devise 2.1.4 → 2.2.0.rc
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/.travis.yml +26 -0
- data/CHANGELOG.rdoc +29 -10
- data/CONTRIBUTING.md +14 -0
- data/Gemfile +2 -8
- data/Gemfile.lock +68 -77
- data/README.md +15 -9
- data/app/controllers/devise/omniauth_callbacks_controller.rb +1 -1
- data/app/controllers/devise/passwords_controller.rb +9 -0
- data/app/controllers/devise/registrations_controller.rb +17 -5
- data/app/controllers/devise/sessions_controller.rb +3 -3
- data/app/controllers/devise_controller.rb +3 -11
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +1 -1
- data/app/views/devise/passwords/new.html.erb +1 -1
- data/app/views/devise/registrations/edit.html.erb +5 -1
- data/app/views/devise/registrations/new.html.erb +1 -1
- data/app/views/devise/sessions/new.html.erb +1 -1
- data/app/views/devise/unlocks/new.html.erb +1 -1
- data/config/locales/en.yml +2 -0
- data/gemfiles/Gemfile.rails-3.1.x +1 -3
- data/gemfiles/Gemfile.rails-3.1.x.lock +9 -12
- data/lib/devise.rb +12 -7
- data/lib/devise/controllers/helpers.rb +16 -3
- data/lib/devise/mailers/helpers.rb +14 -8
- data/lib/devise/models/authenticatable.rb +14 -9
- data/lib/devise/models/confirmable.rb +36 -3
- data/lib/devise/models/database_authenticatable.rb +2 -1
- data/lib/devise/models/lockable.rb +6 -2
- data/lib/devise/models/recoverable.rb +2 -2
- data/lib/devise/models/token_authenticatable.rb +12 -0
- data/lib/devise/models/trackable.rb +1 -1
- data/lib/devise/models/validatable.rb +1 -1
- data/lib/devise/param_filter.rb +2 -1
- data/lib/devise/rails/routes.rb +11 -11
- data/lib/devise/strategies/database_authenticatable.rb +1 -1
- data/lib/devise/test_helpers.rb +3 -2
- data/lib/devise/time_inflector.rb +14 -0
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +5 -1
- data/lib/generators/mongoid/devise_generator.rb +0 -3
- data/lib/generators/templates/README +5 -1
- data/lib/generators/templates/devise.rb +12 -4
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -1
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +5 -0
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -1
- data/test/controllers/internal_helpers_test.rb +6 -0
- data/test/controllers/sessions_controller_test.rb +43 -1
- data/test/devise_test.rb +12 -1
- data/test/generators/active_record_generator_test.rb +7 -1
- data/test/integration/authenticatable_test.rb +4 -4
- data/test/integration/confirmable_test.rb +44 -0
- data/test/integration/database_authenticatable_test.rb +17 -15
- data/test/integration/http_authenticatable_test.rb +3 -3
- data/test/integration/lockable_test.rb +18 -0
- data/test/integration/omniauthable_test.rb +2 -2
- data/test/integration/recoverable_test.rb +43 -6
- data/test/integration/registerable_test.rb +34 -11
- data/test/mailers/confirmation_instructions_test.rb +7 -0
- data/test/models/authenticatable_test.rb +1 -7
- data/test/models/confirmable_test.rb +35 -1
- data/test/models/database_authenticatable_test.rb +49 -24
- data/test/models/lockable_test.rb +13 -3
- data/test/models/serializable_test.rb +2 -1
- data/test/models_test.rb +1 -22
- data/test/orm/mongoid.rb +2 -3
- data/test/rails_app/app/controllers/application_controller.rb +1 -0
- data/test/rails_app/app/mailers/users/mailer.rb +6 -1
- data/test/rails_app/app/mongoid/admin.rb +4 -2
- data/test/rails_app/app/mongoid/shim.rb +3 -3
- data/test/rails_app/app/mongoid/user.rb +2 -2
- data/test/rails_app/config/initializers/devise.rb +2 -2
- data/test/rails_app/lib/shared_user.rb +1 -1
- data/test/support/helpers.rb +2 -2
- data/test/support/integration.rb +4 -3
- data/test/test_helpers_test.rb +19 -2
- data/test/test_models.rb +27 -0
- metadata +31 -29
- data/test/indifferent_hash.rb +0 -33
@@ -456,7 +456,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
|
|
456
456
|
assert_match '<?xml version="1.0" encoding="UTF-8"?>', response.body
|
457
457
|
