authpwn_rails 0.13.4 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.travis.yml +4 -2
- data/Gemfile +5 -5
- data/Gemfile.lock +47 -45
- data/Gemfile.rails3 +15 -0
- data/Gemfile.rails4 +15 -0
- data/VERSION +1 -1
- data/app/models/credentials/email.rb +35 -19
- data/app/models/credentials/facebook.rb +11 -9
- data/app/models/credentials/password.rb +7 -5
- data/app/models/tokens/base.rb +27 -14
- data/app/models/tokens/email_verification.rb +1 -1
- data/app/models/tokens/session_uid.rb +5 -5
- data/authpwn_rails.gemspec +15 -15
- data/lib/authpwn_rails/credential_model.rb +8 -6
- data/lib/authpwn_rails/expires.rb +1 -1
- data/lib/authpwn_rails/generators/templates/001_create_users.rb +4 -4
- data/lib/authpwn_rails/generators/templates/003_create_credentials.rb +8 -10
- data/lib/authpwn_rails/generators/templates/session/password_change.html.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller.rb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller_test.rb +9 -9
- data/lib/authpwn_rails/http_basic.rb +2 -2
- data/lib/authpwn_rails/routes.rb +18 -18
- data/lib/authpwn_rails/session.rb +3 -3
- data/lib/authpwn_rails/session_controller.rb +39 -25
- data/lib/authpwn_rails/session_mailer.rb +5 -5
- data/lib/authpwn_rails/test_extensions.rb +6 -6
- data/lib/authpwn_rails/user_extensions/email_field.rb +33 -16
- data/lib/authpwn_rails/user_extensions/facebook_fields.rb +1 -1
- data/lib/authpwn_rails/user_extensions/password_field.rb +17 -14
- data/lib/authpwn_rails/user_model.rb +9 -7
- data/test/cookie_controller_test.rb +22 -16
- data/test/credentials/facebook_credential_test.rb +17 -17
- data/test/credentials/password_credential_test.rb +1 -1
- data/test/credentials/password_reset_token_test.rb +1 -1
- data/test/credentials/session_uid_token_test.rb +1 -0
- data/test/credentials/token_crendential_test.rb +2 -4
- data/test/facebook_controller_test.rb +14 -14
- data/test/helpers/action_controller.rb +8 -0
- data/test/helpers/db_setup.rb +11 -9
- data/test/helpers/routes.rb +14 -9
- data/test/http_basic_controller_test.rb +35 -20
- data/test/routes_test.rb +18 -18
- data/test/session_controller_api_test.rb +76 -83
- data/test/test_helper.rb +4 -1
- data/test/user_extensions/email_field_test.rb +1 -1
- data/test/user_extensions/facebook_fields_test.rb +5 -5
- data/test/user_extensions/password_field_test.rb +2 -2
- metadata +14 -27
@@ -2,13 +2,13 @@ require File.expand_path('../test_helper', __FILE__)
