cloudfoundry-devise 1.5.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (210) hide show
  1. data/.gitignore +12 -0
  2. data/.travis.yml +13 -0
  3. data/CHANGELOG.rdoc +755 -0
  4. data/Gemfile +35 -0
  5. data/MIT-LICENSE +20 -0
  6. data/README.rdoc +366 -0
  7. data/Rakefile +34 -0
  8. data/app/controllers/devise/confirmations_controller.rb +46 -0
  9. data/app/controllers/devise/omniauth_callbacks_controller.rb +26 -0
  10. data/app/controllers/devise/passwords_controller.rb +50 -0
  11. data/app/controllers/devise/registrations_controller.rb +114 -0
  12. data/app/controllers/devise/sessions_controller.rb +49 -0
  13. data/app/controllers/devise/unlocks_controller.rb +34 -0
  14. data/app/helpers/devise_helper.rb +25 -0
  15. data/app/mailers/devise/mailer.rb +15 -0
  16. data/app/views/devise/confirmations/new.html.erb +12 -0
  17. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  18. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  19. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  20. data/app/views/devise/passwords/edit.html.erb +16 -0
  21. data/app/views/devise/passwords/new.html.erb +12 -0
  22. data/app/views/devise/registrations/edit.html.erb +25 -0
  23. data/app/views/devise/registrations/new.html.erb +18 -0
  24. data/app/views/devise/sessions/new.html.erb +17 -0
  25. data/app/views/devise/shared/_links.erb +25 -0
  26. data/app/views/devise/unlocks/new.html.erb +12 -0
  27. data/cloudfoundry-devise.gemspec +25 -0
  28. data/config/locales/en.yml +59 -0
  29. data/lib/devise.rb +453 -0
  30. data/lib/devise/controllers/helpers.rb +260 -0
  31. data/lib/devise/controllers/internal_helpers.rb +161 -0
  32. data/lib/devise/controllers/rememberable.rb +52 -0
  33. data/lib/devise/controllers/scoped_views.rb +33 -0
  34. data/lib/devise/controllers/shared_helpers.rb +26 -0
  35. data/lib/devise/controllers/url_helpers.rb +53 -0
  36. data/lib/devise/delegator.rb +16 -0
  37. data/lib/devise/encryptors/authlogic_sha512.rb +19 -0
  38. data/lib/devise/encryptors/base.rb +20 -0
  39. data/lib/devise/encryptors/clearance_sha1.rb +17 -0
  40. data/lib/devise/encryptors/restful_authentication_sha1.rb +22 -0
  41. data/lib/devise/encryptors/sha1.rb +25 -0
  42. data/lib/devise/encryptors/sha512.rb +25 -0
  43. data/lib/devise/failure_app.rb +149 -0
  44. data/lib/devise/hooks/activatable.rb +11 -0
  45. data/lib/devise/hooks/forgetable.rb +9 -0
  46. data/lib/devise/hooks/rememberable.rb +6 -0
  47. data/lib/devise/hooks/timeoutable.rb +24 -0
  48. data/lib/devise/hooks/trackable.rb +9 -0
  49. data/lib/devise/mailers/helpers.rb +86 -0
  50. data/lib/devise/mapping.rb +175 -0
  51. data/lib/devise/models.rb +91 -0
  52. data/lib/devise/models/authenticatable.rb +181 -0
  53. data/lib/devise/models/confirmable.rb +220 -0
  54. data/lib/devise/models/database_authenticatable.rb +122 -0
  55. data/lib/devise/models/encryptable.rb +72 -0
  56. data/lib/devise/models/lockable.rb +169 -0
  57. data/lib/devise/models/omniauthable.rb +23 -0
  58. data/lib/devise/models/recoverable.rb +136 -0
  59. data/lib/devise/models/registerable.rb +21 -0
  60. data/lib/devise/models/rememberable.rb +114 -0
  61. data/lib/devise/models/serializable.rb +43 -0
  62. data/lib/devise/models/timeoutable.rb +45 -0
  63. data/lib/devise/models/token_authenticatable.rb +72 -0
  64. data/lib/devise/models/trackable.rb +30 -0
  65. data/lib/devise/models/validatable.rb +62 -0
  66. data/lib/devise/modules.rb +30 -0
  67. data/lib/devise/omniauth.rb +28 -0
  68. data/lib/devise/omniauth/config.rb +45 -0
  69. data/lib/devise/omniauth/url_helpers.rb +33 -0
  70. data/lib/devise/orm/active_record.rb +44 -0
  71. data/lib/devise/orm/mongoid.rb +31 -0
  72. data/lib/devise/param_filter.rb +41 -0
  73. data/lib/devise/path_checker.rb +18 -0
  74. data/lib/devise/rails.rb +73 -0
  75. data/lib/devise/rails/routes.rb +385 -0
  76. data/lib/devise/rails/warden_compat.rb +120 -0
  77. data/lib/devise/schema.rb +109 -0
  78. data/lib/devise/strategies/authenticatable.rb +155 -0
  79. data/lib/devise/strategies/base.rb +15 -0
  80. data/lib/devise/strategies/database_authenticatable.rb +21 -0
  81. data/lib/devise/strategies/rememberable.rb +53 -0
  82. data/lib/devise/strategies/token_authenticatable.rb +57 -0
  83. data/lib/devise/test_helpers.rb +90 -0
  84. data/lib/devise/version.rb +3 -0
  85. data/lib/generators/active_record/devise_generator.rb +71 -0
  86. data/lib/generators/active_record/templates/migration.rb +29 -0
  87. data/lib/generators/active_record/templates/migration_existing.rb +26 -0
  88. data/lib/generators/devise/devise_generator.rb +22 -0
  89. data/lib/generators/devise/install_generator.rb +24 -0
  90. data/lib/generators/devise/orm_helpers.rb +31 -0
  91. data/lib/generators/devise/views_generator.rb +98 -0
  92. data/lib/generators/mongoid/devise_generator.rb +60 -0
  93. data/lib/generators/templates/README +32 -0
  94. data/lib/generators/templates/devise.rb +215 -0
  95. data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
