brainsome_devise 3.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (234) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +10 -0
  3. data/.travis.yml +35 -0
  4. data/.yardopts +9 -0
  5. data/CHANGELOG.md +1086 -0
  6. data/CONTRIBUTING.md +14 -0
  7. data/Gemfile +29 -0
  8. data/Gemfile.lock +166 -0
  9. data/MIT-LICENSE +20 -0
  10. data/README.md +506 -0
  11. data/Rakefile +35 -0
  12. data/app/controllers/devise/confirmations_controller.rb +47 -0
  13. data/app/controllers/devise/omniauth_callbacks_controller.rb +30 -0
  14. data/app/controllers/devise/passwords_controller.rb +70 -0
  15. data/app/controllers/devise/registrations_controller.rb +148 -0
  16. data/app/controllers/devise/sessions_controller.rb +76 -0
  17. data/app/controllers/devise/unlocks_controller.rb +46 -0
  18. data/app/controllers/devise_controller.rb +176 -0
  19. data/app/helpers/devise_helper.rb +25 -0
  20. data/app/mailers/devise/mailer.rb +20 -0
  21. data/app/views/devise/confirmations/new.html.erb +12 -0
  22. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  23. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  24. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  25. data/app/views/devise/passwords/edit.html.erb +16 -0
  26. data/app/views/devise/passwords/new.html.erb +12 -0
  27. data/app/views/devise/registrations/edit.html.erb +29 -0
  28. data/app/views/devise/registrations/new.html.erb +18 -0
  29. data/app/views/devise/sessions/new.html.erb +17 -0
  30. data/app/views/devise/shared/_links.html.erb +25 -0
  31. data/app/views/devise/unlocks/new.html.erb +12 -0
  32. data/config/locales/en.yml +60 -0
  33. data/devise.gemspec +27 -0
  34. data/devise.png +0 -0
  35. data/gemfiles/Gemfile.rails-3.2-stable +29 -0
  36. data/gemfiles/Gemfile.rails-3.2-stable.lock +166 -0
  37. data/gemfiles/Gemfile.rails-4.0-stable +29 -0
  38. data/gemfiles/Gemfile.rails-4.0-stable.lock +162 -0
  39. data/gemfiles/Gemfile.rails-head +32 -0
  40. data/gemfiles/Gemfile.rails-head.lock +206 -0
  41. data/lib/devise.rb +495 -0
  42. data/lib/devise/controllers/helpers.rb +284 -0
  43. data/lib/devise/controllers/rememberable.rb +47 -0
  44. data/lib/devise/controllers/scoped_views.rb +17 -0
  45. data/lib/devise/controllers/sign_in_out.rb +102 -0
  46. data/lib/devise/controllers/store_location.rb +56 -0
  47. data/lib/devise/controllers/url_helpers.rb +69 -0
  48. data/lib/devise/delegator.rb +16 -0
  49. data/lib/devise/failure_app.rb +205 -0
  50. data/lib/devise/hooks/activatable.rb +10 -0
  51. data/lib/devise/hooks/csrf_cleaner.rb +7 -0
  52. data/lib/devise/hooks/forgetable.rb +9 -0
  53. data/lib/devise/hooks/lockable.rb +7 -0
  54. data/lib/devise/hooks/proxy.rb +21 -0
  55. data/lib/devise/hooks/rememberable.rb +7 -0
  56. data/lib/devise/hooks/timeoutable.rb +35 -0
  57. data/lib/devise/hooks/trackable.rb +9 -0
  58. data/lib/devise/mailers/helpers.rb +90 -0
  59. data/lib/devise/mapping.rb +175 -0
  60. data/lib/devise/models.rb +119 -0
  61. data/lib/devise/models/authenticatable.rb +284 -0
  62. data/lib/devise/models/confirmable.rb +295 -0
  63. data/lib/devise/models/database_authenticatable.rb +164 -0
  64. data/lib/devise/models/lockable.rb +196 -0
  65. data/lib/devise/models/omniauthable.rb +27 -0
  66. data/lib/devise/models/recoverable.rb +147 -0
  67. data/lib/devise/models/registerable.rb +25 -0
  68. data/lib/devise/models/rememberable.rb +129 -0
  69. data/lib/devise/models/timeoutable.rb +49 -0
  70. data/lib/devise/models/trackable.rb +38 -0
  71. data/lib/devise/models/validatable.rb +66 -0
  72. data/lib/devise/modules.rb +28 -0
  73. data/lib/devise/omniauth.rb +28 -0
  74. data/lib/devise/omniauth/config.rb +45 -0
  75. data/lib/devise/omniauth/url_helpers.rb +18 -0
  76. data/lib/devise/orm/active_record.rb +3 -0
  77. data/lib/devise/orm/mongoid.rb +3 -0
