authpwn_rails 0.13.4 → 0.14.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +4 -2
- data/Gemfile +5 -5
- data/Gemfile.lock +47 -45
- data/Gemfile.rails3 +15 -0
- data/Gemfile.rails4 +15 -0
- data/VERSION +1 -1
- data/app/models/credentials/email.rb +35 -19
- data/app/models/credentials/facebook.rb +11 -9
- data/app/models/credentials/password.rb +7 -5
- data/app/models/tokens/base.rb +27 -14
- data/app/models/tokens/email_verification.rb +1 -1
- data/app/models/tokens/session_uid.rb +5 -5
- data/authpwn_rails.gemspec +15 -15
- data/lib/authpwn_rails/credential_model.rb +8 -6
- data/lib/authpwn_rails/expires.rb +1 -1
- data/lib/authpwn_rails/generators/templates/001_create_users.rb +4 -4
- data/lib/authpwn_rails/generators/templates/003_create_credentials.rb +8 -10
- data/lib/authpwn_rails/generators/templates/session/password_change.html.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller.rb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller_test.rb +9 -9
- data/lib/authpwn_rails/http_basic.rb +2 -2
- data/lib/authpwn_rails/routes.rb +18 -18
- data/lib/authpwn_rails/session.rb +3 -3
- data/lib/authpwn_rails/session_controller.rb +39 -25
- data/lib/authpwn_rails/session_mailer.rb +5 -5
- data/lib/authpwn_rails/test_extensions.rb +6 -6
- data/lib/authpwn_rails/user_extensions/email_field.rb +33 -16
- data/lib/authpwn_rails/user_extensions/facebook_fields.rb +1 -1
- data/lib/authpwn_rails/user_extensions/password_field.rb +17 -14
- data/lib/authpwn_rails/user_model.rb +9 -7
- data/test/cookie_controller_test.rb +22 -16
- data/test/credentials/facebook_credential_test.rb +17 -17
- data/test/credentials/password_credential_test.rb +1 -1
- data/test/credentials/password_reset_token_test.rb +1 -1
- data/test/credentials/session_uid_token_test.rb +1 -0
- data/test/credentials/token_crendential_test.rb +2 -4
- data/test/facebook_controller_test.rb +14 -14
- data/test/helpers/action_controller.rb +8 -0
- data/test/helpers/db_setup.rb +11 -9
- data/test/helpers/routes.rb +14 -9
- data/test/http_basic_controller_test.rb +35 -20
- data/test/routes_test.rb +18 -18
- data/test/session_controller_api_test.rb +76 -83
- data/test/test_helper.rb +4 -1
- data/test/user_extensions/email_field_test.rb +1 -1
- data/test/user_extensions/facebook_fields_test.rb +5 -5
- data/test/user_extensions/password_field_test.rb +2 -2
- metadata +14 -27
@@ -2,13 +2,13 @@ require File.expand_path('../test_helper', __FILE__)
