devise 3.2.1 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +58 -10
- data/CHANGELOG.md +199 -979
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +73 -8
- data/Gemfile +19 -11
- data/Gemfile.lock +152 -119
- data/ISSUE_TEMPLATE.md +19 -0
- data/MIT-LICENSE +1 -1
- data/README.md +347 -93
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +20 -8
- data/app/controllers/devise/registrations_controller.rb +34 -19
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +4 -2
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +28 -14
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/bin/test +13 -0
- data/config/locales/en.yml +22 -17
- data/devise.gemspec +7 -6
- data/gemfiles/Gemfile.rails-4.1-stable +32 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +32 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.0-stable +33 -0
- data/gemfiles/Gemfile.rails-5.0-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
- data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
- data/guides/bug_report_templates/integration_test.rb +106 -0
- data/lib/devise.rb +107 -84
- data/lib/devise/controllers/helpers.rb +111 -31
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +39 -26
- data/lib/devise/controllers/store_location.rb +31 -2
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +98 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models.rb +3 -1
- data/lib/devise/models/authenticatable.rb +63 -36
- data/lib/devise/models/confirmable.rb +121 -41
- data/lib/devise/models/database_authenticatable.rb +66 -23
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +2 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +12 -3
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +2 -0
- data/lib/devise/parameter_sanitizer.rb +131 -69
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/secret_key_finder.rb +25 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -5
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/generators/active_record/devise_generator.rb +47 -10
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +9 -5
- data/lib/generators/devise/install_generator.rb +22 -0
- data/lib/generators/devise/orm_helpers.rb +8 -19
- data/lib/generators/devise/views_generator.rb +51 -28
- data/lib/generators/mongoid/devise_generator.rb +22 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +64 -35
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +42 -0
- data/test/controllers/custom_strategy_test.rb +10 -6
- data/test/controllers/helper_methods_test.rb +24 -0
- data/test/controllers/helpers_test.rb +88 -40
- data/test/controllers/inherited_controller_i18n_messages_test.rb +53 -0
- data/test/controllers/internal_helpers_test.rb +31 -22
- data/test/controllers/load_hooks_controller_test.rb +21 -0
- data/test/controllers/passwords_controller_test.rb +8 -5
- data/test/controllers/sessions_controller_test.rb +42 -33
- data/test/controllers/url_helpers_test.rb +13 -5
- data/test/delegator_test.rb +3 -1
- data/test/devise_test.rb +34 -19
- data/test/failure_app_test.rb +150 -42
- data/test/generators/active_record_generator_test.rb +58 -31
- data/test/generators/controllers_generator_test.rb +50 -0
- data/test/generators/devise_generator_test.rb +4 -2
- data/test/generators/install_generator_test.rb +16 -3
- data/test/generators/mongoid_generator_test.rb +5 -3
- data/test/generators/views_generator_test.rb +40 -2
- data/test/helpers/devise_helper_test.rb +20 -20
- data/test/integration/authenticatable_test.rb +134 -141
- data/test/integration/confirmable_test.rb +109 -67
- data/test/integration/database_authenticatable_test.rb +36 -23
- data/test/integration/http_authenticatable_test.rb +29 -20
- data/test/integration/lockable_test.rb +52 -49
- data/test/integration/mounted_engine_test.rb +38 -0
- data/test/integration/omniauthable_test.rb +30 -15
- data/test/integration/recoverable_test.rb +76 -61
- data/test/integration/registerable_test.rb +107 -91
- data/test/integration/rememberable_test.rb +82 -30
- data/test/integration/timeoutable_test.rb +48 -40
- data/test/integration/trackable_test.rb +15 -8
- data/test/mailers/confirmation_instructions_test.rb +16 -14
- data/test/mailers/email_changed_test.rb +132 -0
- data/test/mailers/mailer_test.rb +20 -0
- data/test/mailers/reset_password_instructions_test.rb +13 -11
- data/test/mailers/unlock_instructions_test.rb +12 -10
- data/test/mapping_test.rb +15 -6
- data/test/models/authenticatable_test.rb +15 -3
- data/test/models/confirmable_test.rb +190 -95
- data/test/models/database_authenticatable_test.rb +75 -41
