authpwn_rails 0.13.4 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.travis.yml +4 -2
- data/Gemfile +5 -5
- data/Gemfile.lock +47 -45
- data/Gemfile.rails3 +15 -0
- data/Gemfile.rails4 +15 -0
- data/VERSION +1 -1
- data/app/models/credentials/email.rb +35 -19
- data/app/models/credentials/facebook.rb +11 -9
- data/app/models/credentials/password.rb +7 -5
- data/app/models/tokens/base.rb +27 -14
- data/app/models/tokens/email_verification.rb +1 -1
- data/app/models/tokens/session_uid.rb +5 -5
- data/authpwn_rails.gemspec +15 -15
- data/lib/authpwn_rails/credential_model.rb +8 -6
- data/lib/authpwn_rails/expires.rb +1 -1
- data/lib/authpwn_rails/generators/templates/001_create_users.rb +4 -4
- data/lib/authpwn_rails/generators/templates/003_create_credentials.rb +8 -10
- data/lib/authpwn_rails/generators/templates/session/password_change.html.erb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller.rb +1 -1
- data/lib/authpwn_rails/generators/templates/session_controller_test.rb +9 -9
- data/lib/authpwn_rails/http_basic.rb +2 -2
- data/lib/authpwn_rails/routes.rb +18 -18
- data/lib/authpwn_rails/session.rb +3 -3
- data/lib/authpwn_rails/session_controller.rb +39 -25
- data/lib/authpwn_rails/session_mailer.rb +5 -5
- data/lib/authpwn_rails/test_extensions.rb +6 -6
- data/lib/authpwn_rails/user_extensions/email_field.rb +33 -16
- data/lib/authpwn_rails/user_extensions/facebook_fields.rb +1 -1
- data/lib/authpwn_rails/user_extensions/password_field.rb +17 -14
- data/lib/authpwn_rails/user_model.rb +9 -7
- data/test/cookie_controller_test.rb +22 -16
- data/test/credentials/facebook_credential_test.rb +17 -17
- data/test/credentials/password_credential_test.rb +1 -1
- data/test/credentials/password_reset_token_test.rb +1 -1
- data/test/credentials/session_uid_token_test.rb +1 -0
- data/test/credentials/token_crendential_test.rb +2 -4
- data/test/facebook_controller_test.rb +14 -14
- data/test/helpers/action_controller.rb +8 -0
- data/test/helpers/db_setup.rb +11 -9
- data/test/helpers/routes.rb +14 -9
- data/test/http_basic_controller_test.rb +35 -20
- data/test/routes_test.rb +18 -18
- data/test/session_controller_api_test.rb +76 -83
- data/test/test_helper.rb +4 -1
- data/test/user_extensions/email_field_test.rb +1 -1
- data/test/user_extensions/facebook_fields_test.rb +5 -5
- data/test/user_extensions/password_field_test.rb +2 -2
- metadata +14 -27
|
@@ -27,21 +27,21 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
test "show renders welcome without a user" do
|
|
30
|
-
|
|
30
|
+
@controller.expects(:welcome).once.returns nil
|
|
31
31
|
get :show
|
|
32
32
|
assert_template :welcome
|
|
33
33
|
assert_nil assigns(:current_user)
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
test "show json renders empty object without a user" do
|
|
37
|
-
|
|
38
|
-
get :show, :
|
|
37
|
+
@controller.expects(:welcome).once.returns nil
|
|
38
|
+
get :show, format: 'json'
|
|
39
39
|
assert_response :ok
|
|
40
40
|
assert_equal({}, ActiveSupport::JSON.decode(response.body))
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
test "show renders home with a user" do
|
|
44
|
-
|
|
44
|
+
@controller.expects(:home).once.returns nil
|
|
45
45
|
set_session_current_user @user
|
|
46
46
|
get :show
|
|
47
47
|
assert_template :home
|
|
@@ -50,8 +50,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
50
50
|
|
|
51
51
|
test "show json renders user when logged in" do
|
|
52
52
|
set_session_current_user @user
|
|
53
|
-
|
|
54
|
-
get :show, :
|
|
53
|
+
@controller.expects(:home).once.returns nil
|
|
54
|
+
get :show, format: 'json'
|
|
55
55
|
assert_response :ok
|
|
56
56
|
data = ActiveSupport::JSON.decode response.body
|
|
57
57
|
assert_equal @user.exuid, data['user']['exuid']
|
|
@@ -72,7 +72,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
72
72
|
|
|
73
73
|
test "new renders redirect_url when present in flash" do
|
|
74
74
|
url = 'http://authpwn.redirect.url'
|
|
75
|
-
get :new, {}, {}, { :
|
|
75
|
+
get :new, {}, {}, { auth_redirect_url: url }
|
|
76
76
|
assert_template :new
|
|
77
77
|
assert_equal url, assigns(:redirect_url), 'redirect_url should be set'
|
|
78
78
|
assert_select 'form' do
|
|
@@ -81,7 +81,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
test "create logs in with good account details" do
|
|
84
|
-
post :create, :
|
|
84
|
+
post :create, email: @email_credential.email, password: 'password'
|
|
85
85
|
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
86
86
|
assert_equal @user, session_current_user, 'session'
|
|
87
87
|
assert_redirected_to session_url
|
|
@@ -92,7 +92,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
92
92
|
old_token = credentials(:jane_session_token)
|
|
93
93
|
old_token.updated_at = Time.now - 1.year
|
|
94
94
|
old_token.save!
