devise-edge 1.2.rc

data/test/models/timeoutable_test.rb

@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class TimeoutableTest < ActiveSupport::TestCase
+
+  test 'should be expired' do
+    assert new_user.timedout?(31.minutes.ago)
+  end
+
+  test 'should not be expired' do
+    assert_not new_user.timedout?(29.minutes.ago)
+  end
+
+  test 'should not be expired when params is nil' do
+    assert_not new_user.timedout?(nil)
+  end
+
+  test 'fallback to Devise config option' do
+    swap Devise, :timeout_in => 1.minute do
+      user = new_user
+      assert user.timedout?(2.minutes.ago)
+      assert_not user.timedout?(30.seconds.ago)
+
+      Devise.timeout_in = 5.minutes
+      assert_not user.timedout?(2.minutes.ago)
+      assert user.timedout?(6.minutes.ago)
+    end
+  end
+end

data/test/models/token_authenticatable_test.rb

@@ -0,0 +1,37 @@
+require 'test_helper'
+
+class TokenAuthenticatableTest < ActiveSupport::TestCase
+
+  test 'should reset authentication token' do
+    user = new_user
+    user.reset_authentication_token
+    previous_token = user.authentication_token
+    user.reset_authentication_token
+    assert_not_equal previous_token, user.authentication_token
+  end
+
+  test 'should ensure authentication token' do
+    user = new_user
+    user.ensure_authentication_token
+    previous_token = user.authentication_token
+    user.ensure_authentication_token
+    assert_equal previous_token, user.authentication_token
+  end
+
+  test 'should authenticate a valid user with authentication token and return it' do
+    user = create_user
+    user.ensure_authentication_token!
+    user.confirm!
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)
+    assert_equal authenticated_user, user
+  end
+
+  test 'should return nil when authenticating an invalid user by authentication token' do
+    user = create_user
+    user.ensure_authentication_token!
+    user.confirm!
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)
+    assert_nil authenticated_user
+  end
+
+end

data/test/models/trackable_test.rb

@@ -0,0 +1,5 @@
+require 'test_helper'
+
+class TrackableTest < ActiveSupport::TestCase
+
+end

data/test/models/validatable_test.rb

@@ -0,0 +1,99 @@
+require 'test_helper'
+
+class ValidatableTest < ActiveSupport::TestCase
+  test 'should require email to be set' do
+    user = new_user(:email => nil)
+    assert user.invalid?
+    assert user.errors[:email]
+    assert_equal 'can\'t be blank', user.errors[:email].join
+  end
+
+  test 'should require uniqueness of email, allowing blank' do
+    existing_user = create_user
+
+    user = new_user(:email => '')
+    assert user.invalid?
+    assert_no_match(/taken/, user.errors[:email].join)
+
+    user.email = existing_user.email
+    assert user.invalid?
+    assert_match(/taken/, user.errors[:email].join)
+  end
+
+  test 'should require correct email format, allowing blank' do
+    user = new_user(:email => '')
+    assert user.invalid?
+    assert_not_equal 'is invalid', user.errors[:email].join
+
+    %w(invalid_email_format email@invalid invalid$character@mail.com other@not 123).each do |email|
+      user.email = email
+      assert user.invalid?, 'should be invalid with email ' << email
+      assert_equal 'is invalid', user.errors[:email].join
+    end
+  end
+
+  test 'should accept valid emails' do
+    %w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test).each do |email|
+      user = new_user(:email => email)
+      assert user.valid?, 'should be valid with email ' << email
+      assert_blank user.errors[:email]
+    end
+  end
+
+  test 'should require password to be set when creating a new record' do
+    user = new_user(:password => '', :password_confirmation => '')
+    assert user.invalid?
+    assert_equal 'can\'t be blank', user.errors[:password].join
+  end
+
+  test 'should require confirmation to be set when creating a new record' do
+    user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
+    assert user.invalid?
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
+  end
+
+  test 'should require password when updating/reseting password' do
+    user = create_user
+
+    user.password = ''
+    user.password_confirmation = ''
+
+    assert user.invalid?
+    assert_equal 'can\'t be blank', user.errors[:password].join
+  end
+
+  test 'should require confirmation when updating/reseting password' do
+    user = create_user
+    user.password_confirmation = 'another_password'
+    assert user.invalid?
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
+  end
+
+  test 'should require a password with minimum of 6 characters' do
+    user = new_user(:password => '12345', :password_confirmation => '12345')
+    assert user.invalid?
+    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
+  end
+
+  test 'should require a password with maximum of 20 characters long' do
+    user = new_user(:password => 'x'*21, :password_confirmation => 'x'*21)
+    assert user.invalid?
+    assert_equal 'is too long (maximum is 20 characters)', user.errors[:password].join
+  end
+
+  test 'should not require password length when it\'s not changed' do
+    user = create_user.reload
+    user.password = user.password_confirmation = nil
+    assert user.valid?
+  
+    user.password_confirmation = 'confirmation'
+    assert user.invalid?
+    assert_not (user.errors[:password].join =~ /is too long/)
+  end
+
+  test 'shuold not be included in objects with invalid API' do
+    assert_raise RuntimeError do
+      Class.new.send :include, Devise::Models::Validatable
+    end
+  end
+end