  78. data/lib/devise/parameter_filter.rb +40 -0
  79. data/lib/devise/parameter_sanitizer.rb +99 -0
  80. data/lib/devise/rails.rb +56 -0
  81. data/lib/devise/rails/routes.rb +498 -0
  82. data/lib/devise/rails/warden_compat.rb +22 -0
  83. data/lib/devise/strategies/authenticatable.rb +174 -0
  84. data/lib/devise/strategies/base.rb +20 -0
  85. data/lib/devise/strategies/database_authenticatable.rb +23 -0
  86. data/lib/devise/strategies/rememberable.rb +55 -0
  87. data/lib/devise/test_helpers.rb +132 -0
  88. data/lib/devise/time_inflector.rb +14 -0
  89. data/lib/devise/token_generator.rb +70 -0
  90. data/lib/devise/version.rb +3 -0
  91. data/lib/generators/active_record/devise_generator.rb +91 -0
  92. data/lib/generators/active_record/templates/migration.rb +18 -0
  93. data/lib/generators/active_record/templates/migration_existing.rb +25 -0
  94. data/lib/generators/devise/devise_generator.rb +26 -0
  95. data/lib/generators/devise/install_generator.rb +29 -0
  96. data/lib/generators/devise/orm_helpers.rb +51 -0
  97. data/lib/generators/devise/views_generator.rb +135 -0
  98. data/lib/generators/mongoid/devise_generator.rb +55 -0
  99. data/lib/generators/templates/README +35 -0
  100. data/lib/generators/templates/devise.rb +263 -0
  101. data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
  102. data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
  103. data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
  104. data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +16 -0
  105. data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
  106. data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
  107. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +27 -0
  108. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
  109. data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
  110. data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +16 -0
  111. data/script/cached-bundle +49 -0
  112. data/script/s3-put +71 -0
  113. data/test/controllers/custom_registrations_controller_test.rb +35 -0
  114. data/test/controllers/custom_strategy_test.rb +62 -0
  115. data/test/controllers/helpers_test.rb +311 -0
  116. data/test/controllers/internal_helpers_test.rb +123 -0
  117. data/test/controllers/passwords_controller_test.rb +31 -0
  118. data/test/controllers/sessions_controller_test.rb +103 -0
  119. data/test/controllers/url_helpers_test.rb +59 -0
  120. data/test/delegator_test.rb +19 -0
  121. data/test/devise_test.rb +107 -0
  122. data/test/failure_app_test.rb +268 -0
  123. data/test/generators/active_record_generator_test.rb +109 -0
  124. data/test/generators/devise_generator_test.rb +39 -0
  125. data/test/generators/install_generator_test.rb +13 -0
  126. data/test/generators/mongoid_generator_test.rb +23 -0
  127. data/test/generators/views_generator_test.rb +96 -0
  128. data/test/helpers/devise_helper_test.rb +52 -0
  129. data/test/integration/authenticatable_test.rb +729 -0
  130. data/test/integration/confirmable_test.rb +324 -0
  131. data/test/integration/database_authenticatable_test.rb +84 -0
  132. data/test/integration/http_authenticatable_test.rb +105 -0
  133. data/test/integration/lockable_test.rb +239 -0
  134. data/test/integration/omniauthable_test.rb +133 -0
  135. data/test/integration/recoverable_test.rb +334 -0
  136. data/test/integration/registerable_test.rb +359 -0
  137. data/test/integration/rememberable_test.rb +167 -0
  138. data/test/integration/timeoutable_test.rb +189 -0
  139. data/test/integration/trackable_test.rb +92 -0
  140. data/test/mailers/confirmation_instructions_test.rb +115 -0
  141. data/test/mailers/reset_password_instructions_test.rb +96 -0
  142. data/test/mailers/unlock_instructions_test.rb +91 -0
  143. data/test/mapping_test.rb +127 -0
