cloudfoundry-devise 1.5.2

data/test/integration/omniauthable_test.rb

@@ -0,0 +1,133 @@
+require 'test_helper'
+
+
+class OmniauthableIntegrationTest < ActionController::IntegrationTest
+  FACEBOOK_INFO = {
+    "id" => '12345',
+    "link" => 'http://facebook.com/josevalim',
+    "email" => 'user@example.com',
+    "first_name" => 'Jose',
+    "last_name" => 'Valim',
+    "website" => 'http://blog.plataformatec.com.br'
+  }
+
+  setup do
+    OmniAuth.config.test_mode = true
+    OmniAuth.config.mock_auth[:facebook] = {
+      "uid" => '12345',
+      "provider" => 'facebook',
+      "user_info" => {"nickname" => 'josevalim'},
+      "credentials" => {"token" => 'plataformatec'},
+      "extra" => {"user_hash" => FACEBOOK_INFO}
+    }
+  end
+
+  teardown do
+    OmniAuth.config.test_mode = false
+  end
+
+  def stub_action!(name)
+    Users::OmniauthCallbacksController.class_eval do
+      alias_method :__old_facebook, :facebook
+      alias_method :facebook, name
+    end
+    yield
+  ensure
+    Users::OmniauthCallbacksController.class_eval do
+      alias_method :facebook, :__old_facebook
+    end
+  end
+
+  test "can access omniauth.auth in the env hash" do
+    visit "/users/sign_in"
+    click_link "Sign in with Facebook"
+
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_equal "12345",         json["uid"]
+    assert_equal "facebook",      json["provider"]
+    assert_equal "josevalim",     json["user_info"]["nickname"]
+    assert_equal FACEBOOK_INFO,   json["extra"]["user_hash"]
+    assert_equal "plataformatec", json["credentials"]["token"]
+  end
+
+  test "cleans up session on sign up" do
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+
+    assert session["devise.facebook_data"]
+
+    assert_difference "User.count" do
+      visit "/users/sign_up"
+      fill_in "Password", :with => "123456"
+      fill_in "Password confirmation", :with => "123456"
+      click_button "Sign up"
+    end
+
+    assert_current_url "/"
+    assert_contain "You have signed up successfully."
+    assert_contain "Hello User user@example.com"
+    assert_not session["devise.facebook_data"]
+  end
+
+  test "cleans up session on cancel" do
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+
+    assert session["devise.facebook_data"]
+    visit "/users/cancel"
+    assert !session["devise.facebook_data"]
+  end
+
+  test "cleans up session on sign in" do
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+
+    assert session["devise.facebook_data"]
+    user = sign_in_as_user
+    assert !session["devise.facebook_data"]
+  end
+
+  test "sign in and send remember token if configured" do
+    visit "/users/sign_in"
+    click_link "Sign in with Facebook"
+    assert_nil warden.cookies["remember_user_token"]
+
+    stub_action!(:sign_in_facebook) do
+      create_user
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+      assert warden.authenticated?(:user)
+      assert warden.cookies["remember_user_token"]
+    end
+  end
+
+  test "generates a proper link when SCRIPT_NAME is set" do
+    header 'SCRIPT_NAME', '/q'
+    visit "/users/sign_in"
+    assert_select "a", :href => "/q/users/auth/facebook"
+  end
+
+  test "handles callback error parameter according to the specification" do
+    OmniAuth.config.mock_auth[:facebook] = :access_denied
+    visit "/users/auth/facebook/callback?error=access_denied"
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Access denied".'
+  end
+
+  test "handles other exceptions from omniauth" do
+    OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
+
+    visit "/users/sign_in"
+    click_link "Sign in with Facebook"
+
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
+  end
+end

data/test/integration/recoverable_test.rb

@@ -0,0 +1,287 @@
+require 'test_helper'
+
+class PasswordTest < ActionController::IntegrationTest
+
+  def visit_new_password_path
+    visit new_user_session_path
+    click_link 'Forgot your password?'
+  end
+
+  def request_forgot_password(&block)
+    visit_new_password_path
+    assert_response :success
+    assert_not warden.authenticated?(:user)
+
+    fill_in 'email', :with => 'user@test.com'
+    yield if block_given?
+    click_button 'Send me reset password instructions'
+  end
+
+  def reset_password(options={}, &block)
+    visit edit_user_password_path(:reset_password_token => options[:reset_password_token]) unless options[:visit] == false
+    assert_response :success
+
+    fill_in 'New password', :with => '987654321'
+    fill_in 'Confirm new password', :with => '987654321'
+    yield if block_given?
