devise 2.1.2 → 3.5.10
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +39 -10
- data/.yardopts +9 -0
- data/{CHANGELOG.rdoc → CHANGELOG.md} +445 -112
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +16 -0
- data/Gemfile +10 -15
- data/Gemfile.lock +151 -129
- data/MIT-LICENSE +1 -1
- data/README.md +256 -96
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +15 -7
- data/app/controllers/devise/omniauth_callbacks_controller.rb +6 -2
- data/app/controllers/devise/passwords_controller.rb +33 -9
- data/app/controllers/devise/registrations_controller.rb +66 -26
- data/app/controllers/devise/sessions_controller.rb +52 -21
- data/app/controllers/devise/unlocks_controller.rb +11 -6
- data/app/controllers/devise_controller.rb +65 -58
- data/app/helpers/devise_helper.rb +2 -2
- data/app/mailers/devise/mailer.rb +19 -10
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +2 -2
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +2 -2
- data/app/views/devise/mailer/unlock_instructions.html.erb +2 -2
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +29 -15
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +4 -4
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/config/locales/en.yml +51 -47
- data/devise.gemspec +8 -6
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-3.2-stable +29 -0
- data/gemfiles/Gemfile.rails-3.2-stable.lock +172 -0
- data/gemfiles/Gemfile.rails-4.0-stable +30 -0
- data/gemfiles/Gemfile.rails-4.0-stable.lock +166 -0
- data/gemfiles/Gemfile.rails-4.1-stable +30 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +30 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +193 -0
- data/lib/devise/controllers/helpers.rb +126 -108
- data/lib/devise/controllers/rememberable.rb +19 -17
- data/lib/devise/controllers/scoped_views.rb +1 -1
- data/lib/devise/controllers/sign_in_out.rb +96 -0
- data/lib/devise/controllers/store_location.rb +58 -0
- data/lib/devise/controllers/url_helpers.rb +7 -7
- data/lib/devise/encryptor.rb +22 -0
- data/lib/devise/failure_app.rb +85 -25
- data/lib/devise/hooks/activatable.rb +5 -6
- data/lib/devise/hooks/csrf_cleaner.rb +7 -0
- data/lib/devise/hooks/forgetable.rb +1 -1
- data/lib/devise/hooks/lockable.rb +2 -2
- data/lib/devise/hooks/proxy.rb +21 -0
- data/lib/devise/hooks/rememberable.rb +5 -4
- data/lib/devise/hooks/timeoutable.rb +16 -8
- data/lib/devise/hooks/trackable.rb +1 -1
- data/lib/devise/mailers/helpers.rb +27 -23
- data/lib/devise/mapping.rb +11 -7
- data/lib/devise/models/authenticatable.rb +82 -66
- data/lib/devise/models/confirmable.rb +142 -55
- data/lib/devise/models/database_authenticatable.rb +59 -15
- data/lib/devise/models/lockable.rb +41 -30
- data/lib/devise/models/omniauthable.rb +3 -3
- data/lib/devise/models/recoverable.rb +56 -41
- data/lib/devise/models/rememberable.rb +65 -27
- data/lib/devise/models/timeoutable.rb +2 -8
- data/lib/devise/models/trackable.rb +6 -4
- data/lib/devise/models/validatable.rb +9 -9
- data/lib/devise/models.rb +4 -13
- data/lib/devise/modules.rb +10 -11
- data/lib/devise/omniauth/url_helpers.rb +2 -2
- data/lib/devise/orm/active_record.rb +1 -1
- data/lib/devise/orm/mongoid.rb +1 -1
- data/lib/devise/{param_filter.rb → parameter_filter.rb} +10 -11
- data/lib/devise/parameter_sanitizer.rb +99 -0
- data/lib/devise/rails/routes.rb +173 -115
- data/lib/devise/rails/warden_compat.rb +10 -31
- data/lib/devise/rails.rb +14 -12
- data/lib/devise/strategies/authenticatable.rb +26 -26
- data/lib/devise/strategies/base.rb +1 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -4
- data/lib/devise/strategies/rememberable.rb +15 -5
- data/lib/devise/test_helpers.rb +7 -5
- data/lib/devise/time_inflector.rb +14 -0
- data/lib/devise/token_generator.rb +70 -0
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +110 -52
- data/lib/generators/active_record/devise_generator.rb +34 -18
