devise 1.1.pre4 → 1.1.rc0

data/test/devise_test.rb

@@ -1,8 +1,11 @@
-require 'test/test_helper'
+require 'test_helper'
 
 module Devise
-  def self.clean_warden_config!
-    @warden_config = nil
+  def self.yield_and_restore
+    c, b = @@warden_config, @@warden_config_block
+    yield
+  ensure
+    @@warden_config, @@warden_config_block = c, b
   end
 end
 
@@ -20,28 +23,21 @@ class DeviseTest < ActiveSupport::TestCase
     end
   end
 
-  test 'warden manager configuration' do
-    config = Warden::Config.new
-    Devise.configure_warden(config)
-
-    assert_equal Devise::FailureApp, config.failure_app
-    assert_equal [:rememberable, :token_authenticatable, :http_authenticatable, :authenticatable], config.default_strategies
-    assert_equal :user, config.default_scope
-    assert config.silence_missing_strategies?
+  test 'stores warden configuration' do
+    assert_equal Devise::FailureApp, Devise.warden_config.failure_app
+    assert_equal :user, Devise.warden_config.default_scope
   end
 
   test 'warden manager user configuration through a block' do
-    begin
+    Devise.yield_and_restore do
       @executed = false
       Devise.warden do |config|
         @executed = true
         assert_kind_of Warden::Config, config
       end
 
-      Devise.configure_warden(Warden::Config.new)
+      Devise.configure_warden!
       assert @executed
-    ensure
-      Devise.clean_warden_config!
     end
   end
 
@@ -52,8 +48,8 @@ class DeviseTest < ActiveSupport::TestCase
     assert_not defined?(Devise::Models::Coconut)
     Devise::ALL.delete(:coconut)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => true) }
-    assert_equal 1, Devise::STRATEGIES.select { |v| v == :banana }.size
+    assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => :fruits) }
+    assert_equal :fruits, Devise::STRATEGIES[:banana]
     Devise::ALL.delete(:banana)
     Devise::STRATEGIES.delete(:banana)
 

data/test/encryptors_test.rb

@@ -1,3 +1,5 @@
+require 'test_helper'
+
 class Encryptors < ActiveSupport::TestCase
   test 'should match a password created by authlogic' do
     authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"

data/test/failure_app_test.rb

@@ -1,7 +1,10 @@
-require 'test/test_helper'
+require 'test_helper'
 require 'ostruct'
 
 class FailureTest < ActiveSupport::TestCase
+  def self.context(name, &block)
+    instance_eval(&block)
+  end
 
   def call_failure(env_params={})
     env = {
@@ -9,38 +12,84 @@ class FailureTest < ActiveSupport::TestCase
       'REQUEST_URI' => 'http://test.host/',
       'HTTP_HOST' => 'test.host',
       'REQUEST_METHOD' => 'GET',
-      'rack.session' => {}
+      'rack.session' => {},
+      'rack.input' => "",
+      'warden' => OpenStruct.new(:message => nil)
     }.merge!(env_params)
-    Devise::FailureApp.call(env)
+    
+    @response = Devise::FailureApp.call(env).to_a
+    @request  = ActionDispatch::Request.new(env)
   end
 
-  test 'return 302 status' do
-    assert_equal 302, call_failure.first
+  def call_failure_with_http(env_params={})
+    env = { "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("foo:bar")}" }
+    call_failure(env_params.merge!(env))
   end
 
-  test 'return to the default redirect location' do
-    assert_equal 'http://test.host/users/sign_in?unauthenticated=true', call_failure.second['Location']
-  end
+  context 'When redirecting' do
+    test 'return 302 status' do
+      call_failure
+      assert_equal 302, @response.first
+    end
 