assert_match /<user>.*<\/user>/m, response.body
|
458
458
|
assert_match '<email></email>', response.body
|
459
|
-
assert_match '<password nil="true"
|
459
|
+
assert_match '<password nil="true"', response.body
|
460
460
|
end
|
461
461
|
|
462
462
|
test 'sign in stub in json format' do
|
@@ -483,7 +483,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
|
|
483
483
|
|
484
484
|
test 'sign in with xml format returns xml response' do
|
485
485
|
create_user
|
486
|
-
post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '
|
486
|
+
post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
|
487
487
|
assert_response :success
|
488
488
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
489
489
|
end
|
@@ -493,13 +493,13 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
|
|
493
493
|
assert_response :success
|
494
494
|
|
495
495
|
create_user
|
496
|
-
post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '
|
496
|
+
post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
|
497
497
|
assert_response :success
|
498
498
|
|
499
499
|
get new_user_session_path(:format => 'xml')
|
500
500
|
assert_response :success
|
501
501
|
|
502
|
-
post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '
|
502
|
+
post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
|
503
503
|
assert_response :success
|
504
504
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
505
505
|
end
|
@@ -50,6 +50,30 @@ class ConfirmationTest < ActionController::IntegrationTest
|
|
50
50
|
assert user.reload.confirmed?
|
51
51
|
end
|
52
52
|
|
53
|
+
test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
|
54
|
+
swap Devise, :confirm_within => 3.days do
|
55
|
+
user = create_user(:confirm => false, :confirmation_sent_at => 4.days.ago)
|
56
|
+
assert_not user.confirmed?
|
57
|
+
visit_user_confirmation_with_token(user.confirmation_token)
|
58
|
+
|
59
|
+
assert_have_selector '#error_explanation'
|
60
|
+
assert_contain /needs to be confirmed within 3 days/
|
61
|
+
assert_not user.reload.confirmed?
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
test 'user with valid confirmation token should be able to confirm an account before the token has expired' do
|
66
|
+
swap Devise, :confirm_within => 3.days do
|
67
|
+
user = create_user(:confirm => false, :confirmation_sent_at => 2.days.ago)
|
68
|
+
assert_not user.confirmed?
|
69
|
+
visit_user_confirmation_with_token(user.confirmation_token)
|
70
|
+
|
71
|
+
assert_contain 'Your account was successfully confirmed.'
|
72
|
+
assert_current_url '/'
|
73
|
+
assert user.reload.confirmed?
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
53
77
|
test 'user should be redirected to a custom path after confirmation' do
|
54
78
|
Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1")
|
55
79
|
|
@@ -240,6 +264,26 @@ class ConfirmationOnChangeTest < ActionController::IntegrationTest
|
|
240
264
|
assert_not admin.reload.pending_reconfirmation?
|
241
265
|
end
|
242
266
|
|
267
|
+
test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do
|
268
|
+
admin = create_admin
|
269
|
+
admin.update_attributes(:email => 'first_test@example.com')
|
270
|
+
assert_equal 'first_test@example.com', admin.unconfirmed_email
|
271
|
+
|
272
|
+
confirmation_token = admin.confirmation_token
|
273
|
+
admin.update_attributes(:email => 'second_test@example.com')
|
274
|
+
assert_equal 'second_test@example.com', admin.unconfirmed_email
|
275
|
+
|
276
|
+
visit_admin_confirmation_with_token(confirmation_token)
|
277
|
+
assert_have_selector '#error_explanation'
|
278
|
+
assert_contain /Confirmation token(.*)invalid/
|
279
|
+
|
280
|
+
visit_admin_confirmation_with_token(admin.confirmation_token)
|
281
|
+
assert_contain 'Your account was successfully confirmed.'
|
282
|
+
assert_current_url '/admin_area/home'
|
283
|
+
assert admin.reload.confirmed?
|
284
|
+
assert_not admin.reload.pending_reconfirmation?
