test.exs

@@ -18,8 +18,12 @@ defmodule Expected.PlugsTest do
     table: @ets_table
   ]
 
-  @not_loaded_user %NotLoadedUser{username: "user"}
-  @auth_cookie_content "user.serial.token"
+  @not_loaded_user %NotLoadedUser{username: @username}
+
+  @encoded_username Base.encode64(@username)
+  @auth_cookie_content "#{@encoded_username}.#{@serial}.#{@token}"
+  @no_login_cookie "#{Base.encode64("some_user")}.some_serial.some_token"
+  @bad_token_cookie "#{@encoded_username}.#{@serial}.bad_token"
 
   setup do
     setup_stores()
@@ -82,7 +86,9 @@ defmodule Expected.PlugsTest do
         |> send_resp(:ok, "")
 
       assert [%Login{} = login] = MemoryStore.list_user_logins("user", @server)
-      assert conn.cookies[@auth_cookie] == "user.#{login.serial}.#{login.token}"
+
+      assert conn.cookies[@auth_cookie] ==
+               "#{Base.encode64(login.username)}.#{login.serial}.#{login.token}"
     end
 
     ## Configuration
@@ -263,14 +269,16 @@ defmodule Expected.PlugsTest do
         |> authenticate()
         |> send_resp(:ok, "")
 
-      [login] = MemoryStore.list_user_logins("user", @server)
+      [login] = MemoryStore.list_user_logins(@username, @server)
 
-      assert login.serial == @login.serial
-      assert login.token != @login.token
-      assert login.sid != @login.sid
+      assert login.serial == @serial
+      assert login.token != @token
+      assert login.sid != @sid
       assert login.created_at == @login.created_at
       assert login.last_login > @login.last_login
-      assert conn.cookies[@auth_cookie] == "user.#{login.serial}.#{login.token}"
+
+      assert conn.cookies[@auth_cookie] ==
+               "#{Base.encode64(login.username)}.#{login.serial}.#{login.token}"
     end
 
     test "deletes the old session from the store when authenticating from an
@@ -476,7 +484,7 @@ defmodule Expected.PlugsTest do
           login", %{conn: conn} do
       conn =
         conn
-        |> put_req_cookie(@auth_cookie, "some_user.some_serial.some_token")
+        |> put_req_cookie(@auth_cookie, @no_login_cookie)
         |> fetch_session()
         |> authenticate()
 
@@ -491,7 +499,7 @@ defmodule Expected.PlugsTest do
     } do
       conn =
         conn
-        |> put_req_cookie(@auth_cookie, "some_user.some_serial.some_token")
+        |> put_req_cookie(@auth_cookie, @no_login_cookie)
         |> fetch_session()
         |> authenticate()
         |> send_resp(:ok, "")
@@ -503,7 +511,7 @@ defmodule Expected.PlugsTest do
           expected one", %{conn: conn} do
       conn =
         conn
-        |> put_req_cookie(@auth_cookie, "user.serial.bad_token")
+        |> put_req_cookie(@auth_cookie, @bad_token_cookie)
         |> fetch_session()
         |> authenticate()
 
@@ -517,7 +525,7 @@ defmodule Expected.PlugsTest do
     test "deletes the auth_cookie if the token does not match", %{conn: conn} do
       conn =
         conn
-        |> put_req_cookie(@auth_cookie, "user.serial.bad_token")
+        |> put_req_cookie(@auth_cookie, @bad_token_cookie)
         |> fetch_session()
         |> authenticate()
         |> send_resp(:ok, "")
@@ -529,7 +537,7 @@ defmodule Expected.PlugsTest do
       conn: conn
     } do
       conn
-      |> put_req_cookie(@auth_cookie, "user.serial.bad_token")
+      |> put_req_cookie(@auth_cookie, @bad_token_cookie)
       |> fetch_session()
       |> authenticate()
 
@@ -563,14 +571,14 @@ defmodule Expected.PlugsTest do
     end
 
     test "deletes the session if there is valid auth_cookie", %{conn: conn} do
-      SessionStore.put(nil, "sid", %{"a" => "b"}, @ets_table)
+      SessionStore.put(nil, @sid, %{"a" => "b"}, @ets_table)
 
       conn
       |> put_req_cookie(@auth_cookie, @auth_cookie_content)
       |> fetch_session()
       |> logout()
 