-  test 'uses the proxy failure message' do
-    warden = OpenStruct.new(:message => :test)
-    location = call_failure('warden' => warden).second['Location']
-    assert_equal 'http://test.host/users/sign_in?test=true', location
-  end
+    test 'return to the default redirect location' do
+      call_failure
+      assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+      assert_equal 'http://test.host/users/sign_in', @response.second['Location']
+    end
+
+    test 'uses the proxy failure message as symbol' do
+      call_failure('warden' => OpenStruct.new(:message => :test))
+      assert_equal 'test', @request.flash[:alert]
+      assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+    end
 
-  test 'uses the given message' do
-    warden = OpenStruct.new(:message => 'Hello world')
-    location = call_failure('warden' => warden).second['Location']
-    assert_equal 'http://test.host/users/sign_in?message=Hello+world', location
+    test 'uses the proxy failure message as string' do
+      call_failure('warden' => OpenStruct.new(:message => 'Hello world'))
+      assert_equal 'Hello world', @request.flash[:alert]
+      assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+    end
+
+    test 'set content type to default text/html' do
+      call_failure
+      assert_equal 'text/html; charset=utf-8', @response.second['Content-Type']
+    end
+
+    test 'setup a default message' do
+      call_failure
+      assert_match /You are being/, @response.last.body
+      assert_match /redirected/, @response.last.body
+      assert_match /users\/sign_in/, @response.last.body
+    end
   end
 
-  test 'set content type to default text/html' do
-    assert_equal 'text/html; charset=utf-8', call_failure.second['Content-Type']
+  context 'For HTTP request' do
+    test 'return 401 status' do
+      call_failure_with_http
+      assert_equal 401, @response.first
+    end
+
+    test 'return WWW-authenticate headers' do
+      call_failure_with_http
+      assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
+    end
+
+    test 'uses the proxy failure message as response body' do
+      call_failure_with_http('warden' => OpenStruct.new(:message => :invalid))
+      assert_equal 'Invalid email or password.', @response.third.body
+    end
   end
 
-  test 'setup a default message' do
-    assert_match /You are being/, call_failure.last.body
-    assert_match /redirected/, call_failure.last.body
-    assert_match /\?unauthenticated=true/, call_failure.last.body
+  context 'With recall' do
+    test 'calls the original controller' do
+      env = {
+        "action_dispatch.request.parameters" => { :controller => "devise/sessions" },
+        "warden.options" => { :recall => "new", :attempted_path => "/users/sign_in" },
+        "warden" => stub_everything
+      }
+      call_failure(env)
+      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('Invalid email or password.')
+    end
   end
 end

data/test/integration/confirmable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class ConfirmationTest < ActionController::IntegrationTest
 
@@ -11,7 +11,7 @@ class ConfirmationTest < ActionController::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     visit new_user_session_path
-    click_link 'Didn\'t receive confirmation instructions?'
+    click_link "Didn't receive confirmation instructions?"
 
     fill_in 'email', :with => user.email
     click_button 'Resend confirmation instructions'
@@ -88,9 +88,9 @@ class ConfirmationTest < ActionController::IntegrationTest
 
   test 'error message is configurable by resource name' do
     store_translations :en, :devise => {
-      :sessions => { :admin => { :unconfirmed => "Not confirmed user" } }
+      :failure => { :user => { :unconfirmed => "Not confirmed user" } }
     } do
-      get new_admin_session_path(:unconfirmed => true)
+      sign_in_as_user(:confirm => false)
       assert_contain 'Not confirmed user'
     end
   end

data/test/integration/{authenticatable_test.rb → database_authenticatable_test.rb}

@@ -1,6 +1,6 @@
-require 'test/test_helper'
+require 'test_helper'
 
-class AuthenticationSanityTest < ActionController::IntegrationTest
+class DatabaseAuthenticationSanityTest < ActionController::IntegrationTest
   test 'home should be accessible without sign in' do
     visit '/'
     assert_response :success
@@ -50,7 +50,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
   test 'not signed in as admin should not be able to access admins actions' do
     get admins_path
 
-    assert_redirected_to new_admin_session_path(:unauthenticated => true)
+    assert_redirected_to new_admin_session_path
     assert_not warden.authenticated?(:admin)
   end
 