data/test/models_test.rb

@@ -0,0 +1,77 @@
+require 'test_helper'
+
+class Configurable < User
+  devise :database_authenticatable, :encryptable, :confirmable, :rememberable, :timeoutable, :lockable,
+         :stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
+         :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
+end
+
+class Inheritable < Admin
+end
+
+class ActiveRecordTest < ActiveSupport::TestCase
+  def include_module?(klass, mod)
+    klass.devise_modules.include?(mod) &&
+    klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
+  end
+
+  def assert_include_modules(klass, *modules)
+    modules.each do |mod|
+      assert include_module?(klass, mod)
+    end
+
+    (Devise::ALL - modules).each do |mod|
+      assert_not include_module?(klass, mod)
+    end
+  end
+
+  test 'can cherry pick modules' do
+    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :rememberable, :encryptable
+  end
+
+  test 'chosen modules are inheritable' do
+    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :rememberable, :encryptable
+  end
+
+  test 'order of module inclusion' do
+    correct_module_order   = [:database_authenticatable, :rememberable, :encryptable, :recoverable, :registerable, :lockable, :timeoutable]
+    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :encryptable, :rememberable]
+
+    assert_include_modules Admin, *incorrect_module_order
+
+    # get module constants from symbol list
+    module_constants = correct_module_order.collect { |mod| Devise::Models::const_get(mod.to_s.classify) }
+
+    # confirm that they adhere to the order in ALL
+    # get included modules, filter out the noise, and reverse the order
+    assert_equal module_constants, (Admin.included_modules & module_constants).reverse
+  end
+
+  test 'set a default value for stretches' do
+    assert_equal 15, Configurable.stretches
+  end
+
+  test 'set a default value for pepper' do
+    assert_equal 'abcdef', Configurable.pepper
+  end
+
+  test 'set a default value for confirm_within' do
+    assert_equal 5.days, Configurable.confirm_within
+  end
+
+  test 'set a default value for remember_for' do
+    assert_equal 7.days, Configurable.remember_for
+  end
+
+  test 'set a default value for timeout_in' do
+    assert_equal 15.minutes, Configurable.timeout_in
+  end
+
+  test 'set a default value for unlock_in' do
+    assert_equal 10.days, Configurable.unlock_in
+  end
+
+  test 'set null fields on migrations' do
+    Admin.create!
+  end
+end

data/test/oauth/config_test.rb

@@ -0,0 +1,44 @@
+require 'test_helper'
+
+class OauthConfigTest < ActiveSupport::TestCase
+  ACCESS_TOKEN = {
+    :access_token => "plataformatec"
+  }
+
+  setup { @config = Devise.oauth_configs[:facebook] }
+  teardown { Devise::Oauth.reset_stubs! }
+
+  test "stored OAuth2::Client" do
+    assert_kind_of OAuth2::Client, @config.client
+  end
+
+  test "build authorize url" do
+    url = @config.authorize_url(:redirect_uri => "foo") 
+    assert_match "https://graph.facebook.com/oauth/authorize?", url
+    assert_match "scope=email%2Coffline_access", url
+    assert_match "client_id=APP_ID", url
+    assert_match "type=web_server", url
+    assert_match "redirect_uri=foo", url
+  end
+
+  test "retrieves access token object by code" do
+    Devise::Oauth.stub!(:facebook) do |b|
+      b.post('/oauth/access_token') { [200, {}, ACCESS_TOKEN.to_json] }
+      b.get('/me?access_token=plataformatec') { [200, {}, {}.to_json] }
+    end
+
+    access_token = @config.access_token_by_code("12345")
+    assert_kind_of OAuth2::AccessToken, access_token
+    assert_equal "{}", access_token.get("/me")
+  end
+
+  test "retrieves access token object by token" do
+    Devise::Oauth.stub!(:facebook) do |b|
+      b.get('/me?access_token=plataformatec') { [200, {}, {}.to_json] }
+    end
+
+    access_token = @config.access_token_by_token("plataformatec")
+    assert_kind_of OAuth2::AccessToken, access_token
+    assert_equal "{}", access_token.get("/me")
+  end
+end

