brainsome_devise 3.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (234) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +10 -0
  3. data/.travis.yml +35 -0
  4. data/.yardopts +9 -0
  5. data/CHANGELOG.md +1086 -0
  6. data/CONTRIBUTING.md +14 -0
  7. data/Gemfile +29 -0
  8. data/Gemfile.lock +166 -0
  9. data/MIT-LICENSE +20 -0
  10. data/README.md +506 -0
  11. data/Rakefile +35 -0
  12. data/app/controllers/devise/confirmations_controller.rb +47 -0
  13. data/app/controllers/devise/omniauth_callbacks_controller.rb +30 -0
  14. data/app/controllers/devise/passwords_controller.rb +70 -0
  15. data/app/controllers/devise/registrations_controller.rb +148 -0
  16. data/app/controllers/devise/sessions_controller.rb +76 -0
  17. data/app/controllers/devise/unlocks_controller.rb +46 -0
  18. data/app/controllers/devise_controller.rb +176 -0
  19. data/app/helpers/devise_helper.rb +25 -0
  20. data/app/mailers/devise/mailer.rb +20 -0
  21. data/app/views/devise/confirmations/new.html.erb +12 -0
  22. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  23. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  24. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  25. data/app/views/devise/passwords/edit.html.erb +16 -0
  26. data/app/views/devise/passwords/new.html.erb +12 -0
  27. data/app/views/devise/registrations/edit.html.erb +29 -0
  28. data/app/views/devise/registrations/new.html.erb +18 -0
  29. data/app/views/devise/sessions/new.html.erb +17 -0
  30. data/app/views/devise/shared/_links.html.erb +25 -0
  31. data/app/views/devise/unlocks/new.html.erb +12 -0
  32. data/config/locales/en.yml +60 -0
  33. data/devise.gemspec +27 -0
  34. data/devise.png +0 -0
  35. data/gemfiles/Gemfile.rails-3.2-stable +29 -0
  36. data/gemfiles/Gemfile.rails-3.2-stable.lock +166 -0
  37. data/gemfiles/Gemfile.rails-4.0-stable +29 -0
  38. data/gemfiles/Gemfile.rails-4.0-stable.lock +162 -0
  39. data/gemfiles/Gemfile.rails-head +32 -0
  40. data/gemfiles/Gemfile.rails-head.lock +206 -0
  41. data/lib/devise.rb +495 -0
  42. data/lib/devise/controllers/helpers.rb +284 -0
  43. data/lib/devise/controllers/rememberable.rb +47 -0
  44. data/lib/devise/controllers/scoped_views.rb +17 -0
  45. data/lib/devise/controllers/sign_in_out.rb +102 -0
  46. data/lib/devise/controllers/store_location.rb +56 -0
  47. data/lib/devise/controllers/url_helpers.rb +69 -0
  48. data/lib/devise/delegator.rb +16 -0
  49. data/lib/devise/failure_app.rb +205 -0
  50. data/lib/devise/hooks/activatable.rb +10 -0
  51. data/lib/devise/hooks/csrf_cleaner.rb +7 -0
  52. data/lib/devise/hooks/forgetable.rb +9 -0
  53. data/lib/devise/hooks/lockable.rb +7 -0
  54. data/lib/devise/hooks/proxy.rb +21 -0
  55. data/lib/devise/hooks/rememberable.rb +7 -0
  56. data/lib/devise/hooks/timeoutable.rb +35 -0
  57. data/lib/devise/hooks/trackable.rb +9 -0
  58. data/lib/devise/mailers/helpers.rb +90 -0
  59. data/lib/devise/mapping.rb +175 -0
  60. data/lib/devise/models.rb +119 -0
  61. data/lib/devise/models/authenticatable.rb +284 -0
  62. data/lib/devise/models/confirmable.rb +295 -0
  63. data/lib/devise/models/database_authenticatable.rb +164 -0
  64. data/lib/devise/models/lockable.rb +196 -0
  65. data/lib/devise/models/omniauthable.rb +27 -0
  66. data/lib/devise/models/recoverable.rb +147 -0
  67. data/lib/devise/models/registerable.rb +25 -0
  68. data/lib/devise/models/rememberable.rb +129 -0
  69. data/lib/devise/models/timeoutable.rb +49 -0
  70. data/lib/devise/models/trackable.rb +38 -0
  71. data/lib/devise/models/validatable.rb +66 -0
  72. data/lib/devise/modules.rb +28 -0
  73. data/lib/devise/omniauth.rb +28 -0
  74. data/lib/devise/omniauth/config.rb +45 -0
  75. data/lib/devise/omniauth/url_helpers.rb +18 -0
  76. data/lib/devise/orm/active_record.rb +3 -0
  77. data/lib/devise/orm/mongoid.rb +3 -0
  78. data/lib/devise/parameter_filter.rb +40 -0
  79. data/lib/devise/parameter_sanitizer.rb +99 -0
  80. data/lib/devise/rails.rb +56 -0
  81. data/lib/devise/rails/routes.rb +498 -0
  82. data/lib/devise/rails/warden_compat.rb +22 -0
  83. data/lib/devise/strategies/authenticatable.rb +174 -0
  84. data/lib/devise/strategies/base.rb +20 -0
  85. data/lib/devise/strategies/database_authenticatable.rb +23 -0
  86. data/lib/devise/strategies/rememberable.rb +55 -0
  87. data/lib/devise/test_helpers.rb +132 -0
  88. data/lib/devise/time_inflector.rb +14 -0
  89. data/lib/devise/token_generator.rb +70 -0
  90. data/lib/devise/version.rb +3 -0
  91. data/lib/generators/active_record/devise_generator.rb +91 -0
  92. data/lib/generators/active_record/templates/migration.rb +18 -0
  93. data/lib/generators/active_record/templates/migration_existing.rb +25 -0
  94. data/lib/generators/devise/devise_generator.rb +26 -0
  95. data/lib/generators/devise/install_generator.rb +29 -0
  96. data/lib/generators/devise/orm_helpers.rb +51 -0
  97. data/lib/generators/devise/views_generator.rb +135 -0
  98. data/lib/generators/mongoid/devise_generator.rb +55 -0
  99. data/lib/generators/templates/README +35 -0
  100. data/lib/generators/templates/devise.rb +263 -0
  101. data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
  102. data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
  103. data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
  104. data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +16 -0
  105. data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