+    click_button 'Change my password'
+  end
+
+  test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+
+    request_forgot_password do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'reset password with email should send an email from a custom mailer' do
+    create_user(:email => 'Foo@Bar.com')
+
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+    request_forgot_password do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.last.from
+  end
+
+  test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+
+      request_forgot_password do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+
+      assert_response :success
+      assert_current_url '/users/password'
+      assert_have_selector "input[type=email][value='foo@bar.com']"
+      assert_contain 'not found'
+    end
+  end
+
+  test 'reset password with email with extra whitespace should succeed when email is in the list of strip whitespace keys' do
+    create_user(:email => 'foo@bar.com')
+
+    request_forgot_password do
+      fill_in 'email', :with => ' foo@bar.com '
+    end
+
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'reset password with email with extra whitespace should fail when email is NOT the list of strip whitespace keys' do
+    swap Devise, :strip_whitespace_keys => [] do
+      create_user(:email => 'foo@bar.com')
+
+      request_forgot_password do
+        fill_in 'email', :with => ' foo@bar.com '
+      end
+
+      assert_response :success
+      assert_current_url '/users/password'
+      assert_have_selector "input[type=email][value=' foo@bar.com ']"
+      assert_contain 'not found'
+    end
+  end
+
+  test 'authenticated user should not be able to visit forgot password page' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+
+    get new_user_password_path
+
+    assert_response :redirect
+    assert_redirected_to root_path
+  end
+
+  test 'not authenticated user should be able to request a forgot password' do
+    create_user
+    request_forgot_password
+
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'not authenticated user with invalid email should receive an error message' do
+    request_forgot_password do
+      fill_in 'email', :with => 'invalid.test@test.com'
+    end
+
+    assert_response :success
+    assert_current_url '/users/password'
+    assert_have_selector "input[type=email][value='invalid.test@test.com']"
+    assert_contain 'not found'
+  end
+
+  test 'authenticated user should not be able to visit edit password page' do
+    sign_in_as_user
+    get edit_user_password_path
+    assert_response :redirect
+    assert_redirected_to root_path
+    assert warden.authenticated?(:user)
+  end
+
+  test 'not authenticated user with invalid reset password token should not be able to change his password' do
+    user = create_user
+    reset_password :reset_password_token => 'invalid_reset_password'
+
+    assert_response :success
+    assert_current_url '/users/password'
+    assert_have_selector '#error_explanation'
+    assert_contain /Reset password token(.*)invalid/
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid reset password token but invalid password should not be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token do
+      fill_in 'Confirm new password', :with => 'other_password'
+    end
+
+    assert_response :success
+    assert_current_url '/users/password'
+    assert_have_selector '#error_explanation'
+    assert_contain 'Password doesn\'t match confirmation'
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid data should be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert_current_url '/'
+    assert_contain 'Your password was changed successfully. You are now signed in.'
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'after entering invalid data user should still be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token do
+      fill_in 'Confirm new password', :with => 'other_password'
+    end
+    assert_response :success
+    assert_have_selector '#error_explanation'
+    assert_not user.reload.valid_password?('987654321')
+
+    reset_password :reset_password_token => user.reload.reset_password_token, :visit => false
+    assert_contain 'Your password was changed successfully.'
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'sign in user automatically after changing its password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+  end
+
+  test 'does not sign in user automatically after changing its password if it\'s locked' do
+    user = create_user(:locked => true)
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert_contain 'Your password was changed successfully.'
+    assert_not_contain 'You are now signed in.'
+    assert_equal new_user_session_path, @request.path
+    assert !warden.authenticated?(:user)
+  end
+
+  test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
+    user = create_user(:confirm => false)
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+    assert user.reload.confirmed?
