cm-devise_token_auth 0.1.30.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +13 -0
- data/README.md +688 -0
- data/Rakefile +34 -0
- data/app/controllers/devise_token_auth/application_controller.rb +17 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +109 -0
- data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +171 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +155 -0
- data/app/controllers/devise_token_auth/registrations_controller.rb +123 -0
- data/app/controllers/devise_token_auth/sessions_controller.rb +98 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +23 -0
- data/app/models/devise_token_auth/concerns/user.rb +231 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
- data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
- data/app/views/layouts/omniauth_response.html.erb +31 -0
- data/config/initializers/devise.rb +203 -0
- data/config/locales/devise.en.yml +59 -0
- data/config/routes.rb +5 -0
- data/lib/devise_token_auth.rb +7 -0
- data/lib/devise_token_auth/controllers/helpers.rb +129 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
- data/lib/devise_token_auth/engine.rb +25 -0
- data/lib/devise_token_auth/rails/routes.rb +65 -0
- data/lib/devise_token_auth/version.rb +3 -0
- data/lib/generators/devise_token_auth/USAGE +31 -0
- data/lib/generators/devise_token_auth/install_generator.rb +115 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +54 -0
- data/lib/generators/devise_token_auth/templates/user.rb +3 -0
- data/lib/tasks/devise_token_auth_tasks.rake +4 -0
- data/test/controllers/demo_group_controller_test.rb +126 -0
- data/test/controllers/demo_mang_controller_test.rb +263 -0
- data/test/controllers/demo_user_controller_test.rb +262 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +167 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +287 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +458 -0
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +221 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
- data/test/controllers/overrides/passwords_controller_test.rb +62 -0
- data/test/controllers/overrides/registrations_controller_test.rb +40 -0
- data/test/controllers/overrides/sessions_controller_test.rb +33 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/Rakefile +6 -0
- data/test/dummy/app/assets/images/logo.jpg +0 -0
- data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/stylesheets/application.css +15 -0
- data/test/dummy/app/controllers/application_controller.rb +16 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +43 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
- data/test/dummy/app/helpers/application_helper.rb +1065 -0
- data/test/dummy/app/models/evil_user.rb +3 -0
- data/test/dummy/app/models/mang.rb +3 -0
- data/test/dummy/app/models/user.rb +18 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +8 -0
- data/test/dummy/bin/rake +8 -0
- data/test/dummy/bin/spring +18 -0
- data/test/dummy/config.ru +16 -0
- data/test/dummy/config/application.rb +23 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +5 -0
- data/test/dummy/config/database.yml +31 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +44 -0
- data/test/dummy/config/environments/production.rb +82 -0
- data/test/dummy/config/environments/test.rb +40 -0
- data/test/dummy/config/initializers/assets.rb +8 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
- data/test/dummy/config/initializers/figaro.rb +1 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +16 -0
- data/test/dummy/config/initializers/mime_types.rb +4 -0
- data/test/dummy/config/initializers/omniauth.rb +8 -0
- data/test/dummy/config/initializers/session_store.rb +3 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +23 -0
- data/test/dummy/config/routes.rb +30 -0
- data/test/dummy/config/secrets.yml +22 -0
- data/test/dummy/config/spring.rb +1 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
- data/test/dummy/db/schema.rb +114 -0
- data/test/dummy/public/404.html +67 -0
- data/test/dummy/public/422.html +67 -0
- data/test/dummy/public/500.html +66 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/fixtures/evil_users.yml +29 -0
- data/test/fixtures/mangs.yml +29 -0
- data/test/fixtures/users.yml +29 -0
- data/test/integration/navigation_test.rb +10 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +178 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
- data/test/models/user_test.rb +90 -0
- data/test/test_helper.rb +60 -0
- metadata +310 -0
@@ -0,0 +1,221 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
10
|
+
describe DeviseTokenAuth::SessionsController do
|
11
|
+
describe "Confirmed user" do
|
12
|
+
before do
|
13
|
+
@existing_user = users(:confirmed_email_user)
|
14
|
+
@existing_user.skip_confirmation!
|
15
|
+
@existing_user.save!