  144. data/test/models/authenticatable_test.rb +13 -0
  145. data/test/models/confirmable_test.rb +454 -0
  146. data/test/models/database_authenticatable_test.rb +249 -0
  147. data/test/models/lockable_test.rb +322 -0
  148. data/test/models/omniauthable_test.rb +7 -0
  149. data/test/models/recoverable_test.rb +196 -0
  150. data/test/models/registerable_test.rb +7 -0
  151. data/test/models/rememberable_test.rb +198 -0
  152. data/test/models/serializable_test.rb +49 -0
  153. data/test/models/timeoutable_test.rb +51 -0
  154. data/test/models/trackable_test.rb +41 -0
  155. data/test/models/validatable_test.rb +127 -0
  156. data/test/models_test.rb +144 -0
  157. data/test/omniauth/config_test.rb +57 -0
  158. data/test/omniauth/url_helpers_test.rb +54 -0
  159. data/test/orm/active_record.rb +10 -0
  160. data/test/orm/mongoid.rb +13 -0
  161. data/test/parameter_sanitizer_test.rb +81 -0
  162. data/test/rails_app/Rakefile +6 -0
  163. data/test/rails_app/app/active_record/admin.rb +6 -0
  164. data/test/rails_app/app/active_record/shim.rb +2 -0
  165. data/test/rails_app/app/active_record/user.rb +6 -0
  166. data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
  167. data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
  168. data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
  169. data/test/rails_app/app/controllers/admins_controller.rb +11 -0
  170. data/test/rails_app/app/controllers/application_controller.rb +12 -0
  171. data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
  172. data/test/rails_app/app/controllers/custom/registrations_controller.rb +21 -0
  173. data/test/rails_app/app/controllers/home_controller.rb +25 -0
  174. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
  175. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
  176. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
  177. data/test/rails_app/app/controllers/users_controller.rb +31 -0
  178. data/test/rails_app/app/helpers/application_helper.rb +3 -0
  179. data/test/rails_app/app/mailers/users/mailer.rb +12 -0
  180. data/test/rails_app/app/mongoid/admin.rb +29 -0
  181. data/test/rails_app/app/mongoid/shim.rb +23 -0
  182. data/test/rails_app/app/mongoid/user.rb +39 -0
  183. data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
  184. data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
  185. data/test/rails_app/app/views/admins/index.html.erb +1 -0
  186. data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
  187. data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
  188. data/test/rails_app/app/views/home/index.html.erb +1 -0
  189. data/test/rails_app/app/views/home/join.html.erb +1 -0
  190. data/test/rails_app/app/views/home/private.html.erb +1 -0
  191. data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
  192. data/test/rails_app/app/views/layouts/application.html.erb +24 -0
  193. data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
  194. data/test/rails_app/app/views/users/index.html.erb +1 -0
  195. data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
  196. data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
  197. data/test/rails_app/bin/bundle +3 -0
  198. data/test/rails_app/bin/rails +4 -0
  199. data/test/rails_app/bin/rake +4 -0
  200. data/test/rails_app/config.ru +4 -0
  201. data/test/rails_app/config/application.rb +40 -0
  202. data/test/rails_app/config/boot.rb +14 -0
  203. data/test/rails_app/config/database.yml +18 -0
  204. data/test/rails_app/config/environment.rb +5 -0
  205. data/test/rails_app/config/environments/development.rb +30 -0
  206. data/test/rails_app/config/environments/production.rb +80 -0
  207. data/test/rails_app/config/environments/test.rb +36 -0
  208. data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
  209. data/test/rails_app/config/initializers/devise.rb +183 -0