  106. data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
  107. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +27 -0
  108. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
  109. data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
  110. data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +16 -0
  111. data/script/cached-bundle +49 -0
  112. data/script/s3-put +71 -0
  113. data/test/controllers/custom_registrations_controller_test.rb +35 -0
  114. data/test/controllers/custom_strategy_test.rb +62 -0
  115. data/test/controllers/helpers_test.rb +311 -0
  116. data/test/controllers/internal_helpers_test.rb +123 -0
  117. data/test/controllers/passwords_controller_test.rb +31 -0
  118. data/test/controllers/sessions_controller_test.rb +103 -0
  119. data/test/controllers/url_helpers_test.rb +59 -0
  120. data/test/delegator_test.rb +19 -0
  121. data/test/devise_test.rb +107 -0
  122. data/test/failure_app_test.rb +268 -0
  123. data/test/generators/active_record_generator_test.rb +109 -0
  124. data/test/generators/devise_generator_test.rb +39 -0
  125. data/test/generators/install_generator_test.rb +13 -0
  126. data/test/generators/mongoid_generator_test.rb +23 -0
  127. data/test/generators/views_generator_test.rb +96 -0
  128. data/test/helpers/devise_helper_test.rb +52 -0
  129. data/test/integration/authenticatable_test.rb +729 -0
  130. data/test/integration/confirmable_test.rb +324 -0
  131. data/test/integration/database_authenticatable_test.rb +84 -0
  132. data/test/integration/http_authenticatable_test.rb +105 -0
  133. data/test/integration/lockable_test.rb +239 -0
  134. data/test/integration/omniauthable_test.rb +133 -0
  135. data/test/integration/recoverable_test.rb +334 -0
  136. data/test/integration/registerable_test.rb +359 -0
  137. data/test/integration/rememberable_test.rb +167 -0
  138. data/test/integration/timeoutable_test.rb +189 -0
  139. data/test/integration/trackable_test.rb +92 -0
  140. data/test/mailers/confirmation_instructions_test.rb +115 -0
  141. data/test/mailers/reset_password_instructions_test.rb +96 -0
  142. data/test/mailers/unlock_instructions_test.rb +91 -0
  143. data/test/mapping_test.rb +127 -0
  144. data/test/models/authenticatable_test.rb +13 -0
  145. data/test/models/confirmable_test.rb +454 -0
  146. data/test/models/database_authenticatable_test.rb +249 -0
  147. data/test/models/lockable_test.rb +322 -0
  148. data/test/models/omniauthable_test.rb +7 -0
  149. data/test/models/recoverable_test.rb +196 -0
  150. data/test/models/registerable_test.rb +7 -0
  151. data/test/models/rememberable_test.rb +198 -0
  152. data/test/models/serializable_test.rb +49 -0
  153. data/test/models/timeoutable_test.rb +51 -0
  154. data/test/models/trackable_test.rb +41 -0
  155. data/test/models/validatable_test.rb +127 -0
  156. data/test/models_test.rb +144 -0
  157. data/test/omniauth/config_test.rb +57 -0
  158. data/test/omniauth/url_helpers_test.rb +54 -0
  159. data/test/orm/active_record.rb +10 -0
  160. data/test/orm/mongoid.rb +13 -0
  161. data/test/parameter_sanitizer_test.rb +81 -0
  162. data/test/rails_app/Rakefile +6 -0
  163. data/test/rails_app/app/active_record/admin.rb +6 -0
  164. data/test/rails_app/app/active_record/shim.rb +2 -0
  165. data/test/rails_app/app/active_record/user.rb +6 -0
  166. data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
  167. data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
  168. data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
  169. data/test/rails_app/app/controllers/admins_controller.rb +11 -0
  170. data/test/rails_app/app/controllers/application_controller.rb +12 -0
  171. data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
  172. data/test/rails_app/app/controllers/custom/registrations_controller.rb +21 -0
  173. data/test/rails_app/app/controllers/home_controller.rb +25 -0
  174. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
  175. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
  176. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
  177. data/test/rails_app/app/controllers/users_controller.rb +31 -0
  178. data/test/rails_app/app/helpers/application_helper.rb +3 -0
  179. data/test/rails_app/app/mailers/users/mailer.rb +12 -0
  180. data/test/rails_app/app/mongoid/admin.rb +29 -0
  181. data/test/rails_app/app/mongoid/shim.rb +23 -0
  182. data/test/rails_app/app/mongoid/user.rb +39 -0
  183. data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
  184. data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
  185. data/test/rails_app/app/views/admins/index.html.erb +1 -0
  186. data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
  187. data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
  188. data/test/rails_app/app/views/home/index.html.erb +1 -0
  189. data/test/rails_app/app/views/home/join.html.erb +1 -0
  190. data/test/rails_app/app/views/home/private.html.erb +1 -0
  191. data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
  192. data/test/rails_app/app/views/layouts/application.html.erb +24 -0
  193. data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
  194. data/test/rails_app/app/views/users/index.html.erb +1 -0
  195. data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
  196. data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
  197. data/test/rails_app/bin/bundle +3 -0
