RubyGems - devise - Versions diffs - 1.1.9 → 1.2.rc - Mend

devise 1.1.9 → 1.2.rc

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (121) hide show

data/CHANGELOG.rdoc +34 -26
data/README.rdoc +134 -100
data/app/controllers/devise/confirmations_controller.rb +1 -1
data/app/controllers/devise/omniauth_callbacks_controller.rb +26 -0
data/app/controllers/devise/passwords_controller.rb +1 -1
data/app/controllers/devise/registrations_controller.rb +59 -6
data/app/controllers/devise/sessions_controller.rb +3 -2
data/app/controllers/devise/unlocks_controller.rb +1 -1
data/app/helpers/devise_helper.rb +4 -2
data/app/mailers/devise/mailer.rb +27 -10
data/app/views/devise/confirmations/new.html.erb +1 -1
data/app/views/devise/passwords/edit.html.erb +2 -2
data/app/views/devise/passwords/new.html.erb +1 -1
data/app/views/devise/registrations/edit.html.erb +1 -1
data/app/views/devise/registrations/new.html.erb +1 -1
data/app/views/devise/sessions/new.html.erb +1 -1
data/app/views/devise/shared/_links.erb +6 -0
data/app/views/devise/unlocks/new.html.erb +1 -1
data/config/locales/en.yml +9 -2
data/lib/devise.rb +116 -58
data/lib/devise/controllers/helpers.rb +103 -107
data/lib/devise/controllers/internal_helpers.rb +23 -7
data/lib/devise/controllers/scoped_views.rb +4 -6
data/lib/devise/controllers/url_helpers.rb +3 -5
data/lib/devise/encryptors/base.rb +1 -1
data/lib/devise/encryptors/restful_authentication_sha1.rb +4 -4
data/lib/devise/failure_app.rb +29 -21
data/lib/devise/hooks/forgetable.rb +2 -1
data/lib/devise/hooks/rememberable.rb +11 -9
data/lib/devise/mapping.rb +12 -5
data/lib/devise/models.rb +0 -14
data/lib/devise/models/authenticatable.rb +40 -30
data/lib/devise/models/confirmable.rb +11 -15
data/lib/devise/models/database_authenticatable.rb +23 -35
data/lib/devise/models/encryptable.rb +65 -0
data/lib/devise/models/lockable.rb +8 -7
data/lib/devise/models/omniauthable.rb +23 -0
data/lib/devise/models/recoverable.rb +5 -3
data/lib/devise/models/registerable.rb +13 -0
data/lib/devise/models/rememberable.rb +38 -30
data/lib/devise/models/timeoutable.rb +20 -3
data/lib/devise/models/token_authenticatable.rb +19 -7
data/lib/devise/models/validatable.rb +16 -4
data/lib/devise/modules.rb +15 -8
data/lib/devise/omniauth.rb +47 -0
data/lib/devise/omniauth/config.rb +30 -0
data/lib/devise/omniauth/test_helpers.rb +57 -0
data/lib/devise/omniauth/url_helpers.rb +29 -0
data/lib/devise/orm/active_record.rb +2 -0
data/lib/devise/orm/mongoid.rb +4 -2
data/lib/devise/rails.rb +26 -46
data/lib/devise/rails/routes.rb +64 -20
data/lib/devise/rails/warden_compat.rb +18 -20
data/lib/devise/schema.rb +13 -14
data/lib/devise/strategies/authenticatable.rb +33 -7
data/lib/devise/strategies/database_authenticatable.rb +1 -1
data/lib/devise/strategies/rememberable.rb +1 -1
data/lib/devise/strategies/token_authenticatable.rb +6 -2
data/lib/devise/test_helpers.rb +11 -1
data/lib/devise/version.rb +1 -1
data/lib/generators/active_record/templates/migration.rb +1 -0
data/lib/generators/devise/orm_helpers.rb +3 -2
data/lib/generators/templates/devise.rb +70 -39
data/test/controllers/helpers_test.rb +43 -67
data/test/controllers/internal_helpers_test.rb +29 -8
data/test/controllers/url_helpers_test.rb +2 -1
data/test/failure_app_test.rb +56 -21
data/test/generators/generators_test_helper.rb +4 -0
data/test/generators/install_generator_test.rb +14 -0
data/test/generators/views_generator_test.rb +37 -0
data/test/integration/authenticatable_test.rb +147 -62
data/test/integration/database_authenticatable_test.rb +22 -0
data/test/integration/http_authenticatable_test.rb +12 -2
data/test/integration/omniauthable_test.rb +107 -0
data/test/integration/recoverable_test.rb +39 -20
data/test/integration/registerable_test.rb +30 -4
data/test/integration/rememberable_test.rb +57 -34
data/test/integration/timeoutable_test.rb +10 -1
data/test/integration/token_authenticatable_test.rb +12 -17
data/test/mailers/confirmation_instructions_test.rb +4 -0
data/test/mailers/reset_password_instructions_test.rb +4 -0
data/test/mailers/unlock_instructions_test.rb +4 -0
data/test/mapping_test.rb +37 -3
data/test/models/confirmable_test.rb +3 -3
data/test/models/database_authenticatable_test.rb +14 -71
data/test/models/encryptable_test.rb +65 -0
data/test/models/lockable_test.rb +17 -1
data/test/models/recoverable_test.rb +17 -0
data/test/models/rememberable_test.rb +186 -125
data/test/models/token_authenticatable_test.rb +1 -13
data/test/models_test.rb +5 -5
data/test/omniauth/url_helpers_test.rb +47 -0
data/test/rails_app/app/active_record/admin.rb +4 -1
data/test/rails_app/app/active_record/user.rb +5 -4
data/test/rails_app/app/controllers/{sessions_controller.rb → admins/sessions_controller.rb} +1 -1
data/test/rails_app/app/controllers/home_controller.rb +9 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -0
data/test/rails_app/app/mongoid/admin.rb +4 -1
data/test/rails_app/app/mongoid/shim.rb +16 -3
data/test/rails_app/app/mongoid/user.rb +5 -5
data/test/rails_app/config/initializers/devise.rb +52 -28
data/test/rails_app/config/routes.rb +14 -6
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +21 -17
data/test/rails_app/db/schema.rb +17 -51
data/test/rails_app/lib/shared_admin.rb +9 -0
data/test/rails_app/lib/shared_user.rb +23 -0
data/test/routes_test.rb +42 -9
data/test/support/integration.rb +3 -3
data/test/support/webrat/integrations/rails.rb +7 -0
data/test/test_helper.rb +2 -0
data/test/test_helpers_test.rb +29 -0
metadata +60 -30
data/Gemfile +0 -27
data/Gemfile.lock +0 -115
data/Rakefile +0 -55
data/TODO +0 -3
data/lib/devise/encryptors/bcrypt.rb +0 -19
data/lib/generators/devise_install_generator.rb +0 -4
data/lib/generators/devise_views_generator.rb +0 -4
data/test/indifferent_hash.rb +0 -33
data/test/support/test_silencer.rb +0 -5

