RubyGems - cm-devise_token_auth - Versions diffs - 0.1.30.1 - Mend

cm-devise_token_auth 0.1.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

checksums.yaml +7 -0
data/LICENSE +13 -0
data/README.md +688 -0
data/Rakefile +34 -0
data/app/controllers/devise_token_auth/application_controller.rb +17 -0
data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +109 -0
data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +171 -0
data/app/controllers/devise_token_auth/passwords_controller.rb +155 -0
data/app/controllers/devise_token_auth/registrations_controller.rb +123 -0
data/app/controllers/devise_token_auth/sessions_controller.rb +98 -0
data/app/controllers/devise_token_auth/token_validations_controller.rb +23 -0
data/app/models/devise_token_auth/concerns/user.rb +231 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
data/app/views/layouts/omniauth_response.html.erb +31 -0
data/config/initializers/devise.rb +203 -0
data/config/locales/devise.en.yml +59 -0
data/config/routes.rb +5 -0
data/lib/devise_token_auth.rb +7 -0
data/lib/devise_token_auth/controllers/helpers.rb +129 -0
data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
data/lib/devise_token_auth/engine.rb +25 -0
data/lib/devise_token_auth/rails/routes.rb +65 -0
data/lib/devise_token_auth/version.rb +3 -0
data/lib/generators/devise_token_auth/USAGE +31 -0
data/lib/generators/devise_token_auth/install_generator.rb +115 -0
data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +54 -0
data/lib/generators/devise_token_auth/templates/user.rb +3 -0
data/lib/tasks/devise_token_auth_tasks.rake +4 -0
data/test/controllers/demo_group_controller_test.rb +126 -0
data/test/controllers/demo_mang_controller_test.rb +263 -0
data/test/controllers/demo_user_controller_test.rb +262 -0
data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +167 -0
data/test/controllers/devise_token_auth/passwords_controller_test.rb +287 -0
data/test/controllers/devise_token_auth/registrations_controller_test.rb +458 -0
data/test/controllers/devise_token_auth/sessions_controller_test.rb +221 -0
data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
data/test/controllers/overrides/passwords_controller_test.rb +62 -0
data/test/controllers/overrides/registrations_controller_test.rb +40 -0
data/test/controllers/overrides/sessions_controller_test.rb +33 -0
data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
data/test/dummy/README.rdoc +28 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/assets/images/logo.jpg +0 -0
data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
data/test/dummy/app/assets/javascripts/application.js +13 -0
data/test/dummy/app/assets/stylesheets/application.css +15 -0
data/test/dummy/app/controllers/application_controller.rb +16 -0
data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
data/test/dummy/app/controllers/overrides/sessions_controller.rb +43 -0
data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
data/test/dummy/app/helpers/application_helper.rb +1065 -0
data/test/dummy/app/models/evil_user.rb +3 -0
data/test/dummy/app/models/mang.rb +3 -0
data/test/dummy/app/models/user.rb +18 -0
data/test/dummy/app/views/layouts/application.html.erb +14 -0
data/test/dummy/bin/bundle +3 -0
data/test/dummy/bin/rails +8 -0
data/test/dummy/bin/rake +8 -0
data/test/dummy/bin/spring +18 -0
data/test/dummy/config.ru +16 -0
data/test/dummy/config/application.rb +23 -0
data/test/dummy/config/application.yml.bk +0 -0
data/test/dummy/config/boot.rb +5 -0
data/test/dummy/config/database.yml +31 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +44 -0
data/test/dummy/config/environments/production.rb +82 -0
data/test/dummy/config/environments/test.rb +40 -0
data/test/dummy/config/initializers/assets.rb +8 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
data/test/dummy/config/initializers/figaro.rb +1 -0
data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/test/dummy/config/initializers/inflections.rb +16 -0
data/test/dummy/config/initializers/mime_types.rb +4 -0
data/test/dummy/config/initializers/omniauth.rb +8 -0
data/test/dummy/config/initializers/session_store.rb +3 -0
data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
data/test/dummy/config/locales/en.yml +23 -0
data/test/dummy/config/routes.rb +30 -0
data/test/dummy/config/secrets.yml +22 -0
data/test/dummy/config/spring.rb +1 -0
data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
data/test/dummy/db/schema.rb +114 -0
data/test/dummy/public/404.html +67 -0
data/test/dummy/public/422.html +67 -0
data/test/dummy/public/500.html +66 -0
data/test/dummy/public/favicon.ico +0 -0
data/test/fixtures/evil_users.yml +29 -0
data/test/fixtures/mangs.yml +29 -0
data/test/fixtures/users.yml +29 -0
data/test/integration/navigation_test.rb +10 -0
data/test/lib/generators/devise_token_auth/install_generator_test.rb +178 -0
data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
data/test/models/user_test.rb +90 -0
data/test/test_helper.rb +60 -0
metadata +310 -0

