RubyGems - devise - Versions diffs - 1.2.1 → 1.3.0 - Mend

devise 1.2.1 → 1.3.0

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (45) hide show

data/.travis.yml +7 -1
data/CHANGELOG.rdoc +21 -1
data/Gemfile.lock +1 -1
data/README.rdoc +4 -5
data/app/controllers/devise/confirmations_controller.rb +14 -6
data/app/controllers/devise/passwords_controller.rb +7 -6
data/app/controllers/devise/registrations_controller.rb +12 -10
data/app/controllers/devise/sessions_controller.rb +23 -1
data/app/controllers/devise/unlocks_controller.rb +7 -6
data/config/locales/en.yml +1 -0
data/lib/devise.rb +7 -8
data/lib/devise/controllers/helpers.rb +0 -6
data/lib/devise/controllers/internal_helpers.rb +38 -2
data/lib/devise/failure_app.rb +4 -10
data/lib/devise/models.rb +27 -4
data/lib/devise/models/authenticatable.rb +1 -13
data/lib/devise/models/confirmable.rb +1 -1
data/lib/devise/models/database_authenticatable.rb +2 -1
data/lib/devise/models/recoverable.rb +41 -5
data/lib/devise/models/validatable.rb +2 -3
data/lib/devise/omniauth.rb +3 -3
data/lib/devise/rails.rb +8 -25
data/lib/devise/rails/routes.rb +8 -0
data/lib/devise/rails/warden_compat.rb +2 -2
data/lib/devise/schema.rb +8 -3
data/lib/devise/strategies/authenticatable.rb +2 -1
data/lib/devise/version.rb +1 -1
data/lib/generators/devise/views_generator.rb +3 -9
data/lib/generators/templates/devise.rb +11 -2
data/test/controllers/internal_helpers_test.rb +15 -0
data/test/controllers/sessions_controller_test.rb +17 -0
data/test/devise_test.rb +0 -3
data/test/integration/authenticatable_test.rb +27 -7
data/test/integration/confirmable_test.rb +28 -0
data/test/integration/lockable_test.rb +35 -1
data/test/integration/recoverable_test.rb +37 -0
data/test/integration/registerable_test.rb +45 -0
data/test/models/database_authenticatable_test.rb +20 -2
data/test/models/recoverable_test.rb +44 -9
data/test/models/validatable_test.rb +3 -3
data/test/models_test.rb +23 -0
data/test/rails_app/config/initializers/devise.rb +7 -2
data/test/rails_app/config/routes.rb +2 -0
data/test/routes_test.rb +7 -0
metadata +7 -5

data/test/integration/confirmable_test.rb CHANGED

@@ -101,4 +101,32 @@ class ConfirmationTest < ActionController::IntegrationTest
       assert_contain 'Not confirmed user'
     end
   end
+  test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
+    user = create_user(:confirm => false)
+    post user_confirmation_path(:format => 'xml'), :user => { :email => user.email }
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+  end
+  test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
+    user = create_user(:confirm => false)
+    post user_confirmation_path(:format => 'xml'), :user => { :email => 'invalid.test@test.com' }
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+  test 'confirm account with valid confirmation token in XML format should return valid response' do
+    user = create_user(:confirm => false)
+    get user_confirmation_path(:confirmation_token => user.confirmation_token, :format => 'xml')
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+  end
+  test 'confirm account with invalid confirmation token in XML format should return invalid response' do
+    user = create_user(:confirm => false)
+    get user_confirmation_path(:confirmation_token => 'invalid_confirmation', :format => 'xml')
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
 end

