devise 1.2.rc → 1.2.rc2

data/test/devise_test.rb

@@ -62,4 +62,14 @@ class DeviseTest < ActiveSupport::TestCase
     assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
     assert defined?(Devise::Models::AuthenticatableAgain)
   end
+  
+  test 'should complain when comparing empty or different sized passes' do
+    [nil, ""].each do |empty|
+      assert_not Devise.secure_compare(empty, "something")
+      assert_not Devise.secure_compare("something", empty)
+      assert_not Devise.secure_compare(empty, empty)
+    end
+    assert_not Devise.secure_compare("size_1", "size_four")
+  end
+  
 end

data/test/failure_app_test.rb

@@ -13,7 +13,7 @@ class FailureTest < ActiveSupport::TestCase
       'REQUEST_METHOD' => 'GET',
       'warden.options' => { :scope => :user },
       'rack.session' => {},
-      'action_dispatch.request.formats' => Array(env_params.delete('formats') || :html),
+      'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime::HTML),
       'rack.input' => "",
       'warden' => OpenStruct.new(:message => nil)
     }.merge!(env_params)
@@ -69,6 +69,13 @@ class FailureTest < ActiveSupport::TestCase
         assert_equal 302, @response.first
       end
     end
+    
+    test 'redirects the correct format if it is a non-html format request' do
+      swap Devise, :navigational_formats => [:js] do
+        call_failure('formats' => :js)
+        assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"]
+      end
+    end
   end
 
   context 'For HTTP request' do
@@ -120,7 +127,7 @@ class FailureTest < ActiveSupport::TestCase
           swap Devise, :http_authenticatable_on_xhr => false do
             call_failure('formats' => :json, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 302, @response.first
-            assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+            assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"]
           end
         end
       end
@@ -144,7 +151,7 @@ class FailureTest < ActiveSupport::TestCase
   end
 
   context 'With recall' do
-    test 'calls the original controller' do
+    test 'calls the original controller if invalid email or password' do
       env = {
         "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in" },
         "devise.mapping" => Devise.mappings[:user],
@@ -154,5 +161,27 @@ class FailureTest < ActiveSupport::TestCase
       assert @response.third.body.include?('<h2>Sign in</h2>')
       assert @response.third.body.include?('Invalid email or password.')
     end
+    
+    test 'calls the original controller if not confirmed email' do
+      env = {
+        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :unconfirmed },
+        "devise.mapping" => Devise.mappings[:user],
+        "warden" => stub_everything
+      }
+      call_failure(env)
+      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('You have to confirm your account before continuing.')     
+    end
+    
+    test 'calls the original controller if inactive account' do
+      env = {
+        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :inactive },
+        "devise.mapping" => Devise.mappings[:user],
+        "warden" => stub_everything
+      }
+      call_failure(env)
+      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('Your account was not activated yet.')     
+    end
   end
 end

data/test/generators/active_record_generator_test.rb

@@ -0,0 +1,24 @@
+require "test_helper"
+
+if DEVISE_ORM == :active_record
+  require "generators/active_record/devise_generator"
+
+  class ActiveRecordGeneratorTest < Rails::Generators::TestCase
+    tests ActiveRecord::Generators::DeviseGenerator
+    destination File.expand_path("../../tmp", __FILE__)
+    setup :prepare_destination
+  
+    test "all files are properly created" do
+      run_generator %w(monster)
+      assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
+      assert_migration "db/migrate/devise_create_monsters.rb"
+    end
+  
+    test "all files are properly deleted" do
+      run_generator %w(monster)
+      run_generator %w(monster), :behavior => :revoke
+      assert_no_file "app/models/monster.rb"
+      assert_no_migration "db/migrate/devise_create_monsters.rb"
+    end
+  end
+end

data/test/generators/devise_generator_test.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+require "generators/devise/devise_generator"
+
+class DeviseGeneratorTest < Rails::Generators::TestCase
+  tests Devise::Generators::DeviseGenerator
+  destination File.expand_path("../../tmp", __FILE__)
+
+  setup do
+    prepare_destination
+    copy_routes
+  end
+
+  test "route generation for simple model names" do
+    run_generator %w(monster name:string)
+    assert_file "config/routes.rb", /devise_for :monsters/
+  end
+
+  test "route generation for namespaced model names" do
+    run_generator %w(monster/goblin name:string)
+    match = /devise_for :goblins, :class_name => "Monster::Goblin"/
+    assert_file "config/routes.rb", match
+  end
+
+  def copy_routes
+    routes = File.expand_path("../../rails_app/config/routes.rb", __FILE__)
+    destination = File.join(destination_root, "config")
+
+    FileUtils.mkdir_p(destination)
+    FileUtils.cp routes, destination
+  end
+
+end

