devise 1.0.11 → 1.1.pre
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +6 -72
- data/Gemfile +18 -0
- data/README.rdoc +51 -46
- data/Rakefile +5 -4
- data/app/controllers/{confirmations_controller.rb → devise/confirmations_controller.rb} +2 -2
- data/app/controllers/{passwords_controller.rb → devise/passwords_controller.rb} +4 -3
- data/app/controllers/{registrations_controller.rb → devise/registrations_controller.rb} +11 -7
- data/app/controllers/{sessions_controller.rb → devise/sessions_controller.rb} +11 -8
- data/app/controllers/{unlocks_controller.rb → devise/unlocks_controller.rb} +2 -10
- data/app/models/devise/mailer.rb +55 -0
- data/app/views/{confirmations → devise/confirmations}/new.html.erb +1 -1
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/{passwords → devise/passwords}/edit.html.erb +1 -1
- data/app/views/{passwords → devise/passwords}/new.html.erb +1 -1
- data/app/views/{registrations → devise/registrations}/edit.html.erb +1 -1
- data/app/views/{registrations → devise/registrations}/new.html.erb +1 -1
- data/app/views/{sessions → devise/sessions}/new.html.erb +1 -1
- data/app/views/{shared/_devise_links.erb → devise/shared/_links.erb} +0 -0
- data/app/views/{unlocks → devise/unlocks}/new.html.erb +1 -1
- data/{lib/devise → config}/locales/en.yml +7 -1
- data/lib/devise.rb +6 -29
- data/lib/devise/controllers/helpers.rb +16 -43
- data/lib/devise/controllers/internal_helpers.rb +10 -36
- data/lib/devise/controllers/scoped_views.rb +35 -0
- data/lib/devise/failure_app.rb +7 -14
- data/lib/devise/hooks/rememberable.rb +3 -6
- data/lib/devise/hooks/trackable.rb +1 -1
- data/lib/devise/mapping.rb +17 -18
- data/lib/devise/models.rb +4 -20
- data/lib/devise/models/{database_authenticatable.rb → authenticatable.rb} +16 -28
- data/lib/devise/models/confirmable.rb +25 -23
- data/lib/devise/models/http_authenticatable.rb +3 -7
- data/lib/devise/models/lockable.rb +40 -35
- data/lib/devise/models/recoverable.rb +4 -8
- data/lib/devise/models/rememberable.rb +6 -9
- data/lib/devise/models/timeoutable.rb +1 -3
- data/lib/devise/models/token_authenticatable.rb +4 -5
- data/lib/devise/models/validatable.rb +10 -1
- data/lib/devise/orm/mongo_mapper.rb +10 -23
- data/lib/devise/rails.rb +11 -9
- data/lib/devise/rails/routes.rb +113 -107
- data/lib/devise/rails/warden_compat.rb +3 -41
- data/lib/devise/schema.rb +13 -21
- data/lib/devise/strategies/{database_authenticatable.rb → authenticatable.rb} +3 -3
- data/lib/devise/strategies/http_authenticatable.rb +4 -22
- data/lib/devise/test_helpers.rb +1 -8
- data/lib/devise/version.rb +1 -1
- data/lib/generators/devise/devise_generator.rb +57 -0
- data/{generators → lib/generators}/devise/templates/migration.rb +1 -1
- data/lib/generators/devise_install/devise_install_generator.rb +25 -0
- data/{generators → lib/generators}/devise_install/templates/README +4 -8
- data/{generators → lib/generators}/devise_install/templates/devise.rb +0 -3
- data/lib/generators/devise_views/devise_views_generator.rb +11 -0
- data/test/controllers/helpers_test.rb +15 -9
- data/test/devise_test.rb +1 -6
- data/test/encryptors_test.rb +0 -3
- data/test/failure_app_test.rb +6 -1
- data/test/integration/authenticatable_test.rb +25 -85
- data/test/integration/http_authenticatable_test.rb +2 -10
- data/test/integration/lockable_test.rb +3 -22
