devise 3.0.0 → 4.8.0

data/test/models/serializable_test.rb

@@ -1,49 +0,0 @@
-require 'test_helper'
-
-class SerializableTest < ActiveSupport::TestCase
-  setup do
-    @user = create_user
-  end
-
-  test 'should not include unsafe keys on XML' do
-    assert_match(/email/, @user.to_xml)
-    assert_no_match(/confirmation-token/, @user.to_xml)
-  end
-
-  test 'should not include unsafe keys on XML even if a new except is provided' do
-    assert_no_match(/email/, @user.to_xml(:except => :email))
-    assert_no_match(/confirmation-token/, @user.to_xml(:except => :email))
-  end
-
-  test 'should include unsafe keys on XML if a force_except is provided' do
-    assert_no_match(/<email/, @user.to_xml(:force_except => :email))
-    assert_match(/confirmation-token/, @user.to_xml(:force_except => :email))
-  end
-
-  test 'should not include unsafe keys on JSON' do
-    keys = from_json().keys.select{ |key| !key.include?("id") }
-    assert_equal %w(created_at email facebook_token updated_at username), keys.sort
-  end
-
-  test 'should not include unsafe keys on JSON even if a new except is provided' do
-    assert_no_key "email", from_json(:except => :email)
-    assert_no_key "confirmation_token", from_json(:except => :email)
-  end
-
-  test 'should include unsafe keys on JSON if a force_except is provided' do
-    assert_no_key "email", from_json(:force_except => :email)
-    assert_key "confirmation_token", from_json(:force_except => :email)
-  end
-
-  def assert_key(key, subject)
-    assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}"
-  end
-
-  def assert_no_key(key, subject)
-    assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}"
-  end
-
-  def from_json(options=nil)
-    ActiveSupport::JSON.decode(@user.to_json(options))["user"]
-  end
-end

data/test/models/timeoutable_test.rb

@@ -1,46 +0,0 @@
-require 'test_helper'
-
-class TimeoutableTest < ActiveSupport::TestCase
-
-  test 'should be expired' do
-    assert new_user.timedout?(31.minutes.ago)
-  end
-
-  test 'should not be expired' do
-    assert_not new_user.timedout?(29.minutes.ago)
-  end
-
-  test 'should not be expired when params is nil' do
-    assert_not new_user.timedout?(nil)
-  end
-
-  test 'should use timeout_in method' do
-    user = new_user
-    user.instance_eval { def timeout_in; 10.minutes end }
-
-    assert user.timedout?(12.minutes.ago)
-    assert_not user.timedout?(8.minutes.ago)
-  end
-
-  test 'should not be expired when timeout_in method returns nil' do
-    user = new_user
-    user.instance_eval { def timeout_in; nil end }
-    assert_not user.timedout?(10.hours.ago)
-  end
-
-  test 'fallback to Devise config option' do
-    swap Devise, :timeout_in => 1.minute do
-      user = new_user
-      assert user.timedout?(2.minutes.ago)
-      assert_not user.timedout?(30.seconds.ago)
-
-      Devise.timeout_in = 5.minutes
-      assert_not user.timedout?(2.minutes.ago)
-      assert user.timedout?(6.minutes.ago)
-    end
-  end
-
-  test 'required_fields should contain the fields that Devise uses' do
-    assert_same_content Devise::Models::Timeoutable.required_fields(User), []
-  end
-end

data/test/models/token_authenticatable_test.rb

@@ -1,55 +0,0 @@
-require 'test_helper'
-
-class TokenAuthenticatableTest < ActiveSupport::TestCase
-
-  test 'should reset authentication token' do
-    user = new_user
-    user.reset_authentication_token
-    previous_token = user.authentication_token
-    user.reset_authentication_token
-    assert_not_equal previous_token, user.authentication_token
-  end
-
-  test 'should ensure authentication token' do
-    user = new_user
-    user.ensure_authentication_token
-    previous_token = user.authentication_token
-    user.ensure_authentication_token
-    assert_equal previous_token, user.authentication_token
-  end
-
-  test 'should authenticate a valid user with authentication token and return it' do
-    user = create_user
-    user.ensure_authentication_token!
-    user.confirm!
-    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)
-    assert_equal authenticated_user, user
-  end
-
-  test 'should return nil when authenticating an invalid user by authentication token' do
-    user = create_user
-    user.ensure_authentication_token!
-    user.confirm!
-    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)
-    assert_nil authenticated_user
-  end
-
-  test 'should not be subject to injection' do
-    user1 = create_user
-    user1.ensure_authentication_token!
-    user1.confirm!
-
-    user2 = create_user
-    user2.ensure_authentication_token!
-    user2.confirm!
-
-    user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})
-    assert_nil user
-  end
-
-  test 'required_fields should contain the fields that Devise uses' do
-    assert_same_content Devise::Models::TokenAuthenticatable.required_fields(User), [
-      :authentication_token
-    ]
-  end
-end

