devise 3.0.0 → 4.8.0

data/test/controllers/custom_strategy_test.rb

@@ -1,62 +0,0 @@
-require 'test_helper'
-require 'ostruct'
-require 'warden/strategies/base'
-require 'devise/test_helpers'
-
-class CustomStrategyController < ActionController::Base
-  def new
-    warden.authenticate!(:custom_strategy)
-  end
-end
-
-# These tests are to prove that a warden strategy can successfully
-# return a custom response, including a specific status code and
-# custom http response headers. This does work in production,
-# however, at the time of writing this, the Devise test helpers do
-# not recognise the custom response and proceed to calling the
-# Failure App. This makes it impossible to write tests for a
-# strategy that return a custom response with Devise.
-class CustomStrategy < Warden::Strategies::Base
-  def authenticate!
-    custom_headers = { "X-FOO" => "BAR" }
-    response = Rack::Response.new("BAD REQUEST", 400, custom_headers)
-    custom! response.finish
-  end
-end
-
-class CustomStrategyTest < ActionController::TestCase
-  tests CustomStrategyController
-
-  include Devise::TestHelpers
-
-  setup do
-    Warden::Strategies.add(:custom_strategy, CustomStrategy)
-  end
-
-  teardown do
-    Warden::Strategies._strategies.delete(:custom_strategy)
-  end
-
-  test "custom strategy can return its own status code" do
-    ret = get :new
-
-    # check the returned rack array
-    assert ret.is_a?(Array)
-    assert_equal 400, ret.first
-
-    # check the saved response as well. This is purely so that the response is available to the testing framework
-    # for verification. In production, the above array would be delivered directly to Rack.
-    assert_response 400
-  end
-
-  test "custom strategy can return custom headers" do
-    ret = get :new
-
-    # check the returned rack array
-    assert ret.is_a?(Array)
-    assert_equal ret.third['X-FOO'], 'BAR'
-
-    # check the saved response headers as well.
-    assert_equal response.headers['X-FOO'], 'BAR'
-  end
-end

