devise 1.5.1 → 2.0.0

data/test/models/rememberable_test.rb

@@ -1,7 +1,46 @@
 require 'test_helper'
 
-module SharedRememberableTest
-  extend ActiveSupport::Testing::Declarative
+class RememberableTest < ActiveSupport::TestCase
+  def resource_class
+    User
+  end
+
+  def create_resource
+    create_user
+  end
+
+  test 'remember_me should not generate a new token if using salt' do
+    user = create_user
+    user.expects(:valid?).never
+    user.remember_me!
+  end
+
+  test 'forget_me should not clear remember token if using salt' do
+    user = create_user
+    user.remember_me!
+    user.expects(:valid?).never
+    user.forget_me!
+  end
+
+  test 'serialize into cookie' do
+    user = create_user
+    user.remember_me!
+    assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
+  end
+
+  test 'serialize from cookie' do
+    user = create_user
+    user.remember_me!
+    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
+  end
+
+  test 'raises a RuntimeError if authenticatable_salt is nil' do
+    user = User.new
+    user.encrypted_password = nil
+    assert_raise RuntimeError do
+      user.rememberable_value
+    end
+  end
 
   test 'should respond to remember_me attribute' do
     assert resource_class.new.respond_to?(:remember_me)
@@ -127,161 +166,3 @@ module SharedRememberableTest
     end
   end
 end
-
-class RememberableTest < ActiveSupport::TestCase
-  include SharedRememberableTest
-
-  def resource_class
-    Admin
-  end
-
-  def create_resource
-    create_admin
-  end
-
-  test 'remember_me should generate a new token and save the record without validating' do
-    admin = create_admin
-    admin.expects(:valid?).never
-    token = admin.remember_token
-    admin.remember_me!
-    assert_not_equal token, admin.remember_token
-    assert_not admin.changed?
-  end
-
-  test 'forget_me should clear remember token and save the record without validating' do
-    admin = create_admin
-    admin.remember_me!
-    assert_not admin.remember_token.nil?
-    admin.expects(:valid?).never
-    admin.forget_me!
-    assert admin.remember_token.nil?
-    assert_not admin.changed?
-  end
-
-  test 'serialize into cookie' do
-    admin = create_admin
-    admin.remember_me!
-    assert_equal [admin.to_key, admin.remember_token], Admin.serialize_into_cookie(admin)
-  end
-
-  test 'serialize from cookie' do
-    admin = create_admin
-    admin.remember_me!
-    assert_equal admin, Admin.serialize_from_cookie(admin.to_key, admin.remember_token)
-  end
-
-  test 'if remember_across_browsers is true, remember_me! should create a new token if no token exists' do
-    swap Devise, :remember_across_browsers => true, :remember_for => 1.year do
-      admin = create_admin
-      assert_equal nil, admin.remember_token
-      admin.remember_me!
-      assert_not_equal nil, admin.remember_token
-    end
-  end
-
-  test 'if remember_across_browsers is true, remember_me! should create a new token if a token exists but has expired' do
-    swap Devise, :remember_across_browsers => true, :remember_for => 1.day do
-      admin = create_admin
-      admin.remember_me!
-      admin.remember_created_at = 2.days.ago
-      admin.save
-      token = admin.remember_token
-      admin.remember_me!
-      assert_not_equal token, admin.remember_token
-    end
-  end
-
-  test 'if remember_across_browsers is true, remember_me! should not create a new token if a token exists and has not expired' do
-    swap Devise, :remember_across_browsers => true, :remember_for => 2.days do
-      admin = create_admin
-      admin.remember_me!
-      admin.remember_created_at = 1.day.ago
-      admin.save
-      token = admin.remember_token
-      admin.remember_me!
-      assert_equal token, admin.remember_token
-    end
-  end
-
-  test 'if remember_across_browsers is false, remember_me! should create a new token if no token exists' do
-    swap Devise, :remember_across_browsers => false do
-      admin = create_admin
-      assert_equal nil, admin.remember_token
-      admin.remember_me!
-      assert_not_equal nil, admin.remember_token
-    end
-  end
-
-  test 'if remember_across_browsers is false, remember_me! should create a new token if a token exists but has expired' do
-    swap Devise, :remember_across_browsers => false, :remember_for => 1.day do
-      admin = create_admin
-      admin.remember_me!
-      admin.remember_created_at = 2.days.ago
-      admin.save
-      token = admin.remember_token
-      admin.remember_me!
-      assert_not_equal token, admin.remember_token
-    end
-  end
-
-  test 'if remember_across_browsers is false, remember_me! should create a new token if a token exists and has not expired' do
-    swap Devise, :remember_across_browsers => false, :remember_for => 2.days do
-      admin = create_admin
-      admin.remember_me!
-      admin.remember_created_at = 1.day.ago
-      admin.save
-      token = admin.remember_token
-      admin.remember_me!
-      assert_not_equal token, admin.remember_token
-    end
-  end
-end
-
-class WithSaltRememberableTest < ActiveSupport::TestCase
-  include SharedRememberableTest
-
-  setup do
-    assert_not User.new.respond_to?(:remember_token)
-  end
-
-  def resource_class
-    User
-  end
-
-  def create_resource
-    create_user
-  end
-
-  test 'remember_me should not generate a new token if using salt' do
-    user = create_user
-    user.expects(:valid?).never
-    user.remember_me!
-  end
-
-  test 'forget_me should not clear remember token if using salt' do
-    user = create_user
-    user.remember_me!
-    user.expects(:valid?).never
-    user.forget_me!
-  end
-
-  test 'serialize into cookie' do
-    user = create_user
-    user.remember_me!
-    assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
-  end
-
-  test 'serialize from cookie' do
-    user = create_user
-    user.remember_me!
-    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
-  end
-
-  test 'raises a RuntimeError if authenticatable_salt is nil' do
-    user = User.new
-    user.encrypted_password = nil
-    assert_raise RuntimeError do
-      user.rememberable_value
-    end
-  end
-end

