devise 3.2.1 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +58 -10
- data/CHANGELOG.md +199 -979
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +73 -8
- data/Gemfile +19 -11
- data/Gemfile.lock +152 -119
- data/ISSUE_TEMPLATE.md +19 -0
- data/MIT-LICENSE +1 -1
- data/README.md +347 -93
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +20 -8
- data/app/controllers/devise/registrations_controller.rb +34 -19
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +4 -2
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +28 -14
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/bin/test +13 -0
- data/config/locales/en.yml +22 -17
- data/devise.gemspec +7 -6
- data/gemfiles/Gemfile.rails-4.1-stable +32 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +32 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.0-stable +33 -0
- data/gemfiles/Gemfile.rails-5.0-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
- data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
- data/guides/bug_report_templates/integration_test.rb +106 -0
- data/lib/devise.rb +107 -84
- data/lib/devise/controllers/helpers.rb +111 -31
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +39 -26
- data/lib/devise/controllers/store_location.rb +31 -2
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +98 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models.rb +3 -1
- data/lib/devise/models/authenticatable.rb +63 -36
- data/lib/devise/models/confirmable.rb +121 -41
- data/lib/devise/models/database_authenticatable.rb +66 -23
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +2 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +12 -3
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +2 -0
- data/lib/devise/parameter_sanitizer.rb +131 -69
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/secret_key_finder.rb +25 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -5
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/generators/active_record/devise_generator.rb +47 -10
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +9 -5
- data/lib/generators/devise/install_generator.rb +22 -0
- data/lib/generators/devise/orm_helpers.rb +8 -19
- data/lib/generators/devise/views_generator.rb +51 -28
- data/lib/generators/mongoid/devise_generator.rb +22 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +64 -35
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +42 -0
- data/test/controllers/custom_strategy_test.rb +10 -6
- data/test/controllers/helper_methods_test.rb +24 -0
- data/test/controllers/helpers_test.rb +88 -40
- data/test/controllers/inherited_controller_i18n_messages_test.rb +53 -0
- data/test/controllers/internal_helpers_test.rb +31 -22
- data/test/controllers/load_hooks_controller_test.rb +21 -0
- data/test/controllers/passwords_controller_test.rb +8 -5
- data/test/controllers/sessions_controller_test.rb +42 -33
- data/test/controllers/url_helpers_test.rb +13 -5
- data/test/delegator_test.rb +3 -1
- data/test/devise_test.rb +34 -19
- data/test/failure_app_test.rb +150 -42
- data/test/generators/active_record_generator_test.rb +58 -31
- data/test/generators/controllers_generator_test.rb +50 -0
- data/test/generators/devise_generator_test.rb +4 -2
- data/test/generators/install_generator_test.rb +16 -3
- data/test/generators/mongoid_generator_test.rb +5 -3
- data/test/generators/views_generator_test.rb +40 -2
- data/test/helpers/devise_helper_test.rb +20 -20
- data/test/integration/authenticatable_test.rb +134 -141
- data/test/integration/confirmable_test.rb +109 -67
- data/test/integration/database_authenticatable_test.rb +36 -23
- data/test/integration/http_authenticatable_test.rb +29 -20
- data/test/integration/lockable_test.rb +52 -49
- data/test/integration/mounted_engine_test.rb +38 -0
- data/test/integration/omniauthable_test.rb +30 -15
- data/test/integration/recoverable_test.rb +76 -61
- data/test/integration/registerable_test.rb +107 -91
- data/test/integration/rememberable_test.rb +82 -30
- data/test/integration/timeoutable_test.rb +48 -40
- data/test/integration/trackable_test.rb +15 -8
- data/test/mailers/confirmation_instructions_test.rb +16 -14
- data/test/mailers/email_changed_test.rb +132 -0
- data/test/mailers/mailer_test.rb +20 -0
- data/test/mailers/reset_password_instructions_test.rb +13 -11
- data/test/mailers/unlock_instructions_test.rb +12 -10
- data/test/mapping_test.rb +15 -6
- data/test/models/authenticatable_test.rb +15 -3
- data/test/models/confirmable_test.rb +190 -95
- data/test/models/database_authenticatable_test.rb +75 -41
- data/test/models/lockable_test.rb +115 -61
- data/test/models/omniauthable_test.rb +3 -1
- data/test/models/recoverable_test.rb +116 -37
- data/test/models/registerable_test.rb +3 -1
- data/test/models/rememberable_test.rb +95 -94
- data/test/models/serializable_test.rb +19 -8
- data/test/models/timeoutable_test.rb +10 -8
- data/test/models/trackable_test.rb +50 -1
- data/test/models/validatable_test.rb +24 -30
- data/test/models_test.rb +19 -8
- data/test/omniauth/config_test.rb +15 -11
- data/test/omniauth/url_helpers_test.rb +8 -9
- data/test/orm/active_record.rb +16 -2
- data/test/orm/mongoid.rb +4 -2
- data/test/parameter_sanitizer_test.rb +53 -57
- data/test/rails_app/app/active_record/admin.rb +2 -0
- data/test/rails_app/app/active_record/shim.rb +3 -1
- data/test/rails_app/app/active_record/user.rb +14 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +9 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +9 -0
- data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