  198. data/test/rails_app/bin/rails +4 -0
  199. data/test/rails_app/bin/rake +4 -0
  200. data/test/rails_app/config.ru +4 -0
  201. data/test/rails_app/config/application.rb +40 -0
  202. data/test/rails_app/config/boot.rb +14 -0
  203. data/test/rails_app/config/database.yml +18 -0
  204. data/test/rails_app/config/environment.rb +5 -0
  205. data/test/rails_app/config/environments/development.rb +30 -0
  206. data/test/rails_app/config/environments/production.rb +80 -0
  207. data/test/rails_app/config/environments/test.rb +36 -0
  208. data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
  209. data/test/rails_app/config/initializers/devise.rb +183 -0
  210. data/test/rails_app/config/initializers/inflections.rb +2 -0
  211. data/test/rails_app/config/initializers/secret_token.rb +8 -0
  212. data/test/rails_app/config/initializers/session_store.rb +1 -0
  213. data/test/rails_app/config/routes.rb +122 -0
  214. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +71 -0
  215. data/test/rails_app/db/schema.rb +55 -0
  216. data/test/rails_app/lib/shared_admin.rb +17 -0
  217. data/test/rails_app/lib/shared_user.rb +29 -0
  218. data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
  219. data/test/rails_app/public/404.html +26 -0
  220. data/test/rails_app/public/422.html +26 -0
  221. data/test/rails_app/public/500.html +26 -0
  222. data/test/rails_app/public/favicon.ico +0 -0
  223. data/test/routes_test.rb +264 -0
  224. data/test/support/action_controller/record_identifier.rb +10 -0
  225. data/test/support/assertions.rb +39 -0
  226. data/test/support/helpers.rb +70 -0
  227. data/test/support/integration.rb +92 -0
  228. data/test/support/locale/en.yml +8 -0
  229. data/test/support/mongoid.yml +6 -0
  230. data/test/support/webrat/integrations/rails.rb +24 -0
  231. data/test/test_helper.rb +29 -0
  232. data/test/test_helpers_test.rb +163 -0
  233. data/test/test_models.rb +33 -0
  234. metadata +474 -0
@@ -0,0 +1,96 @@
1
+ require "test_helper"
2
+
3
+ class ViewsGeneratorTest < Rails::Generators::TestCase
4
+ tests Devise::Generators::ViewsGenerator
5
+ destination File.expand_path("../../tmp", __FILE__)
6
+ setup :prepare_destination
7
+
8
+ test "Assert all views are properly created with no params" do
9
+ run_generator
10
+ assert_files
11
+ assert_shared_links
12
+ end
13
+
14
+ test "Assert all views are properly created with scope param" do
15
+ run_generator %w(users)
16
+ assert_files "users"
17
+ assert_shared_links "users"
18
+
19
+ run_generator %w(admins)
20
+ assert_files "admins"
21
+ assert_shared_links "admins"
22
+ end
23
+
24
+ test "Assert views with simple form" do
25
+ run_generator %w(-b simple_form_for)
26
+ assert_files
27
+ assert_file "app/views/devise/confirmations/new.html.erb", /simple_form_for/
28
+
29
+ run_generator %w(users -b simple_form_for)
30
+ assert_files "users"
31
+ assert_file "app/views/users/confirmations/new.html.erb", /simple_form_for/
32
+ end
33
+
34
+ test "Assert views with markerb" do
35
+ run_generator %w(--markerb)
36
+ assert_files nil, mail_template_engine: "markerb"
37
+ end
38
+
39
+
40
+ test "Assert only views within specified directories" do
41
+ run_generator %w(-v sessions registrations)
42
+ assert_file "app/views/devise/sessions/new.html.erb"
43
+ assert_file "app/views/devise/registrations/new.html.erb"
44
+ assert_file "app/views/devise/registrations/edit.html.erb"
45
+ assert_no_file "app/views/devise/confirmations/new.html.erb"
46
+ assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb"
47
+ end
48
+
49
+ test "Assert specified directories with scope" do
50
+ run_generator %w(users -v sessions)
51
+ assert_file "app/views/users/sessions/new.html.erb"
52
+ assert_no_file "app/views/users/confirmations/new.html.erb"
53
+ end
54
+
55
+ test "Assert specified directories with simple form" do
56
+ run_generator %w(-v registrations -b simple_form_for)
57
+ assert_file "app/views/devise/registrations/new.html.erb", /simple_form_for/
58
+ assert_no_file "app/views/devise/confirmations/new.html.erb"
59
+ end
60
+
61
+ test "Assert specified directories with markerb" do
62
+ run_generator %w(--markerb -v passwords mailer)
63
+ assert_file "app/views/devise/passwords/new.html.erb"
64
+ assert_no_file "app/views/devise/confirmations/new.html.erb"
65
+ assert_file "app/views/devise/mailer/reset_password_instructions.markerb"
66
+ end
67
+
68
+ def assert_files(scope = nil, options={})
69
+ scope = "devise" if scope.nil?
70
+ mail_template_engine = options[:mail_template_engine] || "html.erb"
71
+
72
+ assert_file "app/views/#{scope}/confirmations/new.html.erb"
73
+ assert_file "app/views/#{scope}/mailer/confirmation_instructions.#{mail_template_engine}"
74
+ assert_file "app/views/#{scope}/mailer/reset_password_instructions.#{mail_template_engine}"
75
+ assert_file "app/views/#{scope}/mailer/unlock_instructions.#{mail_template_engine}"
76
+ assert_file "app/views/#{scope}/passwords/edit.html.erb"
77
+ assert_file "app/views/#{scope}/passwords/new.html.erb"
78
+ assert_file "app/views/#{scope}/registrations/new.html.erb"
79
+ assert_file "app/views/#{scope}/registrations/edit.html.erb"
80
+ assert_file "app/views/#{scope}/sessions/new.html.erb"
81
+ assert_file "app/views/#{scope}/shared/_links.html.erb"
82
+ assert_file "app/views/#{scope}/unlocks/new.html.erb"
83
+ end
84
+
85
+ def assert_shared_links(scope = nil)
86
+ scope = "devise" if scope.nil?