- data/test/integration/recoverable_test.rb +1 -1
- data/test/integration/registerable_test.rb +31 -36
- data/test/integration/rememberable_test.rb +6 -24
- data/test/integration/token_authenticatable_test.rb +2 -4
- data/test/integration/trackable_test.rb +1 -1
- data/test/mailers/confirmation_instructions_test.rb +4 -10
- data/test/mailers/unlock_instructions_test.rb +1 -1
- data/test/mapping_test.rb +12 -24
- data/test/models/authenticatable_test.rb +3 -3
- data/test/models/confirmable_test.rb +29 -29
- data/test/models/http_authenticatable_test.rb +19 -0
- data/test/models/lockable_test.rb +45 -44
- data/test/models/recoverable_test.rb +7 -7
- data/test/models/rememberable_test.rb +7 -10
- data/test/models/validatable_test.rb +19 -24
- data/test/models_test.rb +2 -16
- data/test/orm/active_record.rb +3 -4
- data/test/orm/mongo_mapper.rb +2 -10
- data/test/rails_app/app/active_record/admin.rb +1 -1
- data/test/rails_app/app/active_record/user.rb +3 -3
- data/test/rails_app/app/controllers/application_controller.rb +1 -7
- data/test/rails_app/app/controllers/sessions_controller.rb +6 -0
- data/test/rails_app/app/controllers/users_controller.rb +0 -4
- data/test/rails_app/app/mongo_mapper/admin.rb +4 -7
- data/test/rails_app/app/mongo_mapper/user.rb +5 -8
- data/test/rails_app/config/application.rb +32 -0
- data/test/rails_app/config/boot.rb +7 -108
- data/test/rails_app/config/environment.rb +4 -41
- data/test/rails_app/config/environments/development.rb +15 -13
- data/test/rails_app/config/environments/production.rb +25 -20
- data/test/rails_app/config/environments/test.rb +23 -22
- data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
- data/test/rails_app/config/initializers/cookie_verification_secret.rb +7 -0
- data/test/rails_app/config/initializers/devise.rb +0 -3
- data/test/rails_app/config/initializers/session_store.rb +2 -2
- data/test/rails_app/config/routes.rb +17 -21
- data/test/routes_test.rb +30 -47
- data/test/support/{assertions_helper.rb → assertions.rb} +0 -15
- data/test/support/{tests_helper.rb → helpers.rb} +16 -3
- data/test/support/{integration_tests_helper.rb → integration.rb} +8 -4
- data/test/support/webrat/integrations/rails.rb +31 -0
- data/test/test_helper.rb +8 -7
- data/test/test_helpers_test.rb +9 -9
- metadata +53 -128
- data/app/models/devise_mailer.rb +0 -68
- data/app/views/devise_mailer/confirmation_instructions.html.erb +0 -5
- data/app/views/devise_mailer/reset_password_instructions.html.erb +0 -8
- data/app/views/devise_mailer/unlock_instructions.html.erb +0 -7
- data/generators/devise/USAGE +0 -5
- data/generators/devise/devise_generator.rb +0 -15
- data/generators/devise/lib/route_devise.rb +0 -32
- data/generators/devise/templates/model.rb +0 -9
- data/generators/devise_install/USAGE +0 -3
- data/generators/devise_install/devise_install_generator.rb +0 -15
- data/generators/devise_views/USAGE +0 -3
- data/generators/devise_views/devise_views_generator.rb +0 -21
- data/rails/init.rb +0 -2
- data/test/integration/rack_middleware_test.rb +0 -47
- data/test/rails_app/config/initializers/new_rails_defaults.rb +0 -24
data/test/encryptors_test.rb
CHANGED
@@ -1,7 +1,4 @@
|
|
1
|
-
gem 'bcrypt-ruby'
|
2
|
-
|
3
1
|
class Encryptors < ActiveSupport::TestCase
|
4
|
-
|
5
2
|
test 'should match a password created by authlogic' do
|
6
3
|
authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