data/test/models/trackable_test.rb

@@ -1,13 +0,0 @@
-require 'test_helper'
-
-class TrackableTest < ActiveSupport::TestCase
-  test 'required_fields should contain the fields that Devise uses' do
-    assert_same_content Devise::Models::Trackable.required_fields(User), [
-      :current_sign_in_at,
-      :current_sign_in_ip,
-      :last_sign_in_at,
-      :last_sign_in_ip,
-      :sign_in_count
-    ]
-  end
-end

data/test/models/validatable_test.rb

@@ -1,127 +0,0 @@
-# encoding: UTF-8
-require 'test_helper'
-
-class ValidatableTest < ActiveSupport::TestCase
-  test 'should require email to be set' do
-    user = new_user(:email => nil)
-    assert user.invalid?
-    assert user.errors[:email]
-    assert_equal 'can\'t be blank', user.errors[:email].join
-  end
-
-  test 'should require uniqueness of email if email has changed, allowing blank' do
-    existing_user = create_user
-
-    user = new_user(:email => '')
-    assert user.invalid?
-    assert_no_match(/taken/, user.errors[:email].join)
-
-    user.email = existing_user.email
-    assert user.invalid?
-    assert_match(/taken/, user.errors[:email].join)
-
-    user.save(:validate => false)
-    assert user.valid?
-  end
-
-  test 'should require correct email format if email has changed, allowing blank' do
-    user = new_user(:email => '')
-    assert user.invalid?
-    assert_not_equal 'is invalid', user.errors[:email].join
-
-    %w{invalid_email_format 123 $$$ () ☃ bla@bla.}.each do |email|
-      user.email = email
-      assert user.invalid?, 'should be invalid with email ' << email
-      assert_equal 'is invalid', user.errors[:email].join
-    end
-
-    user.save(:validate => false)
-    assert user.valid?
-  end
-
-  test 'should accept valid emails' do
-    %w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test 1☃3@mail.test).each do |email|
-      user = new_user(:email => email)
-      assert user.valid?, 'should be valid with email ' << email
-      assert_blank user.errors[:email]
-    end
-  end
-
-  test 'should require password to be set when creating a new record' do
-    user = new_user(:password => '', :password_confirmation => '')
-    assert user.invalid?
-    assert_equal 'can\'t be blank', user.errors[:password].join
-  end
-
-  test 'should require confirmation to be set when creating a new record' do
-    user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
-    assert user.invalid?
-
-    if Devise.rails4?
-      assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
-    else
-      assert_equal 'doesn\'t match confirmation', user.errors[:password].join
-    end
-  end
-
-  test 'should require password when updating/resetting password' do
-    user = create_user
-
-    user.password = ''
-    user.password_confirmation = ''
-
-    assert user.invalid?
-    assert_equal 'can\'t be blank', user.errors[:password].join
-  end
-
-  test 'should require confirmation when updating/resetting password' do
-    user = create_user
-    user.password_confirmation = 'another_password'
-    assert user.invalid?
-
-    if Devise.rails4?
-      assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
-    else
-      assert_equal 'doesn\'t match confirmation', user.errors[:password].join
-    end
-  end
-
-  test 'should require a password with minimum of 6 characters' do
-    user = new_user(:password => '12345', :password_confirmation => '12345')
-    assert user.invalid?
-    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
-  end
-
-  test 'should require a password with maximum of 128 characters long' do
-    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
-    assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
-  end
-
-  test 'should not require password length when it\'s not changed' do
-    user = create_user.reload
-    user.password = user.password_confirmation = nil
-    assert user.valid?
-
-    user.password_confirmation = 'confirmation'
-    assert user.invalid?
-    assert_not (user.errors[:password].join =~ /is too long/)
-  end
-
-  test 'should complain about length even if password is not required' do
-    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
-    user.stubs(:password_required?).returns(false)
-    assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
-  end
-
-  test 'should not be included in objects with invalid API' do
-    assert_raise RuntimeError do
-      Class.new.send :include, Devise::Models::Validatable
-    end
-  end
-
-  test 'required_fields should be an empty array' do
-    assert_equal Devise::Models::Validatable.required_fields(User), []
-  end
-end

