devise 1.5.1 → 2.0.0

data/test/integration/registerable_test.rb

@@ -13,7 +13,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_contain 'Welcome! You have signed up successfully.'
+    assert_contain 'You have signed up successfully'
     assert warden.authenticated?(:admin)
     assert_current_url "/admin_area/home"
 
@@ -50,7 +50,7 @@ class RegistrationTest < ActionController::IntegrationTest
   test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
     user_sign_up
 
-    assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
+    assert_contain 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
     assert_not_contain 'You have to confirm your account before continuing'
     assert_current_url "/"
 
@@ -291,3 +291,34 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_equal User.count, 0
   end
 end
+
+class ReconfirmableRegistrationTest < ActionController::IntegrationTest
+  test 'a signed in admin should see a more appropriate flash message when editing his account if reconfirmable is enabled' do
+    sign_in_as_admin
+    get edit_admin_registration_path
+
+    fill_in 'email', :with => 'admin.new@example.com'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/admin_area/home'
+    assert_contain 'but we need to verify your new email address'
+
+    assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
+  end
+
+  test 'a signed in admin should not see a reconfirmation message if they did not change their password' do
+    sign_in_as_admin
+    get edit_admin_registration_path
+
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => 'pas123'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/admin_area/home'
+    assert_contain 'You updated your account successfully.'
+
+    assert Admin.first.valid_password?('pas123')
+  end
+end

data/test/integration/rememberable_test.rb

@@ -9,14 +9,6 @@ class RememberMeTest < ActionController::IntegrationTest
     user
   end
 
-  def create_admin_and_remember
-    admin = create_admin
-    admin.remember_me!
-    raw_cookie = Admin.serialize_into_cookie(admin)
-    cookies['remember_admin_token'] = generate_signed_cookie(raw_cookie)
-    admin
-  end
-
   def generate_signed_cookie(raw_cookie)
     request = ActionDispatch::TestRequest.new
     request.cookie_jar.signed['raw_cookie'] = raw_cookie
@@ -117,34 +109,6 @@ class RememberMeTest < ActionController::IntegrationTest
     end
   end
 
-  test 'if both extend_remember_period and remember_across_browsers are true, sends the same token with a new expire date' do
-    swap Devise, :remember_across_browsers => true, :extend_remember_period => true, :remember_for => 1.year do
-      admin = create_admin_and_remember
-      token = admin.remember_token
-
-      admin.remember_created_at = old = 10.minutes.ago
-      admin.save!
-
-      get root_path
-      assert (cookie_expires("remember_admin_token") - 1.year) > (old + 5.minutes)
-      assert_equal token, signed_cookie("remember_admin_token").last
-    end
-  end
-
-  test 'if both extend_remember_period and remember_across_browsers are false, sends a new token with old expire date' do
-    swap Devise, :remember_across_browsers => false, :extend_remember_period => false, :remember_for => 1.year do
-      admin = create_admin_and_remember
-      token = admin.remember_token
-
-      admin.remember_created_at = old = 10.minutes.ago
-      admin.save!
-
-      get root_path
-      assert (cookie_expires("remember_admin_token") - 1.year) < (old + 5.minutes)
-      assert_not_equal token, signed_cookie("remember_admin_token").last
-    end
-  end
-
   test 'do not remember other scopes' do
     user = create_user_and_remember
     get root_path
@@ -182,20 +146,6 @@ class RememberMeTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
 
-  test 'do not remember the admin anymore after forget' do
-    admin = create_admin_and_remember
-    get root_path
-    assert warden.authenticated?(:admin)
-
-    get destroy_admin_session_path
-    assert_not warden.authenticated?(:admin)
-    assert_nil admin.reload.remember_token
-    assert_nil warden.cookies['remember_admin_token']
-
-    get root_path
-    assert_not warden.authenticated?(:admin)
-  end
-
   test 'changing user password expires remember me token' do
     user = create_user_and_remember
     user.password = "another_password"

data/test/integration/timeoutable_test.rb

@@ -41,7 +41,7 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert_not_nil last_request_at
 
     get users_path
-    assert_redirected_to new_user_session_path
+    assert_redirected_to users_path
     assert_not warden.authenticated?(:user)
   end
 