- data/test/rails_app/app/active_record/user_without_email.rb +10 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/admins_controller.rb +3 -6
- data/test/rails_app/app/controllers/application_controller.rb +7 -3
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +32 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +33 -0
- data/test/rails_app/app/controllers/home_controller.rb +7 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +3 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -5
- data/test/rails_app/app/controllers/users_controller.rb +8 -6
- data/test/rails_app/app/helpers/application_helper.rb +2 -0
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +5 -0
- data/test/rails_app/app/mailers/users/mailer.rb +3 -10
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +6 -0
- data/test/rails_app/app/mongoid/admin.rb +13 -11
- data/test/rails_app/app/mongoid/shim.rb +4 -2
- data/test/rails_app/app/mongoid/user.rb +30 -19
- data/test/rails_app/app/mongoid/user_on_engine.rb +41 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +41 -0
- data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +35 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/config/application.rb +13 -5
- data/test/rails_app/config/boot.rb +17 -4
- data/test/rails_app/config/environment.rb +2 -0
- data/test/rails_app/config/environments/development.rb +2 -0
- data/test/rails_app/config/environments/production.rb +10 -2
- data/test/rails_app/config/environments/test.rb +14 -3
- data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
- data/test/rails_app/config/initializers/devise.rb +22 -21
- data/test/rails_app/config/initializers/inflections.rb +2 -0
- data/test/rails_app/config/initializers/secret_token.rb +3 -6
- data/test/rails_app/config/initializers/session_store.rb +2 -0
- data/test/rails_app/config/routes.rb +67 -43
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +16 -10
- data/test/rails_app/db/schema.rb +2 -0
- data/test/rails_app/lib/shared_admin.rb +10 -4
- data/test/rails_app/lib/shared_user.rb +4 -1
- data/test/rails_app/lib/shared_user_without_email.rb +28 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +15 -0
- data/test/rails_test.rb +11 -0
- data/test/routes_test.rb +92 -61
- data/test/secret_key_finder_test.rb +97 -0
- data/test/support/action_controller/record_identifier.rb +12 -0
- data/test/support/assertions.rb +4 -14
- data/test/support/helpers.rb +23 -10
- data/test/support/http_method_compatibility.rb +53 -0
- data/test/support/integration.rb +19 -16
- data/test/support/mongoid.yml +6 -0
- data/test/support/webrat/integrations/rails.rb +11 -0
- data/test/{test_helpers_test.rb → test/controller_helpers_test.rb} +60 -40
- data/test/test/integration_helpers_test.rb +34 -0
- data/test/test_helper.rb +9 -0
- data/test/test_models.rb +8 -6
- metadata +123 -53
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
@@ -0,0 +1,50 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "test_helper"
|
4
|
+
|
5
|
+
class ControllersGeneratorTest < Rails::Generators::TestCase
|
6
|
+
tests Devise::Generators::ControllersGenerator
|
7
|
+
destination File.expand_path("../../tmp", __FILE__)
|
8
|
+
setup :prepare_destination
|
9
|
+
|
10
|
+
test "Assert no controllers are created with no params" do
|
11
|
+
capture(:stderr) { run_generator }
|
12
|
+
assert_no_file "app/controllers/sessions_controller.rb"
|
13
|
+
assert_no_file "app/controllers/registrations_controller.rb"
|
14
|
+
assert_no_file "app/controllers/confirmations_controller.rb"
|
15
|
+
assert_no_file "app/controllers/passwords_controller.rb"
|
16
|
+
assert_no_file "app/controllers/unlocks_controller.rb"
|
17
|
+
assert_no_file "app/controllers/omniauth_callbacks_controller.rb"
|
18
|
+
end
|
19
|
+
|
20
|
+
test "Assert all controllers are properly created with scope param" do
|
21
|
+
run_generator %w(users)
|
22
|
+
assert_class_names 'users'
|
23
|
+
|
24
|
+
run_generator %w(admins)
|
25
|
+
assert_class_names 'admins'
|
26
|
+
end
|
27
|
+
|
28
|
+
test "Assert specified controllers with scope" do
|
29
|
+
run_generator %w(users -c sessions)
|
30
|
+
assert_file "app/controllers/users/sessions_controller.rb"
|
31
|
+
assert_no_file "app/controllers/users/registrations_controller.rb"
|
32
|
+
assert_no_file "app/controllers/users/confirmations_controller.rb"
|
33
|
+
assert_no_file "app/controllers/users/passwords_controller.rb"
|
34
|
+
assert_no_file "app/controllers/users/unlocks_controller.rb"
|
35
|
+
assert_no_file "app/controllers/users/omniauth_callbacks_controller.rb"
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def assert_class_names(scope, options = {})
|
41
|
+
base_dir = "app/controllers#{scope.blank? ? '' : ('/' + scope)}"
|
42
|
+
scope_prefix = scope.blank? ? '' : (scope.camelize + '::')
|
43
|
+
controllers = options[:controllers] ||
|
44
|
+
%w(confirmations passwords registrations sessions unlocks omniauth_callbacks)
|
45
|
+
|
46
|
+
controllers.each do |c|
|
47
|
+
assert_file "#{base_dir}/#{c}_controller.rb", /#{scope_prefix + c.camelize}/
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
require "generators/devise/devise_generator"
|
@@ -18,13 +20,13 @@ class DeviseGeneratorTest < Rails::Generators::TestCase
|
|
18
20
|
|
19
21
|
test "route generation for namespaced model names" do
|
20
22
|
run_generator %w(monster/goblin name:string)
|
21
|
-
match = /devise_for :goblins, :
|
23
|
+
match = /devise_for :goblins, class_name: "Monster::Goblin"/
|
22
24
|
assert_file "config/routes.rb", match
|
23
25
|
end
|
24
26
|
|
25
27
|
test "route generation with skip routes" do
|
26
28
|
run_generator %w(monster name:string --skip-routes)
|
27
|
-
match = /devise_for :monsters, :