  96. data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
  97. data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
  98. data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +15 -0
  99. data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
  100. data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
  101. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +22 -0
  102. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
  103. data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
  104. data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +15 -0
  105. data/test/controllers/helpers_test.rb +254 -0
  106. data/test/controllers/internal_helpers_test.rb +96 -0
  107. data/test/controllers/sessions_controller_test.rb +16 -0
  108. data/test/controllers/url_helpers_test.rb +59 -0
  109. data/test/delegator_test.rb +19 -0
  110. data/test/devise_test.rb +72 -0
  111. data/test/encryptors_test.rb +30 -0
  112. data/test/failure_app_test.rb +207 -0
  113. data/test/generators/active_record_generator_test.rb +47 -0
  114. data/test/generators/devise_generator_test.rb +39 -0
  115. data/test/generators/install_generator_test.rb +13 -0
  116. data/test/generators/mongoid_generator_test.rb +23 -0
  117. data/test/generators/views_generator_test.rb +52 -0
  118. data/test/helpers/devise_helper_test.rb +51 -0
  119. data/test/indifferent_hash.rb +33 -0
  120. data/test/integration/authenticatable_test.rb +590 -0
  121. data/test/integration/confirmable_test.rb +262 -0
  122. data/test/integration/database_authenticatable_test.rb +82 -0
  123. data/test/integration/http_authenticatable_test.rb +82 -0
  124. data/test/integration/lockable_test.rb +212 -0
  125. data/test/integration/omniauthable_test.rb +133 -0
  126. data/test/integration/recoverable_test.rb +287 -0
  127. data/test/integration/registerable_test.rb +335 -0
  128. data/test/integration/rememberable_test.rb +158 -0
  129. data/test/integration/timeoutable_test.rb +98 -0
  130. data/test/integration/token_authenticatable_test.rb +148 -0
  131. data/test/integration/trackable_test.rb +92 -0
  132. data/test/mailers/confirmation_instructions_test.rb +95 -0
  133. data/test/mailers/reset_password_instructions_test.rb +83 -0
  134. data/test/mailers/unlock_instructions_test.rb +77 -0
  135. data/test/mapping_test.rb +128 -0
  136. data/test/models/confirmable_test.rb +334 -0
  137. data/test/models/database_authenticatable_test.rb +167 -0
  138. data/test/models/encryptable_test.rb +67 -0
  139. data/test/models/lockable_test.rb +225 -0
  140. data/test/models/recoverable_test.rb +198 -0
  141. data/test/models/rememberable_test.rb +168 -0
  142. data/test/models/serializable_test.rb +38 -0
  143. data/test/models/timeoutable_test.rb +42 -0
  144. data/test/models/token_authenticatable_test.rb +49 -0
  145. data/test/models/trackable_test.rb +5 -0
  146. data/test/models/validatable_test.rb +113 -0
  147. data/test/models_test.rb +109 -0
  148. data/test/omniauth/config_test.rb +57 -0
  149. data/test/omniauth/url_helpers_test.rb +58 -0
  150. data/test/orm/active_record.rb +9 -0
  151. data/test/orm/mongoid.rb +14 -0
  152. data/test/rails_app/Rakefile +10 -0
  153. data/test/rails_app/app/active_record/admin.rb +6 -0
  154. data/test/rails_app/app/active_record/shim.rb +2 -0
  155. data/test/rails_app/app/active_record/user.rb +6 -0
  156. data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
  157. data/test/rails_app/app/controllers/admins_controller.rb +6 -0
  158. data/test/rails_app/app/controllers/application_controller.rb +8 -0
  159. data/test/rails_app/app/controllers/home_controller.rb +25 -0
  160. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
  161. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
  162. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
  163. data/test/rails_app/app/controllers/users_controller.rb +23 -0
  164. data/test/rails_app/app/helpers/application_helper.rb +3 -0
  165. data/test/rails_app/app/mailers/users/mailer.rb +3 -0
  166. data/test/rails_app/app/mongoid/admin.rb +24 -0
  167. data/test/rails_app/app/mongoid/shim.rb +24 -0
  168. data/test/rails_app/app/mongoid/user.rb +45 -0
  169. data/test/rails_app/app/views/admins/index.html.erb +1 -0
  170. data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
  171. data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
  172. data/test/rails_app/app/views/home/index.html.erb +1 -0
  173. data/test/rails_app/app/views/home/join.html.erb +1 -0
  174. data/test/rails_app/app/views/home/private.html.erb +1 -0
  175. data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
  176. data/test/rails_app/app/views/layouts/application.html.erb +24 -0
  177. data/test/rails_app/app/views/users/index.html.erb +1 -0
  178. data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
  179. data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
  180. data/test/rails_app/config.ru +4 -0
  181. data/test/rails_app/config/application.rb +41 -0
