RubyGems - devise - Versions diffs - 0.8.2 → 0.9.0 - Mend

devise 0.8.2 → 0.9.0

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (80) hide show

data/CHANGELOG.rdoc +21 -2
data/README.rdoc +40 -54
data/Rakefile +1 -1
data/TODO +1 -3
data/app/controllers/confirmations_controller.rb +9 -20
data/app/controllers/passwords_controller.rb +9 -20
data/app/controllers/sessions_controller.rb +9 -9
data/app/controllers/unlocks_controller.rb +22 -0
data/app/models/devise_mailer.rb +6 -1
data/app/views/confirmations/new.html.erb +1 -5
data/app/views/devise_mailer/unlock_instructions.html.erb +7 -0
data/app/views/passwords/edit.html.erb +1 -5
data/app/views/passwords/new.html.erb +1 -5
data/app/views/sessions/new.html.erb +1 -7
data/app/views/shared/_devise_links.erb +15 -0
data/app/views/unlocks/new.html.erb +12 -0
data/generators/devise/templates/migration.rb +2 -0
data/generators/devise/templates/model.rb +4 -1
data/generators/devise_install/templates/devise.rb +20 -10
data/lib/devise.rb +62 -18
data/lib/devise/controllers/common.rb +24 -0
data/lib/devise/controllers/helpers.rb +160 -80
data/lib/devise/controllers/internal_helpers.rb +120 -0
data/lib/devise/controllers/url_helpers.rb +2 -10
data/lib/devise/encryptors/bcrypt.rb +2 -2
data/lib/devise/hooks/activatable.rb +1 -4
data/lib/devise/hooks/rememberable.rb +30 -0
data/lib/devise/hooks/timeoutable.rb +4 -2
data/lib/devise/locales/en.yml +9 -2
data/lib/devise/mapping.rb +15 -11
data/lib/devise/models.rb +16 -35
data/lib/devise/models/activatable.rb +1 -1
data/lib/devise/models/authenticatable.rb +1 -9
data/lib/devise/models/confirmable.rb +6 -2
data/lib/devise/models/lockable.rb +142 -0
data/lib/devise/models/rememberable.rb +19 -2
data/lib/devise/models/timeoutable.rb +1 -2
data/lib/devise/orm/active_record.rb +2 -0
data/lib/devise/orm/data_mapper.rb +1 -1
data/lib/devise/orm/mongo_mapper.rb +12 -1
data/lib/devise/rails/routes.rb +5 -1
data/lib/devise/rails/warden_compat.rb +13 -13
data/lib/devise/schema.rb +7 -0
data/lib/devise/strategies/authenticatable.rb +1 -3
data/lib/devise/strategies/base.rb +1 -1
data/lib/devise/strategies/rememberable.rb +37 -0
data/lib/devise/test_helpers.rb +1 -1
data/lib/devise/version.rb +1 -1
data/test/controllers/helpers_test.rb +155 -33
data/test/controllers/internal_helpers_test.rb +55 -0
data/test/devise_test.rb +24 -3
data/test/encryptors_test.rb +3 -1
data/test/integration/lockable_test.rb +83 -0
data/test/integration/rememberable_test.rb +1 -1
data/test/mailers/unlock_instructions_test.rb +62 -0
data/test/models/authenticatable_test.rb +0 -23
data/test/models/lockable_test.rb +202 -0
data/test/models/timeoutable_test.rb +7 -7
data/test/models/validatable_test.rb +2 -2
data/test/models_test.rb +9 -76
data/test/orm/active_record.rb +1 -0
data/test/orm/mongo_mapper.rb +0 -1
data/test/rails_app/app/active_record/admin.rb +1 -1
data/test/rails_app/app/active_record/user.rb +2 -1
data/test/rails_app/app/mongo_mapper/admin.rb +1 -1
data/test/rails_app/app/mongo_mapper/user.rb +2 -1
data/test/rails_app/config/initializers/devise.rb +13 -10
data/test/rails_app/config/routes.rb +5 -3
data/test/routes_test.rb +5 -0
data/test/support/integration_tests_helper.rb +1 -0
metadata +16 -12
data/lib/devise/controllers/filters.rb +0 -186
data/lib/devise/models/cookie_serializer.rb +0 -21
data/lib/devise/models/session_serializer.rb +0 -19
data/lib/devise/serializers/base.rb +0 -23
data/lib/devise/serializers/cookie.rb +0 -43
data/lib/devise/serializers/session.rb +0 -22
data/test/controllers/filters_test.rb +0 -177
data/test/rails_app/app/active_record/account.rb +0 -7
data/test/rails_app/app/mongo_mapper/account.rb +0 -9

