RubyGems - cm-devise_token_auth - Versions diffs - 0.1.30.1 - Mend

cm-devise_token_auth 0.1.30.1

Files changed (117) hide show

checksums.yaml +7 -0
data/LICENSE +13 -0
data/README.md +688 -0
data/Rakefile +34 -0
data/app/controllers/devise_token_auth/application_controller.rb +17 -0
data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +109 -0
data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +171 -0
data/app/controllers/devise_token_auth/passwords_controller.rb +155 -0
data/app/controllers/devise_token_auth/registrations_controller.rb +123 -0
data/app/controllers/devise_token_auth/sessions_controller.rb +98 -0
data/app/controllers/devise_token_auth/token_validations_controller.rb +23 -0
data/app/models/devise_token_auth/concerns/user.rb +231 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
data/app/views/layouts/omniauth_response.html.erb +31 -0
data/config/initializers/devise.rb +203 -0
data/config/locales/devise.en.yml +59 -0
data/config/routes.rb +5 -0
data/lib/devise_token_auth.rb +7 -0
data/lib/devise_token_auth/controllers/helpers.rb +129 -0
data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
data/lib/devise_token_auth/engine.rb +25 -0
data/lib/devise_token_auth/rails/routes.rb +65 -0
data/lib/devise_token_auth/version.rb +3 -0
data/lib/generators/devise_token_auth/USAGE +31 -0
data/lib/generators/devise_token_auth/install_generator.rb +115 -0
data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +54 -0
data/lib/generators/devise_token_auth/templates/user.rb +3 -0
data/lib/tasks/devise_token_auth_tasks.rake +4 -0
data/test/controllers/demo_group_controller_test.rb +126 -0
data/test/controllers/demo_mang_controller_test.rb +263 -0
data/test/controllers/demo_user_controller_test.rb +262 -0
data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +167 -0
data/test/controllers/devise_token_auth/passwords_controller_test.rb +287 -0
data/test/controllers/devise_token_auth/registrations_controller_test.rb +458 -0
data/test/controllers/devise_token_auth/sessions_controller_test.rb +221 -0
data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
data/test/controllers/overrides/passwords_controller_test.rb +62 -0
data/test/controllers/overrides/registrations_controller_test.rb +40 -0
data/test/controllers/overrides/sessions_controller_test.rb +33 -0
data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
data/test/dummy/README.rdoc +28 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/assets/images/logo.jpg +0 -0
data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
data/test/dummy/app/assets/javascripts/application.js +13 -0
data/test/dummy/app/assets/stylesheets/application.css +15 -0
data/test/dummy/app/controllers/application_controller.rb +16 -0
data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
data/test/dummy/app/controllers/overrides/sessions_controller.rb +43 -0
data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
data/test/dummy/app/helpers/application_helper.rb +1065 -0
data/test/dummy/app/models/evil_user.rb +3 -0
data/test/dummy/app/models/mang.rb +3 -0
data/test/dummy/app/models/user.rb +18 -0
data/test/dummy/app/views/layouts/application.html.erb +14 -0
data/test/dummy/bin/bundle +3 -0
data/test/dummy/bin/rails +8 -0
data/test/dummy/bin/rake +8 -0
data/test/dummy/bin/spring +18 -0
data/test/dummy/config.ru +16 -0
data/test/dummy/config/application.rb +23 -0
data/test/dummy/config/application.yml.bk +0 -0
data/test/dummy/config/boot.rb +5 -0
data/test/dummy/config/database.yml +31 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +44 -0
data/test/dummy/config/environments/production.rb +82 -0
data/test/dummy/config/environments/test.rb +40 -0
data/test/dummy/config/initializers/assets.rb +8 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
data/test/dummy/config/initializers/figaro.rb +1 -0
data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/test/dummy/config/initializers/inflections.rb +16 -0
data/test/dummy/config/initializers/mime_types.rb +4 -0
data/test/dummy/config/initializers/omniauth.rb +8 -0
data/test/dummy/config/initializers/session_store.rb +3 -0
data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
data/test/dummy/config/locales/en.yml +23 -0
data/test/dummy/config/routes.rb +30 -0
data/test/dummy/config/secrets.yml +22 -0
data/test/dummy/config/spring.rb +1 -0
data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
data/test/dummy/db/schema.rb +114 -0
data/test/dummy/public/404.html +67 -0
data/test/dummy/public/422.html +67 -0
data/test/dummy/public/500.html +66 -0
data/test/dummy/public/favicon.ico +0 -0
data/test/fixtures/evil_users.yml +29 -0
data/test/fixtures/mangs.yml +29 -0
data/test/fixtures/users.yml +29 -0
data/test/integration/navigation_test.rb +10 -0
data/test/lib/generators/devise_token_auth/install_generator_test.rb +178 -0
data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
data/test/models/user_test.rb +90 -0
data/test/test_helper.rb +60 -0
metadata +310 -0