-      assert SessionStore.get(nil, "sid", @ets_table) == {nil, %{}}
+      assert SessionStore.get(nil, @sid, @ets_table) == {nil, %{}}
     end
 
     test "deletes the auth cookie", %{conn: conn} do
@@ -587,7 +595,7 @@ defmodule Expected.PlugsTest do
     test "deletes the session cookie", %{conn: conn} do
       conn =
         conn
-        |> put_req_cookie(@session_cookie, "sid")
+        |> put_req_cookie(@session_cookie, @sid)
         |> put_req_cookie(@auth_cookie, @auth_cookie_content)
         |> fetch_session()
         |> logout()
@@ -614,7 +622,7 @@ defmodule Expected.PlugsTest do
     } do
       conn =
         conn
-        |> put_req_cookie(@auth_cookie, "some_user.some_serial.some_token")
+        |> put_req_cookie(@auth_cookie, @no_login_cookie)
         |> fetch_session()
         |> logout()
         |> send_resp(:ok, "")

test/expected_test.exs

@@ -15,7 +15,7 @@ defmodule ExpectedTest do
     :ok = MemoryStore.put(@other_login, @server)
 
     # Also put a valid session for @login.
-    SessionStore.put(nil, "sid", %{"a" => "b"}, @ets_table)
+    SessionStore.put(nil, @sid, %{"a" => "b"}, @ets_table)
 
     :ok
   end
@@ -42,20 +42,20 @@ defmodule ExpectedTest do
     setup [:with_login]
 
     test "lists logins for the given user" do
-      assert Expected.list_user_logins("user") == [@login]
+      assert Expected.list_user_logins(@username) == [@login]
     end
   end
 
   describe "delete_login/2" do
     setup [:with_login]
 
     test "deletes a login if it exists" do
-      assert :ok = Expected.delete_login("user", "serial")
-      assert {:error, :no_login} = MemoryStore.get("user", "serial", @server)
+      assert :ok = Expected.delete_login(@username, @serial)
+      assert {:error, :no_login} = MemoryStore.get(@username, @serial, @server)
     end
 
     test "deletes the session associated with the login if it exists" do
-      assert :ok = Expected.delete_login("user", "serial")
+      assert :ok = Expected.delete_login(@username, @serial)
       assert SessionStore.get(nil, "sid", @ets_table) == {nil, %{}}
     end
 
@@ -68,12 +68,12 @@ defmodule ExpectedTest do
     setup [:with_login]
 
     test "deletes all user logins for the given username" do
-      assert :ok = Expected.delete_all_user_logins("user")
-      assert MemoryStore.list_user_logins("user", @server) == []
+      assert :ok = Expected.delete_all_user_logins(@username)
+      assert MemoryStore.list_user_logins(@username, @server) == []
     end
 
     test "deletes the sessions associated with the logins if they exist" do
-      assert :ok = Expected.delete_all_user_logins("user")
+      assert :ok = Expected.delete_all_user_logins(@username)
       assert SessionStore.get(nil, "sid", @ets_table) == {nil, %{}}
     end
 
@@ -89,7 +89,7 @@ defmodule ExpectedTest do
       :ok = MemoryStore.put(@old_login, @server)
 
       assert :ok = Expected.clean_old_logins(@three_months)
-      assert MemoryStore.list_user_logins("user", @server) == [@login]
+      assert MemoryStore.list_user_logins(@username, @server) == [@login]
     end
 
     test "cleans the sessions associated with the old logins" do

test/support/expected_case.ex

@@ -21,11 +21,15 @@ defmodule Expected.Case do
       @four_months System.convert_time_unit(10_368_000, :seconds, :native)
       @four_months_ago @now - @four_months
 
+      @username "user"
+      @serial "serial"
+      @token "token"
+      @sid "sid"
       @login %Login{
-        username: "user",
-        serial: "serial",
-        token: "token",
-        sid: "sid",
+        username: @username,
+        serial: @serial,
+        token: @token,
+        sid: @sid,
         created_at: @now,
         last_login: @now,
         last_ip: {127, 0, 0, 1},