|
16
|
+
end
|
17
|
+
|
18
|
+
describe 'success' do
|
19
|
+
before do
|
20
|
+
@old_sign_in_count = @existing_user.sign_in_count
|
21
|
+
@old_current_sign_in_at = @existing_user.current_sign_in_at
|
22
|
+
@old_last_sign_in_at = @existing_user.last_sign_in_at
|
23
|
+
@old_sign_in_ip = @existing_user.current_sign_in_ip
|
24
|
+
@old_last_sign_in_ip = @existing_user.last_sign_in_ip
|
25
|
+
|
26
|
+
xhr :post, :create, {
|
27
|
+
email: @existing_user.email,
|
28
|
+
password: 'secret123'
|
29
|
+
}
|
30
|
+
|
31
|
+
@resource = assigns(:resource)
|
32
|
+
@data = JSON.parse(response.body)
|
33
|
+
|
34
|
+
@new_sign_in_count = @resource.sign_in_count
|
35
|
+
@new_current_sign_in_at = @resource.current_sign_in_at
|
36
|
+
@new_last_sign_in_at = @resource.last_sign_in_at
|
37
|
+
@new_sign_in_ip = @resource.current_sign_in_ip
|
38
|
+
@new_last_sign_in_ip = @resource.last_sign_in_ip
|
39
|
+
end
|
40
|
+
|
41
|
+
test "request should succeed" do
|
42
|
+
assert_equal 200, response.status
|
43
|
+
end
|
44
|
+
|
45
|
+
test "request should return user data" do
|
46
|
+
assert_equal @existing_user.email, @data['data']['email']
|
47
|
+
end
|
48
|
+
|
49
|
+
describe 'trackable' do
|
50
|
+
test 'sign_in_count incrementns' do
|
51
|
+
assert_equal @old_sign_in_count + 1, @new_sign_in_count
|
52
|
+
end
|
53
|
+
|
54
|
+
test 'current_sign_in_at is updated' do
|
55
|
+
refute @old_current_sign_in_at
|
56
|
+
assert @new_current_sign_in_at
|
57
|
+
end
|
58
|
+
|
59
|
+
test 'last_sign_in_at is updated' do
|
60
|
+
refute @old_last_sign_in_at
|
61
|
+
assert @new_last_sign_in_at
|
62
|
+
end
|
63
|
+
|
64
|
+
test 'sign_in_ip is updated' do
|
65
|
+
refute @old_sign_in_ip
|
66
|
+
assert_equal "0.0.0.0", @new_sign_in_ip
|
67
|
+
end
|
68
|
+
|
69
|
+
test 'last_sign_in_ip is updated' do
|
70
|
+
refute @old_last_sign_in_ip
|
71
|
+
assert_equal "0.0.0.0", @new_last_sign_in_ip
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
|
77
|
+
describe 'authed user sign out' do
|
78
|
+
before do
|
79
|
+
@auth_headers = @existing_user.create_new_auth_token
|
80
|
+
request.headers.merge!(@auth_headers)
|
81
|
+
xhr :delete, :destroy, format: :json
|
82
|
+
end
|
83
|
+
|
84
|
+
test "user is successfully logged out" do
|
85
|
+
assert_equal 200, response.status
|
86
|
+
end
|
87
|
+
|
88
|
+
test "token was destroyed" do
|
89
|
+
@existing_user.reload
|
90
|
+
refute @existing_user.tokens[@auth_headers["client"]]
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
describe 'unauthed user sign out' do
|
95
|
+
before do
|
96
|
+
@auth_headers = @existing_user.create_new_auth_token
|
97
|
+
xhr :delete, :destroy, format: :json
|
98
|
+
end
|
99
|
+
|
100
|
+
test "unauthed request returns 404" do
|
101
|
+
assert_equal 404, response.status
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
describe 'failure' do
|
106
|
+
before do
|
107
|
+
xhr :post, :create, {
|
108
|
+
email: @existing_user.email,
|
109
|
+
password: 'bogus'
|
110
|
+
}
|
111
|
+
|
112
|
+
@resource = assigns(:resource)
|
113
|
+
@data = JSON.parse(response.body)
|
114
|
+
end
|
115
|
+
|
116
|
+
test "request should fail" do
|
117
|
+
assert_equal 401, response.status
|
118
|
+
end
|
119
|
+
|
120
|
+
test "response should contain errors" do
|
121
|
+
assert @data['errors']
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
describe 'case-insensitive email' do
|
126
|
+
|
127
|
+
before do
|
128
|
+