  182. data/test/rails_app/config/boot.rb +8 -0
  183. data/test/rails_app/config/database.yml +18 -0
  184. data/test/rails_app/config/environment.rb +5 -0
  185. data/test/rails_app/config/environments/development.rb +18 -0
  186. data/test/rails_app/config/environments/production.rb +33 -0
  187. data/test/rails_app/config/environments/test.rb +33 -0
  188. data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
  189. data/test/rails_app/config/initializers/devise.rb +197 -0
  190. data/test/rails_app/config/initializers/inflections.rb +2 -0
  191. data/test/rails_app/config/initializers/secret_token.rb +2 -0
  192. data/test/rails_app/config/routes.rb +87 -0
  193. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +71 -0
  194. data/test/rails_app/db/schema.rb +52 -0
  195. data/test/rails_app/lib/shared_admin.rb +10 -0
  196. data/test/rails_app/lib/shared_user.rb +26 -0
  197. data/test/rails_app/public/404.html +26 -0
  198. data/test/rails_app/public/422.html +26 -0
  199. data/test/rails_app/public/500.html +26 -0
  200. data/test/rails_app/public/favicon.ico +0 -0
  201. data/test/rails_app/script/rails +10 -0
  202. data/test/routes_test.rb +240 -0
  203. data/test/support/assertions.rb +27 -0
  204. data/test/support/helpers.rb +109 -0
  205. data/test/support/integration.rb +88 -0
  206. data/test/support/locale/en.yml +4 -0
  207. data/test/support/webrat/integrations/rails.rb +24 -0
  208. data/test/test_helper.rb +27 -0
  209. data/test/test_helpers_test.rb +134 -0
  210. metadata +295 -0
@@ -0,0 +1,39 @@
1
+ require 'test_helper'
2
+
3
+ require "generators/devise/devise_generator"
4
+
5
+ class DeviseGeneratorTest < Rails::Generators::TestCase
6
+ tests Devise::Generators::DeviseGenerator
7
+ destination File.expand_path("../../tmp", __FILE__)
8
+
9
+ setup do
10
+ prepare_destination
11
+ copy_routes
12
+ end
13
+
14
+ test "route generation for simple model names" do
15
+ run_generator %w(monster name:string)
16
+ assert_file "config/routes.rb", /devise_for :monsters/
17
+ end
18
+
19
+ test "route generation for namespaced model names" do
20
+ run_generator %w(monster/goblin name:string)
21
+ match = /devise_for :goblins, :class_name => "Monster::Goblin"/
22
+ assert_file "config/routes.rb", match
23
+ end
24
+
25
+ test "route generation with skip routes" do
26
+ run_generator %w(monster name:string --skip-routes)
27
+ match = /devise_for :monsters, :skip => :all/
28
+ assert_file "config/routes.rb", match
29
+ end
30
+
31
+ def copy_routes
32
+ routes = File.expand_path("../../rails_app/config/routes.rb", __FILE__)
33
+ destination = File.join(destination_root, "config")
34
+
35
+ FileUtils.mkdir_p(destination)
36
+ FileUtils.cp routes, destination
37
+ end
38
+
39
+ end
@@ -0,0 +1,13 @@
1
+ require "test_helper"
2
+
3
+ class InstallGeneratorTest < Rails::Generators::TestCase
4
+ tests Devise::Generators::InstallGenerator
5
+ destination File.expand_path("../../tmp", __FILE__)
6
+ setup :prepare_destination
7
+
8
+ test "Assert all files are properly created" do
9
+ run_generator
10
+ assert_file "config/initializers/devise.rb"
11
+ assert_file "config/locales/devise.en.yml"
12
+ end
13
+ end
@@ -0,0 +1,23 @@
1
+ require "test_helper"
2
+
3
+ if DEVISE_ORM == :mongoid
4
+ require "generators/mongoid/devise_generator"
5
+
6
+ class MongoidGeneratorTest < Rails::Generators::TestCase
7
+ tests Mongoid::Generators::DeviseGenerator
8
+ destination File.expand_path("../../tmp", __FILE__)
9
+ setup :prepare_destination
10
+
11
+ test "all files are properly created" do
12
+ run_generator %w(monster)
13
+ assert_file "app/models/monster.rb", /devise/
14
+ end
15
+
16
+ test "all files are properly deleted" do
17
+ run_generator %w(monster)
18
+ run_generator %w(monster), :behavior => :revoke
19
+ assert_no_file "app/models/monster.rb"
20
+ end
21
+ end
22
+ end
23
+
@@ -0,0 +1,52 @@
1
+ require "test_helper"
2
+
3
+ class ViewsGeneratorTest < Rails::Generators::TestCase
4
+ tests Devise::Generators::ViewsGenerator
5
+ destination File.expand_path("../../tmp", __FILE__)
6
+ setup :prepare_destination
7
+
8
+ test "Assert all views are properly created with no params" do
9
+ run_generator
10
+ assert_files
11
+ end
12
+
13
+ test "Assert all views are properly created with scope param param" do
14
+ run_generator %w(users)
15
+ assert_files "users"
16
+
17
+ run_generator %w(admins)
18
+ assert_files "admins"
19
+ end
20
+
21
+ test "Assert views with simple form" do
22
+ run_generator %w(-b simple_form_for)
23
+ assert_files
24
+ assert_file "app/views/devise/confirmations/new.html.erb", /simple_form_for/
25
+
26
+ run_generator %w(users -b simple_form_for)
27
+ assert_files "users"
28
+ assert_file "app/views/users/confirmations/new.html.erb", /simple_form_for/
29
+ end
30
+
31
+ test "Assert views with markerb" do
32
+ run_generator %w(--markerb)
33
+ assert_files nil, :mail_template_engine => "markerb"
34
+ end
35
+
36
+ def assert_files(scope = nil, options={})
37
+ scope = "devise" if scope.nil?