data/test/models/serializable_test.rb

@@ -16,7 +16,7 @@ class SerializableTest < ActiveSupport::TestCase
   end
 
   test 'should include unsafe keys on XML if a force_except is provided' do
-    assert_no_match /email/, @user.to_xml(:force_except => :email)
+    assert_no_match /<email/, @user.to_xml(:force_except => :email)
     assert_match /confirmation-token/, @user.to_xml(:force_except => :email)
   end
 

data/test/models/timeoutable_test.rb

@@ -14,6 +14,20 @@ class TimeoutableTest < ActiveSupport::TestCase
     assert_not new_user.timedout?(nil)
   end
 
+  test 'should use timeout_in method' do
+    user = new_user
+    user.instance_eval { def timeout_in; 10.minutes end }
+
+    assert user.timedout?(12.minutes.ago)
+    assert_not user.timedout?(8.minutes.ago)
+  end
+
+  test 'should not be expired when timeout_in method returns nil' do
+    user = new_user
+    user.instance_eval { def timeout_in; nil end }
+    assert_not user.timedout?(10.hours.ago)
+  end
+
   test 'fallback to Devise config option' do
     swap Devise, :timeout_in => 1.minute do
       user = new_user

data/test/models_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 class Configurable < User
   devise :database_authenticatable, :encryptable, :confirmable, :rememberable, :timeoutable, :lockable,
-         :stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
+         :stretches => 15, :pepper => 'abcdef', :allow_unconfirmed_access_for => 5.days,
          :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
 end
 
@@ -39,7 +39,7 @@ class ActiveRecordTest < ActiveSupport::TestCase
   end
 
   test 'can cherry pick modules' do
-    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :rememberable, :encryptable
+    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :encryptable, :confirmable
   end
 
   test 'validations options are not applied too late' do
@@ -55,12 +55,12 @@ class ActiveRecordTest < ActiveSupport::TestCase
   end
 
   test 'chosen modules are inheritable' do
-    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :rememberable, :encryptable
+    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :encryptable, :confirmable
   end
 
   test 'order of module inclusion' do
-    correct_module_order   = [:database_authenticatable, :rememberable, :encryptable, :recoverable, :registerable, :lockable, :timeoutable]
-    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :encryptable, :rememberable]
+    correct_module_order   = [:database_authenticatable, :encryptable, :recoverable, :registerable, :confirmable, :lockable, :timeoutable]
+    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :encryptable, :confirmable]
 
     assert_include_modules Admin, *incorrect_module_order
 
@@ -87,8 +87,8 @@ class ActiveRecordTest < ActiveSupport::TestCase
     assert_equal 'abcdef', Configurable.pepper
   end
 
