devise 1.1.pre4 → 1.1.rc0

data/test/integration/registerable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class RegistrationTest < ActionController::IntegrationTest
 
@@ -28,9 +28,9 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_contain 'You have signed up successfully.'
+    assert_contain 'You have signed up successfully'
     assert_contain 'Sign in'
-    assert_not_contain 'Confirm your account'
+    assert_not_contain 'You have to confirm your account before continuing'
 
     assert_not warden.authenticated?(:user)
 
@@ -73,7 +73,9 @@ class RegistrationTest < ActionController::IntegrationTest
 
   test 'a guest should not be able to change account' do
     get edit_user_registration_path
-    assert_redirected_to new_user_session_path(:unauthenticated => true)
+    assert_redirected_to new_user_session_path
+    follow_redirect!
+    assert_contain 'You need to sign in or sign up before continuing.'
   end
 
   test 'a signed in user should not be able to access sign up' do

data/test/integration/rememberable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class RememberMeTest < ActionController::IntegrationTest
 
@@ -6,10 +6,17 @@ class RememberMeTest < ActionController::IntegrationTest
     Devise.remember_for = 1
     user = create_user
     user.remember_me!
-    cookies['remember_user_token'] = User.serialize_into_cookie(user) + add_to_token
+    raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
+    cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
     user
   end
 
+  def generate_signed_cookie(raw_cookie)
+    request = ActionDispatch::Request.new({})
+    request.cookie_jar.signed['raw_cookie'] = raw_cookie
+    request.cookie_jar['raw_cookie']
+  end
+
   test 'do not remember the user if he has not checked remember me option' do
     user = sign_in_as_user
     assert_nil user.reload.remember_token
@@ -40,7 +47,7 @@ class RememberMeTest < ActionController::IntegrationTest
     user = create_user_and_remember('add')
     get users_path
     assert_not warden.authenticated?(:user)
-    assert_redirected_to new_user_session_path(:unauthenticated => true)
+    assert_redirected_to new_user_session_path
   end
 
   test 'do not remember with token expired' do
@@ -48,7 +55,7 @@ class RememberMeTest < ActionController::IntegrationTest
     swap Devise, :remember_for => 0 do
       get users_path
       assert_not warden.authenticated?(:user)
-      assert_redirected_to new_user_session_path(:unauthenticated => true)
+      assert_redirected_to new_user_session_path
     end
   end
 

data/test/integration/timeoutable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class SessionTimeoutTest < ActionController::IntegrationTest
 
@@ -32,7 +32,7 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert_not_nil last_request_at
 
     get users_path
-    assert_redirected_to new_user_session_path(:timeout => true)
+    assert_redirected_to new_user_session_path
     assert_not warden.authenticated?(:user)
   end
 
@@ -47,14 +47,14 @@ class SessionTimeoutTest < ActionController::IntegrationTest
 
       get expire_user_path(user)
       get users_path
-      assert_redirected_to new_user_session_path(:timeout => true)
+      assert_redirected_to new_user_session_path
       assert_not warden.authenticated?(:user)
     end
   end
 
   test 'error message with i18n' do
     store_translations :en, :devise => {
-      :sessions => { :user => { :timeout => 'Session expired!' } }
+      :failure => { :user => { :timeout => 'Session expired!' } }
     } do
       user = sign_in_as_user
 

data/test/integration/token_authenticatable_test.rb

@@ -1,10 +1,21 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class TokenAuthenticationTest < ActionController::IntegrationTest
 
