devise-edge 1.2.rc

data/test/controllers/internal_helpers_test.rb

@@ -0,0 +1,56 @@
+require 'test_helper'
+
+class MyController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+end
+
+class HelpersTest < ActionController::TestCase
+  tests MyController
+
+  def setup
+    @mock_warden = OpenStruct.new
+    @controller.request.env['warden'] = @mock_warden
+    @controller.request.env['devise.mapping'] = Devise.mappings[:user]
+  end
+
+  test 'get resource name from env' do
+    assert_equal :user, @controller.resource_name
+  end
+
+  test 'get resource class from env' do
+    assert_equal User, @controller.resource_class
+  end
+
+  test 'get resource instance variable from env' do
+    @controller.instance_variable_set(:@user, user = User.new)
+    assert_equal user, @controller.resource
+  end
+
+  test 'set resource instance variable from env' do
+    user = @controller.send(:resource_class).new
+    @controller.send(:resource=, user)
+
+    assert_equal user, @controller.send(:resource)
+    assert_equal user, @controller.instance_variable_get(:@user)
+  end
+
+  test 'resources methods are not controller actions' do
+    assert @controller.class.action_methods.empty?
+  end
+
+  test 'require no authentication tests current mapping' do
+    @mock_warden.expects(:authenticated?).with(:user).returns(true)
+    @mock_warden.expects(:user).with(:user).returns(User.new)
+    @controller.expects(:redirect_to).with(root_path)
+    @controller.send :require_no_authentication
+  end
+
+  test 'signed in resource returns signed in resource for current scope' do
+    @mock_warden.expects(:authenticate).with(:scope => :user).returns(User.new)
+    assert_kind_of User, @controller.signed_in_resource
+  end
+  
+  test 'is a devise controller' do
+    assert @controller.devise_controller?
+  end
+end

data/test/controllers/url_helpers_test.rb

@@ -0,0 +1,59 @@
+require 'test_helper'
+
+class RoutesTest < ActionController::TestCase
+  tests ApplicationController
+
+  def assert_path_and_url(name, prepend_path=nil)
+    @request.path = '/users/session'
+    prepend_path = "#{prepend_path}_" if prepend_path
+
+    # Resource param
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user),
+                 send(:"#{prepend_path}user_#{name}_url")
+
+    # Default url params
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, :param => 123),
+                 send(:"#{prepend_path}user_#{name}_path", :param => 123)
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, :param => 123),
+                 send(:"#{prepend_path}user_#{name}_url", :param => 123)
+
+    @request.path = nil
+    # With an object
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", User.new),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", User.new),
+                 send(:"#{prepend_path}user_#{name}_url")
+  end
+
+
+  test 'should alias session to mapped user session' do
+    assert_path_and_url :session
+    assert_path_and_url :session, :new
+    assert_path_and_url :session, :destroy
+  end
+
+  test 'should alias password to mapped user password' do
+    assert_path_and_url :password
+    assert_path_and_url :password, :new
+    assert_path_and_url :password, :edit
+  end
+
+  test 'should alias confirmation to mapped user confirmation' do
+    assert_path_and_url :confirmation
+    assert_path_and_url :confirmation, :new
+  end
+
+  test 'should alias unlock to mapped user unlock' do
+    assert_path_and_url :unlock
+    assert_path_and_url :unlock, :new
+  end
+
+  test 'should alias registration to mapped user registration' do
+    assert_path_and_url :registration
+    assert_path_and_url :registration, :new
+    assert_path_and_url :registration, :edit
+    assert_path_and_url :registration, :cancel
+  end
+end