+  end
+
+  test 'reset password request with valid E-Mail in XML format should return valid response' do
+    create_user
+    post user_password_path(:format => 'xml'), :user => {:email => "user@test.com"}
+    assert_response :success
+    assert_equal response.body, { }.to_xml
+  end
+
+  test 'reset password request with invalid E-Mail in XML format should return valid response' do
+    create_user
+    post user_password_path(:format => 'xml'), :user => {:email => "invalid.test@test.com"}
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+
+  test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
+    swap Devise, :paranoid => true do
+      create_user
+      post user_password_path(:format => 'xml'), :user => {:email => "invalid@test.com"}
+      assert_response :success
+      assert_equal response.body, { }.to_xml
+    end
+  end
+
+  test 'change password with valid parameters in XML format should return valid response' do
+    user = create_user
+    request_forgot_password
+    put user_password_path(:format => 'xml'), :user => {:reset_password_token => user.reload.reset_password_token, :password => '987654321', :password_confirmation => '987654321'}
+    assert_response :success
+    assert warden.authenticated?(:user)
+  end
+
+  test 'change password with invalid token in XML format should return invalid response' do
+    user = create_user
+    request_forgot_password
+    put user_password_path(:format => 'xml'), :user => {:reset_password_token => 'invalid.token', :password => '987654321', :password_confirmation => '987654321'}
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+
+  test 'change password with invalid new password in XML format should return invalid response' do
+    user = create_user
+    request_forgot_password
+    put user_password_path(:format => 'xml'), :user => {:reset_password_token => user.reload.reset_password_token, :password => '', :password_confirmation => '987654321'}
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+
+  test "when using json requests to ask a confirmable request, should not return the object" do
+    user = create_user(:confirm => false)
+
+    post user_password_path(:format => :json), :user => { :email => user.email }
+
+    assert_response :success
+    assert_equal response.body, "{}"
+  end
+
+  test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do
+    swap Devise, :paranoid => true do
+      visit_new_password_path
+      fill_in "email", :with => "arandomemail@test.com"
+      click_button 'Send me reset password instructions'
+
+      assert_not_contain "1 error prohibited this user from being saved:"
+      assert_not_contain "Email not found"
+      assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
+      assert_current_url "/users/sign_in"
+    end
+  end
+
+  test "when in paranoid mode and with a valid e-mail, asking to reset password should display a message that does not indicates that the email exists in the database and redirect to the failure route" do
+    swap Devise, :paranoid => true do
+      user = create_user
+      visit_new_password_path
+      fill_in 'email', :with => user.email
+      click_button 'Send me reset password instructions'
+
+      assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
+      assert_current_url "/users/sign_in"
+    end
+  end
+end

data/test/integration/registerable_test.rb

@@ -0,0 +1,335 @@
+require 'test_helper'
+
+class RegistrationTest < ActionController::IntegrationTest
+
+  test 'a guest admin should be able to sign in successfully' do
+    get new_admin_session_path
+    click_link 'Sign up'
+
+    assert_template 'registrations/new'
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_contain 'Welcome! You have signed up successfully.'
+    assert warden.authenticated?(:admin)
+    assert_current_url "/admin_area/home"
+
+    admin = Admin.last :order => "id"
+    assert_equal admin.email, 'new_user@test.com'
+  end
+
+  test 'a guest admin should be able to sign in and be redirected to a custom location' do
+    Devise::RegistrationsController.any_instance.stubs(:after_sign_up_path_for).returns("/?custom=1")
+    get new_admin_session_path
+    click_link 'Sign up'
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_contain 'Welcome! You have signed up successfully.'
+    assert warden.authenticated?(:admin)
+    assert_current_url "/?custom=1"
+  end
+
+  def user_sign_up
+    ActionMailer::Base.deliveries.clear
+
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+  end
+
+  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
+    user_sign_up
+
+    assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
+    assert_not_contain 'You have to confirm your account before continuing'
+    assert_current_url "/"
+
+    assert_not warden.authenticated?(:user)
+
+    user = User.last :order => "id"
+    assert_equal user.email, 'new_user@test.com'
+    assert_not user.confirmed?
+  end
+
+  test 'a guest user should receive the confirmation instructions from the default mailer' do
+    user_sign_up
+    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
+  end
+
+  test 'a guest user should receive the confirmation instructions from a custom mailer' do
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+    user_sign_up
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
+  end
+
+  test 'a guest user should be blocked by confirmation and redirected to a custom path' do
+    Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1")
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_current_url "/?custom=1"
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'a guest user cannot sign up with invalid information' do
+    # Dirty tracking behavior prevents email validations from being applied:
+    #    https://github.com/mongoid/mongoid/issues/756
+    (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
+
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'invalid_email'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user321'
+    click_button 'Sign up'
+
+    assert_template 'registrations/new'
+    assert_have_selector '#error_explanation'
+    assert_contain "Email is invalid"
+    assert_contain "Password doesn't match confirmation"
+    assert_contain "2 errors prohibited"
+    assert_nil User.first
+
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'a guest should not sign up with email/password that already exists' do
+    # Dirty tracking behavior prevents email validations from being applied:
+    #    https://github.com/mongoid/mongoid/issues/756
+    (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
+
+    user = create_user
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'user@test.com'
+    fill_in 'password', :with => '123456'
+    fill_in 'password confirmation', :with => '123456'
+    click_button 'Sign up'
+
+    assert_current_url '/users'
+    assert_contain(/Email.*already.*taken/)
+
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'a guest should not be able to change account' do
+    get edit_user_registration_path
+    assert_redirected_to new_user_session_path
+    follow_redirect!