-  test 'sign in should authenticate with valid authentication token and proper authentication token key' do
+  test 'authenticate with valid authentication token key and value through params' do
     swap Devise, :token_authentication_key => :secret_token do
-      sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
+      sign_in_as_new_user_with_token
+
+      assert_response :success
+      assert_template 'users/index'
+      assert_contain 'Welcome'
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'authenticate with valid authentication token key and value through http' do
+    swap Devise, :token_authentication_key => :secret_token do
+      sign_in_as_new_user_with_token(:http_auth => true)
 
       assert_response :success
       assert_template 'users/index'
@@ -13,10 +24,30 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
-  test 'signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
+  test 'does authenticate with valid authentication token key and value through params if not configured' do
+    swap Devise, :token_authentication_key => :secret_token, :params_authenticatable => [:database] do
+      sign_in_as_new_user_with_token
+
+      assert_contain 'You need to sign in or sign up before continuing'
+      assert_contain 'Sign in'
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  test 'does authenticate with valid authentication token key and value through http if not configured' do
+    swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:database] do
+      sign_in_as_new_user_with_token(:http_auth => true)
+
+      assert_response 401
+      assert_contain 'Invalid email or password.'
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  test 'does not authenticate with improper authentication token key' do
     swap Devise, :token_authentication_key => :donald_duck_token do
       sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
-      assert_current_path new_user_session_path(:unauthenticated => true)
+      assert_equal new_user_session_path, @request.path
 
       assert_contain 'You need to sign in or sign up before continuing'
       assert_contain 'Sign in'
@@ -24,12 +55,11 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
-  test 'signing in with invalid authentication token should return to sign in form with error message' do
-    store_translations :en, :devise => {:sessions => {:invalid_token => 'LOL, that was not a single character correct.'}} do
+  test 'does not authenticate with improper authentication token value' do
+    store_translations :en, :devise => {:failure => {:invalid_token => 'LOL, that was not a single character correct.'}} do
       sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
-      assert_current_path new_user_session_path(:invalid_token => true)
+      assert_equal new_user_session_path, @request.path
 
-      assert_response :success
       assert_contain 'LOL, that was not a single character correct.'
       assert_contain 'Sign in'
       assert_not warden.authenticated?(:user)
@@ -46,7 +76,13 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
       user.authentication_token = VALID_AUTHENTICATION_TOKEN
       user.save
 
-      visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
+      if options[:http_auth]
+        header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
+        get users_path, {}, "HTTP_AUTHORIZATION" => header
+      else
+        visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
+      end
+
       user
     end
 

data/test/integration/trackable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class TrackableHooksTest < ActionController::IntegrationTest
 
@@ -39,7 +39,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
 
   test "increase sign in count" do
     user = create_user
-    assert_nil user.sign_in_count
+    assert_equal 0, user.sign_in_count
 
     sign_in_as_user
     user.reload

data/test/mailers/confirmation_instructions_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class ConfirmationInstructionsTest < ActionMailer::TestCase
 
@@ -23,7 +23,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert_equal 'text/html', mail.content_type
+    assert mail.content_type.include?('text/html')
   end
 
   test 'send confirmation instructions to the user email' do
@@ -48,13 +48,13 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
 
   test 'body should have user info' do
-    assert_match /#{user.email}/, mail.body
+    assert_match /#{user.email}/, mail.body.encoded
   end
 
   test 'body should have link to confirm the account' do
     host = ActionMailer::Base.default_url_options[:host]
     confirmation_url_regexp = %r{<a href=\"http://#{host}/users/confirmation\?confirmation_token=#{user.confirmation_token}">}
-    assert_match confirmation_url_regexp, mail.body
+    assert_match confirmation_url_regexp, mail.body.encoded
   end
 
   test 'renders a scoped if scoped_views is set to true' do
@@ -73,7 +73,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
 
   test 'mailer sender accepts a proc' do
-    swap Devise, :mailer_sender => lambda { "another@example.com" } do
+    swap Devise, :mailer_sender => proc { "another@example.com" } do
       assert_equal ['another@example.com'], mail.from
     end
   end

data/test/mailers/reset_password_instructions_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class ResetPasswordInstructionsTest < ActionMailer::TestCase
 