data/test/controllers/internal_helpers_test.rb ADDED

@@ -0,0 +1,55 @@
+require 'test/test_helper'
+class MyController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+end
+class HelpersTest < ActionController::TestCase
+  tests MyController
+  test 'get resource name from request path' do
+    @request.path = '/users/session'
+    assert_equal :user, @controller.resource_name
+  end
+  test 'get resource name from specific request path' do
+    @request.path = '/admin_area/session'
+    assert_equal :admin, @controller.resource_name
+  end
+  test 'get resource class from request path' do
+    @request.path = '/users/session'
+    assert_equal User, @controller.resource_class
+  end
+  test 'get resource instance variable from request path' do
+    @request.path = '/admin_area/session'
+    @controller.instance_variable_set(:@admin, admin = Admin.new)
+    assert_equal admin, @controller.resource
+  end
+  test 'set resource instance variable from request path' do
+    @request.path = '/admin_area/session'
+    admin = @controller.send(:resource_class).new
+    @controller.send(:resource=, admin)
+    assert_equal admin, @controller.send(:resource)
+    assert_equal admin, @controller.instance_variable_get(:@admin)
+  end
+  test 'resources methods are not controller actions' do
+    assert @controller.class.action_methods.empty?
+  end
+  test 'require no authentication tests current mapping' do
+    @controller.expects(:resource_name).returns(:user).twice
+    @mock_warden.expects(:authenticated?).with(:user).returns(true)
+    @controller.expects(:redirect_to).with(root_path)
+    @controller.send :require_no_authentication
+  end
+  test 'is a devise controller' do
+    assert @controller.devise_controller?
+  end
+end

data/test/devise_test.rb CHANGED

@@ -2,7 +2,7 @@ require 'test/test_helper'
 module Devise
   def self.clean_warden_config!
-    @warden_config = nil
+    @warden_config = nil
   end
 end
@@ -25,10 +25,9 @@ class DeviseTest < ActiveSupport::TestCase
     Devise.configure_warden(config)
     assert_equal Devise::FailureApp, config.failure_app
-    assert_equal [:authenticatable], config.default_strategies
+    assert_equal [:rememberable, :authenticatable], config.default_strategies
     assert_equal :user, config.default_scope
     assert config.silence_missing_strategies?
-    assert config.silence_missing_serializers?
   end
   test 'warden manager user configuration through a block' do
@@ -45,4 +44,26 @@ class DeviseTest < ActiveSupport::TestCase
       Devise.clean_warden_config!
     end
   end
+  test 'add new module using the helper method' do
+    assert_nothing_raised(Exception) { Devise.add_module(:coconut) }
+    assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
+    assert_not Devise::STRATEGIES.include?(:coconut)
+    assert_not defined?(Devise::Models::Coconut)
+    Devise::ALL.delete(:coconut)
+    assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => true) }
+    assert_equal 1, Devise::STRATEGIES.select { |v| v == :banana }.size
+    Devise::ALL.delete(:banana)
+    Devise::STRATEGIES.delete(:banana)
+    assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) }
+    assert_not_nil Devise::CONTROLLERS[:fruits]
+    assert_equal 1, Devise::CONTROLLERS[:fruits].select { |v| v == :kivi }.size
+    Devise::ALL.delete(:kivi)
+    Devise::CONTROLLERS.delete(:fruits)
+    assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
+    assert defined?(Devise::Models::AuthenticatableAgain)
+  end
 end