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <div>
+      <h1>The change you wanted was rejected.</h1>
+      <p>Maybe you tried to change something you didn't have access to.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/500.html ADDED

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <div>
+      <h1>We're sorry, but something went wrong.</h1>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/favicon.ico ADDED

File without changes

data/test/fixtures/evil_users.yml ADDED

@@ -0,0 +1,29 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+confirmed_email_user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  confirmed_at:        '<%= timestamp %>'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @fb_email = Faker::Internet.email %>
+duplicate_email_facebook_user:
+  uid:                 "<%= Faker::Number.number(10) %>"
+  email:               "<%= @fb_email %>"
+  provider:            'facebook'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  confirmed_at:        '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @unconfirmed_email = Faker::Internet.email %>
+unconfirmed_email_user:
+  uid:                 "<%= @unconfirmed_email %>"
+  email:               "<%= @unconfirmed_email %>"
+  provider:            'email'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>

data/test/fixtures/mangs.yml ADDED

@@ -0,0 +1,29 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+confirmed_email_user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  confirmed_at:        '<%= timestamp %>'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= Mang.new.send(:password_digest, 'secret123') %>
+<% @fb_email = Faker::Internet.email %>
+duplicate_email_facebook_user:
+  uid:                 "<%= Faker::Number.number(10) %>"
+  email:               "<%= @fb_email %>"
+  provider:            'facebook'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  confirmed_at:        '<%= timestamp %>'
+  encrypted_password:  <%= Mang.new.send(:password_digest, 'secret123') %>
+<% @unconfirmed_email = Faker::Internet.email %>
+unconfirmed_email_user:
+  uid:                 "<%= @unconfirmed_email %>"
+  email:               "<%= @unconfirmed_email %>"
+  provider:            'email'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= Mang.new.send(:password_digest, 'secret123') %>

data/test/fixtures/users.yml ADDED

@@ -0,0 +1,29 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+confirmed_email_user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  confirmed_at:        '<%= timestamp %>'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @fb_email = Faker::Internet.email %>
+duplicate_email_facebook_user:
+  uid:                 "<%= Faker::Number.number(10) %>"
+  email:               "<%= @fb_email %>"
+  provider:            'facebook'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  confirmed_at:        '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
+<% @unconfirmed_email = Faker::Internet.email %>
+unconfirmed_email_user:
+  uid:                 "<%= @unconfirmed_email %>"
+  email:               "<%= @unconfirmed_email %>"
+  provider:            'email'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>

data/test/integration/navigation_test.rb ADDED

@@ -0,0 +1,10 @@
+require 'test_helper'
+class NavigationTest < ActionDispatch::IntegrationTest
+  fixtures :all
+  # test "the truth" do
+  #   assert true
+  # end
+end