data/test/controllers/helpers_test.rb

@@ -1,253 +0,0 @@
-require 'test_helper'
-require 'ostruct'
-
-class ControllerAuthenticatableTest < ActionController::TestCase
-  tests ApplicationController
-
-  def setup
-    @mock_warden = OpenStruct.new
-    @controller.request.env['warden'] = @mock_warden
-  end
-
-  test 'provide access to warden instance' do
-    assert_equal @mock_warden, @controller.warden
-  end
-
-  test 'proxy signed_in?(scope) to authenticate?' do
-    @mock_warden.expects(:authenticate?).with(:scope => :my_scope)
-    @controller.signed_in?(:my_scope)
-  end
-
-  test 'proxy signed_in?(nil) to authenticate?' do
-    Devise.mappings.keys.each do |scope| # :user, :admin, :manager
-      @mock_warden.expects(:authenticate?).with(:scope => scope)
-    end
-    @controller.signed_in?
-  end
-
-  test 'proxy current_user to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user)
-    @controller.current_user
-  end
-
-  test 'proxy current_admin to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
-    @controller.current_admin
-  end
-
-  test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
-    @controller.current_publisher_account
-  end
-
-  test 'proxy authenticate_user! to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user)
-    @controller.authenticate_user!
-  end
-
-  test 'proxy authenticate_user! options to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo")
-    @controller.authenticate_user!(:recall => "foo")
-  end
-
-  test 'proxy authenticate_admin! to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :admin)
-    @controller.authenticate_admin!
-  end
-
-  test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :publisher_account)
-    @controller.authenticate_publisher_account!
-  end
-
-  test 'proxy user_signed_in? to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns("user")
-    assert @controller.user_signed_in?
-  end
-
-  test 'proxy admin_signed_in? to authenticatewith admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
-    assert_not @controller.admin_signed_in?
-  end
-
-  test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
-    @controller.publisher_account_signed_in?
-  end
-
-  test 'proxy user_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
-    @mock_warden.expects(:session).with(:user).returns({})
-    @controller.user_session
-  end
-
-  test 'proxy admin_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
-    @mock_warden.expects(:session).with(:admin).returns({})
-    @controller.admin_session
-  end
-
-  test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true)
-    @mock_warden.expects(:session).with(:publisher_account).returns({})
-    @controller.publisher_account_session
-  end
-
-  test 'sign in proxy to set_user on warden' do
-    user = User.new
-    @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
-    @controller.sign_in(:user, user)
-  end
-
-  test 'sign in accepts a resource as argument' do
-    user = User.new
-    @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
-    @controller.sign_in(user)
-  end
-
-  test 'does not sign in again if the user is already in' do
-    user = User.new
-    @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).never
-    assert @controller.sign_in(user)
-  end
-
-  test 'sign in again when the user is already in only if force is given' do
-    user = User.new
-    @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
-    @controller.sign_in(user, :force => true)
-  end
-
-  test 'sign in accepts bypass as option' do
-    user = User.new
-    @mock_warden.expects(:session_serializer).returns(serializer = mock())
-    serializer.expects(:store).with(user, :user)
-    @controller.sign_in(user, :bypass => true)
-  end
-
-  test 'sign out clears up any signed in user from all scopes' do
-    user = User.new
-    @mock_warden.expects(:user).times(Devise.mappings.size)
-    @mock_warden.expects(:logout).with().returns(true)
-    @controller.instance_variable_set(:@current_user, user)
-    @controller.instance_variable_set(:@current_admin, user)
-    @controller.sign_out
-    assert_equal nil, @controller.instance_variable_get(:@current_user)
-    assert_equal nil, @controller.instance_variable_get(:@current_admin)
-  end
-
-  test 'sign out logs out and clears up any signed in user by scope' do
-    user = User.new
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(user)