data/test/integration/lockable_test.rb CHANGED

@@ -1,7 +1,7 @@
 require 'test_helper'
 class LockTest < ActionController::IntegrationTest
   def visit_user_unlock_with_token(unlock_token)
     visit user_unlock_path(:unlock_token => unlock_token)
   end
@@ -106,4 +106,38 @@ class LockTest < ActionController::IntegrationTest
     end
   end
+  test 'user should be able to request a new unlock token via XML request' do
+    user = create_user(:locked => true)
+    ActionMailer::Base.deliveries.clear
+    post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_equal 1, ActionMailer::Base.deliveries.size
+  end
+  test 'unlocked user should not be able to request a unlock token via XML request' do
+    user = create_user(:locked => false)
+    ActionMailer::Base.deliveries.clear
+    post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_equal 0, ActionMailer::Base.deliveries.size
+  end
+  test 'user with valid unlock token should be able to unlock account via XML request' do
+    user = create_user(:locked => true)
+    assert user.access_locked?
+    get user_unlock_path(:format => 'xml', :unlock_token => user.unlock_token)
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+  end
+  test 'user with invalid unlock token should not be able to unlock the account via XML request' do
+    get user_unlock_path(:format => 'xml', :unlock_token => 'invalid_token')
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
 end

data/test/integration/recoverable_test.rb CHANGED

@@ -157,4 +157,41 @@ class PasswordTest < ActionController::IntegrationTest
     assert !warden.authenticated?(:user)
   end
+  test 'reset password request with valid E-Mail in XML format should return valid response' do
+    create_user
+    post user_password_path(:format => 'xml'), :user => {:email => "user@test.com"}
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+  end
+  test 'reset password request with invalid E-Mail in XML format should return valid response' do
+    create_user
+    post user_password_path(:format => 'xml'), :user => {:email => "invalid.test@test.com"}
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+  test 'change password with valid parameters in XML format should return valid response' do
+    user = create_user
+    request_forgot_password
+    put user_password_path(:format => 'xml'), :user => {:reset_password_token => user.reload.reset_password_token, :password => '987654321', :password_confirmation => '987654321'}
+    assert_response :success
+    assert warden.authenticated?(:user)
+  end
+  test 'change password with invalid token in XML format should return invalid response' do
+    user = create_user
+    request_forgot_password
+    put user_password_path(:format => 'xml'), :user => {:reset_password_token => 'invalid.token', :password => '987654321', :password_confirmation => '987654321'}
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+  test 'change password with invalid new password in XML format should return invalid response' do
+    user = create_user
+    request_forgot_password
+    put user_password_path(:format => 'xml'), :user => {:reset_password_token => user.reload.reset_password_token, :password => '', :password_confirmation => '987654321'}
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
 end

data/test/integration/registerable_test.rb CHANGED

@@ -206,4 +206,49 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_nil @request.session["devise.foo_bar"]
     assert_redirected_to new_user_registration_path
   end
+  test 'an admin sign up with valid information in XML format should return valid response' do
+    post admin_registration_path(:format => 'xml'), :admin => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' }
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
+    admin = Admin.last :order => "id"
+    assert_equal admin.email, 'new_user@test.com'
+  end
+  test 'a user sign up with valid information in XML format should return valid response' do
+    post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' }
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    user = User.last :order => "id"
+    assert_equal user.email, 'new_user@test.com'
+  end
+  test 'a user sign up with invalid information in XML format should return invalid response' do
+    post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'invalid' }
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+  test 'a user update information with valid data in XML format should return valid response' do
+    user = sign_in_as_user
+    put user_registration_path(:format => 'xml'), :user => { :current_password => '123456', :email => 'user.new@test.com' }
+    assert_response :success
+    assert_equal user.reload.email, 'user.new@test.com'
+  end
+  test 'a user update information with invalid data in XML format should return invalid response' do
+    user = sign_in_as_user
+    put user_registration_path(:format => 'xml'), :user => { :current_password => 'invalid', :email => 'user.new@test.com' }
+    assert_response :unprocessable_entity
+    assert_equal user.reload.email, 'user@test.com'
+  end
+  test 'a user cancel his account in XML format should return valid response' do
+    user = sign_in_as_user
+    delete user_registration_path(:format => 'xml')
+    assert_response :success
+    assert_equal User.count, 0
+  end
 end