38
+ mail_template_engine = options[:mail_template_engine] || "html.erb"
39
+
40
+ assert_file "app/views/#{scope}/confirmations/new.html.erb"
41
+ assert_file "app/views/#{scope}/mailer/confirmation_instructions.#{mail_template_engine}"
42
+ assert_file "app/views/#{scope}/mailer/reset_password_instructions.#{mail_template_engine}"
43
+ assert_file "app/views/#{scope}/mailer/unlock_instructions.#{mail_template_engine}"
44
+ assert_file "app/views/#{scope}/passwords/edit.html.erb"
45
+ assert_file "app/views/#{scope}/passwords/new.html.erb"
46
+ assert_file "app/views/#{scope}/registrations/new.html.erb"
47
+ assert_file "app/views/#{scope}/registrations/edit.html.erb"
48
+ assert_file "app/views/#{scope}/sessions/new.html.erb"
49
+ assert_file "app/views/#{scope}/shared/_links.erb"
50
+ assert_file "app/views/#{scope}/unlocks/new.html.erb"
51
+ end
52
+ end
@@ -0,0 +1,51 @@
1
+ require 'test_helper'
2
+
3
+ class DeviseHelperTest < ActionController::IntegrationTest
4
+ setup do
5
+ model_labels = { :models => { :user => "utilisateur" } }
6
+
7
+ I18n.backend.store_translations :fr,
8
+ {
9
+ :errors => { :messages => { :not_saved => {
10
+ :one => "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.",
11
+ :other => "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs."
12
+ } } },
13
+ :activerecord => model_labels,
14
+ :mongoid => model_labels
15
+ }
16
+
17
+ I18n.locale = 'fr'
18
+ end
19
+
20
+ teardown do
21
+ I18n.locale = 'en'
22
+ end
23
+
24
+ test 'test errors.messages.not_saved with single error from i18n' do
25
+ get new_user_registration_path
26
+
27
+ fill_in 'password', :with => 'new_user123'
28
+ fill_in 'password confirmation', :with => 'new_user123'
29
+ click_button 'Sign up'
30
+
31
+ assert_have_selector '#error_explanation'
32
+ assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 1 erreur"
33
+ end
34
+
35
+ test 'test errors.messages.not_saved with multiple errors from i18n' do
36
+ # Dirty tracking behavior prevents email validations from being applied:
37
+ # https://github.com/mongoid/mongoid/issues/756
38
+ (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
39
+
40
+ get new_user_registration_path
41
+
42
+ fill_in 'email', :with => 'invalid_email'
43
+ fill_in 'password', :with => 'new_user123'
44
+ fill_in 'password confirmation', :with => 'new_user321'
45
+ click_button 'Sign up'
46
+
47
+ assert_have_selector '#error_explanation'
48
+ assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 2 erreurs"
49
+ end
50
+ end
51
+
@@ -0,0 +1,33 @@
1
+ require 'test_helper'
2
+
3
+ class IndifferentHashTest < ActiveSupport::TestCase
4
+ setup do
5
+ @hash = Devise::IndifferentHash.new
6
+ end
7
+
8
+ test "it overwrites getter and setter" do
9
+ @hash[:foo] = "bar"
10
+ assert_equal "bar", @hash["foo"]
11
+ assert_equal "bar", @hash[:foo]
12
+
13
+ @hash["foo"] = "baz"
14
+ assert_equal "baz", @hash["foo"]
15
+ assert_equal "baz", @hash[:foo]
16
+ end
17
+
18
+ test "it overwrites update" do
19
+ @hash.update :foo => "bar"
20
+ assert_equal "bar", @hash["foo"]
21
+ assert_equal "bar", @hash[:foo]
22
+
23
+ @hash.update "foo" => "baz"
24
+ assert_equal "baz", @hash["foo"]
25
+ assert_equal "baz", @hash[:foo]
26
+ end
27
+
28
+ test "it returns a Hash on to_hash" do
29
+ @hash[:foo] = "bar"
30
+ assert_equal Hash["foo", "bar"], @hash.to_hash
31