|
|
2
2
|
|
3
3
|
# Mock controller used for testing session handling.
|
4
4
|
class CookieController < ApplicationController
|
5
|
-
authenticates_using_session :
|
5
|
+
authenticates_using_session except: :update
|
6
6
|
|
7
7
|
def show
|
8
8
|
if current_user
|
9
|
-
render :
|
9
|
+
render text: "User: #{current_user.id}"
|
10
10
|
else
|
11
|
-
render :
|
11
|
+
render text: "No user"
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
@@ -18,7 +18,7 @@ class CookieController < ApplicationController
|
|
18
18
|
else
|
19
19
|
set_session_current_user User.find_by_param(params[:exuid])
|
20
20
|
end
|
21
|
-
render :
|
21
|
+
render text: ''
|
22
22
|
end
|
23
23
|
|
24
24
|
def bouncer
|
@@ -44,8 +44,14 @@ class CookieControllerTest < ActionController::TestCase
|
|
44
44
|
get :show
|
45
45
|
assert_response :success
|
46
46
|
assert_equal @user, assigns(:current_user)
|
47
|
-
|
48
|
-
|
47
|
+
john_id = if defined? ActiveRecord::FixtureSet
|
48
|
+
# Rails 4
|
49
|
+
ActiveRecord::FixtureSet.identify :john
|
50
|
+
else
|
51
|
+
# Rails 3
|
52
|
+
ActiveRecord::Fixtures.identify :john
|
53
|
+
end
|
54
|
+
assert_equal "User: #{john_id}", response.body
|
49
55
|
end
|
50
56
|
|
51
57
|
test "valid suid in session does not refresh very recent session" do
|
@@ -89,7 +95,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
89
95
|
|
90
96
|
test "set_session_current_user creates new token by default" do
|
91
97
|
assert_difference 'Credential.count', 1 do
|
92
|
-
put :update, :
|
98
|
+
put :update, exuid: @user.exuid
|
93
99
|
end
|
94
100
|
assert_response :success
|
95
101
|
assert_not_equal @token.suid, request.session[:authpwn_suid]
|
@@ -102,7 +108,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
102
108
|
test "set_session_current_user reuses existing token when suitable" do
|
103
109
|
request.session[:authpwn_suid] = @token.suid
|
104
110
|
assert_no_difference 'Credential.count', 'existing token not reused' do
|
105
|
-
put :update, :
|
111
|
+
put :update, exuid: @user.exuid
|
106
112
|
end
|
107
113
|
assert_response :success
|
108
114
|
assert_equal @token.suid, request.session[:authpwn_suid]
|
@@ -117,7 +123,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
117
123
|
@token.updated_at = Time.now - 1.day
|
118
124
|
request.session[:authpwn_suid] = @token.suid
|
119
125
|
assert_no_difference 'Credential.count', 'existing token not reused' do
|
120
|
-
put :update, :
|
126
|
+
put :update, exuid: @user.exuid
|
121
127
|
end
|
122
128
|
assert_response :success
|
123
129
|
assert_operator @token.reload.updated_at, :>=, Time.now - 1.hour,
|
@@ -133,7 +139,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
133
139
|
@token.destroy
|
134
140
|
request.session[:authpwn_suid] = @token.suid
|
135
141
|
assert_difference 'Credential.count', 1, 'session token not created' do
|
136
|
-
put :update, :
|
142
|
+
put :update, exuid: @user.exuid
|
137
143
|
end
|
138
144
|
assert_response :success
|
139
145
|
assert_not_equal @token.suid, request.session[:authpwn_suid]
|
@@ -148,7 +154,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
148
154
|
request.session[:authpwn_suid] = old_token.suid
|
149
155
|
assert_no_difference 'Credential.count',
|
150
156
|
"old user's token not destroyed or no new token created" do
|
151
|
-
put :update, :
|
157
|
+
put :update, exuid: @user.exuid
|
152
158
|
end
|
153
159
|
assert_response :success
|
154
160
|
assert_nil Tokens::Base.with_code(old_token.suid).first,
|
@@ -166,7 +172,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
166
172
|
request.session[:authpwn_suid] = credentials(:jane_session_token).suid
|
167
173
|
assert_no_difference 'Credential.count',
|
168
174
|
"old user's token not destroyed or new user's token not created" do
|
169
|
-
put :update, :
|
175
|
+
put :update, exuid: @user.exuid
|
170
176
|
end
|
171
177
|
assert_response :success
|
172
178
|