data/test/models/database_authenticatable_test.rb CHANGED

@@ -6,12 +6,12 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     # case_insensitive_keys is set to :email by default.
     email = 'Foo@Bar.com'
     user = new_user(:email => email)
     assert_equal email, user.email
     user.save!
     assert_equal email.downcase, user.email
   end
   test 'should respond to password and password confirmation' do
     user = new_user
     assert user.respond_to?(:password)
@@ -48,6 +48,18 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_not user.valid_password?('654321')
   end
+  test 'should not raise error with an empty password' do
+    user = create_user
+    user.encrypted_password = ''
+    assert_nothing_raised { user.valid_password?('123456') }
+  end
+  test 'should be an invalid password if the user has an empty password' do
+    user = create_user
+    user.encrypted_password = ''
+    assert_not user.valid_password?('654321')
+  end
   test 'should respond to current password' do
     assert new_user.respond_to?(:current_password)
   end
@@ -95,4 +107,10 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert user.password.blank?
     assert user.password_confirmation.blank?
   end
+  test 'downcase_keys with validation' do
+    user = User.create(:email => "HEllO@example.com", :password => "123456")
+    user = User.create(:email => "HEllO@example.com", :password => "123456")
+    assert !user.valid?
+  end
 end

data/test/models/recoverable_test.rb CHANGED

@@ -10,15 +10,6 @@ class RecoverableTest < ActiveSupport::TestCase
     assert_nil new_user.reset_password_token
   end
-  test 'should regenerate reset password token each time' do
-    user = create_user
-    3.times do
-      token = user.reset_password_token
-      user.send_reset_password_instructions
-      assert_not_equal token, user.reset_password_token
-    end
-  end
   test 'should never generate the same reset password token for different users' do
     reset_password_tokens = []
     3.times do
@@ -161,4 +152,48 @@ class RecoverableTest < ActiveSupport::TestCase
     assert_not user.valid_password?(old_password)
     assert user.valid_password?('new_password')
   end
+  test 'should not reset reset password token during reset_password_within time' do
+    swap Devise, :reset_password_within => 1.hour do
+      user = create_user
+      user.send_reset_password_instructions
+      3.times do
+        token = user.reset_password_token
+        user.send_reset_password_instructions
+        assert_equal token, user.reset_password_token
+      end
+    end
+  end
+  test 'should reset reset password token after reset_password_within time' do
+    swap Devise, :reset_password_within => 1.hour do
+      user = create_user
+      user.reset_password_sent_at = 2.days.ago
+      token = user.reset_password_token
+      user.send_reset_password_instructions
+      assert_not_equal token, user.reset_password_token
+    end
+  end
+  test 'should not reset password after reset_password_within time' do
+    swap Devise, :reset_password_within => 1.hour do
+      user = create_user
+      old_password = user.password
+      user.send :generate_reset_password_token!
+      user.reset_password_sent_at = 2.days.ago
+      user.save!
+      reset_password_user = User.reset_password_by_token(
+        :reset_password_token => user.reset_password_token,
+        :password => 'new_password',
+        :password_confirmation => 'new_password'
+      )
+      user.reload
+      assert user.valid_password?(old_password)
+      assert_not user.valid_password?('new_password')
+      assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
+    end
+  end
 end

data/test/models/validatable_test.rb CHANGED

@@ -75,10 +75,10 @@ class ValidatableTest < ActiveSupport::TestCase
     assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
   end
-  test 'should require a password with maximum of 20 characters long' do
-    user = new_user(:password => 'x'*21, :password_confirmation => 'x'*21)
+  test 'should require a password with maximum of 128 characters long' do
+    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
     assert user.invalid?
-    assert_equal 'is too long (maximum is 20 characters)', user.errors[:password].join
+    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
   end
   test 'should not require password length when it\'s not changed' do

