cm-devise_token_auth 0.1.30.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +13 -0
- data/README.md +688 -0
- data/Rakefile +34 -0
- data/app/controllers/devise_token_auth/application_controller.rb +17 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +109 -0
- data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +171 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +155 -0
- data/app/controllers/devise_token_auth/registrations_controller.rb +123 -0
- data/app/controllers/devise_token_auth/sessions_controller.rb +98 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +23 -0
- data/app/models/devise_token_auth/concerns/user.rb +231 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
- data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
- data/app/views/layouts/omniauth_response.html.erb +31 -0
- data/config/initializers/devise.rb +203 -0
- data/config/locales/devise.en.yml +59 -0
- data/config/routes.rb +5 -0
- data/lib/devise_token_auth.rb +7 -0
- data/lib/devise_token_auth/controllers/helpers.rb +129 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
- data/lib/devise_token_auth/engine.rb +25 -0
- data/lib/devise_token_auth/rails/routes.rb +65 -0
- data/lib/devise_token_auth/version.rb +3 -0
- data/lib/generators/devise_token_auth/USAGE +31 -0
- data/lib/generators/devise_token_auth/install_generator.rb +115 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +54 -0
- data/lib/generators/devise_token_auth/templates/user.rb +3 -0
- data/lib/tasks/devise_token_auth_tasks.rake +4 -0
- data/test/controllers/demo_group_controller_test.rb +126 -0
- data/test/controllers/demo_mang_controller_test.rb +263 -0
- data/test/controllers/demo_user_controller_test.rb +262 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +167 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +287 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +458 -0
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +221 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
- data/test/controllers/overrides/passwords_controller_test.rb +62 -0
- data/test/controllers/overrides/registrations_controller_test.rb +40 -0
- data/test/controllers/overrides/sessions_controller_test.rb +33 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/Rakefile +6 -0
- data/test/dummy/app/assets/images/logo.jpg +0 -0
- data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/stylesheets/application.css +15 -0
- data/test/dummy/app/controllers/application_controller.rb +16 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +43 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
- data/test/dummy/app/helpers/application_helper.rb +1065 -0
- data/test/dummy/app/models/evil_user.rb +3 -0
- data/test/dummy/app/models/mang.rb +3 -0
- data/test/dummy/app/models/user.rb +18 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +8 -0
- data/test/dummy/bin/rake +8 -0
- data/test/dummy/bin/spring +18 -0
- data/test/dummy/config.ru +16 -0
- data/test/dummy/config/application.rb +23 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +5 -0
- data/test/dummy/config/database.yml +31 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +44 -0
- data/test/dummy/config/environments/production.rb +82 -0
- data/test/dummy/config/environments/test.rb +40 -0
- data/test/dummy/config/initializers/assets.rb +8 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
- data/test/dummy/config/initializers/figaro.rb +1 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +16 -0
- data/test/dummy/config/initializers/mime_types.rb +4 -0
- data/test/dummy/config/initializers/omniauth.rb +8 -0
- data/test/dummy/config/initializers/session_store.rb +3 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +23 -0
- data/test/dummy/config/routes.rb +30 -0
- data/test/dummy/config/secrets.yml +22 -0
- data/test/dummy/config/spring.rb +1 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
- data/test/dummy/db/schema.rb +114 -0
- data/test/dummy/public/404.html +67 -0
- data/test/dummy/public/422.html +67 -0
- data/test/dummy/public/500.html +66 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/fixtures/evil_users.yml +29 -0
- data/test/fixtures/mangs.yml +29 -0
- data/test/fixtures/users.yml +29 -0
- data/test/integration/navigation_test.rb +10 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +178 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
- data/test/models/user_test.rb +90 -0
- data/test/test_helper.rb +60 -0
- metadata +310 -0
@@ -0,0 +1,263 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe DemoMangController do
|
11
|
+
describe "Token access" do
|
12
|
+
before do
|
13
|
+
@resource = mangs(:confirmed_email_user)
|
14
|
+
@resource.skip_confirmation!
|
15
|
+
@resource.save!