data/test/devise_test.rb

@@ -0,0 +1,65 @@
+require 'test_helper'
+
+module Devise
+  def self.yield_and_restore
+    @@warden_configured = nil
+    c, b = @@warden_config, @@warden_config_block
+    yield
+  ensure
+    @@warden_config, @@warden_config_block = c, b
+  end
+end
+
+class DeviseTest < ActiveSupport::TestCase
+  test 'model options can be configured through Devise' do
+    swap Devise, :confirm_within => 113, :pepper => "foo" do
+      assert_equal 113, Devise.confirm_within
+      assert_equal "foo", Devise.pepper
+    end
+  end
+
+  test 'setup block yields self' do
+    Devise.setup do |config|
+      assert_equal Devise, config
+    end
+  end
+
+  test 'stores warden configuration' do
+    assert_equal Devise::FailureApp, Devise.warden_config.failure_app
+    assert_equal :user, Devise.warden_config.default_scope
+  end
+
+  test 'warden manager user configuration through a block' do
+    Devise.yield_and_restore do
+      @executed = false
+      Devise.warden do |config|
+        @executed = true
+        assert_kind_of Warden::Config, config
+      end
+
+      Devise.configure_warden!
+      assert @executed
+    end
+  end
+
+  test 'add new module using the helper method' do
+    assert_nothing_raised(Exception) { Devise.add_module(:coconut) }
+    assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
+    assert_not Devise::STRATEGIES.include?(:coconut)
+    assert_not defined?(Devise::Models::Coconut)
+    Devise::ALL.delete(:coconut)
+
+    assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => :fruits) }
+    assert_equal :fruits, Devise::STRATEGIES[:banana]
+    Devise::ALL.delete(:banana)
+    Devise::STRATEGIES.delete(:banana)
+
+    assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) }
+    assert_equal :fruits, Devise::CONTROLLERS[:kivi]
+    Devise::ALL.delete(:kivi)
+    Devise::CONTROLLERS.delete(:kivi)
+
+    assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
+    assert defined?(Devise::Models::AuthenticatableAgain)
+  end
+end

data/test/encryptors_test.rb

@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class Encryptors < ActiveSupport::TestCase
+  test 'should match a password created by authlogic' do
+    authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
+    encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')
+    assert_equal authlogic, encryptor
+  end
+
+  test 'should match a password created by restful_authentication' do
+    restful_authentication = "93110f71309ce91366375ea44e2a6f5cc73fa8d4"
+    encryptor = Devise::Encryptors::RestfulAuthenticationSha1.digest('123mudar', 10, '48901d2b247a54088acb7f8ea3e695e50fe6791b', 'fee9a51ec0a28d11be380ca6dee6b4b760c1a3bf')
+    assert_equal restful_authentication, encryptor
+  end
+
+  test 'should match a password created by clearance' do
+    clearance = "0f40bbae18ddefd7066276c3ef209d40729b0378"
+    encryptor = Devise::Encryptors::ClearanceSha1.digest('123mudar', nil, '65c58472c207c829f28c68619d3e3aefed18ab3f', nil)
+    assert_equal clearance, encryptor
+  end
+
+  Devise::ENCRYPTORS_LENGTH.each do |key, value|
+    test "should have length #{value} for #{key.inspect}" do
+      swap Devise, :encryptor => key do
+        encryptor = Devise::Encryptors.const_get(key.to_s.classify)
+        assert_equal value, encryptor.digest('a', 4, encryptor.salt(4), nil).size
+      end
+    end
+  end
+end