@@ -27,7 +27,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert_equal 'text/html', mail.content_type
+    assert mail.content_type.include?('text/html')
   end
 
   test 'send confirmation instructions to the user email' do
@@ -51,17 +51,17 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
   end
 
   test 'body should have user info' do
-    assert_match /#{user.email}/, mail.body
+    assert_match(/#{user.email}/, mail.body.encoded)
   end
 
   test 'body should have link to confirm the account' do
     host = ActionMailer::Base.default_url_options[:host]
     reset_url_regexp = %r{<a href=\"http://#{host}/users/password/edit\?reset_password_token=#{user.reset_password_token}">}
-    assert_match reset_url_regexp, mail.body
+    assert_match reset_url_regexp, mail.body.encoded
   end
 
   test 'mailer sender accepts a proc' do
-    swap Devise, :mailer_sender => lambda { "another@example.com" } do
+    swap Devise, :mailer_sender => proc { "another@example.com" } do
       assert_equal ['another@example.com'], mail.from
     end
   end

data/test/mailers/unlock_instructions_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class UnlockInstructionsTest < ActionMailer::TestCase
 
@@ -10,7 +10,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   def user
     @user ||= begin
       user = create_user
-      user.lock!
+      user.lock_access!
       user
     end
   end
@@ -27,7 +27,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert_equal 'text/html', mail.content_type
+    assert mail.content_type.include?('text/html')
   end
 
   test 'send unlock instructions to the user email' do
@@ -51,12 +51,12 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   end
 
   test 'body should have user info' do
-    assert_match /#{user.email}/, mail.body
+    assert_match(/#{user.email}/, mail.body.encoded)
   end
 
   test 'body should have link to unlock the account' do
     host = ActionMailer::Base.default_url_options[:host]
     unlock_url_regexp = %r{<a href=\"http://#{host}/users/unlock\?unlock_token=#{user.unlock_token}">}
-    assert_match unlock_url_regexp, mail.body
+    assert_match unlock_url_regexp, mail.body.encoded
   end
 end

data/test/mapping_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class MappingTest < ActiveSupport::TestCase
 
@@ -13,7 +13,7 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal :admin_area, Devise.mappings[:admin].as
   end
 
-  test 'allow custom scope to be given' do
+  test 'allows custom scope to be given' do
     assert_equal :accounts, Devise.mappings[:manager].as
   end
 
@@ -26,7 +26,12 @@ class MappingTest < ActiveSupport::TestCase
     allowed = Devise.mappings[:admin].allowed_controllers
     assert allowed.include?("sessions")
     assert_not allowed.include?("devise/confirmations")
-    assert_not allowed.include?("devise/passwords")
+    assert_not allowed.include?("devise/unlocks")
+  end
+
+  test 'has strategies depending on the model declaration' do
+    assert_equal [:rememberable, :token_authenticatable, :database_authenticatable], Devise.mappings[:user].strategies
+    assert_equal [:database_authenticatable], Devise.mappings[:admin].strategies
   end
 
   test 'find mapping by path' do
@@ -38,22 +43,17 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal Devise.mappings[:admin], Devise::Mapping.find_by_path("/admin_area/session")
   end
 
-  test 'find mapping by class' do
-    assert_nil Devise::Mapping.find_by_class(String)
-    assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(User)
-  end
-
-  test 'find mapping by class works with single table inheritance' do
-    klass = Class.new(User)
-    assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(klass)
-  end
-
   test 'find scope for a given object' do
     assert_equal :user, Devise::Mapping.find_scope!(User)
     assert_equal :user, Devise::Mapping.find_scope!(:user)
     assert_equal :user, Devise::Mapping.find_scope!(User.new)
   end
 