|
|
95
|
-
post :create, :
|
|
95
|
+
post :create, email: @email_credential.email, password: 'password'
|
|
96
96
|
assert_equal @user, session_current_user, 'session'
|
|
97
97
|
assert_nil Tokens::Base.with_code(old_token.code).first,
|
|
98
98
|
'old session not purged'
|
|
@@ -103,15 +103,15 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
103
103
|
old_token = credentials(:jane_session_token)
|
|
104
104
|
old_token.updated_at = Time.now - 1.year
|
|
105
105
|
old_token.save!
|
|
106
|
-
post :create, :
|
|
106
|
+
post :create, email: @email_credential.email, password: 'password'
|
|
107
107
|
assert_equal @user, session_current_user, 'session'
|
|
108
108
|
assert_equal old_token, Tokens::Base.with_code(old_token.code).first,
|
|
109
109
|
'old session purged'
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
test "create by json logs in with good account details" do
|
|
113
|
-
post :create, :
|
|
114
|
-
:
|
|
113
|
+
post :create, email: @email_credential.email, password: 'password',
|
|
114
|
+
format: 'json'
|
|
115
115
|
assert_response :ok
|
|
116
116
|
data = ActiveSupport::JSON.decode response.body
|
|
117
117
|
assert_equal @user.exuid, data['user']['exuid']
|
|
@@ -125,8 +125,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
125
125
|
old_token = credentials(:jane_session_token)
|
|
126
126
|
old_token.updated_at = Time.now - 1.year
|
|
127
127
|
old_token.save!
|
|
128
|
-
post :create, :
|
|
129
|
-
:
|
|
128
|
+
post :create, email: @email_credential.email, password: 'password',
|
|
129
|
+
format: 'json'
|
|
130
130
|
assert_response :ok
|
|
131
131
|
assert_equal @user, session_current_user, 'session'
|
|
132
132
|
assert_nil Tokens::Base.with_code(old_token.code).first,
|
|
@@ -135,13 +135,13 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
135
135
|
|
|
136
136
|
test "create redirects properly with good account details" do
|
|
137
137
|
url = 'http://authpwn.redirect.url'
|
|
138
|
-
post :create, :
|
|
139
|
-
:
|
|
138
|
+
post :create, email: @email_credential.email, password: 'password',
|
|
139
|
+
redirect_url: url
|
|
140
140
|
assert_redirected_to url
|
|
141
141
|
end
|
|
142
142
|
|
|
143
143
|
test "create does not log in with bad password" do
|
|
144
|
-
post :create, :
|
|
144
|
+
post :create, email: @email_credential.email, password: 'fail'
|
|
145
145
|
assert_redirected_to new_session_url
|
|
146
146
|
assert_nil assigns(:current_user), 'instance variable'
|
|
147
147
|
assert_nil session_current_user, 'session'
|
|
@@ -151,7 +151,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
151
151
|
test "create does not log in with expired password" do
|
|
152
152
|
@password_credential.updated_at = Time.now - 2.years
|
|
153
153
|
@password_credential.save!
|
|
154
|
-
post :create, :
|
|
154
|
+
post :create, email: @email_credential.email, password: 'password'
|
|
155
155
|
assert_redirected_to new_session_url
|
|
156
156
|
assert_nil assigns(:current_user), 'instance variable'
|
|
157
157
|
assert_nil session_current_user, 'session'
|
|
@@ -163,7 +163,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
163
163
|
old_token = credentials(:jane_session_token)
|
|
164
164
|
old_token.updated_at = Time.now - 1.year
|
|
165
165
|
old_token.save!