assert_equal @user, assigns(:current_user)
|
@@ -179,7 +185,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
179
185
|
test "set_session_current_user logs off a user correctly" do
|
180
186
|
request.session[:authpwn_suid] = @token.suid
|
181
187
|
assert_difference 'Credential.count', -1, 'token not destroyed' do
|
182
|
-
put :update, :
|
188
|
+
put :update, exuid: ''
|
183
189
|
end
|
184
190
|
assert_response :success
|
185
191
|
assert_nil request.session[:authpwn_suid]
|
@@ -192,7 +198,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
192
198
|
|
193
199
|
test "set_session_current_user behaves when no user is logged off" do
|
194
200
|
assert_no_difference 'Credential.count' do
|
195
|
-
put :update, :
|
201
|
+
put :update, exuid: ''
|
196
202
|
end
|
197
203
|
assert_response :success
|
198
204
|
assert_nil request.session[:authpwn_suid]
|
@@ -209,7 +215,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
209
215
|
|
210
216
|
test "valid user_id bounced in json" do
|
211
217
|
request.session[:authpwn_suid] = @token.suid
|
212
|
-
get :bouncer, :
|
218
|
+
get :bouncer, format: 'json'
|
213
219
|
assert_response :ok
|
214
220
|
data = ActiveSupport::JSON.decode response.body
|
215
221
|
assert_match(/not allowed/i, data['error'])
|
@@ -225,7 +231,7 @@ class CookieControllerTest < ActionController::TestCase
|
|
225
231
|
end
|
226
232
|
|
227
233
|
test "no user_id bounced in json" do
|
228
|
-
get :bouncer, :
|
234
|
+
get :bouncer, format: 'json'
|
229
235
|
assert_response :ok
|
230
236
|
data = ActiveSupport::JSON.decode response.body
|
231
237
|
assert_match(/sign in/i, data['error'])
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require File.expand_path('../../test_helper', __FILE__)
|
2
2
|
|
3
|
-
class FacebookCredentialTest < ActiveSupport::TestCase
|
3
|
+
class FacebookCredentialTest < ActiveSupport::TestCase
|
4
4
|
def setup
|
5
5
|
@code = 'AAAEj8jKX2a8BAA4kNheRhOs6SlECVcZCE9o5pPKMytOjjoiNAoZBGZAwuL4KrrxXWesfJRhzDZCJiqrcQG3UdjRRNtyMJQMZD'
|
6
6
|
@credential = Credentials::Facebook.new
|
@@ -8,57 +8,57 @@ class FacebookCredentialTest < ActiveSupport::TestCase
|
|
8
8
|
@credential.key = 'AAAEj8jKX2a8BAOBMZCjxBe4dw7cRoD1JVxUgZAtB6ozJlR4Viazh6OAYcHB5kZAtUwgjpDy7a54ZA1DObLmBT9X99CLWYOj5Stqx8bHwnE7EzyBS1WxY'
|
9
9
|
@credential.user = users(:bill)
|
10
10
|
end
|
11
|
-
|
11
|
+
|
12
12
|
test 'setup' do
|
13
13
|
assert @credential.valid?
|
14
14
|
end
|
15
|
-
|
15
|
+
|
16
16
|
test 'key required' do
|
17
17
|
@credential.key = nil
|
18
18
|
assert !@credential.valid?
|
19
19
|
end
|
20
|
-
|
20
|
+
|
21
21
|
test 'user presence' do
|
22
22
|
@credential.user = nil
|
23
23
|
assert !@credential.valid?
|
24
24
|
end
|
25
|
-
|
25
|
+
|
26
26
|
test 'user uniqueness' do
|
27
27
|
@credential.user = users(:john)
|
28
28
|
assert !@credential.valid?
|
29
29
|
end
|
30
|
-
|
30
|
+
|
31
31
|
test 'facebook_uid uniqueness' do
|
32
32
|
@credential.facebook_uid = credentials(:jane_facebook).facebook_uid
|
33
33
|
assert !@credential.valid?
|
34
34
|
end
|
35
|
-
|
35
|
+
|
36
36
|
test "uid_from_token" do
|
37
37
|
assert_equal '1011950666', Credentials::Facebook.uid_from_token(@code)
|
38
38
|
end
|
39
39
|
|
40
40
|
test "for with existing access token" do
|
41
|
-
|
42
|
-
|
43
|
-
|
41
|
+
Credentials::Facebook.expects(:uid_from_token).with(@code).at_least_once.
|
42
|
+
returns(credentials(:jane_facebook).facebook_uid)
|
43
|
+
|
44
44
|
assert_equal credentials(:jane_facebook), Credentials::Facebook.for(@code),
|
45
45
|
'Wrong token'
|
46
46
|
assert_equal @code, credentials(:jane_facebook).reload.key,
|
47
47
|
'Token not refreshed'
|
48
48
|
end
|
49
|
-
|
49
|
+
|
50
50
|
test "for with new access token" do
|
51
51
|
credential = nil
|
52
|
-
|
53
|
-
with(@credential.key).
|
54
|
-
assert_difference 'Credentials::Facebook.count', 1 do
|
52
|
+
Credentials::Facebook.expects(:uid_from_token).at_least_once.