|
285
|
+
end
|
286
|
+
|
243
287
|
test 'admin email should be unique also within unconfirmed_email' do
|
244
288
|
admin = create_admin
|
245
289
|
admin.update_attributes(:email => 'new_admin_test@example.com')
|
@@ -3,44 +3,44 @@ require 'test_helper'
|
|
3
3
|
class DatabaseAuthenticationTest < ActionController::IntegrationTest
|
4
4
|
test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
|
5
5
|
create_user(:email => 'Foo@Bar.com')
|
6
|
-
|
6
|
+
|
7
7
|
sign_in_as_user do
|
8
8
|
fill_in 'email', :with => 'foo@bar.com'
|
9
9
|
end
|
10
|
-
|
10
|
+
|
11
11
|
assert warden.authenticated?(:user)
|
12
12
|
end
|
13
13
|
|
14
14
|
test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
|
15
15
|
swap Devise, :case_insensitive_keys => [] do
|
16
16
|
create_user(:email => 'Foo@Bar.com')
|
17
|
-
|
17
|
+
|
18
18
|
sign_in_as_user do
|
19
19
|
fill_in 'email', :with => 'foo@bar.com'
|
20
20
|
end
|
21
|
-
|
21
|
+
|
22
22
|
assert_not warden.authenticated?(:user)
|
23
23
|
end
|
24
24
|
end
|
25
|
-
|
25
|
+
|
26
26
|
test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
|
27
27
|
create_user(:email => ' foo@bar.com ')
|
28
|
-
|
28
|
+
|
29
29
|
sign_in_as_user do
|
30
30
|
fill_in 'email', :with => 'foo@bar.com'
|
31
31
|
end
|
32
|
-
|
32
|
+
|
33
33
|
assert warden.authenticated?(:user)
|
34
34
|
end
|
35
35
|
|
36
36
|
test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
|
37
37
|
swap Devise, :strip_whitespace_keys => [] do
|
38
38
|
create_user(:email => 'foo@bar.com')
|
39
|
-
|
39
|
+
|
40
40
|
sign_in_as_user do
|
41
41
|
fill_in 'email', :with => ' foo@bar.com '
|
42
42
|
end
|
43
|
-
|
43
|
+
|
44
44
|
assert_not warden.authenticated?(:user)
|
45
45
|
end
|
46
46
|
end
|
@@ -53,12 +53,14 @@ class DatabaseAuthenticationTest < ActionController::IntegrationTest
|
|
53
53
|
end
|
54
54
|
|
55
55
|
test 'sign in with invalid email should return to sign in form with error message' do
|
56
|
-
|
57
|
-
|
58
|
-
|
56
|
+
store_translations :en, :devise => { :failure => { :admin => { :not_found_in_database => 'Invalid email address' } } } do
|
57
|
+
sign_in_as_admin do
|
58
|
+
fill_in 'email', :with => 'wrongemail@test.com'
|
59
|
+
end
|
59
60
|
|
60
|
-
|
61
|
-
|
61
|
+
assert_contain 'Invalid email address'
|
62
|
+
assert_not warden.authenticated?(:admin)
|
63
|
+
end
|
62
64
|
end
|
63
65
|
|
64
66
|
test 'sign in with invalid pasword should return to sign in form with error message' do
|
@@ -79,4 +81,4 @@ class DatabaseAuthenticationTest < ActionController::IntegrationTest
|
|
79
81
|
assert_contain 'Invalid credentials'
|
80
82
|
end
|
81
83
|
end
|
82
|
-
end
|
84
|
+
end
|
@@ -4,7 +4,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
4
4
|
test 'handles unverified requests gets rid of caches but continues signed in' do
|
5
5
|
swap UsersController, :allow_forgery_protection => true do
|
6
6
|
create_user
|
7
|
-
post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:
|
7
|
+
post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
|
8
8
|
assert warden.authenticated?(:user)
|
9
9
|
assert_equal "User is authenticated", response.body
|
10
10
|
end
|
@@ -82,7 +82,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
82
82
|
|
83
83
|
private
|
84
84
|
|
85
|
-
def sign_in_as_new_user_with_http(username="user@test.com", password="
|
85
|
+
def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
|
86
86
|
user = create_user
|
87
87
|
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
|
88
88
|
user
|
@@ -91,7 +91,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
|
|
91
91
|
# Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
|
92
92
|
def add_oauth2_header
|
93
93
|
user = create_user