-  test 'set a default value for confirm_within' do
-    assert_equal 5.days, Configurable.confirm_within
+  test 'set a default value for allow_unconfirmed_access_for' do
+    assert_equal 5.days, Configurable.allow_unconfirmed_access_for
   end
 
   test 'set a default value for remember_for' do

data/test/path_checker_test.rb

@@ -0,0 +1,21 @@
+require 'test_helper'
+
+class PathCheckerTest < ActiveSupport::TestCase
+  test 'check if sign out path matches' do
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_out"}, :user)
+    assert path_checker.signing_out?
+
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_in"}, :user)
+    assert_not path_checker.signing_out?
+  end
+
+  test 'considers script name' do
+    path_checker = Devise::PathChecker.new({"SCRIPT_NAME" => "/users", "PATH_INFO" => "/sign_out"}, :user)
+    assert path_checker.signing_out?
+  end
+
+  test 'ignores invalid routes' do
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_in"}, :omg)
+    assert_not path_checker.signing_out?
+  end
+end

data/test/rails_app/app/mongoid/admin.rb

@@ -5,5 +5,26 @@ class Admin
   include Shim
   include SharedAdmin
 
-  field :remember_token, :type => String
+  ## Database authenticatable
+  field :email,              :type => String, :null => true
+  field :encrypted_password, :type => String, :null => true
+
+  ## Recoverable
+  field :reset_password_token,   :type => String
+  field :reset_password_sent_at, :type => Time
+
+  ## Rememberable
+  field :remember_created_at, :type => Time
+
+  ## Confirmable
+  field :confirmation_token,   :type => String
+  field :confirmed_at,         :type => Time
+  field :confirmation_sent_at, :type => Time
+  field :unconfirmed_email,    :type => String # Only if using reconfirmable
+
+  ## Encryptable
+  field :password_salt, :type => String
+
+  ## Lockable
+  field :locked_at, :type => Time
 end

data/test/rails_app/app/mongoid/user.rb

@@ -7,4 +7,39 @@ class User
 
   field :username, :type => String
   field :facebook_token, :type => String
+
+  ## Database authenticatable
+  field :email,              :type => String, :null => false, :default => ""
+  field :encrypted_password, :type => String, :null => false, :default => ""
+
+  ## Recoverable
+  field :reset_password_token,   :type => String
+  field :reset_password_sent_at, :type => Time
+
+  ## Rememberable
+  field :remember_created_at, :type => Time
+
+  ## Trackable
+  field :sign_in_count,      :type => Integer, :default => 0
+  field :current_sign_in_at, :type => Time
+  field :last_sign_in_at,    :type => Time
+  field :current_sign_in_ip, :type => String
+  field :last_sign_in_ip,    :type => String
+
+  ## Encryptable
+  # field :password_salt, :type => String
+
+  ## Confirmable
+  field :confirmation_token,   :type => String
+  field :confirmed_at,         :type => Time
+  field :confirmation_sent_at, :type => Time
+  # field :unconfirmed_email,    :type => String # Only if using reconfirmable
+
+  ## Lockable
+  field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts
+  field :unlock_token,    :type => String # Only if unlock strategy is :email or :both
+  field :locked_at,       :type => Time
+
+  ## Token authenticatable
+  field :authentication_token, :type => String
 end

data/test/rails_app/config/initializers/devise.rb

@@ -12,6 +12,9 @@ Devise.setup do |config|
   # Configure the class responsible to send e-mails.
   # config.mailer = "Devise::Mailer"
 
+  # Disable apply schema
+  config.apply_schema = false
+
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and
   # :mongoid (bson_ext recommended) by default. Other ORMs may be
@@ -60,16 +63,16 @@ Devise.setup do |config|
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
-  config.stretches = 10
+  config.stretches = Rails.env.test? ? 1 : 10
 
   # ==> Configuration for :confirmable
   # The time you want to give your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is nil.
-  # When confirm_within is zero, the user won't be able to sign in without confirming.
+  # When allow_unconfirmed_access_for is zero, the user won't be able to sign in without confirming.
   # You can use this to let your user access some features of your application
   # without confirming the account, but blocking it after a certain period
   # (ie 2 days).
-  # config.confirm_within = 2.days
+  # config.allow_unconfirmed_access_for = 2.days
 
   # Defines which key will be used when confirming an account
   # config.confirmation_keys = [ :email ]
@@ -148,10 +151,6 @@ Devise.setup do |config|
   # Defines name of the authentication token params key
   # config.token_authentication_key = :auth_token
 
-  # If true, authentication through token does not store user in session and needs
-  # to be supplied on each request. Useful if you are using the token as API token.
-  # config.stateless_token = false
-
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "users/sessions/new". It's turned off by default because it's slower if you

data/test/rails_app/config/routes.rb

@@ -12,9 +12,7 @@ Rails.application.routes.draw do
   resources :admins, :only => [:index]
 