|
7
4
|
encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')
|
data/test/failure_app_test.rb
CHANGED
@@ -4,7 +4,12 @@ require 'ostruct'
|
|
4
4
|
class FailureTest < ActiveSupport::TestCase
|
5
5
|
|
6
6
|
def call_failure(env_params={})
|
7
|
-
env = {
|
7
|
+
env = {
|
8
|
+
'warden.options' => { :scope => :user },
|
9
|
+
'REQUEST_URI' => 'http://test.host/',
|
10
|
+
'REQUEST_METHOD' => 'GET',
|
11
|
+
'rack.session' => {}
|
12
|
+
}.merge!(env_params)
|
8
13
|
Devise::FailureApp.call(env)
|
9
14
|
end
|
10
15
|
|
@@ -134,9 +134,7 @@ class AuthenticationTest < ActionController::IntegrationTest
|
|
134
134
|
end
|
135
135
|
|
136
136
|
test 'error message is configurable by resource name' do
|
137
|
-
store_translations :en, :devise => {
|
138
|
-
:sessions => { :admin => { :invalid => "Invalid credentials" } }
|
139
|
-
} do
|
137
|
+
store_translations :en, :devise => { :sessions => { :admin => { :invalid => "Invalid credentials" } } } do
|
140
138
|
sign_in_as_admin do
|
141
139
|
fill_in 'password', :with => 'abcdef'
|
142
140
|
end
|
@@ -190,14 +188,6 @@ class AuthenticationTest < ActionController::IntegrationTest
|
|
190
188
|
assert_nil session[:"user.return_to"]
|
191
189
|
end
|
192
190
|
|
193
|
-
test 'xml http requests does not store urls for redirect' do
|
194
|
-
xhr :get, users_path
|
195
|
-
assert_nil session[:"user.return_to"]
|
196
|
-
|
197
|
-
sign_in_as_user
|
198
|
-
assert_template 'home/index'
|
199
|
-
end
|
200
|
-
|
201
191
|
test 'redirect to configured home path for a given scope after sign in' do
|
202
192
|
sign_in_as_admin
|
203
193
|
assert_equal "/admin_area/home", @request.path
|
@@ -205,30 +195,20 @@ class AuthenticationTest < ActionController::IntegrationTest
|
|
205
195
|
|
206
196
|
test 'destroyed account is signed out' do
|
207
197
|
sign_in_as_user
|
208
|
-
|
198
|
+
get '/users'
|
209
199
|
|
210
200
|
User.destroy_all
|
211
|
-
|
201
|
+
get '/users'
|
212
202
|
assert_redirected_to '/users/sign_in?unauthenticated=true'
|
213
203
|
end
|
214
204
|
|
215
205
|
test 'allows session to be set by a given scope' do
|
216
206
|
sign_in_as_user
|
217
|
-
visit 'users/index'
|
218
|
-
assert_equal "Cart", @controller.user_session[:cart]
|
219
|
-
end
|
220
|
-
|
221
|
-
test 'session id is changed on sign in' do
|
222
207
|
get '/users'
|
223
|
-
|
224
|
-
|
225
|
-
get '/users'
|
226
|
-
assert_equal session_id, request.session[:session_id]
|
227
|
-
|
228
|
-
sign_in_as_user
|
229
|
-
assert_not_equal session_id, request.session[:session_id]
|
208
|
+
assert_equal "Cart", @controller.user_session[:cart]
|
230
209
|
end
|
231
210
|
|
211
|
+
# Scoped views
|
232
212
|
test 'renders the scoped view if turned on and view is available' do
|
233
213
|
swap Devise, :scoped_views => true do
|
234
214
|
assert_raise Webrat::NotFoundError do
|
@@ -240,15 +220,15 @@ class AuthenticationTest < ActionController::IntegrationTest
|
|
240
220
|
|
241
221
|
test 'renders the scoped view if turned on in an specific controller' do
|
242
222
|
begin
|
243
|
-
SessionsController.scoped_views = true
|
223
|
+
Devise::SessionsController.scoped_views = true
|
244
224
|
assert_raise Webrat::NotFoundError do
|
245
225
|
sign_in_as_user
|
246
226
|
end
|
247
227
|
|
248
228
|
assert_match /Special user view/, response.body
|
249
|
-