@@ -68,12 +68,25 @@ class SessionTimeoutTest < ActionController::IntegrationTest
 
       get expire_user_path(user)
       get users_path
-      assert_redirected_to new_user_session_path
+      assert_redirected_to users_path
       assert_not warden.authenticated?(:user)
     end
   end
 
   test 'error message with i18n' do
+    store_translations :en, :devise => {
+      :failure => { :user => { :timeout => 'Session expired!' } }
+    } do
+      user = sign_in_as_user
+
+      get expire_user_path(user)
+      get root_path
+      follow_redirect!
+      assert_contain 'Session expired!'
+    end
+  end
+
+  test 'error message with i18n with double redirect' do
     store_translations :en, :devise => {
       :failure => { :user => { :timeout => 'Session expired!' } }
     } do
@@ -82,15 +95,16 @@ class SessionTimeoutTest < ActionController::IntegrationTest
       get expire_user_path(user)
       get users_path
       follow_redirect!
+      follow_redirect!
       assert_contain 'Session expired!'
     end
   end
-  
+
   test 'time out not triggered if remembered' do
     user = sign_in_as_user :remember_me => true
     get expire_user_path(user)
     assert_not_nil last_request_at
-    
+
     get users_path
     assert_response :success
     assert warden.authenticated?(:user)

data/test/integration/token_authenticatable_test.rb

@@ -25,7 +25,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
   end
 
   test 'authenticate with valid authentication token key but does not store if stateless' do
-    swap Devise, :token_authentication_key => :secret_token, :stateless_token => true do
+    swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth] do
       sign_in_as_new_user_with_token
       assert warden.authenticated?(:user)
 
@@ -88,7 +88,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
   end
 
   test 'authenticate with valid authentication token key and do not store if stateless and timeoutable are enabled' do
-    swap Devise, :token_authentication_key => :secret_token, :stateless_token => true, :timeout_in => (0.1).second do
+    swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth], :timeout_in => (0.1).second do
       user = sign_in_as_new_user_with_token
       assert warden.authenticated?(:user)
 
@@ -112,7 +112,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
 
       assert_not_equal user1, user2
       visit users_path(Devise.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
-      assert_nil warden.user(:user) 
+      assert_nil warden.user(:user)
     end
   end
 
@@ -125,7 +125,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
       options[:auth_token]     ||= user.authentication_token
 
       if options[:http_auth]
-        header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
+        header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
         get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
       else
         visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
@@ -145,4 +145,4 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
       sign_in_as_new_user_with_token(:user => user)
     end
 
-end
+end

data/test/integration/trackable_test.rb

@@ -36,11 +36,11 @@ class TrackableHooksTest < ActionController::IntegrationTest
     assert_equal "127.0.0.1", user.current_sign_in_ip
     assert_equal "127.0.0.1", user.last_sign_in_ip
   end
-  
+
   test "current remote ip returns original ip behind a non transparent proxy" do
     user = create_user
-    
-    arbitrary_ip = '192.168.1.69'
+
+    arbitrary_ip = '200.121.1.69'
     sign_in_as_user do
       header 'HTTP_X_FORWARDED_FOR', arbitrary_ip
     end
@@ -63,7 +63,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
   end
 
   test "does not update anything if user has signed out along the way" do
-    swap Devise, :confirm_within => 0 do
+    swap Devise, :allow_unconfirmed_access_for => 0 do
       user = create_user(:confirm => false)
       sign_in_as_user
 
@@ -72,7 +72,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
       assert_nil user.last_sign_in_at
     end
   end
-  
+
   test "do not track if devise.skip_trackable is set" do
     user = create_user
     sign_in_as_user do
@@ -81,7 +81,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
     user.reload
     assert_equal 0, user.sign_in_count
     visit destroy_user_session_path
-    
+
     sign_in_as_user do
       header 'devise.skip_trackable', false
     end

data/test/mapping_test.rb

@@ -51,12 +51,12 @@ class MappingTest < ActiveSupport::TestCase
 
   test 'has strategies depending on the model declaration' do
     assert_equal [:rememberable, :token_authenticatable, :database_authenticatable], Devise.mappings[:user].strategies
-    assert_equal [:rememberable, :database_authenticatable], Devise.mappings[:admin].strategies
+    assert_equal [:database_authenticatable], Devise.mappings[:admin].strategies
   end
 
   test 'has no input strategies depending on the model declaration' do
     assert_equal [:rememberable, :token_authenticatable], Devise.mappings[:user].no_input_strategies
-    assert_equal [:rememberable], Devise.mappings[:admin].no_input_strategies
+    assert_equal [], Devise.mappings[:admin].no_input_strategies
   end
 