|
29
|
+
match = /devise_for :monsters, skip: :all/
|
28
30
|
assert_file "config/routes.rb", match
|
29
31
|
end
|
30
32
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "test_helper"
|
2
4
|
|
3
5
|
class InstallGeneratorTest < Rails::Generators::TestCase
|
@@ -5,9 +7,20 @@ class InstallGeneratorTest < Rails::Generators::TestCase
|
|
5
7
|
destination File.expand_path("../../tmp", __FILE__)
|
6
8
|
setup :prepare_destination
|
7
9
|
|
8
|
-
test "
|
9
|
-
run_generator
|
10
|
-
assert_file "config/initializers/devise.rb"
|
10
|
+
test "assert all files are properly created" do
|
11
|
+
run_generator(["--orm=active_record"])
|
12
|
+
assert_file "config/initializers/devise.rb", /devise\/orm\/active_record/
|
11
13
|
assert_file "config/locales/devise.en.yml"
|
12
14
|
end
|
15
|
+
|
16
|
+
test "fails if no ORM is specified" do
|
17
|
+
stderr = capture(:stderr) do
|
18
|
+
run_generator
|
19
|
+
end
|
20
|
+
|
21
|
+
assert_match %r{An ORM must be set to install Devise}, stderr
|
22
|
+
|
23
|
+
assert_no_file "config/initializers/devise.rb"
|
24
|
+
assert_no_file "config/locales/devise.en.yml"
|
25
|
+
end
|
13
26
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "test_helper"
|
2
4
|
|
3
5
|
if DEVISE_ORM == :mongoid
|
@@ -7,15 +9,15 @@ if DEVISE_ORM == :mongoid
|
|
7
9
|
tests Mongoid::Generators::DeviseGenerator
|
8
10
|
destination File.expand_path("../../tmp", __FILE__)
|
9
11
|
setup :prepare_destination
|
10
|
-
|
12
|
+
|
11
13
|
test "all files are properly created" do
|
12
14
|
run_generator %w(monster)
|
13
15
|
assert_file "app/models/monster.rb", /devise/
|
14
16
|
end
|
15
|
-
|
17
|
+
|
16
18
|
test "all files are properly deleted" do
|
17
19
|
run_generator %w(monster)
|
18
|
-
run_generator %w(monster), :
|
20
|
+
run_generator %w(monster), behavior: :revoke
|
19
21
|
assert_no_file "app/models/monster.rb"
|
20
22
|
end
|
21
23
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "test_helper"
|
2
4
|
|
3
5
|
class ViewsGeneratorTest < Rails::Generators::TestCase
|
@@ -33,7 +35,43 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
|
|
33
35
|
|
34
36
|
test "Assert views with markerb" do
|
35
37
|
run_generator %w(--markerb)
|
36
|
-
assert_files nil, :
|
38
|
+
assert_files nil, mail_template_engine: "markerb"
|
39
|
+
end
|
40
|
+
|
41
|
+
|
42
|
+
test "Assert only views within specified directories" do
|
43
|
+
run_generator %w(-v sessions registrations)
|
44
|
+
assert_file "app/views/devise/sessions/new.html.erb"
|
45
|
+
assert_file "app/views/devise/registrations/new.html.erb"
|
46
|
+
assert_file "app/views/devise/registrations/edit.html.erb"
|
47
|
+
assert_no_file "app/views/devise/confirmations/new.html.erb"
|
48
|
+
assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb"
|
49
|
+
end
|
50
|
+
|
51
|
+
test "Assert mailer specific directory with simple form" do
|
52
|
+
run_generator %w(-v mailer -b simple_form_for)
|
53
|
+
assert_file "app/views/devise/mailer/confirmation_instructions.html.erb"
|
54
|
+
assert_file "app/views/devise/mailer/reset_password_instructions.html.erb"
|
55
|
+
assert_file "app/views/devise/mailer/unlock_instructions.html.erb"
|
56
|
+
end
|
57
|
+
|
58
|
+
test "Assert specified directories with scope" do
|
59
|
+
run_generator %w(users -v sessions)
|
60
|
+
assert_file "app/views/users/sessions/new.html.erb"
|
61
|
+
assert_no_file "app/views/users/confirmations/new.html.erb"
|
62
|
+
end
|
63
|
+
|
64
|
+
test "Assert specified directories with simple form" do
|
65
|
+
run_generator %w(-v registrations -b simple_form_for)
|
66
|
+
assert_file "app/views/devise/registrations/new.html.erb", /simple_form_for/
|
67
|
+
assert_no_file "app/views/devise/confirmations/new.html.erb"
|
68
|
+
end
|
69
|
+
|
70
|
+
test "Assert specified directories with markerb" do
|
71
|
+
run_generator %w(--markerb -v passwords mailer)
|
72
|
+
assert_file "app/views/devise/passwords/new.html.erb"
|
73
|
+
assert_no_file "app/views/devise/confirmations/new.html.erb"
|
74
|
+
assert_file "app/views/devise/mailer/reset_password_instructions.markerb"
|
37
75
|
end
|
38
76
|
|
39
77
|
def assert_files(scope = nil, options={})
|
@@ -49,7 +87,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
|
|
49
87
|
assert_file "app/views/#{scope}/registrations/new.html.erb"
|
50
88
|
assert_file "app/views/#{scope}/registrations/edit.html.erb"
|
51
89
|
assert_file "app/views/#{scope}/sessions/new.html.erb"
|
52
|
-
assert_file "app/views/#{scope}/shared/_links.erb"
|
90
|
+
assert_file "app/views/#{scope}/shared/_links.html.erb"
|
53
91
|
assert_file "app/views/#{scope}/unlocks/new.html.erb"
|
54
92
|
end
|
55
93
|
|
@@ -1,35 +1,36 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class DeviseHelperTest <
|
5
|
+
class DeviseHelperTest < Devise::IntegrationTest
|
4
6
|
setup do
|
5
|
-
model_labels = { :
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
:one => "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.",
|
11
|
-
:other => "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs."
|
7
|
+
model_labels = { models: { user: "the user" } }
|
8
|
+
translations = {
|
9
|
+
errors: { messages: { not_saved: {
|
10
|
+
one: "Can't save %{resource} because of 1 error",
|
11
|
+
other: "Can't save %{resource} because of %{count} errors",
|
12
12
|
} } },
|
13
|
-
:
|
14
|
-
:
|
13
|
+
activerecord: model_labels,
|
14
|
+
mongoid: model_labels
|
15
15
|
}
|
16
16
|
|
17
|
-
I18n.
|
17
|
+
I18n.available_locales
|
18
|
+
I18n.backend.store_translations(:en, translations)
|
18
19
|
end
|
19
20
|
|
20
21
|
teardown do
|
21
|
-
I18n.
|
22
|
+
I18n.reload!
