devise 2.1.2 → 3.5.10

data/test/models/recoverable_test.rb

@@ -23,13 +23,13 @@ class RecoverableTest < ActiveSupport::TestCase
 
   test 'should reset password and password confirmation from params' do
     user = create_user
-    user.reset_password!('123456789', '987654321')
+    user.reset_password('123456789', '987654321')
     assert_equal '123456789', user.password
     assert_equal '987654321', user.password_confirmation
   end
 
   test 'should reset password and save the record' do
-    assert create_user.reset_password!('123456789', '123456789')
+    assert create_user.reset_password('123456789', '123456789')
   end
 
   test 'should clear reset password token while reseting the password' do
@@ -38,7 +38,53 @@ class RecoverableTest < ActiveSupport::TestCase
 
     user.send_reset_password_instructions
     assert_present user.reset_password_token
-    assert user.reset_password!('123456789', '123456789')
+    assert user.reset_password('123456789', '123456789')
+    assert_nil user.reset_password_token
+  end
+
+  test 'should not clear reset password token for new user' do
+    user = new_user
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+
+    user.save
+    assert_present user.reset_password_token
+  end
+
+  test 'should clear reset password token if changing password' do
+    user = create_user
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.password = "123456678"
+    user.password_confirmation = "123456678"
+    user.save!
+    assert_nil user.reset_password_token
+  end
+
+  test 'should clear reset password token if changing email' do
+    user = create_user
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.email = "another@example.com"
+    user.save!
+    assert_nil user.reset_password_token
+  end
+
+  test 'should clear reset password successfully even if there is no email' do
+    user = create_user_without_email
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.password = "123456678"
+    user.password_confirmation = "123456678"
+    user.save!
     assert_nil user.reset_password_token
   end
 
@@ -46,14 +92,14 @@ class RecoverableTest < ActiveSupport::TestCase
     user = create_user
     user.send_reset_password_instructions
     assert_present user.reset_password_token
-    assert_not user.reset_password!('123456789', '987654321')
+    assert_not user.reset_password('123456789', '987654321')
     assert_present user.reset_password_token
   end
 
   test 'should not reset password with invalid data' do
     user = create_user
     user.stubs(:valid?).returns(false)
-    assert_not user.reset_password!('123456789', '987654321')
+    assert_not user.reset_password('123456789', '987654321')
   end
 
   test 'should reset reset password token and send instructions by email' do
@@ -67,28 +113,28 @@ class RecoverableTest < ActiveSupport::TestCase
 
   test 'should find a user to send instructions by email' do
     user = create_user
-    reset_password_user = User.send_reset_password_instructions(:email => user.email)
+    reset_password_user = User.send_reset_password_instructions(email: user.email)
     assert_equal reset_password_user, user
   end
 
   test 'should return a new record with errors if user was not found by e-mail' do
-    reset_password_user = User.send_reset_password_instructions(:email => "invalid@example.com")
+    reset_password_user = User.send_reset_password_instructions(email: "invalid@example.com")
     assert_not reset_password_user.persisted?
     assert_equal "not found", reset_password_user.errors[:email].join
   end
 
   test 'should find a user to send instructions by authentication_keys' do
-    swap Devise, :authentication_keys => [:username, :email] do
+    swap Devise, authentication_keys: [:username, :email] do
       user = create_user
-      reset_password_user = User.send_reset_password_instructions(:email => user.email, :username => user.username)
+      reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username)
       assert_equal reset_password_user, user
     end
   end
 
   test 'should require all reset_password_keys' do
-      swap Devise, :reset_password_keys => [:username, :email] do
+      swap Devise, reset_password_keys: [:username, :email] do
           user = create_user
-          reset_password_user = User.send_reset_password_instructions(:email => user.email)
+          reset_password_user = User.send_reset_password_instructions(email: user.email)
           assert_not reset_password_user.persisted?
           assert_equal "can't be blank", reset_password_user.errors[:username].join
       end
@@ -97,96 +143,78 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should reset reset_password_token before send the reset instructions email' do
     user = create_user
     token = user.reset_password_token
-    User.send_reset_password_instructions(:email => user.email)
+    User.send_reset_password_instructions(email: user.email)
     assert_not_equal token, user.reload.reset_password_token
   end
 