data/test/generators/install_generator_test.rb

@@ -1,14 +1,13 @@
-require File.join(File.dirname(__FILE__),"generators_test_helper.rb")
+require "test_helper"
 
 class InstallGeneratorTest < Rails::Generators::TestCase
   tests Devise::Generators::InstallGenerator
-  destination File.expand_path("../tmp", File.dirname(__FILE__))
+  destination File.expand_path("../../tmp", __FILE__)
   setup :prepare_destination
 
   test "Assert all files are properly created" do
     run_generator
-    assert_file "config/initializers/devise.rb" 
+    assert_file "config/initializers/devise.rb"
     assert_file "config/locales/devise.en.yml"
   end
-
 end

data/test/generators/mongoid_generator_test.rb

@@ -0,0 +1,22 @@
+require "test_helper"
+
+if DEVISE_ORM == :mongo_id
+  require "generators/mongo_id/devise_generator"
+
+  class MongoidGeneratorTest < Rails::Generators::TestCase
+    tests Mongoid::Generators::DeviseGenerator
+    destination File.expand_path("../../tmp", __FILE__)
+    setup :prepare_destination
+  
+    test "all files are properly created" do
+      run_generator %w(monster)
+      assert_file "app/models/monster.rb", /devise/
+    end
+  
+    test "all files are properly deleted" do
+      run_generator %w(monster)
+      run_generator %w(monster), :behavior => :revoke
+      assert_no_file "app/models/monster.rb"
+    end
+  end
+end

data/test/generators/views_generator_test.rb

@@ -1,8 +1,8 @@
-require File.join(File.dirname(__FILE__),"generators_test_helper.rb")
+require "test_helper"
 
 class ViewsGeneratorTest < Rails::Generators::TestCase
   tests Devise::Generators::ViewsGenerator
-  destination File.expand_path("../tmp", File.dirname(__FILE__))
+  destination File.expand_path("../../tmp", __FILE__)
   setup :prepare_destination
 
   test "Assert all views are properly created with no params" do
@@ -20,18 +20,16 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
 
   def assert_files(scope = nil, template_engine = nil)
     scope = "devise" if scope.nil?
-    assert_file "app/views/#{scope}/confirmations/new.html.erb" 
-    assert_file "app/views/#{scope}/mailer/confirmation_instructions.html.erb" 
-    assert_file "app/views/#{scope}/mailer/reset_password_instructions.html.erb" 
-    assert_file "app/views/#{scope}/mailer/unlock_instructions.html.erb" 
-    assert_file "app/views/#{scope}/passwords/edit.html.erb" 
-    assert_file "app/views/#{scope}/passwords/new.html.erb" 
-    assert_file "app/views/#{scope}/registrations/new.html.erb" 
-    assert_file "app/views/#{scope}/registrations/edit.html.erb" 
-    assert_file "app/views/#{scope}/sessions/new.html.erb" 
-    assert_file "app/views/#{scope}/shared/_links.erb" 
-    assert_file "app/views/#{scope}/unlocks/new.html.erb" 
-
+    assert_file "app/views/#{scope}/confirmations/new.html.erb"
+    assert_file "app/views/#{scope}/mailer/confirmation_instructions.html.erb"
+    assert_file "app/views/#{scope}/mailer/reset_password_instructions.html.erb"
+    assert_file "app/views/#{scope}/mailer/unlock_instructions.html.erb"
+    assert_file "app/views/#{scope}/passwords/edit.html.erb"
+    assert_file "app/views/#{scope}/passwords/new.html.erb"
+    assert_file "app/views/#{scope}/registrations/new.html.erb"
+    assert_file "app/views/#{scope}/registrations/edit.html.erb"
+    assert_file "app/views/#{scope}/sessions/new.html.erb"
+    assert_file "app/views/#{scope}/shared/_links.erb"
+    assert_file "app/views/#{scope}/unlocks/new.html.erb"
   end
-
 end

