cm-devise_token_auth 0.1.30.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +13 -0
- data/README.md +688 -0
- data/Rakefile +34 -0
- data/app/controllers/devise_token_auth/application_controller.rb +17 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +109 -0
- data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +171 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +155 -0
- data/app/controllers/devise_token_auth/registrations_controller.rb +123 -0
- data/app/controllers/devise_token_auth/sessions_controller.rb +98 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +23 -0
- data/app/models/devise_token_auth/concerns/user.rb +231 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
- data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
- data/app/views/layouts/omniauth_response.html.erb +31 -0
- data/config/initializers/devise.rb +203 -0
- data/config/locales/devise.en.yml +59 -0
- data/config/routes.rb +5 -0
- data/lib/devise_token_auth.rb +7 -0
- data/lib/devise_token_auth/controllers/helpers.rb +129 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
- data/lib/devise_token_auth/engine.rb +25 -0
- data/lib/devise_token_auth/rails/routes.rb +65 -0
- data/lib/devise_token_auth/version.rb +3 -0
- data/lib/generators/devise_token_auth/USAGE +31 -0
- data/lib/generators/devise_token_auth/install_generator.rb +115 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +54 -0
- data/lib/generators/devise_token_auth/templates/user.rb +3 -0
- data/lib/tasks/devise_token_auth_tasks.rake +4 -0
- data/test/controllers/demo_group_controller_test.rb +126 -0
- data/test/controllers/demo_mang_controller_test.rb +263 -0
- data/test/controllers/demo_user_controller_test.rb +262 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +167 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +287 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +458 -0
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +221 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
- data/test/controllers/overrides/passwords_controller_test.rb +62 -0
- data/test/controllers/overrides/registrations_controller_test.rb +40 -0
- data/test/controllers/overrides/sessions_controller_test.rb +33 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/Rakefile +6 -0
- data/test/dummy/app/assets/images/logo.jpg +0 -0
- data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/stylesheets/application.css +15 -0
- data/test/dummy/app/controllers/application_controller.rb +16 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +43 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
- data/test/dummy/app/helpers/application_helper.rb +1065 -0
- data/test/dummy/app/models/evil_user.rb +3 -0
- data/test/dummy/app/models/mang.rb +3 -0
- data/test/dummy/app/models/user.rb +18 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +8 -0
- data/test/dummy/bin/rake +8 -0
- data/test/dummy/bin/spring +18 -0
- data/test/dummy/config.ru +16 -0
- data/test/dummy/config/application.rb +23 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +5 -0
- data/test/dummy/config/database.yml +31 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +44 -0
- data/test/dummy/config/environments/production.rb +82 -0
- data/test/dummy/config/environments/test.rb +40 -0
- data/test/dummy/config/initializers/assets.rb +8 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
- data/test/dummy/config/initializers/figaro.rb +1 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +16 -0
- data/test/dummy/config/initializers/mime_types.rb +4 -0
- data/test/dummy/config/initializers/omniauth.rb +8 -0
- data/test/dummy/config/initializers/session_store.rb +3 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +23 -0
- data/test/dummy/config/routes.rb +30 -0
- data/test/dummy/config/secrets.yml +22 -0
- data/test/dummy/config/spring.rb +1 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
- data/test/dummy/db/schema.rb +114 -0
- data/test/dummy/public/404.html +67 -0
- data/test/dummy/public/422.html +67 -0
- data/test/dummy/public/500.html +66 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/fixtures/evil_users.yml +29 -0
- data/test/fixtures/mangs.yml +29 -0
- data/test/fixtures/users.yml +29 -0
- data/test/integration/navigation_test.rb +10 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +178 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