data/test/failure_app_test.rb

@@ -0,0 +1,148 @@
+require 'test_helper'
+require 'ostruct'
+
+class FailureTest < ActiveSupport::TestCase
+  def self.context(name, &block)
+    instance_eval(&block)
+  end
+
+  def call_failure(env_params={})
+    env = {
+      'REQUEST_URI' => 'http://test.host/',
+      'HTTP_HOST' => 'test.host',
+      'REQUEST_METHOD' => 'GET',
+      'warden.options' => { :scope => :user },
+      'rack.session' => {},
+      'action_dispatch.request.formats' => Array(env_params.delete('formats') || :html),
+      'rack.input' => "",
+      'warden' => OpenStruct.new(:message => nil)
+    }.merge!(env_params)
+
+    @response = Devise::FailureApp.call(env).to_a
+    @request  = ActionDispatch::Request.new(env)
+  end
+
+  context 'When redirecting' do
+    test 'return 302 status' do
+      call_failure
+      assert_equal 302, @response.first
+    end
+
+    test 'return to the default redirect location' do
+      call_failure
+      assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+      assert_equal 'http://test.host/users/sign_in', @response.second['Location']
+    end
+
+    test 'uses the proxy failure message as symbol' do
+      call_failure('warden' => OpenStruct.new(:message => :test))
+      assert_equal 'test', @request.flash[:alert]
+      assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+    end
+
+    test 'uses the proxy failure message as string' do
+      call_failure('warden' => OpenStruct.new(:message => 'Hello world'))
+      assert_equal 'Hello world', @request.flash[:alert]
+      assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+    end
+
+    test 'set content type to default text/html' do
+      call_failure
+      assert_equal 'text/html; charset=utf-8', @response.second['Content-Type']
+    end
+
+    test 'setup a default message' do
+      call_failure
+      assert_match /You are being/, @response.last.body
+      assert_match /redirected/, @response.last.body
+      assert_match /users\/sign_in/, @response.last.body
+    end
+
+    test 'works for any navigational format' do
+      swap Devise, :navigational_formats => [:xml] do
+        call_failure('formats' => :xml)
+        assert_equal 302, @response.first
+      end
+    end
+  end
+
+  context 'For HTTP request' do
+    test 'return 401 status' do
+      call_failure('formats' => :xml)
+      assert_equal 401, @response.first
+    end
+
+    test 'return WWW-authenticate headers if model allows' do
+      call_failure('formats' => :xml)
+      assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
+    end
+
+    test 'does not return WWW-authenticate headers if model does not allow' do
+      swap Devise, :http_authenticatable => false do
+        call_failure('formats' => :xml)
+        assert_nil @response.second["WWW-Authenticate"]
+      end
+    end
+
+    test 'works for any non navigational format' do
+      swap Devise, :navigational_formats => [] do
+        call_failure('formats' => :html)
+        assert_equal 401, @response.first
+      end
+    end
+
+    test 'uses the failure message as response body' do
+      call_failure('formats' => :xml, 'warden' => OpenStruct.new(:message => :invalid))
+      assert_match '<error>Invalid email or password.</error>', @response.third.body
+    end
+
+    context 'on ajax call' do
+      context 'when http_authenticatable_on_xhr is false' do
+        test 'dont return 401 with navigational formats' do
+          swap Devise, :http_authenticatable_on_xhr => false do
+            call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            assert_equal 302, @response.first
+            assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+          end
+        end
+
+        test 'dont return 401 with non navigational formats' do
+          swap Devise, :http_authenticatable_on_xhr => false do
+            call_failure('formats' => :json, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            assert_equal 302, @response.first
+            assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+          end
+        end
+      end
+
+      context 'when http_authenticatable_on_xhr is true' do
+        test 'return 401' do
+          swap Devise, :http_authenticatable_on_xhr => true do
+            call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            assert_equal 401, @response.first
+          end
+        end
+
+        test 'skip WWW-Authenticate header' do
+          swap Devise, :http_authenticatable_on_xhr => true do
+            call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            assert_nil @response.second['WWW-Authenticate']
+          end
+        end
+      end
+    end
+  end
+
+  context 'With recall' do
+    test 'calls the original controller' do
+      env = {
+        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in" },
+        "devise.mapping" => Devise.mappings[:user],
+        "warden" => stub_everything
+      }
+      call_failure(env)
+      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('Invalid email or password.')
+    end
+  end
+end