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+
+  test 'a signed in user should not be able to access sign up' do
+    sign_in_as_user
+    get new_user_registration_path
+    assert_redirected_to root_path
+  end
+
+  test 'a signed in user should be able to edit his account' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@example.com'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/'
+    assert_contain 'You updated your account successfully.'
+
+    assert_equal "user.new@example.com", User.first.email
+  end
+
+  test 'a signed in user should still be able to use the website after changing his password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => '12345678'
+    fill_in 'password confirmation', :with => '12345678'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_contain 'You updated your account successfully.'
+    get users_path
+    assert warden.authenticated?(:user)
+  end
+
+  test 'a signed in user should not change his current user with invalid password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@example.com'
+    fill_in 'current password', :with => 'invalid'
+    click_button 'Update'
+
+    assert_template 'registrations/edit'
+    assert_contain 'user@test.com'
+    assert_have_selector 'form input[value="user.new@example.com"]'
+
+    assert_equal "user@test.com", User.first.email
+  end
+
+  test 'a signed in user should be able to edit his password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => 'pas123'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/'
+    assert_contain 'You updated your account successfully.'
+
+    assert User.first.valid_password?('pas123')
+  end
+
+  test 'a signed in user should not be able to edit his password with invalid confirmation' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => ''
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_contain "Password doesn't match confirmation"
+    assert_not User.first.valid_password?('pas123')
+  end
+
+  test 'a signed in user should be able to cancel his account' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    click_link "Cancel my account", :method => :delete
+    assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
+
+    assert User.all.empty?
+  end
+
+  test 'a user should be able to cancel sign up by deleting data in the session' do
+    get "/set"
+    assert_equal "something", @request.session["devise.foo_bar"]
+
+    get "/users/sign_up"
+    assert_equal "something", @request.session["devise.foo_bar"]
+
+    get "/users/cancel"
+    assert_nil @request.session["devise.foo_bar"]
+    assert_redirected_to new_user_registration_path
+  end
+
+  test 'a user with XML sign up stub' do
+    get new_user_registration_path(:format => 'xml')
+    assert_response :success
+    assert_match %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>), response.body
+    assert_no_match(/<confirmation-token/, response.body)
+  end
+
+  test 'a user with JSON sign up stub' do
+    get new_user_registration_path(:format => 'json')
+    assert_response :success
+    assert_match %({"user":), response.body
+    assert_no_match(/"confirmation_token"/, response.body)
+  end
+
+  test 'an admin sign up with valid information in XML format should return valid response' do
+    post admin_registration_path(:format => 'xml'), :admin => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' }
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
+
+    admin = Admin.last :order => "id"
+    assert_equal admin.email, 'new_user@test.com'
+  end
+
+  test 'a user sign up with valid information in XML format should return valid response' do
+    post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' }
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+
+    user = User.last :order => "id"
+    assert_equal user.email, 'new_user@test.com'
+  end
+
+  test 'a user sign up with invalid information in XML format should return invalid response' do
+    post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'invalid' }
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+
+  test 'a user update information with valid data in XML format should return valid response' do
+    user = sign_in_as_user
+    put user_registration_path(:format => 'xml'), :user => { :current_password => '123456', :email => 'user.new@test.com' }
+    assert_response :success
+    assert_equal user.reload.email, 'user.new@test.com'
+  end
+
+  test 'a user update information with invalid data in XML format should return invalid response' do
+    user = sign_in_as_user
+    put user_registration_path(:format => 'xml'), :user => { :current_password => 'invalid', :email => 'user.new@test.com' }
+    assert_response :unprocessable_entity
+    assert_equal user.reload.email, 'user@test.com'
+  end
+
+  test 'a user cancel his account in XML format should return valid response' do
+    user = sign_in_as_user
+    delete user_registration_path(:format => 'xml')
+    assert_response :success
+    assert_equal User.count, 0
+  end
+end
+
+class ReconfirmableRegistrationTest < ActionController::IntegrationTest
+  def setup
+    add_unconfirmed_email_column
+    Devise.reconfirmable = true
+  end
+
+  def teardown
+    remove_unconfirmed_email_column
+    Devise.reconfirmable = false
+  end
+
+  test 'a signed in user should see a more appropriate flash message when editing his account if reconfirmable is enabled' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@example.com'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/'
+    assert_contain 'but we need to verify your new email address'
+
+    assert_equal "user.new@example.com", User.first.unconfirmed_email
+  end
+
+  test 'A signed in user should not see a reconfirmation message if they did not change their password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => 'pas123'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/'
+    assert_contain 'You updated your account successfully.'
+
+    assert User.first.valid_password?('pas123')
+  end
+end
+