- data/lib/generators/active_record/templates/migration.rb +5 -6
- data/lib/generators/active_record/templates/migration_existing.rb +5 -6
- data/lib/generators/devise/controllers_generator.rb +44 -0
- data/lib/generators/devise/devise_generator.rb +5 -3
- data/lib/generators/devise/install_generator.rb +5 -0
- data/lib/generators/devise/orm_helpers.rb +25 -6
- data/lib/generators/devise/views_generator.rb +52 -22
- data/lib/generators/mongoid/devise_generator.rb +21 -26
- data/lib/generators/templates/README +9 -5
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
- data/lib/generators/templates/devise.rb +80 -43
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +2 -2
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +2 -2
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +3 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +11 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +3 -2
- data/script/cached-bundle +49 -0
- data/script/s3-put +71 -0
- data/test/controllers/custom_registrations_controller_test.rb +40 -0
- data/test/controllers/helper_methods_test.rb +21 -0
- data/test/controllers/helpers_test.rb +95 -32
- data/test/controllers/inherited_controller_i18n_messages_test.rb +51 -0
- data/test/controllers/internal_helpers_test.rb +39 -14
- data/test/controllers/load_hooks_controller_test.rb +19 -0
- data/test/controllers/passwords_controller_test.rb +31 -0
- data/test/controllers/sessions_controller_test.rb +66 -6
- data/test/controllers/url_helpers_test.rb +10 -4
- data/test/delegator_test.rb +1 -1
- data/test/devise_test.rb +45 -10
- data/test/failure_app_test.rb +121 -27
- data/test/generators/active_record_generator_test.rb +48 -8
- data/test/generators/controllers_generator_test.rb +48 -0
- data/test/generators/devise_generator_test.rb +2 -2
- data/test/generators/mongoid_generator_test.rb +3 -3
- data/test/generators/views_generator_test.rb +54 -3
- data/test/helpers/devise_helper_test.rb +18 -20
- data/test/integration/authenticatable_test.rb +161 -65
- data/test/integration/confirmable_test.rb +146 -77
- data/test/integration/database_authenticatable_test.rb +43 -30
- data/test/integration/http_authenticatable_test.rb +30 -22
- data/test/integration/lockable_test.rb +64 -49
- data/test/integration/omniauthable_test.rb +17 -15
- data/test/integration/recoverable_test.rb +111 -70
- data/test/integration/registerable_test.rb +114 -79
- data/test/integration/rememberable_test.rb +87 -31
- data/test/integration/timeoutable_test.rb +77 -33
- data/test/integration/trackable_test.rb +5 -5
- data/test/mailers/confirmation_instructions_test.rb +28 -8
- data/test/mailers/reset_password_instructions_test.rb +21 -8
- data/test/mailers/unlock_instructions_test.rb +20 -6
- data/test/mapping_test.rb +12 -5
- data/test/models/authenticatable_test.rb +17 -1
- data/test/models/confirmable_test.rb +216 -62
- data/test/models/database_authenticatable_test.rb +129 -49
- data/test/models/lockable_test.rb +132 -45
- data/test/models/recoverable_test.rb +100 -54
- data/test/models/rememberable_test.rb +89 -94
- data/test/models/serializable_test.rb +12 -11
- data/test/models/timeoutable_test.rb +6 -1
- data/test/models/trackable_test.rb +28 -0
- data/test/models/validatable_test.rb +31 -21
- data/test/models_test.rb +22 -48
- data/test/omniauth/config_test.rb +4 -4
- data/test/omniauth/url_helpers_test.rb +7 -4
- data/test/orm/active_record.rb +1 -0
- data/test/orm/mongoid.rb +2 -3
- data/test/parameter_sanitizer_test.rb +81 -0
- data/test/rails_app/Rakefile +0 -4
- data/test/rails_app/app/active_record/shim.rb +1 -1
- data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +1 -1
- data/test/rails_app/app/controllers/admins_controller.rb +0 -5
- data/test/rails_app/app/controllers/application_controller.rb +6 -2
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +31 -0