assert !PasswordsController.scoped_views
|
229
|
+
assert !Devise::PasswordsController.scoped_views
|
250
230
|
ensure
|
251
|
-
SessionsController.send :remove_instance_variable, :@scoped_views
|
231
|
+
Devise::SessionsController.send :remove_instance_variable, :@scoped_views
|
252
232
|
end
|
253
233
|
end
|
254
234
|
|
@@ -268,73 +248,33 @@ class AuthenticationTest < ActionController::IntegrationTest
|
|
268
248
|
end
|
269
249
|
end
|
270
250
|
|
271
|
-
|
272
|
-
get 'admin_area/password/new'
|
273
|
-
assert_response :not_found
|
274
|
-
assert_not_contain 'Send me reset password instructions'
|
275
|
-
end
|
276
|
-
|
277
|
-
test 'render 404 on roles without mapping' do
|
278
|
-
get 'sign_in'
|
279
|
-
assert_response :not_found
|
280
|
-
assert_not_contain 'Sign in'
|
281
|
-
end
|
282
|
-
|
251
|
+
# Default scope
|
283
252
|
test 'uses the mapping from the default scope if specified' do
|
284
253
|
swap Devise, :use_default_scope => true do
|
285
|
-
get 'sign_in'
|
254
|
+
get '/sign_in'
|
286
255
|
assert_response :ok
|
287
256
|
assert_contain 'Sign in'
|
288
257
|
end
|
289
258
|
end
|
290
|
-
end
|
291
|
-
|
292
|
-
class AuthenticationSignOutViaTest < ActionController::IntegrationTest
|
293
|
-
def sign_in!(scope)
|
294
|
-
visit send("new_#{scope}_session_path")
|
295
|
-
sign_in_as_user(:visit => false)
|
296
|
-
assert warden.authenticated?(scope)
|
297
|
-
end
|
298
|
-
|
299
|
-
test 'allow sign out via delete when sign_out_via provides only delete' do
|
300
|
-
sign_in!(:sign_out_via_delete)
|
301
|
-
delete destroy_sign_out_via_delete_session_path
|
302
|
-
assert_not warden.authenticated?(:sign_out_via_delete)
|
303
|
-
end
|
304
|
-
|
305
|
-
test 'do not allow sign out via get when sign_out_via provides only delete' do
|
306
|
-
sign_in!(:sign_out_via_delete)
|
307
|
-
get destroy_sign_out_via_delete_session_path
|
308
|
-
assert warden.authenticated?(:sign_out_via_delete)
|
309
|
-
end
|
310
259
|
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
260
|
+
# Custom controller
|
261
|
+
test 'uses the custom controller with the custom controller view' do
|
262
|
+
get '/admin_area/sign_in'
|
263
|
+
assert_contain 'Sign in'
|
264
|
+
assert_contain 'Welcome to "sessions" controller!'
|
265
|
+
assert_contain 'Welcome to "sessions/new" view!'
|
315
266
|
end
|
316
267
|
|
317
|
-
|
318
|
-
|
319
|
-
get
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
test 'allow sign out via delete when sign_out_via provides any method' do
|
324
|
-
sign_in!(:sign_out_via_anymethod)
|
325
|
-
delete destroy_sign_out_via_anymethod_session_path
|
326
|
-
assert_not warden.authenticated?(:sign_out_via_anymethod)
|
327
|
-
end
|
328
|
-
|
329
|
-
test 'allow sign out via post when sign_out_via provides any method' do
|
330
|
-
sign_in!(:sign_out_via_anymethod)
|
331
|
-
post destroy_sign_out_via_anymethod_session_path
|
332
|
-
assert_not warden.authenticated?(:sign_out_via_anymethod)
|
268
|
+
# Access
|
269
|
+
test 'render 404 on roles without permission' do
|
270
|
+
get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true
|
271
|
+
assert_response :not_found
|
272
|
+
assert_not_contain 'Send me reset password instructions'
|
333
273
|
end
|
334
274
|
|
335
|
-
test '
|
336
|
-
sign_in
|
337
|
-
|
338
|
-
|
275
|
+
test 'render 404 on roles without mapping' do
|
276
|
+