+ assert_kind_of Hash, @hash.to_hash
32
+ end
33
+ end if defined?(Devise::IndifferentHash)
@@ -0,0 +1,590 @@
1
+ require 'test_helper'
2
+
3
+ class AuthenticationSanityTest < ActionController::IntegrationTest
4
+ test 'home should be accessible without sign in' do
5
+ visit '/'
6
+ assert_response :success
7
+ assert_template 'home/index'
8
+ end
9
+
10
+ test 'sign in as user should not authenticate admin scope' do
11
+ sign_in_as_user
12
+ assert warden.authenticated?(:user)
13
+ assert_not warden.authenticated?(:admin)
14
+ end
15
+
16
+ test 'sign in as admin should not authenticate user scope' do
17
+ sign_in_as_admin
18
+ assert warden.authenticated?(:admin)
19
+ assert_not warden.authenticated?(:user)
20
+ end
21
+
22
+ test 'sign in as both user and admin at same time' do
23
+ sign_in_as_user
24
+ sign_in_as_admin
25
+ assert warden.authenticated?(:user)
26
+ assert warden.authenticated?(:admin)
27
+ end
28
+
29
+ test 'sign out as user should not touch admin authentication if sign_out_all_scopes is false' do
30
+ swap Devise, :sign_out_all_scopes => false do
31
+ sign_in_as_user
32
+ sign_in_as_admin
33
+ get destroy_user_session_path
34
+ assert_not warden.authenticated?(:user)
35
+ assert warden.authenticated?(:admin)
36
+ end
37
+ end
38
+
39
+ test 'sign out as admin should not touch user authentication if sign_out_all_scopes is false' do
40
+ swap Devise, :sign_out_all_scopes => false do
41
+ sign_in_as_user
42
+ sign_in_as_admin
43
+
44
+ get destroy_admin_session_path
45
+ assert_not warden.authenticated?(:admin)
46
+ assert warden.authenticated?(:user)
47
+ end
48
+ end
49
+
50
+ test 'sign out as user should also sign out admin if sign_out_all_scopes is true' do
51
+ swap Devise, :sign_out_all_scopes => true do
52
+ sign_in_as_user
53
+ sign_in_as_admin
54
+
55
+ get destroy_user_session_path
56
+ assert_not warden.authenticated?(:user)
57
+ assert_not warden.authenticated?(:admin)
58
+ end
59
+ end
60
+
61
+ test 'sign out as admin should also sign out user if sign_out_all_scopes is true' do
62
+ swap Devise, :sign_out_all_scopes => true do
63
+ sign_in_as_user
64
+ sign_in_as_admin
65
+
66
+ get destroy_admin_session_path
67
+ assert_not warden.authenticated?(:admin)
68
+ assert_not warden.authenticated?(:user)
69
+ end
70
+ end
71
+
72
+ test 'not signed in as admin should not be able to access admins actions' do
73
+ get admins_path
74
+ assert_redirected_to new_admin_session_path
75
+ assert_not warden.authenticated?(:admin)
76
+ end
77
+
78
+ test 'not signed in as admin should not be able to access private route restricted to admins' do
79
+ get private_path
80
+ assert_redirected_to new_admin_session_path
81
+ assert_not warden.authenticated?(:admin)
82
+ end
83
+
84
+ test 'signed in as user should not be able to access private route restricted to admins' do
85
+ sign_in_as_user
86
+ assert warden.authenticated?(:user)
87
+ assert_not warden.authenticated?(:admin)
88
+ get private_path
89
+ assert_redirected_to new_admin_session_path
90
+ end
91
+
92
+ test 'signed in as admin should be able to access private route restricted to admins' do
93
+ sign_in_as_admin
94
+ assert warden.authenticated?(:admin)
95
+ assert_not warden.authenticated?(:user)
96
+
97
+ get private_path
98
+
99
+ assert_response :success
100
+ assert_template 'home/private'
101
+ assert_contain 'Private!'