data/test/indifferent_hash.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+class IndifferentHashTest < ActiveSupport::TestCase
+  setup do
+    @hash = Devise::IndifferentHash.new
+  end
+
+  test "it overwrites getter and setter" do
+    @hash[:foo] = "bar"
+    assert_equal "bar", @hash["foo"]
+    assert_equal "bar", @hash[:foo]
+
+    @hash["foo"] = "baz"
+    assert_equal "baz", @hash["foo"]
+    assert_equal "baz", @hash[:foo]
+  end
+
+  test "it overwrites update" do
+    @hash.update :foo => "bar"
+    assert_equal "bar", @hash["foo"]
+    assert_equal "bar", @hash[:foo]
+
+    @hash.update "foo" => "baz"
+    assert_equal "baz", @hash["foo"]
+    assert_equal "baz", @hash[:foo]
+  end
+
+  test "it returns a Hash on to_hash" do
+    @hash[:foo] = "bar"
+    assert_equal Hash["foo", "bar"], @hash.to_hash
+    assert_kind_of Hash, @hash.to_hash
+  end
+end if defined?(Devise::IndifferentHash)

data/test/integration/authenticatable_test.rb

@@ -205,6 +205,13 @@ class AuthenticationRedirectTest < ActionController::IntegrationTest
     assert_nil session[:"user_return_to"]
   end
 
+  test 'sign in with xml format returns xml response' do
+    create_user
+    post user_session_path(:format => 'xml', :user => {:email => "user@test.com", :password => '123456'})
+    assert_response :success
+    assert_match /<\?xml version="1.0" encoding="UTF-8"\?>/, response.body
+  end
+
   test 'redirect to configured home path for a given scope after sign in' do
     sign_in_as_admin
     assert_equal "/admin_area/home", @request.path

data/test/integration/omniauthable_test.rb

@@ -2,32 +2,42 @@ require 'test_helper'
 
 class OmniauthableIntegrationTest < ActionController::IntegrationTest
   FACEBOOK_INFO = {
-    :id => '12345',
-    :link => 'http://facebook.com/josevalim',
-    :email => 'user@example.com',
-    :first_name => 'Jose',
-    :last_name => 'Valim',
-    :website => 'http://blog.plataformatec.com.br'
-  }
-
-  ACCESS_TOKEN = {
-    :access_token => "plataformatec"
+    "id" => '12345',
+    "link" => 'http://facebook.com/josevalim',
+    "email" => 'user@example.com',
+    "first_name" => 'Jose',
+    "last_name" => 'Valim',
+    "website" => 'http://blog.plataformatec.com.br'
   }
 
   setup do
+    OmniAuth.config.test_mode = true
     stub_facebook!
-    Devise::OmniAuth.short_circuit_authorizers!
   end
 
   teardown do
-    Devise::OmniAuth.unshort_circuit_authorizers!
-    Devise::OmniAuth.reset_stubs!
+    OmniAuth.config.test_mode = false
   end
 
   def stub_facebook!
-    Devise::OmniAuth.stub!(:facebook) do |b|
-      b.post('/oauth/access_token') { [200, {}, ACCESS_TOKEN.to_json] }
-      b.get('/me?access_token=plataformatec') { [200, {}, FACEBOOK_INFO.to_json] }
+    OmniAuth.config.mock_auth[:facebook] = {
+      "uid" => '12345',
+      "provider" => 'facebook',
+      "user_info" => {"nickname" => 'josevalim'},
+      "credentials" => {"token" => 'plataformatec'},
+      "extra" => {"user_hash" => FACEBOOK_INFO}
+    }
+  end
+
+  def stub_action!(name)
+    Users::OmniauthCallbacksController.class_eval do
+      alias_method :__old_facebook, :facebook
+      alias_method :facebook, name
+    end
+    yield
+  ensure
+    Users::OmniauthCallbacksController.class_eval do
+      alias_method :facebook, :__old_facebook
     end
   end
 
@@ -40,11 +50,11 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     assert_equal "12345",         json["uid"]
     assert_equal "facebook",      json["provider"]
     assert_equal "josevalim",     json["user_info"]["nickname"]
-    assert_equal FACEBOOK_INFO,   json["extra"]["user_hash"].symbolize_keys
+    assert_equal FACEBOOK_INFO,   json["extra"]["user_hash"]
     assert_equal "plataformatec", json["credentials"]["token"]
   end
 