|
|
166
|
-
post :create, :
|
|
166
|
+
post :create, email: @email_credential.email, password: 'fail'
|
|
167
167
|
assert_nil session_current_user, 'session'
|
|
168
168
|
assert_equal old_token, Tokens::Base.with_code(old_token.code).first,
|
|
169
169
|
'old session purged'
|
|
@@ -171,7 +171,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
171
171
|
|
|
172
172
|
test "create does not log in blocked accounts" do
|
|
173
173
|
with_blocked_credential @email_credential do
|
|
174
|
-
post :create, :
|
|
174
|
+
post :create, email: @email_credential.email, password: 'password'
|
|
175
175
|
end
|
|
176
176
|
assert_redirected_to new_session_url
|
|
177
177
|
assert_nil assigns(:current_user), 'instance variable'
|
|
@@ -180,17 +180,17 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
180
180
|
end
|
|
181
181
|
|
|
182
182
|
test "create uses User.authenticate_signin" do
|
|
183
|
-
|
|
184
|
-
with('em@ail.com', 'fail').
|
|
185
|
-
post :create, :
|
|
183
|
+
User.expects(:authenticate_signin).at_least_once.
|
|
184
|
+
with('em@ail.com', 'fail').returns @email_credential.user
|
|
185
|
+
post :create, email: 'em@ail.com', password: 'fail'
|
|
186
186
|
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
187
187
|
assert_equal @user, session_current_user, 'session'
|
|
188
188
|
assert_redirected_to session_url
|
|
189
189
|
end
|
|
190
190
|
|
|
191
191
|
test "create by json does not log in with bad password" do
|
|
192
|
-
post :create, :
|
|
193
|
-
:
|
|
192
|
+
post :create, email: @email_credential.email, password: 'fail',
|
|
193
|
+
format: 'json'
|
|
194
194
|
assert_response :ok
|
|
195
195
|
data = ActiveSupport::JSON.decode response.body
|
|
196
196
|
assert_equal 'invalid', data['error']
|
|
@@ -202,8 +202,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
202
202
|
test "create by json does not log in with expired password" do
|
|
203
203
|
@password_credential.updated_at = Time.now - 2.years
|
|
204
204
|
@password_credential.save!
|
|
205
|
-
post :create, :
|
|
206
|
-
:
|
|
205
|
+
post :create, email: @email_credential.email, password: 'password',
|
|
206
|
+
format: 'json'
|
|
207
207
|
assert_response :ok
|
|
208
208
|
data = ActiveSupport::JSON.decode response.body
|
|
209
209
|
assert_equal 'expired', data['error']
|
|
@@ -214,8 +214,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
214
214
|
|
|
215
215
|
test "create by json does not log in blocked accounts" do
|
|
216
216
|
with_blocked_credential @email_credential do
|
|
217
|
-
post :create, :
|
|
218
|
-
:
|
|
217
|
+
post :create, email: @email_credential.email, password: 'password',
|
|
218
|
+
format: 'json'
|
|
219
219
|
end
|
|
220
220
|
assert_response :ok
|
|
221
221
|
data = ActiveSupport::JSON.decode response.body
|
|
@@ -227,15 +227,15 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
227
227
|
|
|
228
228
|
test "create maintains redirect_url for bad logins" do
|
|
229
229
|
url = 'http://authpwn.redirect.url'
|
|
230
|
-
post :create, :
|
|
231
|
-
:
|
|
230
|
+
post :create, email: @email_credential.email, password: 'fail',
|
|
231
|
+
redirect_url: url
|
|
232
232
|
assert_redirected_to new_session_url
|
|
233
233
|
assert_match(/Invalid /, flash[:alert])
|
|
234
234
|
assert_equal url, flash[:auth_redirect_url]
|
|
235
235
|
end
|
|
236
236
|
|
|
237
237
|
test "create does not log in with bad e-mail" do
|
|
238
|
-
post :create, :
|
|
238
|
+
post :create, email: 'nobody@gmail.com', password: 'no'
|
|
239
239
|
assert_redirected_to new_session_url
|
|
240
240
|
assert_nil assigns(:current_user), 'instance variable'
|
|
241
241
|
assert_nil session_current_user, 'session'
|
|
@@ -243,9 +243,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
243
243
|
end
|
|
244
244
|
|
|
245
245
|
test "token logs in with good token" do
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
get :token, :
|
|
246
|
+
@controller.expects(:home_with_token).once.with(@token_credential).