  210. data/test/rails_app/config/initializers/inflections.rb +2 -0
  211. data/test/rails_app/config/initializers/secret_token.rb +8 -0
  212. data/test/rails_app/config/initializers/session_store.rb +1 -0
  213. data/test/rails_app/config/routes.rb +122 -0
  214. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +71 -0
  215. data/test/rails_app/db/schema.rb +55 -0
  216. data/test/rails_app/lib/shared_admin.rb +17 -0
  217. data/test/rails_app/lib/shared_user.rb +29 -0
  218. data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
  219. data/test/rails_app/public/404.html +26 -0
  220. data/test/rails_app/public/422.html +26 -0
  221. data/test/rails_app/public/500.html +26 -0
  222. data/test/rails_app/public/favicon.ico +0 -0
  223. data/test/routes_test.rb +264 -0
  224. data/test/support/action_controller/record_identifier.rb +10 -0
  225. data/test/support/assertions.rb +39 -0
  226. data/test/support/helpers.rb +70 -0
  227. data/test/support/integration.rb +92 -0
  228. data/test/support/locale/en.yml +8 -0
  229. data/test/support/mongoid.yml +6 -0
  230. data/test/support/webrat/integrations/rails.rb +24 -0
  231. data/test/test_helper.rb +29 -0
  232. data/test/test_helpers_test.rb +163 -0
  233. data/test/test_models.rb +33 -0
  234. metadata +474 -0
@@ -0,0 +1,359 @@
1
+ require 'test_helper'
2
+
3
+ class RegistrationTest < ActionDispatch::IntegrationTest
4
+
5
+ test 'a guest admin should be able to sign in successfully' do
6
+ get new_admin_session_path
7
+ click_link 'Sign up'
8
+
9
+ assert_template 'registrations/new'
10
+
11
+ fill_in 'email', with: 'new_user@test.com'
12
+ fill_in 'password', with: 'new_user123'
13
+ fill_in 'password confirmation', with: 'new_user123'
14
+ click_button 'Sign up'
15
+
16
+ assert_contain 'You have signed up successfully'
17
+ assert warden.authenticated?(:admin)
18
+ assert_current_url "/admin_area/home"
19
+
20
+ admin = Admin.to_adapter.find_first(order: [:id, :desc])
21
+ assert_equal admin.email, 'new_user@test.com'
22
+ end
23
+
24
+ test 'a guest admin should be able to sign in and be redirected to a custom location' do
25
+ Devise::RegistrationsController.any_instance.stubs(:after_sign_up_path_for).returns("/?custom=1")
26
+ get new_admin_session_path
27
+ click_link 'Sign up'
28
+
29
+ fill_in 'email', with: 'new_user@test.com'
30
+ fill_in 'password', with: 'new_user123'
31
+ fill_in 'password confirmation', with: 'new_user123'
32
+ click_button 'Sign up'
33
+
34
+ assert_contain 'Welcome! You have signed up successfully.'
35
+ assert warden.authenticated?(:admin)
36
+ assert_current_url "/?custom=1"
37
+ end
38
+
39
+ test 'a guest admin should not see a warning about minimum password length' do
40
+ get new_admin_session_path
41
+ assert_not_contain 'characters minimum'
42
+ end
43
+
44
+ def user_sign_up
45
+ ActionMailer::Base.deliveries.clear
46
+
47
+ get new_user_registration_path
48
+
49
+ fill_in 'email', with: 'new_user@test.com'
50
+ fill_in 'password', with: 'new_user123'
51
+ fill_in 'password confirmation', with: 'new_user123'
52
+ click_button 'Sign up'
53
+ end
54
+
55
+ test 'a guest user should see a warning about minimum password length' do
56
+ get new_user_registration_path
57
+ assert_contain '7 characters minimum'
58
+ end
59
+
60
+ test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
61
+ user_sign_up
62
+
63
+ assert_contain 'A message with a confirmation link has been sent to your email address. Please follow the link to activate your account.'
64
+ assert_not_contain 'You have to confirm your account before continuing'
65
+ assert_current_url "/"
66
+
67
+ assert_not warden.authenticated?(:user)
68
+
69
+ user = User.to_adapter.find_first(order: [:id, :desc])
70
+ assert_equal user.email, 'new_user@test.com'
71
+ assert_not user.confirmed?