87
+ link = /<%= render \"#{scope}\/shared\/links\" %>/
88
+
89
+ assert_file "app/views/#{scope}/passwords/edit.html.erb", link
90
+ assert_file "app/views/#{scope}/passwords/new.html.erb", link
91
+ assert_file "app/views/#{scope}/confirmations/new.html.erb", link
92
+ assert_file "app/views/#{scope}/registrations/new.html.erb", link
93
+ assert_file "app/views/#{scope}/sessions/new.html.erb", link
94
+ assert_file "app/views/#{scope}/unlocks/new.html.erb", link
95
+ end
96
+ end
@@ -0,0 +1,52 @@
1
+ require 'test_helper'
2
+
3
+ class DeviseHelperTest < ActionDispatch::IntegrationTest
4
+ setup do
5
+ model_labels = { models: { user: "utilisateur" } }
6
+ # TODO: Remove this hack that fixes the I18n performance safeguards that
7
+ # breaks the custom locale.
8
+ I18n.available_locales += [:fr]
9
+ I18n.backend.store_translations :fr,
10
+ {
11
+ errors: { messages: { not_saved: {
12
+ one: "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.",
13
+ other: "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs."
14
+ } } },
15
+ activerecord: model_labels,
16
+ mongoid: model_labels
17
+ }
18
+
19
+ I18n.locale = 'fr'
20
+ end
21
+
22
+ teardown do
23
+ I18n.locale = 'en'
24
+ end
25
+
26
+ test 'test errors.messages.not_saved with single error from i18n' do
27
+ get new_user_registration_path
28
+
29
+ fill_in 'password', with: 'new_user123'
30
+ fill_in 'password confirmation', with: 'new_user123'
31
+ click_button 'Sign up'
32
+
33
+ assert_have_selector '#error_explanation'
34
+ assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 1 erreur"
35
+ end
36
+
37
+ test 'test errors.messages.not_saved with multiple errors from i18n' do
38
+ # Dirty tracking behavior prevents email validations from being applied:
39
+ # https://github.com/mongoid/mongoid/issues/756
40
+ (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
41
+
42
+ get new_user_registration_path
43
+
44
+ fill_in 'email', with: 'invalid_email'
45
+ fill_in 'password', with: 'new_user123'
46
+ fill_in 'password confirmation', with: 'new_user321'
47
+ click_button 'Sign up'
48
+
49
+ assert_have_selector '#error_explanation'
50
+ assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 2 erreurs"
51
+ end
52
+ end
@@ -0,0 +1,729 @@
1
+ require 'test_helper'
2
+
3
+ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
4
+ test 'home should be accessible without sign in' do
5
+ visit '/'
6
+ assert_response :success
7
+ assert_template 'home/index'
8
+ end
9
+
10
+ test 'sign in as user should not authenticate admin scope' do
11
+ sign_in_as_user
12
+ assert warden.authenticated?(:user)
13
+ assert_not warden.authenticated?(:admin)
14
+ end
15
+
16
+ test 'sign in as admin should not authenticate user scope' do
17
+ sign_in_as_admin
18
+ assert warden.authenticated?(:admin)
19
+ assert_not warden.authenticated?(:user)
20
+ end
21
+
22
+ test 'sign in as both user and admin at same time' do
23
+ sign_in_as_user
24
+ sign_in_as_admin
25
+ assert warden.authenticated?(:user)
26
+ assert warden.authenticated?(:admin)
27
+ end
28
+
29
+ test 'sign out as user should not touch admin authentication if sign_out_all_scopes is false' do
30
+ swap Devise, sign_out_all_scopes: false do
31
+ sign_in_as_user
32
+ sign_in_as_admin
33
+ get destroy_user_session_path
34
+ assert_not warden.authenticated?(:user)
35
+ assert warden.authenticated?(:admin)
36
+ end
37
+ end
38
+
39
+ test 'sign out as admin should not touch user authentication if sign_out_all_scopes is false' do
40
+ swap Devise, sign_out_all_scopes: false do
41
+ sign_in_as_user
42
+ sign_in_as_admin
43
+
44
+ get destroy_admin_session_path
45
+ assert_not warden.authenticated?(:admin)
46
+ assert warden.authenticated?(:user)
47
+ end
48
+ end
49
+
50
+ test 'sign out as user should also sign out admin if sign_out_all_scopes is true' do
51
+ swap Devise, sign_out_all_scopes: true do
52
+ sign_in_as_user
53
+ sign_in_as_admin
54
+
55
+ get destroy_user_session_path
56
+ assert_not warden.authenticated?(:user)
57
+ assert_not warden.authenticated?(:admin)
58
+ end
59
+ end
60
+
61
+ test 'sign out as admin should also sign out user if sign_out_all_scopes is true' do
62
+ swap Devise, sign_out_all_scopes: true do
63
+ sign_in_as_user
64
+ sign_in_as_admin
65
+
66
+ get destroy_admin_session_path
67
+ assert_not warden.authenticated?(:admin)
68
+ assert_not warden.authenticated?(:user)
69
+ end
70
+ end
71
+
72
+ test 'not signed in as admin should not be able to access admins actions' do
73
+ get admins_path
74
+ assert_redirected_to new_admin_session_path
75
+ assert_not warden.authenticated?(:admin)
76
+ end
77
+
78
+ test 'signed in as user should not be able to access admins actions' do
79
+ sign_in_as_user
80
+ assert warden.authenticated?(:user)
81
+ assert_not warden.authenticated?(:admin)
82
+
83
+ get admins_path
84
+ assert_redirected_to new_admin_session_path
85
+ end
86
+
87
+ test 'signed in as admin should be able to access admin actions' do
88
+ sign_in_as_admin
89
+ assert warden.authenticated?(:admin)
90
+ assert_not warden.authenticated?(:user)
91
+
92
+ get admins_path
93
+
94
+ assert_response :success
95
+ assert_template 'admins/index'
96
+ assert_contain 'Welcome Admin'
97
+ end
98
+
99
