devise 1.5.3 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.rdoc +98 -71
- data/MIT-LICENSE +1 -1
- data/README.rdoc +4 -2
- data/app/controllers/devise/confirmations_controller.rb +3 -6
- data/app/controllers/devise/omniauth_callbacks_controller.rb +1 -3
- data/app/controllers/devise/passwords_controller.rb +3 -6
- data/app/controllers/devise/registrations_controller.rb +40 -42
- data/app/controllers/devise/sessions_controller.rb +2 -3
- data/app/controllers/devise/unlocks_controller.rb +4 -7
- data/app/controllers/devise_controller.rb +169 -0
- data/app/views/devise/_links.erb +25 -0
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +1 -1
- data/app/views/devise/passwords/new.html.erb +1 -1
- data/app/views/devise/registrations/new.html.erb +1 -1
- data/app/views/devise/sessions/new.html.erb +1 -1
- data/app/views/devise/shared/_links.erb +3 -25
- data/app/views/devise/unlocks/new.html.erb +1 -1
- data/config/locales/en.yml +5 -6
- data/lib/devise/controllers/helpers.rb +8 -2
- data/lib/devise/controllers/scoped_views.rb +0 -16
- data/lib/devise/controllers/url_helpers.rb +16 -2
- data/lib/devise/failure_app.rb +43 -8
- data/lib/devise/models/authenticatable.rb +22 -1
- data/lib/devise/models/confirmable.rb +80 -22
- data/lib/devise/models/database_authenticatable.rb +0 -11
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/recoverable.rb +5 -5
- data/lib/devise/models/rememberable.rb +5 -20
- data/lib/devise/models/serializable.rb +5 -2
- data/lib/devise/models/timeoutable.rb +1 -3
- data/lib/devise/models/token_authenticatable.rb +1 -4
- data/lib/devise/models/validatable.rb +1 -1
- data/lib/devise/models.rb +1 -1
- data/lib/devise/modules.rb +2 -2
- data/lib/devise/orm/active_record.rb +6 -0
- data/lib/devise/param_filter.rb +1 -1
- data/lib/devise/path_checker.rb +5 -1
- data/lib/devise/rails/routes.rb +16 -10
- data/lib/devise/rails/warden_compat.rb +0 -83
- data/lib/devise/rails.rb +61 -0
- data/lib/devise/schema.rb +5 -0
- data/lib/devise/strategies/authenticatable.rb +14 -10
- data/lib/devise/strategies/token_authenticatable.rb +3 -3
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +56 -33
- data/lib/generators/active_record/devise_generator.rb +40 -2
- data/lib/generators/active_record/templates/migration.rb +1 -19
- data/lib/generators/active_record/templates/migration_existing.rb +1 -9
- data/lib/generators/devise/views_generator.rb +6 -14
- data/lib/generators/mongoid/devise_generator.rb +43 -0
- data/lib/generators/templates/devise.rb +26 -12
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +1 -1
- data/test/controllers/internal_helpers_test.rb +5 -4
- data/test/devise_test.rb +2 -2
- data/test/failure_app_test.rb +24 -20
- data/test/generators/active_record_generator_test.rb +3 -13
- data/test/generators/views_generator_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +4 -7
- data/test/integration/confirmable_test.rb +55 -3
- data/test/integration/http_authenticatable_test.rb +20 -5
- data/test/integration/lockable_test.rb +26 -14
- data/test/integration/registerable_test.rb +33 -2
- data/test/integration/rememberable_test.rb +0 -50
- data/test/integration/timeoutable_test.rb +18 -4
- data/test/integration/token_authenticatable_test.rb +5 -5
- data/test/integration/trackable_test.rb +6 -6
- data/test/mapping_test.rb +2 -3
- data/test/models/confirmable_test.rb +101 -8
- data/test/models/database_authenticatable_test.rb +6 -0
- data/test/models/encryptable_test.rb +1 -1
- data/test/models/lockable_test.rb +13 -0
- data/test/models/recoverable_test.rb +0 -27
- data/test/models/rememberable_test.rb +41 -160
- data/test/models/serializable_test.rb +1 -1
- data/test/models_test.rb +7 -7
- data/test/rails_app/app/mongoid/admin.rb +22 -1
- data/test/rails_app/app/mongoid/user.rb +35 -0
- data/test/rails_app/config/initializers/devise.rb +6 -7
- data/test/rails_app/config/routes.rb +3 -5
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +58 -12
- data/test/rails_app/lib/shared_admin.rb +6 -2
- data/test/rails_app/log/development.log +13 -0
- data/test/rails_app/log/test.log +319550 -0
- data/test/support/assertions.rb +4 -1
- data/test/support/helpers.rb +0 -17
- data/test/support/integration.rb +3 -1
- data/test/test_helpers_test.rb +2 -2
- data/test/tmp/app/views/devise/_links.erb +25 -0
- data/test/tmp/app/views/devise/confirmations/new.html.erb +15 -0