- data/test/rails_app/app/controllers/home_controller.rb +1 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +1 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +1 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +4 -4
- data/test/rails_app/app/controllers/users_controller.rb +12 -4
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
- data/test/rails_app/app/mailers/users/mailer.rb +1 -1
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
- data/test/rails_app/app/mongoid/admin.rb +12 -10
- data/test/rails_app/app/mongoid/shim.rb +4 -5
- data/test/rails_app/app/mongoid/user.rb +19 -22
- data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
- data/test/rails_app/bin/bundle +3 -0
- data/test/rails_app/bin/rails +4 -0
- data/test/rails_app/bin/rake +4 -0
- data/test/rails_app/config/application.rb +4 -5
- data/test/rails_app/config/boot.rb +9 -3
- data/test/rails_app/config/environment.rb +2 -2
- data/test/rails_app/config/environments/development.rb +19 -7
- data/test/rails_app/config/environments/production.rb +68 -17
- data/test/rails_app/config/environments/test.rb +24 -16
- data/test/rails_app/config/initializers/devise.rb +22 -20
- data/test/rails_app/config/initializers/secret_token.rb +8 -2
- data/test/rails_app/config/initializers/session_store.rb +1 -0
- data/test/rails_app/config/routes.rb +71 -46
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +9 -12
- data/test/rails_app/db/schema.rb +21 -18
- data/test/rails_app/lib/shared_admin.rb +7 -4
- data/test/rails_app/lib/shared_user.rb +6 -3
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
- data/test/rails_test.rb +9 -0
- data/test/routes_test.rb +94 -78
- data/test/support/action_controller/record_identifier.rb +10 -0
- data/test/support/assertions.rb +2 -3
- data/test/support/helpers.rb +18 -32
- data/test/support/integration.rb +17 -16
- data/test/support/locale/en.yml +4 -0
- data/test/support/mongoid.yml +6 -0
- data/test/test_helper.rb +8 -1
- data/test/test_helpers_test.rb +64 -20
- data/test/test_models.rb +33 -0
- data/test/time_helpers.rb +137 -0
- metadata +172 -51
- data/app/views/devise/_links.erb +0 -3
- data/gemfiles/Gemfile.rails-3.1.x +0 -35
- data/gemfiles/Gemfile.rails-3.1.x.lock +0 -167
- data/lib/devise/models/token_authenticatable.rb +0 -77
- data/lib/devise/strategies/token_authenticatable.rb +0 -56
- data/test/indifferent_hash.rb +0 -33
- data/test/integration/token_authenticatable_test.rb +0 -161
- data/test/models/token_authenticatable_test.rb +0 -55
- data/test/rails_app/script/rails +0 -10
@@ -1,10 +1,10 @@
|
|
1
1
|
require 'test_helper'
|
2
2
|
|
3
|
-
class HttpAuthenticationTest <
|
3
|
+
class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
4
4
|
test 'handles unverified requests gets rid of caches but continues signed in' do
|
5
|
-
swap
|
5
|
+
swap ApplicationController, allow_forgery_protection: true do
|
6
6
|
create_user
|
7
|
-
post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:
|
7
|
+
post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
|
8
8
|
assert warden.authenticated?(:user)
|
9
9
|
assert_equal "User is authenticated", response.body
|
10
10
|
end
|
@@ -16,18 +16,18 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
16
16
|
assert_match '<email>user@test.com</email>', response.body
|
17
17
|
assert warden.authenticated?(:user)
|
18
18
|
|
19
|
-
get users_path(:
|
19
|
+
get users_path(format: :xml)
|
20
20
|
assert_response 200
|
21
21
|
end
|
22
22
|
|
23
23
|
test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
|
24
|
-
swap Devise, :
|
24
|
+
swap Devise, skip_session_storage: [:http_auth] do
|
25
25
|
sign_in_as_new_user_with_http
|
26
26
|
assert_response 200
|
27
27
|
assert_match '<email>user@test.com</email>', response.body
|
28
28
|
assert warden.authenticated?(:user)
|
29
29
|
|
30
|
-
get users_path(:
|
30
|
+
get users_path(format: :xml)