-  test 'should send email instructions to the user reset his password' do
+  test 'should send email instructions to the user reset their password' do
     user = create_user
     assert_email_sent do
-      User.send_reset_password_instructions(:email => user.email)
+      User.send_reset_password_instructions(email: user.email)
     end
   end
 
-  test 'should find a user to reset his password based on reset_password_token' do
+  test 'should find a user to reset their password based on the raw token' do
     user = create_user
-    user.send :generate_reset_password_token!
+    raw  = user.send_reset_password_instructions
 
-    reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token)
+    reset_password_user = User.reset_password_by_token(reset_password_token: raw)
     assert_equal reset_password_user, user
   end
 
   test 'should return a new record with errors if no reset_password_token is found' do
-    reset_password_user = User.reset_password_by_token(:reset_password_token => 'invalid_token')
+    reset_password_user = User.reset_password_by_token(reset_password_token: 'invalid_token')
     assert_not reset_password_user.persisted?
     assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
   end
 
   test 'should return a new record with errors if reset_password_token is blank' do
-    reset_password_user = User.reset_password_by_token(:reset_password_token => '')
+    reset_password_user = User.reset_password_by_token(reset_password_token: '')
     assert_not reset_password_user.persisted?
     assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join
   end
 
   test 'should return a new record with errors if password is blank' do
     user = create_user
-    user.send :generate_reset_password_token!
+    raw  = user.send_reset_password_instructions
 
-    reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token, :password => '')
+    reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '')
     assert_not reset_password_user.errors.empty?
     assert_match "can't be blank", reset_password_user.errors[:password].join
+    assert_equal raw, reset_password_user.reset_password_token
   end
 
   test 'should reset successfully user password given the new password and confirmation' do
     user = create_user
     old_password = user.password
-    user.send :generate_reset_password_token!
+    raw  = user.send_reset_password_instructions
 
-    User.reset_password_by_token(
-      :reset_password_token => user.reset_password_token,
-      :password => 'new_password',
-      :password_confirmation => 'new_password'
+    reset_password_user = User.reset_password_by_token(
+      reset_password_token: raw,
+      password: 'new_password',
+      password_confirmation: 'new_password'
     )
-    user.reload
+    assert_nil reset_password_user.reset_password_token
 
+    user.reload
     assert_not user.valid_password?(old_password)
     assert user.valid_password?('new_password')
-  end
-
-  test 'should not reset reset password token during reset_password_within time' do
-    swap Devise, :reset_password_within => 1.hour do
-      user = create_user
-      user.send_reset_password_instructions
-      3.times do
-        token = user.reset_password_token
-        user.send_reset_password_instructions
-        assert_equal token, user.reset_password_token
-      end
-    end
-  end
-
-  test 'should reset reset password token after reset_password_within time' do
-    swap Devise, :reset_password_within => 1.hour do
-      user = create_user
-      user.reset_password_sent_at = 2.days.ago
-      token = user.reset_password_token
-      user.send_reset_password_instructions
-      assert_not_equal token, user.reset_password_token
-    end
+    assert_nil user.reset_password_token
   end
 
   test 'should not reset password after reset_password_within time' do
-    swap Devise, :reset_password_within => 1.hour do
+    swap Devise, reset_password_within: 1.hour do
       user = create_user
+      raw  = user.send_reset_password_instructions
+
       old_password = user.password
-      user.send :generate_reset_password_token!
       user.reset_password_sent_at = 2.days.ago
       user.save!
 
       reset_password_user = User.reset_password_by_token(
-        :reset_password_token => user.reset_password_token,
-        :password => 'new_password',
-        :password_confirmation => 'new_password'
+        reset_password_token: raw,
+        password: 'new_password',
+        password_confirmation: 'new_password'
       )
       user.reload
 