- data/test/models/lockable_test.rb +115 -61
- data/test/models/omniauthable_test.rb +3 -1
- data/test/models/recoverable_test.rb +116 -37
- data/test/models/registerable_test.rb +3 -1
- data/test/models/rememberable_test.rb +95 -94
- data/test/models/serializable_test.rb +19 -8
- data/test/models/timeoutable_test.rb +10 -8
- data/test/models/trackable_test.rb +50 -1
- data/test/models/validatable_test.rb +24 -30
- data/test/models_test.rb +19 -8
- data/test/omniauth/config_test.rb +15 -11
- data/test/omniauth/url_helpers_test.rb +8 -9
- data/test/orm/active_record.rb +16 -2
- data/test/orm/mongoid.rb +4 -2
- data/test/parameter_sanitizer_test.rb +53 -57
- data/test/rails_app/app/active_record/admin.rb +2 -0
- data/test/rails_app/app/active_record/shim.rb +3 -1
- data/test/rails_app/app/active_record/user.rb +14 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +9 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +9 -0
- data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
- data/test/rails_app/app/active_record/user_without_email.rb +10 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/admins_controller.rb +3 -6
- data/test/rails_app/app/controllers/application_controller.rb +7 -3
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +32 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +33 -0
- data/test/rails_app/app/controllers/home_controller.rb +7 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +3 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -5
- data/test/rails_app/app/controllers/users_controller.rb +8 -6
- data/test/rails_app/app/helpers/application_helper.rb +2 -0
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +5 -0
- data/test/rails_app/app/mailers/users/mailer.rb +3 -10
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +6 -0
- data/test/rails_app/app/mongoid/admin.rb +13 -11
- data/test/rails_app/app/mongoid/shim.rb +4 -2
- data/test/rails_app/app/mongoid/user.rb +30 -19
- data/test/rails_app/app/mongoid/user_on_engine.rb +41 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +41 -0
- data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +35 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/config/application.rb +13 -5
- data/test/rails_app/config/boot.rb +17 -4
- data/test/rails_app/config/environment.rb +2 -0
- data/test/rails_app/config/environments/development.rb +2 -0
- data/test/rails_app/config/environments/production.rb +10 -2
- data/test/rails_app/config/environments/test.rb +14 -3
- data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
- data/test/rails_app/config/initializers/devise.rb +22 -21
- data/test/rails_app/config/initializers/inflections.rb +2 -0
- data/test/rails_app/config/initializers/secret_token.rb +3 -6
- data/test/rails_app/config/initializers/session_store.rb +2 -0
- data/test/rails_app/config/routes.rb +67 -43
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +16 -10
- data/test/rails_app/db/schema.rb +2 -0
- data/test/rails_app/lib/shared_admin.rb +10 -4
- data/test/rails_app/lib/shared_user.rb +4 -1
- data/test/rails_app/lib/shared_user_without_email.rb +28 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +15 -0
- data/test/rails_test.rb +11 -0
- data/test/routes_test.rb +92 -61
- data/test/secret_key_finder_test.rb +97 -0
- data/test/support/action_controller/record_identifier.rb +12 -0
- data/test/support/assertions.rb +4 -14
- data/test/support/helpers.rb +23 -10
- data/test/support/http_method_compatibility.rb +53 -0
- data/test/support/integration.rb +19 -16
- data/test/support/mongoid.yml +6 -0
- data/test/support/webrat/integrations/rails.rb +11 -0
- data/test/{test_helpers_test.rb → test/controller_helpers_test.rb} +60 -40
- data/test/test/integration_helpers_test.rb +34 -0
- data/test/test_helper.rb +9 -0
- data/test/test_models.rb +8 -6
- metadata +123 -53
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
@@ -1,19 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class ConfirmationTest <
|
5
|
+
class ConfirmationTest < Devise::IntegrationTest
|
4
6
|
|
5
7
|
def visit_user_confirmation_with_token(confirmation_token)
|
6
|
-
visit user_confirmation_path(:
|
8
|
+
visit user_confirmation_path(confirmation_token: confirmation_token)
|
7
9
|
end
|
8
10
|
|
9
11
|
def resend_confirmation
|
10
|
-
user = create_user(:
|
12
|
+
user = create_user(confirm: false)
|
11
13
|
ActionMailer::Base.deliveries.clear
|
12
14
|
|
13
15
|
visit new_user_session_path
|
14
16
|
click_link "Didn't receive confirmation instructions?"