@resource_class = User
|
129
|
+
@request_params = {
|
130
|
+
email: @existing_user.email.upcase,
|
131
|
+
password: 'secret123'
|
132
|
+
}
|
133
|
+
end
|
134
|
+
|
135
|
+
test "request should succeed if configured" do
|
136
|
+
@resource_class.case_insensitive_keys = [:email]
|
137
|
+
xhr :post, :create, @request_params
|
138
|
+
assert_equal 200, response.status
|
139
|
+
end
|
140
|
+
|
141
|
+
test "request should fail if not configured" do
|
142
|
+
@resource_class.case_insensitive_keys = []
|
143
|
+
xhr :post, :create, @request_params
|
144
|
+
assert_equal 401, response.status
|
145
|
+
end
|
146
|
+
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
describe "Unconfirmed user" do
|
151
|
+
before do
|
152
|
+
@unconfirmed_user = users(:unconfirmed_email_user)
|
153
|
+
xhr :post, :create, {
|
154
|
+
email: @unconfirmed_user.email,
|
155
|
+
password: 'secret123'
|
156
|
+
}
|
157
|
+
@resource = assigns(:resource)
|
158
|
+
@data = JSON.parse(response.body)
|
159
|
+
end
|
160
|
+
|
161
|
+
test "request should fail" do
|
162
|
+
assert_equal 401, response.status
|
163
|
+
end
|
164
|
+
|
165
|
+
test "response should contain errors" do
|
166
|
+
assert @data['errors']
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
describe "Non-existing user" do
|
171
|
+
before do
|
172
|
+
xhr :post, :create, {
|
173
|
+
email: -> { Faker::Internet.email },
|
174
|
+
password: -> { Faker::Number.number(10) }
|
175
|
+
}
|
176
|
+
@resource = assigns(:resource)
|
177
|
+
@data = JSON.parse(response.body)
|
178
|
+
end
|
179
|
+
|
180
|
+
test "request should fail" do
|
181
|
+
assert_equal 401, response.status
|
182
|
+
end
|
183
|
+
|
184
|
+
test "response should contain errors" do
|
185
|
+
assert @data['errors']
|
186
|
+
end
|
187
|
+
end
|
188
|
+
|
189
|
+
describe "Alternate user class" do
|
190
|
+
setup do
|
191
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
192
|
+
end
|
193
|
+
|
194
|
+
teardown do
|
195
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
196
|
+
end
|
197
|
+
|
198
|
+
before do
|
199
|
+
@existing_user = mangs(:confirmed_email_user)
|
200
|
+
@existing_user.skip_confirmation!
|
201
|
+
@existing_user.save!
|
202
|
+
|
203
|
+
xhr :post, :create, {
|
204
|
+
email: @existing_user.email,
|
205
|
+
password: 'secret123'
|
206
|
+
}
|
207
|
+
|
208
|
+
@resource = assigns(:resource)
|
209
|
+
@data = JSON.parse(response.body)
|
210
|
+
end
|
211
|
+
|
212
|
+
test "request should succeed" do
|
213
|
+
assert_equal 200, response.status
|
214
|
+
end
|
215
|
+
|
216
|
+
test "request should return user data" do
|
217
|
+
assert_equal @existing_user.email, @data['data']['email']
|
218
|
+
end
|
219
|
+
end
|
220
|
+
end
|
221
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe Overrides::ConfirmationsController do
|
11
|
+
before do
|
12
|
+
@redirect_url = Faker::Internet.url
|
13
|
+
@new_user = evil_users(:unconfirmed_email_user)
|
14
|
+
|
15
|
+
# generate + send email
|
16
|
+
@new_user.send_confirmation_instructions({
|
17
|
+
redirect_url: @redirect_url
|
18
|
+
})
|
19
|
+
|
20
|
+
@mail = ActionMailer::Base.deliveries.last
|
21
|
+
@confirmation_path = @mail.body.match(/localhost([^\"]*)\"/)[1]
|
22
|
+
|
23
|
+
# visit confirmation link
|
24
|
+
get @confirmation_path
|
25
|
+
|
26
|
+
# reload user from db
|
27
|
+
@new_user.reload
|
28
|
+
end
|
29
|
+
|
30
|
+
test "user is confirmed" do
|
31
|
+
assert @new_user.confirmed?