- data/test/models/user_test.rb +90 -0
- data/test/test_helper.rb +60 -0
- metadata +310 -0
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
# was the web request successful?
|
|
4
|
+
# was the user redirected to the right page?
|
|
5
|
+
# was the user successfully authenticated?
|
|
6
|
+
# was the correct object stored in the response?
|
|
7
|
+
# was the appropriate message delivered in the json payload?
|
|
8
|
+
|
|
9
|
+
class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
10
|
+
describe DeviseTokenAuth::ConfirmationsController do
|
|
11
|
+
describe "Confirmation" do
|
|
12
|
+
before do
|
|
13
|
+
@redirect_url = Faker::Internet.url
|
|
14
|
+
@new_user = users(:unconfirmed_email_user)
|
|
15
|
+
@new_user.send_confirmation_instructions({
|
|
16
|
+
redirect_url: @redirect_url
|
|
17
|
+
})
|
|
18
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
19
|
+
@token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
|
|
20
|
+
@client_config = @mail.body.match(/config=([^&]*)&/)[1]
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
test 'should generate raw token' do
|
|
24
|
+
assert @token
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
test "should include config name as 'default' in confirmation link" do
|
|
28
|
+
assert_equal "default", @client_config
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
test "should store token hash in user" do
|
|
32
|
+
assert @new_user.confirmation_token
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
describe "success" do
|
|
36
|
+
before do
|
|
37
|
+
xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url}
|
|
38
|
+
@resource = assigns(:resource)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
test "user should now be confirmed" do
|
|
42
|
+
assert @resource.confirmed?
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
test "should redirect to success url" do
|
|
46
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
describe "failure" do
|
|
51
|
+
test "user should not be confirmed" do
|
|
52
|
+
assert_raises(ActionController::RoutingError) {
|
|
53
|
+
xhr :get, :show, {confirmation_token: "bogus"}
|
|
54
|
+
}
|
|
55
|
+
@resource = assigns(:resource)
|
|
56
|
+
refute @resource.confirmed?
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
# test with non-standard user class
|
|
62
|
+
describe "Alternate user model" do
|
|
63
|
+
setup do
|
|
64
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
teardown do
|
|
68
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
before do
|
|
72
|
+
@config_name = "altUser"
|
|
73
|
+
@new_user = mangs(:unconfirmed_email_user)
|
|
74
|
+
|
|
75
|
+
@new_user.send_confirmation_instructions(client_config: @config_name)
|
|
76
|
+
|
|
77
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
78
|
+
@token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
|
|
79
|
+
@client_config = @mail.body.match(/config=(.*)\&/)[1]
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
test 'should generate raw token' do
|
|
83
|
+
assert @token
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
test "should include config name in confirmation link" do
|
|
87
|
+
assert_equal @config_name, @client_config
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
test "should store token hash in user" do
|
|
91
|
+
assert @new_user.confirmation_token
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
describe "success" do
|
|
95
|
+
before do
|
|
96
|
+
@redirect_url = Faker::Internet.url
|
|
97
|
+
xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url}
|
|
98
|
+
@resource = assigns(:resource)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
test "user should now be confirmed" do
|
|
102
|
+
assert @resource.confirmed?
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
end
|
|
@@ -0,0 +1,167 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
# was the web request successful?
|
|
4
|
+
# was the user redirected to the right page?
|
|
5
|
+
# was the user successfully authenticated?
|
|
6
|
+
# was the correct object stored in the response?
|
|
7
|
+
# was the appropriate message delivered in the json payload?
|
|
8
|
+
|
|
9
|
+
class OmniauthTest < ActionDispatch::IntegrationTest
|
|
10
|
+
setup do
|
|
11
|
+
OmniAuth.config.test_mode = true
|
|
12
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
|
|
13
|
+
:provider => 'facebook',
|
|
14
|
+
:uid => '123545',
|
|
15
|
+
:info => {
|
|
16
|
+
name: 'chong',
|
|
17
|
+
email: 'chongbong@aol.com'
|
|
18
|
+
}
|
|
19
|
+
})
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
before do
|
|
23
|
+
@redirect_url = "http://ng-token-auth.dev/"