|
15
17
|
|
16
|
-
fill_in 'email', :
|
18
|
+
fill_in 'email', with: user.email
|
17
19
|
click_button 'Resend confirmation instructions'
|
18
20
|
end
|
19
21
|
|
@@ -21,7 +23,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
21
23
|
resend_confirmation
|
22
24
|
|
23
25
|
assert_current_url '/users/sign_in'
|
24
|
-
assert_contain 'You will receive an email with instructions
|
26
|
+
assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
|
25
27
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
26
28
|
assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
|
27
29
|
end
|
@@ -35,28 +37,59 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
35
37
|
test 'user with invalid confirmation token should not be able to confirm an account' do
|
36
38
|
visit_user_confirmation_with_token('invalid_confirmation')
|
37
39
|
assert_have_selector '#error_explanation'
|
38
|
-
assert_contain
|
40
|
+
assert_contain %r{Confirmation token(.*)invalid}
|
39
41
|
end
|
40
42
|
|
41
43
|
test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
|
42
|
-
swap Devise, :
|
43
|
-
user = create_user(:
|
44
|
-
|
44
|
+
swap Devise, confirm_within: 3.days do
|
45
|
+
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
46
|
+
refute user.confirmed?
|
45
47
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
46
48
|
|
47
49
|
assert_have_selector '#error_explanation'
|
48
|
-
assert_contain
|
49
|
-
|
50
|
+
assert_contain %r{needs to be confirmed within 3 days}
|
51
|
+
refute user.reload.confirmed?
|
52
|
+
assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}"
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine it should raise an error' do
|
57
|
+
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
58
|
+
|
59
|
+
swap Devise, confirm_within: 3.days, router_name: :fake_engine do
|
60
|
+
assert_raise ActionView::Template::Error do
|
61
|
+
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine and route overrides back to main it shows the path' do
|
67
|
+
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
68
|
+
|
69
|
+
swap Devise, confirm_within: 3.days, router_name: :fake_engine do
|
70
|
+
visit user_on_main_app_confirmation_path(confirmation_token: user.raw_confirmation_token)
|
71
|
+
|
72
|
+
assert_current_url "/user_on_main_apps/confirmation?confirmation_token=#{user.raw_confirmation_token}"
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
test 'user with valid confirmation token where the token has expired with router overrides different engine it shows the path' do
|
77
|
+
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
78
|
+
|
79
|
+
swap Devise, confirm_within: 3.days do
|
80
|
+
visit user_on_engine_confirmation_path(confirmation_token: user.raw_confirmation_token)
|
81
|
+
|
82
|
+
assert_current_url "/user_on_engines/confirmation?confirmation_token=#{user.raw_confirmation_token}"
|
50
83
|
end
|
51
84
|
end
|
52
85
|
|
53
86
|
test 'user with valid confirmation token should be able to confirm an account before the token has expired' do
|
54
|
-
swap Devise, :
|
55
|
-
user = create_user(:
|
56
|
-
|
87
|
+
swap Devise, confirm_within: 3.days do
|
88
|
+
user = create_user(confirm: false, confirmation_sent_at: 2.days.ago)
|
89
|
+
refute user.confirmed?
|
57
90
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
58
91
|
|
59
|
-
assert_contain 'Your
|
92
|
+
assert_contain 'Your email address has been successfully confirmed.'
|
60
93
|
assert_current_url '/users/sign_in'
|
61
94
|
assert user.reload.confirmed?