-    @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
-    @controller.instance_variable_set(:@current_user, user)
-    @controller.sign_out(:user)
-    assert_equal nil, @controller.instance_variable_get(:@current_user)
-  end
-
-  test 'sign out accepts a resource as argument' do
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(true)
-    @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
-    @controller.sign_out(User.new)
-  end
-
-  test 'sign out without args proxy to sign out all scopes' do
-    @mock_warden.expects(:user).times(Devise.mappings.size)
-    @mock_warden.expects(:logout).with().returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with().returns(true)
-    @controller.sign_out
-  end
-
-  test 'sign out everybody proxy to logout on warden' do
-    @mock_warden.expects(:user).times(Devise.mappings.size)
-    @mock_warden.expects(:logout).with().returns(true)
-    @controller.sign_out_all_scopes
-  end
-
-  test 'stored location for returns the location for a given scope' do
-    assert_nil @controller.stored_location_for(:user)
-    @controller.session[:"user_return_to"] = "/foo.bar"
-    assert_equal "/foo.bar", @controller.stored_location_for(:user)
-  end
-
-  test 'stored location for accepts a resource as argument' do
-    assert_nil @controller.stored_location_for(:user)
-    @controller.session[:"user_return_to"] = "/foo.bar"
-    assert_equal "/foo.bar", @controller.stored_location_for(User.new)
-  end
-
-  test 'stored location cleans information after reading' do
-    @controller.session[:"user_return_to"] = "/foo.bar"
-    assert_equal "/foo.bar", @controller.stored_location_for(:user)
-    assert_nil @controller.session[:"user_return_to"]
-  end
-
-  test 'after sign in path defaults to root path if none by was specified for the given scope' do
-    assert_equal root_path, @controller.after_sign_in_path_for(:user)
-  end
-
-  test 'after sign in path defaults to the scoped root path' do
-    assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
-  end
-
-  test 'after sign out path defaults to the root path' do
-    assert_equal root_path, @controller.after_sign_out_path_for(:admin)
-    assert_equal root_path, @controller.after_sign_out_path_for(:user)
-  end
-
-  test 'sign in and redirect uses the stored location' do
-    user = User.new
-    @controller.session[:"user_return_to"] = "/foo.bar"
-    @mock_warden.expects(:user).with(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
-    @controller.expects(:redirect_to).with("/foo.bar")
-    @controller.sign_in_and_redirect(user)
-  end
-
-  test 'sign in and redirect uses the configured after sign in path' do
-    admin = Admin.new
-    @mock_warden.expects(:user).with(:admin).returns(nil)
-    @mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
-    @controller.expects(:redirect_to).with(admin_root_path)
-    @controller.sign_in_and_redirect(admin)
-  end
-
-  test 'sign in and redirect does not sign in again if user is already signed' do
-    admin = Admin.new
-    @mock_warden.expects(:user).with(:admin).returns(admin)
-    @mock_warden.expects(:set_user).never
-    @controller.expects(:redirect_to).with(admin_root_path)
-    @controller.sign_in_and_redirect(admin)
-  end
-
-  test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
-    swap Devise, :sign_out_all_scopes => false do
-      @mock_warden.expects(:user).with(:scope => :admin, :run_callbacks => false).returns(true)
-      @mock_warden.expects(:logout).with(:admin).returns(true)
-      @mock_warden.expects(:clear_strategies_cache!).with(:scope => :admin).returns(true)
-      @controller.expects(:redirect_to).with(admin_root_path)
-      @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
-      @controller.sign_out_and_redirect(:admin)
-    end
-  end
-
-  test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
-    swap Devise, :sign_out_all_scopes => true do
-      @mock_warden.expects(:user).times(Devise.mappings.size)
-      @mock_warden.expects(:logout).with().returns(true)
-      @mock_warden.expects(:clear_strategies_cache!).with().returns(true)
-      @controller.expects(:redirect_to).with(admin_root_path)
-      @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
-      @controller.sign_out_and_redirect(:admin)
-    end
-  end
-
-  test 'is not a devise controller' do
-    assert_not @controller.devise_controller?
-  end
-end