- data/test/tmp/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/test/tmp/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/test/tmp/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/test/tmp/app/views/devise/passwords/edit.html.erb +19 -0
- data/test/tmp/app/views/devise/passwords/new.html.erb +15 -0
- data/test/tmp/app/views/devise/registrations/edit.html.erb +22 -0
- data/test/tmp/app/views/devise/registrations/new.html.erb +17 -0
- data/test/tmp/app/views/devise/sessions/new.html.erb +15 -0
- data/test/tmp/app/views/devise/unlocks/new.html.erb +15 -0
- data/test/tmp/app/views/users/_links.erb +25 -0
- data/test/tmp/app/views/users/confirmations/new.html.erb +15 -0
- data/test/tmp/app/views/users/mailer/confirmation_instructions.html.erb +5 -0
- data/test/tmp/app/views/users/mailer/reset_password_instructions.html.erb +8 -0
- data/test/tmp/app/views/users/mailer/unlock_instructions.html.erb +7 -0
- data/test/tmp/app/views/users/passwords/edit.html.erb +19 -0
- data/test/tmp/app/views/users/passwords/new.html.erb +15 -0
- data/test/tmp/app/views/users/registrations/edit.html.erb +22 -0
- data/test/tmp/app/views/users/registrations/new.html.erb +17 -0
- data/test/tmp/app/views/users/sessions/new.html.erb +15 -0
- data/test/tmp/app/views/users/unlocks/new.html.erb +15 -0
- metadata +78 -26
- data/.gitignore +0 -12
- data/.travis.yml +0 -13
- data/Gemfile +0 -35
- data/Rakefile +0 -34
- data/devise.gemspec +0 -25
- data/lib/devise/controllers/internal_helpers.rb +0 -154
- data/lib/devise/controllers/shared_helpers.rb +0 -26
- data/test/schema_test.rb +0 -33
|
@@ -25,7 +25,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
test 'authenticate with valid authentication token key but does not store if stateless' do
|
|
28
|
-
swap Devise, :token_authentication_key => :secret_token, :
|
|
28
|
+
swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth] do
|
|
29
29
|
sign_in_as_new_user_with_token
|
|
30
30
|
assert warden.authenticated?(:user)
|
|
31
31
|
|
|
@@ -88,7 +88,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
|
88
88
|
end
|
|
89
89
|
|
|
90
90
|
test 'authenticate with valid authentication token key and do not store if stateless and timeoutable are enabled' do
|
|
91
|
-
swap Devise, :token_authentication_key => :secret_token, :
|
|
91
|
+
swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth], :timeout_in => (0.1).second do
|
|
92
92
|
user = sign_in_as_new_user_with_token
|
|
93
93
|
assert warden.authenticated?(:user)
|
|
94
94
|
|
|
@@ -112,7 +112,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
|
112
112
|
|
|
113
113
|
assert_not_equal user1, user2
|
|
114
114
|
visit users_path(Devise.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
|
|
115
|
-
assert_nil warden.user(:user)
|
|
115
|
+
assert_nil warden.user(:user)
|
|
116
116
|
end
|
|
117
117
|
end
|
|
118
118
|
|
|
@@ -125,7 +125,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
|
125
125
|
options[:auth_token] ||= user.authentication_token
|
|
126
126
|
|
|
127
127
|
if options[:http_auth]
|
|
128
|
-
header = "Basic #{
|
|
128
|
+
header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
|
|
129
129
|
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
|
|
130
130
|
else
|
|
131
131
|
visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
|
|
@@ -145,4 +145,4 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
|
145
145
|
sign_in_as_new_user_with_token(:user => user)
|
|
146
146
|
end
|
|
147
147
|
|
|
148
|
-
end
|
|
148
|
+
end
|
|
@@ -36,11 +36,11 @@ class TrackableHooksTest < ActionController::IntegrationTest
|
|
|
36
36
|
assert_equal "127.0.0.1", user.current_sign_in_ip
|
|
37
37
|
assert_equal "127.0.0.1", user.last_sign_in_ip
|
|
38
38
|
end
|
|
39
|
-
|
|
39
|
+
|
|
40
40
|
test "current remote ip returns original ip behind a non transparent proxy" do
|
|
41
41
|
user = create_user
|
|
42
|
-
|
|
43
|
-
arbitrary_ip = '
|
|
42
|
+
|
|
43
|
+
arbitrary_ip = '200.121.1.69'
|
|
44
44
|
sign_in_as_user do
|
|
45
45
|
header 'HTTP_X_FORWARDED_FOR', arbitrary_ip
|
|
46
46
|
end
|
|
@@ -63,7 +63,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
test "does not update anything if user has signed out along the way" do
|
|
66
|
-
swap Devise, :
|
|
66
|
+
swap Devise, :allow_unconfirmed_access_for => 0 do
|
|
67
67
|
user = create_user(:confirm => false)