get '/sign_in', {}, "action_dispatch.show_exceptions" => true
|
277
|
+
assert_response :not_found
|
278
|
+
assert_not_contain 'Sign in'
|
339
279
|
end
|
340
280
|
end
|
@@ -16,14 +16,6 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
16
16
|
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
|
17
17
|
end
|
18
18
|
|
19
|
-
test 'uses the request format as response content type' do
|
20
|
-
sign_in_as_new_user_with_http("unknown", "123456", :xml)
|
21
|
-
assert_equal 401, status
|
22
|
-
assert_equal "application/xml", headers["Content-Type"]
|
23
|
-
# Cannot assert this due to a bug between integration tests and rack on 2.3
|
24
|
-
# assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
|
25
|
-
end
|
26
|
-
|
27
19
|
test 'returns a custom response with www-authenticate and chosen realm' do
|
28
20
|
swap Devise, :http_authentication_realm => "MyApp" do
|
29
21
|
sign_in_as_new_user_with_http("unknown")
|
@@ -44,9 +36,9 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
44
36
|
|
45
37
|
private
|
46
38
|
|
47
|
-
def sign_in_as_new_user_with_http(username="user@test.com", password="123456"
|
39
|
+
def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
|
48
40
|
user = create_user
|
49
|
-
get users_path
|
41
|
+
get users_path, {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
|
50
42
|
user
|
51
43
|
end
|
52
44
|
end
|
@@ -36,16 +36,6 @@ class LockTest < ActionController::IntegrationTest
|
|
36
36
|
assert_equal 0, ActionMailer::Base.deliveries.size
|
37
37
|
end
|
38
38
|
|
39
|
-
test 'unlocked pages should not be available if email strategy is disabled' do
|
40
|
-
visit new_user_unlock_path
|
41
|
-
assert_response :success
|
42
|
-
|
43
|
-
swap Devise, :unlock_strategy => :time do
|
44
|
-
visit new_user_unlock_path
|
45
|
-
assert_response :not_found
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
39
|
test 'user with invalid unlock token should not be able to unlock an account' do
|
50
40
|
visit_user_unlock_with_token('invalid_token')
|
51
41
|
|
@@ -57,19 +47,20 @@ class LockTest < ActionController::IntegrationTest
|
|
57
47
|
|
58
48
|
test "locked user should be able to unlock account" do
|
59
49
|
user = create_user(:locked => true)
|
60
|
-
assert user.
|
50
|
+
assert user.locked?
|
61
51
|
|
62
52
|
visit_user_unlock_with_token(user.unlock_token)
|
63
53
|
|
64
54
|
assert_template 'home/index'
|
65
55
|
assert_contain 'Your account was successfully unlocked.'
|
66
56
|
|
67
|
-
assert_not user.reload.
|
57
|
+
assert_not user.reload.locked?
|
68
58
|
end
|
69
59
|
|
70
60
|
test "sign in user automatically after unlocking it's account" do
|
71
61
|
user = create_user(:locked => true)
|
72
62
|
visit_user_unlock_with_token(user.unlock_token)
|
63
|
+
|
73
64
|
assert warden.authenticated?(:user)
|
74
65
|
end
|
75
66
|
|
@@ -80,16 +71,6 @@ class LockTest < ActionController::IntegrationTest
|
|
80
71
|
assert_not warden.authenticated?(:user)
|
81
72
|
end
|
82
73
|
|
83
|
-
test "user should not send a new e-mail if already locked" do
|
84
|
-
user = create_user(:locked => true)
|
85
|
-
user.update_attribute(:failed_attempts, User.maximum_attempts + 1)
|
86
|
-
ActionMailer::Base.deliveries.clear
|
87
|
-
|
88
|
-
sign_in_as_user(:password => "invalid")
|
89
|
-
assert_contain 'Invalid email or password.'
|
90
|
-
assert ActionMailer::Base.deliveries.empty?
