RubyGems - cm-devise_token_auth - Versions diffs - 0.1.30.1 - Mend

cm-devise_token_auth 0.1.30.1

Files changed (117) hide show

checksums.yaml +7 -0
data/LICENSE +13 -0
data/README.md +688 -0
data/Rakefile +34 -0
data/app/controllers/devise_token_auth/application_controller.rb +17 -0
data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +109 -0
data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +171 -0
data/app/controllers/devise_token_auth/passwords_controller.rb +155 -0
data/app/controllers/devise_token_auth/registrations_controller.rb +123 -0
data/app/controllers/devise_token_auth/sessions_controller.rb +98 -0
data/app/controllers/devise_token_auth/token_validations_controller.rb +23 -0
data/app/models/devise_token_auth/concerns/user.rb +231 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
data/app/views/layouts/omniauth_response.html.erb +31 -0
data/config/initializers/devise.rb +203 -0
data/config/locales/devise.en.yml +59 -0
data/config/routes.rb +5 -0
data/lib/devise_token_auth.rb +7 -0
data/lib/devise_token_auth/controllers/helpers.rb +129 -0
data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
data/lib/devise_token_auth/engine.rb +25 -0
data/lib/devise_token_auth/rails/routes.rb +65 -0
data/lib/devise_token_auth/version.rb +3 -0
data/lib/generators/devise_token_auth/USAGE +31 -0
data/lib/generators/devise_token_auth/install_generator.rb +115 -0
data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +54 -0
data/lib/generators/devise_token_auth/templates/user.rb +3 -0
data/lib/tasks/devise_token_auth_tasks.rake +4 -0
data/test/controllers/demo_group_controller_test.rb +126 -0
data/test/controllers/demo_mang_controller_test.rb +263 -0
data/test/controllers/demo_user_controller_test.rb +262 -0
data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +167 -0
data/test/controllers/devise_token_auth/passwords_controller_test.rb +287 -0
data/test/controllers/devise_token_auth/registrations_controller_test.rb +458 -0
data/test/controllers/devise_token_auth/sessions_controller_test.rb +221 -0
data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
data/test/controllers/overrides/passwords_controller_test.rb +62 -0
data/test/controllers/overrides/registrations_controller_test.rb +40 -0
data/test/controllers/overrides/sessions_controller_test.rb +33 -0
data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
data/test/dummy/README.rdoc +28 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/assets/images/logo.jpg +0 -0
data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
data/test/dummy/app/assets/javascripts/application.js +13 -0
data/test/dummy/app/assets/stylesheets/application.css +15 -0
data/test/dummy/app/controllers/application_controller.rb +16 -0
data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
data/test/dummy/app/controllers/overrides/sessions_controller.rb +43 -0
data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
data/test/dummy/app/helpers/application_helper.rb +1065 -0
data/test/dummy/app/models/evil_user.rb +3 -0
data/test/dummy/app/models/mang.rb +3 -0
data/test/dummy/app/models/user.rb +18 -0
data/test/dummy/app/views/layouts/application.html.erb +14 -0
data/test/dummy/bin/bundle +3 -0
data/test/dummy/bin/rails +8 -0
data/test/dummy/bin/rake +8 -0
data/test/dummy/bin/spring +18 -0
data/test/dummy/config.ru +16 -0
data/test/dummy/config/application.rb +23 -0
data/test/dummy/config/application.yml.bk +0 -0
data/test/dummy/config/boot.rb +5 -0
data/test/dummy/config/database.yml +31 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +44 -0
data/test/dummy/config/environments/production.rb +82 -0
data/test/dummy/config/environments/test.rb +40 -0
data/test/dummy/config/initializers/assets.rb +8 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
data/test/dummy/config/initializers/figaro.rb +1 -0
data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/test/dummy/config/initializers/inflections.rb +16 -0
data/test/dummy/config/initializers/mime_types.rb +4 -0
data/test/dummy/config/initializers/omniauth.rb +8 -0
data/test/dummy/config/initializers/session_store.rb +3 -0
data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
data/test/dummy/config/locales/en.yml +23 -0
data/test/dummy/config/routes.rb +30 -0
data/test/dummy/config/secrets.yml +22 -0
data/test/dummy/config/spring.rb +1 -0
data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
data/test/dummy/db/schema.rb +114 -0
data/test/dummy/public/404.html +67 -0
data/test/dummy/public/422.html +67 -0
data/test/dummy/public/500.html +66 -0
data/test/dummy/public/favicon.ico +0 -0
data/test/fixtures/evil_users.yml +29 -0
data/test/fixtures/mangs.yml +29 -0
data/test/fixtures/users.yml +29 -0
data/test/integration/navigation_test.rb +10 -0
data/test/lib/generators/devise_token_auth/install_generator_test.rb +178 -0
data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
data/test/models/user_test.rb +90 -0
data/test/test_helper.rb +60 -0
metadata +310 -0