|
22
23
|
end
|
23
24
|
|
24
25
|
test 'test errors.messages.not_saved with single error from i18n' do
|
25
26
|
get new_user_registration_path
|
26
27
|
|
27
|
-
fill_in 'password', :
|
28
|
-
fill_in 'password confirmation', :
|
28
|
+
fill_in 'password', with: 'new_user123'
|
29
|
+
fill_in 'password confirmation', with: 'new_user123'
|
29
30
|
click_button 'Sign up'
|
30
31
|
|
31
32
|
assert_have_selector '#error_explanation'
|
32
|
-
assert_contain "
|
33
|
+
assert_contain "Can't save the user because of 1 error"
|
33
34
|
end
|
34
35
|
|
35
36
|
test 'test errors.messages.not_saved with multiple errors from i18n' do
|
@@ -39,13 +40,12 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest
|
|
39
40
|
|
40
41
|
get new_user_registration_path
|
41
42
|
|
42
|
-
fill_in 'email', :
|
43
|
-
fill_in 'password', :
|
44
|
-
fill_in 'password confirmation', :
|
43
|
+
fill_in 'email', with: 'invalid_email'
|
44
|
+
fill_in 'password', with: 'new_user123'
|
45
|
+
fill_in 'password confirmation', with: 'new_user321'
|
45
46
|
click_button 'Sign up'
|
46
47
|
|
47
48
|
assert_have_selector '#error_explanation'
|
48
|
-
assert_contain "
|
49
|
+
assert_contain "Can't save the user because of 2 errors"
|
49
50
|
end
|
50
51
|
end
|
51
|
-
|
@@ -1,6 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class AuthenticationSanityTest <
|
5
|
+
class AuthenticationSanityTest < Devise::IntegrationTest
|
6
|
+
test 'sign in should not run model validations' do
|
7
|
+
sign_in_as_user
|
8
|
+
|
9
|
+
refute User.validations_performed
|
10
|
+
end
|
11
|
+
|
4
12
|
test 'home should be accessible without sign in' do
|
5
13
|
visit '/'
|
6
14
|
assert_response :success
|
@@ -10,13 +18,13 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
|
|
10
18
|
test 'sign in as user should not authenticate admin scope' do
|
11
19
|
sign_in_as_user
|
12
20
|
assert warden.authenticated?(:user)
|
13
|
-
|
21
|
+
refute warden.authenticated?(:admin)
|
14
22
|
end
|
15
23
|
|
16
24
|
test 'sign in as admin should not authenticate user scope' do
|
17
25
|
sign_in_as_admin
|
18
26
|
assert warden.authenticated?(:admin)
|
19
|
-
|
27
|
+
refute warden.authenticated?(:user)
|
20
28
|
end
|
21
29
|
|
22
30
|
test 'sign in as both user and admin at same time' do
|
@@ -27,58 +35,58 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
|
|
27
35
|
end
|
28
36
|
|
29
37
|
test 'sign out as user should not touch admin authentication if sign_out_all_scopes is false' do
|
30
|
-
swap Devise, :
|
38
|
+
swap Devise, sign_out_all_scopes: false do
|
31
39
|
sign_in_as_user
|
32
40
|
sign_in_as_admin
|
33
|
-
|
34
|
-
|
41
|
+
delete destroy_user_session_path
|
42
|
+
refute warden.authenticated?(:user)
|
35
43
|
assert warden.authenticated?(:admin)
|
36
44
|
end
|
37
45
|
end
|
38
46
|
|
39
47
|
test 'sign out as admin should not touch user authentication if sign_out_all_scopes is false' do
|
40
|
-
swap Devise, :
|
48
|
+
swap Devise, sign_out_all_scopes: false do
|
41
49
|
sign_in_as_user
|
42
50
|
sign_in_as_admin
|
43
51
|
|
44
|
-
|
45
|
-
|
52
|
+
delete destroy_admin_session_path
|
53
|
+
refute warden.authenticated?(:admin)
|
46
54
|
assert warden.authenticated?(:user)
|
47
55
|
end
|
48
56
|
end
|
49
57
|
|
50
58
|
test 'sign out as user should also sign out admin if sign_out_all_scopes is true' do
|
51
|
-
swap Devise, :
|
59
|
+
swap Devise, sign_out_all_scopes: true do
|
52
60
|
sign_in_as_user
|
53
61
|
sign_in_as_admin
|
54
62
|
|
55
|
-
|
56
|
-
|
57
|
-
|
63
|
+
delete destroy_user_session_path
|
64
|
+
refute warden.authenticated?(:user)
|
65
|
+
refute warden.authenticated?(:admin)
|
58
66
|
end
|
59
67
|
end
|
60
68
|
|
61
69
|
test 'sign out as admin should also sign out user if sign_out_all_scopes is true' do
|
62
|
-
swap Devise, :
|
70
|
+
swap Devise, sign_out_all_scopes: true do
|
63
71
|
sign_in_as_user
|
64
72
|
sign_in_as_admin
|
65
73
|
|
66
|
-
|
67
|
-
|
68
|
-
|
74
|
+
delete destroy_admin_session_path
|
75
|
+
refute warden.authenticated?(:admin)
|
76
|
+
refute warden.authenticated?(:user)
|
69
77
|
end
|
70
78
|
end
|
71
79
|
|
72
80
|
test 'not signed in as admin should not be able to access admins actions' do
|
73
81
|
get admins_path
|
74
82
|
assert_redirected_to new_admin_session_path
|
75
|
-
|
83
|
+
refute warden.authenticated?(:admin)
|
76
84
|
end
|
77
85
|
|
78
86
|
test 'signed in as user should not be able to access admins actions' do
|
79
87
|
sign_in_as_user
|
80
88
|
assert warden.authenticated?(:user)
|
81
|
-
|
89
|
+
refute warden.authenticated?(:admin)
|
82
90
|
|
83
91
|
get admins_path
|
84
92
|
assert_redirected_to new_admin_session_path
|
@@ -87,7 +95,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
|
|
87
95
|
test 'signed in as admin should be able to access admin actions' do
|
88
96
|
sign_in_as_admin
|
89
97
|
assert warden.authenticated?(:admin)
|
90
|
-
|
98
|
+
refute warden.authenticated?(:user)
|
91
99
|
|
92
100
|
get admins_path
|
93
101
|
|
@@ -109,22 +117,22 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
|
|
109
117
|
sign_in_as_admin
|
110
118
|
assert warden.authenticated?(:admin)
|
111
119
|
|
112
|
-
|
120
|
+
delete destroy_admin_session_path
|
113
121
|
assert_response :redirect
|
114
122
|
assert_redirected_to root_path
|
115
123
|
|
116
124
|
get root_path
|
117
125
|
assert_contain 'Signed out successfully'
|
118
|
-
|
126
|
+
refute warden.authenticated?(:admin)
|
119
127
|
end
|
120
128
|
|
121
|
-
test 'unauthenticated admin
|
122
|
-
|
129
|
+
test 'unauthenticated admin set message on sign out' do