data/test/controllers/internal_helpers_test.rb

@@ -1,120 +0,0 @@
-require 'test_helper'
-
-class MyController < DeviseController
-end
-
-class HelpersTest < ActionController::TestCase
-  tests MyController
-
-  def setup
-    @mock_warden = OpenStruct.new
-    @controller.request.env['warden'] = @mock_warden
-    @controller.request.env['devise.mapping'] = Devise.mappings[:user]
-  end
-
-  test 'get resource name from env' do
-    assert_equal :user, @controller.resource_name
-  end
-
-  test 'get resource class from env' do
-    assert_equal User, @controller.resource_class
-  end
-
-  test 'get resource instance variable from env' do
-    @controller.instance_variable_set(:@user, user = User.new)
-    assert_equal user, @controller.resource
-  end
-
-  test 'set resource instance variable from env' do
-    user = @controller.send(:resource_class).new
-    @controller.send(:resource=, user)
-
-    assert_equal user, @controller.send(:resource)
-    assert_equal user, @controller.instance_variable_get(:@user)
-  end
-
-  test 'get resource params from request params using resource name as key' do
-    user_params = {'email' => 'shirley@templar.com'}
-
-    params = if Devise.rails4?
-      # Stub controller name so strong parameters can filter properly.
-      # DeviseController does not allow any parameters by default.
-      @controller.stubs(:controller_name).returns(:sessions_controller)
-
-      ActionController::Parameters.new({'user' => user_params})
-    else
-      HashWithIndifferentAccess.new({'user' => user_params})
-    end
-    @controller.stubs(:params).returns(params)
-
-    assert_equal user_params, @controller.send(:resource_params)
-  end
-
-  test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.empty?
-  end
-
-  test 'require no authentication tests current mapping' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :token_authenticatable, :scope => :user).returns(true)
-    @mock_warden.expects(:user).with(:user).returns(User.new)
-    @controller.expects(:redirect_to).with(root_path)
-    @controller.send :require_no_authentication
-  end
-
-  test 'require no authentication only checks if already authenticated if no inputs strategies are available' do
-    Devise.mappings[:user].expects(:no_input_strategies).returns([])
-    @mock_warden.expects(:authenticate?).never
-    @mock_warden.expects(:authenticated?).with(:user).once.returns(true)
-    @mock_warden.expects(:user).with(:user).returns(User.new)
-    @controller.expects(:redirect_to).with(root_path)
-    @controller.send :require_no_authentication
-  end
-
-  test 'require no authentication sets a flash message' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :token_authenticatable, :scope => :user).returns(true)
-    @mock_warden.expects(:user).with(:user).returns(User.new)
-    @controller.expects(:redirect_to).with(root_path)
-    @controller.send :require_no_authentication
-    assert flash[:alert] == I18n.t("devise.failure.already_authenticated")
-  end
-
-  test 'signed in resource returns signed in resource for current scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(User.new)
-    assert_kind_of User, @controller.signed_in_resource
-  end
-
-  test 'is a devise controller' do
-    assert @controller.devise_controller?
-  end
-
-  test 'does not issue blank flash messages' do
-    I18n.stubs(:t).returns('   ')
-    @controller.send :set_flash_message, :notice, :send_instructions
-    assert flash[:notice].nil?
-  end
-
-  test 'issues non-blank flash messages normally' do
-    I18n.stubs(:t).returns('non-blank')
-    @controller.send :set_flash_message, :notice, :send_instructions
-    assert_equal 'non-blank', flash[:notice]
-  end
-
-  test 'uses custom i18n options' do
-    @controller.stubs(:devise_i18n_options).returns(:default => "devise custom options")
-    @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions
-    assert_equal 'devise custom options', flash[:notice]
-  end
-
-  test 'allows custom i18n options to override resource_name' do
-    I18n.expects(:t).with("custom_resource_name.confirmed", anything)
-    @controller.stubs(:devise_i18n_options).returns(:resource_name => "custom_resource_name")
-    @controller.send :set_flash_message, :notice, :confirmed
-  end
-
-  test 'navigational_formats not returning a wild card' do
-    MyController.send(:public, :navigational_formats)
-    Devise.navigational_formats = [:"*/*", :html]
-    assert_not @controller.navigational_formats.include?(:"*/*")
-    MyController.send(:protected, :navigational_formats)
-  end
-end