   test 'find scope for a given object' do
@@ -108,7 +108,6 @@ class MappingTest < ActiveSupport::TestCase
     assert mapping.authenticatable?
     assert mapping.recoverable?
     assert mapping.lockable?
-    assert_not mapping.confirmable?
     assert_not mapping.omniauthable?
   end
   

data/test/models/confirmable_test.rb

@@ -80,8 +80,8 @@ class ConfirmableTest < ActiveSupport::TestCase
   end
 
   test 'should send confirmation instructions by email' do
-    assert_email_sent do
-      create_user
+    assert_email_sent "mynewuser@example.com" do
+      create_user :email => "mynewuser@example.com"
     end
   end
 
@@ -123,7 +123,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'should send email instructions for the user confirm its email' do
     user = create_user
-    assert_email_sent do
+    assert_email_sent user.email do
       User.send_confirmation_instructions(:email => user.email)
     end
   end
@@ -164,19 +164,19 @@ class ConfirmableTest < ActiveSupport::TestCase
   end
 
   test 'confirm time should fallback to devise confirm in default configuration' do
-    swap Devise, :confirm_within => 1.day do
+    swap Devise, :allow_unconfirmed_access_for => 1.day do
       user = new_user
       user.confirmation_sent_at = 2.days.ago
       assert_not user.active_for_authentication?
 
-      Devise.confirm_within = 3.days
+      Devise.allow_unconfirmed_access_for = 3.days
       assert user.active_for_authentication?
     end
   end
 
   test 'should be active when confirmation sent at is not overpast' do
-    swap Devise, :confirm_within => 5.days do
-      Devise.confirm_within = 5.days
+    swap Devise, :allow_unconfirmed_access_for => 5.days do
+      Devise.allow_unconfirmed_access_for = 5.days
       user = create_user
 
       user.confirmation_sent_at = 4.days.ago
@@ -198,7 +198,7 @@ class ConfirmableTest < ActiveSupport::TestCase
   end
 
   test 'should not be active when confirm in is zero' do
-    Devise.confirm_within = 0.days
+    Devise.allow_unconfirmed_access_for = 0.days
     user = create_user
     user.confirmation_sent_at = Date.today
     assert_not user.active_for_authentication?
@@ -236,3 +236,96 @@ class ConfirmableTest < ActiveSupport::TestCase
     end
   end
 end
+
+class ReconfirmableTest < ActiveSupport::TestCase
+  test 'should not worry about validations on confirm even with reconfirmable' do
+    admin = create_admin
+    admin.reset_password_token = "a"
+    assert admin.confirm!
+  end
+
+  test 'should generate confirmation token after changing email' do
+    admin = create_admin
+    assert admin.confirm!
+    assert_nil admin.confirmation_token
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert_not_nil admin.confirmation_token
+  end
+
+  test 'should regenerate confirmation token after changing email' do
+    admin = create_admin
+    assert admin.confirm!
+    assert admin.update_attributes(:email => 'old_test@example.com')
+    token = admin.confirmation_token
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert_not_equal token, admin.confirmation_token
+  end
+
+  test 'should send confirmation instructions by email after changing email' do
+    admin = create_admin
+    assert admin.confirm!
+    assert_email_sent "new_test@example.com" do
+      assert admin.update_attributes(:email => 'new_test@example.com')
+    end
+  end
+
+  test 'should not send confirmation by email after changing password' do
+    admin = create_admin
+    assert admin.confirm!
+    assert_email_not_sent do
+      assert admin.update_attributes(:password => 'newpass', :password_confirmation => 'newpass')
+    end
+  end
+
+  test 'should stay confirmed when email is changed' do
+    admin = create_admin
+    assert admin.confirm!
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert admin.confirmed?
+  end
+
+  test 'should update email only when it is confirmed' do
+    admin = create_admin
+    assert admin.confirm!
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert_not_equal 'new_test@example.com', admin.email
+    assert admin.confirm!
+    assert_equal 'new_test@example.com', admin.email
+  end
+
+  test 'should not allow admin to get past confirmation email by resubmitting their new address' do
+    admin = create_admin
+    assert admin.confirm!
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert_not_equal 'new_test@example.com', admin.email
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert_not_equal 'new_test@example.com', admin.email
+  end
+
+  test 'should find a admin by send confirmation instructions with unconfirmed_email' do
+    admin = create_admin
+    assert admin.confirm!
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    confirmation_admin = Admin.send_confirmation_instructions(:email => admin.unconfirmed_email)
+    assert_equal confirmation_admin, admin
+  end
+
+  test 'should return a new admin if no email or unconfirmed_email was found' do
+    confirmation_admin = Admin.send_confirmation_instructions(:email => "invalid@email.com")
+    assert_not confirmation_admin.persisted?
+  end
+
+  test 'should add error to new admin email if no email or unconfirmed_email was found' do
+    confirmation_admin = Admin.send_confirmation_instructions(:email => "invalid@email.com")
+    assert confirmation_admin.errors[:email]
+    assert_equal "not found", confirmation_admin.errors[:email].join
+  end
+
+  test 'should find admin with email in unconfirmed_emails' do
+    admin = create_admin
+    admin.unconfirmed_email = "new_test@email.com"
+    assert admin.save
+    admin = Admin.find_by_unconfirmed_email_with_errors(:email => "new_test@email.com")
+    assert admin.persisted?
+  end
+end

