devise 1.0.11 → 1.1.pre

data/test/encryptors_test.rb

@@ -1,7 +1,4 @@
-gem 'bcrypt-ruby'
-
 class Encryptors < ActiveSupport::TestCase
-
   test 'should match a password created by authlogic' do
     authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
     encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')

data/test/failure_app_test.rb

@@ -4,7 +4,12 @@ require 'ostruct'
 class FailureTest < ActiveSupport::TestCase
 
   def call_failure(env_params={})
-    env = {'warden.options' => { :scope => :user }}.merge!(env_params)
+    env = {
+      'warden.options' => { :scope => :user },
+      'REQUEST_URI' => 'http://test.host/',
+      'REQUEST_METHOD' => 'GET',
+      'rack.session' => {}
+    }.merge!(env_params)
     Devise::FailureApp.call(env)
   end
 

data/test/integration/authenticatable_test.rb

@@ -134,9 +134,7 @@ class AuthenticationTest < ActionController::IntegrationTest
   end
 
   test 'error message is configurable by resource name' do
-    store_translations :en, :devise => {
-      :sessions => { :admin => { :invalid => "Invalid credentials" } }
-    } do
+    store_translations :en, :devise => { :sessions => { :admin => { :invalid => "Invalid credentials" } } } do
       sign_in_as_admin do
         fill_in 'password', :with => 'abcdef'
       end
@@ -190,14 +188,6 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_nil session[:"user.return_to"]
   end
 
-  test 'xml http requests does not store urls for redirect' do
-    xhr :get, users_path
-    assert_nil session[:"user.return_to"]
-
-    sign_in_as_user
-    assert_template 'home/index'
-  end
-
   test 'redirect to configured home path for a given scope after sign in' do
     sign_in_as_admin
     assert_equal "/admin_area/home", @request.path
@@ -205,30 +195,20 @@ class AuthenticationTest < ActionController::IntegrationTest
 
   test 'destroyed account is signed out' do
     sign_in_as_user
-    visit 'users/index'
+    get '/users'
 
     User.destroy_all
-    visit 'users/index'
+    get '/users'
     assert_redirected_to '/users/sign_in?unauthenticated=true'
   end
 
   test 'allows session to be set by a given scope' do
     sign_in_as_user
-    visit 'users/index'
-    assert_equal "Cart", @controller.user_session[:cart]
-  end
-
-  test 'session id is changed on sign in' do
     get '/users'
-    session_id = request.session[:session_id]
-
-    get '/users'
-    assert_equal session_id, request.session[:session_id]
-
-    sign_in_as_user
-    assert_not_equal session_id, request.session[:session_id]
+    assert_equal "Cart", @controller.user_session[:cart]
   end
 
+  # Scoped views
   test 'renders the scoped view if turned on and view is available' do
     swap Devise, :scoped_views => true do
       assert_raise Webrat::NotFoundError do
@@ -240,15 +220,15 @@ class AuthenticationTest < ActionController::IntegrationTest
 
   test 'renders the scoped view if turned on in an specific controller' do
     begin
-      SessionsController.scoped_views = true
+      Devise::SessionsController.scoped_views = true
       assert_raise Webrat::NotFoundError do
         sign_in_as_user
       end
 
       assert_match /Special user view/, response.body
-      assert !PasswordsController.scoped_views
+      assert !Devise::PasswordsController.scoped_views
     ensure
-      SessionsController.send :remove_instance_variable, :@scoped_views
+      Devise::SessionsController.send :remove_instance_variable, :@scoped_views
     end
   end
 
@@ -268,73 +248,33 @@ class AuthenticationTest < ActionController::IntegrationTest
     end
   end
 