|
|
68
68
|
sign_in_as_user
|
|
69
69
|
|
|
@@ -72,7 +72,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
|
|
|
72
72
|
assert_nil user.last_sign_in_at
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
|
-
|
|
75
|
+
|
|
76
76
|
test "do not track if devise.skip_trackable is set" do
|
|
77
77
|
user = create_user
|
|
78
78
|
sign_in_as_user do
|
|
@@ -81,7 +81,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
|
|
|
81
81
|
user.reload
|
|
82
82
|
assert_equal 0, user.sign_in_count
|
|
83
83
|
visit destroy_user_session_path
|
|
84
|
-
|
|
84
|
+
|
|
85
85
|
sign_in_as_user do
|
|
86
86
|
header 'devise.skip_trackable', false
|
|
87
87
|
end
|
data/test/mapping_test.rb
CHANGED
|
@@ -51,12 +51,12 @@ class MappingTest < ActiveSupport::TestCase
|
|
|
51
51
|
|
|
52
52
|
test 'has strategies depending on the model declaration' do
|
|
53
53
|
assert_equal [:rememberable, :token_authenticatable, :database_authenticatable], Devise.mappings[:user].strategies
|
|
54
|
-
assert_equal [:
|
|
54
|
+
assert_equal [:database_authenticatable], Devise.mappings[:admin].strategies
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
test 'has no input strategies depending on the model declaration' do
|
|
58
58
|
assert_equal [:rememberable, :token_authenticatable], Devise.mappings[:user].no_input_strategies
|
|
59
|
-
assert_equal [
|
|
59
|
+
assert_equal [], Devise.mappings[:admin].no_input_strategies
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
test 'find scope for a given object' do
|
|
@@ -108,7 +108,6 @@ class MappingTest < ActiveSupport::TestCase
|
|
|
108
108
|
assert mapping.authenticatable?
|
|
109
109
|
assert mapping.recoverable?
|
|
110
110
|
assert mapping.lockable?
|
|
111
|
-
assert_not mapping.confirmable?
|
|
112
111
|
assert_not mapping.omniauthable?
|
|
113
112
|
end
|
|
114
113
|
|
|
@@ -80,8 +80,8 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
test 'should send confirmation instructions by email' do
|
|
83
|
-
assert_email_sent do
|
|
84
|
-
create_user
|
|
83
|
+
assert_email_sent "mynewuser@example.com" do
|
|
84
|
+
create_user :email => "mynewuser@example.com"
|
|
85
85
|
end
|
|
86
86
|
end
|
|
87
87
|
|
|
@@ -123,7 +123,7 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
123
123
|
|
|
124
124
|
test 'should send email instructions for the user confirm its email' do
|
|
125
125
|
user = create_user
|
|
126
|
-
assert_email_sent do
|
|
126
|
+
assert_email_sent user.email do
|
|
127
127
|
User.send_confirmation_instructions(:email => user.email)
|
|
128
128
|
end
|
|
129
129
|
end
|
|
@@ -164,19 +164,19 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
164
164
|
end
|
|
165
165
|
|
|
166
166
|
test 'confirm time should fallback to devise confirm in default configuration' do
|
|
167
|
-
swap Devise, :
|
|
167
|
+
swap Devise, :allow_unconfirmed_access_for => 1.day do
|
|
168
168
|
user = new_user
|
|
169
169
|
user.confirmation_sent_at = 2.days.ago
|
|
170
170
|
assert_not user.active_for_authentication?
|
|
171
171
|
|
|
172
|
-
Devise.
|
|
172
|
+
Devise.allow_unconfirmed_access_for = 3.days
|
|
173
173
|
assert user.active_for_authentication?
|
|
174
174
|
end
|
|
175
175
|
end
|
|
176
176
|
|
|
177
177
|
test 'should be active when confirmation sent at is not overpast' do
|
|
178
|
-
swap Devise, :
|
|
179
|
-
Devise.
|
|
178
|
+
swap Devise, :allow_unconfirmed_access_for => 5.days do
|
|
179
|
+
Devise.allow_unconfirmed_access_for = 5.days
|
|
180
180
|
user = create_user
|
|
181
181
|
|
|
182
182
|
user.confirmation_sent_at = 4.days.ago
|
|
@@ -198,7 +198,7 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
198
198
|
end
|
|
199
199
|
|
|
200
200
|
test 'should not be active when confirm in is zero' do
|
|
201
|
-
Devise.
|
|
201
|
+
Devise.allow_unconfirmed_access_for = 0.days
|
|
202
202
|
user = create_user
|
|
203
203
|
user.confirmation_sent_at = Date.today
|
|
204
204
|
assert_not user.active_for_authentication?
|
|
@@ -236,3 +236,96 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
236
236
|
end
|
|
237
237
|
end
|
|
238
238
|
end
|
|
239
|
+
|
|
240
|
+
class ReconfirmableTest < ActiveSupport::TestCase
|
|
241
|
+
test 'should not worry about validations on confirm even with reconfirmable' do
|
|
242
|
+
admin = create_admin
|
|
243
|
+
admin.reset_password_token = "a"
|
|
244
|
+
assert admin.confirm!