|
94
|
-
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:
|
94
|
+
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
|
95
95
|
end
|
96
96
|
|
97
97
|
end
|
@@ -221,4 +221,22 @@ class LockTest < ActionController::IntegrationTest
|
|
221
221
|
end
|
222
222
|
end
|
223
223
|
|
224
|
+
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
|
225
|
+
swap Devise, :paranoid => true, :maximum_attempts => 1 do
|
226
|
+
user = create_user(:locked => false)
|
227
|
+
|
228
|
+
visit new_user_session_path
|
229
|
+
fill_in 'email', :with => user.email
|
230
|
+
fill_in 'password', :with => "abadpassword"
|
231
|
+
click_button 'Sign in'
|
232
|
+
|
233
|
+
fill_in 'email', :with => user.email
|
234
|
+
fill_in 'password', :with => "abadpassword"
|
235
|
+
click_button 'Sign in'
|
236
|
+
|
237
|
+
assert_current_url "/users/sign_in"
|
238
|
+
assert_not_contain "locked"
|
239
|
+
end
|
240
|
+
end
|
241
|
+
|
224
242
|
end
|
@@ -61,8 +61,8 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
|
|
61
61
|
|
62
62
|
assert_difference "User.count" do
|
63
63
|
visit "/users/sign_up"
|
64
|
-
fill_in "Password", :with => "
|
65
|
-
fill_in "Password confirmation", :with => "
|
64
|
+
fill_in "Password", :with => "12345678"
|
65
|
+
fill_in "Password confirmation", :with => "12345678"
|
66
66
|
click_button "Sign up"
|
67
67
|
end
|
68
68
|
|
@@ -190,15 +190,52 @@ class PasswordTest < ActionController::IntegrationTest
|
|
190
190
|
assert warden.authenticated?(:user)
|
191
191
|
end
|
192
192
|
|
193
|
-
test 'does not sign in user automatically after changing its password if it\'s locked' do
|
194
|
-
|
193
|
+
test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
|
194
|
+
[:none, :time].each do |strategy|
|
195
|
+
swap Devise, :unlock_strategy => strategy do
|
196
|
+
user = create_user(:locked => true)
|
197
|
+
request_forgot_password
|
198
|
+
reset_password :reset_password_token => user.reload.reset_password_token
|
199
|
+
|
200
|
+
assert_contain 'Your password was changed successfully.'
|
201
|
+
assert_not_contain 'You are now signed in.'
|
202
|
+
assert_equal new_user_session_path, @request.path
|
203
|
+
assert !warden.authenticated?(:user)
|
204
|
+
end
|
205
|
+
end
|
206
|
+
end
|
207
|
+
|
208
|
+
test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do
|
209
|
+
swap Devise, :unlock_strategy => :email do
|
210
|
+
user = create_user(:locked => true)
|
211
|
+
request_forgot_password
|
212
|
+
reset_password :reset_password_token => user.reload.reset_password_token
|
213
|
+
|
214
|
+
assert_contain 'Your password was changed successfully.'
|
215
|
+
assert !user.reload.access_locked?
|
216
|
+
assert warden.authenticated?(:user)
|
217
|
+
end
|
218
|
+
end
|
219
|
+
|
220
|
+
test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do
|
221
|
+
swap Devise, :unlock_strategy => :both do
|
222
|
+
user = create_user(:locked => true)
|
223
|
+
request_forgot_password
|
224
|
+
reset_password :reset_password_token => user.reload.reset_password_token
|
225
|
+
|
226
|
+
assert_contain 'Your password was changed successfully.'
|
227
|
+
assert !user.reload.access_locked?
|
228
|
+
assert warden.authenticated?(:user)
|
229
|
+
end
|
230
|
+
end
|
231
|
+
|
232
|
+
test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
|
233
|
+
user = create_user(:confirm => false)
|
195
234
|
request_forgot_password
|
196
235
|
reset_password :reset_password_token => user.reload.reset_password_token
|
197
236
|
|
198
|
-
|
199
|
-
|
200
|
-
assert_equal new_user_session_path, @request.path
|
201
|
-
assert !warden.authenticated?(:user)
|
237
|
+
assert warden.authenticated?(:user)
|
238
|
+
assert user.reload.confirmed?