72
+ end
73
+
74
+ test 'a guest user should receive the confirmation instructions from the default mailer' do
75
+ user_sign_up
76
+ assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
77
+ end
78
+
79
+ test 'a guest user should receive the confirmation instructions from a custom mailer' do
80
+ User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
81
+ user_sign_up
82
+ assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
83
+ end
84
+
85
+ test 'a guest user should be blocked by confirmation and redirected to a custom path' do
86
+ Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1")
87
+ get new_user_registration_path
88
+
89
+ fill_in 'email', with: 'new_user@test.com'
90
+ fill_in 'password', with: 'new_user123'
91
+ fill_in 'password confirmation', with: 'new_user123'
92
+ click_button 'Sign up'
93
+
94
+ assert_current_url "/?custom=1"
95
+ assert_not warden.authenticated?(:user)
96
+ end
97
+
98
+ test 'a guest user cannot sign up with invalid information' do
99
+ # Dirty tracking behavior prevents email validations from being applied:
100
+ # https://github.com/mongoid/mongoid/issues/756
101
+ (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
102
+
103
+ get new_user_registration_path
104
+
105
+ fill_in 'email', with: 'invalid_email'
106
+ fill_in 'password', with: 'new_user123'
107
+ fill_in 'password confirmation', with: 'new_user321'
108
+ click_button 'Sign up'
109
+
110
+ assert_template 'registrations/new'
111
+ assert_have_selector '#error_explanation'
112
+ assert_contain "Email is invalid"
113
+ assert_contain Devise.rails4? ?
114
+ "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
115
+ assert_contain "2 errors prohibited"
116
+ assert_nil User.to_adapter.find_first
117
+
118
+ assert_not warden.authenticated?(:user)
119
+ end
120
+
121
+ test 'a guest should not sign up with email/password that already exists' do
122
+ # Dirty tracking behavior prevents email validations from being applied:
123
+ # https://github.com/mongoid/mongoid/issues/756
124
+ (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
125
+
126
+ create_user
127
+ get new_user_registration_path
128
+
129
+ fill_in 'email', with: 'user@test.com'
130
+ fill_in 'password', with: '123456'
131
+ fill_in 'password confirmation', with: '123456'
132
+ click_button 'Sign up'
133
+
134
+ assert_current_url '/users'
135
+ assert_contain(/Email.*already.*taken/)
136
+
137
+ assert_not warden.authenticated?(:user)
138
+ end
139
+
140
+ test 'a guest should not be able to change account' do
141
+ get edit_user_registration_path
142
+ assert_redirected_to new_user_session_path
143
+ follow_redirect!
144
+ assert_contain 'You need to sign in or sign up before continuing.'
145
+ end
146
+
147
+ test 'a signed in user should not be able to access sign up' do
148
+ sign_in_as_user
149
+ get new_user_registration_path
150
+ assert_redirected_to root_path
151
+ end
152
+
153
+ test 'a signed in user should be able to edit their account' do
154
+ sign_in_as_user
155
+ get edit_user_registration_path
156
+
157
+ fill_in 'email', with: 'user.new@example.com'
158
+ fill_in 'current password', with: '12345678'
159
+ click_button 'Update'
160
+
161
+ assert_current_url '/'
162
+ assert_contain 'Your account has been updated successfully.'
163
+
164
+ assert_equal "user.new@example.com", User.to_adapter.find_first.email
165
+ end
166
+
167
+ test 'a signed in user should still be able to use the website after changing their password' do
168
+ sign_in_as_user
169
+ get edit_user_registration_path
170
+
171
+ fill_in 'password', with: '1234567890'
172
+ fill_in 'password confirmation', with: '1234567890'
173
+ fill_in 'current password', with: '12345678'
174
+ click_button 'Update'
175
+
176
+ assert_contain 'Your account has been updated successfully.'