|
31
31
|
assert_response 401
|
32
32
|
end
|
33
33
|
end
|
@@ -46,7 +46,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
46
46
|
end
|
47
47
|
|
48
48
|
test 'returns a custom response with www-authenticate and chosen realm' do
|
49
|
-
swap Devise, :
|
49
|
+
swap Devise, http_authentication_realm: "MyApp" do
|
50
50
|
sign_in_as_new_user_with_http("unknown")
|
51
51
|
assert_equal 401, status
|
52
52
|
assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
|
@@ -54,7 +54,25 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
54
54
|
end
|
55
55
|
|
56
56
|
test 'sign in should authenticate with http even with specific authentication keys' do
|
57
|
-
swap Devise, :
|
57
|
+
swap Devise, authentication_keys: [:username] do
|
58
|
+
sign_in_as_new_user_with_http("usertest")
|
59
|
+
assert_response :success
|
60
|
+
assert_match '<email>user@test.com</email>', response.body
|
61
|
+
assert warden.authenticated?(:user)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
test 'it uses appropriate authentication_keys when configured with hash' do
|
66
|
+
swap Devise, authentication_keys: ActiveSupport::OrderedHash[:username, false, :email, false] do
|
67
|
+
sign_in_as_new_user_with_http("usertest")
|
68
|
+
assert_response :success
|
69
|
+
assert_match '<email>user@test.com</email>', response.body
|
70
|
+
assert warden.authenticated?(:user)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
test 'it uses the appropriate key when configured explicitly' do
|
75
|
+
swap Devise, authentication_keys: ActiveSupport::OrderedHash[:email, false, :username, false], http_authentication_key: :username do
|
58
76
|
sign_in_as_new_user_with_http("usertest")
|
59
77
|
assert_response :success
|
60
78
|
assert_match '<email>user@test.com</email>', response.body
|
@@ -63,35 +81,25 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
63
81
|
end
|
64
82
|
|
65
83
|
test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
|
66
|
-
swap Devise, :
|
84
|
+
swap Devise, http_authenticatable: true do
|
67
85
|
add_oauth2_header
|
68
86
|
assert_equal 401, status
|
69
87
|
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
|
70
88
|
end
|
71
89
|
end
|
72
90
|
|
73
|
-
test 'sign in should authenticate with really long token' do
|
74
|
-
token = "token_containing_so_many_characters_that_the_base64_encoding_will_wrap"
|
75
|
-
user = create_user
|
76
|
-
user.update_attribute :authentication_token, token
|
77
|
-
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{token}:x")}"
|
78
|
-
assert_response :success
|
79
|
-
assert_match "<email>user@test.com</email>", response.body
|
80
|
-
assert warden.authenticated?(:user)
|
81
|
-
end
|
82
|
-
|
83
91
|
private
|
84
92
|
|
85
|
-
def sign_in_as_new_user_with_http(username="user@test.com", password="
|
93
|
+
def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
|
86
94
|
user = create_user
|
87
|
-
get users_path(:
|
95
|
+
get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
|
88
96
|
user
|
89
97
|
end
|
90
98
|
|
91
99
|
# Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
|
92
100
|
def add_oauth2_header
|
93
101
|
user = create_user
|
94
|
-
get users_path(:
|
102
|
+
get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
|
95
103
|
end
|
96
104
|
|
97
105
|
end
|
@@ -1,19 +1,20 @@
|
|
1
1
|
require 'test_helper'
|
2
2
|
|
3
|
-
class LockTest <
|
3
|
+
class LockTest < ActionDispatch::IntegrationTest
|
4
4
|
|
5
5
|
def visit_user_unlock_with_token(unlock_token)
|
6
|
-
visit user_unlock_path(:
|
6
|
+
visit user_unlock_path(unlock_token: unlock_token)
|
7
7
|
end
|
8
8
|
|
9
9
|
def send_unlock_request
|
10
|
-
user = create_user(:
|
10
|
+
user = create_user(locked: true)
|
11
11
|
ActionMailer::Base.deliveries.clear
|
12
12
|
|
13
13
|
visit new_user_session_path
|
14
14
|
click_link "Didn't receive unlock instructions?"