-  test 'render 404 on roles without permission' do
-    get 'admin_area/password/new'
-    assert_response :not_found
-    assert_not_contain 'Send me reset password instructions'
-  end
-
-  test 'render 404 on roles without mapping' do
-    get 'sign_in'
-    assert_response :not_found
-    assert_not_contain 'Sign in'
-  end
-
+  # Default scope
   test 'uses the mapping from the default scope if specified' do
     swap Devise, :use_default_scope => true do
-      get 'sign_in'
+      get '/sign_in'
       assert_response :ok
       assert_contain 'Sign in'
     end
   end
-end
-
-class AuthenticationSignOutViaTest < ActionController::IntegrationTest
-  def sign_in!(scope)
-    visit send("new_#{scope}_session_path")
-    sign_in_as_user(:visit => false)
-    assert warden.authenticated?(scope)
-  end
-
-  test 'allow sign out via delete when sign_out_via provides only delete' do
-    sign_in!(:sign_out_via_delete)
-    delete destroy_sign_out_via_delete_session_path
-    assert_not warden.authenticated?(:sign_out_via_delete)
-  end
-
-  test 'do not allow sign out via get when sign_out_via provides only delete' do
-    sign_in!(:sign_out_via_delete)
-    get destroy_sign_out_via_delete_session_path
-    assert warden.authenticated?(:sign_out_via_delete)
-  end
 
-  test 'allow sign out via post when sign_out_via provides only post' do
-    sign_in!(:sign_out_via_post)
-    post destroy_sign_out_via_post_session_path
-    assert_not warden.authenticated?(:sign_out_via_post)
+  # Custom controller
+  test 'uses the custom controller with the custom controller view' do
+    get '/admin_area/sign_in'
+    assert_contain 'Sign in'
+    assert_contain 'Welcome to "sessions" controller!'
+    assert_contain 'Welcome to "sessions/new" view!'
   end
 
-  test 'do not allow sign out via get when sign_out_via provides only post' do
-    sign_in!(:sign_out_via_post)
-    get destroy_sign_out_via_delete_session_path
-    assert warden.authenticated?(:sign_out_via_post)
-  end
-
-  test 'allow sign out via delete when sign_out_via provides any method' do
-    sign_in!(:sign_out_via_anymethod)
-    delete destroy_sign_out_via_anymethod_session_path
-    assert_not warden.authenticated?(:sign_out_via_anymethod)
-  end
-
-  test 'allow sign out via post when sign_out_via provides any method' do
-    sign_in!(:sign_out_via_anymethod)
-    post destroy_sign_out_via_anymethod_session_path
-    assert_not warden.authenticated?(:sign_out_via_anymethod)
+  # Access
+  test 'render 404 on roles without permission' do
+    get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true
+    assert_response :not_found
+    assert_not_contain 'Send me reset password instructions'
   end
 
-  test 'allow sign out via get when sign_out_via provides any method' do
-    sign_in!(:sign_out_via_anymethod)
-    get destroy_sign_out_via_anymethod_session_path
-    assert_not warden.authenticated?(:sign_out_via_anymethod)
+  test 'render 404 on roles without mapping' do
+    get '/sign_in', {}, "action_dispatch.show_exceptions" => true
+    assert_response :not_found
+    assert_not_contain 'Sign in'
   end
 end

data/test/integration/http_authenticatable_test.rb

@@ -16,14 +16,6 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
   end
 
-  test 'uses the request format as response content type' do
-    sign_in_as_new_user_with_http("unknown", "123456", :xml)
-    assert_equal 401, status
-    assert_equal "application/xml", headers["Content-Type"]
-    # Cannot assert this due to a bug between integration tests and rack on 2.3
-    # assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
-  end
-
   test 'returns a custom response with www-authenticate and chosen realm' do
     swap Devise, :http_authentication_realm => "MyApp" do
       sign_in_as_new_user_with_http("unknown")
@@ -44,9 +36,9 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
 
   private
 
-    def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
+    def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
       user = create_user
-      get users_path(:format => format), {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
+      get users_path, {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
       user
     end
 end

data/test/integration/lockable_test.rb

@@ -36,16 +36,6 @@ class LockTest < ActionController::IntegrationTest
     assert_equal 0, ActionMailer::Base.deliveries.size
   end
 