data/test/controllers/devise_token_auth/sessions_controller_test.rb ADDED

@@ -0,0 +1,221 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
+  describe DeviseTokenAuth::SessionsController do
+    describe "Confirmed user" do
+      before do
+        @existing_user = users(:confirmed_email_user)
+        @existing_user.skip_confirmation!
+        @existing_user.save!
+      end
+      describe 'success' do
+        before do
+          @old_sign_in_count      = @existing_user.sign_in_count
+          @old_current_sign_in_at = @existing_user.current_sign_in_at
+          @old_last_sign_in_at    = @existing_user.last_sign_in_at
+          @old_sign_in_ip         = @existing_user.current_sign_in_ip
+          @old_last_sign_in_ip    = @existing_user.last_sign_in_ip
+          xhr :post, :create, {
+            email: @existing_user.email,
+            password: 'secret123'
+          }
+          @resource = assigns(:resource)
+          @data = JSON.parse(response.body)
+          @new_sign_in_count      = @resource.sign_in_count
+          @new_current_sign_in_at = @resource.current_sign_in_at
+          @new_last_sign_in_at    = @resource.last_sign_in_at
+          @new_sign_in_ip         = @resource.current_sign_in_ip
+          @new_last_sign_in_ip    = @resource.last_sign_in_ip
+        end
+        test "request should succeed" do
+          assert_equal 200, response.status
+        end
+        test "request should return user data" do
+          assert_equal @existing_user.email, @data['data']['email']
+        end
+        describe 'trackable' do
+          test 'sign_in_count incrementns' do
+            assert_equal @old_sign_in_count + 1, @new_sign_in_count
+          end
+          test 'current_sign_in_at is updated' do
+            refute @old_current_sign_in_at
+            assert @new_current_sign_in_at
+          end
+          test 'last_sign_in_at is updated' do
+            refute @old_last_sign_in_at
+            assert @new_last_sign_in_at
+          end
+          test 'sign_in_ip is updated' do
+            refute @old_sign_in_ip
+            assert_equal "0.0.0.0", @new_sign_in_ip
+          end
+          test 'last_sign_in_ip is updated' do
+            refute @old_last_sign_in_ip
+            assert_equal "0.0.0.0", @new_last_sign_in_ip
+          end
+        end
+      end
+      describe 'authed user sign out' do
+        before do
+          @auth_headers = @existing_user.create_new_auth_token
+          request.headers.merge!(@auth_headers)
+          xhr :delete, :destroy, format: :json
+        end
+        test "user is successfully logged out" do
+          assert_equal 200, response.status
+        end
+        test "token was destroyed" do
+          @existing_user.reload
+          refute @existing_user.tokens[@auth_headers["client"]]
+        end
+      end
+      describe 'unauthed user sign out' do
+        before do
+          @auth_headers = @existing_user.create_new_auth_token
+          xhr :delete, :destroy, format: :json
+        end
+        test "unauthed request returns 404" do
+          assert_equal 404, response.status
+        end
+      end
+      describe 'failure' do
+        before do
+          xhr :post, :create, {
+            email: @existing_user.email,
+            password: 'bogus'
+          }
+          @resource = assigns(:resource)
+          @data = JSON.parse(response.body)
+        end
+        test "request should fail" do
+          assert_equal 401, response.status
+        end
+        test "response should contain errors" do
+          assert @data['errors']
+        end
+      end
+      describe 'case-insensitive email' do
+        before do
+          @resource_class = User
+          @request_params = {
+            email: @existing_user.email.upcase,
+            password: 'secret123'
+          }
+        end
+        test "request should succeed if configured" do
+          @resource_class.case_insensitive_keys = [:email]
+          xhr :post, :create, @request_params
+          assert_equal 200, response.status
+        end
+        test "request should fail if not configured" do
+          @resource_class.case_insensitive_keys = []
+          xhr :post, :create, @request_params
+          assert_equal 401, response.status
+        end
+      end
+    end
+    describe "Unconfirmed user" do
+      before do
+        @unconfirmed_user = users(:unconfirmed_email_user)
+        xhr :post, :create, {
+          email: @unconfirmed_user.email,
+          password: 'secret123'
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+      test "request should fail" do
+        assert_equal 401, response.status
+      end
+      test "response should contain errors" do
+        assert @data['errors']
+      end
+    end
+    describe "Non-existing user" do
+      before do
+        xhr :post, :create, {
+          email: -> { Faker::Internet.email },
+          password: -> { Faker::Number.number(10) }
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+      test "request should fail" do
+        assert_equal 401, response.status
+      end
+      test "response should contain errors" do
+        assert @data['errors']
+      end
+    end
+    describe "Alternate user class" do
+      setup do
+        @request.env['devise.mapping'] = Devise.mappings[:mang]
+      end
+      teardown do
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+      end
+      before do
+        @existing_user = mangs(:confirmed_email_user)
+        @existing_user.skip_confirmation!
+        @existing_user.save!
+        xhr :post, :create, {
+          email: @existing_user.email,
+          password: 'secret123'
+        }
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+      test "request should succeed" do
+        assert_equal 200, response.status
+      end
+      test "request should return user data" do
+        assert_equal @existing_user.email, @data['data']['email']
+      end
+    end
+  end
+end