|
53
|
+
with(@credential.key).returns('123456789')
|
54
|
+
assert_difference 'Credentials::Facebook.count', 1 do
|
55
55
|
credential = Credentials::Facebook.for @credential.key
|
56
56
|
end
|
57
|
-
assert_equal '123456789', credential.facebook_uid
|
57
|
+
assert_equal '123456789', credential.facebook_uid
|
58
58
|
assert_equal @credential.key, credential.key
|
59
59
|
assert !credential.new_record?, 'New credential not saved'
|
60
60
|
assert !credential.user.new_record?, "New credential's user not saved"
|
61
61
|
assert_operator credential.user.credentials, :include?, credential,
|
62
|
-
"New user's credentials does not include Facebook credential"
|
63
|
-
end
|
62
|
+
"New user's credentials does not include Facebook credential"
|
63
|
+
end
|
64
64
|
end
|
@@ -70,7 +70,7 @@ class PasswordCredentialTest < ActiveSupport::TestCase
|
|
70
70
|
|
71
71
|
test 'authenticate calls User#auth_bounce_reason' do
|
72
72
|
user = @credential.user
|
73
|
-
|
73
|
+
user.expects(:auth_bounce_reason).at_least_once.returns(:reason)
|
74
74
|
@credential.updated_at = Time.now
|
75
75
|
assert_equal :reason, @credential.authenticate('awesome')
|
76
76
|
assert_equal :invalid, @credential.authenticate('not awesome')
|
@@ -46,7 +46,7 @@ class PasswordVerificationTokenTest < ActiveSupport::TestCase
|
|
46
46
|
end
|
47
47
|
end
|
48
48
|
assert credential.frozen?, 'not destroyed'
|
49
|
-
assert_nil Credential.where(:
|
49
|
+
assert_nil Credential.where(id: password_credential.id).first,
|
50
50
|
'password not blanked out'
|
51
51
|
end
|
52
52
|
|
@@ -90,8 +90,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
|
|
90
90
|
|
91
91
|
Tokens::Base.all.each do |token|
|
92
92
|
token.updated_at = Time.now - 1.year
|
93
|
-
|
94
|
-
and_return 1.week
|
93
|
+
token.class.stubs(:expires_after).returns 1.week
|
95
94
|
token.save!
|
96
95
|
end
|
97
96
|
assert_difference 'Credential.count', -1,
|
@@ -127,8 +126,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
|
|
127
126
|
token = Tokens::Base.with_code(credentials(:jane_token).code).first
|
128
127
|
token.updated_at = Time.now - 1.year
|
129
128
|
token.save!
|
130
|
-
|
131
|
-
zero_or_more_times.and_return 1.week
|
129
|
+
token.class.stubs(:expires_after).returns 1.week
|
132
130
|
assert_equal :invalid, token.authenticate,
|
133
131
|
'expired token'
|
134
132
|
assert_nil Tokens::Base.with_code(credentials(:jane_token).code).first,
|
@@ -5,12 +5,12 @@ class FacebookController < ApplicationController
|
|
5
5
|
authenticates_using_session
|
6
6
|
probes_facebook_access_token
|
7
7
|
authenticates_using_facebook
|
8
|
-
|
8
|
+
|
9
9
|
def show
|
10
10
|
if current_user
|
11
|
-
render :
|
11
|
+
render text: "User: #{current_user.id}"
|
12
12
|
else
|
13
|
-
render :
|
13
|
+
render text: "No user"
|
14
14
|
end
|
15
15
|
end
|
16
16
|
end
|
@@ -24,11 +24,11 @@ class FacebookControllerTest < ActionController::TestCase
|
|
24
24
|
@old_user_class = ::User
|
25
25
|
Object.send :remove_const, :User
|
26
26
|
::User = UserWithFb2
|
27
|
-
|
27
|
+
|
28
28
|
@user = users(:john)
|
29
29
|
@new_token = 'facebook:new_token|boom'
|
30
30
|
end
|
31
|
-
|
31
|
+
|
32
32
|
teardown do
|
33
33
|
Object.send :remove_const, :User
|
34
34
|
::User = @old_user_class
|
@@ -39,27 +39,27 @@ class FacebookControllerTest < ActionController::TestCase
|
|
39
39
|
assert_response :success
|
40
40
|
assert_nil assigns(:current_user)
|
41
41
|
end
|
42
|
-
|
42
|
+
|
43
43
|
test "facebook token for existing user" do
|
44
|
-
|
44
|
+
Credentials::Facebook.expects(:uid_from_token).at_least_once.
