dcu-devise 1.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (139) hide show
  1. data/CHANGELOG.rdoc +378 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.rdoc +260 -0
  4. data/Rakefile +53 -0
  5. data/TODO +2 -0
  6. data/app/controllers/confirmations_controller.rb +33 -0
  7. data/app/controllers/passwords_controller.rb +41 -0
  8. data/app/controllers/registrations_controller.rb +53 -0
  9. data/app/controllers/sessions_controller.rb +44 -0
  10. data/app/controllers/unlocks_controller.rb +41 -0
  11. data/app/models/devise_mailer.rb +68 -0
  12. data/app/views/confirmations/new.html.erb +12 -0
  13. data/app/views/devise_mailer/confirmation_instructions.html.erb +5 -0
  14. data/app/views/devise_mailer/reset_password_instructions.html.erb +8 -0
  15. data/app/views/devise_mailer/unlock_instructions.html.erb +7 -0
  16. data/app/views/passwords/edit.html.erb +16 -0
  17. data/app/views/passwords/new.html.erb +12 -0
  18. data/app/views/registrations/edit.html.erb +25 -0
  19. data/app/views/registrations/new.html.erb +17 -0
  20. data/app/views/sessions/new.html.erb +17 -0
  21. data/app/views/shared/_devise_links.erb +19 -0
  22. data/app/views/unlocks/new.html.erb +12 -0
  23. data/generators/devise/USAGE +5 -0
  24. data/generators/devise/devise_generator.rb +15 -0
  25. data/generators/devise/lib/route_devise.rb +32 -0
  26. data/generators/devise/templates/migration.rb +23 -0
  27. data/generators/devise/templates/model.rb +9 -0
  28. data/generators/devise_install/USAGE +3 -0
  29. data/generators/devise_install/devise_install_generator.rb +15 -0
  30. data/generators/devise_install/templates/README +23 -0
  31. data/generators/devise_install/templates/devise.rb +105 -0
  32. data/generators/devise_views/USAGE +3 -0
  33. data/generators/devise_views/devise_views_generator.rb +21 -0
  34. data/lib/devise.rb +264 -0
  35. data/lib/devise/controllers/helpers.rb +200 -0
  36. data/lib/devise/controllers/internal_helpers.rb +129 -0
  37. data/lib/devise/controllers/url_helpers.rb +41 -0
  38. data/lib/devise/encryptors/authlogic_sha512.rb +21 -0
  39. data/lib/devise/encryptors/base.rb +20 -0
  40. data/lib/devise/encryptors/bcrypt.rb +21 -0
  41. data/lib/devise/encryptors/clearance_sha1.rb +19 -0
  42. data/lib/devise/encryptors/restful_authentication_sha1.rb +22 -0
  43. data/lib/devise/encryptors/sha1.rb +27 -0
  44. data/lib/devise/encryptors/sha512.rb +27 -0
  45. data/lib/devise/failure_app.rb +65 -0
  46. data/lib/devise/hooks/activatable.rb +15 -0
  47. data/lib/devise/hooks/rememberable.rb +32 -0
  48. data/lib/devise/hooks/timeoutable.rb +18 -0
  49. data/lib/devise/hooks/trackable.rb +18 -0
  50. data/lib/devise/locales/en.yml +35 -0
  51. data/lib/devise/mapping.rb +128 -0
  52. data/lib/devise/models.rb +117 -0
  53. data/lib/devise/models/activatable.rb +16 -0
  54. data/lib/devise/models/confirmable.rb +162 -0
  55. data/lib/devise/models/database_authenticatable.rb +144 -0
  56. data/lib/devise/models/http_authenticatable.rb +21 -0
  57. data/lib/devise/models/lockable.rb +150 -0
  58. data/lib/devise/models/recoverable.rb +80 -0
  59. data/lib/devise/models/registerable.rb +8 -0
  60. data/lib/devise/models/rememberable.rb +92 -0