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
describe 'default user model' do
|
|
27
|
+
describe 'from api to provider' do
|
|
28
|
+
before do
|
|
29
|
+
get_via_redirect '/auth/facebook', {
|
|
30
|
+
auth_origin_url: @redirect_url
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
@resource = assigns(:resource)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
test 'status should be success' do
|
|
37
|
+
assert_equal 200, response.status
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
test 'request should determine the correct resource_class' do
|
|
41
|
+
assert_equal 'User', controller.omniauth_params['resource_class']
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
test 'request should pass correct redirect_url' do
|
|
45
|
+
assert_equal @redirect_url, controller.omniauth_params['auth_origin_url']
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
test 'user should have been created' do
|
|
49
|
+
assert @resource
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
test 'user should be assigned info from provider' do
|
|
53
|
+
assert_equal 'chongbong@aol.com', @resource.email
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
test 'user should be of the correct class' do
|
|
57
|
+
assert_equal User, @resource.class
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
test 'response contains all serializable attributes for user' do
|
|
61
|
+
post_message = JSON.parse(/postMessage\((?<data>.*), '\*'\);/m.match(response.body)[:data])
|
|
62
|
+
|
|
63
|
+
assert post_message["id"]
|
|
64
|
+
assert post_message["email"]
|
|
65
|
+
assert post_message["uid"]
|
|
66
|
+
assert post_message["name"]
|
|
67
|
+
assert post_message["favorite_color"]
|
|
68
|
+
assert post_message["message"]
|
|
69
|
+
assert post_message["client_id"]
|
|
70
|
+
assert post_message["auth_token"]
|
|
71
|
+
refute post_message["tokens"]
|
|
72
|
+
refute post_message["password"]
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
test 'session vars have been cleared' do
|
|
76
|
+
refute request.session['dta.omniauth.auth']
|
|
77
|
+
refute request.session['dta.omniauth.params']
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
describe 'trackable' do
|
|
81
|
+
test 'sign_in_count incrementns' do
|
|
82
|
+
assert @resource.sign_in_count > 0
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
test 'current_sign_in_at is updated' do
|
|
86
|
+
assert @resource.current_sign_in_at
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
test 'last_sign_in_at is updated' do
|
|
90
|
+
assert @resource.last_sign_in_at
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
test 'sign_in_ip is updated' do
|
|
94
|
+
assert @resource.current_sign_in_ip
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
test 'last_sign_in_ip is updated' do
|
|
98
|
+
assert @resource.last_sign_in_ip
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
describe 'pass additional params' do
|
|
105
|
+
before do
|
|
106
|
+
@fav_color = 'alizarin crimson'
|
|
107
|
+
@unpermitted_param = "M. Bison"
|
|
108
|
+
get_via_redirect '/auth/facebook', {
|
|
109
|
+
auth_origin_url: @redirect_url,
|
|
110
|
+
favorite_color: @fav_color,
|
|
111
|
+
name: @unpermitted_param
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
@resource = assigns(:resource)
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
test 'status shows success' do
|
|
118
|
+
assert_equal 200, response.status
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
test 'additional attribute was passed' do
|
|
122
|
+
assert_equal @fav_color, @resource.favorite_color
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
test 'non-whitelisted attributes are ignored' do
|
|
126
|
+
refute_equal @unpermitted_param, @resource.name
|
|
127
|
+
end
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
|
|
132
|
+
describe 'alternate user model' do
|
|
133
|
+
describe 'from api to provider' do
|
|
134
|
+
before do
|
|
135
|
+
get_via_redirect '/mangs/facebook', {
|
|
136
|
+
auth_origin_url: @redirect_url
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
@resource = assigns(:resource)
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
test 'status should be success' do
|
|
143
|
+
assert_equal 200, response.status
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
test 'request should determine the correct resource_class' do
|
|
147
|
+
assert_equal 'Mang', controller.omniauth_params['resource_class']
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
test 'request should pass correct redirect_url' do
|
|
151
|
+
assert_equal @redirect_url, controller.omniauth_params['auth_origin_url']
