devise 1.4.9 → 1.5.0.rc1

data/test/generators/active_record_generator_test.rb

@@ -7,20 +7,30 @@ if DEVISE_ORM == :active_record
     tests ActiveRecord::Generators::DeviseGenerator
     destination File.expand_path("../../tmp", __FILE__)
     setup :prepare_destination
-  
+
     test "all files are properly created" do
-      run_generator %w(monster)
-      assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
-      assert_migration "db/migrate/devise_create_monsters.rb"
+      with_rails_version :MAJOR => 3, :MINOR => 0 do
+        run_generator %w(monster)
+        assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
+        assert_migration "db/migrate/devise_create_monsters.rb", /def self\.up/
+      end
     end
-    
+
+    test "all files are properly created with rails31 migration syntax" do
+      with_rails_version :MAJOR => 3, :MINOR => 1 do
+        run_generator %w(monster)
+        assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
+        assert_migration "db/migrate/devise_create_monsters.rb", /def change/
+      end
+    end
+
     test "update model migration when model exists" do
       run_generator %w(monster)
       assert_file "app/models/monster.rb"
       run_generator %w(monster)
       assert_migration "db/migrate/add_devise_to_monsters.rb"
     end
-  
+
     test "all files are properly deleted" do
       run_generator %w(monster)
       run_generator %w(monster)

data/test/generators/views_generator_test.rb

@@ -28,12 +28,19 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
     assert_file "app/views/users/confirmations/new.html.erb", /simple_form_for/
   end
 
-  def assert_files(scope = nil, template_engine = nil)
+  test "Assert views with markerb" do
+    run_generator %w(--markerb)
+    assert_files nil, :mail_template_engine => "markerb"
+  end
+
+  def assert_files(scope = nil, options={})
     scope = "devise" if scope.nil?
+    mail_template_engine = options[:mail_template_engine] || "html.erb"
+
     assert_file "app/views/#{scope}/confirmations/new.html.erb"
-    assert_file "app/views/#{scope}/mailer/confirmation_instructions.html.erb"
-    assert_file "app/views/#{scope}/mailer/reset_password_instructions.html.erb"
-    assert_file "app/views/#{scope}/mailer/unlock_instructions.html.erb"
+    assert_file "app/views/#{scope}/mailer/confirmation_instructions.#{mail_template_engine}"
+    assert_file "app/views/#{scope}/mailer/reset_password_instructions.#{mail_template_engine}"
+    assert_file "app/views/#{scope}/mailer/unlock_instructions.#{mail_template_engine}"
     assert_file "app/views/#{scope}/passwords/edit.html.erb"
     assert_file "app/views/#{scope}/passwords/new.html.erb"
     assert_file "app/views/#{scope}/registrations/new.html.erb"

data/test/integration/authenticatable_test.rb

@@ -131,7 +131,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
     end
   end
 
-  test 'signed in user should not see join page' do
+  test 'signed in user should not see unauthenticated page' do
     sign_in_as_user
     assert warden.authenticated?(:user)
     assert_not warden.authenticated?(:admin)
@@ -141,7 +141,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
     end
   end
 
-  test 'not signed in should see join page' do
+  test 'not signed in users should see unautheticated page' do
     get join_path
 
     assert_response :success
@@ -200,6 +200,12 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
     get root_path
     assert_not_contain 'Signed out successfully'
   end
+
+  test 'scope uses custom failure app' do
+    put "/en/accounts/management"
+    assert_equal "Oops, not found", response.body
+    assert_equal 404, response.status
+  end
 end
 
 class AuthenticationRedirectTest < ActionController::IntegrationTest
@@ -312,7 +318,7 @@ class AuthenticationSessionTest < ActionController::IntegrationTest
   end
 end
 
-class AuthenticationWithScopesTest < ActionController::IntegrationTest
+class AuthenticationWithScopedViewsTest < ActionController::IntegrationTest
   test 'renders the scoped view if turned on and view is available' do
     swap Devise, :scoped_views => true do
       assert_raise Webrat::NotFoundError do
@@ -439,6 +445,22 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
 
+  test 'sign in with xml format is idempotent' do
+    get new_user_session_path(:format => 'xml')
+    assert_response :success
+
+    create_user
+    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+    assert_response :success
+
+    get new_user_session_path(:format => 'xml')
+    assert_response :success
+
+    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+  end
+
   test 'sign out with xml format returns ok response' do
     sign_in_as_user
     get destroy_user_session_path(:format => 'xml')

data/test/integration/confirmable_test.rb

@@ -6,7 +6,7 @@ class ConfirmationTest < ActionController::IntegrationTest
     visit user_confirmation_path(:confirmation_token => confirmation_token)
   end
 