data/test/models_test.rb CHANGED

@@ -6,6 +6,15 @@ class Configurable < User
          :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
 end
+class WithValidation < Admin
+  devise :database_authenticatable, :validatable, :password_length => 2..6
+end
+class Several < Admin
+  devise :validatable
+  devise :lockable
+end
 class Inheritable < Admin
 end
@@ -29,6 +38,20 @@ class ActiveRecordTest < ActiveSupport::TestCase
     assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :rememberable, :encryptable
   end
+  if DEVISE_ORM == :active_record
+    test 'validations options are not applied to late' do
+      validators = WithValidation.validators_on :password
+      length = validators.find { |v| v.kind == :length }
+      assert_equal 2, length.options[:minimum]
+      assert_equal 6, length.options[:maximum]
+    end
+    test 'validations are applied just once' do
+      validators = Several.validators_on :password
+      assert_equal 1, validators.select{ |v| v.kind == :length }.length
+    end
+  end
   test 'chosen modules are inheritable' do
     assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :rememberable, :encryptable
   end

data/test/rails_app/config/initializers/devise.rb CHANGED

@@ -80,8 +80,8 @@ Devise.setup do |config|
   config.use_salt_as_remember_token = true
   # ==> Configuration for :validatable
-  # Range for password length. Default is 6..20.
-  # config.password_length = 6..20
+  # Range for password length. Default is 6..128.
+  # config.password_length = 6..128
   # Regex to use to validate the email address
   # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
@@ -119,6 +119,11 @@ Devise.setup do |config|
   # Defines which key will be used when recovering the password for an account
   # config.reset_password_keys = [ :email ]
+  # Time interval you can reset your password with a reset password key.
+  # Don't put a too small interval or your users won't have the time to
+  # change their passwords.
+  config.reset_password_within = 2.hours
   # ==> Configuration for :encryptable
   # Allow you to use another encryption algorithm besides bcrypt (default). You can use
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,

data/test/rails_app/config/routes.rb CHANGED

@@ -29,6 +29,8 @@ Rails.application.routes.draw do
   end
   # Other routes for routing_test.rb
+  devise_for :reader, :class_name => "User", :only => :passwords
   namespace :publisher, :path_names => { :sign_in => "i_dont_care", :sign_out => "get_out" } do
     devise_for :accounts, :class_name => "Admin", :path_names => { :sign_in => "get_in" }
   end

data/test/routes_test.rb CHANGED

@@ -123,6 +123,13 @@ class CustomizedRoutingTest < ActionController::TestCase
     end
   end
+  test 'does only map reader password' do
+    assert_raise ActionController::RoutingError do
+      assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new')
+    end
+    assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'reader/password/new')
+  end
   test 'map account with custom path name for session sign in' do
     assert_recognizes({:controller => 'devise/sessions', :action => 'new', :locale => 'en'}, '/en/accounts/login')
   end

metadata CHANGED

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
-  hash: 29
+  hash: 27
   prerelease:
   segments:
   - 1
-  - 2
-  - 1
-  version: 1.2.1
+  - 3
+  - 0
+  version: 1.3.0
 platform: ruby
 authors:
 - "Jos\xC3\xA9 Valim"
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-28 00:00:00 +02:00
+date: 2011-04-16 00:00:00 +02:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -167,6 +167,7 @@ files:
 - lib/generators/templates/devise.rb
 - test/controllers/helpers_test.rb
 - test/controllers/internal_helpers_test.rb
+- test/controllers/sessions_controller_test.rb
 - test/controllers/url_helpers_test.rb
 - test/devise_test.rb
 - test/encryptors_test.rb
@@ -299,6 +300,7 @@ summary: Flexible authentication solution for Rails with Warden
 test_files:
 - test/controllers/helpers_test.rb
 - test/controllers/internal_helpers_test.rb
+- test/controllers/sessions_controller_test.rb
 - test/controllers/url_helpers_test.rb
 - test/devise_test.rb
 - test/encryptors_test.rb