|
15
15
|
|
16
|
-
|
16
|
+
Devise.stubs(:friendly_token).returns("abcdef")
|
17
|
+
fill_in 'email', with: user.email
|
17
18
|
click_button 'Resend unlock instructions'
|
18
19
|
end
|
19
20
|
|
@@ -21,9 +22,12 @@ class LockTest < ActionController::IntegrationTest
|
|
21
22
|
send_unlock_request
|
22
23
|
|
23
24
|
assert_template 'sessions/new'
|
24
|
-
assert_contain 'You will receive an email with instructions
|
25
|
+
assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes'
|
26
|
+
|
27
|
+
mail = ActionMailer::Base.deliveries.last
|
25
28
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
26
|
-
assert_equal ['please-change-me@config-initializers-devise.com'],
|
29
|
+
assert_equal ['please-change-me@config-initializers-devise.com'], mail.from
|
30
|
+
assert_match user_unlock_path(unlock_token: 'abcdef'), mail.body.encoded
|
27
31
|
end
|
28
32
|
|
29
33
|
test 'user should receive the instructions from a custom mailer' do
|
@@ -35,13 +39,13 @@ class LockTest < ActionController::IntegrationTest
|
|
35
39
|
end
|
36
40
|
|
37
41
|
test 'unlocked user should not be able to request a unlock token' do
|
38
|
-
user = create_user(:
|
42
|
+
user = create_user(locked: false)
|
39
43
|
ActionMailer::Base.deliveries.clear
|
40
44
|
|
41
45
|
visit new_user_session_path
|
42
46
|
click_link "Didn't receive unlock instructions?"
|
43
47
|
|
44
|
-
fill_in 'email', :
|
48
|
+
fill_in 'email', with: user.email
|
45
49
|
click_button 'Resend unlock instructions'
|
46
50
|
|
47
51
|
assert_template 'unlocks/new'
|
@@ -75,149 +79,160 @@ class LockTest < ActionController::IntegrationTest
|
|
75
79
|
end
|
76
80
|
|
77
81
|
test "locked user should be able to unlock account" do
|
78
|
-
user = create_user
|
79
|
-
|
80
|
-
|
81
|
-
visit_user_unlock_with_token(user.unlock_token)
|
82
|
+
user = create_user
|
83
|
+
raw = user.lock_access!
|
84
|
+
visit_user_unlock_with_token(raw)
|
82
85
|
|
83
86
|
assert_current_url "/users/sign_in"
|
84
87
|
assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
|
85
|
-
|
86
88
|
assert_not user.reload.access_locked?
|
87
89
|
end
|
88
90
|
|
89
|
-
test "redirect user to sign in page after unlocking its account" do
|
90
|
-
user = create_user(:locked => true)
|
91
|
-
visit_user_unlock_with_token(user.unlock_token)
|
92
|
-
assert_not warden.authenticated?(:user)
|
93
|
-
end
|
94
|
-
|
95
91
|
test "user should not send a new e-mail if already locked" do
|
96
|
-
user = create_user(:
|
92
|
+
user = create_user(locked: true)
|
97
93
|
user.failed_attempts = User.maximum_attempts + 1
|
98
94
|
user.save!
|
99
95
|
|
100
96
|
ActionMailer::Base.deliveries.clear
|
101
97
|
|
102
|
-
sign_in_as_user(:
|
98
|
+
sign_in_as_user(password: "invalid")
|
103
99
|
assert_contain 'Your account is locked.'
|
104
100
|
assert ActionMailer::Base.deliveries.empty?