-  test 'user should be able to request a new confirmation' do
+  def resend_confirmation
     user = create_user(:confirm => false)
     ActionMailer::Base.deliveries.clear
 
@@ -15,10 +15,23 @@ class ConfirmationTest < ActionController::IntegrationTest
 
     fill_in 'email', :with => user.email
     click_button 'Resend confirmation instructions'
+  end
+
+  test 'user should be able to request a new confirmation' do
+    resend_confirmation
 
     assert_current_url '/users/sign_in'
     assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
     assert_equal 1, ActionMailer::Base.deliveries.size
+    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
+  end
+
+  test 'user should receive a confirmation from a custom mailer' do
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+
+    resend_confirmation
+
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
   end
 
   test 'user with invalid confirmation token should not be able to confirm an account' do
@@ -93,6 +106,17 @@ class ConfirmationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'not confirmed user should not see confirmation message if invalid credentials are given' do
+    swap Devise, :confirm_within => 0.days do
+      sign_in_as_user(:confirm => false) do
+        fill_in 'password', :with => 'invalid'
+      end
+
+      assert_contain 'Invalid email or password'
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
   test 'not confirmed user but configured with some days to confirm should be able to sign in' do
     swap Devise, :confirm_within => 1.day do
       sign_in_as_user(:confirm => false)
@@ -157,7 +181,7 @@ class ConfirmationTest < ActionController::IntegrationTest
       click_button 'Resend confirmation instructions'
 
       assert_contain "If your e-mail exists on our database, you will receive an email with instructions about how to confirm your account in a few minutes."
-      assert_current_url "/users/confirmation"
+      assert_current_url "/users/sign_in"
     end
   end
 
@@ -173,7 +197,7 @@ class ConfirmationTest < ActionController::IntegrationTest
       assert_not_contain "Email not found"
 
       assert_contain "If your e-mail exists on our database, you will receive an email with instructions about how to confirm your account in a few minutes."
-      assert_current_url "/users/confirmation"
+      assert_current_url "/users/sign_in"
     end
   end
 end

data/test/integration/lockable_test.rb

@@ -6,7 +6,7 @@ class LockTest < ActionController::IntegrationTest
     visit user_unlock_path(:unlock_token => unlock_token)
   end
 
-  test 'user should be able to request a new unlock token' do
+  def send_unlock_request
     user = create_user(:locked => true)
     ActionMailer::Base.deliveries.clear
 
@@ -15,10 +15,23 @@ class LockTest < ActionController::IntegrationTest
 
     fill_in 'email', :with => user.email
     click_button 'Resend unlock instructions'
+  end
+
+  test 'user should be able to request a new unlock token' do
+    send_unlock_request
 
     assert_template 'sessions/new'
     assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
     assert_equal 1, ActionMailer::Base.deliveries.size
+    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
+  end
+
+  test 'user should receive the instructions from a custom mailer' do
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+
+    send_unlock_request
+
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
   end
 
   test 'unlocked user should not be able to request a unlock token' do
@@ -159,8 +172,7 @@ class LockTest < ActionController::IntegrationTest
       fill_in 'email', :with => user.email
       click_button 'Resend unlock instructions'
 
-      assert_current_url "/users/unlock"
-
+      assert_current_url "/users/sign_in"
       assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
     end
   end
@@ -175,8 +187,7 @@ class LockTest < ActionController::IntegrationTest
       fill_in 'email', :with => user.email
       click_button 'Resend unlock instructions'
 
-      assert_current_url "/users/unlock"
-
+      assert_current_url "/users/sign_in"
       assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
     end
   end
@@ -191,7 +202,7 @@ class LockTest < ActionController::IntegrationTest
 
       assert_not_contain "1 error prohibited this user from being saved:"
       assert_not_contain "Email not found"
-      assert_current_url "/users/unlock"
+      assert_current_url "/users/sign_in"
 
       assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
 

data/test/integration/omniauthable_test.rb

@@ -1,5 +1,6 @@
 require 'test_helper'
 
+
 class OmniauthableIntegrationTest < ActionController::IntegrationTest
   FACEBOOK_INFO = {
     "id" => '12345',
@@ -12,14 +13,6 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
 
   setup do
     OmniAuth.config.test_mode = true
-    stub_facebook!
-  end
-
-  teardown do
-    OmniAuth.config.test_mode = false
-  end
-
-  def stub_facebook!
     OmniAuth.config.mock_auth[:facebook] = {
       "uid" => '12345',
       "provider" => 'facebook',
@@ -29,6 +22,10 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     }
   end
 