data/test/models_test.rb

@@ -1,163 +0,0 @@
-require 'test_helper'
-require 'test_models'
-
-class ActiveRecordTest < ActiveSupport::TestCase
-  def include_module?(klass, mod)
-    klass.devise_modules.include?(mod) &&
-      klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
-  end
-
-  def assert_include_modules(klass, *modules)
-    modules.each do |mod|
-      assert include_module?(klass, mod)
-    end
-
-    (Devise::ALL - modules).each do |mod|
-      assert_not include_module?(klass, mod)
-    end
-  end
-
-  test 'can cherry pick modules' do
-    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :confirmable
-  end
-
-  test 'validations options are not applied too late' do
-    validators = WithValidation.validators_on :password
-    length = validators.find { |v| v.kind == :length }
-    assert_equal 2, length.options[:minimum]
-    assert_equal 6, length.options[:maximum]
-  end
-
-  test 'validations are applied just once' do
-    validators = Several.validators_on :password
-    assert_equal 1, validators.select{ |v| v.kind == :length }.length
-  end
-
-  test 'chosen modules are inheritable' do
-    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :confirmable
-  end
-
-  test 'order of module inclusion' do
-    correct_module_order   = [:database_authenticatable, :recoverable, :registerable, :confirmable, :lockable, :timeoutable]
-    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :confirmable]
-
-    assert_include_modules Admin, *incorrect_module_order
-
-    # get module constants from symbol list
-    module_constants = correct_module_order.collect { |mod| Devise::Models::const_get(mod.to_s.classify) }
-
-    # confirm that they adhere to the order in ALL
-    # get included modules, filter out the noise, and reverse the order
-    assert_equal module_constants, (Admin.included_modules & module_constants).reverse
-  end
-
-  test 'raise error on invalid module' do
-    assert_raise NameError do
-      # Mix valid an invalid modules.
-      Configurable.class_eval { devise :database_authenticatable, :doesnotexit }
-    end
-  end
-
-  test 'set a default value for stretches' do
-    assert_equal 15, Configurable.stretches
-  end
-
-  test 'set a default value for pepper' do
-    assert_equal 'abcdef', Configurable.pepper
-  end
-
-  test 'set a default value for allow_unconfirmed_access_for' do
-    assert_equal 5.days, Configurable.allow_unconfirmed_access_for
-  end
-
-  test 'set a default value for remember_for' do
-    assert_equal 7.days, Configurable.remember_for
-  end
-
-  test 'set a default value for timeout_in' do
-    assert_equal 15.minutes, Configurable.timeout_in
-  end
-
-  test 'set a default value for unlock_in' do
-    assert_equal 10.days, Configurable.unlock_in
-  end
-
-  test 'set null fields on migrations' do
-    # Ignore email sending since no email exists.
-    klass = Class.new(Admin) do
-      def send_devise_notification(*); end
-    end
-
-    klass.create!
-  end
-end
-
-class CheckFieldsTest < ActiveSupport::TestCase
-  test 'checks if the class respond_to the required fields' do
-    Player = Class.new do
-      extend Devise::Models
-
-      def self.before_validation(instance)
-      end
-
-      devise :database_authenticatable
-
-      attr_accessor :encrypted_password, :email
-    end
-
-    assert_nothing_raised Devise::Models::MissingAttribute do
-      Devise::Models.check_fields!(Player)
-    end
-  end
-
-  test 'raises Devise::Models::MissingAtrribute and shows the missing attribute if the class doesn\'t respond_to one of the attributes' do
-    Clown = Class.new do
-      extend Devise::Models
-
-      def self.before_validation(instance)
-      end
-
-      devise :database_authenticatable
-
-      attr_accessor :encrypted_password
-    end
-
-    assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: email" do
-      Devise::Models.check_fields!(Clown)
-    end
-  end
-
-  test 'raises Devise::Models::MissingAtrribute with all the missing attributes if there is more than one' do
-    Magician = Class.new do
-      extend Devise::Models
-
-      def self.before_validation(instance)
-      end
-
-      devise :database_authenticatable
-    end
-
-    assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: encrypted_password, email" do
-      Devise::Models.check_fields!(Magician)
-    end
-  end
-
-  test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do
-    driver = Class.new do
-      extend Devise::Models
-
-      def self.before_validation(instance)
-      end
-
-      attr_accessor :encrypted_password, :email
-
-      devise :database_authenticatable
-    end
-
-    swap_module_method_existence Devise::Models::DatabaseAuthenticatable, :required_fields do
-      assert_deprecated do
-        Devise::Models.check_fields!(driver)
-      end
-    end
-  end
-end