|
130
|
+
delete destroy_admin_session_path
|
123
131
|
assert_response :redirect
|
124
132
|
assert_redirected_to root_path
|
125
133
|
|
126
134
|
get root_path
|
127
|
-
|
135
|
+
assert_contain 'Signed out successfully'
|
128
136
|
end
|
129
137
|
|
130
138
|
test 'scope uses custom failure app' do
|
@@ -134,17 +142,17 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
|
|
134
142
|
end
|
135
143
|
end
|
136
144
|
|
137
|
-
class AuthenticationRoutesRestrictions <
|
145
|
+
class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
138
146
|
test 'not signed in should not be able to access private route (authenticate denied)' do
|
139
147
|
get private_path
|
140
148
|
assert_redirected_to new_admin_session_path
|
141
|
-
|
149
|
+
refute warden.authenticated?(:admin)
|
142
150
|
end
|
143
151
|
|
144
152
|
test 'signed in as user should not be able to access private route restricted to admins (authenticate denied)' do
|
145
153
|
sign_in_as_user
|
146
154
|
assert warden.authenticated?(:user)
|
147
|
-
|
155
|
+
refute warden.authenticated?(:admin)
|
148
156
|
get private_path
|
149
157
|
assert_redirected_to new_admin_session_path
|
150
158
|
end
|
@@ -152,7 +160,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
152
160
|
test 'signed in as admin should be able to access private route restricted to admins (authenticate accepted)' do
|
153
161
|
sign_in_as_admin
|
154
162
|
assert warden.authenticated?(:admin)
|
155
|
-
|
163
|
+
refute warden.authenticated?(:user)
|
156
164
|
|
157
165
|
get private_path
|
158
166
|
|
@@ -162,9 +170,9 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
162
170
|
end
|
163
171
|
|
164
172
|
test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do
|
165
|
-
sign_in_as_admin(:
|
173
|
+
sign_in_as_admin(active: false)
|
166
174
|
assert warden.authenticated?(:admin)
|
167
|
-
|
175
|
+
refute warden.authenticated?(:user)
|
168
176
|
|
169
177
|
assert_raises ActionController::RoutingError do
|
170
178
|
get "/private/active"
|
@@ -172,9 +180,9 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
172
180
|
end
|
173
181
|
|
174
182
|
test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do
|
175
|
-
sign_in_as_admin(:
|
183
|
+
sign_in_as_admin(active: true)
|
176
184
|
assert warden.authenticated?(:admin)
|
177
|
-
|
185
|
+
refute warden.authenticated?(:user)
|
178
186
|
|
179
187
|
get private_active_path
|
180
188
|
|
@@ -186,7 +194,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
186
194
|
test 'signed in as admin should get admin dashboard (authenticated accepted)' do
|
187
195
|
sign_in_as_admin
|
188
196
|
assert warden.authenticated?(:admin)
|
189
|
-
|
197
|
+
refute warden.authenticated?(:user)
|
190
198
|
|
191
199
|
get dashboard_path
|
192
200
|
|
@@ -198,7 +206,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
198
206
|
test 'signed in as user should get user dashboard (authenticated accepted)' do
|
199
207
|
sign_in_as_user
|
200
208
|
assert warden.authenticated?(:user)
|
201
|
-
|
209
|
+
refute warden.authenticated?(:admin)
|
202
210
|
|
203
211
|
get dashboard_path
|
204
212
|
|
@@ -214,9 +222,9 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
214
222
|
end
|
215
223
|
|
216
224
|
test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do
|
217
|
-
sign_in_as_admin(:
|
225
|
+
sign_in_as_admin(active: false)
|
218
226
|
assert warden.authenticated?(:admin)
|
219
|
-
|
227
|
+
refute warden.authenticated?(:user)
|
220
228
|
|
221
229
|
assert_raises ActionController::RoutingError do
|
222
230
|
get "/dashboard/active"
|
@@ -224,9 +232,9 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
224
232
|
end
|
225
233
|
|
226
234
|
test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do
|
227
|
-
sign_in_as_admin(:
|
235
|
+
sign_in_as_admin(active: true)
|
228
236
|
assert warden.authenticated?(:admin)
|
229
|
-
|
237
|
+
refute warden.authenticated?(:user)
|
230
238
|
|
231
239
|
get dashboard_active_path
|
232
240
|
|
@@ -238,14 +246,14 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
238
246
|
test 'signed in user should not see unauthenticated page (unauthenticated denied)' do
|
239
247
|
sign_in_as_user
|
240
248
|
assert warden.authenticated?(:user)
|
241
|
-
|
249
|
+
refute warden.authenticated?(:admin)
|
242
250
|
|
243
251
|
assert_raises ActionController::RoutingError do
|
244
252
|
get join_path
|
245
253
|
end
|
246
254
|
end
|
247
255
|
|
248
|
-
test 'not signed in users should see
|
256
|
+
test 'not signed in users should see unauthenticated page (unauthenticated accepted)' do
|
249
257
|
get join_path
|
250
258
|
|
251
259
|
assert_response :success
|
@@ -254,7 +262,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
|
|
254
262
|
end
|
255
263
|
end
|
256
264
|
|
257
|
-
class AuthenticationRedirectTest <
|
265
|
+
class AuthenticationRedirectTest < Devise::IntegrationTest
|
258
266
|
test 'redirect from warden shows sign in or sign up message' do
|
259
267
|
get admins_path
|
260
268
|
|
@@ -277,7 +285,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
|
|
277
285
|
assert_equal users_path, session[:"user_return_to"]
|
278
286
|
|
279
287
|
follow_redirect!
|
280
|
-
sign_in_as_user :
|
288
|
+
sign_in_as_user visit: false
|
281
289
|
|
282
290
|
assert_current_url '/users'
|
283
291
|
assert_nil session[:"user_return_to"]
|
@@ -293,14 +301,14 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
|
|
293
301
|
assert_equal users_path, session[:"user_return_to"]
|
294
302
|
|
295
303
|
follow_redirect!