|
16
|
+
|
17
|
+
@auth_headers = @resource.create_new_auth_token
|
18
|
+
|
19
|
+
@token = @auth_headers['access-token']
|
20
|
+
@client_id = @auth_headers['client']
|
21
|
+
@expiry = @auth_headers['expiry']
|
22
|
+
end
|
23
|
+
|
24
|
+
describe 'successful request' do
|
25
|
+
before do
|
26
|
+
# ensure that request is not treated as batch request
|
27
|
+
age_token(@resource, @client_id)
|
28
|
+
|
29
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
30
|
+
|
31
|
+
@resp_token = response.headers['access-token']
|
32
|
+
@resp_client_id = response.headers['client']
|
33
|
+
@resp_expiry = response.headers['expiry']
|
34
|
+
@resp_uid = response.headers['uid']
|
35
|
+
end
|
36
|
+
|
37
|
+
describe 'devise mappings' do
|
38
|
+
it 'should define current_mang' do
|
39
|
+
assert_equal @resource, @controller.current_mang
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should define mang_signed_in?' do
|
43
|
+
assert @controller.mang_signed_in?
|
44
|
+
end
|
45
|
+
|
46
|
+
it 'should not define current_user' do
|
47
|
+
refute_equal @resource, @controller.current_user
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
it 'should return success status' do
|
52
|
+
assert_equal 200, response.status
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should receive new token after successful request' do
|
56
|
+
refute_equal @token, @resp_token
|
57
|
+
end
|
58
|
+
|
59
|
+
it 'should preserve the client id from the first request' do
|
60
|
+
assert_equal @client_id, @resp_client_id
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should return the user's uid in the auth header" do
|
64
|
+
assert_equal @resource.uid, @resp_uid
|
65
|
+
end
|
66
|
+
|
67
|
+
it 'should not treat this request as a batch request' do
|
68
|
+
refute assigns(:is_batch_request)
|
69
|
+
end
|
70
|
+
|
71
|
+
describe 'subsequent requests' do
|
72
|
+
before do
|
73
|
+
@resource.reload
|
74
|
+
# ensure that request is not treated as batch request
|
75
|
+
age_token(@resource, @client_id)
|
76
|
+
|
77
|
+
get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => @resp_token})
|
78
|
+
end
|
79
|
+
|
80
|
+
it 'should not treat this request as a batch request' do
|
81
|
+
refute assigns(:is_batch_request)
|
82
|
+
end
|
83
|
+
|
84
|
+
it "should allow a new request to be made using new token" do
|
85
|
+
assert_equal 200, response.status
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
describe 'failed request' do
|
91
|
+
before do
|
92
|
+
get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => "bogus"})
|
93
|
+
end
|
94
|
+
|
95
|
+
it 'should not return any auth headers' do
|
96
|
+
refute response.headers['access-token']
|
97
|
+
end
|
98
|
+
|
99
|
+
it 'should return error: unauthorized status' do
|
100
|
+
assert_equal 401, response.status
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
describe 'disable change_headers_on_each_request' do
|
105
|
+
before do
|
106
|
+
DeviseTokenAuth.change_headers_on_each_request = false
|
107
|
+
@resource.reload
|
108
|
+
age_token(@resource, @client_id)
|
109
|
+
|
110
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
111
|
+
|
112
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
113
|
+
@first_user = assigns(:resource).dup
|
114
|
+
@first_access_token = response.headers['access-token']
|
115
|
+
@first_response_status = response.status
|
116
|
+
|
117
|
+
@resource.reload
|
118
|
+
age_token(@resource, @client_id)
|
119
|
+
|
120
|
+
# use expired auth header
|
121
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
122
|
+
|
123
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
124
|
+
@second_user = assigns(:resource).dup
|
125
|
+
@second_access_token = response.headers['access-token']
|
126
|
+
@second_response_status = response.status
|
127
|
+
end
|
128
|
+
|
129
|
+
after do
|
130
|
+
DeviseTokenAuth.change_headers_on_each_request = true
|
131
|
+
end
|
132
|
+
|
133
|
+
it 'should allow the first request through' do
|
134
|
+
assert_equal 200, @first_response_status
|
135
|
+
end
|
136
|
+
|
137
|
+
it 'should allow the second request through' do
|
138
|
+
assert_equal 200, @second_response_status
|
139
|
+
end
|
140
|
+
|
141
|
+
it 'should return auth headers from the first request' do
