devise 1.1.rc1 → 1.1.rc2

data/lib/generators/devise_generator.rb

@@ -0,0 +1,2 @@
+# Remove this file on next rails release
+require "generators/devise/devise/devise_generator"

data/lib/generators/devise_install_generator.rb

@@ -0,0 +1,4 @@
+# Remove this file after deprecation
+if caller.none? { |l| l =~ %r{lib/rails/generators\.rb:(\d+):in `lookup!'$} }
+  warn "[WARNING] `rails g devise_install` is deprecated, please use `rails g devise:install` instead."
+end

data/lib/generators/devise_views_generator.rb

@@ -0,0 +1,4 @@
+# Remove this file after deprecation
+if caller.none? { |l| l =~ %r{lib/rails/generators\.rb:(\d+):in `lookup!'$} }
+  warn "[WARNING] `rails g devise_views` is deprecated, please use `rails g devise:views` instead."
+end

data/test/controllers/helpers_test.rb

@@ -53,6 +53,13 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.signed_in?(:my_scope)
   end
 
+  test 'proxy anybody_signed_in? to signed_in?' do
+    Devise.mappings.keys.each { |scope| # :user, :admin, :manager
+      @controller.expects(:signed_in?).with(scope)
+    }
+    @controller.anybody_signed_in?
+  end
+
   test 'proxy current_admin to authenticate with admin scope' do
     @mock_warden.expects(:authenticate).with(:scope => :admin)
     @controller.current_admin
@@ -145,6 +152,14 @@ class ControllerAuthenticableTest < ActionController::TestCase
     assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
   end
 
+  test 'after update path defaults to root path if none by was specified for the given scope' do
+    assert_equal root_path, @controller.after_update_path_for(:user)
+  end
+
+  test 'after update path defaults to the scoped root path' do
+    assert_equal admin_root_path, @controller.after_update_path_for(:admin)
+  end
+
   test 'after sign out path defaults to the root path' do
     assert_equal root_path, @controller.after_sign_out_path_for(:admin)
     assert_equal root_path, @controller.after_sign_out_path_for(:user)

data/test/devise_test.rb

@@ -2,6 +2,7 @@ require 'test_helper'
 
 module Devise
   def self.yield_and_restore
+    @@warden_configured = nil
     c, b = @@warden_config, @@warden_config_block
     yield
   ensure

data/test/failure_app_test.rb

@@ -8,11 +8,12 @@ class FailureTest < ActiveSupport::TestCase
 
   def call_failure(env_params={})
     env = {
-      'warden.options' => { :scope => :user },
       'REQUEST_URI' => 'http://test.host/',
       'HTTP_HOST' => 'test.host',
       'REQUEST_METHOD' => 'GET',
+      'warden.options' => { :scope => :user },
       'rack.session' => {},
+      'action_dispatch.request.formats' => Array(env_params.delete('formats') || :html),
       'rack.input' => "",
       'warden' => OpenStruct.new(:message => nil)
     }.merge!(env_params)
@@ -21,11 +22,6 @@ class FailureTest < ActiveSupport::TestCase
     @request  = ActionDispatch::Request.new(env)
   end
 
-  def call_failure_with_http(env_params={})
-    env = { "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("foo:bar")}" }
-    call_failure(env_params.merge!(env))
-  end
-
   context 'When redirecting' do
     test 'return 302 status' do
       call_failure
@@ -61,22 +57,41 @@ class FailureTest < ActiveSupport::TestCase
       assert_match /redirected/, @response.last.body
       assert_match /users\/sign_in/, @response.last.body
     end
+
+    test 'works for any navigational format' do
+      swap Devise, :navigational_formats => [:xml] do
+        call_failure('formats' => :xml)
+        assert_equal 302, @response.first
+      end
+    end
   end
 
   context 'For HTTP request' do
     test 'return 401 status' do
-      call_failure_with_http
+      call_failure('formats' => :xml)
       assert_equal 401, @response.first
     end
 
     test 'return WWW-authenticate headers' do
-      call_failure_with_http
+      call_failure('formats' => :xml)
       assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
     end
 
     test 'uses the proxy failure message as response body' do
-      call_failure_with_http('warden' => OpenStruct.new(:message => :invalid))
-      assert_equal 'Invalid email or password.', @response.third.body
+      call_failure('formats' => :xml, 'warden' => OpenStruct.new(:message => :invalid))
+      assert_match '<error>Invalid email or password.</error>', @response.third.body
+    end
+
+    test 'works for any non navigational format' do
+      swap Devise, :navigational_formats => [] do
+        call_failure('formats' => :html)
+        assert_equal 401, @response.first
+      end
+    end
+
+    test 'works for xml http requests' do
+      call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+      assert_equal 401, @response.first
     end
   end
 