|
|
247
|
+
returns(nil)
|
|
248
|
+
get :token, code: @token_credential.code
|
|
249
249
|
assert_redirected_to session_url
|
|
250
250
|
assert_equal @user, assigns(:current_user), 'instance variable'
|
|
251
251
|
assert_equal @user, session_current_user, 'session'
|
|
@@ -254,9 +254,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
254
254
|
end
|
|
255
255
|
|
|
256
256
|
test "token by json logs in with good token" do
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
get :token, :
|
|
257
|
+
@controller.expects(:home_with_token).once.with(@token_credential).
|
|
258
|
+
returns(nil)
|
|
259
|
+
get :token, code: @token_credential.code, format: 'json'
|
|
260
260
|
assert_response :ok
|
|
261
261
|
data = ActiveSupport::JSON.decode response.body
|
|
262
262
|
assert_equal @user.exuid, data['user']['exuid']
|
|
@@ -269,7 +269,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
269
269
|
|
|
270
270
|
test "token does not log in with random token" do
|
|
271
271
|
assert_no_difference 'Credential.count', 'no credential is spent' do
|
|
272
|
-
get :token, :
|
|
272
|
+
get :token, code: 'no-such-token'
|
|
273
273
|
end
|
|
274
274
|
assert_redirected_to new_session_url
|
|
275
275
|
assert_nil assigns(:current_user), 'instance variable'
|
|
@@ -280,7 +280,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
280
280
|
test "token does not log in blocked accounts" do
|
|
281
281
|
with_blocked_credential @token_credential do
|
|
282
282
|
assert_no_difference 'Credential.count', 'no credential is spent' do
|
|
283
|
-
get :token, :
|
|
283
|
+
get :token, code: @token_credential.code
|
|
284
284
|
end
|
|
285
285
|
end
|
|
286
286
|
assert_redirected_to new_session_url
|
|
@@ -291,7 +291,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
291
291
|
|
|
292
292
|
test "token by json does not log in with random token" do
|
|
293
293
|
assert_no_difference 'Credential.count', 'no credential is spent' do
|
|
294
|
-
get :token, :
|
|
294
|
+
get :token, code: 'no-such-token', format: 'json'
|
|
295
295
|
end
|
|
296
296
|
assert_response :ok
|
|
297
297
|
data = ActiveSupport::JSON.decode response.body
|
|
@@ -304,7 +304,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
304
304
|
test "token by json does not log in blocked accounts" do
|
|
305
305
|
with_blocked_credential @token_credential do
|
|
306
306
|
assert_no_difference 'Credential.count', 'no credential is spent' do
|
|
307
|
-
get :token, :
|
|
307
|
+
get :token, code: @token_credential.code, format: 'json'
|
|
308
308
|
end
|
|
309
309
|
end
|
|
310
310
|
assert_response :ok
|
|
@@ -325,7 +325,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
325
325
|
|
|
326
326
|
test "logout by json" do
|
|
327
327
|
set_session_current_user @user
|
|
328
|
-
delete :destroy, :
|
|
328
|
+
delete :destroy, format: 'json'
|
|
329
329
|
|
|
330
330
|
assert_response :ok
|
|
331
331
|
assert_nil assigns(:current_user)
|
|
@@ -345,17 +345,16 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
345
345
|
end
|
|
346
346
|
|
|
347
347
|
test "change_password bounces without logged in user" do
|
|
348
|
-
post :change_password, :
|
|
349
|
-
:
|
|
350
|
-
:
|
|
348
|
+
post :change_password, old_password: 'password',
|
|
349
|
+
credential: { password: 'hacks',
|
|
350
|
+
password_confirmation: 'hacks'}
|
|
351
351
|
assert_response :forbidden
|
|
352
352
|
end
|
|
353
353
|
|
|
354
354
|
test "change_password works with correct input" do
|
|
355
355
|
set_session_current_user @user
|
|
356
|
-
post :change_password, :
|
|
357
|
-
:
|
|
358
|
-
:password_confirmation => 'hacks'}
|
|
356
|
+
post :change_password, old_password: 'password',
|
|
357