data/test/integration/database_authenticatable_test.rb CHANGED

@@ -1,6 +1,28 @@
 require 'test_helper'
 class DatabaseAuthenticationTest < ActionController::IntegrationTest
+  test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+    sign_in_as_user do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    assert warden.authenticated?(:user)
+  end
+  test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+      sign_in_as_user do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+      assert_not warden.authenticated?(:user)
+    end
+  end
   test 'sign in should not authenticate if not using proper authentication keys' do
     swap Devise, :authentication_keys => [:username] do
       sign_in_as_user

data/test/integration/http_authenticatable_test.rb CHANGED

@@ -47,6 +47,16 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     end
   end
+  test 'sign in should authenticate with really long token' do
+    token = "token_containing_so_many_characters_that_the_base64_encoding_will_wrap"
+    user = create_user
+    user.update_attribute :authentication_token, token
+    get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{token}:x")}"
+    assert_response :success
+    assert_match "<email>user@test.com</email>", response.body
+    assert warden.authenticated?(:user)
+  end
   private
     def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
@@ -54,11 +64,11 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
       get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
       user
     end
     # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
     def add_oauth2_header
       user = create_user
       get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{ActiveSupport::Base64.encode64("#{user.email}:123456")}"
     end
-end
+end

data/test/integration/omniauthable_test.rb ADDED

@@ -0,0 +1,107 @@
+require 'test_helper'
+class OmniauthableIntegrationTest < ActionController::IntegrationTest
+  FACEBOOK_INFO = {
+    :id => '12345',
+    :link => 'http://facebook.com/josevalim',
+    :email => 'user@example.com',
+    :first_name => 'Jose',
+    :last_name => 'Valim',
+    :website => 'http://blog.plataformatec.com.br'
+  }
+  ACCESS_TOKEN = {
+    :access_token => "plataformatec"
+  }
+  setup do
+    stub_facebook!
+    Devise::OmniAuth.short_circuit_authorizers!
+  end
+  teardown do
+    Devise::OmniAuth.unshort_circuit_authorizers!
+    Devise::OmniAuth.reset_stubs!
+  end
+  def stub_facebook!
+    Devise::OmniAuth.stub!(:facebook) do |b|
+      b.post('/oauth/access_token') { [200, {}, ACCESS_TOKEN.to_json] }
+      b.get('/me?access_token=plataformatec') { [200, {}, FACEBOOK_INFO.to_json] }
+    end
+  end
+  test "can access omniauth.auth in the env hash" do
+    visit "/users/sign_in"
+    click_link "Sign in with Facebook"
+    json = ActiveSupport::JSON.decode(response.body)
+    assert_equal "12345",         json["uid"]
+    assert_equal "facebook",      json["provider"]
+    assert_equal "josevalim",     json["user_info"]["nickname"]
+    assert_equal FACEBOOK_INFO,   json["extra"]["user_hash"].symbolize_keys
+    assert_equal "plataformatec", json["credentials"]["token"]
+  end
+  test "cleans up session on sign up" do
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+    assert session["devise.facebook_data"]
+    assert_difference "User.count" do
+      visit "/users/sign_up"
+      fill_in "Password", :with => "123456"
+      fill_in "Password confirmation", :with => "123456"
+      click_button "Sign up"
+    end
+    assert_current_url "/"
+    assert_contain "You have signed up successfully."
+    assert_contain "Hello User user@example.com"
+    assert_not session["devise.facebook_data"]
+  end
+  test "cleans up session on cancel" do
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+    assert session["devise.facebook_data"]
+    visit "/users/cancel"
+    assert !session["devise.facebook_data"]
+  end
+  test "cleans up session on sign in" do
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+    assert session["devise.facebook_data"]
+    user = sign_in_as_user
+    assert !session["devise.facebook_data"]
+  end
+  test "handles callback error parameter according to the specification" do
+    visit "/users/auth/facebook/callback?error=access_denied"
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Access denied".'
+  end
+  test "handles other exceptions from omniauth" do
+    Devise::OmniAuth.stub!(:facebook) do |b|
+      b.post('/oauth/access_token') { [401, {}, {}.to_json] }
+    end