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
test 'should generate confirmation token after changing email' do
|
|
248
|
+
admin = create_admin
|
|
249
|
+
assert admin.confirm!
|
|
250
|
+
assert_nil admin.confirmation_token
|
|
251
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
252
|
+
assert_not_nil admin.confirmation_token
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
test 'should regenerate confirmation token after changing email' do
|
|
256
|
+
admin = create_admin
|
|
257
|
+
assert admin.confirm!
|
|
258
|
+
assert admin.update_attributes(:email => 'old_test@example.com')
|
|
259
|
+
token = admin.confirmation_token
|
|
260
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
261
|
+
assert_not_equal token, admin.confirmation_token
|
|
262
|
+
end
|
|
263
|
+
|
|
264
|
+
test 'should send confirmation instructions by email after changing email' do
|
|
265
|
+
admin = create_admin
|
|
266
|
+
assert admin.confirm!
|
|
267
|
+
assert_email_sent "new_test@example.com" do
|
|
268
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
269
|
+
end
|
|
270
|
+
end
|
|
271
|
+
|
|
272
|
+
test 'should not send confirmation by email after changing password' do
|
|
273
|
+
admin = create_admin
|
|
274
|
+
assert admin.confirm!
|
|
275
|
+
assert_email_not_sent do
|
|
276
|
+
assert admin.update_attributes(:password => 'newpass', :password_confirmation => 'newpass')
|
|
277
|
+
end
|
|
278
|
+
end
|
|
279
|
+
|
|
280
|
+
test 'should stay confirmed when email is changed' do
|
|
281
|
+
admin = create_admin
|
|
282
|
+
assert admin.confirm!
|
|
283
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
284
|
+
assert admin.confirmed?
|
|
285
|
+
end
|
|
286
|
+
|
|
287
|
+
test 'should update email only when it is confirmed' do
|
|
288
|
+
admin = create_admin
|
|
289
|
+
assert admin.confirm!
|
|
290
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
291
|
+
assert_not_equal 'new_test@example.com', admin.email
|
|
292
|
+
assert admin.confirm!
|
|
293
|
+
assert_equal 'new_test@example.com', admin.email
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
test 'should not allow admin to get past confirmation email by resubmitting their new address' do
|
|
297
|
+
admin = create_admin
|
|
298
|
+
assert admin.confirm!
|
|
299
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
300
|
+
assert_not_equal 'new_test@example.com', admin.email
|
|
301
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
302
|
+
assert_not_equal 'new_test@example.com', admin.email
|
|
303
|
+
end
|
|
304
|
+
|
|
305
|
+
test 'should find a admin by send confirmation instructions with unconfirmed_email' do
|
|
306
|
+
admin = create_admin
|
|
307
|
+
assert admin.confirm!
|
|
308
|
+
assert admin.update_attributes(:email => 'new_test@example.com')
|
|
309
|
+
confirmation_admin = Admin.send_confirmation_instructions(:email => admin.unconfirmed_email)
|
|
310
|
+
assert_equal confirmation_admin, admin
|
|
311
|
+
end
|
|
312
|
+
|
|
313
|
+
test 'should return a new admin if no email or unconfirmed_email was found' do
|
|
314
|
+
confirmation_admin = Admin.send_confirmation_instructions(:email => "invalid@email.com")
|
|
315
|
+
assert_not confirmation_admin.persisted?
|
|
316
|
+
end
|
|
317
|
+
|
|
318
|
+
test 'should add error to new admin email if no email or unconfirmed_email was found' do
|
|
319
|
+
confirmation_admin = Admin.send_confirmation_instructions(:email => "invalid@email.com")
|
|
320
|
+
assert confirmation_admin.errors[:email]
|
|
321
|
+
assert_equal "not found", confirmation_admin.errors[:email].join
|
|
322
|
+
end
|
|
323
|
+
|
|
324
|
+
test 'should find admin with email in unconfirmed_emails' do
|
|
325
|
+
admin = create_admin
|
|
326
|
+
admin.unconfirmed_email = "new_test@email.com"
|
|
327
|
+
assert admin.save
|
|
328
|
+
admin = Admin.find_by_unconfirmed_email_with_errors(:email => "new_test@email.com")
|
|
329
|
+
assert admin.persisted?