  61. data/lib/devise/models/timeoutable.rb +28 -0
  62. data/lib/devise/models/token_authenticatable.rb +89 -0
  63. data/lib/devise/models/trackable.rb +16 -0
  64. data/lib/devise/models/validatable.rb +39 -0
  65. data/lib/devise/orm/active_record.rb +41 -0
  66. data/lib/devise/orm/data_mapper.rb +83 -0
  67. data/lib/devise/orm/mongo_mapper.rb +47 -0
  68. data/lib/devise/rails.rb +14 -0
  69. data/lib/devise/rails/routes.rb +125 -0
  70. data/lib/devise/rails/warden_compat.rb +25 -0
  71. data/lib/devise/schema.rb +73 -0
  72. data/lib/devise/strategies/base.rb +16 -0
  73. data/lib/devise/strategies/database_authenticatable.rb +36 -0
  74. data/lib/devise/strategies/http_authenticatable.rb +59 -0
  75. data/lib/devise/strategies/rememberable.rb +37 -0
  76. data/lib/devise/strategies/token_authenticatable.rb +37 -0
  77. data/lib/devise/test_helpers.rb +90 -0
  78. data/lib/devise/version.rb +3 -0
  79. data/rails/init.rb +2 -0
  80. data/test/controllers/helpers_test.rb +177 -0
  81. data/test/controllers/internal_helpers_test.rb +55 -0
  82. data/test/controllers/url_helpers_test.rb +47 -0
  83. data/test/devise_test.rb +74 -0
  84. data/test/encryptors_test.rb +31 -0
  85. data/test/failure_app_test.rb +44 -0
  86. data/test/integration/authenticatable_test.rb +271 -0
  87. data/test/integration/confirmable_test.rb +97 -0
  88. data/test/integration/http_authenticatable_test.rb +52 -0
  89. data/test/integration/lockable_test.rb +102 -0
  90. data/test/integration/rack_middleware_test.rb +47 -0
  91. data/test/integration/recoverable_test.rb +141 -0
  92. data/test/integration/registerable_test.rb +144 -0
  93. data/test/integration/rememberable_test.rb +71 -0
  94. data/test/integration/timeoutable_test.rb +68 -0
  95. data/test/integration/token_authenticatable_test.rb +55 -0
  96. data/test/integration/trackable_test.rb +64 -0
  97. data/test/mailers/confirmation_instructions_test.rb +86 -0
  98. data/test/mailers/reset_password_instructions_test.rb +68 -0
  99. data/test/mailers/unlock_instructions_test.rb +62 -0
  100. data/test/mapping_test.rb +148 -0
  101. data/test/models/authenticatable_test.rb +180 -0
  102. data/test/models/confirmable_test.rb +212 -0
  103. data/test/models/lockable_test.rb +202 -0
  104. data/test/models/recoverable_test.rb +138 -0
  105. data/test/models/rememberable_test.rb +135 -0
  106. data/test/models/timeoutable_test.rb +28 -0
  107. data/test/models/token_authenticatable_test.rb +51 -0
  108. data/test/models/trackable_test.rb +5 -0
  109. data/test/models/validatable_test.rb +106 -0
  110. data/test/models_test.rb +70 -0
  111. data/test/orm/active_record.rb +31 -0
  112. data/test/orm/mongo_mapper.rb +20 -0
  113. data/test/rails_app/app/active_record/admin.rb +7 -0
  114. data/test/rails_app/app/active_record/user.rb +7 -0
  115. data/test/rails_app/app/controllers/admins_controller.rb +6 -0
  116. data/test/rails_app/app/controllers/application_controller.rb +12 -0
  117. data/test/rails_app/app/controllers/home_controller.rb +4 -0
  118. data/test/rails_app/app/controllers/users_controller.rb +16 -0
  119. data/test/rails_app/app/helpers/application_helper.rb +3 -0
  120. data/test/rails_app/app/mongo_mapper/admin.rb +13 -0