|
62
95
|
end
|
@@ -65,14 +98,14 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
65
98
|
test 'user should be redirected to a custom path after confirmation' do
|
66
99
|
Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1")
|
67
100
|
|
68
|
-
user = create_user(:
|
101
|
+
user = create_user(confirm: false)
|
69
102
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
70
103
|
|
71
104
|
assert_current_url "/?custom=1"
|
72
105
|
end
|
73
106
|
|
74
107
|
test 'already confirmed user should not be able to confirm the account again' do
|
75
|
-
user = create_user(:
|
108
|
+
user = create_user(confirm: false)
|
76
109
|
user.confirmed_at = Time.now
|
77
110
|
user.save
|
78
111
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
@@ -82,41 +115,41 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
82
115
|
end
|
83
116
|
|
84
117
|
test 'already confirmed user should not be able to confirm the account again neither request confirmation' do
|
85
|
-
user = create_user(:
|
118
|
+
user = create_user(confirm: false)
|
86
119
|
user.confirmed_at = Time.now
|
87
120
|
user.save
|
88
121
|
|
89
122
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
90
123
|
assert_contain 'already confirmed'
|
91
124
|
|
92
|
-
fill_in 'email', :
|
125
|
+
fill_in 'email', with: user.email
|
93
126
|
click_button 'Resend confirmation instructions'
|
94
127
|
assert_contain 'already confirmed'
|
95
128
|
end
|
96
129
|
|
97
130
|
test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
|
98
|
-
swap Devise, :
|
99
|
-
sign_in_as_user(:
|
131
|
+
swap Devise, allow_unconfirmed_access_for: 0.days do
|
132
|
+
sign_in_as_user(confirm: false)
|
100
133
|
|
101
|
-
assert_contain 'You have to confirm your
|
102
|
-
|
134
|
+
assert_contain 'You have to confirm your email address before continuing'
|
135
|
+
refute warden.authenticated?(:user)
|
103
136
|
end
|
104
137
|
end
|
105
138
|
|
106
139
|
test 'not confirmed user should not see confirmation message if invalid credentials are given' do
|
107
|
-
swap Devise, :
|
108
|
-
sign_in_as_user(:
|
109
|
-
fill_in 'password', :
|
140
|
+
swap Devise, allow_unconfirmed_access_for: 0.days do
|
141
|
+
sign_in_as_user(confirm: false) do
|
142
|
+
fill_in 'password', with: 'invalid'
|
110
143
|
end
|
111
144
|
|
112
|
-
assert_contain 'Invalid
|
113
|
-
|
145
|
+
assert_contain 'Invalid Email or password'
|
146
|
+
refute warden.authenticated?(:user)
|
114
147
|
end
|
115
148
|
end
|
116
149
|
|
117
150
|
test 'not confirmed user but configured with some days to confirm should be able to sign in' do
|
118
|
-
swap Devise, :
|
119
|
-
sign_in_as_user(:
|
151
|
+
swap Devise, allow_unconfirmed_access_for: 1.day do
|
152
|
+
sign_in_as_user(confirm: false)
|
120
153
|
|
121
154
|
assert_response :success
|
122
155
|
assert warden.authenticated?(:user)
|
@@ -124,138 +157,147 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
124
157
|
end
|
125
158
|
|
126
159
|
test 'unconfirmed but signed in user should be redirected to their root path' do
|
127
|
-
swap Devise, :
|
128
|
-
user = sign_in_as_user(:
|
160
|
+
swap Devise, allow_unconfirmed_access_for: 1.day do
|
161
|
+
user = sign_in_as_user(confirm: false)
|
129
162
|
|
130
163
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
131
|
-
assert_contain 'Your
|
164
|
+
assert_contain 'Your email address has been successfully confirmed.'
