af-devise 2.1.2

data/test/models/token_authenticatable_test.rb

@@ -0,0 +1,55 @@
+require 'test_helper'
+
+class TokenAuthenticatableTest < ActiveSupport::TestCase
+
+  test 'should reset authentication token' do
+    user = new_user
+    user.reset_authentication_token
+    previous_token = user.authentication_token
+    user.reset_authentication_token
+    assert_not_equal previous_token, user.authentication_token
+  end
+
+  test 'should ensure authentication token' do
+    user = new_user
+    user.ensure_authentication_token
+    previous_token = user.authentication_token
+    user.ensure_authentication_token
+    assert_equal previous_token, user.authentication_token
+  end
+
+  test 'should authenticate a valid user with authentication token and return it' do
+    user = create_user
+    user.ensure_authentication_token!
+    user.confirm!
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)
+    assert_equal authenticated_user, user
+  end
+
+  test 'should return nil when authenticating an invalid user by authentication token' do
+    user = create_user
+    user.ensure_authentication_token!
+    user.confirm!
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)
+    assert_nil authenticated_user
+  end
+
+  test 'should not be subject to injection' do
+    user1 = create_user
+    user1.ensure_authentication_token!
+    user1.confirm!
+
+    user2 = create_user
+    user2.ensure_authentication_token!
+    user2.confirm!
+
+    user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})
+    assert_nil user
+  end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::TokenAuthenticatable.required_fields(User), [
+      :authentication_token
+    ]
+  end
+end

data/test/models/trackable_test.rb

@@ -0,0 +1,13 @@
+require 'test_helper'
+
+class TrackableTest < ActiveSupport::TestCase
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Trackable.required_fields(User), [
+      :current_sign_in_at,
+      :current_sign_in_ip,
+      :last_sign_in_at,
+      :last_sign_in_ip,
+      :sign_in_count
+    ]
+  end
+end

data/test/models/validatable_test.rb

@@ -0,0 +1,117 @@
+# encoding: UTF-8
+require 'test_helper'
+
+class ValidatableTest < ActiveSupport::TestCase
+  test 'should require email to be set' do
+    user = new_user(:email => nil)
+    assert user.invalid?
+    assert user.errors[:email]
+    assert_equal 'can\'t be blank', user.errors[:email].join
+  end
+
+  test 'should require uniqueness of email if email has changed, allowing blank' do
+    existing_user = create_user
+
+    user = new_user(:email => '')
+    assert user.invalid?
+    assert_no_match(/taken/, user.errors[:email].join)
+
+    user.email = existing_user.email
+    assert user.invalid?
+    assert_match(/taken/, user.errors[:email].join)
+
+    user.save(:validate => false)
+    assert user.valid?
+  end
+
+  test 'should require correct email format if email has changed, allowing blank' do
+    user = new_user(:email => '')
+    assert user.invalid?
+    assert_not_equal 'is invalid', user.errors[:email].join
+
+    %w{invalid_email_format 123 $$$ () ☃ bla@bla.}.each do |email|
+      user.email = email
+      assert user.invalid?, 'should be invalid with email ' << email
+      assert_equal 'is invalid', user.errors[:email].join
+    end
+
+    user.save(:validate => false)
+    assert user.valid?
+  end
+
+  test 'should accept valid emails' do
+    %w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test 1☃3@mail.test).each do |email|
+      user = new_user(:email => email)
+      assert user.valid?, 'should be valid with email ' << email
+      assert_blank user.errors[:email]
+    end
+  end
+
+  test 'should require password to be set when creating a new record' do
+    user = new_user(:password => '', :password_confirmation => '')
+    assert user.invalid?
+    assert_equal 'can\'t be blank', user.errors[:password].join
+  end
+
+  test 'should require confirmation to be set when creating a new record' do
+    user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
+    assert user.invalid?
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
+  end
+
+  test 'should require password when updating/reseting password' do
+    user = create_user
+
+    user.password = ''
+    user.password_confirmation = ''
+
+    assert user.invalid?
+    assert_equal 'can\'t be blank', user.errors[:password].join
+  end
+
+  test 'should require confirmation when updating/reseting password' do
+    user = create_user
+    user.password_confirmation = 'another_password'
+    assert user.invalid?
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
+  end
+
+  test 'should require a password with minimum of 6 characters' do
+    user = new_user(:password => '12345', :password_confirmation => '12345')
+    assert user.invalid?
+    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
+  end
+
+  test 'should require a password with maximum of 128 characters long' do
+    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
+    assert user.invalid?
+    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+  end
+
+  test 'should not require password length when it\'s not changed' do
+    user = create_user.reload
+    user.password = user.password_confirmation = nil
+    assert user.valid?
+
+    user.password_confirmation = 'confirmation'
+    assert user.invalid?
+    assert_not (user.errors[:password].join =~ /is too long/)
+  end
+
+  test 'should complain about length even if possword is not required' do
+    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
+    user.stubs(:password_required?).returns(false)
+    assert user.invalid?
+    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+  end
+
+  test 'should not be included in objects with invalid API' do
+    assert_raise RuntimeError do
+      Class.new.send :include, Devise::Models::Validatable
+    end
+  end
+
+  test 'required_fields should be an empty array' do
+    assert_equal Devise::Models::Validatable.required_fields(User), []
+  end
+end