+ test 'authenticated admin should not be able to sign as admin again' do
100
+ sign_in_as_admin
101
+ get new_admin_session_path
102
+
103
+ assert_response :redirect
104
+ assert_redirected_to admin_root_path
105
+ assert warden.authenticated?(:admin)
106
+ end
107
+
108
+ test 'authenticated admin should be able to sign out' do
109
+ sign_in_as_admin
110
+ assert warden.authenticated?(:admin)
111
+
112
+ get destroy_admin_session_path
113
+ assert_response :redirect
114
+ assert_redirected_to root_path
115
+
116
+ get root_path
117
+ assert_contain 'Signed out successfully'
118
+ assert_not warden.authenticated?(:admin)
119
+ end
120
+
121
+ test 'unauthenticated admin set message on sign out' do
122
+ get destroy_admin_session_path
123
+ assert_response :redirect
124
+ assert_redirected_to root_path
125
+
126
+ get root_path
127
+ assert_contain 'Signed out successfully'
128
+ end
129
+
130
+ test 'scope uses custom failure app' do
131
+ put "/en/accounts/management"
132
+ assert_equal "Oops, not found", response.body
133
+ assert_equal 404, response.status
134
+ end
135
+ end
136
+
137
+ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
138
+ test 'not signed in should not be able to access private route (authenticate denied)' do
139
+ get private_path
140
+ assert_redirected_to new_admin_session_path
141
+ assert_not warden.authenticated?(:admin)
142
+ end
143
+
144
+ test 'signed in as user should not be able to access private route restricted to admins (authenticate denied)' do
145
+ sign_in_as_user
146
+ assert warden.authenticated?(:user)
147
+ assert_not warden.authenticated?(:admin)
148
+ get private_path
149
+ assert_redirected_to new_admin_session_path
150
+ end
151
+
152
+ test 'signed in as admin should be able to access private route restricted to admins (authenticate accepted)' do
153
+ sign_in_as_admin
154
+ assert warden.authenticated?(:admin)
155
+ assert_not warden.authenticated?(:user)
156
+
157
+ get private_path
158
+
159
+ assert_response :success
160
+ assert_template 'home/private'
161
+ assert_contain 'Private!'
162
+ end
163
+
164
+ test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do
165
+ sign_in_as_admin(active: false)
166
+ assert warden.authenticated?(:admin)
167
+ assert_not warden.authenticated?(:user)
168
+
169
+ assert_raises ActionController::RoutingError do
170
+ get "/private/active"
171
+ end
172
+ end
173
+
174
+ test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do
175
+ sign_in_as_admin(active: true)
176
+ assert warden.authenticated?(:admin)
177
+ assert_not warden.authenticated?(:user)
178
+
179
+ get private_active_path
180
+
181
+ assert_response :success
182
+ assert_template 'home/private'
183
+ assert_contain 'Private!'
184
+ end
185
+
186
+ test 'signed in as admin should get admin dashboard (authenticated accepted)' do
187
+ sign_in_as_admin
188
+ assert warden.authenticated?(:admin)
189
+ assert_not warden.authenticated?(:user)
190
+
191
+ get dashboard_path
192
+
193
+ assert_response :success
194
+ assert_template 'home/admin_dashboard'
195
+ assert_contain 'Admin dashboard'
196
+ end
197
+
198
+ test 'signed in as user should get user dashboard (authenticated accepted)' do
199
+ sign_in_as_user
200
+ assert warden.authenticated?(:user)
201
+ assert_not warden.authenticated?(:admin)
202
+
203
+ get dashboard_path
204
+
205
+ assert_response :success
206
+ assert_template 'home/user_dashboard'
207
+ assert_contain 'User dashboard'
208
+ end
209
+
210
+ test 'not signed in should get no dashboard (authenticated denied)' do
211
+ assert_raises ActionController::RoutingError do
212
+ get dashboard_path
213
+ end
214
+ end
215
+
216
+ test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do
217
+ sign_in_as_admin(active: false)
218
+ assert warden.authenticated?(:admin)
219
+ assert_not warden.authenticated?(:user)
220
+
221
+ assert_raises ActionController::RoutingError do
222
+ get "/dashboard/active"
223
+ end
224
+ end
225
+
226
+ test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do
227
+ sign_in_as_admin(active: true)
228
+ assert warden.authenticated?(:admin)
229
+ assert_not warden.authenticated?(:user)
230
+
231
+ get dashboard_active_path
232
+
233
+ assert_response :success
234
+ assert_template 'home/admin_dashboard'
235
+ assert_contain 'Admin dashboard'
236
+ end
237
+
238
+ test 'signed in user should not see unauthenticated page (unauthenticated denied)' do
239
+ sign_in_as_user
240
+ assert warden.authenticated?(:user)
241
+ assert_not warden.authenticated?(:admin)
242
+
243
+ assert_raises ActionController::RoutingError do
244
+ get join_path
245
+ end
246
+ end
247
+
248
+ test 'not signed in users should see unautheticated page (unauthenticated accepted)' do
249
+ get join_path
250
+
251
+ assert_response :success
252
+ assert_template 'home/join'
253
+ assert_contain 'Join'
254
+ end
255
+ end
256
+
257
+ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
258
+ test 'redirect from warden shows sign in or sign up message' do
259
+ get admins_path
260
+
261
+ warden_path = new_admin_session_path
262
+ assert_redirected_to warden_path
263
+
264
+ get warden_path
265
+ assert_contain 'You need to sign in or sign up before continuing.'