-  test 'unlocked pages should not be available if email strategy is disabled' do
-    visit new_user_unlock_path
-    assert_response :success
-
-    swap Devise, :unlock_strategy => :time do
-      visit new_user_unlock_path
-      assert_response :not_found
-    end
-  end
-
   test 'user with invalid unlock token should not be able to unlock an account' do
     visit_user_unlock_with_token('invalid_token')
 
@@ -57,19 +47,20 @@ class LockTest < ActionController::IntegrationTest
 
   test "locked user should be able to unlock account" do
     user = create_user(:locked => true)
-    assert user.access_locked?
+    assert user.locked?
 
     visit_user_unlock_with_token(user.unlock_token)
 
     assert_template 'home/index'
     assert_contain 'Your account was successfully unlocked.'
 
-    assert_not user.reload.access_locked?
+    assert_not user.reload.locked?
   end
 
   test "sign in user automatically after unlocking it's account" do
     user = create_user(:locked => true)
     visit_user_unlock_with_token(user.unlock_token)
+
     assert warden.authenticated?(:user)
   end
 
@@ -80,16 +71,6 @@ class LockTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
 
-  test "user should not send a new e-mail if already locked" do
-    user = create_user(:locked => true)
-    user.update_attribute(:failed_attempts, User.maximum_attempts + 1)
-    ActionMailer::Base.deliveries.clear
-
-    sign_in_as_user(:password => "invalid")
-    assert_contain 'Invalid email or password.'
-    assert ActionMailer::Base.deliveries.empty?
-  end
-
   test 'error message is configurable by resource name' do
     store_translations :en, :devise => {
       :sessions => { :admin => { :locked => "You are locked!" } }

data/test/integration/recoverable_test.rb

@@ -134,7 +134,7 @@ class PasswordTest < ActionController::IntegrationTest
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token
 
-    assert_redirected_to new_user_session_path(:unconfirmed => true)
+    assert_current_path new_user_session_path(:unconfirmed => true)
     assert !warden.authenticated?(:user)
   end
 

data/test/integration/registerable_test.rb

@@ -3,7 +3,7 @@ require 'test/test_helper'
 class RegistrationTest < ActionController::IntegrationTest
 
   test 'a guest admin should be able to sign in successfully' do
-    visit new_admin_session_path
+    get new_admin_session_path
     click_link 'Sign up'
 
     assert_template 'registrations/new'
@@ -21,24 +21,17 @@ class RegistrationTest < ActionController::IntegrationTest
   end
 
   test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
-    visit new_user_registration_path
+    get new_user_registration_path
 
     fill_in 'email', :with => 'new_user@test.com'
     fill_in 'password', :with => 'new_user123'
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_equal "You have signed up successfully. If enabled, a confirmation was sent to your e-mail.", @controller.send(:flash)[:notice]
-
-    # For some reason flash is not being set correctly, so instead of getting the
-    # "signed_up" message we get the unconfirmed one. Seems to be an issue with
-    # the internal redirect by the hook and the tests.
-    # follow_redirect!
-    # assert_contain 'You have signed up successfully.'
-    # assert_not_contain 'confirm your account'
-
-    follow_redirect!
+    assert_contain 'You have signed up successfully.'
     assert_contain 'Sign in'
+    assert_not_contain 'Confirm your account'
+
     assert_not warden.authenticated?(:user)
 
     user = User.last
@@ -47,7 +40,7 @@ class RegistrationTest < ActionController::IntegrationTest
   end
 
   test 'a guest user cannot sign up with invalid information' do
-    visit new_user_registration_path
+    get new_user_registration_path
 
     fill_in 'email', :with => 'invalid_email'
     fill_in 'password', :with => 'new_user123'
@@ -65,7 +58,7 @@ class RegistrationTest < ActionController::IntegrationTest
 
   test 'a guest should not sign up with email/password that already exists' do
     user = create_user
-    visit new_user_registration_path
+    get new_user_registration_path
 
     fill_in 'email', :with => 'user@test.com'
     fill_in 'password', :with => '123456'
@@ -79,20 +72,19 @@ class RegistrationTest < ActionController::IntegrationTest
   end
 