|
|
330
|
+
end
|
|
331
|
+
end
|
|
@@ -28,6 +28,12 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
|
|
|
28
28
|
assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
test "param filter should not convert regular expressions to strings" do
|
|
32
|
+
conditions = { "regexp" => /expression/ }
|
|
33
|
+
conditions = Devise::ParamFilter.new([], []).filter(conditions)
|
|
34
|
+
assert_equal( { "regexp" => /expression/ }, conditions)
|
|
35
|
+
end
|
|
36
|
+
|
|
31
37
|
test 'should respond to password and password confirmation' do
|
|
32
38
|
user = new_user
|
|
33
39
|
assert user.respond_to?(:password)
|
|
@@ -31,7 +31,7 @@ class EncryptableTest < ActiveSupport::TestCase
|
|
|
31
31
|
|
|
32
32
|
test 'should generate a base64 hash using SecureRandom for password salt' do
|
|
33
33
|
swap_with_encryptor Admin, :sha1 do
|
|
34
|
-
SecureRandom.expects(:base64).with(15).returns('01lI')
|
|
34
|
+
SecureRandom.expects(:base64).with(15).returns('01lI').twice
|
|
35
35
|
salt = create_admin.password_salt
|
|
36
36
|
assert_not_equal '01lI', salt
|
|
37
37
|
assert_equal 4, salt.size
|
|
@@ -23,6 +23,19 @@ class LockableTest < ActiveSupport::TestCase
|
|
|
23
23
|
assert_equal 0, user.reload.failed_attempts
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
+
test "should increment failed_attempts on successfull validation if the user is already locked" do
|
|
27
|
+
user = create_user
|
|
28
|
+
user.confirm!
|
|
29
|
+
|
|
30
|
+
swap Devise, :maximum_attempts => 2 do
|
|
31
|
+
3.times { user.valid_for_authentication?{ false } }
|
|
32
|
+
assert user.reload.access_locked?
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
user.valid_for_authentication?{ true }
|
|
36
|
+
assert_equal 4, user.reload.failed_attempts
|
|
37
|
+
end
|
|
38
|
+
|
|
26
39
|
test "should not touch failed_attempts if lock_strategy is none" do
|
|
27
40
|
user = create_user
|
|
28
41
|
user.confirm!
|
|
@@ -195,31 +195,4 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
|
195
195
|
assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
|
|
196
196
|
end
|
|
197
197
|
end
|
|
198
|
-
|
|
199
|
-
test 'should save the model when the reset_password_sent_at doesnt exist' do
|
|
200
|
-
user = create_user
|
|
201
|
-
def user.respond_to?(meth, *)
|
|
202
|
-
if meth == :reset_password_sent_at=
|
|
203
|
-
false
|
|
204
|
-
else
|
|
205
|
-
super
|
|
206
|
-
end
|
|
207
|
-
end
|
|
208
|
-
user.send_reset_password_instructions
|
|
209
|
-
user.reload
|
|
210
|
-
assert_not_nil user.reset_password_token
|
|
211
|
-
end
|
|
212
|
-
|
|
213
|
-
test 'should have valid period if does not respond to reset_password_sent_at' do
|
|
214
|
-
user = create_user
|
|
215
|
-
def user.respond_to?(meth, *)
|
|
216
|
-
if meth == :reset_password_sent_at
|
|
217
|
-
false
|
|
218
|
-
else
|
|
219
|
-
super
|
|
220
|
-
end
|
|
221
|
-
end
|
|
222
|
-
assert user.reset_password_period_valid?
|
|
223
|
-
end
|
|
224
|
-
|
|
225
198
|
end
|
|
@@ -1,7 +1,46 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
class RememberableTest < ActiveSupport::TestCase
|
|
4
|
+
def resource_class
|
|
5
|
+
User
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def create_resource
|
|
9
|
+
create_user
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
test 'remember_me should not generate a new token if using salt' do
|
|
13
|
+
user = create_user
|
|
14
|
+
user.expects(:valid?).never
|
|
15
|
+
user.remember_me!
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
test 'forget_me should not clear remember token if using salt' do
|
|
19
|
+
user = create_user
|
|
20
|
+
user.remember_me!
|
|
21
|
+
user.expects(:valid?).never
|
|
22
|
+
user.forget_me!