|
142
|
+
assert @first_access_token
|
143
|
+
end
|
144
|
+
|
145
|
+
it 'should not treat either requests as batch requests' do
|
146
|
+
refute @first_is_batch_request
|
147
|
+
refute @second_is_batch_request
|
148
|
+
end
|
149
|
+
|
150
|
+
it 'should return auth headers from the second request' do
|
151
|
+
assert @second_access_token
|
152
|
+
end
|
153
|
+
|
154
|
+
it 'should define user during first request' do
|
155
|
+
assert @first_user
|
156
|
+
end
|
157
|
+
|
158
|
+
it 'should define user during second request' do
|
159
|
+
assert @second_user
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
describe 'batch requests' do
|
164
|
+
describe 'success' do
|
165
|
+
before do
|
166
|
+
age_token(@resource, @client_id)
|
167
|
+
#request.headers.merge!(@auth_headers)
|
168
|
+
|
169
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
170
|
+
|
171
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
172
|
+
@first_user = assigns(:resource)
|
173
|
+
@first_access_token = response.headers['access-token']
|
174
|
+
|
175
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
176
|
+
|
177
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
178
|
+
@second_user = assigns(:resource)
|
179
|
+
@second_access_token = response.headers['access-token']
|
180
|
+
end
|
181
|
+
|
182
|
+
it 'should allow both requests through' do
|
183
|
+
assert_equal 200, response.status
|
184
|
+
end
|
185
|
+
|
186
|
+
it 'should not treat the first request as a batch request' do
|
187
|
+
refute @first_is_batch_request
|
188
|
+
end
|
189
|
+
|
190
|
+
it 'should treat the second request as a batch request' do
|
191
|
+
assert @second_is_batch_request
|
192
|
+
end
|
193
|
+
|
194
|
+
it 'should return access token for first (non-batch) request' do
|
195
|
+
assert @first_access_token
|
196
|
+
end
|
197
|
+
|
198
|
+
it 'should not return auth headers for second (batched) requests' do
|
199
|
+
refute @second_access_token
|
200
|
+
end
|
201
|
+
end
|
202
|
+
|
203
|
+
describe 'time out' do
|
204
|
+
before do
|
205
|
+
@resource.reload
|
206
|
+
age_token(@resource, @client_id)
|
207
|
+
|
208
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
209
|
+
|
210
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
211
|
+
@first_user = assigns(:resource).dup
|
212
|
+
@first_access_token = response.headers['access-token']
|
213
|
+
@first_response_status = response.status
|
214
|
+
|
215
|
+
@resource.reload
|
216
|
+
age_token(@resource, @client_id)
|
217
|
+
|
218
|
+
# use expired auth header
|
219
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
220
|
+
|
221
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
222
|
+
@second_user = assigns(:resource)
|
223
|
+
@second_access_token = response.headers['access-token']
|
224
|
+
@second_response_status = response.status
|
225
|
+
end
|
226
|
+
|
227
|
+
it 'should allow the first request through' do
|
228
|
+
assert_equal 200, @first_response_status
|
229
|
+
end
|
230
|
+
|
231
|
+
it 'should not allow the second request through' do
|
232
|
+
assert_equal 401, @second_response_status
|
233
|
+
end
|
234
|
+
|
235
|
+
it 'should not treat first request as batch request' do
|
236
|
+
refute @secord_is_batch_request
|
237
|
+
end
|
238
|
+
|
239
|
+
it 'should return auth headers from the first request' do
|
240
|
+
assert @first_access_token
|
241
|
+
end
|
242
|
+
|
243
|
+
it 'should not treat second request as batch request' do
|
244
|
+
refute @secord_is_batch_request
|
245
|
+
end
|
246
|
+
|
247
|
+
it 'should not return auth headers from the second request' do
|
248
|
+
refute @second_access_token
|
249
|
+
end
|
250
|
+
|
251
|
+
it 'should define user during first request' do
|
252
|
+
assert @first_user
|
253
|
+
end
|
254
|
+
|
255
|
+
it 'should not define user during second request' do
|
256
|
+
refute @second_user
|
257
|
+
end
|
258
|
+
end
|
259
|
+
end
|
260
|
+
end
|
261
|
+
end
|
262
|
+
end
|
263
|
+
|
@@ -0,0 +1,262 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe DemoUserController do
|
11
|
+
describe "Token access" do
|
12
|
+
before do
|
13
|
+
@resource = users(:confirmed_email_user)
|
14
|
+
@resource.skip_confirmation!
|
15
|
+
@resource.save!