|
|
2
2
|
|
3
3
|
# Mock controller used for testing session handling.
|
4
4
|
class CookieController < ApplicationController
|
5
|
-
authenticates_using_session :
|
5
|
+
authenticates_using_session except: :update
|
6
6
|
|
7
7
|
def show
|
8
8
|
if current_user
|
9
|
-
render :
|
9
|
+
render text: "User: #{current_user.id}"
|
10
10
|
else
|
11
|
-
render :
|
11
|
+
render text: "No user"
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
@@ -18,7 +18,7 @@ class CookieController < ApplicationController
|
|
18
18
|
else
|
19
19
|
set_session_current_user User.find_by_param(params[:exuid])
|
20
20
|
end
|
21
|
-
render :
|
21
|
+
render text: ''
|
22
22
|
end
|
23
23
|
|
24
24
|
def bouncer
|
@@ -44,8 +44,14 @@ class CookieControllerTest < ActionController::TestCase
|
|
44
44
|
get :show
|
45
45
|
assert_response :success
|
46
46
|
assert_equal @user, assigns(:current_user)
|
47
|
-
|
48
|
-
|
47
|
+
john_id = if defined? ActiveRecord::FixtureSet
|
48
|
+
# Rails 4
|
49
|
+
ActiveRecord::FixtureSet.identify :john
|
50
|
+
else
|
51
|
+
# Rails 3
|
52
|
+
ActiveRecord::Fixtures.identify :john
|
53
|
+
end
|
54
|
+
assert_equal "User: #{john_id}", response.body
|
49
55
|
end
|
50
56
|
|
51
57
|
test "valid suid in session does not refresh very recent session" do
|
@@ -89,7 +95,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
89
95
|
|
90
96
|
test "set_session_current_user creates new token by default" do
|
91
97
|
assert_difference 'Credential.count', 1 do
|
92
|
-
put :update, :
|
98
|
+
put :update, exuid: @user.exuid
|
93
99
|
end
|
94
100
|
assert_response :success
|
95
101
|
assert_not_equal @token.suid, request.session[:authpwn_suid]
|
@@ -102,7 +108,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
102
108
|
test "set_session_current_user reuses existing token when suitable" do
|
103
109
|
request.session[:authpwn_suid] = @token.suid
|
104
110
|
assert_no_difference 'Credential.count', 'existing token not reused' do
|
105
|
-
put :update, :
|
111
|
+
put :update, exuid: @user.exuid
|
106
112
|
end
|
107
113
|
assert_response :success
|
108
114
|
assert_equal @token.suid, request.session[:authpwn_suid]
|
@@ -117,7 +123,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
117
123
|
@token.updated_at = Time.now - 1.day
|
118
124
|
request.session[:authpwn_suid] = @token.suid
|
119
125
|
assert_no_difference 'Credential.count', 'existing token not reused' do
|
120
|
-
put :update, :
|
126
|
+
put :update, exuid: @user.exuid
|
121
127
|
end
|
122
128
|
assert_response :success
|
123
129
|
assert_operator @token.reload.updated_at, :>=, Time.now - 1.hour,
|
@@ -133,7 +139,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
133
139
|
@token.destroy
|
134
140
|
request.session[:authpwn_suid] = @token.suid
|
135
141
|
assert_difference 'Credential.count', 1, 'session token not created' do
|
136
|
-
put :update, :
|
142
|
+
put :update, exuid: @user.exuid
|
137
143
|
end
|
138
144
|
assert_response :success
|
139
145
|
assert_not_equal @token.suid, request.session[:authpwn_suid]
|
@@ -148,7 +154,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
148
154
|
request.session[:authpwn_suid] = old_token.suid
|
149
155
|
assert_no_difference 'Credential.count',
|
150
156
|
"old user's token not destroyed or no new token created" do
|
151
|
-
put :update, :
|
157
|
+
put :update, exuid: @user.exuid
|
152
158
|
end
|
153
159
|
assert_response :success
|
154
160
|
assert_nil Tokens::Base.with_code(old_token.suid).first,
|
@@ -166,7 +172,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
166
172
|
request.session[:authpwn_suid] = credentials(:jane_session_token).suid
|
167
173
|
assert_no_difference 'Credential.count',
|
168
174
|
"old user's token not destroyed or new user's token not created" do
|
169
|
-
put :update, :
|
175
|
+
put :update, exuid: @user.exuid
|
170
176
|
end
|
171
177
|
assert_response :success
|
172
178
|