102
+ end
103
+
104
+ test 'signed in as admin should get admin dashboard' do
105
+ sign_in_as_admin
106
+ assert warden.authenticated?(:admin)
107
+ assert_not warden.authenticated?(:user)
108
+
109
+ get dashboard_path
110
+
111
+ assert_response :success
112
+ assert_template 'home/admin'
113
+ assert_contain 'Admin dashboard'
114
+ end
115
+
116
+ test 'signed in as user should get user dashboard' do
117
+ sign_in_as_user
118
+ assert warden.authenticated?(:user)
119
+ assert_not warden.authenticated?(:admin)
120
+
121
+ get dashboard_path
122
+
123
+ assert_response :success
124
+ assert_template 'home/user'
125
+ assert_contain 'User dashboard'
126
+ end
127
+
128
+ test 'not signed in should get no dashboard' do
129
+ assert_raises ActionController::RoutingError do
130
+ get dashboard_path
131
+ end
132
+ end
133
+
134
+ test 'signed in user should not see unauthenticated page' do
135
+ sign_in_as_user
136
+ assert warden.authenticated?(:user)
137
+ assert_not warden.authenticated?(:admin)
138
+
139
+ assert_raises ActionController::RoutingError do
140
+ get join_path
141
+ end
142
+ end
143
+
144
+ test 'not signed in users should see unautheticated page' do
145
+ get join_path
146
+
147
+ assert_response :success
148
+ assert_template 'home/join'
149
+ assert_contain 'Join'
150
+ end
151
+
152
+ test 'signed in as user should not be able to access admins actions' do
153
+ sign_in_as_user
154
+ assert warden.authenticated?(:user)
155
+ assert_not warden.authenticated?(:admin)
156
+
157
+ get admins_path
158
+ assert_redirected_to new_admin_session_path
159
+ end
160
+
161
+ test 'signed in as admin should be able to access admin actions' do
162
+ sign_in_as_admin
163
+ assert warden.authenticated?(:admin)
164
+ assert_not warden.authenticated?(:user)
165
+
166
+ get admins_path
167
+
168
+ assert_response :success
169
+ assert_template 'admins/index'
170
+ assert_contain 'Welcome Admin'
171
+ end
172
+
173
+ test 'authenticated admin should not be able to sign as admin again' do
174
+ sign_in_as_admin
175
+ get new_admin_session_path
176
+
177
+ assert_response :redirect
178
+ assert_redirected_to admin_root_path
179
+ assert warden.authenticated?(:admin)
180
+ end
181
+
182
+ test 'authenticated admin should be able to sign out' do
183
+ sign_in_as_admin
184
+ assert warden.authenticated?(:admin)
185
+
186
+ get destroy_admin_session_path
187
+ assert_response :redirect
188
+ assert_redirected_to root_path
189
+
190
+ get root_path
191
+ assert_contain 'Signed out successfully'
192
+ assert_not warden.authenticated?(:admin)
193
+ end
194
+
195
+ test 'unauthenticated admin does not set message on sign out' do
196
+ get destroy_admin_session_path
197
+ assert_response :redirect
198
+ assert_redirected_to root_path
199
+
200
+ get root_path
201
+ assert_not_contain 'Signed out successfully'
202
+ end
203
+
204
+ test 'scope uses custom failure app' do
205
+ put "/en/accounts/management"
206
+ assert_equal "Oops, not found", response.body
207
+ assert_equal 404, response.status
208
+ end
209
+ end
210
+
211
+ class AuthenticationRedirectTest < ActionController::IntegrationTest
212
+ test 'redirect from warden shows sign in or sign up message' do
213
+ get admins_path
214
+
215
+ warden_path = new_admin_session_path
216
+ assert_redirected_to warden_path
217
+
218
+ get warden_path
219
+ assert_contain 'You need to sign in or sign up before continuing.'
220
+ end
221
+
222
+ test 'redirect to default url if no other was configured' do
223
+ sign_in_as_user
224
+ assert_template 'home/index'
225
+ assert_nil session[:"user_return_to"]
226
+ end
227
+
228
+ test 'redirect to requested url after sign in' do
229
+ get users_path
230
+ assert_redirected_to new_user_session_path
231
+ assert_equal users_path, session[:"user_return_to"]
232
+
233
+ follow_redirect!
234
+ sign_in_as_user :visit => false
235
+
236
+ assert_current_url '/users'
237
+ assert_nil session[:"user_return_to"]
238
+ end
239
+
240
+ test 'redirect to last requested url overwriting the stored return_to option' do
241
+ get expire_user_path(create_user)
242
+ assert_redirected_to new_user_session_path
243
+ assert_equal expire_user_path(create_user), session[:"user_return_to"]
244
+
245
+ get users_path
246
+ assert_redirected_to new_user_session_path
247
+ assert_equal users_path, session[:"user_return_to"]
248
+
249
+ follow_redirect!
250
+ sign_in_as_user :visit => false
251
+
252
+ assert_current_url '/users'
253
+ assert_nil session[:"user_return_to"]
254
+ end
255
+
256
+ test 'xml http requests does not store urls for redirect' do
257
+ get users_path, {}, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'
258
+ assert_equal 401, response.status
259
+ assert_nil session[:"user_return_to"]
260
+ end
261
+
262
+ test 'redirect to configured home path for a given scope after sign in' do
263
+ sign_in_as_admin
264
+ assert_equal "/admin_area/home", @request.path
265
+ end
266
+
267
+ test 'require_no_authentication should set the already_authenticated flash message' do
268
+ sign_in_as_user
269
+ visit new_user_session_path
270
+ assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated")
271
+ end
272
+ end
273
+
274
+ class AuthenticationSessionTest < ActionController::IntegrationTest
275
+ test 'destroyed account is signed out' do
276
+ sign_in_as_user
277
+ get '/users'
278
+
279
+ User.destroy_all
280
+ get '/users'
281
+ assert_redirected_to new_user_session_path
282
+ end
283
+
284
+ test 'allows session to be set for a given scope' do
285
+ sign_in_as_user
286
+ get '/users'
287
+ assert_equal "Cart", @controller.user_session[:cart]
288
+ end
289
+
290
+ test 'does not explode when invalid user class is stored in session' do
291
+ klass = User
292
+ paths = ActiveSupport::Dependencies.autoload_paths.dup
293
+
294
+ begin
295
+ sign_in_as_user
296
+ assert warden.authenticated?(:user)
297
+
298
+ Object.send :remove_const, :User
299
+ ActiveSupport::Dependencies.autoload_paths.clear
300
+
301
+ visit "/users"
302
+ assert_not warden.authenticated?(:user)
303
+ ensure
304
+ Object.const_set(:User, klass)
305
+ ActiveSupport::Dependencies.autoload_paths.replace(paths)
306
+ end
307
+ end
308
+
309
+ test 'session id is changed on sign in' do
310
+ get '/users'
311
+ session_id = request.session["session_id"]
312
+
313
+ get '/users'
314
+ assert_equal session_id, request.session["session_id"]
315
+
316
+ sign_in_as_user
317
+ assert_not_equal session_id, request.session["session_id"]
318
+ end
319
+ end
320
+
321
+ class AuthenticationWithScopedViewsTest < ActionController::IntegrationTest
322
+ test 'renders the scoped view if turned on and view is available' do
323
+ swap Devise, :scoped_views => true do
324
+ assert_raise Webrat::NotFoundError do
325
+ sign_in_as_user
326
+ end
327
+ assert_match /Special user view/, response.body
328
+ end
329
+ end
330
+
331
+ test 'renders the scoped view if turned on in an specific controller' do
332
+ begin
333
+ Devise::SessionsController.scoped_views = true
334
+ assert_raise Webrat::NotFoundError do
335
+ sign_in_as_user
336
+ end
337
+
338
+ assert_match /Special user view/, response.body
339
+ assert !Devise::PasswordsController.scoped_views?