177
+ get users_path
178
+ assert warden.authenticated?(:user)
179
+ end
180
+
181
+ test 'a signed in user should not change their current user with invalid password' do
182
+ sign_in_as_user
183
+ get edit_user_registration_path
184
+
185
+ fill_in 'email', with: 'user.new@example.com'
186
+ fill_in 'current password', with: 'invalid'
187
+ click_button 'Update'
188
+
189
+ assert_template 'registrations/edit'
190
+ assert_contain 'user@test.com'
191
+ assert_have_selector 'form input[value="user.new@example.com"]'
192
+
193
+ assert_equal "user@test.com", User.to_adapter.find_first.email
194
+ end
195
+
196
+ test 'a signed in user should be able to edit their password' do
197
+ sign_in_as_user
198
+ get edit_user_registration_path
199
+
200
+ fill_in 'password', with: 'pass1234'
201
+ fill_in 'password confirmation', with: 'pass1234'
202
+ fill_in 'current password', with: '12345678'
203
+ click_button 'Update'
204
+
205
+ assert_current_url '/'
206
+ assert_contain 'Your account has been updated successfully.'
207
+
208
+ assert User.to_adapter.find_first.valid_password?('pass1234')
209
+ end
210
+
211
+ test 'a signed in user should not be able to edit their password with invalid confirmation' do
212
+ sign_in_as_user
213
+ get edit_user_registration_path
214
+
215
+ fill_in 'password', with: 'pas123'
216
+ fill_in 'password confirmation', with: ''
217
+ fill_in 'current password', with: '12345678'
218
+ click_button 'Update'
219
+
220
+ assert_contain Devise.rails4? ?
221
+ "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
222
+ assert_not User.to_adapter.find_first.valid_password?('pas123')
223
+ end
224
+
225
+ test 'a signed in user should be able to cancel their account' do
226
+ sign_in_as_user
227
+ get edit_user_registration_path
228
+
229
+ click_button "Cancel my account"
230
+ assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."
231
+
232
+ assert User.to_adapter.find_all.empty?
233
+ end
234
+
235
+ test 'a user should be able to cancel sign up by deleting data in the session' do
236
+ get "/set"
237
+ assert_equal "something", @request.session["devise.foo_bar"]
238
+
239
+ get "/users/sign_up"
240
+ assert_equal "something", @request.session["devise.foo_bar"]
241
+
242
+ get "/users/cancel"
243
+ assert_nil @request.session["devise.foo_bar"]
244
+ assert_redirected_to new_user_registration_path
245
+ end
246
+
247
+ test 'a user with XML sign up stub' do
248
+ get new_user_registration_path(format: 'xml')
249
+ assert_response :success
250
+ assert_match %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>), response.body
251
+ assert_no_match(/<confirmation-token/, response.body)
252
+ end
253
+
254
+ test 'a user with JSON sign up stub' do
255
+ get new_user_registration_path(format: 'json')
256
+ assert_response :success
257
+ assert_match %({"user":), response.body
258
+ assert_no_match(/"confirmation_token"/, response.body)
259
+ end
260
+
261
+ test 'an admin sign up with valid information in XML format should return valid response' do
262
+ post admin_registration_path(format: 'xml'), admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
263
+ assert_response :success
264
+ assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
265
+
266
+ admin = Admin.to_adapter.find_first(order: [:id, :desc])
267
+ assert_equal admin.email, 'new_user@test.com'
268
+ end
269
+
270
+ test 'a user sign up with valid information in XML format should return valid response' do
271
+ post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
272
+ assert_response :success
273
+ assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
274
+
275
+ user = User.to_adapter.find_first(order: [:id, :desc])
276
+ assert_equal user.email, 'new_user@test.com'
277
+ end
278
+
279
+ test 'a user sign up with invalid information in XML format should return invalid response' do
280
+ post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' }
281
+ assert_response :unprocessable_entity
282
+ assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
283
+ end
284
+
285
+ test 'a user update information with valid data in XML format should return valid response' do
286
+ user = sign_in_as_user
287
+ put user_registration_path(format: 'xml'), user: { current_password: '12345678', email: 'user.new@test.com' }
288
+ assert_response :success
289
+ assert_equal user.reload.email, 'user.new@test.com'
290
+ end
291
+
292
+ test 'a user update information with invalid data in XML format should return invalid response' do
293
+ user = sign_in_as_user
294
+ put user_registration_path(format: 'xml'), user: { current_password: 'invalid', email: 'user.new@test.com' }
295