|
132
165
|
assert_current_url '/'
|
133
166
|
end
|
134
167
|
end
|
135
168
|
|
169
|
+
test 'user should be redirected to sign in page whenever signed in as another resource at same session already' do
|
170
|
+
sign_in_as_admin
|
171
|
+
|
172
|
+
user = create_user(confirm: false)
|
173
|
+
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
174
|
+
|
175
|
+
assert_current_url '/users/sign_in'
|
176
|
+
end
|
177
|
+
|
136
178
|
test 'error message is configurable by resource name' do
|
137
|
-
store_translations :en, :
|
138
|
-
:
|
179
|
+
store_translations :en, devise: {
|
180
|
+
failure: { user: { unconfirmed: "Not confirmed user" } }
|
139
181
|
} do
|
140
|
-
sign_in_as_user(:
|
182
|
+
sign_in_as_user(confirm: false)
|
141
183
|
assert_contain 'Not confirmed user'
|
142
184
|
end
|
143
185
|
end
|
144
186
|
|
145
187
|
test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
|
146
|
-
user = create_user(:
|
147
|
-
post user_confirmation_path(:
|
188
|
+
user = create_user(confirm: false)
|
189
|
+
post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
|
148
190
|
assert_response :success
|
149
191
|
assert_equal response.body, {}.to_xml
|
150
192
|
end
|
151
193
|
|
152
194
|
test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
|
153
|
-
create_user(:
|
154
|
-
post user_confirmation_path(:
|
195
|
+
create_user(confirm: false)
|
196
|
+
post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
|
155
197
|
assert_response :unprocessable_entity
|
156
198
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
157
199
|
end
|
158
200
|
|
159
201
|
test 'confirm account with valid confirmation token in XML format should return valid response' do
|
160
|
-
user = create_user(:
|
161
|
-
get user_confirmation_path(:
|
202
|
+
user = create_user(confirm: false)
|
203
|
+
get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml')
|
162
204
|
assert_response :success
|
163
205
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
164
206
|
end
|
165
207
|
|
166
208
|
test 'confirm account with invalid confirmation token in XML format should return invalid response' do
|
167
|
-
create_user(:
|
168
|
-
get user_confirmation_path(:
|
209
|
+
create_user(confirm: false)
|
210
|
+
get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml')
|
169
211
|
assert_response :unprocessable_entity
|
170
212
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
171
213
|
end
|
172
214
|
|
173
215
|
test 'request an account confirmation account with JSON, should return an empty JSON' do
|
174
|
-
user = create_user(:
|
216
|
+
user = create_user(confirm: false)
|
175
217
|
|
176
|
-
post user_confirmation_path, :user
|
218
|
+
post user_confirmation_path, params: { user: { email: user.email }, format: :json }
|
177
219
|
assert_response :success
|
178
220
|
assert_equal response.body, {}.to_json
|
179
221
|
end
|
180
222
|
|
181
223
|
test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
|
182
|
-
swap Devise, :
|
183
|
-
user = create_user(:
|
224
|
+
swap Devise, paranoid: true do
|
225
|
+
user = create_user(confirm: false)
|
184
226
|
visit new_user_session_path
|
185
227
|
|
186
228
|
click_link "Didn't receive confirmation instructions?"
|
187
|
-
fill_in 'email', :
|
229
|
+
fill_in 'email', with: user.email
|
188
230
|
click_button 'Resend confirmation instructions'
|
189
231
|
|
190
|
-
assert_contain "If your email address exists in our database, you will receive an email with instructions
|
232
|
+
assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
|
191
233
|
assert_current_url "/users/sign_in"
|
192
234
|
end
|
193
235
|
end
|
194
236
|
|
195
237
|
test "when in paranoid mode and with a invalid e-mail, should not say that the e-mail is invalid" do
|
196
|
-
swap Devise, :
|
238
|
+
swap Devise, paranoid: true do
|
197
239
|
visit new_user_session_path
|
198
240
|
|
199
241
|
click_link "Didn't receive confirmation instructions?"
|
200
|
-
fill_in 'email', :
|
242
|
+
fill_in 'email', with: "idonthavethisemail@gmail.com"
|
201
243
|
click_button 'Resend confirmation instructions'
|
202
244
|
|
203
245
|
assert_not_contain "1 error prohibited this user from being saved:"
|
204
246
|
assert_not_contain "Email not found"
|
205
247
|
|
206
|
-
assert_contain "If your email address exists in our database, you will receive an email with instructions
|
248
|
+
assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
|
207
249
|
assert_current_url "/users/sign_in"
|
208
250
|
end
|
209
251
|
end
|
210
252
|
end
|
211
253
|
|
212
|
-
class ConfirmationOnChangeTest <
|
254
|
+
class ConfirmationOnChangeTest < Devise::IntegrationTest
|
213
255
|
def create_second_admin(options={})
|
214
256
|
@admin = nil
|
215
257
|
create_admin(options)
|
216
258
|
end
|
217
259
|
|
218
260
|
def visit_admin_confirmation_with_token(confirmation_token)
|
219
|
-
visit admin_confirmation_path(:
|
261
|
+
visit admin_confirmation_path(confirmation_token: confirmation_token)
|
220
262
|
end
|
221
263
|
|
222
264
|
test 'admin should be able to request a new confirmation after email changed' do
|
223
265
|
admin = create_admin
|
224
|
-
admin.update_attributes(:
|
266
|
+
admin.update_attributes(email: 'new_test@example.com')
|
225
267
|
|
226
268
|
visit new_admin_session_path
|
227
269
|
click_link "Didn't receive confirmation instructions?"