|
45
45
|
with(credentials(:john_facebook).key).
|
46
|
-
|
46
|
+
returns(credentials(:john_facebook).facebook_uid)
|
47
47
|
set_session_current_facebook_token credentials(:john_facebook).key
|
48
48
|
get :show, {}
|
49
49
|
assert_response :success
|
50
50
|
assert_equal @user, assigns(:current_user)
|
51
51
|
end
|
52
|
-
|
53
|
-
test "new facebook token" do
|
52
|
+
|
53
|
+
test "new facebook token" do
|
54
54
|
set_session_current_facebook_token @new_token
|
55
|
-
|
56
|
-
with(@new_token).
|
55
|
+
Credentials::Facebook.expects(:uid_from_token).at_least_once.
|
56
|
+
with(@new_token).returns('12345678')
|
57
57
|
get :show, {}
|
58
58
|
assert_response :success
|
59
59
|
assert_not_equal @user, assigns(:current_user)
|
60
60
|
end
|
61
|
-
|
61
|
+
|
62
62
|
test "auth_controller? is false" do
|
63
63
|
assert_equal false, @controller.auth_controller?
|
64
|
-
end
|
64
|
+
end
|
65
65
|
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
if defined?(ActionController::Parameters) &&
|
2
|
+
ActionController::Parameters.respond_to?(
|
3
|
+
:action_on_unpermitted_parameters=)
|
4
|
+
# Rails 4.
|
5
|
+
|
6
|
+
# Raise exceptions so we can test against them.
|
7
|
+
ActionController::Parameters.action_on_unpermitted_parameters = :raise
|
8
|
+
end
|
data/test/helpers/db_setup.rb
CHANGED
@@ -6,25 +6,27 @@ when /mysql/i
|
|
6
6
|
end
|
7
7
|
|
8
8
|
`mysql -u root -e "DROP DATABASE IF EXISTS plugin_dev; #{create_sql}"`
|
9
|
-
ActiveRecord::Base.establish_connection :
|
10
|
-
:
|
9
|
+
ActiveRecord::Base.establish_connection adapter: 'mysql2',
|
10
|
+
database: 'plugin_dev', username: 'root', password: ''
|
11
11
|
when /pg/i
|
12
12
|
pg_user = ENV['DB_USER'] || ENV['USER']
|
13
13
|
`psql -U #{pg_user} -d postgres -c "DROP DATABASE IF EXISTS plugin_dev;"`
|
14
14
|
`psql -U #{pg_user} -d postgres -c "CREATE DATABASE plugin_dev;"`
|
15
|
-
ActiveRecord::Base.establish_connection :
|
16
|
-
:
|
15
|
+
ActiveRecord::Base.establish_connection adapter: 'postgresql',
|
16
|
+
database: 'plugin_dev', username: pg_user, password: ''
|
17
17
|
else
|
18
|
-
ActiveRecord::Base.establish_connection :
|
19
|
-
:
|
18
|
+
ActiveRecord::Base.establish_connection adapter: 'sqlite3',
|
19
|
+
database: ':memory:'