data/test/models_test.rb

@@ -0,0 +1,179 @@
+require 'test_helper'
+
+class Configurable < User
+  devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
+         :stretches => 15, :pepper => 'abcdef', :allow_unconfirmed_access_for => 5.days,
+         :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
+end
+
+class WithValidation < Admin
+  devise :database_authenticatable, :validatable, :password_length => 2..6
+end
+
+class UserWithValidation < User
+  validates_presence_of :username
+end
+
+class Several < Admin
+  devise :validatable
+  devise :lockable
+end
+
+class Inheritable < Admin
+end
+
+class ActiveRecordTest < ActiveSupport::TestCase
+  def include_module?(klass, mod)
+    klass.devise_modules.include?(mod) &&
+      klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
+  end
+
+  def assert_include_modules(klass, *modules)
+    modules.each do |mod|
+      assert include_module?(klass, mod)
+    end
+
+    (Devise::ALL - modules).each do |mod|
+      assert_not include_module?(klass, mod)
+    end
+  end
+
+  test 'can cherry pick modules' do
+    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :confirmable
+  end
+
+  test 'validations options are not applied too late' do
+    validators = WithValidation.validators_on :password
+    length = validators.find { |v| v.kind == :length }
+    assert_equal 2, length.options[:minimum]
+    assert_equal 6, length.options[:maximum]
+  end
+
+  test 'validations are applied just once' do
+    validators = Several.validators_on :password
+    assert_equal 1, validators.select{ |v| v.kind == :length }.length
+  end
+
+  test 'chosen modules are inheritable' do
+    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :confirmable
+  end
+
+  test 'order of module inclusion' do
+    correct_module_order   = [:database_authenticatable, :recoverable, :registerable, :confirmable, :lockable, :timeoutable]
+    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :confirmable]
+
+    assert_include_modules Admin, *incorrect_module_order
+
+    # get module constants from symbol list
+    module_constants = correct_module_order.collect { |mod| Devise::Models::const_get(mod.to_s.classify) }
+
+    # confirm that they adhere to the order in ALL
+    # get included modules, filter out the noise, and reverse the order
+    assert_equal module_constants, (Admin.included_modules & module_constants).reverse
+  end
+
+  test 'raise error on invalid module' do
+    assert_raise NameError do
+      # Mix valid an invalid modules.
+      Configurable.class_eval { devise :database_authenticatable, :doesnotexit }
+    end
+  end
+
+  test 'set a default value for stretches' do
+    assert_equal 15, Configurable.stretches
+  end
+
+  test 'set a default value for pepper' do
+    assert_equal 'abcdef', Configurable.pepper
+  end
+
+  test 'set a default value for allow_unconfirmed_access_for' do
+    assert_equal 5.days, Configurable.allow_unconfirmed_access_for
+  end
+
+  test 'set a default value for remember_for' do
+    assert_equal 7.days, Configurable.remember_for
+  end
+
+  test 'set a default value for timeout_in' do
+    assert_equal 15.minutes, Configurable.timeout_in
+  end
+
+  test 'set a default value for unlock_in' do
+    assert_equal 10.days, Configurable.unlock_in
+  end
+
+  test 'set null fields on migrations' do
+    Admin.create!
+  end
+end
+
+class CheckFieldsTest < ActiveSupport::TestCase
+  test 'checks if the class respond_to the required fields' do
+    Player = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+
+      attr_accessor :encrypted_password, :email
+    end
+
+    assert_nothing_raised Devise::Models::MissingAttribute do
+      Devise::Models.check_fields!(Player)
+    end
+  end
+
+  test 'raises Devise::Models::MissingAtrribute and shows the missing attribute if the class doesn\'t respond_to one of the attributes' do
+    Clown = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+
+      attr_accessor :encrypted_password
+    end
+
+    assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: email" do
+      Devise::Models.check_fields!(Clown)
+    end
+  end
+
+  test 'raises Devise::Models::MissingAtrribute with all the missing attributes if there is more than one' do
+    Magician = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+    end
+
+    assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: encrypted_password, email" do
+      Devise::Models.check_fields!(Magician)
+    end
+  end
+
+  test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do
+    driver = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      attr_accessor :encrypted_password, :email
+
+      devise :database_authenticatable
+    end
+
+    swap_module_method_existence Devise::Models::DatabaseAuthenticatable, :required_fields do
+      assert_deprecated do
+        Devise::Models.check_fields!(driver)
+      end
+    end
+  end
+end