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
test 'serialize into cookie' do
|
|
26
|
+
user = create_user
|
|
27
|
+
user.remember_me!
|
|
28
|
+
assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
test 'serialize from cookie' do
|
|
32
|
+
user = create_user
|
|
33
|
+
user.remember_me!
|
|
34
|
+
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
test 'raises a RuntimeError if authenticatable_salt is nil' do
|
|
38
|
+
user = User.new
|
|
39
|
+
user.encrypted_password = nil
|
|
40
|
+
assert_raise RuntimeError do
|
|
41
|
+
user.rememberable_value
|
|
42
|
+
end
|
|
43
|
+
end
|
|
5
44
|
|
|
6
45
|
test 'should respond to remember_me attribute' do
|
|
7
46
|
assert resource_class.new.respond_to?(:remember_me)
|
|
@@ -127,161 +166,3 @@ module SharedRememberableTest
|
|
|
127
166
|
end
|
|
128
167
|
end
|
|
129
168
|
end
|
|
130
|
-
|
|
131
|
-
class RememberableTest < ActiveSupport::TestCase
|
|
132
|
-
include SharedRememberableTest
|
|
133
|
-
|
|
134
|
-
def resource_class
|
|
135
|
-
Admin
|
|
136
|
-
end
|
|
137
|
-
|
|
138
|
-
def create_resource
|
|
139
|
-
create_admin
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
test 'remember_me should generate a new token and save the record without validating' do
|
|
143
|
-
admin = create_admin
|
|
144
|
-
admin.expects(:valid?).never
|
|
145
|
-
token = admin.remember_token
|
|
146
|
-
admin.remember_me!
|
|
147
|
-
assert_not_equal token, admin.remember_token
|
|
148
|
-
assert_not admin.changed?
|
|
149
|
-
end
|
|
150
|
-
|
|
151
|
-
test 'forget_me should clear remember token and save the record without validating' do
|
|
152
|
-
admin = create_admin
|
|
153
|
-
admin.remember_me!
|
|
154
|
-
assert_not admin.remember_token.nil?
|
|
155
|
-
admin.expects(:valid?).never
|
|
156
|
-
admin.forget_me!
|
|
157
|
-
assert admin.remember_token.nil?
|
|
158
|
-
assert_not admin.changed?
|
|
159
|
-
end
|
|
160
|
-
|
|
161
|
-
test 'serialize into cookie' do
|
|
162
|
-
admin = create_admin
|
|
163
|
-
admin.remember_me!
|
|
164
|
-
assert_equal [admin.to_key, admin.remember_token], Admin.serialize_into_cookie(admin)
|
|
165
|
-
end
|
|
166
|
-
|
|
167
|
-
test 'serialize from cookie' do
|
|
168
|
-
admin = create_admin
|
|
169
|
-
admin.remember_me!
|
|
170
|
-
assert_equal admin, Admin.serialize_from_cookie(admin.to_key, admin.remember_token)
|
|
171
|
-
end
|
|
172
|
-
|
|
173
|
-
test 'if remember_across_browsers is true, remember_me! should create a new token if no token exists' do
|
|
174
|
-
swap Devise, :remember_across_browsers => true, :remember_for => 1.year do
|
|
175
|
-
admin = create_admin
|
|
176
|
-
assert_equal nil, admin.remember_token
|
|
177
|
-
admin.remember_me!
|
|
178
|
-
assert_not_equal nil, admin.remember_token
|
|
179
|
-
end
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
test 'if remember_across_browsers is true, remember_me! should create a new token if a token exists but has expired' do
|
|
183
|
-
swap Devise, :remember_across_browsers => true, :remember_for => 1.day do
|
|
184
|
-
admin = create_admin
|
|
185
|
-
admin.remember_me!
|
|
186
|
-
admin.remember_created_at = 2.days.ago
|
|
187
|
-
admin.save
|
|
188
|
-
token = admin.remember_token
|
|
189
|
-
admin.remember_me!
|
|
190
|
-
assert_not_equal token, admin.remember_token
|
|
191
|
-
end
|
|
192
|
-
end
|
|
193
|
-
|
|
194
|
-
test 'if remember_across_browsers is true, remember_me! should not create a new token if a token exists and has not expired' do
|
|
195
|
-
swap Devise, :remember_across_browsers => true, :remember_for => 2.days do
|
|
196
|
-
admin = create_admin
|
|
197
|
-
admin.remember_me!
|
|
198
|
-
admin.remember_created_at = 1.day.ago
|
|
199
|
-
admin.save
|
|
200
|
-
token = admin.remember_token
|
|
201
|
-
admin.remember_me!
|
|
202
|
-
assert_equal token, admin.remember_token
|
|
203
|
-
end
|
|
204
|
-
end
|
|
205
|
-
|
|
206
|
-
test 'if remember_across_browsers is false, remember_me! should create a new token if no token exists' do
|
|
207
|
-
swap Devise, :remember_across_browsers => false do
|
|
208
|
-
admin = create_admin
|
|
209
|
-
assert_equal nil, admin.remember_token
|
|
210
|
-
admin.remember_me!
