RubyGems - cm-devise_token_auth - Versions diffs - 0.1.30.1 - Mend

cm-devise_token_auth 0.1.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

checksums.yaml +7 -0
data/LICENSE +13 -0
data/README.md +688 -0
data/Rakefile +34 -0
data/app/controllers/devise_token_auth/application_controller.rb +17 -0
data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +109 -0
data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +171 -0
data/app/controllers/devise_token_auth/passwords_controller.rb +155 -0
data/app/controllers/devise_token_auth/registrations_controller.rb +123 -0
data/app/controllers/devise_token_auth/sessions_controller.rb +98 -0
data/app/controllers/devise_token_auth/token_validations_controller.rb +23 -0
data/app/models/devise_token_auth/concerns/user.rb +231 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
data/app/views/layouts/omniauth_response.html.erb +31 -0
data/config/initializers/devise.rb +203 -0
data/config/locales/devise.en.yml +59 -0
data/config/routes.rb +5 -0
data/lib/devise_token_auth.rb +7 -0
data/lib/devise_token_auth/controllers/helpers.rb +129 -0
data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
data/lib/devise_token_auth/engine.rb +25 -0
data/lib/devise_token_auth/rails/routes.rb +65 -0
data/lib/devise_token_auth/version.rb +3 -0
data/lib/generators/devise_token_auth/USAGE +31 -0
data/lib/generators/devise_token_auth/install_generator.rb +115 -0
data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +54 -0
data/lib/generators/devise_token_auth/templates/user.rb +3 -0
data/lib/tasks/devise_token_auth_tasks.rake +4 -0
data/test/controllers/demo_group_controller_test.rb +126 -0
data/test/controllers/demo_mang_controller_test.rb +263 -0
data/test/controllers/demo_user_controller_test.rb +262 -0
data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +167 -0
data/test/controllers/devise_token_auth/passwords_controller_test.rb +287 -0
data/test/controllers/devise_token_auth/registrations_controller_test.rb +458 -0
data/test/controllers/devise_token_auth/sessions_controller_test.rb +221 -0
data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
data/test/controllers/overrides/passwords_controller_test.rb +62 -0
data/test/controllers/overrides/registrations_controller_test.rb +40 -0
data/test/controllers/overrides/sessions_controller_test.rb +33 -0
data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
data/test/dummy/README.rdoc +28 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/assets/images/logo.jpg +0 -0
data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
data/test/dummy/app/assets/javascripts/application.js +13 -0
data/test/dummy/app/assets/stylesheets/application.css +15 -0
data/test/dummy/app/controllers/application_controller.rb +16 -0
data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
data/test/dummy/app/controllers/overrides/sessions_controller.rb +43 -0
data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
data/test/dummy/app/helpers/application_helper.rb +1065 -0
data/test/dummy/app/models/evil_user.rb +3 -0
data/test/dummy/app/models/mang.rb +3 -0
data/test/dummy/app/models/user.rb +18 -0
data/test/dummy/app/views/layouts/application.html.erb +14 -0
data/test/dummy/bin/bundle +3 -0
data/test/dummy/bin/rails +8 -0
data/test/dummy/bin/rake +8 -0
data/test/dummy/bin/spring +18 -0
data/test/dummy/config.ru +16 -0
data/test/dummy/config/application.rb +23 -0
data/test/dummy/config/application.yml.bk +0 -0
data/test/dummy/config/boot.rb +5 -0
data/test/dummy/config/database.yml +31 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +44 -0
data/test/dummy/config/environments/production.rb +82 -0
data/test/dummy/config/environments/test.rb +40 -0
data/test/dummy/config/initializers/assets.rb +8 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
data/test/dummy/config/initializers/figaro.rb +1 -0
data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/test/dummy/config/initializers/inflections.rb +16 -0
data/test/dummy/config/initializers/mime_types.rb +4 -0
data/test/dummy/config/initializers/omniauth.rb +8 -0
data/test/dummy/config/initializers/session_store.rb +3 -0
data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
data/test/dummy/config/locales/en.yml +23 -0
data/test/dummy/config/routes.rb +30 -0
data/test/dummy/config/secrets.yml +22 -0
data/test/dummy/config/spring.rb +1 -0
data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
data/test/dummy/db/schema.rb +114 -0
data/test/dummy/public/404.html +67 -0
data/test/dummy/public/422.html +67 -0
data/test/dummy/public/500.html +66 -0
data/test/dummy/public/favicon.ico +0 -0
data/test/fixtures/evil_users.yml +29 -0
data/test/fixtures/mangs.yml +29 -0
data/test/fixtures/users.yml +29 -0
data/test/integration/navigation_test.rb +10 -0
data/test/lib/generators/devise_token_auth/install_generator_test.rb +178 -0
data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
data/test/models/user_test.rb +90 -0
data/test/test_helper.rb +60 -0
metadata +310 -0