  121. data/test/rails_app/app/mongo_mapper/user.rb +14 -0
  122. data/test/rails_app/config/boot.rb +110 -0
  123. data/test/rails_app/config/environment.rb +42 -0
  124. data/test/rails_app/config/environments/development.rb +17 -0
  125. data/test/rails_app/config/environments/production.rb +28 -0
  126. data/test/rails_app/config/environments/test.rb +28 -0
  127. data/test/rails_app/config/initializers/devise.rb +82 -0
  128. data/test/rails_app/config/initializers/inflections.rb +2 -0
  129. data/test/rails_app/config/initializers/new_rails_defaults.rb +24 -0
  130. data/test/rails_app/config/initializers/session_store.rb +15 -0
  131. data/test/rails_app/config/routes.rb +21 -0
  132. data/test/routes_test.rb +110 -0
  133. data/test/support/assertions_helper.rb +37 -0
  134. data/test/support/integration_tests_helper.rb +71 -0
  135. data/test/support/test_silencer.rb +5 -0
  136. data/test/support/tests_helper.rb +39 -0
  137. data/test/test_helper.rb +21 -0
  138. data/test/test_helpers_test.rb +57 -0
  139. metadata +213 -0
@@ -0,0 +1,31 @@
1
+ gem 'bcrypt-ruby'
2
+
3
+ class Encryptors < ActiveSupport::TestCase
4
+
5
+ test 'should match a password created by authlogic' do
6
+ authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
7
+ encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')
8
+ assert_equal authlogic, encryptor
9
+ end
10
+
11
+ test 'should match a password created by restful_authentication' do
12
+ restful_authentication = "93110f71309ce91366375ea44e2a6f5cc73fa8d4"
13
+ encryptor = Devise::Encryptors::RestfulAuthenticationSha1.digest('123mudar', 10, '48901d2b247a54088acb7f8ea3e695e50fe6791b', 'fee9a51ec0a28d11be380ca6dee6b4b760c1a3bf')
14
+ assert_equal restful_authentication, encryptor
15
+ end
16
+
17
+ test 'should match a password created by clearance' do
18
+ clearance = "0f40bbae18ddefd7066276c3ef209d40729b0378"
19
+ encryptor = Devise::Encryptors::ClearanceSha1.digest('123mudar', nil, '65c58472c207c829f28c68619d3e3aefed18ab3f', nil)
20
+ assert_equal clearance, encryptor
21
+ end
22
+
23
+ Devise::ENCRYPTORS_LENGTH.each do |key, value|
24
+ test "should have length #{value} for #{key.inspect}" do
25
+ swap Devise, :encryptor => key do
26
+ encryptor = Devise::Encryptors.const_get(key.to_s.classify)
27
+ assert_equal value, encryptor.digest('a', 4, encryptor.salt, nil).size
28
+ end
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,44 @@
1
+ require 'test/test_helper'
2
+ require 'ostruct'
3
+
4
+ class FailureTest < ActiveSupport::TestCase
5
+
6
+ def call_failure(env_params={})
7
+ env = {'warden.options' => { :scope => :user }}.merge!(env_params)
8
+ Devise::FailureApp.call(env)
9
+ end
10
+
11
+ test 'return 302 status' do
12
+ assert_equal 302, call_failure.first
13
+ end
14
+
15
+ test 'return to the default redirect location' do
16
+ assert_equal '/users/sign_in?unauthenticated=true', call_failure.second['Location']
17
+ end
18
+
19
+ test 'uses the proxy failure message' do
20
+ warden = OpenStruct.new(:message => :test)
21
+ location = call_failure('warden' => warden).second['Location']
22
+ assert_equal '/users/sign_in?test=true', location
23
+ end
24
+
25
+ test 'uses the given message' do
26
+ warden = OpenStruct.new(:message => 'Hello world')