|
16
|
+
|
17
|
+
@auth_headers = @resource.create_new_auth_token
|
18
|
+
|
19
|
+
@token = @auth_headers['access-token']
|
20
|
+
@client_id = @auth_headers['client']
|
21
|
+
@expiry = @auth_headers['expiry']
|
22
|
+
end
|
23
|
+
|
24
|
+
describe 'successful request' do
|
25
|
+
before do
|
26
|
+
# ensure that request is not treated as batch request
|
27
|
+
age_token(@resource, @client_id)
|
28
|
+
|
29
|
+
get '/demo/members_only', {}, @auth_headers
|
30
|
+
|
31
|
+
@resp_token = response.headers['access-token']
|
32
|
+
@resp_client_id = response.headers['client']
|
33
|
+
@resp_expiry = response.headers['expiry']
|
34
|
+
@resp_uid = response.headers['uid']
|
35
|
+
end
|
36
|
+
|
37
|
+
describe 'devise mappings' do
|
38
|
+
it 'should define current_user' do
|
39
|
+
assert_equal @resource, @controller.current_user
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should define user_signed_in?' do
|
43
|
+
assert @controller.user_signed_in?
|
44
|
+
end
|
45
|
+
|
46
|
+
it 'should not define current_mang' do
|
47
|
+
refute_equal @resource, @controller.current_mang
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
it 'should return success status' do
|
52
|
+
assert_equal 200, response.status
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should receive new token after successful request' do
|
56
|
+
refute_equal @token, @resp_token
|
57
|
+
end
|
58
|
+
|
59
|
+
it 'should preserve the client id from the first request' do
|
60
|
+
assert_equal @client_id, @resp_client_id
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should return the user's uid in the auth header" do
|
64
|
+
assert_equal @resource.uid, @resp_uid
|
65
|
+
end
|
66
|
+
|
67
|
+
it 'should not treat this request as a batch request' do
|
68
|
+
refute assigns(:is_batch_request)
|
69
|
+
end
|
70
|
+
|
71
|
+
describe 'subsequent requests' do
|
72
|
+
before do
|
73
|
+
@resource.reload
|
74
|
+
# ensure that request is not treated as batch request
|
75
|
+
age_token(@resource, @client_id)
|
76
|
+
|
77
|
+
get '/demo/members_only', {}, @auth_headers.merge({'access-token' => @resp_token})
|
78
|
+
end
|
79
|
+
|
80
|
+
it 'should not treat this request as a batch request' do
|
81
|
+
refute assigns(:is_batch_request)
|
82
|
+
end
|
83
|
+
|
84
|
+
it "should allow a new request to be made using new token" do
|
85
|
+
assert_equal 200, response.status
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
describe 'failed request' do
|
91
|
+
before do
|
92
|
+
get '/demo/members_only', {}, @auth_headers.merge({'access-token' => "bogus"})
|
93
|
+
end
|
94
|
+
|
95
|
+
it 'should not return any auth headers' do
|
96
|
+
refute response.headers['access-token']
|
97
|
+
end
|
98
|
+
|
99
|
+
it 'should return error: unauthorized status' do
|
100
|
+
assert_equal 401, response.status
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
describe 'disable change_headers_on_each_request' do
|
105
|
+
before do
|
106
|
+
DeviseTokenAuth.change_headers_on_each_request = false
|
107
|
+
@resource.reload
|
108
|
+
age_token(@resource, @client_id)
|
109
|
+
|
110
|
+
get '/demo/members_only', {}, @auth_headers
|
111
|
+
|
112
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
113
|
+
@first_user = assigns(:resource).dup
|
114
|
+
@first_access_token = response.headers['access-token']
|
115
|
+
@first_response_status = response.status
|
116
|
+
|
117
|
+
@resource.reload
|
118
|
+
age_token(@resource, @client_id)
|
119
|
+
|
120
|
+
# use expired auth header
|
121
|
+
get '/demo/members_only', {}, @auth_headers
|
122
|
+
|
123
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
124
|
+
@second_user = assigns(:resource).dup
|
125
|
+
@second_access_token = response.headers['access-token']
|
126
|
+
@second_response_status = response.status
|
127
|
+
end
|
128
|
+
|
129
|
+
after do
|
130
|
+
DeviseTokenAuth.change_headers_on_each_request = true
|
131
|
+
end
|
132
|
+
|
133
|
+
it 'should allow the first request through' do
|
134
|
+
assert_equal 200, @first_response_status
|
135
|
+
end
|
136
|
+
|
137
|
+