|
296
|
-
sign_in_as_user :
|
304
|
+
sign_in_as_user visit: false
|
297
305
|
|
298
306
|
assert_current_url '/users'
|
299
307
|
assert_nil session[:"user_return_to"]
|
300
308
|
end
|
301
309
|
|
302
310
|
test 'xml http requests does not store urls for redirect' do
|
303
|
-
get users_path, {
|
311
|
+
get users_path, headers: { 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest' }
|
304
312
|
assert_equal 401, response.status
|
305
313
|
assert_nil session[:"user_return_to"]
|
306
314
|
end
|
@@ -317,7 +325,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
|
|
317
325
|
end
|
318
326
|
end
|
319
327
|
|
320
|
-
class AuthenticationSessionTest <
|
328
|
+
class AuthenticationSessionTest < Devise::IntegrationTest
|
321
329
|
test 'destroyed account is signed out' do
|
322
330
|
sign_in_as_user
|
323
331
|
get '/users'
|
@@ -347,37 +355,6 @@ class AuthenticationSessionTest < ActionDispatch::IntegrationTest
|
|
347
355
|
assert_equal "Cart", @controller.user_session[:cart]
|
348
356
|
end
|
349
357
|
|
350
|
-
test 'does not explode when class name is still stored in session' do
|
351
|
-
# In order to test that old sessions do not break with the new scoped
|
352
|
-
# deserialization, we need to serialize the session the old way. This is
|
353
|
-
# done by removing the newly used scoped serialization method
|
354
|
-
# (#user_serialize) and bringing back the old uncsoped #serialize method
|
355
|
-
# that includes the record's class name in the serialization.
|
356
|
-
begin
|
357
|
-
Warden::SessionSerializer.class_eval do
|
358
|
-
alias_method :original_serialize, :serialize
|
359
|
-
alias_method :original_user_serialize, :user_serialize
|
360
|
-
remove_method :user_serialize
|
361
|
-
|
362
|
-
def serialize(record)
|
363
|
-
klass = record.class
|
364
|
-
array = klass.serialize_into_session(record)
|
365
|
-
array.unshift(klass.name)
|
366
|
-
end
|
367
|
-
end
|
368
|
-
|
369
|
-
sign_in_as_user
|
370
|
-
assert warden.authenticated?(:user)
|
371
|
-
ensure
|
372
|
-
Warden::SessionSerializer.class_eval do
|
373
|
-
alias_method :serialize, :original_serialize
|
374
|
-
remove_method :original_serialize
|
375
|
-
alias_method :user_serialize, :original_user_serialize
|
376
|
-
remove_method :original_user_serialize
|
377
|
-
end
|
378
|
-
end
|
379
|
-
end
|
380
|
-
|
381
358
|
test 'session id is changed on sign in' do
|
382
359
|
get '/users'
|
383
360
|
session_id = request.session["session_id"]
|
@@ -390,24 +367,24 @@ class AuthenticationSessionTest < ActionDispatch::IntegrationTest
|
|
390
367
|
end
|
391
368
|
end
|
392
369
|
|
393
|
-
class AuthenticationWithScopedViewsTest <
|
370
|
+
class AuthenticationWithScopedViewsTest < Devise::IntegrationTest
|
394
371
|
test 'renders the scoped view if turned on and view is available' do
|
395
|
-
swap Devise, :
|
372
|
+
swap Devise, scoped_views: true do
|
396
373
|
assert_raise Webrat::NotFoundError do
|
397
374
|
sign_in_as_user
|
398
375
|
end
|
399
|
-
assert_match
|
376
|
+
assert_match %r{Special user view}, response.body
|
400
377
|
end
|
401
378
|
end
|
402
379
|
|
403
|
-
test 'renders the scoped view if turned on in
|
380
|
+
test 'renders the scoped view if turned on in a specific controller' do
|
404
381
|
begin
|
405
382
|
Devise::SessionsController.scoped_views = true
|
406
383
|
assert_raise Webrat::NotFoundError do
|
407
384
|
sign_in_as_user
|
408
385
|
end
|
409
386
|
|
410
|
-
assert_match
|
387
|
+
assert_match %r{Special user view}, response.body
|
411
388
|
assert !Devise::PasswordsController.scoped_views?
|
412
389
|
ensure
|
413
390
|
Devise::SessionsController.send :remove_instance_variable, :@scoped_views
|
@@ -415,7 +392,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
|
|
415
392
|
end
|
416
393
|
|
417
394
|
test 'does not render the scoped view if turned off' do
|
418
|
-
swap Devise, :
|
395
|
+
swap Devise, scoped_views: false do
|
419
396
|
assert_nothing_raised do
|
420
397
|
sign_in_as_user
|
421
398
|
end
|
@@ -423,7 +400,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
|
|
423
400
|
end
|
424
401
|
|
425
402
|
test 'does not render the scoped view if not available' do
|
426
|
-
swap Devise, :
|
403
|
+
swap Devise, scoped_views: true do
|
427
404
|
assert_nothing_raised do
|
428
405
|
sign_in_as_admin
|
429
406
|
end
|
@@ -431,24 +408,24 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
|
|
431
408
|
end
|
432
409
|
end
|
433
410
|
|
434
|
-
class AuthenticationOthersTest <
|
411
|
+
class AuthenticationOthersTest < Devise::IntegrationTest
|
435
412
|
test 'handles unverified requests gets rid of caches' do
|
436
|
-
swap ApplicationController, :
|
413
|
+
swap ApplicationController, allow_forgery_protection: true do
|
437
414
|
post exhibit_user_url(1)
|
438
|
-
|
415
|
+
refute warden.authenticated?(:user)
|
439
416
|
|
440
417
|
sign_in_as_user
|
441
418
|
assert warden.authenticated?(:user)
|
442
419
|
|
443
420
|
post exhibit_user_url(1)
|
444
|
-
|
421
|
+
refute warden.authenticated?(:user)
|
445
422
|
assert_equal "User is not authenticated", response.body
|
446
423
|
end
|
447
424
|
end
|
448
425
|
|
449
426
|
test 'uses the custom controller with the custom controller view' do
|
450
427
|
get '/admin_area/sign_in'
|
451
|
-
assert_contain '
|
428
|
+
assert_contain 'Log in'
|
452
429
|
assert_contain 'Welcome to "admins/sessions" controller!'
|
453
430
|
assert_contain 'Welcome to "sessions/new" view!'