|
228
270
|
|
229
|
-
fill_in 'email', :
|
271
|
+
fill_in 'email', with: admin.unconfirmed_email
|
230
272
|
assert_difference "ActionMailer::Base.deliveries.size" do
|
231
273
|
click_button 'Resend confirmation instructions'
|
232
274
|
end
|
233
275
|
|
234
276
|
assert_current_url '/admin_area/sign_in'
|
235
|
-
assert_contain 'You will receive an email with instructions
|
277
|
+
assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
|
236
278
|
end
|
237
279
|
|
238
280
|
test 'admin with valid confirmation token should be able to confirm email after email changed' do
|
239
281
|
admin = create_admin
|
240
|
-
admin.update_attributes(:
|
282
|
+
admin.update_attributes(email: 'new_test@example.com')
|
241
283
|
assert_equal 'new_test@example.com', admin.unconfirmed_email
|
242
284
|
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
243
285
|
|
244
|
-
assert_contain 'Your
|
286
|
+
assert_contain 'Your email address has been successfully confirmed.'
|
245
287
|
assert_current_url '/admin_area/sign_in'
|
246
288
|
assert admin.reload.confirmed?
|
247
|
-
|
289
|
+
refute admin.reload.pending_reconfirmation?
|
248
290
|
end
|
249
291
|
|
250
292
|
test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do
|
251
293
|
admin = create_admin
|
252
|
-
admin.update_attributes(:
|
294
|
+
admin.update_attributes(email: 'first_test@example.com')
|
253
295
|
assert_equal 'first_test@example.com', admin.unconfirmed_email
|
254
296
|
|
255
297
|
raw_confirmation_token = admin.raw_confirmation_token
|
256
298
|
admin = Admin.find(admin.id)
|
257
299
|
|
258
|
-
admin.update_attributes(:
|
300
|
+
admin.update_attributes(email: 'second_test@example.com')
|
259
301
|
assert_equal 'second_test@example.com', admin.unconfirmed_email
|
260
302
|
|
261
303
|
visit_admin_confirmation_with_token(raw_confirmation_token)
|
@@ -263,18 +305,18 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
|
|
263
305
|
assert_contain(/Confirmation token(.*)invalid/)
|
264
306
|
|
265
307
|
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
266
|
-
assert_contain 'Your
|
308
|
+
assert_contain 'Your email address has been successfully confirmed.'
|
267
309
|
assert_current_url '/admin_area/sign_in'
|
268
310
|
assert admin.reload.confirmed?
|
269
|
-
|
311
|
+
refute admin.reload.pending_reconfirmation?
|
270
312
|
end
|
271
313
|
|
272
314
|
test 'admin email should be unique also within unconfirmed_email' do
|
273
315
|
admin = create_admin
|
274
|
-
admin.update_attributes(:
|
316
|
+
admin.update_attributes(email: 'new_admin_test@example.com')
|
275
317
|
assert_equal 'new_admin_test@example.com', admin.unconfirmed_email
|
276
318
|
|
277
|
-
create_second_admin(:
|
319
|
+
create_second_admin(email: "new_admin_test@example.com")
|
278
320
|
|
279
321
|
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
280
322
|
assert_have_selector '#error_explanation'
|
@@ -1,84 +1,97 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class DatabaseAuthenticationTest <
|
5
|
+
class DatabaseAuthenticationTest < Devise::IntegrationTest
|
4
6
|
test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
|
5
|
-
create_user(:
|
7
|
+
create_user(email: 'Foo@Bar.com')
|
6
8
|
|
7
9
|
sign_in_as_user do
|
8
|
-
fill_in 'email', :
|
10
|
+
fill_in 'email', with: 'foo@bar.com'
|
9
11
|
end