|
91
|
-
end
|
92
|
-
|
93
74
|
test 'error message is configurable by resource name' do
|
94
75
|
store_translations :en, :devise => {
|
95
76
|
:sessions => { :admin => { :locked => "You are locked!" } }
|
@@ -134,7 +134,7 @@ class PasswordTest < ActionController::IntegrationTest
|
|
134
134
|
request_forgot_password
|
135
135
|
reset_password :reset_password_token => user.reload.reset_password_token
|
136
136
|
|
137
|
-
|
137
|
+
assert_current_path new_user_session_path(:unconfirmed => true)
|
138
138
|
assert !warden.authenticated?(:user)
|
139
139
|
end
|
140
140
|
|
@@ -3,7 +3,7 @@ require 'test/test_helper'
|
|
3
3
|
class RegistrationTest < ActionController::IntegrationTest
|
4
4
|
|
5
5
|
test 'a guest admin should be able to sign in successfully' do
|
6
|
-
|
6
|
+
get new_admin_session_path
|
7
7
|
click_link 'Sign up'
|
8
8
|
|
9
9
|
assert_template 'registrations/new'
|
@@ -21,24 +21,17 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
21
21
|
end
|
22
22
|
|
23
23
|
test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
|
24
|
-
|
24
|
+
get new_user_registration_path
|
25
25
|
|
26
26
|
fill_in 'email', :with => 'new_user@test.com'
|
27
27
|
fill_in 'password', :with => 'new_user123'
|
28
28
|
fill_in 'password confirmation', :with => 'new_user123'
|
29
29
|
click_button 'Sign up'
|
30
30
|
|
31
|
-
|
32
|
-
|
33
|
-
# For some reason flash is not being set correctly, so instead of getting the
|
34
|
-
# "signed_up" message we get the unconfirmed one. Seems to be an issue with
|
35
|
-
# the internal redirect by the hook and the tests.
|
36
|
-
# follow_redirect!
|
37
|
-
# assert_contain 'You have signed up successfully.'
|
38
|
-
# assert_not_contain 'confirm your account'
|
39
|
-
|
40
|
-
follow_redirect!
|
31
|
+
assert_contain 'You have signed up successfully.'
|
41
32
|
assert_contain 'Sign in'
|
33
|
+
assert_not_contain 'Confirm your account'
|
34
|
+
|
42
35
|
assert_not warden.authenticated?(:user)
|
43
36
|
|
44
37
|
user = User.last
|
@@ -47,7 +40,7 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
47
40
|
end
|
48
41
|
|
49
42
|
test 'a guest user cannot sign up with invalid information' do
|
50
|
-
|
43
|
+
get new_user_registration_path
|
51
44
|
|
52
45
|
fill_in 'email', :with => 'invalid_email'
|
53
46
|
fill_in 'password', :with => 'new_user123'
|
@@ -65,7 +58,7 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
65
58
|
|
66
59
|
test 'a guest should not sign up with email/password that already exists' do
|
67
60
|
user = create_user
|
68
|
-
|
61
|
+
get new_user_registration_path
|
69
62
|
|
70
63
|
fill_in 'email', :with => 'user@test.com'
|
71
64
|
fill_in 'password', :with => '123456'
|
@@ -79,20 +72,19 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
79
72
|
end
|
80
73
|
|
81
74
|
test 'a guest should not be able to change account' do
|
82
|
-
|
83
|
-
|
84
|
-
assert_template 'sessions/new'
|
75
|
+
get edit_user_registration_path
|
76
|
+
assert_redirected_to new_user_session_path(:unauthenticated => true)
|
85
77
|
end
|
86
78
|
|
87
79
|
test 'a signed in user should not be able to access sign up' do
|
88
80
|
sign_in_as_user
|
89
|
-
|
90
|
-
|
81
|
+
get new_user_registration_path
|
82
|
+
assert_redirected_to root_path
|
91
83
|
end
|
92
84
|
|
93
85
|
test 'a signed in user should be able to edit his account' do
|
94
86
|
sign_in_as_user
|
95
|
-
|
87
|
+
get edit_user_registration_path
|
96
88
|
|
97
89
|
fill_in 'email', :with => 'user.new@email.com'
|
98
90
|
fill_in 'current password', :with => '123456'
|
@@ -104,39 +96,42 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
104
96
|
assert_equal "user.new@email.com", User.first.email
|
105
97
|
end
|
106