data/test/integration/authenticatable_test.rb

@@ -0,0 +1,279 @@
+require 'test_helper'
+
+class AuthenticationSanityTest < ActionController::IntegrationTest
+  test 'home should be accessible without sign in' do
+    visit '/'
+    assert_response :success
+    assert_template 'home/index'
+  end
+
+  test 'sign in as user should not authenticate admin scope' do
+    sign_in_as_user
+
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'sign in as admin should not authenticate user scope' do
+    sign_in_as_admin
+
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'sign in as both user and admin at same time' do
+    sign_in_as_user
+    sign_in_as_admin
+
+    assert warden.authenticated?(:user)
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'sign out as user should not touch admin authentication' do
+    sign_in_as_user
+    sign_in_as_admin
+
+    get destroy_user_session_path
+    assert_not warden.authenticated?(:user)
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'sign out as admin should not touch user authentication' do
+    sign_in_as_user
+    sign_in_as_admin
+
+    get destroy_admin_session_path
+    assert_not warden.authenticated?(:admin)
+    assert warden.authenticated?(:user)
+  end
+
+  test 'not signed in as admin should not be able to access admins actions' do
+    get admins_path
+
+    assert_redirected_to new_admin_session_path
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'not signed in as admin should not be able to access private route restricted to admins' do
+    get private_path
+
+    assert_redirected_to new_admin_session_path
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'signed in as user should not be able to access private route restricted to admins' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+
+    get private_path
+    assert_redirected_to new_admin_session_path
+  end
+
+  test 'signed in as admin should be able to access private route restricted to admins' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+
+    get private_path
+
+    assert_response :success
+    assert_template 'home/private'
+    assert_contain 'Private!'
+  end
+
+  test 'signed in as user should not be able to access admins actions' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+
+    get admins_path
+    assert_redirected_to new_admin_session_path
+  end
+
+  test 'signed in as admin should be able to access admin actions' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+
+    get admins_path
+
+    assert_response :success
+    assert_template 'admins/index'
+    assert_contain 'Welcome Admin'
+  end
+
+  test 'authenticated admin should not be able to sign as admin again' do
+    sign_in_as_admin
+    get new_admin_session_path
+
+    assert_response :redirect
+    assert_redirected_to admin_root_path
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'authenticated admin should be able to sign out' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_contain 'Signed out successfully'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'unauthenticated admin does not set message on sign out' do
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_not_contain 'Signed out successfully'
+  end
+end
+
+class AuthenticationRedirectTest < ActionController::IntegrationTest
+  test 'redirect from warden shows sign in or sign up message' do
+    get admins_path
+
+    warden_path = new_admin_session_path
+    assert_redirected_to warden_path
+
+    get warden_path
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+
+  test 'redirect to default url if no other was configured' do
+    sign_in_as_user
+    assert_template 'home/index'
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'redirect to requested url after sign in' do
+    get users_path
+    assert_redirected_to new_user_session_path
+    assert_equal users_path, session[:"user_return_to"]
+
+    follow_redirect!
+    sign_in_as_user :visit => false
+
+    assert_template 'users/index'
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'redirect to last requested url overwriting the stored return_to option' do
+    get expire_user_path(create_user)
+    assert_redirected_to new_user_session_path
+    assert_equal expire_user_path(create_user), session[:"user_return_to"]
+
+    get users_path
+    assert_redirected_to new_user_session_path
+    assert_equal users_path, session[:"user_return_to"]
+
+    follow_redirect!
+    sign_in_as_user :visit => false
+
+    assert_template 'users/index'
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'xml http requests does not store urls for redirect' do
+    get users_path, {}, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'
+    assert_equal 401, response.status
+    assert_nil session[:"user_return_to"]
+  end
+
+  test 'redirect to configured home path for a given scope after sign in' do
+    sign_in_as_admin
+    assert_equal "/admin_area/home", @request.path
+  end
+end
+
+class AuthenticationSessionTest < ActionController::IntegrationTest
+  test 'destroyed account is signed out' do
+    sign_in_as_user
+    get '/users'
+
+    User.destroy_all
+    get '/users'
+    assert_redirected_to new_user_session_path
+  end
+
+  test 'allows session to be set by a given scope' do
+    sign_in_as_user
+    get '/users'
+    assert_equal "Cart", @controller.user_session[:cart]
+  end
+end
+
+class AuthenticationWithScopesTest < ActionController::IntegrationTest
+  test 'renders the scoped view if turned on and view is available' do
+    swap Devise, :scoped_views => true do
+      assert_raise Webrat::NotFoundError do
+        sign_in_as_user
+      end
+      assert_match /Special user view/, response.body
+    end
+  end
+
+  test 'renders the scoped view if turned on in an specific controller' do
+    begin
+      Devise::SessionsController.scoped_views = true
+      assert_raise Webrat::NotFoundError do
+        sign_in_as_user
+      end
+
+      assert_match /Special user view/, response.body
+      assert !Devise::PasswordsController.scoped_views?
+    ensure
+      Devise::SessionsController.send :remove_instance_variable, :@scoped_views
+    end
+  end
+
+  test 'does not render the scoped view if turned off' do
+    swap Devise, :scoped_views => false do
+      assert_nothing_raised do
+        sign_in_as_user
+      end
+    end
+  end
+
+  test 'does not render the scoped view if not available' do
+    swap Devise, :scoped_views => true do
+      assert_nothing_raised do
+        sign_in_as_admin
+      end
+    end
+  end
+
+  test 'uses the mapping from the default scope if specified' do
+    swap Devise, :use_default_scope => true do
+      get '/sign_in'
+      assert_response :ok
+      assert_contain 'Sign in'
+    end
+  end
+end
+
+class AuthenticationOthersTest < ActionController::IntegrationTest
+  test 'uses the custom controller with the custom controller view' do
+    get '/admin_area/sign_in'
+    assert_contain 'Sign in'
+    assert_contain 'Welcome to "sessions" controller!'
+    assert_contain 'Welcome to "sessions/new" view!'
+  end
+
+  test 'render 404 on roles without routes' do
+    get '/admin_area/password/new'
+    assert_equal 404, response.status
+  end
+
+  test 'render 404 on roles without mapping' do
+    assert_raise AbstractController::ActionNotFound do
+      get '/sign_in'
+    end
+  end
+end