+ assert_response :unprocessable_entity
296
+ assert_equal user.reload.email, 'user@test.com'
297
+ end
298
+
299
+ test 'a user cancel their account in XML format should return valid response' do
300
+ sign_in_as_user
301
+ delete user_registration_path(format: 'xml')
302
+ assert_response :success
303
+ assert_equal User.to_adapter.find_all.size, 0
304
+ end
305
+ end
306
+
307
+ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
308
+ test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do
309
+ sign_in_as_admin
310
+ get edit_admin_registration_path
311
+
312
+ fill_in 'email', with: 'admin.new@example.com'
313
+ fill_in 'current password', with: '123456'
314
+ click_button 'Update'
315
+
316
+ assert_current_url '/admin_area/home'
317
+ assert_contain 'but we need to verify your new email address'
318
+ assert_equal 'admin.new@example.com', Admin.to_adapter.find_first.unconfirmed_email
319
+
320
+ get edit_admin_registration_path
321
+ assert_contain 'Currently waiting confirmation for: admin.new@example.com'
322
+ end
323
+
324
+ test 'a signed in admin should not see a reconfirmation message if they did not change their password' do
325
+ sign_in_as_admin
326
+ get edit_admin_registration_path
327
+
328
+ fill_in 'password', with: 'pas123'
329
+ fill_in 'password confirmation', with: 'pas123'
330
+ fill_in 'current password', with: '123456'
331
+ click_button 'Update'
332
+
333
+ assert_current_url '/admin_area/home'
334
+ assert_contain 'Your account has been updated successfully.'
335
+
336
+ assert Admin.to_adapter.find_first.valid_password?('pas123')
337
+ end
338
+
339
+ test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do
340
+ sign_in_as_admin
341
+
342
+ get edit_admin_registration_path
343
+ fill_in 'email', with: 'admin.new@example.com'
344
+ fill_in 'current password', with: '123456'
345
+ click_button 'Update'
346
+
347
+ get edit_admin_registration_path
348
+ fill_in 'password', with: 'pas123'
349
+ fill_in 'password confirmation', with: 'pas123'
350
+ fill_in 'current password', with: '123456'
351
+ click_button 'Update'
352
+
353
+ assert_current_url '/admin_area/home'
354
+ assert_contain 'Your account has been updated successfully.'
355
+
356
+ assert_equal "admin.new@example.com", Admin.to_adapter.find_first.unconfirmed_email
357
+ assert Admin.to_adapter.find_first.valid_password?('pas123')
358
+ end
359
+ end
@@ -0,0 +1,167 @@
1
+ require 'test_helper'
2
+
3
+ class RememberMeTest < ActionDispatch::IntegrationTest
4
+ def create_user_and_remember(add_to_token='')
5
+ user = create_user
6
+ user.remember_me!
7
+ raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
8
+ cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
9
+ user
10
+ end
11
+
12
+ def generate_signed_cookie(raw_cookie)
13
+ request = ActionDispatch::TestRequest.new
14
+ request.cookie_jar.signed['raw_cookie'] = raw_cookie
15
+ request.cookie_jar['raw_cookie']
16
+ end
17
+
18
+ def signed_cookie(key)
19
+ controller.send(:cookies).signed[key]
20
+ end
21
+
22
+ def cookie_expires(key)
23
+ cookie = response.headers["Set-Cookie"].split("\n").grep(/^#{key}/).first
24
+ expires = cookie.split(";").map(&:strip).grep(/^expires=/).first
25
+ Time.parse(expires).utc
26
+ end
27
+
28
+ test 'do not remember the user if they have not checked remember me option' do
29
+ sign_in_as_user
30
+ assert_nil request.cookies["remember_user_cookie"]
31
+ end
32
+
33
+ test 'handle unverified requests gets rid of caches' do
34
+ swap ApplicationController, allow_forgery_protection: true do
35
+ post exhibit_user_url(1)
36
+ assert_not warden.authenticated?(:user)
37
+
38
+ create_user_and_remember
39
+ post exhibit_user_url(1)
40
+ assert_equal "User is not authenticated", response.body
41
+ assert_not warden.authenticated?(:user)
42
+ end
43
+ end
44
+
45
+ test 'handle unverified requests does not create cookies on sign in' do
46
+ swap ApplicationController, allow_forgery_protection: true do
47
+ get new_user_session_path
48
+ assert request.session[:_csrf_token]
49
+
50
+ post user_session_path, authenticity_token: "oops", user:
51
+ { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
52
+ assert_not warden.authenticated?(:user)
53
+ assert_not request.cookies['remember_user_token']
54
+ end
55
+ end
56
+
57
+ test 'generate remember token after sign in' do
58
+ sign_in_as_user remember_me: true
59
+ assert request.cookies['remember_user_token']
60
+ end
61
+
62
+ test 'generate remember token after sign in setting cookie options' do
63
+ # We test this by asserting the cookie is not sent after the redirect
64
+ # since we changed the domain. This is the only difference with the
65
+ # previous test.