assert_equal @user, assigns(:current_user)
|
@@ -179,7 +185,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
179
185
|
test "set_session_current_user logs off a user correctly" do
|
180
186
|
request.session[:authpwn_suid] = @token.suid
|
181
187
|
assert_difference 'Credential.count', -1, 'token not destroyed' do
|
182
|
-
put :update, :
|
188
|
+
put :update, exuid: ''
|
183
189
|
end
|
184
190
|
assert_response :success
|
185
191
|
assert_nil request.session[:authpwn_suid]
|
@@ -192,7 +198,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
192
198
|
|
193
199
|
test "set_session_current_user behaves when no user is logged off" do
|
194
200
|
assert_no_difference 'Credential.count' do
|
195
|
-
put :update, :
|
201
|
+
put :update, exuid: ''
|
196
202
|
end
|
197
203
|
assert_response :success
|
198
204
|
assert_nil request.session[:authpwn_suid]
|
@@ -209,7 +215,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
209
215
|
|
210
216
|
test "valid user_id bounced in json" do
|
211
217
|
request.session[:authpwn_suid] = @token.suid
|
212
|
-
get :bouncer, :
|
218
|
+
get :bouncer, format: 'json'
|
213
219
|
assert_response :ok
|
214
220
|
data = ActiveSupport::JSON.decode response.body
|
215
221
|
assert_match(/not allowed/i, data['error'])
|
@@ -225,7 +231,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
225
231
|
end
|
226
232
|
|
227
233
|
test "no user_id bounced in json" do
|
228
|
-
get :bouncer, :
|
234
|
+
get :bouncer, format: 'json'
|
229
235
|
assert_response :ok
|
230
236
|
data = ActiveSupport::JSON.decode response.body
|
231
237
|
assert_match(/sign in/i, data['error'])
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require File.expand_path('../../test_helper', __FILE__)
|
2
2
|
|
3
|
-
class FacebookCredentialTest < ActiveSupport::TestCase
|
3
|
+
class FacebookCredentialTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
5
|
@code = 'AAAEj8jKX2a8BAA4kNheRhOs6SlECVcZCE9o5pPKMytOjjoiNAoZBGZAwuL4KrrxXWesfJRhzDZCJiqrcQG3UdjRRNtyMJQMZD'
|
6
6
|
@credential = Credentials::Facebook.new
|
@@ -8,57 +8,57 @@ class FacebookCredentialTest < ActiveSupport::TestCase
|
|
8
8
|
@credential.key = 'AAAEj8jKX2a8BAOBMZCjxBe4dw7cRoD1JVxUgZAtB6ozJlR4Viazh6OAYcHB5kZAtUwgjpDy7a54ZA1DObLmBT9X99CLWYOj5Stqx8bHwnE7EzyBS1WxY'
|
9
9
|
@credential.user = users(:bill)
|
10
10
|
end
|
11
|
-
|
11
|
+
|
12
12
|
test 'setup' do
|
13
13
|
assert @credential.valid?
|
14
14
|
end
|
15
|
-
|
15
|
+
|
16
16
|
test 'key required' do
|
17
17
|
@credential.key = nil
|
18
18
|
assert !@credential.valid?
|
19
19
|
end
|
20
|
-
|
20
|
+
|
21
21
|
test 'user presence' do
|
22
22
|
@credential.user = nil
|
23
23
|
assert !@credential.valid?
|
24
24
|
end
|
25
|
-
|
25
|
+
|
26
26
|
test 'user uniqueness' do
|
27
27
|
@credential.user = users(:john)
|
28
28
|
assert !@credential.valid?
|
29
29
|
end
|
30
|
-
|
30
|
+
|
31
31
|
test 'facebook_uid uniqueness' do
|
32
32
|
@credential.facebook_uid = credentials(:jane_facebook).facebook_uid
|
33
33
|
assert !@credential.valid?
|
34
34
|
end
|
35
|
-
|
35
|
+
|
36
36
|
test "uid_from_token" do
|
37
37
|
assert_equal '1011950666', Credentials::Facebook.uid_from_token(@code)
|
38
38
|
end
|
39
39
|
|
40
40
|
test "for with existing access token" do
|
41
|
-
|
42
|
-
|
43
|
-
|
41
|
+
Credentials::Facebook.expects(:uid_from_token).with(@code).at_least_once.
|
42
|
+
returns(credentials(:jane_facebook).facebook_uid)
|
43
|
+
|
44
44
|
assert_equal credentials(:jane_facebook), Credentials::Facebook.for(@code),
|
45
45
|
'Wrong token'
|
46
46
|
assert_equal @code, credentials(:jane_facebook).reload.key,
|
47
47
|
'Token not refreshed'
|
48
48
|
end
|
49
|
-
|
49
|
+
|
50
50
|
test "for with new access token" do
|
51
51
|
credential = nil
|
52
|
-
|
53
|
-
with(@credential.key).
|
54
|
-
assert_difference 'Credentials::Facebook.count', 1 do
|
52
|
+
Credentials::Facebook.expects(:uid_from_token).at_least_once.