data/test/dummy/public/422.html ADDED

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <div>
+      <h1>The change you wanted was rejected.</h1>
+      <p>Maybe you tried to change something you didn't have access to.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/500.html ADDED

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <div>
+      <h1>We're sorry, but something went wrong.</h1>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/favicon.ico ADDED

File without changes

data/test/fixtures/evil_users.yml ADDED

@@ -0,0 +1,29 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+confirmed_email_user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  confirmed_at:        '<%= timestamp %>'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @fb_email = Faker::Internet.email %>
+duplicate_email_facebook_user:
+  uid:                 "<%= Faker::Number.number(10) %>"
+  email:               "<%= @fb_email %>"
+  provider:            'facebook'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  confirmed_at:        '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @unconfirmed_email = Faker::Internet.email %>
+unconfirmed_email_user:
+  uid:                 "<%= @unconfirmed_email %>"
+  email:               "<%= @unconfirmed_email %>"
+  provider:            'email'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>

data/test/fixtures/mangs.yml ADDED

@@ -0,0 +1,29 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+confirmed_email_user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  confirmed_at:        '<%= timestamp %>'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= Mang.new.send(:password_digest, 'secret123') %>
+<% @fb_email = Faker::Internet.email %>
+duplicate_email_facebook_user:
+  uid:                 "<%= Faker::Number.number(10) %>"
+  email:               "<%= @fb_email %>"
+  provider:            'facebook'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  confirmed_at:        '<%= timestamp %>'
+  encrypted_password:  <%= Mang.new.send(:password_digest, 'secret123') %>
+<% @unconfirmed_email = Faker::Internet.email %>
+unconfirmed_email_user:
+  uid:                 "<%= @unconfirmed_email %>"
+  email:               "<%= @unconfirmed_email %>"
+  provider:            'email'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= Mang.new.send(:password_digest, 'secret123') %>

data/test/fixtures/users.yml ADDED

@@ -0,0 +1,29 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+confirmed_email_user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  confirmed_at:        '<%= timestamp %>'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @fb_email = Faker::Internet.email %>
+duplicate_email_facebook_user:
+  uid:                 "<%= Faker::Number.number(10) %>"
+  email:               "<%= @fb_email %>"
+  provider:            'facebook'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  confirmed_at:        '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @unconfirmed_email = Faker::Internet.email %>
+unconfirmed_email_user:
+  uid:                 "<%= @unconfirmed_email %>"
+  email:               "<%= @unconfirmed_email %>"
+  provider:            'email'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>

data/test/integration/navigation_test.rb ADDED

@@ -0,0 +1,10 @@
+require 'test_helper'
+class NavigationTest < ActionDispatch::IntegrationTest
+  fixtures :all
+  # test "the truth" do
+  #   assert true
+  # end
+end