data/test/integration/database_authenticatable_test.rb

@@ -1,113 +1,6 @@
 require 'test_helper'
 
-class DatabaseAuthenticationSanityTest < ActionController::IntegrationTest
-  test 'home should be accessible without sign in' do
-    visit '/'
-    assert_response :success
-    assert_template 'home/index'
-  end
-
-  test 'sign in as user should not authenticate admin scope' do
-    sign_in_as_user
-
-    assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
-  end
-
-  test 'sign in as admin should not authenticate user scope' do
-    sign_in_as_admin
-
-    assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
-  end
-
-  test 'sign in as both user and admin at same time' do
-    sign_in_as_user
-    sign_in_as_admin
-
-    assert warden.authenticated?(:user)
-    assert warden.authenticated?(:admin)
-  end
-
-  test 'sign out as user should not touch admin authentication' do
-    sign_in_as_user
-    sign_in_as_admin
-
-    get destroy_user_session_path
-    assert_not warden.authenticated?(:user)
-    assert warden.authenticated?(:admin)
-  end
-
-  test 'sign out as admin should not touch user authentication' do
-    sign_in_as_user
-    sign_in_as_admin
-
-    get destroy_admin_session_path
-    assert_not warden.authenticated?(:admin)
-    assert warden.authenticated?(:user)
-  end
-
-  test 'not signed in as admin should not be able to access admins actions' do
-    get admins_path
-
-    assert_redirected_to new_admin_session_path
-    assert_not warden.authenticated?(:admin)
-  end
-
-  test 'signed in as user should not be able to access admins actions' do
-    sign_in_as_user
-    assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
-
-    get admins_path
-    assert_redirected_to new_admin_session_path
-  end
-
-  test 'signed in as admin should be able to access admin actions' do
-    sign_in_as_admin
-    assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
-
-    get admins_path
-
-    assert_response :success
-    assert_template 'admins/index'
-    assert_contain 'Welcome Admin'
-  end
-
-  test 'authenticated admin should not be able to sign as admin again' do
-    sign_in_as_admin
-    get new_admin_session_path
-
-    assert_response :redirect
-    assert_redirected_to admin_root_path
-    assert warden.authenticated?(:admin)
-  end
-
-  test 'authenticated admin should be able to sign out' do
-    sign_in_as_admin
-    assert warden.authenticated?(:admin)
-
-    get destroy_admin_session_path
-    assert_response :redirect
-    assert_redirected_to root_path
-
-    get root_path
-    assert_contain 'Signed out successfully'
-    assert_not warden.authenticated?(:admin)
-  end
-
-  test 'unauthenticated admin does not set message on sign out' do
-    get destroy_admin_session_path
-    assert_response :redirect
-    assert_redirected_to root_path
-
-    get root_path
-    assert_not_contain 'Signed out successfully'
-  end
-end
-
-class AuthenticationTest < ActionController::IntegrationTest
+class DatabaseAuthenticationTest < ActionController::IntegrationTest
   test 'sign in should not authenticate if not using proper authentication keys' do
     swap Devise, :authentication_keys => [:username] do
       sign_in_as_user
@@ -142,157 +35,4 @@ class AuthenticationTest < ActionController::IntegrationTest
       assert_contain 'Invalid credentials'
     end
   end
-
-  test 'redirect from warden shows sign in or sign up message' do
-    get admins_path
-
-    warden_path = new_admin_session_path
-    assert_redirected_to warden_path
-
-    get warden_path
-    assert_contain 'You need to sign in or sign up before continuing.'
-  end
-
-  test 'redirect to default url if no other was configured' do
-    sign_in_as_user
-
-    assert_template 'home/index'
-    assert_nil session[:"user_return_to"]
-  end
-
-  test 'redirect to requested url after sign in' do