|
53
|
+
with(@credential.key).returns('123456789')
|
54
|
+
assert_difference 'Credentials::Facebook.count', 1 do
|
55
55
|
credential = Credentials::Facebook.for @credential.key
|
56
56
|
end
|
57
|
-
assert_equal '123456789', credential.facebook_uid
|
57
|
+
assert_equal '123456789', credential.facebook_uid
|
58
58
|
assert_equal @credential.key, credential.key
|
59
59
|
assert !credential.new_record?, 'New credential not saved'
|
60
60
|
assert !credential.user.new_record?, "New credential's user not saved"
|
61
61
|
assert_operator credential.user.credentials, :include?, credential,
|
62
|
-
"New user's credentials does not include Facebook credential"
|
63
|
-
end
|
62
|
+
"New user's credentials does not include Facebook credential"
|
63
|
+
end
|
64
64
|
end
|
@@ -70,7 +70,7 @@ class PasswordCredentialTest < ActiveSupport::TestCase
|
|
70
70
|
|
71
71
|
test 'authenticate calls User#auth_bounce_reason' do
|
72
72
|
user = @credential.user
|
73
|
-
|
73
|
+
user.expects(:auth_bounce_reason).at_least_once.returns(:reason)
|
74
74
|
@credential.updated_at = Time.now
|
75
75
|
assert_equal :reason, @credential.authenticate('awesome')
|
76
76
|
assert_equal :invalid, @credential.authenticate('not awesome')
|
@@ -46,7 +46,7 @@ class PasswordVerificationTokenTest < ActiveSupport::TestCase
|
|
46
46
|
end
|
47
47
|
end
|
48
48
|
assert credential.frozen?, 'not destroyed'
|
49
|
-
assert_nil Credential.where(:
|
49
|
+
assert_nil Credential.where(id: password_credential.id).first,
|
50
50
|
'password not blanked out'
|
51
51
|
end
|
52
52
|
|
@@ -90,8 +90,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
|
|
90
90
|
|
91
91
|
Tokens::Base.all.each do |token|
|
92
92
|
token.updated_at = Time.now - 1.year
|
93
|
-
|
94
|
-
and_return 1.week
|
93
|
+
token.class.stubs(:expires_after).returns 1.week
|
95
94
|
token.save!
|
96
95
|
end
|
97
96
|
assert_difference 'Credential.count', -1,
|
@@ -127,8 +126,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
|
|
127
126
|
token = Tokens::Base.with_code(credentials(:jane_token).code).first
|
128
127
|
token.updated_at = Time.now - 1.year
|
129
128
|
token.save!
|
130
|
-
|
131
|
-
zero_or_more_times.and_return 1.week
|
129
|
+
token.class.stubs(:expires_after).returns 1.week
|
132
130
|
assert_equal :invalid, token.authenticate,
|
133
131
|
'expired token'
|
134
132
|
assert_nil Tokens::Base.with_code(credentials(:jane_token).code).first,
|
@@ -5,12 +5,12 @@ class FacebookController < ApplicationController
|
|
5
5
|
authenticates_using_session
|
6
6
|
probes_facebook_access_token
|
7
7
|
authenticates_using_facebook
|
8
|
-
|
8
|
+
|
9
9
|
def show
|
10
10
|
if current_user
|
11
|
-
render :
|
11
|
+
render text: "User: #{current_user.id}"
|
12
12
|
else
|
13
|
-
render :
|
13
|
+
render text: "No user"
|
14
14
|
end
|
15
15
|
end
|
16
16
|
end
|
@@ -24,11 +24,11 @@ class FacebookControllerTest < ActionController::TestCase
|
|
24
24
|
@old_user_class = ::User
|
25
25
|
Object.send :remove_const, :User
|
26
26
|
::User = UserWithFb2
|
27
|
-
|
27
|
+
|
28
28
|
@user = users(:john)
|
29
29
|
@new_token = 'facebook:new_token|boom'
|
30
30
|
end
|
31
|
-
|
31
|
+
|
32
32
|
teardown do
|
33
33
|
Object.send :remove_const, :User
|
34
34
|
::User = @old_user_class
|
@@ -39,27 +39,27 @@ class FacebookControllerTest < ActionController::TestCase
|
|
39
39
|
assert_response :success
|
40
40
|
assert_nil assigns(:current_user)
|
41
41
|
end
|
42
|
-
|
42
|
+
|
43
43
|
test "facebook token for existing user" do
|
44
|
-
|
44
|
+
Credentials::Facebook.expects(:uid_from_token).at_least_once.