data/test/lib/generators/devise_token_auth/install_generator_test.rb ADDED

@@ -0,0 +1,178 @@
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_generator'
+module DeviseTokenAuth
+  class InstallGeneratorTest < Rails::Generators::TestCase
+    tests InstallGenerator
+    destination Rails.root.join('tmp/generators')
+    describe 'default values, clean install' do
+      setup :prepare_destination
+      before do
+        run_generator
+      end
+      test 'user model is created, concern is included' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+      test 'initializer is created' do
+        assert_file 'config/initializers/devise_token_auth.rb'
+      end
+      test 'migration is created' do
+        assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+      end
+      test 'subsequent runs raise no errors' do
+        run_generator
+      end
+    end
+    describe 'existing user model' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, "app", "models")
+        @fname = File.join(@dir, "user.rb")
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+class User < ActiveRecord::Base
+  def whatever
+    puts 'whatever'
+  end
+end
+          RUBY
+        }
+        run_generator
+      end
+      test 'user concern is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/models/user.rb' do |model|
+          matches = model.scan(/include DeviseTokenAuth::Concerns::User/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+    describe 'routes' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, "config")
+        @fname = File.join(@dir, "routes.rb")
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+Rails.application.routes.draw do
+  patch '/chong', to: 'bong#index'
+end
+          RUBY
+        }
+        run_generator
+      end
+      test 'route method is appended to routes file' do
+        assert_file 'config/routes.rb' do |routes|
+          assert_match(/mount_devise_token_auth_for 'User', at: '\/auth'/, routes)
+        end
+      end
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'config/routes.rb' do |routes|
+          matches = routes.scan(/mount_devise_token_auth_for 'User', at: '\/auth'/m).size
+          assert_equal 1, matches
+        end
+      end
+      describe 'subsequent models' do
+        before do
+          run_generator %w(Mang /mangs)
+        end
+        test 'migration is created' do
+          assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
+        end
+        test 'route method is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/mount_devise_token_auth_for 'Mang', at: '\/mangs'/, routes)
+          end
+        end
+        test 'devise_for block is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/as :mang do/, routes)
+            assert_match(/# Define routes for Mang within this block./, routes)
+          end
+        end
+      end
+    end
+    describe 'application controller' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, "app", "controllers")
+        @fname = File.join(@dir, "application_controller.rb")
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+class ApplicationController < ActionController::Base
+  respond_to :json
+  def whatever
+    'whatever'
+  end
+end
+          RUBY
+        }
+        run_generator
+      end
+      test 'controller concern is appended to application controller' do
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
+        end
+      end
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+  end
+end

data/test/lib/generators/devise_token_auth/install_views_generator_test.rb ADDED

@@ -0,0 +1,23 @@
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_views_generator'
+module DeviseTokenAuth
+  class InstallViewsGeneratorTest < Rails::Generators::TestCase
+    tests InstallViewsGenerator
+    destination Rails.root.join('tmp/generators')
+    describe 'default values, clean install' do
+      setup :prepare_destination
+      before do
+        run_generator
+      end
+      test "files are copied" do
+        assert_file 'app/views/devise/mailer/reset_password_instructions.html.erb'
+        assert_file 'app/views/devise/mailer/confirmation_instructions.html.erb'
+      end
+    end
+  end
+end

data/test/models/user_test.rb ADDED

@@ -0,0 +1,90 @@
+require 'test_helper'
+class UserTest < ActiveSupport::TestCase
+  describe User do
+    before do
+      @password    = Faker::Internet.password(10, 20)
+      @email       = Faker::Internet.email
+      @success_url = Faker::Internet.url
+      @resource    = User.new()
+    end
+    describe 'serialization' do
+      test 'hash should not include sensitive info' do
+        refute @resource.as_json[:tokens]
+      end
+    end
+    describe 'creation' do
+      test 'save fails if uid is missing' do
+        @resource.uid = nil
+        @resource.save
+        assert @resource.errors.messages[:uid]
+      end
+    end
+    describe 'email registration' do
+      test 'model should not save if email is blank' do
+        @resource.provider              = 'email'
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+        refute @resource.save
+        assert @resource.errors.messages[:email]
+      end
+    end
+    describe 'oauth2 authentication' do
+      test 'model should save even if email is blank' do
+        @resource.provider              = 'facebook'
+        @resource.uid                   = 123
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+        assert @resource.save
+        refute @resource.errors.messages[:email]
+      end
+    end
+    describe 'token expiry' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+        @auth_headers = @resource.create_new_auth_token
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+      end
+      test 'should properly indicate whether token is current' do
+        assert @resource.token_is_current?(@token, @client_id)
+        # we want to update the expiry without forcing a cleanup (see below)
+        @resource.tokens[@client_id]['expiry'] = Time.now.to_i - 10.seconds
+        refute @resource.token_is_current?(@token, @client_id)
+      end
+    end
+    describe 'expired tokens are destroyed on save' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+        @old_auth_headers = @resource.create_new_auth_token
+        @new_auth_headers = @resource.create_new_auth_token
+        expire_token(@resource, @old_auth_headers['client'])
+      end
+      test 'expired token was removed' do
+        refute @resource.tokens[@old_auth_headers['client']]
+      end
+      test 'current token was not removed' do
+        assert @resource.tokens[@new_auth_headers['client']]
+      end
+    end
+  end
+end