   # Users scope
-  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } do
-    match "/devise_for/sign_in", :to => "devise/sessions#new"
-  end
+  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
 
   as :user do
     match "/as/sign_in", :to => "devise/sessions#new"
@@ -64,14 +62,14 @@ Rails.application.routes.draw do
     devise_for :accounts, :class_name => "Admin", :path_names => { :sign_in => "get_in" }
   end
 
-  scope ":locale" do
+  scope ":locale", :module => :invalid do
     devise_for :accounts, :singular => "manager", :class_name => "Admin",
       :path_names => {
         :sign_in => "login", :sign_out => "logout",
         :password => "secret", :confirmation => "verification",
         :unlock => "unblock", :sign_up => "register",
         :registration => "management", :cancel => "giveup"
-      }, :failure_app => lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }
+      }, :failure_app => lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }, :module => :devise
   end
 
   namespace :sign_out_via, :module => "devise" do

data/test/rails_app/db/migrate/20100401102949_create_tables.rb

@@ -4,22 +4,68 @@ class CreateTables < ActiveRecord::Migration
       t.string :username
       t.string :facebook_token
 
-      t.database_authenticatable :null => false
-      t.confirmable
-      t.recoverable
-      t.rememberable
-      t.trackable
-      t.lockable
-      t.token_authenticatable
+      ## Database authenticatable
+      t.string :email,              :null => false, :default => ""
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, :default => 0
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Encryptable
+      # t.string :password_salt
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      t.integer  :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
+      t.string   :unlock_token # Only if unlock strategy is :email or :both
+      t.datetime :locked_at
+
+      ## Token authenticatable
+      t.string :authentication_token
+
       t.timestamps
     end
 
     create_table :admins do |t|
-      t.database_authenticatable :null => true
-      t.encryptable
-      t.rememberable :use_salt => false
-      t.recoverable
-      t.lockable
+      ## Database authenticatable
+      t.string :email,              :null => true
+      t.string :encrypted_password, :null => true
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Encryptable
+      t.string :password_salt
+
+      ## Lockable
+      t.datetime :locked_at
+
       t.timestamps
     end
   end

data/test/rails_app/lib/shared_admin.rb

@@ -3,8 +3,12 @@ module SharedAdmin
 
   included do
     devise :database_authenticatable, :encryptable, :registerable,
-           :timeoutable, :recoverable, :rememberable, :lockable,
-           :unlock_strategy => :time
+           :timeoutable, :recoverable, :lockable, :confirmable,
+           :unlock_strategy => :time, :lock_strategy => :none,
+           :allow_unconfirmed_access_for => 2.weeks, :reconfirmable => true
+
+    validates_length_of     :reset_password_token, :minimum => 3, :allow_blank => true
+    validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed?
   end
 
 end

data/test/rails_app/log/development.log

@@ -0,0 +1,13 @@
+   (0.1ms)  select sqlite_version(*)
+   (1.3ms)  CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) 
+   (0.0ms)  PRAGMA index_list("schema_migrations")
+   (1.1ms)  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
+   (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" 
+Migrating to CreateTables (20100401102949)
+   (0.4ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "username" varchar(255), "facebook_token" varchar(255), "email" varchar(255) DEFAULT '' NOT NULL, "encrypted_password" varchar(128) DEFAULT '' NOT NULL, "confirmation_token" varchar(255), "confirmed_at" datetime, "confirmation_sent_at" datetime, "reset_password_token" varchar(255), "reset_password_sent_at" datetime, "remember_created_at" datetime, "sign_in_count" integer DEFAULT 0, "current_sign_in_at" datetime, "last_sign_in_at" datetime, "current_sign_in_ip" varchar(255), "last_sign_in_ip" varchar(255), "failed_attempts" integer DEFAULT 0, "unlock_token" varchar(255), "locked_at" datetime, "authentication_token" varchar(255), "created_at" datetime, "updated_at" datetime) 
+   (0.1ms)  CREATE TABLE "admins" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "email" varchar(255), "encrypted_password" varchar(128), "password_salt" varchar(255), "remember_token" varchar(255), "remember_created_at" datetime, "reset_password_token" varchar(255), "reset_password_sent_at" datetime, "failed_attempts" integer DEFAULT 0, "unlock_token" varchar(255), "locked_at" datetime, "created_at" datetime, "updated_at" datetime) 
+   (0.1ms)  INSERT INTO "schema_migrations" ("version") VALUES ('20100401102949')
+   (0.1ms)  select sqlite_version(*)
+   (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" 
+   (0.0ms)  PRAGMA index_list("admins")
+   (0.0ms)  PRAGMA index_list("users")