@@ -60,7 +60,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:admin)
 
     get admins_path
-    assert_redirected_to new_admin_session_path(:unauthenticated => true)
+    assert_redirected_to new_admin_session_path
   end
 
   test 'signed in as admin should be able to access admin actions' do
@@ -134,7 +134,7 @@ class AuthenticationTest < ActionController::IntegrationTest
   end
 
   test 'error message is configurable by resource name' do
-    store_translations :en, :devise => { :sessions => { :admin => { :invalid => "Invalid credentials" } } } do
+    store_translations :en, :devise => { :failure => { :admin => { :invalid => "Invalid credentials" } } } do
       sign_in_as_admin do
         fill_in 'password', :with => 'abcdef'
       end
@@ -146,7 +146,7 @@ class AuthenticationTest < ActionController::IntegrationTest
   test 'redirect from warden shows sign in or sign up message' do
     get admins_path
 
-    warden_path = new_admin_session_path(:unauthenticated => true)
+    warden_path = new_admin_session_path
     assert_redirected_to warden_path
 
     get warden_path
@@ -157,35 +157,35 @@ class AuthenticationTest < ActionController::IntegrationTest
     sign_in_as_user
 
     assert_template 'home/index'
-    assert_nil session[:"user.return_to"]
+    assert_nil session[:"user_return_to"]
   end
 
   test 'redirect to requested url after sign in' do
     get users_path
-    assert_redirected_to new_user_session_path(:unauthenticated => true)
-    assert_equal users_path, session[:"user.return_to"]
+    assert_redirected_to new_user_session_path
+    assert_equal users_path, session[:"user_return_to"]
 
     follow_redirect!
     sign_in_as_user :visit => false
 
     assert_template 'users/index'
-    assert_nil session[:"user.return_to"]
+    assert_nil session[:"user_return_to"]
   end
 
   test 'redirect to last requested url overwriting the stored return_to option' do
     get expire_user_path(create_user)
-    assert_redirected_to new_user_session_path(:unauthenticated => true)
-    assert_equal expire_user_path(create_user), session[:"user.return_to"]
+    assert_redirected_to new_user_session_path
+    assert_equal expire_user_path(create_user), session[:"user_return_to"]
 
     get users_path
-    assert_redirected_to new_user_session_path(:unauthenticated => true)
-    assert_equal users_path, session[:"user.return_to"]
+    assert_redirected_to new_user_session_path
+    assert_equal users_path, session[:"user_return_to"]
 
     follow_redirect!
     sign_in_as_user :visit => false
 
     assert_template 'users/index'
-    assert_nil session[:"user.return_to"]
+    assert_nil session[:"user_return_to"]
   end
 
   test 'redirect to configured home path for a given scope after sign in' do
@@ -199,7 +199,7 @@ class AuthenticationTest < ActionController::IntegrationTest
 
     User.destroy_all
     get '/users'
-    assert_redirected_to '/users/sign_in?unauthenticated=true'
+    assert_redirected_to new_user_session_path
   end
 
   test 'allows session to be set by a given scope' do
@@ -226,7 +226,7 @@ class AuthenticationTest < ActionController::IntegrationTest
       end
 
       assert_match /Special user view/, response.body
-      assert !Devise::PasswordsController.scoped_views
+      assert !Devise::PasswordsController.scoped_views?
     ensure
       Devise::SessionsController.send :remove_instance_variable, :@scoped_views
     end
@@ -265,6 +265,24 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_contain 'Welcome to "sessions/new" view!'
   end
 
+  # Custom strategy invoking custom!
+  test 'custom strategy invoking custom on sign up bevahes as expected' do
+    Warden::Strategies.add(:custom) do
+      def authenticate!
+        custom!([401, {"Content-Type" => "text/html"}, ["Custom strategy"]])
+      end
+    end
+
+    begin
+      Devise.warden_config.default_strategies(:scope => :user).unshift(:custom)
+      sign_in_as_user
+      assert_equal 401, status
+      assert_contain 'Custom strategy'
+    ensure
+      Devise.warden_config.default_strategies(:scope => :user).shift
+    end
+  end
+
   # Access
   test 'render 404 on roles without permission' do
     get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true

data/test/integration/http_authenticatable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class HttpAuthenticationTest < ActionController::IntegrationTest
 