|
+
credential: { password: 'hacks', password_confirmation: 'hacks'}
|
|
359
358
|
assert_redirected_to session_url
|
|
360
359
|
assert_equal @password_credential, assigns(:credential)
|
|
361
360
|
assert_equal @user, User.authenticate_signin(@email_credential.email,
|
|
@@ -364,9 +363,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
364
363
|
|
|
365
364
|
test "change_password rejects bad old password" do
|
|
366
365
|
set_session_current_user @user
|
|
367
|
-
post :change_password, :
|
|
368
|
-
:
|
|
369
|
-
:password_confirmation => 'hacks'}
|
|
366
|
+
post :change_password, old_password: '_password',
|
|
367
|
+
credential: { password: 'hacks', password_confirmation: 'hacks'}
|
|
370
368
|
assert_response :ok
|
|
371
369
|
assert_template :password_change
|
|
372
370
|
assert_equal @password_credential, assigns(:credential)
|
|
@@ -376,9 +374,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
376
374
|
|
|
377
375
|
test "change_password rejects un-confirmed password" do
|
|
378
376
|
set_session_current_user @user
|
|
379
|
-
post :change_password, :
|
|
380
|
-
:
|
|
381
|
-
:password_confirmation => 'hacks_'}
|
|
377
|
+
post :change_password, old_password: 'password',
|
|
378
|
+
credential: { password: 'hacks', password_confirmation: 'hacks_'}
|
|
382
379
|
assert_response :ok
|
|
383
380
|
assert_template :password_change
|
|
384
381
|
assert_equal @password_credential, assigns(:credential)
|
|
@@ -390,8 +387,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
390
387
|
set_session_current_user @user
|
|
391
388
|
@password_credential.destroy
|
|
392
389
|
post :change_password,
|
|
393
|
-
:
|
|
394
|
-
:
|
|
390
|
+
credential: { password: 'hacks',
|
|
391
|
+
password_confirmation: 'hacks'}
|
|
395
392
|
assert_redirected_to session_url
|
|
396
393
|
assert_equal @user, User.authenticate_signin(@email_credential.email,
|
|
397
394
|
'hacks'), 'password not changed'
|
|
@@ -402,17 +399,16 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
402
399
|
@password_credential.destroy
|
|
403
400
|
assert_no_difference 'Credential.count' do
|
|
404
401
|
post :change_password,
|
|
405
|
-
:
|
|
406
|
-
:
|
|
402
|
+
credential: { password: 'hacks',
|
|
403
|
+
password_confirmation: 'hacks_'}
|
|
407
404
|
end
|
|
408
405
|
assert_response :ok
|
|
409
406
|
assert_template :password_change
|
|
410
407
|
end
|
|
411
408
|
|
|
412
409
|
test "change_password by json bounces without logged in user" do
|
|
413
|
-
post :change_password, :
|
|
414
|
-
:
|
|
415
|
-
:password_confirmation => 'hacks'}
|
|
410
|
+
post :change_password, format: 'json', old_password: 'password',
|
|
411
|
+
credential: { password: 'hacks', password_confirmation: 'hacks'}
|
|
416
412
|
assert_response :ok
|
|
417
413
|
data = ActiveSupport::JSON.decode response.body
|
|
418
414
|
assert_equal 'Please sign in', data['error']
|
|
@@ -420,9 +416,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
420
416
|
|
|
421
417
|
test "change_password by json works with correct input" do
|
|
422
418
|
set_session_current_user @user
|
|
423
|
-
post :change_password, :
|
|
424
|
-
:
|
|
425
|
-
:
|
|
419
|
+
post :change_password, format: 'json', old_password: 'password',
|
|
420
|
+
credential: { password: 'hacks',
|
|
421
|
+
password_confirmation: 'hacks'}
|
|
426
422
|
assert_response :ok
|
|
427
423
|
assert_equal @user, User.authenticate_signin(@email_credential.email,
|
|
428
424
|
'hacks'), 'password not changed'
|
|
@@ -430,9 +426,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
430
426
|
|
|
431
427
|
test "change_password by json rejects bad old password" do
|
|
432
428
|
set_session_current_user @user
|
|
433