27
+ location = call_failure('warden' => warden).second['Location']
28
+ assert_equal '/users/sign_in?message=Hello+world', location
29
+ end
30
+
31
+ test 'setup default url' do
32
+ Devise::FailureApp.default_url = 'test/sign_in'
33
+ location = call_failure('warden.options' => { :scope => nil }).second['Location']
34
+ assert_equal '/test/sign_in?unauthenticated=true', location
35
+ end
36
+
37
+ test 'set content type to default text/plain' do
38
+ assert_equal 'text/plain', call_failure.second['Content-Type']
39
+ end
40
+
41
+ test 'setup a default message' do
42
+ assert_equal ['You are being redirected to /users/sign_in?unauthenticated=true'], call_failure.last
43
+ end
44
+ end
@@ -0,0 +1,271 @@
1
+ require 'test/test_helper'
2
+
3
+ class AuthenticationSanityTest < ActionController::IntegrationTest
4
+ test 'home should be accessible without sign in' do
5
+ visit '/'
6
+ assert_response :success
7
+ assert_template 'home/index'
8
+ end
9
+
10
+ test 'sign in as user should not authenticate admin scope' do
11
+ sign_in_as_user
12
+
13
+ assert warden.authenticated?(:user)
14
+ assert_not warden.authenticated?(:admin)
15
+ end
16
+
17
+ test 'sign in as admin should not authenticate user scope' do
18
+ sign_in_as_admin
19
+
20
+ assert warden.authenticated?(:admin)
21
+ assert_not warden.authenticated?(:user)
22
+ end
23
+
24
+ test 'sign in as both user and admin at same time' do
25
+ sign_in_as_user
26
+ sign_in_as_admin
27
+
28
+ assert warden.authenticated?(:user)
29
+ assert warden.authenticated?(:admin)
30
+ end
31
+
32
+ test 'sign out as user should not touch admin authentication' do
33
+ sign_in_as_user
34
+ sign_in_as_admin
35
+
36
+ get destroy_user_session_path
37
+ assert_not warden.authenticated?(:user)
38
+ assert warden.authenticated?(:admin)
39
+ end
40
+
41
+ test 'sign out as admin should not touch user authentication' do
42
+ sign_in_as_user
43
+ sign_in_as_admin
44
+
45
+ get destroy_admin_session_path
46
+ assert_not warden.authenticated?(:admin)
47
+ assert warden.authenticated?(:user)
48
+ end
49
+
50
+ test 'not signed in as admin should not be able to access admins actions' do
51
+ get admins_path
52
+
53
+ assert_redirected_to new_admin_session_path(:unauthenticated => true)
54
+ assert_not warden.authenticated?(:admin)
55
+ end
56
+
57
+ test 'signed in as user should not be able to access admins actions' do
58
+ sign_in_as_user
59
+ assert warden.authenticated?(:user)
60
+ assert_not warden.authenticated?(:admin)
61
+
62
+ get admins_path
63
+ assert_redirected_to new_admin_session_path(:unauthenticated => true)
64
+ end
65
+
66
+ test 'signed in as admin should be able to access admin actions' do
67
+ sign_in_as_admin
68
+ assert warden.authenticated?(:admin)
69
+ assert_not warden.authenticated?(:user)
70
+
71
+ get admins_path
72
+
73
+ assert_response :success
74
+ assert_template 'admins/index'
75
+ assert_contain 'Welcome Admin'
76
+ end
77
+
78
+ test 'authenticated admin should not be able to sign as admin again' do
79
+ sign_in_as_admin
80
+ get new_admin_session_path
81
+
82
+ assert_response :redirect
83
+ assert_redirected_to admin_root_path
84
+ assert warden.authenticated?(:admin)
85
+ end
86
+
87