@@ -202,4 +230,22 @@ class RecoverableTest < ActiveSupport::TestCase
       :reset_password_token
     ]
   end
+
+  test 'should return a user based on the raw token' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+
+    assert_equal User.with_reset_password_token(raw), user
+  end
+
+  test 'should return the same reset password token as generated' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+    assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
+  end
+
+  test 'should return nil if a user based on the raw token is not found' do
+    assert_equal User.with_reset_password_token('random-token'), nil
+  end
+
 end

data/test/models/rememberable_test.rb

@@ -13,6 +13,19 @@ class RememberableTest < ActiveSupport::TestCase
     user = create_user
     user.expects(:valid?).never
     user.remember_me!
+    assert user.remember_created_at
+  end
+
+  test 'remember_me should not generate a new token if valid token exists' do
+    user = create_user
+    user.singleton_class.send(:attr_accessor, :remember_token)
+    User.to_adapter.expects(:find_first).returns(nil)
+
+    user.remember_me!
+    existing_token = user.remember_token
+
+    user.remember_me!
+    assert_equal existing_token, user.remember_token
   end
 
   test 'forget_me should not clear remember token if using salt' do
@@ -22,151 +35,133 @@ class RememberableTest < ActiveSupport::TestCase
     user.forget_me!
   end
 
+  test 'can generate remember token' do
+    user = create_user
+    user.singleton_class.send(:attr_accessor, :remember_token)
+    User.to_adapter.expects(:find_first).returns(nil)
+    user.remember_me!
+    assert user.remember_token
+  end
+
   test 'serialize into cookie' do
     user = create_user
     user.remember_me!
-    assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
+    id, token, date = User.serialize_into_cookie(user)
+    assert_equal id, user.to_key
+    assert_equal token, user.authenticatable_salt
+    assert date.is_a?(String)
   end
 
   test 'serialize from cookie' do
     user = create_user
     user.remember_me!
-    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
+    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc)
   end
 
-  test 'raises a RuntimeError if authenticatable_salt is nil' do
-    user = User.new
-    user.encrypted_password = nil
-    assert_raise RuntimeError do
-      user.rememberable_value
-    end
+  test 'serialize from cookie should accept a String with the datetime seconds and microseconds' do
+    user = create_user
+    user.remember_me!
+    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc.to_f.to_json)
   end
 
-  test 'should respond to remember_me attribute' do
-    assert resource_class.new.respond_to?(:remember_me)
-    assert resource_class.new.respond_to?(:remember_me=)
+  test 'serialize from cookie should return nil with invalid datetime' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, "2013")
   end
 
-  test 'forget_me should clear remember_created_at' do
-    resource = create_resource
-    resource.remember_me!
-    assert_not resource.remember_created_at.nil?
-    resource.forget_me!
-    assert resource.remember_created_at.nil?
+  test 'serialize from cookie should return nil if no resource is found' do
+    assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc)
   end
 
-  test 'forget_me should not try to update resource if it has been destroyed' do
-    resource = create_resource
-    resource.destroy
-    resource.expects(:remember_created_at).never
-    resource.expects(:save).never
-    resource.forget_me!
+  test 'serialize from cookie should return nil if no timestamp' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
   end
 
-  test 'remember is expired if not created at timestamp is set' do
-    assert create_resource.remember_expired?
+  test 'serialize from cookie should return nil if timestamp is earlier than token creation' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 1.day.ago)
   end
 
-  test 'serialize should return nil if no resource is found' do
-    assert_nil resource_class.serialize_from_cookie([0], "123")
+  test 'serialize from cookie should return nil if timestamp is older than remember_for' do
+    user = create_user
+    user.remember_created_at = 1.month.ago
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 3.weeks.ago)
   end
 
-  test 'remember me return nil if is a valid resource with invalid token' do
-    resource = create_resource
-    assert_nil resource_class.serialize_from_cookie([resource.id], "123")
+  test 'serialize from cookie me return nil if is a valid resource with invalid token' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc)
   end
 