|
-
post :change_password, :
|
|
434
|
-
:
|
|
435
|
-
:password_confirmation => 'hacks'}
|
|
429
|
+
post :change_password, format: 'json', old_password: '_password',
|
|
430
|
+
credential: { password: 'hacks', password_confirmation: 'hacks'}
|
|
436
431
|
assert_response :ok
|
|
437
432
|
data = ActiveSupport::JSON.decode response.body
|
|
438
433
|
assert_equal 'invalid', data['error']
|
|
@@ -443,9 +438,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
443
438
|
|
|
444
439
|
test "change_password by json rejects un-confirmed password" do
|
|
445
440
|
set_session_current_user @user
|
|
446
|
-
post :change_password, :
|
|
447
|
-
:
|
|
448
|
-
:password_confirmation => 'hacks_'}
|
|
441
|
+
post :change_password, format: 'json', old_password: 'password',
|
|
442
|
+
credential: { password: 'hacks', password_confirmation: 'hacks_'}
|
|
449
443
|
assert_response :ok
|
|
450
444
|
data = ActiveSupport::JSON.decode response.body
|
|
451
445
|
assert_equal 'invalid', data['error']
|
|
@@ -456,9 +450,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
456
450
|
test "change_password by json works for password recovery" do
|
|
457
451
|
set_session_current_user @user
|
|
458
452
|
@password_credential.destroy
|
|
459
|
-
post :change_password, :
|
|
460
|
-
:
|
|
461
|
-
:password_confirmation => 'hacks'}
|
|
453
|
+
post :change_password, format: 'json',
|
|
454
|
+
credential: { password: 'hacks', password_confirmation: 'hacks'}
|
|
462
455
|
assert_response :ok
|
|
463
456
|
assert_equal @user, User.authenticate_signin(
|
|
464
457
|
@email_credential.email, 'hacks'), 'password not changed'
|
|
@@ -468,9 +461,9 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
468
461
|
set_session_current_user @user
|
|
469
462
|
@password_credential.destroy
|
|
470
463
|
assert_no_difference 'Credential.count' do
|
|
471
|
-
post :change_password, :
|
|
472
|
-
:
|
|
473
|
-
:
|
|
464
|
+
post :change_password, format: 'json',
|
|
465
|
+
credential: { password: 'hacks',
|
|
466
|
+
password_confirmation: 'hacks_'}
|
|
474
467
|
end
|
|
475
468
|
assert_response :ok
|
|
476
469
|
data = ActiveSupport::JSON.decode response.body
|
|
@@ -482,7 +475,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
482
475
|
@request.host = 'mail.test.host:1234'
|
|
483
476
|
|
|
484
477
|
assert_difference 'Credential.count', 1 do
|
|
485
|
-
post :reset_password, :
|
|
478
|
+
post :reset_password, email: @email_credential.email
|
|
486
479
|
end
|
|
487
480
|
|
|
488
481
|
token = Credential.last
|
|
@@ -504,7 +497,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
504
497
|
ActionMailer::Base.deliveries = []
|
|
505
498
|
|
|
506
499
|
assert_difference 'Credential.count', 1 do
|
|
507
|
-
post :reset_password, :
|
|
500
|
+
post :reset_password, email: @email_credential.email, format: 'json'
|
|
508
501
|
end
|
|
509
502
|
|
|
510
503
|
token = Credential.last
|
|
@@ -521,7 +514,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
521
514
|
ActionMailer::Base.deliveries = []
|
|
522
515
|
|
|
523
516
|
assert_no_difference 'Credential.count' do
|
|
524
|
-
post :reset_password, :
|
|
517
|
+
post :reset_password, email: 'no@such.email'
|
|
525
518
|
end
|
|
526
519
|
assert ActionMailer::Base.deliveries.empty?, 'no email generated'
|
|
527
520
|
|
|
@@ -532,7 +525,7 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
532
525
|
ActionMailer::Base.deliveries = []
|
|
533
526
|
|
|
534
527
|
assert_no_difference 'Credential.count' do
|
|
535
|
-
post :reset_password, :
|
|
528
|
+
post :reset_password, email: 'no@such.email', format: 'json'
|
|
536
529
|
end
|
|
537
530
|
assert ActionMailer::Base.deliveries.empty?, 'no email generated'