it 'should allow the second request through' do
|
138
|
+
assert_equal 200, @second_response_status
|
139
|
+
end
|
140
|
+
|
141
|
+
it 'should return auth headers from the first request' do
|
142
|
+
assert @first_access_token
|
143
|
+
end
|
144
|
+
|
145
|
+
it 'should not treat either requests as batch requests' do
|
146
|
+
refute @first_is_batch_request
|
147
|
+
refute @second_is_batch_request
|
148
|
+
end
|
149
|
+
|
150
|
+
it 'should return auth headers from the second request' do
|
151
|
+
assert @second_access_token
|
152
|
+
end
|
153
|
+
|
154
|
+
it 'should define user during first request' do
|
155
|
+
assert @first_user
|
156
|
+
end
|
157
|
+
|
158
|
+
it 'should define user during second request' do
|
159
|
+
assert @second_user
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
describe 'batch requests' do
|
164
|
+
describe 'success' do
|
165
|
+
before do
|
166
|
+
age_token(@resource, @client_id)
|
167
|
+
#request.headers.merge!(@auth_headers)
|
168
|
+
|
169
|
+
get '/demo/members_only', {}, @auth_headers
|
170
|
+
|
171
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
172
|
+
@first_user = assigns(:resource)
|
173
|
+
@first_access_token = response.headers['access-token']
|
174
|
+
|
175
|
+
get '/demo/members_only', {}, @auth_headers
|
176
|
+
|
177
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
178
|
+
@second_user = assigns(:resource)
|
179
|
+
@second_access_token = response.headers['access-token']
|
180
|
+
end
|
181
|
+
|
182
|
+
it 'should allow both requests through' do
|
183
|
+
assert_equal 200, response.status
|
184
|
+
end
|
185
|
+
|
186
|
+
it 'should not treat the first request as a batch request' do
|
187
|
+
refute @first_is_batch_request
|
188
|
+
end
|
189
|
+
|
190
|
+
it 'should treat the second request as a batch request' do
|
191
|
+
assert @second_is_batch_request
|
192
|
+
end
|
193
|
+
|
194
|
+
it 'should return access token for first (non-batch) request' do
|
195
|
+
assert @first_access_token
|
196
|
+
end
|
197
|
+
|
198
|
+
it 'should not return auth headers for second (batched) requests' do
|
199
|
+
refute @second_access_token
|
200
|
+
end
|
201
|
+
end
|
202
|
+
|
203
|
+
describe 'time out' do
|
204
|
+
before do
|
205
|
+
@resource.reload
|
206
|
+
age_token(@resource, @client_id)
|
207
|
+
|
208
|
+
get '/demo/members_only', {}, @auth_headers
|
209
|
+
|
210
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
211
|
+
@first_user = assigns(:resource).dup
|
212
|
+
@first_access_token = response.headers['access-token']
|
213
|
+
@first_response_status = response.status
|
214
|
+
|
215
|
+
@resource.reload
|
216
|
+
age_token(@resource, @client_id)
|
217
|
+
|
218
|
+
# use expired auth header
|
219
|
+
get '/demo/members_only', {}, @auth_headers
|
220
|
+
|
221
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
222
|
+
@second_user = assigns(:resource)
|
223
|
+
@second_access_token = response.headers['access-token']
|
224
|
+
@second_response_status = response.status
|
225
|
+
end
|
226
|
+
|
227
|
+
it 'should allow the first request through' do
|
228
|
+
assert_equal 200, @first_response_status
|
229
|
+
end
|
230
|
+
|
231
|
+
it 'should not allow the second request through' do
|
232
|
+
assert_equal 401, @second_response_status
|
233
|
+
end
|
234
|
+
|
235
|
+
it 'should not treat first request as batch request' do
|
236
|
+
refute @secord_is_batch_request
|
237
|
+
end
|
238
|
+
|
239
|
+
it 'should return auth headers from the first request' do
|
240
|
+
assert @first_access_token
|
241
|
+
end
|
242
|
+
|
243
|
+
it 'should not treat second request as batch request' do
|
244
|
+
refute @secord_is_batch_request
|
245
|
+
end
|
246
|
+
|
247
|
+
it 'should not return auth headers from the second request' do
|
248
|
+
refute @second_access_token
|
249
|
+
end
|
250
|
+
|
251
|
+
it 'should define user during first request' do
|
252
|
+
assert @first_user
|
253
|
+
end
|
254
|
+
|
255
|
+
it 'should not define user during second request' do
|
256
|
+
refute @second_user
|
257
|
+
end
|
258
|
+
end
|
259
|
+
end
|
260
|
+
end
|
261
|
+
end
|
262
|
+
end
|