data/test/integration/authenticatable_test.rb

@@ -0,0 +1,424 @@
+require 'test_helper'
+
+class AuthenticationSanityTest < ActionController::IntegrationTest
+  test 'home should be accessible without sign in' do
+    visit '/'
+    assert_response :success
+    assert_template 'home/index'
+  end
+
+  test 'sign in as user should not authenticate admin scope' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'sign in as admin should not authenticate user scope' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'sign in as both user and admin at same time' do
+    sign_in_as_user
+    sign_in_as_admin
+    assert warden.authenticated?(:user)
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'sign out as user should not touch admin authentication if sign_out_all_scopes is false' do
+    swap Devise, :sign_out_all_scopes => false do
+      sign_in_as_user
+      sign_in_as_admin
+      get destroy_user_session_path
+      assert_not warden.authenticated?(:user)
+      assert warden.authenticated?(:admin)
+    end
+  end
+
+  test 'sign out as admin should not touch user authentication if sign_out_all_scopes is false' do
+    swap Devise, :sign_out_all_scopes => false do
+      sign_in_as_user
+      sign_in_as_admin
+
+      get destroy_admin_session_path
+      assert_not warden.authenticated?(:admin)
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'sign out as user should also sign out admin if sign_out_all_scopes is true' do
+    swap Devise, :sign_out_all_scopes => true do
+      sign_in_as_user
+      sign_in_as_admin
+
+      get destroy_user_session_path
+      assert_not warden.authenticated?(:user)
+      assert_not warden.authenticated?(:admin)
+    end
+  end
+
+  test 'sign out as admin should also sign out user if sign_out_all_scopes is true' do
+    swap Devise, :sign_out_all_scopes => true do
+      sign_in_as_user
+      sign_in_as_admin
+
+      get destroy_admin_session_path
+      assert_not warden.authenticated?(:admin)
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  test 'not signed in as admin should not be able to access admins actions' do
+    get admins_path
+    assert_redirected_to new_admin_session_path
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'not signed in as admin should not be able to access private route restricted to admins' do
+    get private_path
+    assert_redirected_to new_admin_session_path
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'signed in as user should not be able to access private route restricted to admins' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+    get private_path
+    assert_redirected_to new_admin_session_path
+  end
+
+  test 'signed in as admin should be able to access private route restricted to admins' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+
+    get private_path
+
+    assert_response :success
+    assert_template 'home/private'
+    assert_contain 'Private!'
+  end
+
+  test 'signed in as user should not be able to access admins actions' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+
+    get admins_path
+    assert_redirected_to new_admin_session_path
+  end
+
+  test 'signed in as admin should be able to access admin actions' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+
+    get admins_path
+
+    assert_response :success
+    assert_template 'admins/index'
+    assert_contain 'Welcome Admin'
+  end
+
+  test 'authenticated admin should not be able to sign as admin again' do
+    sign_in_as_admin
+    get new_admin_session_path
+
+    assert_response :redirect
+    assert_redirected_to admin_root_path
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'authenticated admin should be able to sign out' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_contain 'Signed out successfully'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'unauthenticated admin does not set message on sign out' do
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_not_contain 'Signed out successfully'
+  end
+end
+
+class AuthenticationRedirectTest < ActionController::IntegrationTest
+  test 'redirect from warden shows sign in or sign up message' do
+    get admins_path
+
+    warden_path = new_admin_session_path
+    assert_redirected_to warden_path
+
+    get warden_path
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+
+  test 'redirect to default url if no other was configured' do
+    sign_in_as_user
+    assert_template 'home/index'
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'redirect to requested url after sign in' do
+    get users_path
+    assert_redirected_to new_user_session_path
+    assert_equal users_path, session[:"user_return_to"]
+
+    follow_redirect!
+    sign_in_as_user :visit => false
+
+    assert_current_url '/users'
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'redirect to last requested url overwriting the stored return_to option' do
+    get expire_user_path(create_user)
+    assert_redirected_to new_user_session_path
+    assert_equal expire_user_path(create_user), session[:"user_return_to"]
+
+    get users_path
+    assert_redirected_to new_user_session_path
+    assert_equal users_path, session[:"user_return_to"]
+
+    follow_redirect!
+    sign_in_as_user :visit => false
+
+    assert_current_url '/users'
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'xml http requests does not store urls for redirect' do
+    get users_path, {}, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'
+    assert_equal 401, response.status
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'redirect to configured home path for a given scope after sign in' do
+    sign_in_as_admin
+    assert_equal "/admin_area/home", @request.path
+  end
+end
+
+class AuthenticationSessionTest < ActionController::IntegrationTest
+  test 'destroyed account is signed out' do
+    sign_in_as_user
+    get '/users'
+
+    User.destroy_all
+    get '/users'
+    assert_redirected_to new_user_session_path
+  end
+
+  test 'allows session to be set for a given scope' do
+    sign_in_as_user
+    get '/users'
+    assert_equal "Cart", @controller.user_session[:cart]
+  end