+  test 'find scope works with single table inheritance' do
+    assert_equal :user, Devise::Mapping.find_scope!(Class.new(User))
+    assert_equal :user, Devise::Mapping.find_scope!(Class.new(User).new)
+  end
+
   test 'find scope raises an error if cannot be found' do
     assert_raise RuntimeError do
       Devise::Mapping.find_scope!(String)
@@ -110,8 +110,9 @@ class MappingTest < ActiveSupport::TestCase
 
     mapping = Devise.mappings[:admin]
     assert mapping.authenticatable?
+    assert mapping.recoverable?
     assert_not mapping.confirmable?
-    assert_not mapping.recoverable?
+    assert_not mapping.lockable?
     assert_not mapping.rememberable?
   end
 end

data/test/models/confirmable_test.rb

@@ -1,4 +1,4 @@
-require 'test/test_helper'
+require 'test_helper'
 
 class ConfirmableTest < ActiveSupport::TestCase
 
@@ -11,15 +11,6 @@ class ConfirmableTest < ActiveSupport::TestCase
     assert_not_nil create_user.confirmation_token
   end
 
-  test 'should regenerate confirmation token each time' do
-    user = create_user
-    3.times do
-      token = user.confirmation_token
-      user.resend_confirmation!
-      assert_not_equal token, user.confirmation_token
-    end
-  end
-
   test 'should never generate the same confirmation token for different users' do
     confirmation_tokens = []
     3.times do
@@ -62,20 +53,20 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'should find and confirm an user automatically' do
     user = create_user
-    confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
+    confirmed_user = User.confirm_by_token(user.confirmation_token)
     assert_equal confirmed_user, user
     assert user.reload.confirmed?
   end
 
   test 'should return a new record with errors when a invalid token is given' do
-    confirmed_user = User.confirm!(:confirmation_token => 'invalid_confirmation_token')
-    assert confirmed_user.new_record?
+    confirmed_user = User.confirm_by_token('invalid_confirmation_token')
+    assert_not confirmed_user.persisted?
     assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join
   end
 
   test 'should return a new record with errors when a blank token is given' do
-    confirmed_user = User.confirm!(:confirmation_token => '')
-    assert confirmed_user.new_record?
+    confirmed_user = User.confirm_by_token('')
+    assert_not confirmed_user.persisted?
     assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join
   end
 
@@ -83,18 +74,11 @@ class ConfirmableTest < ActiveSupport::TestCase
     user = create_user
     user.confirmed_at = Time.now
     user.save
-    confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
+    confirmed_user = User.confirm_by_token(user.confirmation_token)
     assert confirmed_user.confirmed?
     assert_equal "was already confirmed", confirmed_user.errors[:email].join
   end
 
-  test 'should authenticate a confirmed user' do
-    user = create_user
-    user.confirm!
-    authenticated_user = User.authenticate(:email => user.email, :password => user.password)
-    assert_equal authenticated_user, user
-  end
-
   test 'should send confirmation instructions by email' do
     assert_email_sent do
       create_user
@@ -128,7 +112,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'should return a new user if no email was found' do
     confirmation_user = User.send_confirmation_instructions(:email => "invalid@email.com")
-    assert confirmation_user.new_record?
+    assert_not confirmation_user.persisted?
   end
 
   test 'should add error to new user email if no email was found' do
@@ -137,13 +121,6 @@ class ConfirmableTest < ActiveSupport::TestCase
     assert_equal "not found", confirmation_user.errors[:email].join
   end
 
-  test 'should generate a confirmation token before send the confirmation instructions email' do
-    user = create_user
-    token = user.confirmation_token
-    confirmation_user = User.send_confirmation_instructions(:email => user.email)
-    assert_not_equal token, user.reload.confirmation_token
-  end
-
   test 'should send email instructions for the user confirm it\'s email' do
     user = create_user
     assert_email_sent do
@@ -173,7 +150,7 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should not be able to send instructions if the user is already confirmed' do
     user = create_user
     user.confirm!
-    assert_not user.resend_confirmation!
+    assert_not user.resend_confirmation_token
     assert user.confirmed?
     assert_equal 'was already confirmed', user.errors[:email].join
   end