data/test/encryptors_test.rb CHANGED

@@ -1,3 +1,5 @@
+gem 'bcrypt-ruby'
 class Encryptors < ActiveSupport::TestCase
   test 'should match a password created by authlogic' do
@@ -17,7 +19,7 @@ class Encryptors < ActiveSupport::TestCase
     encryptor = Devise::Encryptors::ClearanceSha1.digest('123mudar', nil, '65c58472c207c829f28c68619d3e3aefed18ab3f', nil)
     assert_equal clearance, encryptor
   end
   Devise::ENCRYPTORS_LENGTH.each do |key, value|
     test "should have length #{value} for #{key.inspect}" do
       swap Devise, :encryptor => key do

data/test/integration/lockable_test.rb ADDED

@@ -0,0 +1,83 @@
+require 'test/test_helper'
+class LockTest < ActionController::IntegrationTest
+  def visit_user_unlock_with_token(unlock_token)
+    visit user_unlock_path(:unlock_token => unlock_token)
+  end
+  test 'user should be able to request a new unlock token' do
+    user = create_user(:locked => true)
+    ActionMailer::Base.deliveries.clear
+    visit new_user_session_path
+    click_link 'Didn\'t receive unlock instructions?'
+    fill_in 'email', :with => user.email
+    click_button 'Resend unlock instructions'
+    assert_template 'sessions/new'
+    assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
+    assert_equal 1, ActionMailer::Base.deliveries.size
+  end
+  test 'unlocked user should not be able to request a unlock token' do
+    user = create_user(:locked => false)
+    ActionMailer::Base.deliveries.clear
+    visit new_user_session_path
+    click_link 'Didn\'t receive unlock instructions?'
+    fill_in 'email', :with => user.email
+    click_button 'Resend unlock instructions'
+    assert_template 'unlocks/new'
+    assert_contain 'not locked'
+    assert_equal 0, ActionMailer::Base.deliveries.size
+  end
+  test 'user with invalid unlock token should not be able to unlock an account' do
+    visit_user_unlock_with_token('invalid_token')
+    assert_response :success
+    assert_template 'unlocks/new'
+    assert_have_selector '#errorExplanation'
+    assert_contain /Unlock token(.*)invalid/
+  end
+  test "locked user should be able to unlock account" do
+    user = create_user(:locked => true)
+    assert user.locked?
+    visit_user_unlock_with_token(user.unlock_token)
+    assert_template 'home/index'
+    assert_contain 'Your account was successfully unlocked.'
+    assert_not user.reload.locked?
+  end
+  test "sign in user automatically after unlocking it's account" do
+    user = create_user(:locked => true)
+    visit_user_unlock_with_token(user.unlock_token)
+    assert warden.authenticated?(:user)
+  end
+  test "user should not be able to sign in when locked" do
+    user = sign_in_as_user(:locked => true)
+    assert_template 'sessions/new'
+    assert_contain 'Your account is locked.'
+    assert_not warden.authenticated?(:user)
+  end
+  test 'error message is configurable by resource name' do
+    store_translations :en, :devise => {
+      :sessions => { :admin => { :locked => "You are locked!" } }
+    } do
+      get new_admin_session_path(:locked => true)
+      assert_contain 'You are locked!'
+    end
+  end
+end

data/test/integration/rememberable_test.rb CHANGED

@@ -6,7 +6,7 @@ class RememberMeTest < ActionController::IntegrationTest
     Devise.remember_for = 1
     user = create_user
     user.remember_me!
-    cookies['warden.user.user.key'] = User.serialize_into_cookie(user) + add_to_token
+    cookies['remember_user_token'] = User.serialize_into_cookie(user) + add_to_token
     user
   end