   test 'a guest should not be able to change account' do
-    visit edit_user_registration_path
-    follow_redirect!
-    assert_template 'sessions/new'
+    get edit_user_registration_path
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
   end
 
   test 'a signed in user should not be able to access sign up' do
     sign_in_as_user
-    visit new_user_registration_path
-    assert_template 'home/index'
+    get new_user_registration_path
+    assert_redirected_to root_path
   end
 
   test 'a signed in user should be able to edit his account' do
     sign_in_as_user
-    visit edit_user_registration_path
+    get edit_user_registration_path
 
     fill_in 'email', :with => 'user.new@email.com'
     fill_in 'current password', :with => '123456'
@@ -104,39 +96,42 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_equal "user.new@email.com", User.first.email
   end
 
-  test 'a signed in user should be able to edit his password' do
+  test 'a signed in user should not change his current user with invalid password' do
     sign_in_as_user
-    visit edit_user_registration_path
+    get edit_user_registration_path
 
-    fill_in 'password', :with => 'pas123'
-    fill_in 'password confirmation', :with => 'pas123'
-    fill_in 'current password', :with => '123456'
+    fill_in 'email', :with => 'user.new@email.com'
+    fill_in 'current password', :with => 'invalid'
     click_button 'Update'
 
-    assert_template 'home/index'
-    assert_contain 'You updated your account successfully.'
+    assert_template 'registrations/edit'
+    assert_contain 'user@test.com'
+    assert_have_selector 'form input[value="user.new@email.com"]'
 
-    assert User.first.valid_password?('pas123')
+    assert_equal "user@test.com", User.first.email
   end
 
-  test 'a signed in user should not be able to edit his password with invalid confirmation' do
+
+  test 'a signed in user should be able to edit his password' do
     sign_in_as_user
     get edit_user_registration_path
-  
+
     fill_in 'password', :with => 'pas123'
-    fill_in 'password confirmation', :with => ''
+    fill_in 'password confirmation', :with => 'pas123'
     fill_in 'current password', :with => '123456'
     click_button 'Update'
-  
-    assert_contain "Password doesn't match confirmation"
-    assert_not User.first.valid_password?('pas123')
+
+    assert_template 'home/index'
+    assert_contain 'You updated your account successfully.'
+
+    assert User.first.valid_password?('pas123')
   end
 
   test 'a signed in user should be able to cancel his account' do
     sign_in_as_user
-    visit edit_user_registration_path
+    get edit_user_registration_path
 
-    click_link "Cancel my account"
+    click_link "Cancel my account", :method => :delete
     assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
 
     assert User.all.empty?

data/test/integration/rememberable_test.rb

@@ -28,27 +28,20 @@ class RememberMeTest < ActionController::IntegrationTest
     assert warden.user(:user) == user
   end
 
-  test 'does not remember other scopes' do
-    user = create_user_and_remember
-    get root_path
-    assert_response :success
-    assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
-  end
-
   test 'do not remember with invalid token' do
     user = create_user_and_remember('add')
     get users_path
-    assert_response :success
     assert_not warden.authenticated?(:user)
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
   end
 
   test 'do not remember with token expired' do
     user = create_user_and_remember
-    Devise.remember_for = 0
-    get users_path
-    assert_response :success
-    assert_not warden.authenticated?(:user)
+    swap Devise, :remember_for => 0 do
+      get users_path
+      assert_not warden.authenticated?(:user)
+      assert_redirected_to new_user_session_path(:unauthenticated => true)
+    end
   end
 
   test 'forget the user before sign out' do
@@ -67,16 +60,5 @@ class RememberMeTest < ActionController::IntegrationTest
     get destroy_user_session_path
     get users_path
     assert_not warden.authenticated?(:user)
-    assert_equal cookies['remember_user_token'], ''
-  end
-
-  test 'cookies are destroyed on unverified requests' do
-    swap HomeController, :allow_forgery_protection => true do
-      user = create_user_and_remember
-      get users_path
-      assert warden.authenticated?(:user)
-      post root_path, :authenticity_token => 'INVALID'
-      assert_not warden.authenticated?(:user)
-    end
   end
 end