266
+ end
267
+
268
+ test 'redirect to default url if no other was configured' do
269
+ sign_in_as_user
270
+ assert_template 'home/index'
271
+ assert_nil session[:"user_return_to"]
272
+ end
273
+
274
+ test 'redirect to requested url after sign in' do
275
+ get users_path
276
+ assert_redirected_to new_user_session_path
277
+ assert_equal users_path, session[:"user_return_to"]
278
+
279
+ follow_redirect!
280
+ sign_in_as_user visit: false
281
+
282
+ assert_current_url '/users'
283
+ assert_nil session[:"user_return_to"]
284
+ end
285
+
286
+ test 'redirect to last requested url overwriting the stored return_to option' do
287
+ get expire_user_path(create_user)
288
+ assert_redirected_to new_user_session_path
289
+ assert_equal expire_user_path(create_user), session[:"user_return_to"]
290
+
291
+ get users_path
292
+ assert_redirected_to new_user_session_path
293
+ assert_equal users_path, session[:"user_return_to"]
294
+
295
+ follow_redirect!
296
+ sign_in_as_user visit: false
297
+
298
+ assert_current_url '/users'
299
+ assert_nil session[:"user_return_to"]
300
+ end
301
+
302
+ test 'xml http requests does not store urls for redirect' do
303
+ get users_path, {}, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'
304
+ assert_equal 401, response.status
305
+ assert_nil session[:"user_return_to"]
306
+ end
307
+
308
+ test 'redirect to configured home path for a given scope after sign in' do
309
+ sign_in_as_admin
310
+ assert_equal "/admin_area/home", @request.path
311
+ end
312
+
313
+ test 'require_no_authentication should set the already_authenticated flash message' do
314
+ sign_in_as_user
315
+ visit new_user_session_path
316
+ assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated")
317
+ end
318
+ end
319
+
320
+ class AuthenticationSessionTest < ActionDispatch::IntegrationTest
321
+ test 'destroyed account is signed out' do
322
+ sign_in_as_user
323
+ get '/users'
324
+
325
+ User.destroy_all
326
+ get '/users'
327
+ assert_redirected_to new_user_session_path
328
+ end
329
+
330
+ test 'refreshes _csrf_token' do
331
+ ApplicationController.allow_forgery_protection = true
332
+
333
+ begin
334
+ get new_user_session_path
335
+ token = request.session[:_csrf_token]
336
+
337
+ sign_in_as_user
338
+ assert_not_equal request.session[:_csrf_token], token
339
+ ensure
340
+ ApplicationController.allow_forgery_protection = false
341
+ end
342
+ end
343
+
344
+ test 'allows session to be set for a given scope' do
345
+ sign_in_as_user
346
+ get '/users'
347
+ assert_equal "Cart", @controller.user_session[:cart]
348
+ end
349
+
350
+ test 'does not explode when class name is still stored in session' do
351
+ # In order to test that old sessions do not break with the new scoped
352
+ # deserialization, we need to serialize the session the old way. This is
353
+ # done by removing the newly used scoped serialization method
354
+ # (#user_serialize) and bringing back the old uncsoped #serialize method
355
+ # that includes the record's class name in the serialization.
356
+ begin
357
+ Warden::SessionSerializer.class_eval do
358
+ alias_method :original_serialize, :serialize
359
+ alias_method :original_user_serialize, :user_serialize
360
+ remove_method :user_serialize
361
+
362
+ def serialize(record)
363
+ klass = record.class
364
+ array = klass.serialize_into_session(record)
365
+ array.unshift(klass.name)
366
+ end
367
+ end
368
+
369
+ sign_in_as_user
370
+ assert warden.authenticated?(:user)
371
+ ensure
372
+ Warden::SessionSerializer.class_eval do
373
+ alias_method :serialize, :original_serialize
374
+ remove_method :original_serialize
375
+ alias_method :user_serialize, :original_user_serialize
376
+ remove_method :original_user_serialize
377
+ end
378
+ end
379
+ end
380
+
381
+ test 'session id is changed on sign in' do
382
+ get '/users'
383
+ session_id = request.session["session_id"]
384
+
385
+ get '/users'
386
+ assert_equal session_id, request.session["session_id"]
387
+
388
+ sign_in_as_user
389
+ assert_not_equal session_id, request.session["session_id"]
390
+ end
391
+ end
392
+
393
+ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
394
+ test 'renders the scoped view if turned on and view is available' do
395
+ swap Devise, scoped_views: true do
396
+ assert_raise Webrat::NotFoundError do
397
+ sign_in_as_user
398
+ end
399
+ assert_match /Special user view/, response.body
400
+ end
401
+ end
402
+
403
+ test 'renders the scoped view if turned on in an specific controller' do
404
+ begin
405
+ Devise::SessionsController.scoped_views = true
406
+ assert_raise Webrat::NotFoundError do
407
+ sign_in_as_user
408
+ end
409
+
410
+ assert_match /Special user view/, response.body
411
+ assert !Devise::PasswordsController.scoped_views?