data/test/omniauth/config_test.rb

@@ -1,57 +0,0 @@
-require 'test_helper'
-
-class OmniAuthConfigTest < ActiveSupport::TestCase
-  class MyStrategy
-    include OmniAuth::Strategy
-  end
-
-  test 'strategy_name returns provider if no options given' do
-    config = Devise::OmniAuth::Config.new :facebook, [{}]
-    assert_equal :facebook, config.strategy_name
-  end
-
-  test 'strategy_name returns provider if no name option are given' do
-    config = Devise::OmniAuth::Config.new :facebook, [{ :other => :option }]
-    assert_equal :facebook, config.strategy_name
-  end
-
-  test 'returns name option when have a name' do
-    config = Devise::OmniAuth::Config.new :facebook, [{ :name => :github }]
-    assert_equal :github, config.strategy_name
-  end
-
-  test "finds contrib strategies" do
-    config = Devise::OmniAuth::Config.new :facebook, [{}]
-    assert_equal OmniAuth::Strategies::Facebook, config.strategy_class
-  end
-
-  test "finds the strategy in OmniAuth's list by name" do
-    NamedTestStrategy = Class.new
-    NamedTestStrategy.send :include, OmniAuth::Strategy
-    NamedTestStrategy.option :name, :the_one
-
-    config = Devise::OmniAuth::Config.new :the_one, [{}]
-    assert_equal NamedTestStrategy, config.strategy_class
-  end
-
-  test "finds the strategy in OmniAuth's list by class name" do
-    UnNamedTestStrategy = Class.new
-    UnNamedTestStrategy.send :include, OmniAuth::Strategy
-
-    config = Devise::OmniAuth::Config.new :un_named_test_strategy, [{}]
-    assert_equal UnNamedTestStrategy, config.strategy_class
-  end
-
-  test 'raises an error if strategy cannot be found' do
-    config = Devise::OmniAuth::Config.new :my_other_strategy, [{}]
-    assert_raise Devise::OmniAuth::StrategyNotFound do
-      config.strategy_class
-    end
-  end
-
-  test 'allows the user to define a custom require path' do
-    config = Devise::OmniAuth::Config.new :my_strategy, [{:strategy_class => MyStrategy}]
-    config_class = config.strategy_class
-    assert_equal MyStrategy, config_class
-  end
-end

data/test/omniauth/url_helpers_test.rb

@@ -1,54 +0,0 @@
-require 'test_helper'
-
-class OmniAuthRoutesTest < ActionController::TestCase
-  ExpectedUrlGeneratiorError = Devise.rails4? ?
-    ActionController::UrlGenerationError : ActionController::RoutingError
-
-  tests ApplicationController
-
-  def assert_path(action, provider, with_param=true)
-    # Resource param
-    assert_equal @controller.send(action, :user, provider),
-                 @controller.send("user_#{action}", provider)
-
-    # With an object
-    assert_equal @controller.send(action, User.new, provider),
-                 @controller.send("user_#{action}", provider)
-
-    if with_param
-      # Default url params
-      assert_equal @controller.send(action, :user, provider, :param => 123),
-                   @controller.send("user_#{action}", provider, :param => 123)
-    end
-  end
-
-  test 'should alias omniauth_callback to mapped user auth_callback' do
-    assert_path :omniauth_callback_path, :facebook
-  end
-
-  test 'should alias omniauth_authorize to mapped user auth_authorize' do
-    assert_path :omniauth_authorize_path, :facebook, false
-  end
-
-  test 'should generate authorization path' do
-    assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
-
-    assert_raise ExpectedUrlGeneratiorError do
-      @controller.omniauth_authorize_path(:user, :github)
-    end
-  end
-
-  test 'should generate authorization path for named open_id omniauth' do
-    assert_match "/users/auth/google", @controller.omniauth_authorize_path(:user, :google)
-  end
-
-  test 'should generate authorization path with params' do
-    assert_match "/users/auth/openid?openid_url=http%3A%2F%2Fyahoo.com",
-                  @controller.omniauth_authorize_path(:user, :openid, :openid_url => "http://yahoo.com")
-  end
-
-  test 'should not add a "?" if no param was sent' do
-    assert_equal "/users/auth/openid",
-                  @controller.omniauth_authorize_path(:user, :openid)
-  end
-end