|
454
431
|
end
|
@@ -472,29 +449,29 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
|
|
472
449
|
|
473
450
|
test 'sign in with script name' do
|
474
451
|
assert_nothing_raised do
|
475
|
-
get new_user_session_path, {
|
476
|
-
fill_in "email", :
|
452
|
+
get new_user_session_path, headers: { "SCRIPT_NAME" => "/omg" }
|
453
|
+
fill_in "email", with: "user@test.com"
|
477
454
|
end
|
478
455
|
end
|
479
456
|
|
480
457
|
test 'sign in stub in xml format' do
|
481
|
-
get new_user_session_path(:
|
458
|
+
get new_user_session_path(format: 'xml')
|
482
459
|
assert_match '<?xml version="1.0" encoding="UTF-8"?>', response.body
|
483
|
-
assert_match
|
460
|
+
assert_match %r{<user>.*</user>}m, response.body
|
484
461
|
assert_match '<email></email>', response.body
|
485
462
|
assert_match '<password nil="true"', response.body
|
486
463
|
end
|
487
464
|
|
488
465
|
test 'sign in stub in json format' do
|
489
|
-
get new_user_session_path(:
|
466
|
+
get new_user_session_path(format: 'json')
|
490
467
|
assert_match '{"user":{', response.body
|
491
468
|
assert_match '"email":""', response.body
|
492
469
|
assert_match '"password":null', response.body
|
493
470
|
end
|
494
471
|
|
495
472
|
test 'sign in stub in json with non attribute key' do
|
496
|
-
swap Devise, :
|
497
|
-
get new_user_session_path(:
|
473
|
+
swap Devise, authentication_keys: [:other_key] do
|
474
|
+
get new_user_session_path(format: 'json')
|
498
475
|
assert_match '{"user":{', response.body
|
499
476
|
assert_match '"other_key":null', response.body
|
500
477
|
assert_match '"password":null', response.body
|
@@ -502,148 +479,148 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
|
|
502
479
|
end
|
503
480
|
|
504
481
|
test 'uses the mapping from router' do
|
505
|
-
sign_in_as_user :
|
482
|
+
sign_in_as_user visit: "/as/sign_in"
|
506
483
|
assert warden.authenticated?(:user)
|
507
|
-
|
484
|
+
refute warden.authenticated?(:admin)
|
508
485
|
end
|
509
486
|
|
510
487
|
test 'sign in with xml format returns xml response' do
|
511
488
|
create_user
|
512
|
-
post user_session_path(:
|
489
|
+
post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
|
513
490
|
assert_response :success
|
514
491
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
515
492
|
end
|
516
493
|
|
517
494
|
test 'sign in with xml format is idempotent' do
|
518
|
-
get new_user_session_path(:
|
495
|
+
get new_user_session_path(format: 'xml')
|
519
496
|
assert_response :success
|
520
497
|
|
521
498
|
create_user
|
522
|
-
post user_session_path(:
|
499
|
+
post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
|
523
500
|
assert_response :success
|
524
501
|
|
525
|
-
get new_user_session_path(:
|
502
|
+
get new_user_session_path(format: 'xml')
|
526
503
|
assert_response :success
|
527
504
|
|
528
|
-
post user_session_path(:
|
505
|
+
post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
|
529
506
|
assert_response :success
|
530
507
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
531
508
|
end
|
532
509
|
|
533
510
|
test 'sign out with html redirects' do
|
534
511
|
sign_in_as_user
|
535
|
-
|
512
|
+
delete destroy_user_session_path
|
536
513
|
assert_response :redirect
|
537
514
|
assert_current_url '/'
|
538
515
|
|
539
516
|
sign_in_as_user
|
540
|
-
|
517
|
+
delete destroy_user_session_path(format: 'html')
|
541
518
|
assert_response :redirect
|
542
519
|
assert_current_url '/'
|
543
520
|
end
|
544
521
|
|
545
522
|
test 'sign out with xml format returns no content' do
|
546
523
|
sign_in_as_user
|
547
|
-
|
524
|
+
delete destroy_user_session_path(format: 'xml')
|
548
525
|
assert_response :no_content
|
549
|
-
|
526
|
+
refute warden.authenticated?(:user)
|
550
527
|
end
|
551
528
|
|
552
529
|
test 'sign out with json format returns no content' do
|
553
530
|
sign_in_as_user
|
554
|
-
|
531
|
+
delete destroy_user_session_path(format: 'json')
|
555
532
|
assert_response :no_content
|
556
|
-
|
533
|
+
refute warden.authenticated?(:user)
|
557
534
|
end
|
558
535
|
|
559
536
|
test 'sign out with non-navigational format via XHR does not redirect' do
|
560
|
-
swap Devise, :
|
561
|
-
|
562
|
-
|
537
|
+
swap Devise, navigational_formats: ['*/*', :html] do
|
538
|
+
sign_in_as_admin
|
539
|
+
get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
|
563
540
|
assert_response :no_content
|
564
|
-
|
541
|
+
refute warden.authenticated?(:user)
|
565
542
|
end
|
566
543
|
end
|
567
544
|
|
568
545
|
# Belt and braces ... Perhaps this test is not necessary?
|
569
546
|
test 'sign out with navigational format via XHR does redirect' do
|
570
|
-
swap Devise, :
|
547
|
+
swap Devise, navigational_formats: ['*/*', :html] do
|
571
548
|
sign_in_as_user
|
572
|
-
|
549
|
+
delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" }
|
573
550
|
assert_response :redirect
|
574
|
-
|
551
|
+
refute warden.authenticated?(:user)
|
575
552
|
end
|
576
553
|
end
|
577
554
|
end
|
578
555
|
|
579
|
-
class AuthenticationKeysTest <
|
556
|
+
class AuthenticationKeysTest < Devise::IntegrationTest
|
580
557
|
test 'missing authentication keys cause authentication to abort' do
|
581
|
-
swap Devise, :
|
558
|
+
swap Devise, authentication_keys: [:subdomain] do
|
582
559
|
sign_in_as_user
|
583
|
-
assert_contain "Invalid
|
584
|
-
|
560
|
+
assert_contain "Invalid Subdomain or password."