|
32
|
+
end
|
33
|
+
|
34
|
+
test "user can be authenticated via confirmation link" do
|
35
|
+
# hard coded in override controller
|
36
|
+
override_proof_str = "(^^,)"
|
37
|
+
|
38
|
+
# ensure present in redirect URL
|
39
|
+
override_proof_param = URI.unescape(response.headers["Location"].match(/override_proof=([^&]*)&/)[1])
|
40
|
+
|
41
|
+
assert_equal override_proof_str, override_proof_param
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe Overrides::OmniauthCallbacksController do
|
11
|
+
setup do
|
12
|
+
OmniAuth.config.test_mode = true
|
13
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
|
14
|
+
:provider => 'facebook',
|
15
|
+
:uid => '123545',
|
16
|
+
:info => {
|
17
|
+
name: 'chong',
|
18
|
+
email: 'chongbong@aol.com'
|
19
|
+
}
|
20
|
+
})
|
21
|
+
|
22
|
+
@favorite_color = "gray"
|
23
|
+
|
24
|
+
get_via_redirect '/evil_user_auth/facebook', {
|
25
|
+
auth_origin_url: Faker::Internet.url,
|
26
|
+
favorite_color: @favorite_color
|
27
|
+
}
|
28
|
+
|
29
|
+
@resource = assigns(:resource)
|
30
|
+
end
|
31
|
+
|
32
|
+
test 'request is successful' do
|
33
|
+
assert_equal 200, response.status
|
34
|
+
end
|
35
|
+
|
36
|
+
test 'controller was overridden' do
|
37
|
+
assert_equal @resource.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
|
38
|
+
end
|
39
|
+
|
40
|
+
test 'whitelisted param was allowed' do
|
41
|
+
assert_equal @favorite_color, @resource.favorite_color
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe Overrides::PasswordsController do
|
11
|
+
before do
|
12
|
+
@resource = evil_users(:confirmed_email_user)
|
13
|
+
@redirect_url = Faker::Internet.url
|
14
|
+
|
15
|
+
post "/evil_user_auth/password", {
|
16
|
+
email: @resource.email,
|
17
|
+
redirect_url: @redirect_url
|
18
|
+
}
|
19
|
+
|
20
|
+
@mail = ActionMailer::Base.deliveries.last
|
21
|
+
@resource.reload
|
22
|
+
|
23
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
24
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
25
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
26
|
+
|
27
|
+
get '/evil_user_auth/password/edit', {
|
28
|
+
reset_password_token: @mail_reset_token,
|
29
|
+
redirect_url: @mail_redirect_url
|
30
|
+
}
|
31
|
+
|
32
|
+
@resource.reload
|
33
|
+
|
34
|
+
raw_qs = response.location.split('?')[1]
|
35
|
+
@qs = Rack::Utils.parse_nested_query(raw_qs)
|
36
|
+
|
37
|
+
@client_id = @qs["client_id"]
|
38
|
+
@expiry = @qs["expiry"]
|
39
|
+
@reset_password = @qs["reset_password"]
|
40
|
+
@token = @qs["token"]
|
41
|
+
@uid = @qs["uid"]
|
42
|
+
@override_proof = @qs["override_proof"]
|
43
|
+
end
|
44
|
+
|
45
|
+
test 'respones should have success redirect status' do
|
46
|
+
assert_equal 302, response.status
|
47
|
+
end
|
48
|
+
|
49
|
+
test 'response should contain auth params + override proof' do
|
50
|
+
assert @client_id
|
51
|
+
assert @expiry
|
52
|
+
assert @reset_password
|
53
|
+
assert @token
|
54
|
+
assert @uid
|
55
|
+
assert @override_proof
|
56
|
+
end
|
57
|
+
|
58
|
+
test 'override proof is correct' do
|
59
|
+
assert_equal @override_proof, Overrides::PasswordsController::OVERRIDE_PROOF
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe Overrides::RegistrationsController do
|
11
|
+
setup do
|
12
|
+
@existing_user = evil_users(:confirmed_email_user)
|
13
|
+
@auth_headers = @existing_user.create_new_auth_token
|
14
|
+
@client_id = @auth_headers['client']
|
15
|
+
@favorite_color = "pink"
|
16
|
+
|
17
|
+
|
18
|
+
# ensure request is not treated as batch request
|
19
|
+
age_token(@existing_user, @client_id)
|
20
|
+
|
21
|
+
# test valid update param
|
22
|
+
@new_operating_thetan = 1000000
|
23
|
+
|
24
|
+
put '/evil_user_auth', {
|
25
|
+
favorite_color: @favorite_color
|
26
|
+
}, @auth_headers
|
27
|
+
|
28
|
+
@data = JSON.parse(response.body)
|
29
|
+
@existing_user.reload
|
30
|
+
end
|
31
|
+
|
32
|
+
test 'user was updated' do
|
33
|
+
assert_equal @favorite_color, @existing_user.favorite_color
|
34
|
+
end
|
35
|
+
|
36
|
+
test 'controller was overridden' do
|
37
|
+
assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF, @data["override_proof"]
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe Overrides::RegistrationsController do
|
11
|
+
before do
|
12
|
+
@existing_user = evil_users(:confirmed_email_user)
|
13
|
+
@existing_user.skip_confirmation!
|
14
|
+
@existing_user.save!
|
15
|
+
|
16
|
+
post '/evil_user_auth/sign_in', {
|
17
|
+
email: @existing_user.email,
|
18
|
+
password: 'secret123'
|
19
|
+
}
|
20
|
+
|
21
|
+
@resource = assigns(:resource)
|
22
|
+
@data = JSON.parse(response.body)
|
23
|
+
end
|
24
|
+
|
25
|
+
test "request should succeed" do
|
26
|
+
assert_equal 200, response.status
|
27
|
+
end
|
28
|
+
|
29
|
+
test 'controller was overridden' do
|
30
|
+
assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF, @data['override_proof']
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|