|
202
239
|
end
|
203
240
|
|
204
241
|
test 'reset password request with valid E-Mail in XML format should return valid response' do
|
@@ -144,7 +144,7 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
144
144
|
get edit_user_registration_path
|
145
145
|
|
146
146
|
fill_in 'email', :with => 'user.new@example.com'
|
147
|
-
fill_in 'current password', :with => '
|
147
|
+
fill_in 'current password', :with => '12345678'
|
148
148
|
click_button 'Update'
|
149
149
|
|
150
150
|
assert_current_url '/'
|
@@ -157,9 +157,9 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
157
157
|
sign_in_as_user
|
158
158
|
get edit_user_registration_path
|
159
159
|
|
160
|
-
fill_in 'password', :with => '
|
161
|
-
fill_in 'password confirmation', :with => '
|
162
|
-
fill_in 'current password', :with => '
|
160
|
+
fill_in 'password', :with => '1234567890'
|
161
|
+
fill_in 'password confirmation', :with => '1234567890'
|
162
|
+
fill_in 'current password', :with => '12345678'
|
163
163
|
click_button 'Update'
|
164
164
|
|
165
165
|
assert_contain 'You updated your account successfully.'
|
@@ -186,15 +186,15 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
186
186
|
sign_in_as_user
|
187
187
|
get edit_user_registration_path
|
188
188
|
|
189
|
-
fill_in 'password', :with => '
|
190
|
-
fill_in 'password confirmation', :with => '
|
191
|
-
fill_in 'current password', :with => '
|
189
|
+
fill_in 'password', :with => 'pass1234'
|
190
|
+
fill_in 'password confirmation', :with => 'pass1234'
|
191
|
+
fill_in 'current password', :with => '12345678'
|
192
192
|
click_button 'Update'
|
193
193
|
|
194
194
|
assert_current_url '/'
|
195
195
|
assert_contain 'You updated your account successfully.'
|
196
196
|
|
197
|
-
assert User.first.valid_password?('
|
197
|
+
assert User.first.valid_password?('pass1234')
|
198
198
|
end
|
199
199
|
|
200
200
|
test 'a signed in user should not be able to edit his password with invalid confirmation' do
|
@@ -203,7 +203,7 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
203
203
|
|
204
204
|
fill_in 'password', :with => 'pas123'
|
205
205
|
fill_in 'password confirmation', :with => ''
|
206
|
-
fill_in 'current password', :with => '
|
206
|
+
fill_in 'current password', :with => '12345678'
|
207
207
|
click_button 'Update'
|
208
208
|
|
209
209
|
assert_contain "Password doesn't match confirmation"
|
@@ -272,7 +272,7 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
272
272
|
|
273
273
|
test 'a user update information with valid data in XML format should return valid response' do
|
274
274
|
user = sign_in_as_user
|
275
|
-
put user_registration_path(:format => 'xml'), :user => { :current_password => '
|
275
|
+
put user_registration_path(:format => 'xml'), :user => { :current_password => '12345678', :email => 'user.new@test.com' }
|
276
276
|
assert_response :success
|
277
277
|
assert_equal user.reload.email, 'user.new@test.com'
|
278
278
|
end
|
@@ -303,8 +303,10 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest
|
|
303
303
|
|
304
304
|
assert_current_url '/admin_area/home'
|
305
305
|
assert_contain 'but we need to verify your new email address'
|
306
|
+
assert_equal 'admin.new@example.com', Admin.first.unconfirmed_email
|
306
307
|
|
307
|
-
|
308
|
+
get edit_admin_registration_path
|
309
|
+
assert_contain 'Currently waiting confirmation for: admin.new@example.com'
|
308
310
|
end
|
309
311
|
|
310
312
|
test 'a signed in admin should not see a reconfirmation message if they did not change their password' do
|
@@ -321,4 +323,25 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest
|
|
321
323
|
|
322
324
|
assert Admin.first.valid_password?('pas123')
|
323
325
|
end
|
326
|
+
|
327
|
+
test 'a signed in admin should not see a reconfirmation message if he did not change his email, despite having an unconfirmed email' do
|
328
|
+
sign_in_as_admin
|
329
|
+
|
330
|
+
get edit_admin_registration_path
|
331
|
+
fill_in 'email', :with => 'admin.new@example.com'
|
332
|
+
fill_in 'current password', :with => '123456'
|
333
|
+
click_button 'Update'
|
334
|
+
|
335
|
+
get edit_admin_registration_path
|
336
|
+
fill_in 'password', :with => 'pas123'
|
337
|
+
fill_in 'password confirmation', :with => 'pas123'
|
338
|
+
fill_in 'current password', :with => '123456'
|
339
|
+
click_button 'Update'
|
340
|
+
|
341
|
+
assert_current_url '/admin_area/home'
|
342
|
+
assert_contain 'You updated your account successfully.'