|
561
|
+
refute warden.authenticated?(:user)
|
585
562
|
end
|
586
563
|
end
|
587
564
|
|
588
565
|
test 'missing authentication keys cause authentication to abort unless marked as not required' do
|
589
|
-
swap Devise, :
|
566
|
+
swap Devise, authentication_keys: { email: true, subdomain: false } do
|
590
567
|
sign_in_as_user
|
591
568
|
assert warden.authenticated?(:user)
|
592
569
|
end
|
593
570
|
end
|
594
571
|
end
|
595
572
|
|
596
|
-
class AuthenticationRequestKeysTest <
|
573
|
+
class AuthenticationRequestKeysTest < Devise::IntegrationTest
|
597
574
|
test 'request keys are used on authentication' do
|
598
575
|
host! 'foo.bar.baz'
|
599
576
|
|
600
|
-
swap Devise, :
|
601
|
-
User.expects(:find_for_authentication).with(:
|
577
|
+
swap Devise, request_keys: [:subdomain] do
|
578
|
+
User.expects(:find_for_authentication).with(subdomain: 'foo', email: 'user@test.com').returns(create_user)
|
602
579
|
sign_in_as_user
|
603
580
|
assert warden.authenticated?(:user)
|
604
581
|
end
|
605
582
|
end
|
606
583
|
|
607
584
|
test 'invalid request keys raises NoMethodError' do
|
608
|
-
swap Devise, :
|
585
|
+
swap Devise, request_keys: [:unknown_method] do
|
609
586
|
assert_raise NoMethodError do
|
610
587
|
sign_in_as_user
|
611
588
|
end
|
612
589
|
|
613
|
-
|
590
|
+
refute warden.authenticated?(:user)
|
614
591
|
end
|
615
592
|
end
|
616
593
|
|
617
594
|
test 'blank request keys cause authentication to abort' do
|
618
595
|
host! 'test.com'
|
619
596
|
|
620
|
-
swap Devise, :
|
597
|
+
swap Devise, request_keys: [:subdomain] do
|
621
598
|
sign_in_as_user
|
622
|
-
assert_contain "Invalid
|
623
|
-
|
599
|
+
assert_contain "Invalid Email or password."
|
600
|
+
refute warden.authenticated?(:user)
|
624
601
|
end
|
625
602
|
end
|
626
603
|
|
627
604
|
test 'blank request keys cause authentication to abort unless if marked as not required' do
|
628
605
|
host! 'test.com'
|
629
606
|
|
630
|
-
swap Devise, :
|
607
|
+
swap Devise, request_keys: { subdomain: false } do
|
631
608
|
sign_in_as_user
|
632
609
|
assert warden.authenticated?(:user)
|
633
610
|
end
|
634
611
|
end
|
635
612
|
end
|
636
613
|
|
637
|
-
class AuthenticationSignOutViaTest <
|
614
|
+
class AuthenticationSignOutViaTest < Devise::IntegrationTest
|
638
615
|
def sign_in!(scope)
|
639
|
-
sign_in_as_admin(:
|
616
|
+
sign_in_as_admin(visit: send("new_#{scope}_session_path"))
|
640
617
|
assert warden.authenticated?(scope)
|
641
618
|
end
|
642
619
|
|
643
620
|
test 'allow sign out via delete when sign_out_via provides only delete' do
|
644
621
|
sign_in!(:sign_out_via_delete)
|
645
622
|
delete destroy_sign_out_via_delete_session_path
|
646
|
-
|
623
|
+
refute warden.authenticated?(:sign_out_via_delete)
|
647
624
|
end
|
648
625
|
|
649
626
|
test 'do not allow sign out via get when sign_out_via provides only delete' do
|
@@ -657,7 +634,7 @@ class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
|
|
657
634
|
test 'allow sign out via post when sign_out_via provides only post' do
|
658
635
|
sign_in!(:sign_out_via_post)
|
659
636
|
post destroy_sign_out_via_post_session_path
|
660
|
-
|
637
|
+
refute warden.authenticated?(:sign_out_via_post)
|
661
638
|
end
|
662
639
|
|
663
640
|
test 'do not allow sign out via get when sign_out_via provides only post' do
|
@@ -671,13 +648,13 @@ class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
|
|
671
648
|
test 'allow sign out via delete when sign_out_via provides delete and post' do
|
672
649
|
sign_in!(:sign_out_via_delete_or_post)
|
673
650
|
delete destroy_sign_out_via_delete_or_post_session_path
|
674
|
-
|
651
|
+
refute warden.authenticated?(:sign_out_via_delete_or_post)
|
675
652
|
end
|
676
653
|
|
677
654
|
test 'allow sign out via post when sign_out_via provides delete and post' do
|
678
655
|
sign_in!(:sign_out_via_delete_or_post)
|
679
656
|
post destroy_sign_out_via_delete_or_post_session_path
|
680
|
-
|
657
|
+
refute warden.authenticated?(:sign_out_via_delete_or_post)
|
681
658
|
end
|
682
659
|
|
683
660
|
test 'do not allow sign out via get when sign_out_via provides delete and post' do
|
@@ -689,25 +666,41 @@ class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
|
|
689
666
|
end
|
690
667
|
end
|
691
668
|
|
692
|
-
class DoubleAuthenticationRedirectTest <
|
669
|
+
class DoubleAuthenticationRedirectTest < Devise::IntegrationTest
|
693
670
|
test 'signed in as user redirects when visiting user sign in page' do
|
694
671
|
sign_in_as_user
|
695
|
-
get new_user_session_path(:
|
672
|
+
get new_user_session_path(format: :html)
|
696
673
|
assert_redirected_to '/'
|
697
674
|
end
|
698
675
|
|
699
676
|
test 'signed in as admin redirects when visiting admin sign in page' do
|
700
677
|
sign_in_as_admin
|
701
|
-
get new_admin_session_path(:
|
678
|
+
get new_admin_session_path(format: :html)
|
702
679
|
assert_redirected_to '/admin_area/home'
|
703
680
|
end
|
704
681
|
|
705
682
|
test 'signed in as both user and admin redirects when visiting admin sign in page' do
|
706
683
|
sign_in_as_user
|
707
684
|
sign_in_as_admin
|
708
|
-
get new_user_session_path(:
|
685
|
+
get new_user_session_path(format: :html)
|
709
686
|
assert_redirected_to '/'
|
710
|
-
get new_admin_session_path(:
|
687
|
+
get new_admin_session_path(format: :html)
|
711
688
|
assert_redirected_to '/admin_area/home'
|
712
689
|
end
|
713
690
|
end
|
691
|
+
|
692
|
+
class DoubleSignOutRedirectTest < Devise::IntegrationTest
|
693
|
+
test 'sign out after already having signed out redirects to sign in' do
|
694
|
+
sign_in_as_user
|
695
|
+
|
696
|
+
post destroy_sign_out_via_delete_or_post_session_path
|
697
|
+
|
698
|
+
get root_path
|
699
|
+
assert_contain 'Signed out successfully.'
|
700
|
+
|
701
|
+
post destroy_sign_out_via_delete_or_post_session_path
|
702
|
+
|
703
|
+
get root_path
|
704
|
+
assert_contain 'Signed out successfully.'
|
705
|
+
end
|
706
|
+
end
|