data/test/controllers/devise_token_auth/registrations_controller_test.rb ADDED

@@ -0,0 +1,458 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  describe DeviseTokenAuth::RegistrationsController do
+    describe "Successful registration" do
+      before do
+        @mails_sent = ActionMailer::Base.deliveries.count
+        post '/auth', {
+          email: Faker::Internet.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url,
+          unpermitted_param: '(x_x)'
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+        @mail = ActionMailer::Base.deliveries.last
+      end
+      test "request should be successful" do
+        assert_equal 200, response.status
+      end
+      test "user should have been created" do
+        assert @resource.id
+      end
+      test "user should not be confirmed" do
+        assert_nil @resource.confirmed_at
+      end
+      test "new user data should be returned as json" do
+        assert @data['data']['email']
+      end
+      test "new user should receive confirmation email" do
+        assert_equal @resource.email, @mail['to'].to_s
+      end
+      test "new user password should not be returned" do
+        assert_nil @data['data']['password']
+      end
+      test "only one email was sent" do
+        assert_equal @mails_sent + 1, ActionMailer::Base.deliveries.count
+      end
+    end
+    describe "case-insensitive email" do
+      before do
+        @resource_class = User
+        @request_params = {
+          email: "AlternatingCase@example.com",
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url
+        }
+      end
+      test "success should downcase uid if configured" do
+        @resource_class.case_insensitive_keys = [:email]
+        post '/auth', @request_params
+        assert_equal 200, response.status
+        @data = JSON.parse(response.body)
+        assert_equal "alternatingcase@example.com", @data['data']['uid']
+      end
+      test "request should not downcase uid if not configured" do
+        @resource_class.case_insensitive_keys = []
+        post '/auth', @request_params
+        assert_equal 200, response.status
+        @data = JSON.parse(response.body)
+        assert_equal "AlternatingCase@example.com", @data['data']['uid']
+      end
+    end
+    describe "Adding extra params" do
+      before do
+        @redirect_url     = Faker::Internet.url
+        @operating_thetan = 2
+        post '/auth', {
+          email: Faker::Internet.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: @redirect_url,
+          favorite_color: @fav_color,
+          operating_thetan: @operating_thetan
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+        @mail = ActionMailer::Base.deliveries.last
+        @mail_reset_token  = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
+        @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
+        @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      end
+      test 'redirect_url is included as param in email' do
+        assert_equal @redirect_url, @mail_redirect_url
+      end
+      test "additional sign_up params should be considered" do
+        assert_equal @operating_thetan, @resource.operating_thetan
+      end
+      test 'config_name param is included in the confirmation email link' do
+        assert @mail_config_name
+      end
+      test "client config name falls back to 'default'" do
+        assert_equal "default", @mail_config_name
+      end
+    end
+    describe "Mismatched passwords" do
+      before do
+        post '/auth', {
+          email: Faker::Internet.email,
+          password: "secret123",
+          password_confirmation: "bogus",
+          confirm_success_url: Faker::Internet.url
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+      test "request should not be successful" do
+        assert_equal 403, response.status
+      end
+      test "user should have been created" do
+        assert_nil @resource.id
+      end
+      test "error should be returned in the response" do
+        assert @data['errors'].length
+      end
+      test "full_messages should be included in error hash" do
+        assert @data['errors']['full_messages'].length
+      end
+    end
+    describe "Existing users" do
+      before do
+        @existing_user = users(:confirmed_email_user)
+        post "/auth", {
+          email: @existing_user.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+      test "request should not be successful" do
+        assert_equal 403, response.status
+      end
+      test "user should have been created" do
+        assert_nil @resource.id
+      end
+      test "error should be returned in the response" do
+        assert @data['errors'].length
+      end
+    end
+    describe "Destroy user account" do
+      describe "success" do
+        before do
+          @existing_user = users(:confirmed_email_user)
+          @auth_headers  = @existing_user.create_new_auth_token
+          @client_id     = @auth_headers['client']
+          # ensure request is not treated as batch request
+          age_token(@existing_user, @client_id)
+          delete "/auth", {}, @auth_headers
+          @data = JSON.parse(response.body)
+        end
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+        test "existing user should be deleted" do
+          refute User.where(id: @existing_user.id).first
+        end
+      end
+      describe 'failure: no auth headers' do
+        before do
+          delete "/auth"
+          @data = JSON.parse(response.body)
+        end
+        test 'request returns 404 (not found) status' do
+          assert_equal 404, response.status
+        end
+      end
+    end
+    describe "Update user account" do
+      describe "existing user" do
+        before do
+          @existing_user = users(:confirmed_email_user)
+          @auth_headers  = @existing_user.create_new_auth_token
+          @client_id     = @auth_headers['client']
+          # ensure request is not treated as batch request
+          age_token(@existing_user, @client_id)
+        end
+        describe "success" do