+    visit "/users/sign_in"
+    click_link "Sign in with facebook"
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
+  end
+end

data/test/integration/recoverable_test.rb CHANGED

@@ -9,9 +9,7 @@ class PasswordTest < ActionController::IntegrationTest
   def request_forgot_password(&block)
     visit_new_password_path
     assert_response :success
-    assert_template 'passwords/new'
     assert_not warden.authenticated?(:user)
     fill_in 'email', :with => 'user@test.com'
@@ -19,19 +17,42 @@ class PasswordTest < ActionController::IntegrationTest
     click_button 'Send me reset password instructions'
   end
-  def reset_password(options={}, &block)
-    unless options[:visit] == false
-      visit edit_user_password_path(:reset_password_token => options[:reset_password_token])
-    end
+  def reset_password(options={}, &block)
+    visit edit_user_password_path(:reset_password_token => options[:reset_password_token]) unless options[:visit] == false
     assert_response :success
-    assert_template 'passwords/edit'
-    fill_in 'Password', :with => '987654321'
-    fill_in 'Password confirmation', :with => '987654321'
+    fill_in 'New password', :with => '987654321'
+    fill_in 'Confirm new password', :with => '987654321'
     yield if block_given?
     click_button 'Change my password'
   end
+  test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+    request_forgot_password do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+  test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+      request_forgot_password do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+      assert_response :success
+      assert_current_url '/users/password'
+      assert_have_selector "input[type=email][value='foo@bar.com']"
+      assert_contain 'not found'
+    end
+  end
   test 'authenticated user should not be able to visit forgot password page' do
     sign_in_as_user
     assert warden.authenticated?(:user)
@@ -46,7 +67,7 @@ class PasswordTest < ActionController::IntegrationTest
     create_user
     request_forgot_password
-    assert_template 'sessions/new'
+    assert_current_url '/users/sign_in'
     assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
   end
@@ -56,16 +77,14 @@ class PasswordTest < ActionController::IntegrationTest
     end
     assert_response :success
-    assert_template 'passwords/new'
-    assert_have_selector 'input[type=text][value=\'invalid.test@test.com\']'
-    assert_contain 'Email not found'
+    assert_current_url '/users/password'
+    assert_have_selector "input[type=email][value='invalid.test@test.com']"
+    assert_contain 'not found'
   end
   test 'authenticated user should not be able to visit edit password page' do
     sign_in_as_user
     get edit_user_password_path
     assert_response :redirect
     assert_redirected_to root_path
     assert warden.authenticated?(:user)
@@ -76,7 +95,7 @@ class PasswordTest < ActionController::IntegrationTest
     reset_password :reset_password_token => 'invalid_reset_password'
     assert_response :success
-    assert_template 'passwords/edit'
+    assert_current_url '/users/password'
     assert_have_selector '#error_explanation'
     assert_contain /Reset password token(.*)invalid/
     assert_not user.reload.valid_password?('987654321')
@@ -86,11 +105,11 @@ class PasswordTest < ActionController::IntegrationTest
     user = create_user
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token do
-      fill_in 'Password confirmation', :with => 'other_password'
+      fill_in 'Confirm new password', :with => 'other_password'
     end
     assert_response :success
-    assert_template 'passwords/edit'
+    assert_current_url '/users/password'
     assert_have_selector '#error_explanation'
     assert_contain 'Password doesn\'t match confirmation'
     assert_not user.reload.valid_password?('987654321')
@@ -101,7 +120,7 @@ class PasswordTest < ActionController::IntegrationTest
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token
-    assert_template 'home/index'
+    assert_current_url '/'
     assert_contain 'Your password was changed successfully.'
     assert user.reload.valid_password?('987654321')
   end
@@ -110,7 +129,7 @@ class PasswordTest < ActionController::IntegrationTest
     user = create_user
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token do
-      fill_in 'Password confirmation', :with => 'other_password'
+      fill_in 'Confirm new password', :with => 'other_password'
     end
     assert_response :success
     assert_have_selector '#error_explanation'