340
+ ensure
341
+ Devise::SessionsController.send :remove_instance_variable, :@scoped_views
342
+ end
343
+ end
344
+
345
+ test 'does not render the scoped view if turned off' do
346
+ swap Devise, :scoped_views => false do
347
+ assert_nothing_raised do
348
+ sign_in_as_user
349
+ end
350
+ end
351
+ end
352
+
353
+ test 'does not render the scoped view if not available' do
354
+ swap Devise, :scoped_views => true do
355
+ assert_nothing_raised do
356
+ sign_in_as_admin
357
+ end
358
+ end
359
+ end
360
+ end
361
+
362
+ class AuthenticationOthersTest < ActionController::IntegrationTest
363
+ test 'handles unverified requests gets rid of caches' do
364
+ swap UsersController, :allow_forgery_protection => true do
365
+ post exhibit_user_url(1)
366
+ assert_not warden.authenticated?(:user)
367
+
368
+ sign_in_as_user
369
+ assert warden.authenticated?(:user)
370
+
371
+ post exhibit_user_url(1)
372
+ assert_not warden.authenticated?(:user)
373
+ assert_equal "User is not authenticated", response.body
374
+ end
375
+ end
376
+
377
+ test 'uses the custom controller with the custom controller view' do
378
+ get '/admin_area/sign_in'
379
+ assert_contain 'Sign in'
380
+ assert_contain 'Welcome to "admins/sessions" controller!'
381
+ assert_contain 'Welcome to "sessions/new" view!'
382
+ end
383
+
384
+ test 'render 404 on roles without routes' do
385
+ assert_raise ActionController::RoutingError do
386
+ get '/admin_area/password/new'
387
+ end
388
+ end
389
+
390
+ test 'does not intercept Rails 401 responses' do
391
+ get '/unauthenticated'
392
+ assert_equal 401, response.status
393
+ end
394
+
395
+ test 'render 404 on roles without mapping' do
396
+ assert_raise AbstractController::ActionNotFound do
397
+ get '/sign_in'
398
+ end
399
+ end
400
+
401
+ test 'sign in with script name' do
402
+ assert_nothing_raised do
403
+ get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
404
+ fill_in "email", :with => "user@test.com"
405
+ end
406
+ end
407
+
408
+ test 'sign in stub in xml format' do
409
+ get new_user_session_path(:format => 'xml')
410
+ assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n <email></email>\n <password nil=\"true\"></password>\n</user>\n", response.body
411
+ end
412
+
413
+ test 'sign in stub in json format' do
414
+ get new_user_session_path(:format => 'json')
415
+ assert_match '{"user":{', response.body
416
+ assert_match '"email":""', response.body
417
+ assert_match '"password":null', response.body
418
+ end
419
+
420
+ test 'sign in stub in json with non attribute key' do
421
+ swap Devise, :authentication_keys => [:other_key] do
422
+ get new_user_session_path(:format => 'json')
423
+ assert_match '{"user":{', response.body
424
+ assert_match '"other_key":null', response.body
425
+ assert_match '"password":null', response.body
426
+ end
427
+ end
428
+
429
+ test 'uses the mapping from router' do
430
+ sign_in_as_user :visit => "/as/sign_in"
431
+ assert warden.authenticated?(:user)
432
+ assert_not warden.authenticated?(:admin)
433
+ end
434
+
435
+ test 'uses the mapping from nested devise_for call' do
436
+ sign_in_as_user :visit => "/devise_for/sign_in"
437
+ assert warden.authenticated?(:user)
438
+ assert_not warden.authenticated?(:admin)
439
+ end
440
+
441
+ test 'sign in with xml format returns xml response' do
442
+ create_user
443
+ post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
444
+ assert_response :success
445
+ assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
446
+ end
447
+
448
+ test 'sign in with xml format is idempotent' do
449
+ get new_user_session_path(:format => 'xml')
450
+ assert_response :success
451
+
452
+ create_user
453
+ post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
454
+ assert_response :success
455
+
456
+ get new_user_session_path(:format => 'xml')
457
+ assert_response :success
458
+
459
+ post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
460
+ assert_response :success
461
+ assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
462
+ end
463
+
464
+ test 'sign out with xml format returns ok response' do
465
+ sign_in_as_user
466
+ get destroy_user_session_path(:format => 'xml')
467
+ assert_response :ok
468
+ assert_not warden.authenticated?(:user)
469
+ end
470
+
471
+ test 'sign out with json format returns empty json response' do
472
+ sign_in_as_user
473
+ get destroy_user_session_path(:format => 'json')
474
+ assert_response :ok
475
+ assert_not warden.authenticated?(:user)
476
+ end
477
+ end
478
+
479
+ class AuthenticationKeysTest < ActionController::IntegrationTest
480
+ test 'missing authentication keys cause authentication to abort' do
481
+ swap Devise, :authentication_keys => [:subdomain] do
482
+ sign_in_as_user
483
+ assert_contain "Invalid email or password."
