devise 2.0.6 → 2.1.0.rc

data/lib/generators/templates/simple_form_for/sessions/new.html.erb

@@ -12,4 +12,4 @@
   </div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/lib/generators/templates/simple_form_for/unlocks/new.html.erb

@@ -12,4 +12,4 @@
   </div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/test/generators/views_generator_test.rb

@@ -46,7 +46,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
     assert_file "app/views/#{scope}/registrations/new.html.erb"
     assert_file "app/views/#{scope}/registrations/edit.html.erb"
     assert_file "app/views/#{scope}/sessions/new.html.erb"
+    assert_file "app/views/#{scope}/shared/_links.erb"
     assert_file "app/views/#{scope}/unlocks/new.html.erb"
-    assert_file "app/views/#{scope}/_links.erb"
   end
 end

data/test/integration/omniauthable_test.rb

@@ -118,7 +118,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     OmniAuth.config.mock_auth[:facebook] = :access_denied
     visit "/users/auth/facebook/callback?error=access_denied"
     assert_current_url "/users/sign_in"
-    assert_contain 'Could not authorize you from Facebook because "Access denied".'
+    assert_contain 'Could not authenticate you from Facebook because "Access denied".'
   end
 
   test "handles other exceptions from omniauth" do
@@ -128,6 +128,6 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     click_link "Sign in with Facebook"
 
     assert_current_url "/users/sign_in"
-    assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
+    assert_contain 'Could not authenticate you from Facebook because "Invalid credentials".'
   end
 end

data/test/integration/recoverable_test.rb

@@ -195,6 +195,15 @@ class PasswordTest < ActionController::IntegrationTest
     assert !warden.authenticated?(:user)
   end
 
+  test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
+    user = create_user(:confirm => false)
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+    assert user.reload.confirmed?
+  end
+
   test 'reset password request with valid E-Mail in XML format should return valid response' do
     create_user
     post user_password_path(:format => 'xml'), :user => {:email => "user@test.com"}

data/test/models/authenticatable_test.rb

@@ -1,9 +1,7 @@
 require 'test_helper'
 
 class AuthenticatableTest < ActiveSupport::TestCase
-  test 'find_first_by_auth_conditions allows custom filtering parameters' do
-    user = User.create!(:email => "example@example.com", :password => "123456")
-    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user
-    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id + 1), nil
+  test 'required_fields should be an empty array' do
+    assert_equal Devise::Models::Validatable.required_fields(User), []
   end
-end
+end

data/test/models/confirmable_test.rb

@@ -252,6 +252,15 @@ class ReconfirmableTest < ActiveSupport::TestCase
     assert_not_nil admin.confirmation_token
   end
 
+  test 'should not generate confirmation token if skipping reconfirmation after changing email' do
+    admin = create_admin
+    assert admin.confirm!
+    admin.skip_reconfirmation!
+    assert admin.update_attributes(:email => 'new_test@example.com')
+    assert_nil admin.confirmation_token
+  end
+
+
   test 'should regenerate confirmation token after changing email' do
     admin = create_admin
     assert admin.confirm!
@@ -328,4 +337,21 @@ class ReconfirmableTest < ActiveSupport::TestCase
     admin = Admin.find_by_unconfirmed_email_with_errors(:email => "new_test@email.com")
     assert admin.persisted?
   end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Confirmable.required_fields(User), [
+      :confirmation_sent_at,
+      :confirmation_token,
+      :confirmed_at
+    ]
+  end
+
+  test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do
+    assert_same_content Devise::Models::Confirmable.required_fields(Admin), [
+      :confirmation_sent_at,
+      :confirmation_token,
+      :confirmed_at,
+      :unconfirmed_email
+    ]
+  end
 end

data/test/models/database_authenticatable_test.rb

@@ -11,7 +11,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     user.save!
     assert_equal email.downcase, user.email
   end
-  
+
   test 'should remove whitespace from strip whitespace keys when saving' do
     # strip_whitespace_keys is set to :email by default.
     email = ' foo@bar.com '
@@ -23,9 +23,15 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test "param filter should not convert booleans and integer to strings" do
-    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = Devise::ParamFilter.new([], []).filter(conditions)
+    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
+  end
+
+  test "param filter should not convert regular expressions to strings" do
+    conditions = { "regexp" => /expression/ }
     conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
+    assert_equal( { "regexp" => /expression/ }, conditions)
   end
 