|
45
45
|
with(credentials(:john_facebook).key).
|
46
|
-
|
46
|
+
returns(credentials(:john_facebook).facebook_uid)
|
47
47
|
set_session_current_facebook_token credentials(:john_facebook).key
|
48
48
|
get :show, {}
|
49
49
|
assert_response :success
|
50
50
|
assert_equal @user, assigns(:current_user)
|
51
51
|
end
|
52
|
-
|
53
|
-
test "new facebook token" do
|
52
|
+
|
53
|
+
test "new facebook token" do
|
54
54
|
set_session_current_facebook_token @new_token
|
55
|
-
|
56
|
-
with(@new_token).
|
55
|
+
Credentials::Facebook.expects(:uid_from_token).at_least_once.
|
56
|
+
with(@new_token).returns('12345678')
|
57
57
|
get :show, {}
|
58
58
|
assert_response :success
|
59
59
|
assert_not_equal @user, assigns(:current_user)
|
60
60
|
end
|
61
|
-
|
61
|
+
|
62
62
|
test "auth_controller? is false" do
|
63
63
|
assert_equal false, @controller.auth_controller?
|
64
|
-
end
|
64
|
+
end
|
65
65
|
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
if defined?(ActionController::Parameters) &&
|
2
|
+
ActionController::Parameters.respond_to?(
|
3
|
+
:action_on_unpermitted_parameters=)
|
4
|
+
# Rails 4.
|
5
|
+
|
6
|
+
# Raise exceptions so we can test against them.
|
7
|
+
ActionController::Parameters.action_on_unpermitted_parameters = :raise
|
8
|
+
end
|
data/test/helpers/db_setup.rb
CHANGED
@@ -6,25 +6,27 @@ when /mysql/i
|
|
6
6
|
end
|
7
7
|
|
8
8
|
`mysql -u root -e "DROP DATABASE IF EXISTS plugin_dev; #{create_sql}"`
|
9
|
-
ActiveRecord::Base.establish_connection :
|
10
|
-
:
|
9
|
+
ActiveRecord::Base.establish_connection adapter: 'mysql2',
|
10
|
+
database: 'plugin_dev', username: 'root', password: ''
|
11
11
|
when /pg/i
|
12
12
|
pg_user = ENV['DB_USER'] || ENV['USER']
|
13
13
|
`psql -U #{pg_user} -d postgres -c "DROP DATABASE IF EXISTS plugin_dev;"`
|
14
14
|
`psql -U #{pg_user} -d postgres -c "CREATE DATABASE plugin_dev;"`
|
15
|
-
ActiveRecord::Base.establish_connection :
|
16
|
-
:
|
15
|
+
ActiveRecord::Base.establish_connection adapter: 'postgresql',
|
16
|
+
database: 'plugin_dev', username: pg_user, password: ''
|
17
17
|
else
|
18
|
-
ActiveRecord::Base.establish_connection :
|
19
|
-
:
|
18
|
+
ActiveRecord::Base.establish_connection adapter: 'sqlite3',
|
19
|
+
database: ':memory:'