|
10
12
|
|
11
13
|
assert warden.authenticated?(:user)
|
12
14
|
end
|
13
15
|
|
14
16
|
test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
|
15
|
-
swap Devise, :
|
16
|
-
create_user(:
|
17
|
+
swap Devise, case_insensitive_keys: [] do
|
18
|
+
create_user(email: 'Foo@Bar.com')
|
17
19
|
|
18
20
|
sign_in_as_user do
|
19
|
-
fill_in 'email', :
|
21
|
+
fill_in 'email', with: 'foo@bar.com'
|
20
22
|
end
|
21
23
|
|
22
|
-
|
24
|
+
refute warden.authenticated?(:user)
|
23
25
|
end
|
24
26
|
end
|
25
27
|
|
26
28
|
test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
|
27
|
-
create_user(:
|
29
|
+
create_user(email: ' foo@bar.com ')
|
28
30
|
|
29
31
|
sign_in_as_user do
|
30
|
-
fill_in 'email', :
|
32
|
+
fill_in 'email', with: 'foo@bar.com'
|
31
33
|
end
|
32
34
|
|
33
35
|
assert warden.authenticated?(:user)
|
34
36
|
end
|
35
37
|
|
36
38
|
test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
|
37
|
-
swap Devise, :
|
38
|
-
create_user(:
|
39
|
+
swap Devise, strip_whitespace_keys: [] do
|
40
|
+
create_user(email: 'foo@bar.com')
|
39
41
|
|
40
42
|
sign_in_as_user do
|
41
|
-
fill_in 'email', :
|
43
|
+
fill_in 'email', with: ' foo@bar.com '
|
42
44
|
end
|
43
45
|
|
44
|
-
|
46
|
+
refute warden.authenticated?(:user)
|
45
47
|
end
|
46
48
|
end
|
47
49
|
|
48
50
|
test 'sign in should not authenticate if not using proper authentication keys' do
|
49
|
-
swap Devise, :
|
51
|
+
swap Devise, authentication_keys: [:username] do
|
50
52
|
sign_in_as_user
|
51
|
-
|
53
|
+
refute warden.authenticated?(:user)
|
52
54
|
end
|
53
55
|
end
|
54
56
|
|
55
57
|
test 'sign in with invalid email should return to sign in form with error message' do
|
56
|
-
store_translations :en, :
|
58
|
+
store_translations :en, devise: { failure: { admin: { not_found_in_database: 'Invalid email address' } } } do
|
57
59
|
sign_in_as_admin do
|
58
|
-
fill_in 'email', :
|
60
|
+
fill_in 'email', with: 'wrongemail@test.com'
|
59
61
|
end
|
60
62
|
|
61
63
|
assert_contain 'Invalid email address'
|
62
|
-
|
64
|
+
refute warden.authenticated?(:admin)
|
63
65
|
end
|
64
66
|
end
|
65
67
|
|
66
68
|
test 'sign in with invalid pasword should return to sign in form with error message' do
|
67
69
|
sign_in_as_admin do
|
68
|
-
fill_in 'password', :
|
70
|
+
fill_in 'password', with: 'abcdef'
|
69
71
|
end
|
70
72
|
|
71
|
-
assert_contain 'Invalid
|
72
|
-
|
73
|
+
assert_contain 'Invalid Email or password'
|
74
|
+
refute warden.authenticated?(:admin)
|
73
75
|
end
|
74
76
|
|
75
77
|
test 'error message is configurable by resource name' do
|
76
|
-
store_translations :en, :
|
78
|
+
store_translations :en, devise: { failure: { admin: { invalid: "Invalid credentials" } } } do
|
77
79
|
sign_in_as_admin do
|
78
|
-
fill_in 'password', :
|
80
|
+
fill_in 'password', with: 'abcdef'
|
79
81
|
end
|
80
82
|
|
81
83
|
assert_contain 'Invalid credentials'
|
82
84
|
end
|
83
85
|
end
|
86
|
+
|
87
|
+
test 'valid sign in calls after_database_authentication callback' do
|
88
|
+
user = create_user(email: ' foo@bar.com ')
|
89
|
+
|
90
|
+
User.expects(:find_for_database_authentication).returns user
|
91
|
+
user.expects :after_database_authentication
|
92
|
+
|
93
|
+
sign_in_as_user do
|
94
|
+
fill_in 'email', with: 'foo@bar.com'
|
95
|
+
end
|
96
|
+
end
|
84
97
|
end
|