+  teardown do
+    OmniAuth.config.test_mode = false
+  end
+
   def stub_action!(name)
     Users::OmniauthCallbacksController.class_eval do
       alias_method :__old_facebook, :facebook
@@ -128,7 +125,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
 
     visit "/users/sign_in"
-    click_link "Sign in with facebook"
+    click_link "Sign in with Facebook"
 
     assert_current_url "/users/sign_in"
     assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'

data/test/integration/recoverable_test.rb

@@ -38,6 +38,16 @@ class PasswordTest < ActionController::IntegrationTest
     assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
   end
 
+  test 'reset password with email should send an email from a custom mailer' do
+    create_user(:email => 'Foo@Bar.com')
+
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+    request_forgot_password do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.last.from
+  end
+
   test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
     swap Devise, :case_insensitive_keys => [] do
       create_user(:email => 'Foo@Bar.com')
@@ -208,6 +218,15 @@ class PasswordTest < ActionController::IntegrationTest
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
+  test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
+    swap Devise, :paranoid => true do
+      create_user
+      post user_password_path(:format => 'xml'), :user => {:email => "invalid@test.com"}
+      assert_response :success
+      assert_equal response.body, { }.to_xml
+    end
+  end
+
   test 'change password with valid parameters in XML format should return valid response' do
     user = create_user
     request_forgot_password
@@ -250,7 +269,7 @@ class PasswordTest < ActionController::IntegrationTest
       assert_not_contain "1 error prohibited this user from being saved:"
       assert_not_contain "Email not found"
       assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
-      assert_current_url "/users/password"
+      assert_current_url "/users/sign_in"
     end
   end
 
@@ -262,7 +281,7 @@ class PasswordTest < ActionController::IntegrationTest
       click_button 'Send me reset password instructions'
 
       assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
-      assert_current_url "/users/password"
+      assert_current_url "/users/sign_in"
     end
   end
 end

data/test/integration/registerable_test.rb

@@ -36,13 +36,19 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_current_url "/?custom=1"
   end
 
-  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
+  def user_sign_up
+    ActionMailer::Base.deliveries.clear
+
     get new_user_registration_path
 
     fill_in 'email', :with => 'new_user@test.com'
     fill_in 'password', :with => 'new_user123'
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
+  end
+
+  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
+    user_sign_up
 
     assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
     assert_not_contain 'You have to confirm your account before continuing'
@@ -55,6 +61,17 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_not user.confirmed?
   end
 
+  test 'a guest user should receive the confirmation instructions from the default mailer' do
+    user_sign_up
+    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
+  end
+
+  test 'a guest user should receive the confirmation instructions from a custom mailer' do
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+    user_sign_up
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
+  end
+
   test 'a guest user should be blocked by confirmation and redirected to a custom path' do
     Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1")
     get new_user_registration_path

data/test/integration/timeoutable_test.rb

@@ -16,6 +16,15 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert_not_equal old_last_request, last_request_at
   end
 
+  test 'set last request at in user session after each request is skipped if tracking is disabled' do
+    sign_in_as_user
+    old_last_request = last_request_at
+    assert_not_nil last_request_at
+
+    get users_path, {}, 'devise.skip_trackable' => true
+    assert_equal old_last_request, last_request_at
+  end
+
   test 'not time out user session before default limit time' do
     sign_in_as_user
     assert_response :success

data/test/integration/trackable_test.rb

@@ -36,6 +36,17 @@ class TrackableHooksTest < ActionController::IntegrationTest
     assert_equal "127.0.0.1", user.current_sign_in_ip
     assert_equal "127.0.0.1", user.last_sign_in_ip
   end
+  
+  test "current remote ip returns original ip behind a non transparent proxy" do
+    user = create_user
+    
+    arbitrary_ip = '192.168.1.69'
+    sign_in_as_user do
+      header 'HTTP_X_FORWARDED_FOR', arbitrary_ip
+    end
+    user.reload
+    assert_equal arbitrary_ip, user.current_sign_in_ip
+  end
 
   test "increase sign in count" do
     user = create_user

data/test/mailers/confirmation_instructions_test.rb

@@ -8,6 +8,11 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     Devise.mailer_sender = 'test@example.com'
   end
 
+  def teardown
+    Devise.mailer = 'Devise::Mailer'
+    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
+  end
+
   def user
     @user ||= create_user
   end

data/test/mailers/reset_password_instructions_test.rb

@@ -8,6 +8,11 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
     Devise.mailer_sender = 'test@example.com'
   end
 
+  def teardown
+    Devise.mailer = 'Devise::Mailer'
+    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
+  end
+
   def user
     @user ||= begin
       user = create_user

data/test/mailers/unlock_instructions_test.rb

@@ -8,6 +8,11 @@ class UnlockInstructionsTest < ActionMailer::TestCase
     Devise.mailer_sender = 'test@example.com'
   end
 
+  def teardown
+    Devise.mailer = 'Devise::Mailer'
+    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
+  end
+
   def user
     @user ||= begin
       user = create_user