|
20
20
|
end
|
21
21
|
|
22
22
|
class ActiveRecord::Base
|
23
23
|
self.configurations = true
|
24
|
-
|
24
|
+
if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
|
25
|
+
self.mass_assignment_sanitizer = :strict
|
25
26
|
|
26
|
-
|
27
|
-
|
27
|
+
# Hacky equivalent to config.active_record.whitelist_attributes = true
|
28
|
+
attr_accessible
|
29
|
+
end
|
28
30
|
end
|
29
31
|
|
30
32
|
ActiveRecord::Migration.verbose = false
|
data/test/helpers/routes.rb
CHANGED
@@ -1,23 +1,28 @@
|
|
1
1
|
# :nodoc: the routes used in all tests
|
2
2
|
class ActionController::TestCase
|
3
3
|
def setup_routes
|
4
|
-
|
4
|
+
if defined? ActionDispatch::Routing
|
5
|
+
# Rails 4.
|
6
|
+
@routes = ActionDispatch::Routing::RouteSet.new
|
7
|
+
else
|
8
|
+
# Rails 3.
|
9
|
+
@routes = ActionController::Routing::RouteSet.new
|
10
|
+
end
|
5
11
|
@routes.draw do
|
6
|
-
resource :cookie, :
|
12
|
+
resource :cookie, controller: 'cookie' do
|
7
13
|
collection do
|
8
14
|
get :bouncer
|
9
15
|
put :update
|
10
16
|
end
|
11
17
|
end
|
12
|
-
resource :http_basic, :
|
18
|
+
resource :http_basic, controller: 'http_basic' do
|
13
19
|
collection { get :bouncer }
|
14
20
|
end
|
15
|
-
resource :facebook, :
|
16
|
-
authpwn_session :
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
root :to => 'session#index'
|
21
|
+
resource :facebook, controller: 'facebook'
|
22
|
+
authpwn_session controller: 'bare_session', method_names: 'bare_session'
|
23
|
+
authpwn_session controller: 'bare_session2',
|
24
|
+
method_names: 'bare_session2'
|
25
|
+
root to: 'session#index'
|
21
26
|
|
22
27
|
# NOTE: this route should be kept in sync with the session template.
|
23
28
|
authpwn_session
|
@@ -3,15 +3,15 @@ require File.expand_path('../test_helper', __FILE__)
|
|
3
3
|
# Mock controller used for testing session handling.
|
4
4
|
class HttpBasicController < ApplicationController
|
5
5
|
authenticates_using_http_basic
|
6
|
-
|
6
|
+
|
7
7
|
def show
|
8
8
|
if current_user
|
9
|
-
render :
|
9
|
+
render text: "User: #{current_user.id}"
|
10
10
|
else
|
11
|
-
render :
|
11
|
+
render text: "No user"
|
12
12
|
end
|
13
13
|
end
|
14
|
-
|
14
|
+
|
15
15
|
def bouncer
|
16
16
|
bounce_to_http_basic
|
17
17
|
end
|
@@ -28,7 +28,7 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
28
28
|
assert_nil assigns(:current_user)
|
29
29
|
assert_equal 'No user', response.body
|
30
30
|
end
|
31
|
-
|
31
|
+
|
32
32
|
test "valid user_id in session cookie" do
|
33
33
|
set_session_current_user @user
|
34
34
|
get :show
|
@@ -41,8 +41,13 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
41
41
|
set_http_basic_user @user, 'pa55w0rd'
|
42
42
|
get :show
|
43
43
|
assert_equal @user, assigns(:current_user)
|
44
|
-
|
45
|
-
|
44
|
+
|
45
|
+
jane_id = if defined? ActiveRecord::FixtureSet
|
46
|
+
ActiveRecord::FixtureSet.identify :jane
|
47
|
+
else
|
48
|
+
ActiveRecord::Fixtures.identify :jane
|
49
|
+
end
|
50
|
+
assert_equal "User: #{jane_id}", response.body
|
46
51
|
end
|
47
52
|
|
48
53
|
test "invalid user credentials in header" do
|
@@ -53,15 +58,20 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
53
58
|
end
|
54
59
|
|
55
60
|
test "uses User.authenticate_signin" do
|
56
|
-
|
57
|
-
with('jane@gmail.com', 'fail').
|
61
|
+
User.expects(:authenticate_signin).at_least_once.