data/test/controllers/passwords_controller_test.rb

@@ -1,32 +0,0 @@
-require 'test_helper'
-
-class PasswordsControllerTest < ActionController::TestCase
-  tests Devise::PasswordsController
-  include Devise::TestHelpers
-
-  def setup
-    request.env["devise.mapping"] = Devise.mappings[:user]
-
-    @user = create_user
-    @user.send_reset_password_instructions
-  end
-
-  def put_update_with_params
-    put :update, "user" => {
-      "reset_password_token" => @user.reset_password_token, "password" => "123456", "password_confirmation" => "123456"
-    }
-  end
-
-  test 'redirect to after_sign_in_path_for if after_resetting_password_path_for is not overridden' do
-    put_update_with_params
-    assert_redirected_to "http://test.host/"
-  end
-
-  test 'redirect accordingly if after_resetting_password_path_for is overridden' do
-    custom_path = "http://custom.path/"
-    Devise::PasswordsController.any_instance.stubs(:after_resetting_password_path_for).with(@user).returns(custom_path)
-
-    put_update_with_params
-    assert_redirected_to custom_path
-  end
-end

data/test/controllers/sessions_controller_test.rb

@@ -1,99 +0,0 @@
-require 'test_helper'
-
-class SessionsControllerTest < ActionController::TestCase
-  tests Devise::SessionsController
-  include Devise::TestHelpers
-
-  test "#create doesn't raise unpermitted params when sign in fails" do
-    ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload|
-      flunk "Unpermitted params: #{payload}"
-    end
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    request.session["user_return_to"] = 'foo.bar'
-    user = create_user
-    post :create, :user => {
-      :email => "wrong@email.com",
-      :password => "wrongpassword"
-    }
-    assert_equal 200, @response.status
-  end
-
-  test "#create works even with scoped views" do
-    swap Devise, :scoped_views => true do
-      request.env["devise.mapping"] = Devise.mappings[:user]
-      post :create
-      assert_equal 200, @response.status
-      assert_template "users/sessions/new"
-    end
-  end
-
-  test "#create delete the url stored in the session if the requested format is navigational" do
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    request.session["user_return_to"] = 'foo.bar'
-
-    user = create_user
-    user.confirm!
-    post :create, :user => {
-      :email => user.email,
-      :password => user.password
-    }
-
-    assert_nil request.session["user_return_to"]
-  end
-
-  test "#create doesn't delete the url stored in the session if the requested format is not navigational" do
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    request.session["user_return_to"] = 'foo.bar'
-
-    user = create_user
-    user.confirm!
-    post :create, :format => 'json', :user => {
-      :email => user.email,
-      :password => user.password
-    }
-
-    assert_equal 'foo.bar', request.session["user_return_to"]
-  end
-
-  test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    post :create, :user => {
-      :email => "nosuchuser@example.com",
-      :password => "wevdude"
-    }
-    assert_equal 200, @response.status
-    assert_template "devise/sessions/new"
-  end
-
-  test "#destroy doesn't set the flash if the requested format is not navigational" do
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    user = create_user
-    user.confirm!
-    post :create, :format => 'json', :user => {
-      :email => user.email,
-      :password => user.password
-    }
-
-    delete :destroy, :format => 'json'
-    assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
-    assert_equal 204, @response.status
-  end
-
-  if defined?(ActiveRecord) && ActiveRecord::Base.respond_to?(:mass_assignment_sanitizer)
-    test "#new doesn't raise mass-assignment exception even if sign-in key is attr_protected" do
-      request.env["devise.mapping"] = Devise.mappings[:user]
-
-      ActiveRecord::Base.mass_assignment_sanitizer = :strict
-      User.class_eval { attr_protected :email }
-
-      begin
-        assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do
-          get :new, :user => { :email => "allez viens!" }
-        end
-      ensure
-        ActiveRecord::Base.mass_assignment_sanitizer = :logger
-        User.class_eval { attr_accessible :email }
-      end
-    end
-  end
-end

data/test/controllers/url_helpers_test.rb

@@ -1,59 +0,0 @@
-require 'test_helper'
-
-class RoutesTest < ActionController::TestCase
-  tests ApplicationController
-
-  def assert_path_and_url(name, prepend_path=nil)
-    @request.path = '/users/session'
-    prepend_path = "#{prepend_path}_" if prepend_path
-
-    # Resource param
-    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user),
-                 send(:"#{prepend_path}user_#{name}_path")
-    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user),
-                 send(:"#{prepend_path}user_#{name}_url")
-
-    # Default url params
-    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, :param => 123),
-                 send(:"#{prepend_path}user_#{name}_path", :param => 123)
-    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, :param => 123),
-                 send(:"#{prepend_path}user_#{name}_url", :param => 123)
-
-    @request.path = nil
-    # With an object
-    assert_equal @controller.send(:"#{prepend_path}#{name}_path", User.new),
-                 send(:"#{prepend_path}user_#{name}_path")
-    assert_equal @controller.send(:"#{prepend_path}#{name}_url", User.new),
-                 send(:"#{prepend_path}user_#{name}_url")
-  end
-
-
-  test 'should alias session to mapped user session' do
-    assert_path_and_url :session
-    assert_path_and_url :session, :new
-    assert_path_and_url :session, :destroy
-  end
-
-  test 'should alias password to mapped user password' do
-    assert_path_and_url :password
-    assert_path_and_url :password, :new
-    assert_path_and_url :password, :edit
-  end
-
-  test 'should alias confirmation to mapped user confirmation' do
-    assert_path_and_url :confirmation
-    assert_path_and_url :confirmation, :new
-  end
-
-  test 'should alias unlock to mapped user unlock' do
-    assert_path_and_url :unlock
-    assert_path_and_url :unlock, :new
-  end
-
-  test 'should alias registration to mapped user registration' do
-    assert_path_and_url :registration
-    assert_path_and_url :registration, :new
-    assert_path_and_url :registration, :edit
-    assert_path_and_url :registration, :cancel
-  end
-end

data/test/delegator_test.rb

@@ -1,19 +0,0 @@
-require 'test_helper'
-
-class DelegatorTest < ActiveSupport::TestCase
-  def delegator
-    Devise::Delegator.new
-  end
-
-  test 'failure_app returns default failure app if no warden options in env' do
-    assert_equal Devise::FailureApp, delegator.failure_app({})
-  end
-
-  test 'failure_app returns default failure app if no scope in warden options' do
-    assert_equal Devise::FailureApp, delegator.failure_app({"warden.options" => {}})
-  end
-
-  test 'failure_app returns associated failure app by scope in the given environment' do
-    assert_kind_of Proc, delegator.failure_app({"warden.options" => {:scope => "manager"}})
-  end
-end