data/test/oauth/url_helpers_test.rb

@@ -0,0 +1,47 @@
+require 'test_helper'
+
+class OauthRoutesTest < ActionController::TestCase
+  tests ApplicationController
+
+  def assert_path_and_url(action, provider)
+    # Resource param
+    assert_equal @controller.send(action, :user, provider),
+                 @controller.send("user_#{action}", provider)
+
+    # Default url params
+    assert_equal @controller.send(action, :user, provider, :param => 123),
+                 @controller.send("user_#{action}", provider, :param => 123)
+
+    # With an object
+    assert_equal @controller.send(action, User.new, provider, :param => 123),
+                 @controller.send("user_#{action}", provider, :param => 123)
+  end
+
+  test 'should alias oauth_callback to mapped user auth_callback' do
+    assert_path_and_url :oauth_callback_path, :github
+    assert_path_and_url :oauth_callback_url,  :github
+    assert_path_and_url :oauth_callback_path, :facebook
+    assert_path_and_url :oauth_callback_url,  :facebook
+  end
+
+  test 'should alias oauth_authorize to mapped user auth_authorize' do
+    assert_path_and_url :oauth_authorize_url, :github
+    assert_path_and_url :oauth_authorize_url, :facebook
+  end
+
+  test 'should adds scope, provider and redirect_uri to authorize urls' do
+    url = @controller.oauth_authorize_url(:user, :github) 
+    assert_match "https://github.com/login/oauth/authorize?", url
+    assert_match "scope=user%2Cpublic_repo", url
+    assert_match "client_id=APP_ID", url
+    assert_match "type=web_server", url
+    assert_match "redirect_uri=http%3A%2F%2Ftest.host%2Fusers%2Foauth%2Fgithub%2Fcallback", url
+
+    url = @controller.oauth_authorize_url(:user, :facebook) 
+    assert_match "https://graph.facebook.com/oauth/authorize?", url
+    assert_match "scope=email%2Coffline_access", url
+    assert_match "client_id=APP_ID", url
+    assert_match "type=web_server", url
+    assert_match "redirect_uri=http%3A%2F%2Ftest.host%2Fusers%2Foauth%2Ffacebook%2Fcallback", url
+  end
+end

data/test/orm/active_record.rb

@@ -0,0 +1,9 @@
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.logger = Logger.new(nil)
+
+ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__))
+
+class ActiveSupport::TestCase
+  self.use_transactional_fixtures = true
+  self.use_instantiated_fixtures  = false
+end

data/test/orm/mongoid.rb

@@ -0,0 +1,10 @@
+Mongoid.configure do |config|
+  config.master = Mongo::Connection.new('127.0.0.1', 27017).db("devise-test-suite")
+end
+
+class ActiveSupport::TestCase
+  setup do
+    User.delete_all
+    Admin.delete_all
+  end
+end

data/test/rails_app/app/active_record/admin.rb

@@ -0,0 +1,6 @@
+require 'shared_admin'
+
+class Admin < ActiveRecord::Base
+  include Shim
+  include SharedAdmin
+end

data/test/rails_app/app/active_record/shim.rb

@@ -0,0 +1,2 @@
+module Shim
+end

data/test/rails_app/app/active_record/user.rb

@@ -0,0 +1,8 @@
+require 'shared_user'
+
+class User < ActiveRecord::Base
+  include Shim
+  include SharedUser
+
+  attr_accessible :username, :email, :password, :password_confirmation, :remember_me
+end

data/test/rails_app/app/controllers/admins/sessions_controller.rb

@@ -0,0 +1,6 @@
+class Admins::SessionsController < Devise::SessionsController
+  def new
+    flash[:special] = "Welcome to #{controller_path.inspect} controller!"
+    super
+  end
+end

data/test/rails_app/app/controllers/admins_controller.rb

@@ -0,0 +1,6 @@
+class AdminsController < ApplicationController
+  before_filter :authenticate_admin!
+
+  def index
+  end
+end

data/test/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,9 @@
+# Filters added to this controller apply to all controllers in the application.
+# Likewise, all the methods added will be available for all controllers.
+
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+
+  before_filter :current_user
+  before_filter :authenticate_user!, :if => :devise_controller?
+end

data/test/rails_app/app/controllers/home_controller.rb

@@ -0,0 +1,12 @@
+class HomeController < ApplicationController
+  def index
+  end
+
+  def private
+  end
+
+  def set
+    session["user_provider_oauth_token"] = "something"
+    head :ok
+  end
+end

data/test/rails_app/app/controllers/publisher/registrations_controller.rb

@@ -0,0 +1,2 @@
+class Publisher::RegistrationsController < ApplicationController
+end

data/test/rails_app/app/controllers/publisher/sessions_controller.rb

@@ -0,0 +1,2 @@
+class Publisher::SessionsController < ApplicationController
+end

data/test/rails_app/app/controllers/users_controller.rb

@@ -0,0 +1,18 @@
+class UsersController < ApplicationController
+  before_filter :authenticate_user!, :except => :accept
+  respond_to :html, :xml
+
+  def index
+    user_session[:cart] = "Cart"
+    respond_with(current_user)
+  end
+
+  def accept
+    @current_user = current_user
+  end
+
+  def expire
+    user_session['last_request_at'] = 31.minutes.ago.utc
+    render :text => 'User will be expired on next request'
+  end
+end