data/test/models/database_authenticatable_test.rb

@@ -28,6 +28,12 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
   end
 
+  test "param filter should not convert regular expressions to strings" do
+    conditions = { "regexp" => /expression/ }
+    conditions = Devise::ParamFilter.new([], []).filter(conditions)
+    assert_equal( { "regexp" => /expression/ }, conditions)
+  end
+
   test 'should respond to password and password confirmation' do
     user = new_user
     assert user.respond_to?(:password)
@@ -87,6 +93,13 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert user.reload.valid_password?('pass321')
   end
   
+  test 'should update password with valid current password and :as option' do
+    user = create_user
+    assert user.update_with_password(:current_password => '123456',
+      :password => 'pass321', :password_confirmation => 'pass321', :as => :admin)
+    assert user.reload.valid_password?('pass321')
+  end
+  
   test 'should add an error to current password when it is invalid' do
     user = create_user
     assert_not user.update_with_password(:current_password => 'other',
@@ -138,6 +151,12 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     user.update_without_password(:email => 'new@example.com')
     assert_equal 'new@example.com', user.email
   end
+  
+  test 'should update the user without password with :as option' do
+    user = create_user
+    user.update_without_password(:email => 'new@example.com', :as => :admin)
+    assert_equal 'new@example.com', user.email
+  end
 
   test 'should not update password without password' do
     user = create_user

data/test/models/encryptable_test.rb

@@ -31,7 +31,7 @@ class EncryptableTest < ActiveSupport::TestCase
 
   test 'should generate a base64 hash using SecureRandom for password salt' do
     swap_with_encryptor Admin, :sha1 do
-      SecureRandom.expects(:base64).with(15).returns('01lI')
+      SecureRandom.expects(:base64).with(15).returns('01lI').twice
       salt = create_admin.password_salt
       assert_not_equal '01lI', salt
       assert_equal 4, salt.size

data/test/models/lockable_test.rb

@@ -23,6 +23,19 @@ class LockableTest < ActiveSupport::TestCase
     assert_equal 0, user.reload.failed_attempts
   end
 
+  test "should increment failed_attempts on successfull validation if the user is already locked" do
+    user = create_user
+    user.confirm!
+
+    swap Devise, :maximum_attempts => 2 do
+      3.times { user.valid_for_authentication?{ false } }
+      assert user.reload.access_locked?
+    end
+
+    user.valid_for_authentication?{ true }
+    assert_equal 4, user.reload.failed_attempts
+  end
+
   test "should not touch failed_attempts if lock_strategy is none" do
     user = create_user
     user.confirm!

data/test/models/recoverable_test.rb

@@ -195,31 +195,4 @@ class RecoverableTest < ActiveSupport::TestCase
       assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
     end
   end
-
-  test 'should save the model when the reset_password_sent_at doesnt exist' do
-    user = create_user
-    def user.respond_to?(meth, *)
-      if meth == :reset_password_sent_at=
-        false
-      else
-        super
-      end
-    end
-    user.send_reset_password_instructions
-    user.reload
-    assert_not_nil user.reset_password_token
-  end
-
-  test 'should have valid period if does not respond to reset_password_sent_at' do
-    user = create_user
-    def user.respond_to?(meth, *)
-      if meth == :reset_password_sent_at
-        false
-      else
-        super
-      end
-    end
-    assert user.reset_password_period_valid?
-  end
-
 end