data/test/lib/generators/devise_token_auth/install_generator_test.rb ADDED

@@ -0,0 +1,178 @@
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_generator'
+module DeviseTokenAuth
+  class InstallGeneratorTest < Rails::Generators::TestCase
+    tests InstallGenerator
+    destination Rails.root.join('tmp/generators')
+    describe 'default values, clean install' do
+      setup :prepare_destination
+      before do
+        run_generator
+      end
+      test 'user model is created, concern is included' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+      test 'initializer is created' do
+        assert_file 'config/initializers/devise_token_auth.rb'
+      end
+      test 'migration is created' do
+        assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+      end
+      test 'subsequent runs raise no errors' do
+        run_generator
+      end
+    end
+    describe 'existing user model' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, "app", "models")
+        @fname = File.join(@dir, "user.rb")
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+class User < ActiveRecord::Base
+  def whatever
+    puts 'whatever'
+  end
+end
+          RUBY
+        }
+        run_generator
+      end
+      test 'user concern is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/models/user.rb' do |model|
+          matches = model.scan(/include DeviseTokenAuth::Concerns::User/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+    describe 'routes' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, "config")
+        @fname = File.join(@dir, "routes.rb")
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+Rails.application.routes.draw do
+  patch '/chong', to: 'bong#index'
+end
+          RUBY
+        }
+        run_generator
+      end
+      test 'route method is appended to routes file' do
+        assert_file 'config/routes.rb' do |routes|
+          assert_match(/mount_devise_token_auth_for 'User', at: '\/auth'/, routes)
+        end
+      end
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'config/routes.rb' do |routes|
+          matches = routes.scan(/mount_devise_token_auth_for 'User', at: '\/auth'/m).size
+          assert_equal 1, matches
+        end
+      end
+      describe 'subsequent models' do
+        before do
+          run_generator %w(Mang /mangs)
+        end
+        test 'migration is created' do
+          assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
+        end
+        test 'route method is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/mount_devise_token_auth_for 'Mang', at: '\/mangs'/, routes)
+          end
+        end
+        test 'devise_for block is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/as :mang do/, routes)
+            assert_match(/# Define routes for Mang within this block./, routes)
+          end
+        end
+      end
+    end
+    describe 'application controller' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, "app", "controllers")
+        @fname = File.join(@dir, "application_controller.rb")
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+class ApplicationController < ActionController::Base
+  respond_to :json
+  def whatever
+    'whatever'
+  end
+end
+          RUBY
+        }
+        run_generator
+      end
+      test 'controller concern is appended to application controller' do
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
+        end
+      end
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+  end
+end

data/test/lib/generators/devise_token_auth/install_views_generator_test.rb ADDED

@@ -0,0 +1,23 @@
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_views_generator'
+module DeviseTokenAuth
+  class InstallViewsGeneratorTest < Rails::Generators::TestCase
+    tests InstallViewsGenerator
+    destination Rails.root.join('tmp/generators')
+    describe 'default values, clean install' do
+      setup :prepare_destination
+      before do
+        run_generator
+      end
+      test "files are copied" do
+        assert_file 'app/views/devise/mailer/reset_password_instructions.html.erb'
+        assert_file 'app/views/devise/mailer/confirmation_instructions.html.erb'
+      end
+    end
+  end
+end

data/test/models/user_test.rb ADDED

@@ -0,0 +1,90 @@
+require 'test_helper'
+class UserTest < ActiveSupport::TestCase
+  describe User do
+    before do
+      @password    = Faker::Internet.password(10, 20)
+      @email       = Faker::Internet.email
+      @success_url = Faker::Internet.url
+      @resource    = User.new()
+    end
+    describe 'serialization' do
+      test 'hash should not include sensitive info' do
+        refute @resource.as_json[:tokens]
+      end
+    end
+    describe 'creation' do
+      test 'save fails if uid is missing' do
+        @resource.uid = nil
+        @resource.save
+        assert @resource.errors.messages[:uid]
+      end
+    end
+    describe 'email registration' do
+      test 'model should not save if email is blank' do
+        @resource.provider              = 'email'
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+        refute @resource.save
+        assert @resource.errors.messages[:email]
+      end
+    end
+    describe 'oauth2 authentication' do
+      test 'model should save even if email is blank' do
+        @resource.provider              = 'facebook'
+        @resource.uid                   = 123
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+        assert @resource.save
+        refute @resource.errors.messages[:email]
+      end
+    end
+    describe 'token expiry' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+        @auth_headers = @resource.create_new_auth_token
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+      end
+      test 'should properly indicate whether token is current' do
+        assert @resource.token_is_current?(@token, @client_id)
+        # we want to update the expiry without forcing a cleanup (see below)
+        @resource.tokens[@client_id]['expiry'] = Time.now.to_i - 10.seconds
+        refute @resource.token_is_current?(@token, @client_id)
+      end
+    end
+    describe 'expired tokens are destroyed on save' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+        @old_auth_headers = @resource.create_new_auth_token
+        @new_auth_headers = @resource.create_new_auth_token
+        expire_token(@resource, @old_auth_headers['client'])
+      end
+      test 'expired token was removed' do
+        refute @resource.tokens[@old_auth_headers['client']]
+      end
+      test 'current token was not removed' do
+        assert @resource.tokens[@new_auth_headers['client']]
+      end
+    end
+  end
+end