+ test 'authenticated admin should be able to sign out' do
88
+ sign_in_as_admin
89
+ assert warden.authenticated?(:admin)
90
+
91
+ get destroy_admin_session_path
92
+ assert_response :redirect
93
+ assert_redirected_to root_path
94
+
95
+ get root_path
96
+ assert_contain 'Signed out successfully'
97
+ assert_not warden.authenticated?(:admin)
98
+ end
99
+
100
+ test 'unauthenticated admin does not set message on sign out' do
101
+ get destroy_admin_session_path
102
+ assert_response :redirect
103
+ assert_redirected_to root_path
104
+
105
+ get root_path
106
+ assert_not_contain 'Signed out successfully'
107
+ end
108
+ end
109
+
110
+ class AuthenticationTest < ActionController::IntegrationTest
111
+ test 'sign in should not authenticate if not using proper authentication keys' do
112
+ swap Devise, :authentication_keys => [:username] do
113
+ sign_in_as_user
114
+ assert_not warden.authenticated?(:user)
115
+ end
116
+ end
117
+
118
+ test 'sign in with invalid email should return to sign in form with error message' do
119
+ sign_in_as_admin do
120
+ fill_in 'email', :with => 'wrongemail@test.com'
121
+ end
122
+
123
+ assert_contain 'Invalid email or password'
124
+ assert_not warden.authenticated?(:admin)
125
+ end
126
+
127
+ test 'sign in with invalid pasword should return to sign in form with error message' do
128
+ sign_in_as_admin do
129
+ fill_in 'password', :with => 'abcdef'
130
+ end
131
+
132
+ assert_contain 'Invalid email or password'
133
+ assert_not warden.authenticated?(:admin)
134
+ end
135
+
136
+ test 'error message is configurable by resource name' do
137
+ store_translations :en, :devise => {
138
+ :sessions => { :admin => { :invalid => "Invalid credentials" } }
139
+ } do
140
+ sign_in_as_admin do
141
+ fill_in 'password', :with => 'abcdef'
142
+ end
143
+
144
+ assert_contain 'Invalid credentials'
145
+ end
146
+ end
147
+
148
+ test 'redirect from warden shows sign in or sign up message' do
149
+ get admins_path
150
+
151
+ warden_path = new_admin_session_path(:unauthenticated => true)
152
+ assert_redirected_to warden_path
153
+
154
+ get warden_path
155
+ assert_contain 'You need to sign in or sign up before continuing.'
156
+ end
157
+
158
+ test 'redirect to default url if no other was configured' do
159
+ sign_in_as_user
160
+
161
+ assert_template 'home/index'
162
+ assert_nil session[:"user.return_to"]
163
+ end
164
+
165
+ test 'redirect to requested url after sign in' do
166
+ get users_path
167
+ assert_redirected_to new_user_session_path(:unauthenticated => true)
168
+ assert_equal users_path, session[:"user.return_to"]
169
+
170
+ follow_redirect!
171
+ sign_in_as_user :visit => false
172
+
173
+ assert_template 'users/index'
174
+ assert_nil session[:"user.return_to"]
175
+ end
176
+
177
+ test 'redirect to last requested url overwriting the stored return_to option' do
178
+ get expire_user_path(create_user)
179
+ assert_redirected_to new_user_session_path(:unauthenticated => true)
180
+ assert_equal expire_user_path(create_user), session[:"user.return_to"]
181
+
182
+ get users_path
183
+ assert_redirected_to new_user_session_path(:unauthenticated => true)
184
+ assert_equal users_path, session[:"user.return_to"]
185
+
186
+ follow_redirect!