+
+  test 'does not explode when invalid user class is stored in session' do
+    klass = User
+    paths = ActiveSupport::Dependencies.autoload_paths.dup
+
+    begin
+      sign_in_as_user
+      assert warden.authenticated?(:user)
+
+      Object.send :remove_const, :User
+      ActiveSupport::Dependencies.autoload_paths.clear
+
+      visit "/users"
+      assert_not warden.authenticated?(:user)
+    ensure
+      Object.const_set(:User, klass)
+      ActiveSupport::Dependencies.autoload_paths.replace(paths)
+    end
+  end
+end
+
+class AuthenticationWithScopesTest < ActionController::IntegrationTest
+  test 'renders the scoped view if turned on and view is available' do
+    swap Devise, :scoped_views => true do
+      assert_raise Webrat::NotFoundError do
+        sign_in_as_user
+      end
+      assert_match /Special user view/, response.body
+    end
+  end
+
+  test 'renders the scoped view if turned on in an specific controller' do
+    begin
+      Devise::SessionsController.scoped_views = true
+      assert_raise Webrat::NotFoundError do
+        sign_in_as_user
+      end
+
+      assert_match /Special user view/, response.body
+      assert !Devise::PasswordsController.scoped_views?
+    ensure
+      Devise::SessionsController.send :remove_instance_variable, :@scoped_views
+    end
+  end
+
+  test 'does not render the scoped view if turned off' do
+    swap Devise, :scoped_views => false do
+      assert_nothing_raised do
+        sign_in_as_user
+      end
+    end
+  end
+
+  test 'does not render the scoped view if not available' do
+    swap Devise, :scoped_views => true do
+      assert_nothing_raised do
+        sign_in_as_admin
+      end
+    end
+  end
+end
+
+class AuthenticationOthersTest < ActionController::IntegrationTest
+  test 'uses the custom controller with the custom controller view' do
+    get '/admin_area/sign_in'
+    assert_contain 'Sign in'
+    assert_contain 'Welcome to "admins/sessions" controller!'
+    assert_contain 'Welcome to "sessions/new" view!'
+  end
+
+  test 'render 404 on roles without routes' do
+    get '/admin_area/password/new'
+    assert_equal 404, response.status
+  end
+
+  test 'render 404 on roles without mapping' do
+    assert_raise AbstractController::ActionNotFound do
+      get '/sign_in'
+    end
+  end
+
+  test 'sign in with script name' do
+    assert_nothing_raised do
+      get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
+      fill_in "email", :with => "user@test.com"
+    end
+  end
+
+  test 'registration in xml format works when recognizing path' do
+    assert_nothing_raised do
+      post user_registration_path(:format => 'xml', :user => {:email => "test@example.com", :password => "invalid"} )
+    end
+  end
+
+  test 'uses the mapping from router' do
+    sign_in_as_user :visit => "/as/sign_in"
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'uses the mapping from nested devise_for call' do
+    sign_in_as_user :visit => "/devise_for/sign_in"
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+end
+
+class AuthenticationRequestKeysTest < ActionController::IntegrationTest
+  test 'request keys are used on authentication' do
+    host! 'foo.bar.baz'
+
+    swap Devise, :request_keys => [:subdomain] do
+      User.expects(:find_for_authentication).with(:subdomain => 'foo', :email => 'user@test.com').returns(create_user)
+      sign_in_as_user
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'invalid request keys raises NoMethodError' do
+    swap Devise, :request_keys => [:unknown_method] do
+      assert_raise NoMethodError do
+        sign_in_as_user
+      end
+
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  test 'blank request keys cause authentication to abort' do
+    host! 'test.com'
+
+    swap Devise, :request_keys => [:subdomain] do
+      sign_in_as_user
+      assert_contain "Invalid email or password."
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  test 'blank request keys cause authentication to abort unless if marked as not required' do
+    host! 'test.com'
+
+    swap Devise, :request_keys => { :subdomain => false } do
+      sign_in_as_user
+      assert warden.authenticated?(:user)
+    end
+  end
+end
+
+class AuthenticationSignOutViaTest < ActionController::IntegrationTest
+  def sign_in!(scope)
+    sign_in_as_user(:visit => send("new_#{scope}_session_path"))
+    assert warden.authenticated?(scope)
+  end
+
+  test 'allow sign out via delete when sign_out_via provides only delete' do
+    sign_in!(:sign_out_via_delete)
+    delete destroy_sign_out_via_delete_session_path
+    assert_not warden.authenticated?(:sign_out_via_delete)
+  end
+
+  test 'do not allow sign out via get when sign_out_via provides only delete' do
+    sign_in!(:sign_out_via_delete)
+    get destroy_sign_out_via_delete_session_path
+    assert warden.authenticated?(:sign_out_via_delete)
+  end
+
+  test 'allow sign out via post when sign_out_via provides only post' do
+    sign_in!(:sign_out_via_post)
+    post destroy_sign_out_via_post_session_path
+    assert_not warden.authenticated?(:sign_out_via_post)
+  end
+
+  test 'do not allow sign out via get when sign_out_via provides only post' do
+    sign_in!(:sign_out_via_post)
+    get destroy_sign_out_via_delete_session_path
+    assert warden.authenticated?(:sign_out_via_post)
+  end
+
+  test 'allow sign out via delete when sign_out_via provides delete and post' do
+    sign_in!(:sign_out_via_delete_or_post)
+    delete destroy_sign_out_via_delete_or_post_session_path
+    assert_not warden.authenticated?(:sign_out_via_delete_or_post)
+  end
+
+  test 'allow sign out via post when sign_out_via provides delete and post' do
+    sign_in!(:sign_out_via_delete_or_post)
+    post destroy_sign_out_via_delete_or_post_session_path
+    assert_not warden.authenticated?(:sign_out_via_delete_or_post)
+  end
+
+  test 'do not allow sign out via get when sign_out_via provides delete and post' do
+    sign_in!(:sign_out_via_delete_or_post)
+    get destroy_sign_out_via_delete_or_post_session_path
+    assert warden.authenticated?(:sign_out_via_delete_or_post)
+  end
+end