+          before do
+            # test valid update param
+            @resource_class = User
+            @new_operating_thetan = 1000000
+            @email = "AlternatingCase2@example.com"
+            @request_params = {
+              operating_thetan: @new_operating_thetan,
+              email: @email
+            }
+          end
+          test "Request was successful" do
+            put "/auth", @request_params, @auth_headers
+            assert_equal 200, response.status
+          end
+          test "Case sensitive attributes update" do
+            @resource_class.case_insensitive_keys = []
+            put "/auth", @request_params, @auth_headers
+            @data = JSON.parse(response.body)
+            @existing_user.reload
+            assert_equal @new_operating_thetan, @existing_user.operating_thetan
+            assert_equal @email, @existing_user.email
+            assert_equal @email, @existing_user.uid
+          end
+          test "Case insensitive attributes update" do
+            @resource_class.case_insensitive_keys = [:email]
+            put "/auth", @request_params, @auth_headers
+            @data = JSON.parse(response.body)
+            @existing_user.reload
+            assert_equal @new_operating_thetan, @existing_user.operating_thetan
+            assert_equal @email.downcase, @existing_user.email
+            assert_equal @email.downcase, @existing_user.uid
+          end
+        end
+        describe "error" do
+          before do
+            # test invalid update param
+            @new_operating_thetan = "blegh"
+            put "/auth", {
+              operating_thetan: @new_operating_thetan
+            }, @auth_headers
+            @data = JSON.parse(response.body)
+            @existing_user.reload
+          end
+          test "Request was NOT successful" do
+            assert_equal 403, response.status
+          end
+          test "Errors were provided with response" do
+            assert @data["errors"].length
+          end
+        end
+      end
+      describe "invalid user" do
+        before do
+          @existing_user = users(:confirmed_email_user)
+          @auth_headers  = @existing_user.create_new_auth_token
+          @client_id     = @auth_headers['client']
+          # ensure request is not treated as batch request
+          expire_token(@existing_user, @client_id)
+          # test valid update param
+          @new_operating_thetan = 3
+          put "/auth", {
+            operating_thetan: @new_operating_thetan
+          }, @auth_headers
+          @data = JSON.parse(response.body)
+          @existing_user.reload
+        end
+        test "Response should return 404 status" do
+          assert_equal 404, response.status
+        end
+        test "User should not be updated" do
+          refute_equal @new_operating_thetan, @existing_user.operating_thetan
+        end
+      end
+    end
+    describe "Ouath user has existing email" do
+      before do
+        @existing_user = users(:duplicate_email_facebook_user)
+        post "/auth", {
+          email: @existing_user.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+      test "request should be successful" do
+        assert_equal 200, response.status
+      end
+      test "user should have been created" do
+        assert @resource.id
+      end
+      test "new user data should be returned as json" do
+        assert @data['data']['email']
+      end
+    end
+    describe "Alternate user class" do
+      before do
+        post "/mangs", {
+          email: Faker::Internet.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+        @mail = ActionMailer::Base.deliveries.last
+      end
+      test "request should be successful" do
+        assert_equal 200, response.status
+      end
+      test "use should be a Mang" do
+        assert_equal "Mang", @resource.class.name
+      end
+      test "Mang should be destroyed" do
+        @auth_headers  = @resource.create_new_auth_token
+        @client_id     = @auth_headers['client']
+        # ensure request is not treated as batch request
+        age_token(@resource, @client_id)
+        delete "/mangs", {}, @auth_headers
+        assert_equal 200, response.status
+        refute Mang.where(id: @resource.id).first
+      end
+    end
+    describe "Passing client config name" do
+      before do
+        @config_name = 'altUser'
+        post "/mangs", {
+          email: Faker::Internet.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url,
+          config_name: @config_name
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+        @mail = ActionMailer::Base.deliveries.last
+        @resource.reload
+        @mail_reset_token  = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
+        @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
+        @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      end
+      test 'config_name param is included in the confirmation email link' do
+        assert_equal @config_name, @mail_config_name
+      end
+    end
+    describe "Skipped confirmation" do
+      setup do
+        User.set_callback(:create, :before, :skip_confirmation!)
+        post "/auth", {
+          email: Faker::Internet.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url
+        }
+        @resource  = assigns(:resource)
+        @token     = response.headers["access-token"]
+        @client_id = response.headers["client"]
+      end
+      teardown do
+        User.skip_callback(:create, :before, :skip_confirmation!)
+      end
+      test "user was created" do
+        assert @resource
+      end
+      test "user was confirmed" do
+        assert @resource.confirmed?
+      end
+      test "auth headers were returned in response" do
+        assert response.headers["access-token"]
+        assert response.headers["token-type"]
+        assert response.headers["client"]
+        assert response.headers["expiry"]
+        assert response.headers["uid"]
+      end
+      test "response token is valid" do
+        assert @resource.valid_token?(@token, @client_id)
+      end
+    end
+  end
+end