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
test 'user should have been created' do
|
|
155
|
+
assert @resource
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
test 'user should be assigned info from provider' do
|
|
159
|
+
assert_equal 'chongbong@aol.com', @resource.email
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
test 'user should be of the correct class' do
|
|
163
|
+
assert_equal Mang, @resource.class
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
end
|
|
167
|
+
end
|
|
@@ -0,0 +1,287 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
# was the web request successful?
|
|
4
|
+
# was the user redirected to the right page?
|
|
5
|
+
# was the user successfully authenticated?
|
|
6
|
+
# was the correct object stored in the response?
|
|
7
|
+
# was the appropriate message delivered in the json payload?
|
|
8
|
+
|
|
9
|
+
class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
10
|
+
describe DeviseTokenAuth::PasswordsController do
|
|
11
|
+
describe "Password reset" do
|
|
12
|
+
before do
|
|
13
|
+
@resource = users(:confirmed_email_user)
|
|
14
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
describe 'request password reset' do
|
|
18
|
+
|
|
19
|
+
describe 'case-sensitive email' do
|
|
20
|
+
before do
|
|
21
|
+
xhr :post, :create, {
|
|
22
|
+
email: @resource.email,
|
|
23
|
+
redirect_url: @redirect_url
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
27
|
+
@resource.reload
|
|
28
|
+
|
|
29
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
|
30
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
|
31
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
test 'response should return success status' do
|
|
35
|
+
assert_equal 200, response.status
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
test 'action should send an email' do
|
|
39
|
+
assert @mail
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
test 'the email should be addressed to the user' do
|
|
43
|
+
assert_equal @mail.to.first, @resource.email
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
test 'the email body should contain a link with redirect url as a query param' do
|
|
47
|
+
assert_equal @redirect_url, @mail_redirect_url
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
test 'the client config name should fall back to "default"' do
|
|
51
|
+
assert_equal 'default', @mail_config_name
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
test 'the email body should contain a link with reset token as a query param' do
|
|
55
|
+
user = User.reset_password_by_token({
|
|
56
|
+
reset_password_token: @mail_reset_token
|
|
57
|
+
})
|
|
58
|
+
|
|
59
|
+
assert_equal user.id, @resource.id
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
describe 'password reset link failure' do
|
|
63
|
+
test 'request should not be authorized' do
|
|
64
|
+
assert_raises(ActionController::RoutingError) {
|
|
65
|
+
xhr :get, :edit, {
|
|
66
|
+
reset_password_token: 'bogus',
|
|
67
|
+
redirect_url: @mail_redirect_url
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
describe 'password reset link success' do
|
|
74
|
+
before do
|
|
75
|
+
xhr :get, :edit, {
|
|
76
|
+
reset_password_token: @mail_reset_token,
|
|
77
|
+
redirect_url: @mail_redirect_url
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
@resource.reload
|
|
81
|
+
|
|
82
|
+
raw_qs = response.location.split('?')[1]
|
|
83
|
+
@qs = Rack::Utils.parse_nested_query(raw_qs)
|
|
84
|
+
|
|
85
|
+
@client_id = @qs["client_id"]
|
|
86
|
+
@expiry = @qs["expiry"]
|
|
87
|
+
@reset_password = @qs["reset_password"]
|
|
88
|
+
@token = @qs["token"]
|
|
89
|
+
@uid = @qs["uid"]
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
test 'respones should have success redirect status' do
|
|
93
|
+
assert_equal 302, response.status
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
test 'response should contain auth params' do
|
|
97
|
+
assert @client_id
|
|
98
|
+
assert @expiry
|
|
99
|
+
assert @reset_password
|
|
100
|
+
assert @token
|
|
101
|
+
assert @uid
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
test 'response auth params should be valid' do
|
|
105
|
+
assert @resource.valid_token?(@token, @client_id)
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
describe 'case-insensitive email' do
|
|
112
|
+
before do
|
|
113
|
+
@resource_class = User
|
|
114
|
+
@request_params = {
|
|
115
|
+
email: @resource.email.upcase,
|
|
116
|
+
redirect_url: @redirect_url
|
|
117
|
+
}
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
test 'response should return success status if configured' do
|
|
121
|
+
@resource_class.case_insensitive_keys = [:email]
|
|
122
|
+
xhr :post, :create, @request_params
|
|
123
|
+
assert_equal 200, response.status
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
test 'response should return failure status if not configured' do
|
|
127
|
+
@resource_class.case_insensitive_keys = []
|
|
128
|
+
xhr :post, :create, @request_params
|
|
129
|
+