-    get users_path
-    assert_redirected_to new_user_session_path
-    assert_equal users_path, session[:"user_return_to"]
-
-    follow_redirect!
-    sign_in_as_user :visit => false
-
-    assert_template 'users/index'
-    assert_nil session[:"user_return_to"]
-  end
-
-  test 'redirect to last requested url overwriting the stored return_to option' do
-    get expire_user_path(create_user)
-    assert_redirected_to new_user_session_path
-    assert_equal expire_user_path(create_user), session[:"user_return_to"]
-
-    get users_path
-    assert_redirected_to new_user_session_path
-    assert_equal users_path, session[:"user_return_to"]
-
-    follow_redirect!
-    sign_in_as_user :visit => false
-
-    assert_template 'users/index'
-    assert_nil session[:"user_return_to"]
-  end
-
-  test 'redirect to configured home path for a given scope after sign in' do
-    sign_in_as_admin
-    assert_equal "/admin_area/home", @request.path
-  end
-
-  test 'destroyed account is signed out' do
-    sign_in_as_user
-    get '/users'
-
-    User.destroy_all
-    get '/users'
-    assert_redirected_to new_user_session_path
-  end
-
-  test 'allows session to be set by a given scope' do
-    sign_in_as_user
-    get '/users'
-    assert_equal "Cart", @controller.user_session[:cart]
-  end
-
-  # Scoped views
-  test 'renders the scoped view if turned on and view is available' do
-    swap Devise, :scoped_views => true do
-      assert_raise Webrat::NotFoundError do
-        sign_in_as_user
-      end
-      assert_match /Special user view/, response.body
-    end
-  end
-
-  test 'renders the scoped view if turned on in an specific controller' do
-    begin
-      Devise::SessionsController.scoped_views = true
-      assert_raise Webrat::NotFoundError do
-        sign_in_as_user
-      end
-
-      assert_match /Special user view/, response.body
-      assert !Devise::PasswordsController.scoped_views?
-    ensure
-      Devise::SessionsController.send :remove_instance_variable, :@scoped_views
-    end
-  end
-
-  test 'does not render the scoped view if turned off' do
-    swap Devise, :scoped_views => false do
-      assert_nothing_raised do
-        sign_in_as_user
-      end
-    end
-  end
-
-  test 'does not render the scoped view if not available' do
-    swap Devise, :scoped_views => true do
-      assert_nothing_raised do
-        sign_in_as_admin
-      end
-    end
-  end
-
-  # Default scope
-  test 'uses the mapping from the default scope if specified' do
-    swap Devise, :use_default_scope => true do
-      get '/sign_in'
-      assert_response :ok
-      assert_contain 'Sign in'
-    end
-  end
-
-  # Custom controller
-  test 'uses the custom controller with the custom controller view' do
-    get '/admin_area/sign_in'
-    assert_contain 'Sign in'
-    assert_contain 'Welcome to "sessions" controller!'
-    assert_contain 'Welcome to "sessions/new" view!'
-  end
-
-  # Custom strategy invoking custom!
-  test 'custom strategy invoking custom on sign up bevahes as expected' do
-    Warden::Strategies.add(:custom) do
-      def authenticate!
-        custom!([401, {"Content-Type" => "text/html"}, ["Custom strategy"]])
-      end
-    end
-
-    begin
-      Devise.warden_config.default_strategies(:scope => :user).unshift(:custom)
-      sign_in_as_user
-      assert_equal 401, status
-      assert_contain 'Custom strategy'
-    ensure
-      Devise.warden_config.default_strategies(:scope => :user).shift
-    end
-  end
-
-  # Access
-  test 'render 404 on roles without routes' do
-    assert_raise ActionController::RoutingError do
-      get '/admin_area/password/new'
-    end
-  end
-
-  test 'render 404 on roles without mapping' do
-    assert_raise AbstractController::ActionNotFound do
-      get '/sign_in'
-    end
-  end
-end
+end