98
|
|
107
|
-
test 'a signed in user should
|
99
|
+
test 'a signed in user should not change his current user with invalid password' do
|
108
100
|
sign_in_as_user
|
109
|
-
|
101
|
+
get edit_user_registration_path
|
110
102
|
|
111
|
-
fill_in '
|
112
|
-
fill_in 'password
|
113
|
-
fill_in 'current password', :with => '123456'
|
103
|
+
fill_in 'email', :with => 'user.new@email.com'
|
104
|
+
fill_in 'current password', :with => 'invalid'
|
114
105
|
click_button 'Update'
|
115
106
|
|
116
|
-
assert_template '
|
117
|
-
assert_contain '
|
107
|
+
assert_template 'registrations/edit'
|
108
|
+
assert_contain 'user@test.com'
|
109
|
+
assert_have_selector 'form input[value="user.new@email.com"]'
|
118
110
|
|
119
|
-
|
111
|
+
assert_equal "user@test.com", User.first.email
|
120
112
|
end
|
121
113
|
|
122
|
-
|
114
|
+
|
115
|
+
test 'a signed in user should be able to edit his password' do
|
123
116
|
sign_in_as_user
|
124
117
|
get edit_user_registration_path
|
125
|
-
|
118
|
+
|
126
119
|
fill_in 'password', :with => 'pas123'
|
127
|
-
fill_in 'password confirmation', :with => ''
|
120
|
+
fill_in 'password confirmation', :with => 'pas123'
|
128
121
|
fill_in 'current password', :with => '123456'
|
129
122
|
click_button 'Update'
|
130
|
-
|
131
|
-
|
132
|
-
|
123
|
+
|
124
|
+
assert_template 'home/index'
|
125
|
+
assert_contain 'You updated your account successfully.'
|
126
|
+
|
127
|
+
assert User.first.valid_password?('pas123')
|
133
128
|
end
|
134
129
|
|
135
130
|
test 'a signed in user should be able to cancel his account' do
|
136
131
|
sign_in_as_user
|
137
|
-
|
132
|
+
get edit_user_registration_path
|
138
133
|
|
139
|
-
click_link "Cancel my account"
|
134
|
+
click_link "Cancel my account", :method => :delete
|
140
135
|
assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
|
141
136
|
|
142
137
|
assert User.all.empty?
|
@@ -28,27 +28,20 @@ class RememberMeTest < ActionController::IntegrationTest
|
|
28
28
|
assert warden.user(:user) == user
|
29
29
|
end
|
30
30
|
|
31
|
-
test 'does not remember other scopes' do
|
32
|
-
user = create_user_and_remember
|
33
|
-
get root_path
|
34
|
-
assert_response :success
|
35
|
-
assert warden.authenticated?(:user)
|
36
|
-
assert_not warden.authenticated?(:admin)
|
37
|
-
end
|
38
|
-
|
39
31
|
test 'do not remember with invalid token' do
|
40
32
|
user = create_user_and_remember('add')
|
41
33
|
get users_path
|
42
|
-
assert_response :success
|
43
34
|
assert_not warden.authenticated?(:user)
|
35
|
+
assert_redirected_to new_user_session_path(:unauthenticated => true)
|
44
36
|
end
|
45
37
|
|
46
38
|
test 'do not remember with token expired' do
|
47
39
|
user = create_user_and_remember
|
48
|
-
Devise
|
49
|
-
|
50
|
-
|
51
|
-
|
40
|
+
swap Devise, :remember_for => 0 do
|
41
|
+
get users_path
|
42
|
+
assert_not warden.authenticated?(:user)
|
43
|
+
assert_redirected_to new_user_session_path(:unauthenticated => true)
|
44
|
+
end
|
52
45
|
end
|
53
46
|
|
54
47
|
test 'forget the user before sign out' do
|
@@ -67,16 +60,5 @@ class RememberMeTest < ActionController::IntegrationTest
|
|
67
60
|
get destroy_user_session_path
|
68
61
|
get users_path
|
69
62
|
assert_not warden.authenticated?(:user)
|
70
|
-
assert_equal cookies['remember_user_token'], ''
|
71
|
-
end
|
72
|
-
|
73
|
-
test 'cookies are destroyed on unverified requests' do
|
74
|
-
swap HomeController, :allow_forgery_protection => true do
|
75
|
-
user = create_user_and_remember
|
76
|
-
get users_path
|
77
|
-
assert warden.authenticated?(:user)
|
78
|
-
post root_path, :authenticity_token => 'INVALID'
|
79
|
-
assert_not warden.authenticated?(:user)
|
80
|
-
end
|
81
63
|
end
|
82
64
|
end
|