assert_equal 400, response.status
|
|
130
|
+
end
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
describe "change password" do
|
|
135
|
+
describe 'success' do
|
|
136
|
+
before do
|
|
137
|
+
@auth_headers = @resource.create_new_auth_token
|
|
138
|
+
request.headers.merge!(@auth_headers)
|
|
139
|
+
@new_password = Faker::Internet.password
|
|
140
|
+
|
|
141
|
+
xhr :put, :update, {
|
|
142
|
+
password: @new_password,
|
|
143
|
+
password_confirmation: @new_password
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
@resource.reload
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
test "request should be successful" do
|
|
150
|
+
assert_equal 200, response.status
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
test "new password should authenticate user" do
|
|
154
|
+
assert @resource.valid_password?(@new_password)
|
|
155
|
+
end
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
describe 'password mismatch error' do
|
|
159
|
+
before do
|
|
160
|
+
@auth_headers = @resource.create_new_auth_token
|
|
161
|
+
request.headers.merge!(@auth_headers)
|
|
162
|
+
@new_password = Faker::Internet.password
|
|
163
|
+
|
|
164
|
+
xhr :put, :update, {
|
|
165
|
+
password: 'chong',
|
|
166
|
+
password_confirmation: 'bong'
|
|
167
|
+
}
|
|
168
|
+
end
|
|
169
|
+
|
|
170
|
+
test 'response should fail' do
|
|
171
|
+
assert_equal 422, response.status
|
|
172
|
+
end
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
describe 'unauthorized user' do
|
|
176
|
+
before do
|
|
177
|
+
@auth_headers = @resource.create_new_auth_token
|
|
178
|
+
@new_password = Faker::Internet.password
|
|
179
|
+
|
|
180
|
+
xhr :put, :update, {
|
|
181
|
+
password: @new_password,
|
|
182
|
+
password_confirmation: @new_password
|
|
183
|
+
}
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
test 'response should fail' do
|
|
187
|
+
assert_equal 401, response.status
|
|
188
|
+
end
|
|
189
|
+
end
|
|
190
|
+
end
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
describe "Alternate user class" do
|
|
194
|
+
setup do
|
|
195
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
teardown do
|
|
199
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
before do
|
|
203
|
+
@resource = mangs(:confirmed_email_user)
|
|
204
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
|
205
|
+
|
|
206
|
+
xhr :post, :create, {
|
|
207
|
+
email: @resource.email,
|
|
208
|
+
redirect_url: @redirect_url
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
212
|
+
@resource.reload
|
|
213
|
+
|
|
214
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
|
215
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
|
216
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
|
217
|
+
end
|
|
218
|
+
|
|
219
|
+
test 'response should return success status' do
|
|
220
|
+
assert_equal 200, response.status
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
test 'the email body should contain a link with reset token as a query param' do
|
|
224
|
+
user = Mang.reset_password_by_token({
|
|
225
|
+
reset_password_token: @mail_reset_token
|
|
226
|
+
})
|
|
227
|
+
|
|
228
|
+
assert_equal user.id, @resource.id
|
|
229
|
+
end
|
|
230
|
+
end
|
|
231
|
+
|
|
232
|
+
describe 'unconfirmed user' do
|
|
233
|
+
before do
|
|
234
|
+
@resource = users(:unconfirmed_email_user)
|
|
235
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
|
236
|
+
|
|
237
|
+
xhr :post, :create, {
|
|
238
|
+
email: @resource.email,
|
|
239
|
+
redirect_url: @redirect_url
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
243
|
+
@resource.reload
|
|
244
|
+
|
|
245
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
|
246
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
|
247
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
|
248
|
+
|
|
249
|
+
xhr :get, :edit, {
|
|
250
|
+
reset_password_token: @mail_reset_token,
|
|
251
|
+
redirect_url: @mail_redirect_url
|
|
252
|
+
}
|
|
253
|
+
|
|
254
|
+
@resource.reload
|
|
255
|
+
end
|
|
256
|
+
|
|
257
|
+
test 'unconfirmed email user should now be confirmed' do
|
|
258
|
+
assert @resource.confirmed_at
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
describe 'alternate user type' do
|
|
263
|
+
before do
|
|
264
|
+
@resource = users(:confirmed_email_user)
|
|
265
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
|
266
|
+
@config_name = "altUser"
|
|
267
|
+
|
|
268
|
+
xhr :post, :create, {
|
|
269
|
+
email: @resource.email,
|
|
270
|
+
redirect_url: @redirect_url,
|
|
271
|
+
config_name: @config_name
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
275
|
+
@resource.reload
|
|
276
|
+
|
|
277
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
|
278
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
|
279
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
test 'config_name param is included in the confirmation email link' do
|
|
283
|
+
assert_equal @config_name, @mail_config_name
|
|
284
|
+
end
|
|
285
|
+
end
|
|
286
|
+
end
|
|
287
|
+
end
|