@@ -19,8 +19,8 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
   test 'uses the request format as response content type' do
     sign_in_as_new_user_with_http("unknown", "123456", :xml)
     assert_equal 401, status
-    assert_equal "application/xml", headers["Content-Type"]
-    assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
+    assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
+    assert response.body.include?("<error>Invalid email or password.</error>")
   end
 
   test 'returns a custom response with www-authenticate and chosen realm' do

data/test/integration/lockable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class LockTest < ActionController::IntegrationTest
   
@@ -11,7 +11,7 @@ class LockTest < ActionController::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     visit new_user_session_path
-    click_link 'Didn\'t receive unlock instructions?'
+    click_link "Didn't receive unlock instructions?"
 
     fill_in 'email', :with => user.email
     click_button 'Resend unlock instructions'
@@ -26,7 +26,7 @@ class LockTest < ActionController::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     visit new_user_session_path
-    click_link 'Didn\'t receive unlock instructions?'
+    click_link "Didn't receive unlock instructions?"
 
     fill_in 'email', :with => user.email
     click_button 'Resend unlock instructions'
@@ -36,6 +36,15 @@ class LockTest < ActionController::IntegrationTest
     assert_equal 0, ActionMailer::Base.deliveries.size
   end
 
+  test 'unlocked pages should not be available if email strategy is disabled' do
+    visit new_user_unlock_path
+    swap Devise, :unlock_strategy => :time do
+      assert_raise AbstractController::ActionNotFound do
+        visit new_user_unlock_path
+      end
+    end
+  end
+
   test 'user with invalid unlock token should not be able to unlock an account' do
     visit_user_unlock_with_token('invalid_token')
 
@@ -47,20 +56,19 @@ class LockTest < ActionController::IntegrationTest
 
   test "locked user should be able to unlock account" do
     user = create_user(:locked => true)
-    assert user.locked?
+    assert user.access_locked?
 
     visit_user_unlock_with_token(user.unlock_token)
 
     assert_template 'home/index'
     assert_contain 'Your account was successfully unlocked.'
 
-    assert_not user.reload.locked?
+    assert_not user.reload.access_locked?
   end
 
   test "sign in user automatically after unlocking it's account" do
     user = create_user(:locked => true)
     visit_user_unlock_with_token(user.unlock_token)
-
     assert warden.authenticated?(:user)
   end
 
@@ -71,11 +79,23 @@ class LockTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
 
+  test "user should not send a new e-mail if already locked" do
+    user = create_user(:locked => true)
+    user.failed_attempts = User.maximum_attempts + 1
+    user.save!
+
+    ActionMailer::Base.deliveries.clear
+
+    sign_in_as_user(:password => "invalid")
+    assert_contain 'Your account is locked.'
+    assert ActionMailer::Base.deliveries.empty?
+  end
+
   test 'error message is configurable by resource name' do
     store_translations :en, :devise => {
-      :sessions => { :admin => { :locked => "You are locked!" } }
+      :failure => { :user => { :locked => "You are locked!" } }
     } do
-      get new_admin_session_path(:locked => true)
+      user = sign_in_as_user(:locked => true)
       assert_contain 'You are locked!'
     end
   end

data/test/integration/recoverable_test.rb

@@ -1,10 +1,10 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class PasswordTest < ActionController::IntegrationTest
 
   def visit_new_password_path
     visit new_user_session_path
-    click_link 'Forgot password?'
+    click_link 'Forgot your password?'
   end
 
   def request_forgot_password(&block)
@@ -134,7 +134,7 @@ class PasswordTest < ActionController::IntegrationTest
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token
 
-    assert_current_path new_user_session_path(:unconfirmed => true)
+    assert_equal new_user_session_path, @request.path
     assert !warden.authenticated?(:user)
   end