|
62
|
+
with('jane@gmail.com', 'fail').returns @user
|
58
63
|
set_http_basic_user @user, 'fail'
|
59
64
|
get :show
|
60
65
|
assert_equal @user, assigns(:current_user)
|
61
|
-
|
62
|
-
|
66
|
+
|
67
|
+
jane_id = if defined? ActiveRecord::FixtureSet
|
68
|
+
ActiveRecord::FixtureSet.identify :jane
|
69
|
+
else
|
70
|
+
ActiveRecord::Fixtures.identify :jane
|
71
|
+
end
|
72
|
+
assert_equal "User: #{jane_id}", response.body
|
63
73
|
end
|
64
|
-
|
74
|
+
|
65
75
|
|
66
76
|
test "reset user credentials in header" do
|
67
77
|
set_http_basic_user @user, 'pa55w0rd'
|
@@ -75,16 +85,21 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
75
85
|
set_http_basic_user @user
|
76
86
|
get :show
|
77
87
|
assert_equal @user, assigns(:current_user)
|
78
|
-
|
79
|
-
|
88
|
+
|
89
|
+
jane_id = if defined? ActiveRecord::FixtureSet
|
90
|
+
ActiveRecord::FixtureSet.identify :jane
|
91
|
+
else
|
92
|
+
ActiveRecord::Fixtures.identify :jane
|
93
|
+
end
|
94
|
+
assert_equal "User: #{jane_id}", response.body
|
80
95
|
end
|
81
|
-
|
96
|
+
|
82
97
|
test "invalid user_pid in session" do
|
83
|
-
get :show, {}, :
|
98
|
+
get :show, {}, current_user_pid: 'random@user.com'
|
84
99
|
assert_response :success
|
85
100
|
assert_nil assigns(:current_user)
|
86
101
|
end
|
87
|
-
|
102
|
+
|
88
103
|
test "valid user bounced to http authentication" do
|
89
104
|
set_http_basic_user @user
|
90
105
|
get :bouncer
|
@@ -95,12 +110,12 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
95
110
|
|
96
111
|
test "valid user bounced in json" do
|
97
112
|
set_http_basic_user @user
|
98
|
-
get :bouncer, :
|
113
|
+
get :bouncer, format: 'json'
|
99
114
|
assert_response :ok
|
100
115
|
data = ActiveSupport::JSON.decode response.body
|
101
116
|
assert_match(/not allowed/i, data['error'])
|
102
117
|
end
|
103
|
-
|
118
|
+
|
104
119
|
test "no user_id bounced to http authentication" do
|
105
120
|
get :bouncer
|
106
121
|
assert_response :unauthorized
|
@@ -109,7 +124,7 @@ class HttpBasicControllerTest < ActionController::TestCase
|
|
109
124
|
end
|
110
125
|
|
111
126
|
test "no user_id bounced in json" do
|
112
|
-
get :bouncer, :
|
127
|
+
get :bouncer, format: 'json'
|
113
128
|
assert_response :unauthorized
|
114
129
|
assert_equal 'Basic realm="Application"',
|
115
130
|
response.headers['WWW-Authenticate']
|
data/test/routes_test.rb
CHANGED
@@ -7,25 +7,25 @@ class RoutesTest < ActionController::TestCase
|
|
7
7
|
tests SessionController
|
8
8
|
|
9
9
|
test "authpwn_session routes" do
|
10
|
-
assert_routing({:
|
11
|
-
{:
|
12
|
-
assert_routing({:
|
13
|
-
{:
|
14
|
-
assert_routing({:
|
15
|
-
{:
|
16
|
-
assert_routing({:
|
17
|
-
{:
|
18
|
-
assert_routing({:
|
19
|
-
{:
|
20
|
-
assert_routing({:
|
21
|
-
{:
|
22
|
-
assert_routing({:
|
23
|
-
{:
|
24
|
-
assert_routing({:
|
25
|
-
{:
|
10
|
+
assert_routing({path: "/session", method: :get},
|
11
|
+
{controller: 'session', action: 'show'})
|
12
|
+
assert_routing({path: "/session/new", method: :get},
|
13
|
+
{controller: 'session', action: 'new'})
|
14
|
+
assert_routing({path: "/session", method: :post},
|
15
|
+
{controller: 'session', action: 'create'})
|
16
|
+
assert_routing({path: "/session", method: :delete},
|
17
|
+
{controller: 'session', action: 'destroy'})
|
18
|
+
assert_routing({path: "/session", method: :delete},
|
19
|
+
{controller: 'session', action: 'destroy'})
|
20
|
+
assert_routing({path: "/session/change_password", method: :get},
|
21
|
+
{controller: 'session', action: 'password_change'})
|
22
|
+
assert_routing({path: "/session/change_password", method: :post},
|
23
|
+
{controller: 'session', action: 'change_password'})
|
24
|
+
assert_routing({path: "/session/reset_password", method: :post},
|
25
|
+
{controller: 'session', action: 'reset_password'})
|
26
26
|
|
27
27
|
code = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
|
28
|
-
assert_routing({:
|
29
|
-
{:
|
28
|
+
assert_routing({path: "/session/token/#{code}", method: :get},
|
29
|
+
{controller: 'session', action: 'token', code: code})
|
30
30
|
end
|
31
31
|
end
|