|
105
101
|
end
|
106
102
|
|
107
103
|
test 'error message is configurable by resource name' do
|
108
|
-
store_translations :en, :
|
109
|
-
:
|
104
|
+
store_translations :en, devise: {
|
105
|
+
failure: {user: {locked: "You are locked!"}}
|
110
106
|
} do
|
111
107
|
|
112
|
-
user = create_user(:
|
108
|
+
user = create_user(locked: true)
|
113
109
|
user.failed_attempts = User.maximum_attempts + 1
|
114
110
|
user.save!
|
115
111
|
|
116
|
-
sign_in_as_user(:
|
112
|
+
sign_in_as_user(password: "invalid")
|
117
113
|
assert_contain "You are locked!"
|
118
114
|
end
|
119
115
|
end
|
120
116
|
|
121
117
|
test "user should not be able to sign in when locked" do
|
122
|
-
store_translations :en, :
|
123
|
-
:
|
118
|
+
store_translations :en, devise: {
|
119
|
+
failure: {user: {locked: "You are locked!"}}
|
124
120
|
} do
|
125
121
|
|
126
|
-
user = create_user(:
|
122
|
+
user = create_user(locked: true)
|
127
123
|
user.failed_attempts = User.maximum_attempts + 1
|
128
124
|
user.save!
|
129
125
|
|
130
|
-
sign_in_as_user(:
|
126
|
+
sign_in_as_user(password: "123456")
|
131
127
|
assert_contain "You are locked!"
|
132
128
|
end
|
133
129
|
end
|
134
130
|
|
135
131
|
test 'user should be able to request a new unlock token via XML request' do
|
136
|
-
user = create_user(:
|
132
|
+
user = create_user(locked: true)
|
137
133
|
ActionMailer::Base.deliveries.clear
|
138
134
|
|
139
|
-
post user_unlock_path(:
|
135
|
+
post user_unlock_path(format: 'xml'), user: {email: user.email}
|
140
136
|
assert_response :success
|
141
137
|
assert_equal response.body, {}.to_xml
|
142
138
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
143
139
|
end
|
144
140
|
|
145
141
|
test 'unlocked user should not be able to request a unlock token via XML request' do
|
146
|
-
user = create_user(:
|
142
|
+
user = create_user(locked: false)
|
147
143
|
ActionMailer::Base.deliveries.clear
|
148
144
|
|
149
|
-
post user_unlock_path(:
|
145
|
+
post user_unlock_path(format: 'xml'), user: {email: user.email}
|
150
146
|
assert_response :unprocessable_entity
|
151
147
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
152
148
|
assert_equal 0, ActionMailer::Base.deliveries.size
|
153
149
|
end
|
154
150
|
|
155
151
|
test 'user with valid unlock token should be able to unlock account via XML request' do
|
156
|
-
user = create_user(
|
152
|
+
user = create_user()
|
153
|
+
raw = user.lock_access!
|
157
154
|
assert user.access_locked?
|
158
|
-
get user_unlock_path(:
|
155
|
+
get user_unlock_path(format: 'xml', unlock_token: raw)
|
159
156
|
assert_response :success
|
160
157
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
161
158
|
end
|
162
159
|
|
163
160
|
|
164
161
|
test 'user with invalid unlock token should not be able to unlock the account via XML request' do
|
165
|
-
get user_unlock_path(:
|
162
|
+
get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
|
166
163
|
assert_response :unprocessable_entity
|
167
164
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
168
165
|
end
|
169
166
|
|
170
167
|
test "when using json to ask a unlock request, should not return the user" do
|
171
|
-
user = create_user(:
|
172
|
-
post user_unlock_path(:
|
168
|
+
user = create_user(locked: true)
|
169
|
+
post user_unlock_path(format: "json", user: {email: user.email})
|
173
170
|
assert_response :success
|
174
171
|
assert_equal response.body, {}.to_json
|
175
172
|
end
|
176
173
|
|
177
174
|
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
|
178
|
-
swap Devise, :
|
179
|
-
user = create_user(:
|
175
|
+
swap Devise, paranoid: true do
|
176
|
+
user = create_user(locked: true)
|
180
177
|
|
181
178
|
visit new_user_session_path
|
182
179
|
click_link "Didn't receive unlock instructions?"