-  test "cleans up session on sign up" do  
+  test "cleans up session on sign up" do
     assert_no_difference "User.count" do
       visit "/users/sign_in"
       click_link "Sign in with Facebook"
@@ -65,7 +75,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     assert_not session["devise.facebook_data"]
   end
 
-  test "cleans up session on cancel" do  
+  test "cleans up session on cancel" do
     assert_no_difference "User.count" do
       visit "/users/sign_in"
       click_link "Sign in with Facebook"
@@ -76,7 +86,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     assert !session["devise.facebook_data"]
   end
 
-  test "cleans up session on sign in" do  
+  test "cleans up session on sign in" do
     assert_no_difference "User.count" do
       visit "/users/sign_in"
       click_link "Sign in with Facebook"
@@ -87,21 +97,46 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     assert !session["devise.facebook_data"]
   end
 
-  test "handles callback error parameter according to the specification" do
-    visit "/users/auth/facebook/callback?error=access_denied"
-    assert_current_url "/users/sign_in"
-    assert_contain 'Could not authorize you from Facebook because "Access denied".'
-  end
+  test "sign in and send remember token if configured" do
+    visit "/users/sign_in"
+    click_link "Sign in with Facebook"
+    assert_nil warden.cookies["remember_user_token"]
 
-  test "handles other exceptions from omniauth" do
-    Devise::OmniAuth.stub!(:facebook) do |b|
-      b.post('/oauth/access_token') { [401, {}, {}.to_json] }
+    stub_action!(:sign_in_facebook) do
+      create_user
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+      assert warden.authenticated?(:user)
+      assert warden.cookies["remember_user_token"]
     end
+  end
 
+  test "generates a proper link when SCRIPT_NAME is set" do
+    header 'SCRIPT_NAME', '/q'
     visit "/users/sign_in"
-    click_link "Sign in with facebook"
+    click_link "Sign in with Facebook"
 
-    assert_current_url "/users/sign_in"
-    assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
+    assert_equal '/q/users/auth/facebook', current_url
   end
-end
+
+  # The following two tests are commented because OmniAuth's test
+  # support is not yet able to support failure scenarios.
+  #
+  # test "handles callback error parameter according to the specification" do
+  #   visit "/users/auth/facebook/callback?error=access_denied"
+  #   assert_current_url "/users/sign_in"
+  #   assert_contain 'Could not authorize you from Facebook because "Access denied".'
+  # end
+
+  # test "handles other exceptions from omniauth" do
+  #   Devise::OmniAuth.stub!(:facebook) do |b|
+  #     b.post('/oauth/access_token') { [401, {}, {}.to_json] }
+  #   end
+
+  #   visit "/users/sign_in"
+  #   click_link "Sign in with facebook"
+
+  #   assert_current_url "/users/sign_in"
+  #   assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
+  # end
+end

data/test/integration/registerable_test.rb

@@ -15,11 +15,27 @@ class RegistrationTest < ActionController::IntegrationTest
 
     assert_contain 'Welcome! You have signed up successfully.'
     assert warden.authenticated?(:admin)
+    assert_current_url "/admin_area/home"
 
     admin = Admin.last :order => "id"
     assert_equal admin.email, 'new_user@test.com'
   end
 
+  test 'a guest admin should be able to sign in and be redirected to a custom location' do
+    Devise::RegistrationsController.any_instance.stubs(:after_sign_up_path_for).returns("/?custom=1")
+    get new_admin_session_path
+    click_link 'Sign up'
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_contain 'Welcome! You have signed up successfully.'
+    assert warden.authenticated?(:admin)
+    assert_current_url "/?custom=1"
+  end
+
   test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
     get new_user_registration_path
 
@@ -30,6 +46,7 @@ class RegistrationTest < ActionController::IntegrationTest
 
     assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
     assert_not_contain 'You have to confirm your account before continuing'
+    assert_current_url "/"
 
     assert_not warden.authenticated?(:user)
 
@@ -38,6 +55,19 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_not user.confirmed?
   end
 
+  test 'a guest user should be blocked by confirmation and redirected to a custom path' do
+    Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1")
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_current_url "/?custom=1"
+    assert_not warden.authenticated?(:user)
+  end
+
   test 'a guest user cannot sign up with invalid information' do
     get new_user_registration_path