data/test/orm/active_record.rb

@@ -1,10 +0,0 @@
-ActiveRecord::Migration.verbose = false
-ActiveRecord::Base.logger = Logger.new(nil)
-ActiveRecord::Base.include_root_in_json = true
-
-ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__))
-
-class ActiveSupport::TestCase
-  self.use_transactional_fixtures = true
-  self.use_instantiated_fixtures  = false
-end

data/test/orm/mongoid.rb

@@ -1,13 +0,0 @@
-require 'mongoid/version'
-
-Mongoid.configure do |config|
-  config.connect_to("devise-test-suite")
-  config.use_utc = true
-  config.include_root_in_json = true
-end
-
-class ActiveSupport::TestCase
-  setup do
-    Mongoid.purge!
-  end
-end

data/test/parameter_sanitizer_test.rb

@@ -1,58 +0,0 @@
-require 'test_helper'
-require 'devise/parameter_sanitizer'
-
-class BaseSanitizerTest < ActiveSupport::TestCase
-  def sanitizer
-    Devise::BaseSanitizer.new(User, :user, { user: { "email" => "jose" } })
-  end
-
-  test 'returns chosen params' do
-    assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in))
-  end
-end
-
-if defined?(ActionController::StrongParameters)
-  require 'active_model/forbidden_attributes_protection'
-
-  class ParameterSanitizerTest < ActiveSupport::TestCase
-    def sanitizer(params)
-      params = ActionController::Parameters.new(params)
-      Devise::ParameterSanitizer.new(User, :user, params)
-    end
-
-    test 'filters some parameters on sign in by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
-      assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.for(:sign_in))
-    end
-
-    test 'handles auth keys as a hash' do
-      swap Devise, :authentication_keys => {:email => true} do
-        sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-        assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in))
-      end
-    end
-
-    test 'filters some parameters on sign up by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
-      assert_equal({ "email" => "jose" }, sanitizer.for(:sign_up))
-    end
-
-    test 'filters some parameters on account update by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
-      assert_equal({ "email" => "jose" }, sanitizer.for(:account_update))
-    end
-
-    test 'allows custom hooks' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-      sanitizer.for(:sign_in) { |user| user.permit(:email, :password) }
-      assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in))
-    end
-
-    test 'raises on unknown hooks' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-      assert_raise NotImplementedError do
-        sanitizer.for(:unknown)
-      end
-    end
-  end
-end

data/test/rails_app/Rakefile

@@ -1,6 +0,0 @@
-# Add your own tasks in files placed in lib/tasks ending in .rake,
-# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
-
-require File.expand_path('../config/application', __FILE__)
-
-Rails.application.load_tasks

data/test/rails_app/app/active_record/admin.rb

@@ -1,6 +0,0 @@
-require 'shared_admin'
-
-class Admin < ActiveRecord::Base
-  include Shim
-  include SharedAdmin
-end

data/test/rails_app/app/active_record/shim.rb

@@ -1,2 +0,0 @@
-module Shim
-end

data/test/rails_app/app/active_record/user.rb

@@ -1,6 +0,0 @@
-require 'shared_user'
-
-class User < ActiveRecord::Base
-  include Shim
-  include SharedUser
-end

data/test/rails_app/app/controllers/admins/sessions_controller.rb

@@ -1,6 +0,0 @@
-class Admins::SessionsController < Devise::SessionsController
-  def new
-    flash[:special] = "Welcome to #{controller_path.inspect} controller!"
-    super
-  end
-end