|
|
538
531
|
|
|
@@ -545,8 +538,8 @@ class SessionControllerApiTest < ActionController::TestCase
|
|
|
545
538
|
ActionMailer::Base.deliveries = []
|
|
546
539
|
|
|
547
540
|
assert_difference 'Credential.count', 1 do
|
|
548
|
-
post :create, :
|
|
549
|
-
:
|
|
541
|
+
post :create, email: @email_credential.email, password: '',
|
|
542
|
+
reset_password: :requested
|
|
550
543
|
end
|
|
551
544
|
|
|
552
545
|
token = Credential.last
|
data/test/test_helper.rb
CHANGED
|
@@ -1,19 +1,22 @@
|
|
|
1
1
|
require 'rubygems'
|
|
2
2
|
require 'test/unit'
|
|
3
3
|
|
|
4
|
+
require 'action_controller'
|
|
4
5
|
require 'action_mailer'
|
|
5
6
|
require 'active_record'
|
|
6
7
|
require 'rails'
|
|
7
8
|
|
|
8
9
|
require 'fbgraph_rails'
|
|
9
10
|
require 'fbgraph_rails/controller'
|
|
10
|
-
require 'flexmock/test_unit'
|
|
11
11
|
require 'sqlite3'
|
|
12
12
|
|
|
13
|
+
require 'mocha/setup'
|
|
14
|
+
|
|
13
15
|
require 'authpwn_rails'
|
|
14
16
|
|
|
15
17
|
require 'helpers/view_helpers.rb'
|
|
16
18
|
# NOTE: application_controller and action_mailer have to follow view_helpers
|
|
19
|
+
require 'helpers/action_controller.rb'
|
|
17
20
|
require 'helpers/application_controller.rb'
|
|
18
21
|
require 'helpers/action_mailer.rb'
|
|
19
22
|
require 'helpers/autoload_path.rb'
|
|
@@ -6,7 +6,7 @@ end
|
|
|
6
6
|
|
|
7
7
|
class EmailFieldTest < ActiveSupport::TestCase
|
|
8
8
|
def setup
|
|
9
|
-
@user = UserWithEmail.new :
|
|
9
|
+
@user = UserWithEmail.new email: 'blah@gmail.com'
|
|
10
10
|
|
|
11
11
|
@john = UserWithEmail.find_by_id(users(:john).id)
|
|
12
12
|
@jane = UserWithEmail.find_by_id(users(:jane).id)
|
|
@@ -7,16 +7,16 @@ end
|
|
|
7
7
|
class FacebookFieldsTest < ActiveSupport::TestCase
|
|
8
8
|
def setup
|
|
9
9
|
@user = UserWithFb.new
|
|
10
|
-
|
|
10
|
+
|
|
11
11
|
@john = UserWithFb.find_by_id(users(:john).id)
|
|
12
12
|
@jane = UserWithFb.find_by_id(users(:jane).id)
|
|
13
13
|
@bill = UserWithFb.find_by_id(users(:bill).id)
|
|
14
14
|
end
|
|
15
|
-
|
|
15
|
+
|
|
16
16
|
test 'setup' do
|
|
17
17
|
assert @user.valid?
|
|
18
18
|
end
|
|
19
|
-
|
|
19
|
+
|
|
20
20
|
test 'facebook_credential' do
|
|
21
21
|
assert_equal credentials(:john_facebook), @john.facebook_credential
|
|
22
22
|
assert_equal credentials(:jane_facebook), @jane.facebook_credential
|
|
@@ -52,9 +52,9 @@ class FacebookFieldsTest < ActiveSupport::TestCase
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
test 'for_facebook_token' do
|
|
55
|
-
|
|
55
|
+
Credentials::Facebook.expects(:uid_from_token).at_least_once.
|
|
56
56
|
with(credentials(:john_facebook).key).
|
|
57
|
-
|
|
57
|
+
returns credentials(:john_facebook).facebook_uid
|
|
58
58
|
assert_equal users(:john),
|
|
59
59
|
UserWithFb.for_facebook_token(credentials(:john_facebook).access_token)
|
|
60
60
|
end
|
|
@@ -6,8 +6,8 @@ end
|
|
|
6
6
|
|
|
7
7
|
class PasswordFieldTest < ActiveSupport::TestCase
|
|
8
8
|
def setup
|
|
9
|
-
@user = UserWithPassword.new :
|
|
10
|
-
:
|
|
9
|
+
@user = UserWithPassword.new password: 'awesome',
|
|
10
|
+
password_confirmation: 'awesome'
|
|
11
11
|
|
|
12
12
|
@john = UserWithPassword.find_by_id(users(:john).id)
|
|
13
13
|
@jane = UserWithPassword.find_by_id(users(:jane).id)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authpwn_rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.14.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
12
|
+
date: 2013-03-14 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: fbgraph_rails
|
|
@@ -34,7 +34,7 @@ dependencies:
|
|
|
34
34
|
requirements:
|
|
35
35
|
- - ! '>='
|
|
36
36
|
- !ruby/object:Gem::Version
|
|
37
|
-
version: 3.2.