|
|
211
|
-
assert_not_equal nil, admin.remember_token
|
|
212
|
-
end
|
|
213
|
-
end
|
|
214
|
-
|
|
215
|
-
test 'if remember_across_browsers is false, remember_me! should create a new token if a token exists but has expired' do
|
|
216
|
-
swap Devise, :remember_across_browsers => false, :remember_for => 1.day do
|
|
217
|
-
admin = create_admin
|
|
218
|
-
admin.remember_me!
|
|
219
|
-
admin.remember_created_at = 2.days.ago
|
|
220
|
-
admin.save
|
|
221
|
-
token = admin.remember_token
|
|
222
|
-
admin.remember_me!
|
|
223
|
-
assert_not_equal token, admin.remember_token
|
|
224
|
-
end
|
|
225
|
-
end
|
|
226
|
-
|
|
227
|
-
test 'if remember_across_browsers is false, remember_me! should create a new token if a token exists and has not expired' do
|
|
228
|
-
swap Devise, :remember_across_browsers => false, :remember_for => 2.days do
|
|
229
|
-
admin = create_admin
|
|
230
|
-
admin.remember_me!
|
|
231
|
-
admin.remember_created_at = 1.day.ago
|
|
232
|
-
admin.save
|
|
233
|
-
token = admin.remember_token
|
|
234
|
-
admin.remember_me!
|
|
235
|
-
assert_not_equal token, admin.remember_token
|
|
236
|
-
end
|
|
237
|
-
end
|
|
238
|
-
end
|
|
239
|
-
|
|
240
|
-
class WithSaltRememberableTest < ActiveSupport::TestCase
|
|
241
|
-
include SharedRememberableTest
|
|
242
|
-
|
|
243
|
-
setup do
|
|
244
|
-
assert_not User.new.respond_to?(:remember_token)
|
|
245
|
-
end
|
|
246
|
-
|
|
247
|
-
def resource_class
|
|
248
|
-
User
|
|
249
|
-
end
|
|
250
|
-
|
|
251
|
-
def create_resource
|
|
252
|
-
create_user
|
|
253
|
-
end
|
|
254
|
-
|
|
255
|
-
test 'remember_me should not generate a new token if using salt' do
|
|
256
|
-
user = create_user
|
|
257
|
-
user.expects(:valid?).never
|
|
258
|
-
user.remember_me!
|
|
259
|
-
end
|
|
260
|
-
|
|
261
|
-
test 'forget_me should not clear remember token if using salt' do
|
|
262
|
-
user = create_user
|
|
263
|
-
user.remember_me!
|
|
264
|
-
user.expects(:valid?).never
|
|
265
|
-
user.forget_me!
|
|
266
|
-
end
|
|
267
|
-
|
|
268
|
-
test 'serialize into cookie' do
|
|
269
|
-
user = create_user
|
|
270
|
-
user.remember_me!
|
|
271
|
-
assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
|
|
272
|
-
end
|
|
273
|
-
|
|
274
|
-
test 'serialize from cookie' do
|
|
275
|
-
user = create_user
|
|
276
|
-
user.remember_me!
|
|
277
|
-
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
|
|
278
|
-
end
|
|
279
|
-
|
|
280
|
-
test 'raises a RuntimeError if authenticatable_salt is nil' do
|
|
281
|
-
user = User.new
|
|
282
|
-
user.encrypted_password = nil
|
|
283
|
-
assert_raise RuntimeError do
|
|
284
|
-
user.rememberable_value
|
|
285
|
-
end
|
|
286
|
-
end
|
|
287
|
-
end
|
|
@@ -16,7 +16,7 @@ class SerializableTest < ActiveSupport::TestCase
|
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
test 'should include unsafe keys on XML if a force_except is provided' do
|
|
19
|
-
assert_no_match
|
|
19
|
+
assert_no_match /<email/, @user.to_xml(:force_except => :email)
|
|
20
20
|
assert_match /confirmation-token/, @user.to_xml(:force_except => :email)
|
|
21
21
|
end
|
|
22
22
|
|
data/test/models_test.rb
CHANGED
|
@@ -2,7 +2,7 @@ require 'test_helper'
|
|
|
2
2
|
|
|
3
3
|
class Configurable < User
|
|
4
4
|
devise :database_authenticatable, :encryptable, :confirmable, :rememberable, :timeoutable, :lockable,
|
|
5
|
-
:stretches => 15, :pepper => 'abcdef', :
|
|
5
|
+
:stretches => 15, :pepper => 'abcdef', :allow_unconfirmed_access_for => 5.days,
|
|
6
6
|
:remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
|
|
7
7
|
end
|
|
8
8
|
|
|
@@ -39,7 +39,7 @@ class ActiveRecordTest < ActiveSupport::TestCase
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
test 'can cherry pick modules' do
|
|
42
|
-
assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :
|
|
42
|
+
assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :encryptable, :confirmable
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
test 'validations options are not applied too late' do
|
|
@@ -55,12 +55,12 @@ class ActiveRecordTest < ActiveSupport::TestCase
|
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
test 'chosen modules are inheritable' do
|
|
58
|
-
assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :
|
|
58
|
+
assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :encryptable, :confirmable
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
test 'order of module inclusion' do
|
|
62
|
-
correct_module_order = [:database_authenticatable, :
|
|
63
|
-
incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :encryptable, :
|
|
62
|
+
correct_module_order = [:database_authenticatable, :encryptable, :recoverable, :registerable, :confirmable, :lockable, :timeoutable]
|
|
63
|
+
incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :encryptable, :confirmable]
|
|
64
64
|
|
|
65
65
|
assert_include_modules Admin, *incorrect_module_order
|
|
66
66
|
|
|
@@ -87,8 +87,8 @@ class ActiveRecordTest < ActiveSupport::TestCase
|
|
|
87
87
|
assert_equal 'abcdef', Configurable.pepper
|
|
88
88
|
end
|
|
89
89
|
|
|
90
|
-
test 'set a default value for
|
|
91
|
-
assert_equal 5.days, Configurable.