412
+ ensure
413
+ Devise::SessionsController.send :remove_instance_variable, :@scoped_views
414
+ end
415
+ end
416
+
417
+ test 'does not render the scoped view if turned off' do
418
+ swap Devise, scoped_views: false do
419
+ assert_nothing_raised do
420
+ sign_in_as_user
421
+ end
422
+ end
423
+ end
424
+
425
+ test 'does not render the scoped view if not available' do
426
+ swap Devise, scoped_views: true do
427
+ assert_nothing_raised do
428
+ sign_in_as_admin
429
+ end
430
+ end
431
+ end
432
+ end
433
+
434
+ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
435
+ test 'handles unverified requests gets rid of caches' do
436
+ swap ApplicationController, allow_forgery_protection: true do
437
+ post exhibit_user_url(1)
438
+ assert_not warden.authenticated?(:user)
439
+
440
+ sign_in_as_user
441
+ assert warden.authenticated?(:user)
442
+
443
+ post exhibit_user_url(1)
444
+ assert_not warden.authenticated?(:user)
445
+ assert_equal "User is not authenticated", response.body
446
+ end
447
+ end
448
+
449
+ test 'uses the custom controller with the custom controller view' do
450
+ get '/admin_area/sign_in'
451
+ assert_contain 'Log in'
452
+ assert_contain 'Welcome to "admins/sessions" controller!'
453
+ assert_contain 'Welcome to "sessions/new" view!'
454
+ end
455
+
456
+ test 'render 404 on roles without routes' do
457
+ assert_raise ActionController::RoutingError do
458
+ get '/admin_area/password/new'
459
+ end
460
+ end
461
+
462
+ test 'does not intercept Rails 401 responses' do
463
+ get '/unauthenticated'
464
+ assert_equal 401, response.status
465
+ end
466
+
467
+ test 'render 404 on roles without mapping' do
468
+ assert_raise AbstractController::ActionNotFound do
469
+ get '/sign_in'
470
+ end
471
+ end
472
+
473
+ test 'sign in with script name' do
474
+ assert_nothing_raised do
475
+ get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
476
+ fill_in "email", with: "user@test.com"
477
+ end
478
+ end
479
+
480
+ test 'sign in stub in xml format' do
481
+ get new_user_session_path(format: 'xml')
482
+ assert_match '<?xml version="1.0" encoding="UTF-8"?>', response.body
483
+ assert_match /<user>.*<\/user>/m, response.body
484
+ assert_match '<email></email>', response.body
485
+ assert_match '<password nil="true"', response.body
486
+ end
487
+
488
+ test 'sign in stub in json format' do
489
+ get new_user_session_path(format: 'json')
490
+ assert_match '{"user":{', response.body
491
+ assert_match '"email":""', response.body
492
+ assert_match '"password":null', response.body
493
+ end
494
+
495
+ test 'sign in stub in json with non attribute key' do
496
+ swap Devise, authentication_keys: [:other_key] do
497
+ get new_user_session_path(format: 'json')
498
+ assert_match '{"user":{', response.body
499
+ assert_match '"other_key":null', response.body
500
+ assert_match '"password":null', response.body
501
+ end
502
+ end
503
+
504
+ test 'uses the mapping from router' do
505
+ sign_in_as_user visit: "/as/sign_in"
506
+ assert warden.authenticated?(:user)
507
+ assert_not warden.authenticated?(:admin)
508
+ end
509
+
510
+ test 'sign in with xml format returns xml response' do
511
+ create_user
512
+ post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
513
+ assert_response :success
514
+ assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
515
+ end
516
+
517
+ test 'sign in with xml format is idempotent' do
518
+ get new_user_session_path(format: 'xml')
519
+ assert_response :success
520
+
521
+ create_user
522
+ post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
523
+ assert_response :success
524
+
525
+ get new_user_session_path(format: 'xml')
526
+ assert_response :success
527
+
528
+ post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
529
+ assert_response :success
530
+ assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
531
+ end
532
+
533
+ test 'sign out with html redirects' do
534
+ sign_in_as_user
535
+ get destroy_user_session_path
536
+ assert_response :redirect
537
+ assert_current_url '/'
538
+
539
+ sign_in_as_user
540
+ get destroy_user_session_path(format: 'html')
541
+ assert_response :redirect
542
+ assert_current_url '/'
543
+ end
544
+
545
+ test 'sign out with xml format returns no content' do
546
+ sign_in_as_user
547
+ get destroy_user_session_path(format: 'xml')
548
+ assert_response :no_content
549
+ assert_not warden.authenticated?(:user)
550
+ end
551
+
552
+ test 'sign out with json format returns no content' do
553
+ sign_in_as_user
554
+ get destroy_user_session_path(format: 'json')
555
+ assert_response :no_content
556
+ assert_not warden.authenticated?(:user)
557
+ end
558
+
559
+ test 'sign out with non-navigational format via XHR does not redirect' do
560
+ swap Devise, navigational_formats: ['*/*', :html] do
561
+ sign_in_as_user
562
+ xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
563
+ assert_response :no_content
564
+ assert_not warden.authenticated?(:user)
565
+ end
566
+ end
567
+
568
+ # Belt and braces ... Perhaps this test is not necessary?
569
+ test 'sign out with navigational format via XHR does redirect' do
570
+ swap Devise, navigational_formats: ['*/*', :html] do
571
+ sign_in_as_user
572
+ xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" }
573
+ assert_response :redirect
574
+ assert_not warden.authenticated?(:user)
575
+ end
576
+ end
577
+ end
578
+
579
+ class AuthenticationKeysTest < ActionDispatch::IntegrationTest
580
+ test 'missing authentication keys cause authentication to abort' do
581
+ swap Devise, authentication_keys: [:subdomain] do
582
+ sign_in_as_user
583
+ assert_contain "Invalid email or password."