|
|
37
|
+
version: 3.2.12
|
|
38
38
|
type: :runtime
|
|
39
39
|
prerelease: false
|
|
40
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -42,7 +42,7 @@ dependencies:
|
|
|
42
42
|
requirements:
|
|
43
43
|
- - ! '>='
|
|
44
44
|
- !ruby/object:Gem::Version
|
|
45
|
-
version: 3.2.
|
|
45
|
+
version: 3.2.12
|
|
46
46
|
- !ruby/object:Gem::Dependency
|
|
47
47
|
name: bundler
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -50,7 +50,7 @@ dependencies:
|
|
|
50
50
|
requirements:
|
|
51
51
|
- - ! '>='
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: 1.
|
|
53
|
+
version: 1.3.3
|
|
54
54
|
type: :development
|
|
55
55
|
prerelease: false
|
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -58,15 +58,15 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - ! '>='
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 1.
|
|
61
|
+
version: 1.3.3
|
|
62
62
|
- !ruby/object:Gem::Dependency
|
|
63
|
-
name:
|
|
63
|
+
name: mocha
|
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
|
65
65
|
none: false
|
|
66
66
|
requirements:
|
|
67
67
|
- - ! '>='
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version:
|
|
69
|
+
version: 0.13.3
|
|
70
70
|
type: :development
|
|
71
71
|
prerelease: false
|
|
72
72
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -74,7 +74,7 @@ dependencies:
|
|
|
74
74
|
requirements:
|
|
75
75
|
- - ! '>='
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version:
|
|
77
|
+
version: 0.13.3
|
|
78
78
|
- !ruby/object:Gem::Dependency
|
|
79
79
|
name: jeweler
|
|
80
80
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -91,22 +91,6 @@ dependencies:
|
|
|
91
91
|
- - ! '>='
|
|
92
92
|
- !ruby/object:Gem::Version
|
|
93
93
|
version: 1.8.4
|
|
94
|
-
- !ruby/object:Gem::Dependency
|
|
95
|
-
name: rcov
|
|
96
|
-
requirement: !ruby/object:Gem::Requirement
|
|
97
|
-
none: false
|
|
98
|
-
requirements:
|
|
99
|
-
- - ! '>='
|
|
100
|
-
- !ruby/object:Gem::Version
|
|
101
|
-
version: '0'
|
|
102
|
-
type: :development
|
|
103
|
-
prerelease: false
|
|
104
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
-
none: false
|
|
106
|
-
requirements:
|
|
107
|
-
- - ! '>='
|
|
108
|
-
- !ruby/object:Gem::Version
|
|
109
|
-
version: '0'
|
|
110
94
|
- !ruby/object:Gem::Dependency
|
|
111
95
|
name: simplecov
|
|
112
96
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -184,6 +168,8 @@ files:
|
|
|
184
168
|
- .travis.yml
|
|
185
169
|
- Gemfile
|
|
186
170
|
- Gemfile.lock
|
|
171
|
+
- Gemfile.rails3
|
|
172
|
+
- Gemfile.rails4
|
|
187
173
|
- LICENSE
|
|
188
174
|
- README.rdoc
|
|
189
175
|
- Rakefile
|
|
@@ -252,6 +238,7 @@ files:
|
|
|
252
238
|
- test/fixtures/bare_session/new.html.erb
|
|
253
239
|
- test/fixtures/bare_session/password_change.html.erb
|
|
254
240
|
- test/fixtures/bare_session/welcome.html.erb
|
|
241
|
+
- test/helpers/action_controller.rb
|
|
255
242
|
- test/helpers/action_mailer.rb
|
|
256
243
|
- test/helpers/application_controller.rb
|
|
257
244
|
- test/helpers/autoload_path.rb
|
|
@@ -287,7 +274,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
287
274
|
version: '0'
|
|
288
275
|
segments:
|
|
289
276
|
- 0
|
|
290
|
-
hash: -
|
|
277
|
+
hash: -1894489992034246350
|
|
291
278
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
292
279
|
none: false
|
|
293
280
|
requirements:
|
|
@@ -296,7 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
296
283
|
version: '0'
|
|
297
284
|
requirements: []
|
|
298
285
|
rubyforge_project:
|
|
299
|
-
rubygems_version: 1.8.
|
|
286
|
+
rubygems_version: 1.8.25
|
|
300
287
|
signing_key:
|
|
301
288
|
specification_version: 3
|
|
302
289
|
summary: User authentication for Rails 3 applications.
|