|
|
90
|
+
test 'set a default value for allow_unconfirmed_access_for' do
|
|
91
|
+
assert_equal 5.days, Configurable.allow_unconfirmed_access_for
|
|
92
92
|
end
|
|
93
93
|
|
|
94
94
|
test 'set a default value for remember_for' do
|
|
@@ -5,5 +5,26 @@ class Admin
|
|
|
5
5
|
include Shim
|
|
6
6
|
include SharedAdmin
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
## Database authenticatable
|
|
9
|
+
field :email, :type => String, :null => true
|
|
10
|
+
field :encrypted_password, :type => String, :null => true
|
|
11
|
+
|
|
12
|
+
## Recoverable
|
|
13
|
+
field :reset_password_token, :type => String
|
|
14
|
+
field :reset_password_sent_at, :type => Time
|
|
15
|
+
|
|
16
|
+
## Rememberable
|
|
17
|
+
field :remember_created_at, :type => Time
|
|
18
|
+
|
|
19
|
+
## Confirmable
|
|
20
|
+
field :confirmation_token, :type => String
|
|
21
|
+
field :confirmed_at, :type => Time
|
|
22
|
+
field :confirmation_sent_at, :type => Time
|
|
23
|
+
field :unconfirmed_email, :type => String # Only if using reconfirmable
|
|
24
|
+
|
|
25
|
+
## Encryptable
|
|
26
|
+
field :password_salt, :type => String
|
|
27
|
+
|
|
28
|
+
## Lockable
|
|
29
|
+
field :locked_at, :type => Time
|
|
9
30
|
end
|
|
@@ -7,4 +7,39 @@ class User
|
|
|
7
7
|
|
|
8
8
|
field :username, :type => String
|
|
9
9
|
field :facebook_token, :type => String
|
|
10
|
+
|
|
11
|
+
## Database authenticatable
|
|
12
|
+
field :email, :type => String, :null => false, :default => ""
|
|
13
|
+
field :encrypted_password, :type => String, :null => false, :default => ""
|
|
14
|
+
|
|
15
|
+
## Recoverable
|
|
16
|
+
field :reset_password_token, :type => String
|
|
17
|
+
field :reset_password_sent_at, :type => Time
|
|
18
|
+
|
|
19
|
+
## Rememberable
|
|
20
|
+
field :remember_created_at, :type => Time
|
|
21
|
+
|
|
22
|
+
## Trackable
|
|
23
|
+
field :sign_in_count, :type => Integer, :default => 0
|
|
24
|
+
field :current_sign_in_at, :type => Time
|
|
25
|
+
field :last_sign_in_at, :type => Time
|
|
26
|
+
field :current_sign_in_ip, :type => String
|
|
27
|
+
field :last_sign_in_ip, :type => String
|
|
28
|
+
|
|
29
|
+
## Encryptable
|
|
30
|
+
# field :password_salt, :type => String
|
|
31
|
+
|
|
32
|
+
## Confirmable
|
|
33
|
+
field :confirmation_token, :type => String
|
|
34
|
+
field :confirmed_at, :type => Time
|
|
35
|
+
field :confirmation_sent_at, :type => Time
|
|
36
|
+
# field :unconfirmed_email, :type => String # Only if using reconfirmable
|
|
37
|
+
|
|
38
|
+
## Lockable
|
|
39
|
+
field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts
|
|
40
|
+
field :unlock_token, :type => String # Only if unlock strategy is :email or :both
|
|
41
|
+
field :locked_at, :type => Time
|
|
42
|
+
|
|
43
|
+
## Token authenticatable
|
|
44
|
+
field :authentication_token, :type => String
|
|
10
45
|
end
|