   test 'should respond to password and password confirmation' do
@@ -86,14 +92,14 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('pass321')
   end
-  
+
   test 'should update password with valid current password and :as option' do
     user = create_user
     assert user.update_with_password(:current_password => '123456',
       :password => 'pass321', :password_confirmation => 'pass321', :as => :admin)
     assert user.reload.valid_password?('pass321')
   end
-  
+
   test 'should add an error to current password when it is invalid' do
     user = create_user
     assert_not user.update_with_password(:current_password => 'other',
@@ -145,7 +151,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     user.update_without_password(:email => 'new@example.com')
     assert_equal 'new@example.com', user.email
   end
-  
+
   test 'should update the user without password with :as option' do
     user = create_user
     user.update_without_password(:email => 'new@example.com', :as => :admin)
@@ -164,4 +170,20 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     user = User.create(:email => "HEllO@example.com", :password => "123456")
     assert !user.valid?
   end
-end
+
+  test 'required_fiels should be encryptable_password and the email field by default' do
+    assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [
+      :email,
+      :encrypted_password
+    ]
+  end
+
+  test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do
+    swap Devise, :authentication_keys => [:login] do
+      assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [
+        :encrypted_password,
+        :login
+      ]
+    end
+  end
+end

data/test/models/encryptable_test.rb

@@ -64,4 +64,10 @@ class EncryptableTest < ActiveSupport::TestCase
     admin.save
     assert_not admin.valid_password?('123456')
   end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Encryptable.required_fields(User), [
+      :password_salt
+    ]
+  end
 end

data/test/models/lockable_test.rb

@@ -235,4 +235,38 @@ class LockableTest < ActiveSupport::TestCase
       assert_nil user.locked_at
     end
   end
+
+  test 'required_fields should contain the all the fields when all the strategies are enabled' do
+    swap Devise, :unlock_strategy => :both do
+      swap Devise, :lock_strategy => :failed_attempts do
+        assert_same_content Devise::Models::Lockable.required_fields(User), [
+         :failed_attempts,
+         :unlock_at,
+         :unlock_token
+        ]
+      end
+    end
+  end
+
+  test 'required_fields should contain only failed_attempts and unlock_at when the strategies are time and failed_attempts are enabled' do
+    swap Devise, :unlock_strategy => :time do
+      swap Devise, :lock_strategy => :failed_attempts do
+        assert_same_content Devise::Models::Lockable.required_fields(User), [
+         :failed_attempts,
+         :unlock_at
+        ]
+      end
+    end
+  end
+
+  test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do
+    swap Devise, :unlock_strategy => :email do
+      swap Devise, :lock_strategy => :failed_attempts do
+        assert_same_content Devise::Models::Lockable.required_fields(User), [
+         :failed_attempts,
+         :unlock_token
+        ]
+      end
+    end
+  end
 end

data/test/models/omniauthable_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class OmniauthableTest < ActiveSupport::TestCase
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Omniauthable.required_fields(User), []
+  end
+end

data/test/models/recoverable_test.rb

@@ -195,4 +195,11 @@ class RecoverableTest < ActiveSupport::TestCase
       assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
     end
   end
-end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Recoverable.required_fields(User), [
+      :reset_password_sent_at,
+      :reset_password_token
+    ]
+  end
+end

data/test/models/registerable_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class RegisterableTest < ActiveSupport::TestCase
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Registerable.required_fields(User), []
+  end
+end

data/test/models/rememberable_test.rb

@@ -54,7 +54,7 @@ class RememberableTest < ActiveSupport::TestCase
     resource.forget_me!
     assert resource.remember_created_at.nil?
   end
-  
+
   test 'forget_me should not try to update resource if it has been destroyed' do
     resource = create_resource
     resource.destroy
@@ -165,4 +165,11 @@ class RememberableTest < ActiveSupport::TestCase
       assert_not_equal old, resource.remember_created_at
     end
   end
+
+  test 'should have the required_fiels array' do
+    assert_same_content Devise::Models::Rememberable.required_fields(User), [
+      :remember_created_at,
+      :remember_token
+    ]
+  end
 end

data/test/models/timeoutable_test.rb

@@ -39,4 +39,8 @@ class TimeoutableTest < ActiveSupport::TestCase
       assert user.timedout?(6.minutes.ago)
     end
   end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Timeoutable.required_fields(User), []
+  end
 end