|
183
180
|
|
184
|
-
fill_in 'email', :
|
181
|
+
fill_in 'email', with: user.email
|
185
182
|
click_button 'Resend unlock instructions'
|
186
183
|
|
187
184
|
assert_current_url "/users/sign_in"
|
188
|
-
assert_contain "If your account exists, you will receive an email with instructions
|
185
|
+
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
|
189
186
|
end
|
190
187
|
end
|
191
188
|
|
192
189
|
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
|
193
|
-
swap Devise, :
|
194
|
-
user = create_user(:
|
190
|
+
swap Devise, paranoid: true do
|
191
|
+
user = create_user(locked: false)
|
195
192
|
|
196
193
|
visit new_user_session_path
|
197
194
|
click_link "Didn't receive unlock instructions?"
|
198
195
|
|
199
|
-
fill_in 'email', :
|
196
|
+
fill_in 'email', with: user.email
|
200
197
|
click_button 'Resend unlock instructions'
|
201
198
|
|
202
199
|
assert_current_url "/users/sign_in"
|
203
|
-
assert_contain "If your account exists, you will receive an email with instructions
|
200
|
+
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
|
204
201
|
end
|
205
202
|
end
|
206
203
|
|
207
204
|
test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
|
208
|
-
swap Devise, :
|
205
|
+
swap Devise, paranoid: true do
|
209
206
|
visit new_user_session_path
|
210
207
|
click_link "Didn't receive unlock instructions?"
|
211
208
|
|
212
|
-
fill_in 'email', :
|
209
|
+
fill_in 'email', with: "arandomemail@hotmail.com"
|
213
210
|
click_button 'Resend unlock instructions'
|
214
211
|
|
215
212
|
assert_not_contain "1 error prohibited this user from being saved:"
|
216
213
|
assert_not_contain "Email not found"
|
217
214
|
assert_current_url "/users/sign_in"
|
218
215
|
|
219
|
-
assert_contain "If your account exists, you will receive an email with instructions
|
216
|
+
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
|
217
|
+
|
218
|
+
end
|
219
|
+
end
|
220
220
|
|
221
|
+
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
|
222
|
+
swap Devise, paranoid: true, maximum_attempts: 1 do
|
223
|
+
user = create_user(locked: false)
|
224
|
+
|
225
|
+
visit new_user_session_path
|
226
|
+
fill_in 'email', with: user.email
|
227
|
+
fill_in 'password', with: "abadpassword"
|
228
|
+
click_button 'Log in'
|
229
|
+
|
230
|
+
fill_in 'email', with: user.email
|
231
|
+
fill_in 'password', with: "abadpassword"
|
232
|
+
click_button 'Log in'
|
233
|
+
|
234
|
+
assert_current_url "/users/sign_in"
|
235
|
+
assert_not_contain "locked"
|
221
236
|
end
|
222
237
|
end
|
223
238
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'test_helper'
|
2
2
|
|
3
3
|
|
4
|
-
class OmniauthableIntegrationTest <
|
4
|
+
class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
5
5
|
FACEBOOK_INFO = {
|
6
6
|
"id" => '12345',
|
7
7
|
"link" => 'http://facebook.com/josevalim',
|
@@ -20,9 +20,11 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
20
20
|
"credentials" => {"token" => 'plataformatec'},
|
21
21
|
"extra" => {"user_hash" => FACEBOOK_INFO}
|
22
22
|
}
|
23
|
+
OmniAuth.config.add_camelization 'facebook', 'FaceBook'
|
23
24
|
end
|
24
25
|
|
25
26
|
teardown do
|
27
|
+
OmniAuth.config.camelizations.delete('facebook')
|
26
28
|
OmniAuth.config.test_mode = false
|
27
29
|
end
|
28
30
|
|
@@ -40,7 +42,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
40
42
|
|
41
43
|
test "can access omniauth.auth in the env hash" do
|
42
44
|
visit "/users/sign_in"
|
43
|
-
click_link "Sign in with