data/test/controllers/overrides/confirmations_controller_test.rb ADDED

@@ -0,0 +1,44 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
+  describe Overrides::ConfirmationsController do
+    before do
+      @redirect_url = Faker::Internet.url
+      @new_user     = evil_users(:unconfirmed_email_user)
+      # generate + send email
+      @new_user.send_confirmation_instructions({
+        redirect_url: @redirect_url
+      })
+      @mail              = ActionMailer::Base.deliveries.last
+      @confirmation_path = @mail.body.match(/localhost([^\"]*)\"/)[1]
+      # visit confirmation link
+      get @confirmation_path
+      # reload user from db
+      @new_user.reload
+    end
+    test "user is confirmed" do
+      assert @new_user.confirmed?
+    end
+    test "user can be authenticated via confirmation link" do
+      # hard coded in override controller
+      override_proof_str = "(^^,)"
+      # ensure present in redirect URL
+      override_proof_param = URI.unescape(response.headers["Location"].match(/override_proof=([^&]*)&/)[1])
+      assert_equal override_proof_str, override_proof_param
+    end
+  end
+end

data/test/controllers/overrides/omniauth_callbacks_controller_test.rb ADDED

@@ -0,0 +1,44 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
+  describe Overrides::OmniauthCallbacksController do
+    setup do
+      OmniAuth.config.test_mode = true
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
+        :provider => 'facebook',
+        :uid => '123545',
+        :info => {
+          name: 'chong',
+          email: 'chongbong@aol.com'
+        }
+      })
+      @favorite_color = "gray"
+      get_via_redirect '/evil_user_auth/facebook', {
+        auth_origin_url: Faker::Internet.url,
+        favorite_color: @favorite_color
+      }
+      @resource = assigns(:resource)
+    end
+    test 'request is successful' do
+      assert_equal 200, response.status
+    end
+    test 'controller was overridden' do
+      assert_equal @resource.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
+    end
+    test 'whitelisted param was allowed' do
+      assert_equal @favorite_color, @resource.favorite_color
+    end
+  end
+end

data/test/controllers/overrides/passwords_controller_test.rb ADDED

@@ -0,0 +1,62 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
+  describe Overrides::PasswordsController do
+    before do
+      @resource = evil_users(:confirmed_email_user)
+      @redirect_url = Faker::Internet.url
+      post "/evil_user_auth/password", {
+        email:        @resource.email,
+        redirect_url: @redirect_url
+      }
+      @mail = ActionMailer::Base.deliveries.last
+      @resource.reload
+      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      get '/evil_user_auth/password/edit', {
+        reset_password_token: @mail_reset_token,
+        redirect_url: @mail_redirect_url
+      }
+      @resource.reload
+      raw_qs = response.location.split('?')[1]
+      @qs = Rack::Utils.parse_nested_query(raw_qs)
+      @client_id      = @qs["client_id"]
+      @expiry         = @qs["expiry"]
+      @reset_password = @qs["reset_password"]
+      @token          = @qs["token"]
+      @uid            = @qs["uid"]
+      @override_proof = @qs["override_proof"]
+    end
+    test 'respones should have success redirect status' do
+      assert_equal 302, response.status
+    end
+    test 'response should contain auth params + override proof' do
+      assert @client_id
+      assert @expiry
+      assert @reset_password
+      assert @token
+      assert @uid
+      assert @override_proof
+    end
+    test 'override proof is correct' do
+      assert_equal @override_proof, Overrides::PasswordsController::OVERRIDE_PROOF
+    end
+  end
+end

data/test/controllers/overrides/registrations_controller_test.rb ADDED

@@ -0,0 +1,40 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  describe Overrides::RegistrationsController do
+    setup do
+      @existing_user  = evil_users(:confirmed_email_user)
+      @auth_headers   = @existing_user.create_new_auth_token
+      @client_id      = @auth_headers['client']
+      @favorite_color = "pink"
+      # ensure request is not treated as batch request
+      age_token(@existing_user, @client_id)
+      # test valid update param
+      @new_operating_thetan = 1000000
+      put '/evil_user_auth', {
+        favorite_color: @favorite_color
+      }, @auth_headers
+      @data = JSON.parse(response.body)
+      @existing_user.reload
+    end
+    test 'user was updated' do
+      assert_equal @favorite_color, @existing_user.favorite_color
+    end
+    test 'controller was overridden' do
+      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF, @data["override_proof"]
+    end
+  end
+end

data/test/controllers/overrides/sessions_controller_test.rb ADDED

@@ -0,0 +1,33 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  describe Overrides::RegistrationsController do
+    before do
+      @existing_user = evil_users(:confirmed_email_user)
+      @existing_user.skip_confirmation!
+      @existing_user.save!
+      post '/evil_user_auth/sign_in', {
+        email: @existing_user.email,
+        password: 'secret123'
+      }
+      @resource = assigns(:resource)
+      @data = JSON.parse(response.body)
+    end
+    test "request should succeed" do
+      assert_equal 200, response.status
+    end
+    test 'controller was overridden' do
+      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF, @data['override_proof']
+    end
+  end
+end