data/test/mailers/unlock_instructions_test.rb ADDED

@@ -0,0 +1,62 @@
+require 'test/test_helper'
+class UnlockInstructionsTest < ActionMailer::TestCase
+  def setup
+    setup_mailer
+    Devise.mailer_sender = 'test@example.com'
+  end
+  def user
+    @user ||= begin
+      user = create_user
+      user.lock!
+      user
+    end
+  end
+  def mail
+    @mail ||= begin
+      user
+      ActionMailer::Base.deliveries.last
+    end
+  end
+  test 'email sent after locking the user' do
+    assert_not_nil mail
+  end
+  test 'content type should be set to html' do
+    assert_equal 'text/html', mail.content_type
+  end
+  test 'send unlock instructions to the user email' do
+    assert_equal [user.email], mail.to
+  end
+  test 'setup sender from configuration' do
+    assert_equal ['test@example.com'], mail.from
+  end
+  test 'setup subject from I18n' do
+    store_translations :en, :devise => { :mailer => { :unlock_instructions => 'Unlock instructions' } } do
+      assert_equal 'Unlock instructions', mail.subject
+    end
+  end
+  test 'subject namespaced by model' do
+    store_translations :en, :devise => { :mailer => { :user => { :unlock_instructions => 'User Unlock Instructions' } } } do
+      assert_equal 'User Unlock Instructions', mail.subject
+    end
+  end
+  test 'body should have user info' do
+    assert_match /#{user.email}/, mail.body
+  end
+  test 'body should have link to unlock the account' do
+    host = ActionMailer::Base.default_url_options[:host]
+    unlock_url_regexp = %r{<a href=\"http://#{host}/users/unlock\?unlock_token=#{user.unlock_token}">}
+    assert_match unlock_url_regexp, mail.body
+  end
+end

data/test/models/authenticatable_test.rb CHANGED

@@ -130,29 +130,6 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert_not_nil Admin.authenticate(:email => admin.email, :password => admin.password)
   end
-  test 'should serialize user into session' do
-    user = create_user
-    assert_equal [User, user.id], User.serialize_into_session(user)
-  end
-  test 'should serialize user from session' do
-    user = create_user
-    assert_equal user.id, User.serialize_from_session([User, user.id]).id
-  end
-  test 'should serialize another klass from session if it is an ancestors' do
-    user = create_user
-    klass = Class.new(User)
-    assert_equal user.id, User.serialize_from_session([klass, user.id]).id
-  end
-  test 'should not serialize another klass from session if not an ancestors' do
-    user = create_user
-    assert_raise RuntimeError, /ancestors/ do
-      User.serialize_from_session([Admin, user.id])
-    end
-  end
   test 'should respond to old password' do
     assert new_user.respond_to?(:old_password)
   end