data/test/models/token_authenticatable_test.rb

@@ -46,4 +46,10 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
     user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})
     assert_nil user
   end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::TokenAuthenticatable.required_fields(User), [
+      :authentication_token
+    ]
+  end
 end

data/test/models/trackable_test.rb

@@ -1,5 +1,13 @@
 require 'test_helper'
 
 class TrackableTest < ActiveSupport::TestCase
-
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Trackable.required_fields(User), [
+      :current_sign_in_at,
+      :current_sign_in_ip,
+      :last_sign_in_at,
+      :last_sign_in_ip,
+      :sign_in_count
+    ]
+  end
 end

data/test/models/validatable_test.rb

@@ -105,9 +105,13 @@ class ValidatableTest < ActiveSupport::TestCase
     assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
   end
 
-  test 'shuold not be included in objects with invalid API' do
+  test 'should not be included in objects with invalid API' do
     assert_raise RuntimeError do
       Class.new.send :include, Devise::Models::Validatable
     end
   end
+
+  test 'required_fields should be an empty array' do
+    assert_equal Devise::Models::Validatable.required_fields(User), []
+  end
 end

data/test/models_test.rb

@@ -107,3 +107,73 @@ class ActiveRecordTest < ActiveSupport::TestCase
     Admin.create!
   end
 end
+
+class CheckFieldsTest < ActiveSupport::TestCase
+  test 'checks if the class respond_to the required fields' do
+    Player = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+
+      attr_accessor :encrypted_password, :email
+    end
+
+    assert_nothing_raised Devise::Models::MissingAttribute do
+      Devise::Models.check_fields!(Player)
+    end
+  end
+
+  test 'raises Devise::Models::MissingAtrribute and shows the missing attribute if the class doesn\'t respond_to one of the attributes' do
+    Clown = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+
+      attr_accessor :encrypted_password
+    end
+
+    assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: email" do
+      Devise::Models.check_fields!(Clown)
+    end
+  end
+
+  test 'raises Devise::Models::MissingAtrribute with all the missing attributes if there is more than one' do
+    Magician = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+    end
+
+    exception = assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: encrypted_password, email" do
+      Devise::Models.check_fields!(Magician)
+    end
+  end
+
+  test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do
+     driver = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      attr_accessor :encrypted_password, :email
+
+      devise :database_authenticatable
+    end
+
+    swap_module_method_existence Devise::Models::DatabaseAuthenticatable, :required_fields do
+      assert_deprecated do
+        Devise::Models.check_fields!(driver)
+      end
+    end
+  end
+end

data/test/rails_app/config/routes.rb

@@ -58,6 +58,10 @@ Rails.application.routes.draw do
   # Other routes for routing_test.rb
   devise_for :reader, :class_name => "User", :only => :passwords
 
+  scope :host => "sub.example.com" do
+    devise_for :sub_admin, :class_name => "Admin"
+  end
+
   namespace :publisher, :path_names => { :sign_in => "i_dont_care", :sign_out => "get_out" } do
     devise_for :accounts, :class_name => "Admin", :path_names => { :sign_in => "get_in" }
   end

data/test/routes_test.rb

@@ -128,6 +128,10 @@ class CustomizedRoutingTest < ActionController::TestCase
     end
   end
 
+  test 'subdomain admin' do
+    assert_recognizes({"host"=>"sub.example.com", :controller => 'devise/sessions', :action => 'new'}, {:host => "sub.example.com", :path => '/sub_admin/sign_in', :method => :get})
+  end
+
   test 'does only map reader password' do
     assert_raise ActionController::RoutingError do
       assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new')

data/test/support/assertions.rb

@@ -24,4 +24,19 @@ class ActiveSupport::TestCase
   def assert_email_not_sent(&block)
     assert_no_difference('ActionMailer::Base.deliveries.size') { yield }
   end
+
+  def assert_same_content(result, expected)
+    assert expected.size == result.size, "the arrays doesn't have the same size"
+    expected.each do |element|
+      assert result.include?(element), "The array doesn't include '#{element}'."
+    end
+  end
+
+  def assert_raise_with_message(exception_klass, message)
+    exception = assert_raise exception_klass do
+      yield
+    end
+
+    assert_equal exception.message, message, "The expected message was #{message} but your exception throwed #{exception.message}"
+  end
 end