|
45
|
+
click_link "Sign in with FaceBook"
|
44
46
|
|
45
47
|
json = ActiveSupport::JSON.decode(response.body)
|
46
48
|
|
@@ -54,15 +56,15 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
54
56
|
test "cleans up session on sign up" do
|
55
57
|
assert_no_difference "User.count" do
|
56
58
|
visit "/users/sign_in"
|
57
|
-
click_link "Sign in with
|
59
|
+
click_link "Sign in with FaceBook"
|
58
60
|
end
|
59
61
|
|
60
62
|
assert session["devise.facebook_data"]
|
61
63
|
|
62
64
|
assert_difference "User.count" do
|
63
65
|
visit "/users/sign_up"
|
64
|
-
fill_in "Password", :
|
65
|
-
fill_in "Password confirmation", :
|
66
|
+
fill_in "Password", with: "12345678"
|
67
|
+
fill_in "Password confirmation", with: "12345678"
|
66
68
|
click_button "Sign up"
|
67
69
|
end
|
68
70
|
|
@@ -75,7 +77,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
75
77
|
test "cleans up session on cancel" do
|
76
78
|
assert_no_difference "User.count" do
|
77
79
|
visit "/users/sign_in"
|
78
|
-
click_link "Sign in with
|
80
|
+
click_link "Sign in with FaceBook"
|
79
81
|
end
|
80
82
|
|
81
83
|
assert session["devise.facebook_data"]
|
@@ -86,23 +88,23 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
86
88
|
test "cleans up session on sign in" do
|
87
89
|
assert_no_difference "User.count" do
|
88
90
|
visit "/users/sign_in"
|
89
|
-
click_link "Sign in with
|
91
|
+
click_link "Sign in with FaceBook"
|
90
92
|
end
|
91
93
|
|
92
94
|
assert session["devise.facebook_data"]
|
93
|
-
|
95
|
+
sign_in_as_user
|
94
96
|
assert !session["devise.facebook_data"]
|
95
97
|
end
|
96
98
|
|
97
99
|
test "sign in and send remember token if configured" do
|
98
100
|
visit "/users/sign_in"
|
99
|
-
click_link "Sign in with
|
101
|
+
click_link "Sign in with FaceBook"
|
100
102
|
assert_nil warden.cookies["remember_user_token"]
|
101
103
|
|
102
104
|
stub_action!(:sign_in_facebook) do
|
103
105
|
create_user
|
104
106
|
visit "/users/sign_in"
|
105
|
-
click_link "Sign in with
|
107
|
+
click_link "Sign in with FaceBook"
|
106
108
|
assert warden.authenticated?(:user)
|
107
109
|
assert warden.cookies["remember_user_token"]
|
108
110
|
end
|
@@ -111,23 +113,23 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
111
113
|
test "generates a proper link when SCRIPT_NAME is set" do
|
112
114
|
header 'SCRIPT_NAME', '/q'
|
113
115
|
visit "/users/sign_in"
|
114
|
-
assert_select "a", :
|
116
|
+
assert_select "a", href: "/q/users/auth/facebook"
|
115
117
|
end
|
116
118
|
|
117
119
|
test "handles callback error parameter according to the specification" do
|
118
120
|
OmniAuth.config.mock_auth[:facebook] = :access_denied
|
119
121
|
visit "/users/auth/facebook/callback?error=access_denied"
|
120
122
|
assert_current_url "/users/sign_in"
|
121
|
-
assert_contain 'Could not authenticate you from
|
123
|
+
assert_contain 'Could not authenticate you from FaceBook because "Access denied".'
|
122
124
|
end
|
123
125
|
|
124
|
-
test "handles other exceptions from
|
126
|
+
test "handles other exceptions from OmniAuth" do
|
125
127
|
OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
|
126
128
|
|
127
129
|
visit "/users/sign_in"
|
128
|
-
click_link "Sign in with
|
130
|
+
click_link "Sign in with FaceBook"
|
129
131
|
|
130
132
|
assert_current_url "/users/sign_in"
|
131
|
-
assert_contain 'Could not authenticate you from
|
133
|
+
assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
|
132
134
|
end
|
133
135
|
end
|