data/test/models/lockable_test.rb ADDED

@@ -0,0 +1,202 @@
+require 'test/test_helper'
+class LockableTest < ActiveSupport::TestCase
+  def setup
+    setup_mailer
+  end
+  test "should increment failed attempts on unsuccessful authentication" do
+    user = create_user
+    assert_equal 0, user.failed_attempts
+    authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword")
+    assert_equal 1, user.reload.failed_attempts
+  end
+  test "should lock account base on maximum_attempts" do
+    user = create_user
+    attempts = Devise.maximum_attempts + 1
+    attempts.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
+    assert user.reload.locked?
+  end
+  test "should respect maximum attempts configuration" do
+    user = create_user
+    swap Devise, :maximum_attempts => 2 do
+      3.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
+      assert user.reload.locked?
+    end
+  end
+  test "should clear failed_attempts on successfull sign in" do
+    user = create_user
+    User.authenticate(:email => user.email, :password => "anotherpassword")
+    assert_equal 1, user.reload.failed_attempts
+    User.authenticate(:email => user.email, :password => "123456")
+    assert_equal 0, user.reload.failed_attempts
+  end
+  test "should verify wheter a user is locked or not" do
+    user = create_user
+    assert_not user.locked?
+    user.lock!
+    assert user.locked?
+  end
+  test "active? should be the opposite of locked?" do
+    user = create_user
+    user.confirm!
+    assert user.active?
+    user.lock!
+    assert_not user.active?
+  end
+  test "should unlock an user by cleaning locked_at, falied_attempts and unlock_token" do
+    user = create_user
+    user.lock!
+    assert_not_nil user.reload.locked_at
+    assert_not_nil user.reload.unlock_token
+    user.unlock!
+    assert_nil user.reload.locked_at
+    assert_nil user.reload.unlock_token
+    assert 0, user.reload.failed_attempts
+  end
+  test 'should not unlcok an unlocked user' do
+    user = create_user
+    assert_not user.unlock!
+    assert_match /not locked/, user.errors[:email]
+  end
+  test "new user should not be locked and should have zero failed_attempts" do
+    assert_not new_user.locked?
+    assert_equal 0, create_user.failed_attempts
+  end
+  test "should unlock user after unlock_in period" do
+    swap Devise, :unlock_in => 3.hours do
+      user = new_user
+      user.locked_at = 2.hours.ago
+      assert user.locked?
+      Devise.unlock_in = 1.hour
+      assert_not user.locked?
+    end
+  end
+  test "should not unlock in 'unlock_in' if :time unlock strategy is not set" do
+    swap Devise, :unlock_strategy => :email do
+      user = new_user
+      user.locked_at = 2.hours.ago
+      assert user.locked?
+    end
+  end
+  test "should set unlock_token when locking" do
+    user = create_user
+    assert_nil user.unlock_token
+    user.lock!
+    assert_not_nil user.unlock_token
+  end
+  test 'should not regenerate unlock token if it already exists' do
+    user = create_user
+    user.lock!
+    3.times do
+      token = user.unlock_token
+      user.resend_unlock!
+      assert_equal token, user.unlock_token
+    end
+  end
+  test "should never generate the same unlock token for different users" do
+    unlock_tokens = []
+    3.times do
+      user = create_user
+      user.lock!
+      token = user.unlock_token
+      assert !unlock_tokens.include?(token)
+      unlock_tokens << token
+    end
+  end
+  test "should not generate unlock_token when :email is not an unlock strategy" do
+    swap Devise, :unlock_strategy => :time do
+      user = create_user
+      user.lock!
+      assert_nil user.unlock_token
+    end
+  end
+  test "should send email with unlock instructions when :email is an unlock strategy" do
+    swap Devise, :unlock_strategy => :email do
+      user = create_user
+      assert_email_sent do
+        user.lock!
+      end
+    end
+  end
+  test "should not send email with unlock instructions when :email is not an unlock strategy" do
+    swap Devise, :unlock_strategy => :time do
+      user = create_user
+      assert_email_not_sent do
+        user.lock!
+      end
+    end
+  end
+  test 'should find and unlock an user automatically' do
+    user = create_user
+    user.lock!
+    locked_user = User.unlock!(:unlock_token => user.unlock_token)
+    assert_equal locked_user, user
+    assert_not user.reload.locked?
+  end
+  test 'should return a new record with errors when a invalid token is given' do
+    locked_user = User.unlock!(:unlock_token => 'invalid_token')
+    assert locked_user.new_record?
+    assert_match /invalid/, locked_user.errors[:unlock_token]
+  end
+  test 'should return a new record with errors when a blank token is given' do
+    locked_user = User.unlock!(:unlock_token => '')
+    assert locked_user.new_record?
+    assert_match /blank/, locked_user.errors[:unlock_token]
+  end
+  test 'should authenticate a unlocked user' do
+    user = create_user
+    user.lock!
+    user.unlock!
+    authenticated_user = User.authenticate(:email => user.email, :password => user.password)
+    assert_equal authenticated_user, user
+  end
+  test 'should find a user to send unlock instructions' do
+    user = create_user
+    user.lock!
+    unlock_user = User.send_unlock_instructions(:email => user.email)
+    assert_equal unlock_user, user
+  end
+  test 'should return a new user if no email was found' do
+    unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
+    assert unlock_user.new_record?
+  end
+  test 'should add error to new user email if no email was found' do
+    unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
+    assert unlock_user.errors[:email]
+    assert_equal 'not found', unlock_user.errors[:email]
+  end
+  test 'should not be able to send instructions if the user is not locked' do
+    user = create_user
+    assert_not user.resend_unlock!
+    assert_not user.locked?
+    assert_equal 'not locked', user.errors[:email]
+  end
+end