187
+ sign_in_as_user :visit => false
188
+
189
+ assert_template 'users/index'
190
+ assert_nil session[:"user.return_to"]
191
+ end
192
+
193
+ test 'redirect to configured home path for a given scope after sign in' do
194
+ sign_in_as_admin
195
+ assert_equal "/admin_area/home", @request.path
196
+ end
197
+
198
+ test 'destroyed account is signed out' do
199
+ sign_in_as_user
200
+ visit 'users/index'
201
+
202
+ User.destroy_all
203
+ visit 'users/index'
204
+ assert_redirected_to '/users/sign_in?unauthenticated=true'
205
+ end
206
+
207
+ test 'allows session to be set by a given scope' do
208
+ sign_in_as_user
209
+ visit 'users/index'
210
+ assert_equal "Cart", @controller.user_session[:cart]
211
+ end
212
+
213
+ test 'renders the scoped view if turned on and view is available' do
214
+ swap Devise, :scoped_views => true do
215
+ assert_raise Webrat::NotFoundError do
216
+ sign_in_as_user
217
+ end
218
+ assert_match /Special user view/, response.body
219
+ end
220
+ end
221
+
222
+ test 'renders the scoped view if turned on in an specific controller' do
223
+ begin
224
+ SessionsController.scoped_views = true
225
+ assert_raise Webrat::NotFoundError do
226
+ sign_in_as_user
227
+ end
228
+
229
+ assert_match /Special user view/, response.body
230
+ assert !PasswordsController.scoped_views
231
+ ensure
232
+ SessionsController.send :remove_instance_variable, :@scoped_views
233
+ end
234
+ end
235
+
236
+ test 'does not render the scoped view if turned off' do
237
+ swap Devise, :scoped_views => false do
238
+ assert_nothing_raised do
239
+ sign_in_as_user
240
+ end
241
+ end
242
+ end
243
+
244
+ test 'does not render the scoped view if not available' do
245
+ swap Devise, :scoped_views => true do
246
+ assert_nothing_raised do
247
+ sign_in_as_admin
248
+ end
249
+ end
250
+ end
251
+
252
+ test 'render 404 on roles without permission' do
253
+ get 'admin_area/password/new'
254
+ assert_response :not_found
255
+ assert_not_contain 'Send me reset password instructions'
256
+ end
257
+
258
+ test 'render 404 on roles without mapping' do
259
+ get 'sign_in'
260
+ assert_response :not_found
261
+ assert_not_contain 'Sign in'
262
+ end
263
+
264
+ test 'uses the mapping from the default scope if specified' do
265
+ swap Devise, :use_default_scope => true do
266
+ get 'sign_in'
267
+ assert_response :ok
268
+ assert_contain 'Sign in'
269
+ end
270
+ end
271
+ end
@@ -0,0 +1,97 @@
1
+ require 'test/test_helper'
2
+
3
+ class ConfirmationTest < ActionController::IntegrationTest
4
+
5
+ def visit_user_confirmation_with_token(confirmation_token)
6
+ visit user_confirmation_path(:confirmation_token => confirmation_token)
7
+ end
8
+
9
+ test 'user should be able to request a new confirmation' do
10
+ user = create_user(:confirm => false)
11
+ ActionMailer::Base.deliveries.clear
12
+
13
+ visit new_user_session_path
14
+ click_link 'Didn\'t receive confirmation instructions?'
15
+
16
+ fill_in 'email', :with => user.email
17
+ click_button 'Resend confirmation instructions'
18
+
19
+ assert_template 'sessions/new'
20
+ assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
21
+ assert_equal 1, ActionMailer::Base.deliveries.size
22
+ end
23
+
24
+ test 'user with invalid confirmation token should not be able to confirm an account' do
25
+ visit_user_confirmation_with_token('invalid_confirmation')
26
+
27
+ assert_response :success
28
+ assert_template 'confirmations/new'
29
+ assert_have_selector '#errorExplanation'
30
+ assert_contain /Confirmation token(.*)invalid/
31
+ end
32
+
33
+ test 'user with valid confirmation token should be able to confirm an account' do
34
+ user = create_user(:confirm => false)
35
+ assert_not user.confirmed?
36
+
37
+ visit_user_confirmation_with_token(user.confirmation_token)
38
+
39
+ assert_template 'home/index'
40
+ assert_contain 'Your account was successfully confirmed.'