484
+ assert_not warden.authenticated?(:user)
485
+ end
486
+ end
487
+
488
+ test 'missing authentication keys cause authentication to abort unless marked as not required' do
489
+ swap Devise, :authentication_keys => { :email => true, :subdomain => false } do
490
+ sign_in_as_user
491
+ assert warden.authenticated?(:user)
492
+ end
493
+ end
494
+ end
495
+
496
+ class AuthenticationRequestKeysTest < ActionController::IntegrationTest
497
+ test 'request keys are used on authentication' do
498
+ host! 'foo.bar.baz'
499
+
500
+ swap Devise, :request_keys => [:subdomain] do
501
+ User.expects(:find_for_authentication).with(:subdomain => 'foo', :email => 'user@test.com').returns(create_user)
502
+ sign_in_as_user
503
+ assert warden.authenticated?(:user)
504
+ end
505
+ end
506
+
507
+ test 'invalid request keys raises NoMethodError' do
508
+ swap Devise, :request_keys => [:unknown_method] do
509
+ assert_raise NoMethodError do
510
+ sign_in_as_user
511
+ end
512
+
513
+ assert_not warden.authenticated?(:user)
514
+ end
515
+ end
516
+
517
+ test 'blank request keys cause authentication to abort' do
518
+ host! 'test.com'
519
+
520
+ swap Devise, :request_keys => [:subdomain] do
521
+ sign_in_as_user
522
+ assert_contain "Invalid email or password."
523
+ assert_not warden.authenticated?(:user)
524
+ end
525
+ end
526
+
527
+ test 'blank request keys cause authentication to abort unless if marked as not required' do
528
+ host! 'test.com'
529
+
530
+ swap Devise, :request_keys => { :subdomain => false } do
531
+ sign_in_as_user
532
+ assert warden.authenticated?(:user)
533
+ end
534
+ end
535
+ end
536
+
537
+ class AuthenticationSignOutViaTest < ActionController::IntegrationTest
538
+ def sign_in!(scope)
539
+ sign_in_as_admin(:visit => send("new_#{scope}_session_path"))
540
+ assert warden.authenticated?(scope)
541
+ end
542
+
543
+ test 'allow sign out via delete when sign_out_via provides only delete' do
544
+ sign_in!(:sign_out_via_delete)
545
+ delete destroy_sign_out_via_delete_session_path
546
+ assert_not warden.authenticated?(:sign_out_via_delete)
547
+ end
548
+
549
+ test 'do not allow sign out via get when sign_out_via provides only delete' do
550
+ sign_in!(:sign_out_via_delete)
551
+ assert_raise ActionController::RoutingError do
552
+ get destroy_sign_out_via_delete_session_path
553
+ end
554
+ assert warden.authenticated?(:sign_out_via_delete)
555
+ end
556
+
557
+ test 'allow sign out via post when sign_out_via provides only post' do
558
+ sign_in!(:sign_out_via_post)
559
+ post destroy_sign_out_via_post_session_path
560
+ assert_not warden.authenticated?(:sign_out_via_post)
561
+ end
562
+
563
+ test 'do not allow sign out via get when sign_out_via provides only post' do
564
+ sign_in!(:sign_out_via_post)
565
+ assert_raise ActionController::RoutingError do
566
+ get destroy_sign_out_via_delete_session_path
567
+ end
568
+ assert warden.authenticated?(:sign_out_via_post)
569
+ end
570
+
571
+ test 'allow sign out via delete when sign_out_via provides delete and post' do
572
+ sign_in!(:sign_out_via_delete_or_post)
573
+ delete destroy_sign_out_via_delete_or_post_session_path
574
+ assert_not warden.authenticated?(:sign_out_via_delete_or_post)
575
+ end
576
+
577
+ test 'allow sign out via post when sign_out_via provides delete and post' do
578
+ sign_in!(:sign_out_via_delete_or_post)
579
+ post destroy_sign_out_via_delete_or_post_session_path
580
+ assert_not warden.authenticated?(:sign_out_via_delete_or_post)
581
+ end
582
+
583
+ test 'do not allow sign out via get when sign_out_via provides delete and post' do
584
+ sign_in!(:sign_out_via_delete_or_post)
585
+ assert_raise ActionController::RoutingError do
586
+ get destroy_sign_out_via_delete_or_post_session_path
587
+ end
588
+ assert warden.authenticated?(:sign_out_via_delete_or_post)
589
+ end
590
+ end