data/test/integration/registerable_test.rb CHANGED

@@ -13,7 +13,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
-    assert_contain 'You have signed up successfully.'
+    assert_contain 'Welcome! You have signed up successfully.'
     assert warden.authenticated?(:admin)
     admin = Admin.last :order => "id"
@@ -28,8 +28,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
-    assert_contain 'You have signed up successfully'
-    assert_contain 'Sign in'
+    assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
     assert_not_contain 'You have to confirm your account before continuing'
     assert_not warden.authenticated?(:user)
@@ -51,6 +50,7 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_have_selector '#error_explanation'
     assert_contain "Email is invalid"
     assert_contain "Password doesn't match confirmation"
+    assert_contain "2 errors prohibited"
     assert_nil User.first
     assert_not warden.authenticated?(:user)
@@ -66,7 +66,7 @@ class RegistrationTest < ActionController::IntegrationTest
     click_button 'Sign up'
     assert_current_url '/users'
-    assert_contain(/Email .* already.*taken/)
+    assert_contain(/Email.*already.*taken/)
     assert_not warden.authenticated?(:user)
   end
@@ -98,6 +98,20 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_equal "user.new@email.com", User.first.email
   end
+  test 'a signed in user should still be able to use the website after changing his password' do
+    sign_in_as_user
+    get edit_user_registration_path
+    fill_in 'password', :with => '12345678'
+    fill_in 'password confirmation', :with => '12345678'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+    assert_contain 'You updated your account successfully.'
+    get users_path
+    assert warden.authenticated?(:user)
+  end
   test 'a signed in user should not change his current user with invalid password' do
     sign_in_as_user
     get edit_user_registration_path
@@ -150,4 +164,16 @@ class RegistrationTest < ActionController::IntegrationTest
     assert User.all.empty?
   end
+  test 'a user should be able to cancel sign up by deleting data in the session' do
+    get "/set"
+    assert_equal "something", @request.session["devise.foo_bar"]
+    get "/users/sign_up"
+    assert_equal "something", @request.session["devise.foo_bar"]
+    get "/users/cancel"
+    assert_nil @request.session["devise.foo_bar"]
+    assert_redirected_to new_user_registration_path
+  end
 end