584
+ assert_not warden.authenticated?(:user)
585
+ end
586
+ end
587
+
588
+ test 'missing authentication keys cause authentication to abort unless marked as not required' do
589
+ swap Devise, authentication_keys: { email: true, subdomain: false } do
590
+ sign_in_as_user
591
+ assert warden.authenticated?(:user)
592
+ end
593
+ end
594
+ end
595
+
596
+ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest
597
+ test 'request keys are used on authentication' do
598
+ host! 'foo.bar.baz'
599
+
600
+ swap Devise, request_keys: [:subdomain] do
601
+ User.expects(:find_for_authentication).with(subdomain: 'foo', email: 'user@test.com').returns(create_user)
602
+ sign_in_as_user
603
+ assert warden.authenticated?(:user)
604
+ end
605
+ end
606
+
607
+ test 'invalid request keys raises NoMethodError' do
608
+ swap Devise, request_keys: [:unknown_method] do
609
+ assert_raise NoMethodError do
610
+ sign_in_as_user
611
+ end
612
+
613
+ assert_not warden.authenticated?(:user)
614
+ end
615
+ end
616
+
617
+ test 'blank request keys cause authentication to abort' do
618
+ host! 'test.com'
619
+
620
+ swap Devise, request_keys: [:subdomain] do
621
+ sign_in_as_user
622
+ assert_contain "Invalid email or password."
623
+ assert_not warden.authenticated?(:user)
624
+ end
625
+ end
626
+
627
+ test 'blank request keys cause authentication to abort unless if marked as not required' do
628
+ host! 'test.com'
629
+
630
+ swap Devise, request_keys: { subdomain: false } do
631
+ sign_in_as_user
632
+ assert warden.authenticated?(:user)
633
+ end
634
+ end
635
+ end
636
+
637
+ class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
638
+ def sign_in!(scope)
639
+ sign_in_as_admin(visit: send("new_#{scope}_session_path"))
640
+ assert warden.authenticated?(scope)
641
+ end
642
+
643
+ test 'allow sign out via delete when sign_out_via provides only delete' do
644
+ sign_in!(:sign_out_via_delete)
645
+ delete destroy_sign_out_via_delete_session_path
646
+ assert_not warden.authenticated?(:sign_out_via_delete)
647
+ end
648
+
649
+ test 'do not allow sign out via get when sign_out_via provides only delete' do
650
+ sign_in!(:sign_out_via_delete)
651
+ assert_raise ActionController::RoutingError do
652
+ get destroy_sign_out_via_delete_session_path
653
+ end
654
+ assert warden.authenticated?(:sign_out_via_delete)
655
+ end
656
+
657
+ test 'allow sign out via post when sign_out_via provides only post' do
658
+ sign_in!(:sign_out_via_post)
659
+ post destroy_sign_out_via_post_session_path
660
+ assert_not warden.authenticated?(:sign_out_via_post)
661
+ end
662
+
663
+ test 'do not allow sign out via get when sign_out_via provides only post' do
664
+ sign_in!(:sign_out_via_post)
665
+ assert_raise ActionController::RoutingError do
666
+ get destroy_sign_out_via_delete_session_path
667
+ end
668
+ assert warden.authenticated?(:sign_out_via_post)
669
+ end
670
+
671
+ test 'allow sign out via delete when sign_out_via provides delete and post' do
672
+ sign_in!(:sign_out_via_delete_or_post)
673
+ delete destroy_sign_out_via_delete_or_post_session_path
674
+ assert_not warden.authenticated?(:sign_out_via_delete_or_post)
675
+ end
676
+
677
+ test 'allow sign out via post when sign_out_via provides delete and post' do
678
+ sign_in!(:sign_out_via_delete_or_post)
679
+ post destroy_sign_out_via_delete_or_post_session_path
680
+ assert_not warden.authenticated?(:sign_out_via_delete_or_post)
681
+ end
682
+
683
+ test 'do not allow sign out via get when sign_out_via provides delete and post' do
684
+ sign_in!(:sign_out_via_delete_or_post)
685
+ assert_raise ActionController::RoutingError do
686
+ get destroy_sign_out_via_delete_or_post_session_path
687
+ end
688
+ assert warden.authenticated?(:sign_out_via_delete_or_post)
689
+ end
690
+ end
691
+
692
+ class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest
693
+ test 'signed in as user redirects when visiting user sign in page' do
694
+ sign_in_as_user
695
+ get new_user_session_path(format: :html)
696
+ assert_redirected_to '/'
697
+ end
698
+
699
+ test 'signed in as admin redirects when visiting admin sign in page' do
700
+ sign_in_as_admin
701
+ get new_admin_session_path(format: :html)
702
+ assert_redirected_to '/admin_area/home'
703
+ end
704
+
705
+ test 'signed in as both user and admin redirects when visiting admin sign in page' do
706
+ sign_in_as_user
707
+ sign_in_as_admin
708
+ get new_user_session_path(format: :html)
709
+ assert_redirected_to '/'
710
+ get new_admin_session_path(format: :html)
711
+ assert_redirected_to '/admin_area/home'
712
+ end
713
+ end
714
+
715
+ class DoubleSignOutRedirectTest < ActionDispatch::IntegrationTest
716
+ test 'sign out after already having signed out redirects to sign in' do
717
+ sign_in_as_user
718
+
719
+ post destroy_sign_out_via_delete_or_post_session_path
720
+
721
+ get root_path
722
+ assert_contain 'Signed out successfully.'
723
+
724
+ post destroy_sign_out_via_delete_or_post_session_path
725
+
726
+ get root_path
727
+ assert_contain 'Signed out successfully.'
728
+ end
729
+ end