41
+
42
+ assert user.reload.confirmed?
43
+ end
44
+
45
+ test 'user already confirmed user should not be able to confirm the account again' do
46
+ user = create_user(:confirm => false)
47
+ user.confirmed_at = Time.now
48
+ user.save
49
+ visit_user_confirmation_with_token(user.confirmation_token)
50
+
51
+ assert_template 'confirmations/new'
52
+ assert_have_selector '#errorExplanation'
53
+ assert_contain 'already confirmed'
54
+ end
55
+
56
+ test 'sign in user automatically after confirming it\'s email' do
57
+ user = create_user(:confirm => false)
58
+ visit_user_confirmation_with_token(user.confirmation_token)
59
+
60
+ assert warden.authenticated?(:user)
61
+ end
62
+
63
+ test 'increases sign count when signed in through confirmation' do
64
+ user = create_user(:confirm => false)
65
+ visit_user_confirmation_with_token(user.confirmation_token)
66
+
67
+ user.reload
68
+ assert_equal 1, user.sign_in_count
69
+ end
70
+
71
+ test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
72
+ swap Devise, :confirm_within => 0.days do
73
+ sign_in_as_user(:confirm => false)
74
+
75
+ assert_contain 'You have to confirm your account before continuing'
76
+ assert_not warden.authenticated?(:user)
77
+ end
78
+ end
79
+
80
+ test 'not confirmed user but configured with some days to confirm should be able to sign in' do
81
+ swap Devise, :confirm_within => 1.day do
82
+ sign_in_as_user(:confirm => false)
83
+
84
+ assert_response :success
85
+ assert warden.authenticated?(:user)
86
+ end
87
+ end
88
+
89
+ test 'error message is configurable by resource name' do
90
+ store_translations :en, :devise => {
91
+ :sessions => { :admin => { :unconfirmed => "Not confirmed user" } }
92
+ } do
93
+ get new_admin_session_path(:unconfirmed => true)
94
+ assert_contain 'Not confirmed user'
95
+ end
96
+ end
97
+ end
@@ -0,0 +1,52 @@
1
+ require 'test/test_helper'
2
+
3
+ class HttpAuthenticationTest < ActionController::IntegrationTest
4
+
5
+ test 'sign in should authenticate with http' do
6
+ sign_in_as_new_user_with_http
7
+ assert_response :success
8
+ assert_template 'users/index'
9
+ assert_contain 'Welcome'
10
+ assert warden.authenticated?(:user)
11
+ end
12
+
13
+ test 'returns a custom response with www-authenticate header on failures' do
14
+ sign_in_as_new_user_with_http("unknown")
15
+ assert_equal 401, status
16
+ assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
17
+ end
18
+
19
+ test 'uses the request format as response content type' do
20
+ sign_in_as_new_user_with_http("unknown", "123456", :xml)
21
+ assert_equal 401, status
22
+ assert_equal "application/xml", headers["Content-Type"]
23
+ # Cannot assert this due to a bug between integration tests and rack on 2.3
24
+ # assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
25
+ end
26
+
27
+ test 'returns a custom response with www-authenticate and chosen realm' do
28
+ swap Devise, :http_authentication_realm => "MyApp" do
29
+ sign_in_as_new_user_with_http("unknown")
30
+ assert_equal 401, status
31
+ assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
32
+ end
33
+ end
34
+
35
+ test 'sign in should authenticate with http even with specific authentication keys' do
36
+ swap Devise, :authentication_keys => [:username] do
37
+ sign_in_as_new_user_with_http "usertest"
38
+ assert_response :success
39
+ assert_template 'users/index'
40
+ assert_contain 'Welcome'
41
+ assert warden.authenticated?(:user)
42
+ end
43
+ end
44
+
45
+ private
46
+
47
+ def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
48
+ user = create_user
49
+ get users_path(:format => format), {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
50
+ user
51
+ end
52
+ end