data/test/omniauth/config_test.rb

@@ -0,0 +1,57 @@
+require 'test_helper'
+
+class OmniAuthConfigTest < ActiveSupport::TestCase
+  class MyStrategy
+    include OmniAuth::Strategy
+  end
+
+  test 'strategy_name returns provider if no options given' do
+    config = Devise::OmniAuth::Config.new :facebook, [{}]
+    assert_equal :facebook, config.strategy_name
+  end
+
+  test 'strategy_name returns provider if no name option are given' do
+    config = Devise::OmniAuth::Config.new :facebook, [{ :other => :option }]
+    assert_equal :facebook, config.strategy_name
+  end
+
+  test 'returns name option when have a name' do
+    config = Devise::OmniAuth::Config.new :facebook, [{ :name => :github }]
+    assert_equal :github, config.strategy_name
+  end
+
+  test "finds contrib strategies" do
+    config = Devise::OmniAuth::Config.new :facebook, [{}]
+    assert_equal OmniAuth::Strategies::Facebook, config.strategy_class
+  end
+
+  test "finds the strategy in OmniAuth's list by name" do
+    NamedTestStrategy = Class.new
+    NamedTestStrategy.send :include, OmniAuth::Strategy
+    NamedTestStrategy.option :name, :the_one
+
+    config = Devise::OmniAuth::Config.new :the_one, [{}]
+    assert_equal NamedTestStrategy, config.strategy_class
+  end
+
+  test "finds the strategy in OmniAuth's list by class name" do
+    UnNamedTestStrategy = Class.new
+    UnNamedTestStrategy.send :include, OmniAuth::Strategy
+
+    config = Devise::OmniAuth::Config.new :un_named_test_strategy, [{}]
+    assert_equal UnNamedTestStrategy, config.strategy_class
+  end
+
+  test 'raises an error if strategy cannot be found' do
+    config = Devise::OmniAuth::Config.new :my_other_strategy, [{}]
+    assert_raise Devise::OmniAuth::StrategyNotFound do
+      config.strategy_class
+    end
+  end
+
+  test 'allows the user to define a custom require path' do
+    config = Devise::OmniAuth::Config.new :my_strategy, [{:strategy_class => MyStrategy}]
+    config_class = config.strategy_class
+    assert_equal MyStrategy, config_class
+  end
+end

data/test/omniauth/url_helpers_test.rb

@@ -0,0 +1,51 @@
+require 'test_helper'
+
+class OmniAuthRoutesTest < ActionController::TestCase
+  tests ApplicationController
+
+  def assert_path(action, provider, with_param=true)
+    # Resource param
+    assert_equal @controller.send(action, :user, provider),
+                 @controller.send("user_#{action}", provider)
+
+    # With an object
+    assert_equal @controller.send(action, User.new, provider),
+                 @controller.send("user_#{action}", provider)
+
+    if with_param
+      # Default url params
+      assert_equal @controller.send(action, :user, provider, :param => 123),
+                   @controller.send("user_#{action}", provider, :param => 123)
+    end
+  end
+
+  test 'should alias omniauth_callback to mapped user auth_callback' do
+    assert_path :omniauth_callback_path, :facebook
+  end
+
+  test 'should alias omniauth_authorize to mapped user auth_authorize' do
+    assert_path :omniauth_authorize_path, :facebook, false
+  end
+
+  test 'should generate authorization path' do
+    assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
+
+    assert_raise ActionController::RoutingError do
+      @controller.omniauth_authorize_path(:user, :github)
+    end
+  end
+
+  test 'should generate authorization path for named open_id omniauth' do
+    assert_match "/users/auth/google", @controller.omniauth_authorize_path(:user, :google)
+  end
+
+  test 'should generate authorization path with params' do
+    assert_match "/users/auth/openid?openid_url=http%3A%2F%2Fyahoo.com",
+                  @controller.omniauth_authorize_path(:user, :openid, :openid_url => "http://yahoo.com")
+  end
+
+  test 'should not add a "?" if no param was sent' do
+    assert_equal "/users/auth/openid",
+                  @controller.omniauth_authorize_path(:user, :openid)
+  end
+end