data/test/integration/rememberable_test.rb CHANGED

@@ -1,7 +1,6 @@
 require 'test_helper'
 class RememberMeTest < ActionController::IntegrationTest
   def create_user_and_remember(add_to_token='')
     user = create_user
     user.remember_me!
@@ -10,6 +9,14 @@ class RememberMeTest < ActionController::IntegrationTest
     user
   end
+  def create_admin_and_remember
+    admin = create_admin
+    admin.remember_me!
+    raw_cookie = Admin.serialize_into_cookie(admin)
+    cookies['remember_admin_token'] = generate_signed_cookie(raw_cookie)
+    admin
+  end
   def generate_signed_cookie(raw_cookie)
     request = ActionDispatch::TestRequest.new
     request.cookie_jar.signed['raw_cookie'] = raw_cookie
@@ -29,32 +36,30 @@ class RememberMeTest < ActionController::IntegrationTest
   test 'do not remember the user if he has not checked remember me option' do
     user = sign_in_as_user
     assert_nil request.cookies["remember_user_cookie"]
-    assert_nil user.reload.remember_token
   end
   test 'generate remember token after sign in' do
     user = sign_in_as_user :remember_me => true
     assert request.cookies["remember_user_token"]
-    assert user.reload.remember_token
   end
-  test 'generate remember token after sign in setting cookie domain' do
+  test 'generate remember token after sign in setting cookie options' do
     # We test this by asserting the cookie is not sent after the redirect
     # since we changed the domain. This is the only difference with the
     # previous test.
-    swap User, :cookie_domain => "omg.somewhere.com" do
+    swap Devise, :cookie_options => { :domain => "omg.somewhere.com" } do
       user = sign_in_as_user :remember_me => true
       assert_nil request.cookies["remember_user_token"]
     end
   end
-  test 'cookies are destroyed on unverified requests' do
-    swap ApplicationController, :allow_forgery_protection => true do
-      user = create_user_and_remember
-      get users_path
-      assert warden.authenticated?(:user)
-      post root_path, :authenticity_token => 'INVALID'
-      assert_not warden.authenticated?(:user)
+  test 'generate remember token after sign in setting session options' do
+    begin
+      Rails.configuration.session_options[:domain] = "omg.somewhere.com"
+      user = sign_in_as_user :remember_me => true
+      assert_nil request.cookies["remember_user_token"]
+    ensure
+      Rails.configuration.session_options.delete(:domain)
     end
   end
@@ -84,29 +89,29 @@ class RememberMeTest < ActionController::IntegrationTest
   test 'if both extend_remember_period and remember_across_browsers are true, sends the same token with a new expire date' do
     swap Devise, :remember_across_browsers => true, :extend_remember_period => true, :remember_for => 1.year do
-      user  = create_user_and_remember
-      token = user.remember_token
+      admin = create_admin_and_remember
+      token = admin.remember_token
-      user.remember_created_at = old = 10.minutes.ago
-      user.save!
+      admin.remember_created_at = old = 10.minutes.ago
+      admin.save!
-      get users_path
-      assert (cookie_expires("remember_user_token") - 1.year) > (old + 5.minutes)
-      assert_equal token, signed_cookie("remember_user_token").last
+      get root_path
+      assert (cookie_expires("remember_admin_token") - 1.year) > (old + 5.minutes)
+      assert_equal token, signed_cookie("remember_admin_token").last
     end
   end
   test 'if both extend_remember_period and remember_across_browsers are false, sends a new token with old expire date' do
     swap Devise, :remember_across_browsers => false, :extend_remember_period => false, :remember_for => 1.year do
-      user  = create_user_and_remember
-      token = user.remember_token
+      admin = create_admin_and_remember
+      token = admin.remember_token
-      user.remember_created_at = old = 10.minutes.ago
-      user.save!
+      admin.remember_created_at = old = 10.minutes.ago
+      admin.save!
-      get users_path
-      assert (cookie_expires("remember_user_token") - 1.year) < (old + 5.minutes)
-      assert_not_equal token, signed_cookie("remember_user_token").last
+      get root_path
+      assert (cookie_expires("remember_admin_token") - 1.year) < (old + 5.minutes)
+      assert_not_equal token, signed_cookie("remember_admin_token").last
     end
   end
@@ -134,23 +139,41 @@ class RememberMeTest < ActionController::IntegrationTest
     end
   end
-  test 'forget the user before sign out' do
+  test 'do not remember the user anymore after forget' do
     user = create_user_and_remember
     get users_path
     assert warden.authenticated?(:user)
     get destroy_user_session_path
     assert_not warden.authenticated?(:user)
-    assert_nil user.reload.remember_token
+    assert_nil warden.cookies['remember_user_token']
+    get users_path
+    assert_not warden.authenticated?(:user)
     assert_nil warden.cookies['remember_user_token']
   end
-  test 'do not remember the user anymore after forget' do
+  test 'do not remember the admin anymore after forget' do
+    admin = create_admin_and_remember
+    get root_path
+    assert warden.authenticated?(:admin)
+    get destroy_admin_session_path
+    assert_not warden.authenticated?(:admin)
+    assert_nil warden.cookies['remember_admin_token']
+    get root_path
+    assert_not warden.authenticated?(:admin)
+    assert_nil warden.cookies['remember_admin_token']
+  end
+  test 'changing user password expires remember me token' do
     user = create_user_and_remember
-    get users_path
-    assert warden.authenticated?(:user)
-    get destroy_user_session_path
+    user.password = "another_password"
+    user.password_confirmation = "another_password"
+    user.save!
     get users_path
     assert_not warden.authenticated?(:user)
-    assert_nil warden.cookies['remember_user_token']
   end
-end
+end