|
20
20
|
end
|
21
21
|
|
22
22
|
class ActiveRecord::Base
|
23
23
|
self.configurations = true
|
24
|
-
|
24
|
+
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
25
|
+
self.mass_assignment_sanitizer = :strict
|
25
26
|
|
26
|
-
|
27
|
-
|
27
|
+
# Hacky equivalent to config.active_record.whitelist_attributes = true
|
28
|
+
attr_accessible
|
29
|
+
end
|
28
30
|
end
|
29
31
|
|
30
32
|
ActiveRecord::Migration.verbose = false
|
data/test/helpers/routes.rb
CHANGED
@@ -1,23 +1,28 @@
|
|
1
1
|
# :nodoc: the routes used in all tests
|
2
2
|
class ActionController::TestCase
|
3
3
|
def setup_routes
|
4
|
-
|
4
|
+
if defined? ActionDispatch::Routing
|
5
|
+
# Rails 4.
|
6
|
+
@routes = ActionDispatch::Routing::RouteSet.new
|
7
|
+
else
|
8
|
+
# Rails 3.
|
9
|
+
@routes = ActionController::Routing::RouteSet.new
|
10
|
+
end
|
5
11
|
@routes.draw do
|
6
|
-
resource :cookie, :
|
12
|
+
resource :cookie, controller: 'cookie' do
|
7
13
|
collection do
|
8
14
|
get :bouncer
|
9
15
|
put :update
|
10
16
|
end
|
11
17
|
end
|
12
|
-
resource :http_basic, :
|
18
|
+
resource :http_basic, controller: 'http_basic' do
|
13
19
|
collection { get :bouncer }
|
14
20
|
end
|
15
|
-
resource :facebook, :
|
16
|
-
authpwn_session :
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
root :to => 'session#index'
|
21
|
+
resource :facebook, controller: 'facebook'
|
22
|
+
authpwn_session controller: 'bare_session', method_names: 'bare_session'
|
23
|
+
authpwn_session controller: 'bare_session2',
|
24
|
+
method_names: 'bare_session2'
|
25
|
+
root to: 'session#index'
|
21
26
|
|
22
27
|
# NOTE: this route should be kept in sync with the session template.
|
23
28
|
authpwn_session
|
@@ -3,15 +3,15 @@ require File.expand_path('../test_helper', __FILE__)
|
|
3
3
|
# Mock controller used for testing session handling.
|
4
4
|
class HttpBasicController < ApplicationController
|
5
5
|
authenticates_using_http_basic
|
6
|
-
|
6
|
+
|
7
7
|
def show
|
8
8
|
if current_user
|
9
|
-
render :
|
9
|
+
render text: "User: #{current_user.id}"
|
10
10
|
else
|
11
|
-
render :
|
11
|
+
render text: "No user"
|
12
12
|
end
|
13
13
|
end
|
14
|
-
|
14
|
+
|
15
15
|
def bouncer
|
16
16
|
bounce_to_http_basic
|
17
17
|
end
|
@@ -28,7 +28,7 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
28
28
|
assert_nil assigns(:current_user)
|
29
29
|
assert_equal 'No user', response.body
|
30
30
|
end
|
31
|
-
|
31
|
+
|
32
32
|
test "valid user_id in session cookie" do
|
33
33
|
set_session_current_user @user
|
34
34
|
get :show
|
@@ -41,8 +41,13 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
41
41
|
set_http_basic_user @user, 'pa55w0rd'
|
42
42
|
get :show
|
43
43
|
assert_equal @user, assigns(:current_user)
|
44
|
-
|
45
|
-
|
44
|
+
|
45
|
+
jane_id = if defined? ActiveRecord::FixtureSet
|
46
|
+
ActiveRecord::FixtureSet.identify :jane
|
47
|
+
else
|
48
|
+
ActiveRecord::Fixtures.identify :jane
|
49
|
+
end
|
50
|
+
assert_equal "User: #{jane_id}", response.body
|
46
51
|
end
|
47
52
|
|
48
53
|
test "invalid user credentials in header" do
|
@@ -53,15 +58,20 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
53
58
|
end
|
54
59
|
|
55
60
|
test "uses User.authenticate_signin" do
|
56
|
-
|
57
|
-
with('jane@gmail.com', 'fail').
|
61
|
+
User.expects(:authenticate_signin).at_least_once.