-  test 'remember for should fallback to devise remember for default configuration' do
-    swap Devise, :remember_for => 1.day do
-      resource = create_resource
-      resource.remember_me!
-      assert_not resource.remember_expired?
+  test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
+    user = User.new
+    def user.authenticable_salt; nil; end
+    assert_raise RuntimeError do
+      user.rememberable_value
     end
-  end
 
-  test 'remember expires at should sum date of creation with remember for configuration' do
-    swap Devise, :remember_for => 3.days do
-      resource = create_resource
-      resource.remember_me!
-      assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date
-
-      Devise.remember_for = 5.days
-      assert_equal 5.days.from_now.to_date, resource.remember_expires_at.to_date
+    user = User.new
+    def user.authenticable_salt; ""; end
+    assert_raise RuntimeError do
+      user.rememberable_value
     end
   end
 
-  test 'remember should be expired if remember_for is zero' do
-    swap Devise, :remember_for => 0.days do
-      Devise.remember_for = 0.days
-      resource = create_resource
-      resource.remember_me!
-      assert resource.remember_expired?
-    end
+  test 'should respond to remember_me attribute' do
+    assert resource_class.new.respond_to?(:remember_me)
+    assert resource_class.new.respond_to?(:remember_me=)
   end
 
-  test 'remember should be expired if it was created before limit time' do
-    swap Devise, :remember_for => 1.day do
+  test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do
+    swap Devise, expire_all_remember_me_on_sign_out: true do
       resource = create_resource
       resource.remember_me!
-      resource.remember_created_at = 2.days.ago
-      resource.save
-      assert resource.remember_expired?
-    end
-  end
+      assert_not_nil resource.remember_created_at
 
-  test 'remember should not be expired if it was created whitin the limit time' do
-    swap Devise, :remember_for => 30.days do
-      resource = create_resource
-      resource.remember_me!
-      resource.remember_created_at = (30.days.ago + 2.minutes)
-      resource.save
-      assert_not resource.remember_expired?
+      resource.forget_me!
+      assert_nil resource.remember_created_at
     end
   end
 
-  test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do
-    swap Devise, :remember_for => 5.minutes do
+  test 'forget_me should not clear remember_created_at if expire_all_remember_me_on_sign_out is false' do
+    swap Devise, expire_all_remember_me_on_sign_out: false do
       resource = create_resource
-      resource.remember_me!(false)
-      assert resource.remember_created_at
+      resource.remember_me!
 
-      resource.remember_created_at = old = 10.minutes.ago
-      resource.save
+      assert_not_nil resource.remember_created_at
 
-      resource.remember_me!(false)
-      assert_not_equal old.to_i, resource.remember_created_at.to_i
+      resource.forget_me!
+      assert_not_nil resource.remember_created_at
     end
   end
 
-  test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do
-    swap Devise, :remember_for => 1.year do
-      resource = create_resource
-      resource.remember_me!(false)
-      assert resource.remember_created_at
-
-      resource.remember_created_at = old = 10.minutes.ago.utc
-      resource.save
+  test 'forget_me should not try to update resource if it has been destroyed' do
+    resource = create_resource
+    resource.expects(:remember_created_at).never
+    resource.expects(:save).never
 
-      resource.remember_me!(false)
-      assert_equal old.to_i, resource.remember_created_at.to_i
-    end
+    resource.destroy
+    resource.forget_me!
   end
 
-  test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do
-    swap Devise, :remember_for => 1.year do
+  test 'remember expires at uses remember for configuration' do
+    swap Devise, remember_for: 3.days do
       resource = create_resource
-      resource.remember_me!(true)
-      assert resource.remember_created_at
-
-      resource.remember_created_at = old = 10.minutes.ago
-      resource.save
+      resource.remember_me!
+      assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date
 
-      resource.remember_me!(true)
-      assert_not_equal old, resource.remember_created_at
+      Devise.remember_for = 5.days
+      assert_equal 5.days.from_now.to_date, resource.remember_expires_at.to_date
     end
   end
 
-  test 'should have the required_fiels array' do
+  test 'should have the required_fields array' do
     assert_same_content Devise::Models::Rememberable.required_fields(User), [
       :remember_created_at
     ]