|
343
|
+
|
344
|
+
assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
|
345
|
+
assert Admin.first.valid_password?('pas123')
|
346
|
+
end
|
324
347
|
end
|
@@ -50,6 +50,13 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
|
|
50
50
|
assert_equal ['test@example.com'], mail.reply_to
|
51
51
|
end
|
52
52
|
|
53
|
+
test 'setup reply to as different if set in defaults' do
|
54
|
+
Devise.mailer = 'Users::ReplyToMailer'
|
55
|
+
assert_equal ['custom@example.com'], mail.from
|
56
|
+
assert_equal ['custom_reply_to@example.com'], mail.reply_to
|
57
|
+
end
|
58
|
+
|
59
|
+
|
53
60
|
test 'setup subject from I18n' do
|
54
61
|
store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :subject => 'Account Confirmation' } } } do
|
55
62
|
assert_equal 'Account Confirmation', mail.subject
|
@@ -4,10 +4,4 @@ class AuthenticatableTest < ActiveSupport::TestCase
|
|
4
4
|
test 'required_fields should be an empty array' do
|
5
5
|
assert_equal Devise::Models::Validatable.required_fields(User), []
|
6
6
|
end
|
7
|
-
|
8
|
-
test 'find_first_by_auth_conditions allows custom filtering parameters' do
|
9
|
-
user = User.create!(:email => "example@example.com", :password => "123456")
|
10
|
-
assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user
|
11
|
-
assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id + 1), nil
|
12
|
-
end
|
13
|
-
end
|
7
|
+
end
|
@@ -235,6 +235,40 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
235
235
|
assert_equal "can't be blank", confirm_user.errors[:username].join
|
236
236
|
end
|
237
237
|
end
|
238
|
+
|
239
|
+
def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at)
|
240
|
+
user = create_user
|
241
|
+
user.update_attribute(:confirmation_sent_at, confirmation_sent_at)
|
242
|
+
confirmed_user = User.confirm_by_token(user.confirmation_token)
|
243
|
+
assert_equal confirmed_user, user
|
244
|
+
user.reload.confirmed?
|
245
|
+
end
|
246
|
+
|
247
|
+
test 'should accept confirmation email token even after 5 years when no expiration is set' do
|
248
|
+
assert confirm_user_by_token_with_confirmation_sent_at(5.years.ago)
|
249
|
+
end
|
250
|
+
|
251
|
+
test 'should accept confirmation email token after 2 days when expiration is set to 3 days' do
|
252
|
+
swap Devise, :confirm_within => 3.days do
|
253
|
+
assert confirm_user_by_token_with_confirmation_sent_at(2.days.ago)
|
254
|
+
end
|
255
|
+
end
|
256
|
+
|
257
|
+
test 'should not accept confirmation email token after 4 days when expiration is set to 3 days' do
|
258
|
+
swap Devise, :confirm_within => 3.days do
|
259
|
+
assert_not confirm_user_by_token_with_confirmation_sent_at(4.days.ago)
|
260
|
+
end
|
261
|
+
end
|
262
|
+
|
263
|
+
test 'should generate a new token if the previous one has expired' do
|
264
|
+
swap Devise, :confirm_within => 3.days do
|
265
|
+
user = create_user
|
266
|
+
user.update_attribute(:confirmation_sent_at, 4.days.ago)
|
267
|
+
old = user.confirmation_token
|
268
|
+
user.resend_confirmation_token
|
269
|
+
assert_not_equal user.confirmation_token, old
|
270
|
+
end
|
271
|
+
end
|
238
272
|
end
|
239
273
|
|
240
274
|
class ReconfirmableTest < ActiveSupport::TestCase
|
@@ -260,7 +294,6 @@ class ReconfirmableTest < ActiveSupport::TestCase
|
|
260
294
|
assert_nil admin.confirmation_token
|
261
295
|
end
|
262
296
|
|
263
|
-
|
264
297
|
test 'should regenerate confirmation token after changing email' do
|
265
298
|
admin = create_admin
|
266
299
|
assert admin.confirm!
|
@@ -276,6 +309,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
|
|
276
309
|
assert_email_sent "new_test@example.com" do
|
277
310
|
assert admin.update_attributes(:email => 'new_test@example.com')
|
278
311
|
end
|
312
|
+
assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded
|
279
313
|
end
|
280
314
|
|
281
315
|
test 'should not send confirmation by email after changing password' do
|