|
62
|
+
with('jane@gmail.com', 'fail').returns @user
|
58
63
|
set_http_basic_user @user, 'fail'
|
59
64
|
get :show
|
60
65
|
assert_equal @user, assigns(:current_user)
|
61
|
-
|
62
|
-
|
66
|
+
|
67
|
+
jane_id = if defined? ActiveRecord::FixtureSet
|
68
|
+
ActiveRecord::FixtureSet.identify :jane
|
69
|
+
else
|
70
|
+
ActiveRecord::Fixtures.identify :jane
|
71
|
+
end
|
72
|
+
assert_equal "User: #{jane_id}", response.body
|
63
73
|
end
|
64
|
-
|
74
|
+
|
65
75
|
|
66
76
|
test "reset user credentials in header" do
|
67
77
|
set_http_basic_user @user, 'pa55w0rd'
|
@@ -75,16 +85,21 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
75
85
|
set_http_basic_user @user
|
76
86
|
get :show
|
77
87
|
assert_equal @user, assigns(:current_user)
|
78
|
-
|
79
|
-
|
88
|
+
|
89
|
+
jane_id = if defined? ActiveRecord::FixtureSet
|
90
|
+
ActiveRecord::FixtureSet.identify :jane
|
91
|
+
else
|
92
|
+
ActiveRecord::Fixtures.identify :jane
|
93
|
+
end
|
94
|
+
assert_equal "User: #{jane_id}", response.body
|
80
95
|
end
|
81
|
-
|
96
|
+
|
82
97
|
test "invalid user_pid in session" do
|
83
|
-
get :show, {}, :
|
98
|
+
get :show, {}, current_user_pid: 'random@user.com'
|
84
99
|
assert_response :success
|
85
100
|
assert_nil assigns(:current_user)
|
86
101
|
end
|
87
|
-
|
102
|
+
|
88
103
|
test "valid user bounced to http authentication" do
|
89
104
|
set_http_basic_user @user
|
90
105
|
get :bouncer
|
@@ -95,12 +110,12 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
95
110
|
|
96
111
|
test "valid user bounced in json" do
|
97
112
|
set_http_basic_user @user
|
98
|
-
get :bouncer, :
|
113
|
+
get :bouncer, format: 'json'
|
99
114
|
assert_response :ok
|
100
115
|
data = ActiveSupport::JSON.decode response.body
|
101
116
|
assert_match(/not allowed/i, data['error'])
|
102
117
|
end
|
103
|
-
|
118
|
+
|
104
119
|
test "no user_id bounced to http authentication" do
|
105
120
|
get :bouncer
|
106
121
|
assert_response :unauthorized
|
@@ -109,7 +124,7 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
109
124
|
end
|
110
125
|
|
111
126
|
test "no user_id bounced in json" do
|
112
|
-
get :bouncer, :
|
127
|
+
get :bouncer, format: 'json'
|
113
128
|
assert_response :unauthorized
|
114
129
|
assert_equal 'Basic realm="Application"',
|
115
130
|
response.headers['WWW-Authenticate']
|
data/test/routes_test.rb
CHANGED
@@ -7,25 +7,25 @@ class RoutesTest < ActionController::TestCase
|
|
7
7
|
tests SessionController
|
8
8
|
|
9
9
|
test "authpwn_session routes" do
|
10
|
-
assert_routing({:
|
11
|
-
{:
|
12
|
-
assert_routing({:
|
13
|
-
{:
|
14
|
-
assert_routing({:
|
15
|
-
{:
|
16
|
-
assert_routing({:
|
17
|
-
{:
|
18
|
-
assert_routing({:
|
19
|
-
{:
|
20
|
-
assert_routing({:
|
21
|
-
{:
|
22
|
-
assert_routing({:
|
23
|
-
{:
|
24
|
-
assert_routing({:
|
25
|
-
{:
|
10
|
+
assert_routing({path: "/session", method: :get},
|
11
|
+
{controller: 'session', action: 'show'})
|
12
|
+
assert_routing({path: "/session/new", method: :get},
|
13
|
+
{controller: 'session', action: 'new'})
|
14
|
+
assert_routing({path: "/session", method: :post},
|
15
|
+
{controller: 'session', action: 'create'})
|
16
|
+
assert_routing({path: "/session", method: :delete},
|
17
|
+
{controller: 'session', action: 'destroy'})
|
18
|
+
assert_routing({path: "/session", method: :delete},
|
19
|
+
{controller: 'session', action: 'destroy'})
|
20
|
+
assert_routing({path: "/session/change_password", method: :get},
|
21
|
+
{controller: 'session', action: 'password_change'})
|
22
|
+
assert_routing({path: "/session/change_password", method: :post},
|
23
|
+
{controller: 'session', action: 'change_password'})
|
24
|
+
assert_routing({path: "/session/reset_password", method: :post},
|
25
|
+
{controller: 'session', action: 'reset_password'})
|
26
26
|
|
27
27
|
code = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
|
28
|
-
assert_routing({:
|
29
|
-
{:
|
28
|
+
assert_routing({path: "/session/token/#{code}", method: :get},
|
29
|
+
{controller: 'session', action: 'token', code: code})
|
30
30
|
end
|
31
31
|
end
|