66
+ swap Devise, rememberable_options: { domain: "omg.somewhere.com" } do
67
+ sign_in_as_user remember_me: true
68
+ assert_nil request.cookies["remember_user_token"]
69
+ end
70
+ end
71
+
72
+ test 'generate remember token with a custom key' do
73
+ swap Devise, rememberable_options: { key: "v1lat_token" } do
74
+ sign_in_as_user remember_me: true
75
+ assert request.cookies["v1lat_token"]
76
+ end
77
+ end
78
+
79
+ test 'generate remember token after sign in setting session options' do
80
+ begin
81
+ Rails.configuration.session_options[:domain] = "omg.somewhere.com"
82
+ sign_in_as_user remember_me: true
83
+ assert_nil request.cookies["remember_user_token"]
84
+ ensure
85
+ Rails.configuration.session_options.delete(:domain)
86
+ end
87
+ end
88
+
89
+ test 'remember the user before sign in' do
90
+ user = create_user_and_remember
91
+ get users_path
92
+ assert_response :success
93
+ assert warden.authenticated?(:user)
94
+ assert warden.user(:user) == user
95
+ assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
96
+ end
97
+
98
+ test 'remember the user before sign up and redirect them to their home' do
99
+ create_user_and_remember
100
+ get new_user_registration_path
101
+ assert warden.authenticated?(:user)
102
+ assert_redirected_to root_path
103
+ end
104
+
105
+ test 'does not extend remember period through sign in' do
106
+ swap Devise, extend_remember_period: true, remember_for: 1.year do
107
+ user = create_user
108
+ user.remember_me!
109
+
110
+ user.remember_created_at = old = 10.days.ago
111
+ user.save
112
+
113
+ sign_in_as_user remember_me: true
114
+ user.reload
115
+
116
+ assert warden.user(:user) == user
117
+ assert_equal old.to_i, user.remember_created_at.to_i
118
+ end
119
+ end
120
+
121
+ test 'do not remember other scopes' do
122
+ create_user_and_remember
123
+ get root_path
124
+ assert_response :success
125
+ assert warden.authenticated?(:user)
126
+ assert_not warden.authenticated?(:admin)
127
+ end
128
+
129
+ test 'do not remember with invalid token' do
130
+ create_user_and_remember('add')
131
+ get users_path
132
+ assert_not warden.authenticated?(:user)
133
+ assert_redirected_to new_user_session_path
134
+ end
135
+
136
+ test 'do not remember with expired token' do
137
+ create_user_and_remember
138
+ swap Devise, remember_for: 0 do
139
+ get users_path
140
+ assert_not warden.authenticated?(:user)
141
+ assert_redirected_to new_user_session_path
142
+ end
143
+ end
144
+
145
+ test 'do not remember the user anymore after forget' do
146
+ create_user_and_remember
147
+ get users_path
148
+ assert warden.authenticated?(:user)
149
+
150
+ get destroy_user_session_path
151
+ assert_not warden.authenticated?(:user)
152
+ assert_nil warden.cookies['remember_user_token']
153
+
154
+ get users_path
155
+ assert_not warden.authenticated?(:user)
156
+ end
157
+
158
+ test 'changing user password expires remember me token' do
159
+ user = create_user_and_remember
160
+ user.password = "another_password"
161
+ user.password_confirmation = "another_password"
162
+ user.save!
163
+
164
+ get users_path
165
+ assert_not warden.authenticated?(:user)
166
+ end
167
+ end