devise 3.2.1 → 4.4.3

data/test/integration/http_authenticatable_test.rb

@@ -1,33 +1,43 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
-class HttpAuthenticationTest < ActionDispatch::IntegrationTest
+class HttpAuthenticationTest < Devise::IntegrationTest
+  test 'sign in with HTTP should not run model validations' do
+    sign_in_as_new_user_with_http
+
+    refute User.validations_performed
+  end
+
   test 'handles unverified requests gets rid of caches but continues signed in' do
-    swap ApplicationController, :allow_forgery_protection => true do
+    swap ApplicationController, allow_forgery_protection: true do
       create_user
-      post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
+      post exhibit_user_url(1), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" }
       assert warden.authenticated?(:user)
       assert_equal "User is authenticated", response.body
     end
   end
 
   test 'sign in should authenticate with http' do
-    sign_in_as_new_user_with_http
-    assert_response 200
-    assert_match '<email>user@test.com</email>', response.body
-    assert warden.authenticated?(:user)
+    swap Devise, skip_session_storage: [] do
+      sign_in_as_new_user_with_http
+      assert_response 200
+      assert_match '<email>user@test.com</email>', response.body
+      assert warden.authenticated?(:user)
 
-    get users_path(:format => :xml)
-    assert_response 200
+      get users_path(format: :xml)
+      assert_response 200
+    end
   end
 
   test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
-    swap Devise, :skip_session_storage => [:http_auth] do
+    swap Devise, skip_session_storage: [:http_auth] do
       sign_in_as_new_user_with_http
       assert_response 200
       assert_match '<email>user@test.com</email>', response.body
       assert warden.authenticated?(:user)
 
-      get users_path(:format => :xml)
+      get users_path(format: :xml)
       assert_response 401
     end
   end
@@ -42,11 +52,11 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
     sign_in_as_new_user_with_http("unknown")
     assert_equal 401, status
     assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
-    assert_match "<error>Invalid email or password.</error>", response.body
+    assert_match "<error>Invalid Email or password.</error>", response.body
   end
 
   test 'returns a custom response with www-authenticate and chosen realm' do
-    swap Devise, :http_authentication_realm => "MyApp" do
+    swap Devise, http_authentication_realm: "MyApp" do
       sign_in_as_new_user_with_http("unknown")
       assert_equal 401, status
       assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
@@ -54,7 +64,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   test 'sign in should authenticate with http even with specific authentication keys' do
-    swap Devise, :authentication_keys => [:username] do
+    swap Devise, authentication_keys: [:username] do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
       assert_match '<email>user@test.com</email>', response.body
@@ -63,7 +73,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   test 'it uses appropriate authentication_keys when configured with hash' do
-    swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:username, false, :email, false] do
+    swap Devise, authentication_keys: { username: false, email: false } do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
       assert_match '<email>user@test.com</email>', response.body
@@ -72,7 +82,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   test 'it uses the appropriate key when configured explicitly' do
-    swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:email, false, :username, false], :http_authentication_key => :username do
+    swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
       assert_match '<email>user@test.com</email>', response.body
@@ -81,7 +91,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
-    swap Devise, :http_authenticatable => true do
+    swap Devise, http_authenticatable: true do
       add_oauth2_header
       assert_equal 401, status
       assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
@@ -89,17 +99,16 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   private
-
     def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
       user = create_user
-      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
+      get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
       user
     end
 
     # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
     def add_oauth2_header
       user = create_user
-      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
+      get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
     end
 
 end

data/test/integration/lockable_test.rb

@@ -1,20 +1,22 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
-class LockTest < ActionDispatch::IntegrationTest
+class LockTest < Devise::IntegrationTest
 
   def visit_user_unlock_with_token(unlock_token)
-    visit user_unlock_path(:unlock_token => unlock_token)
+    visit user_unlock_path(unlock_token: unlock_token)
   end
 
   def send_unlock_request
-    user = create_user(:locked => true)
+    user = create_user(locked: true)
     ActionMailer::Base.deliveries.clear
 
     visit new_user_session_path
     click_link "Didn't receive unlock instructions?"
 
     Devise.stubs(:friendly_token).returns("abcdef")
-    fill_in 'email', :with => user.email
+    fill_in 'email', with: user.email
     click_button 'Resend unlock instructions'
   end
 
@@ -22,7 +24,7 @@ class LockTest < ActionDispatch::IntegrationTest
     send_unlock_request
 
     assert_template 'sessions/new'
-    assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
+    assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes'
 
     mail = ActionMailer::Base.deliveries.last
     assert_equal 1, ActionMailer::Base.deliveries.size
@@ -39,13 +41,13 @@ class LockTest < ActionDispatch::IntegrationTest
   end
 
   test 'unlocked user should not be able to request a unlock token' do
-    user = create_user(:locked => false)
+    user = create_user(locked: false)
     ActionMailer::Base.deliveries.clear
 
     visit new_user_session_path
     click_link "Didn't receive unlock instructions?"
 
-    fill_in 'email', :with => user.email
+    fill_in 'email', with: user.email
     click_button 'Resend unlock instructions'
 
     assert_template 'unlocks/new'
@@ -75,7 +77,7 @@ class LockTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert_current_url '/users/unlock?unlock_token=invalid_token'
     assert_have_selector '#error_explanation'
-    assert_contain /Unlock token(.*)invalid/
+    assert_contain %r{Unlock token(.*)invalid}
   end
 
   test "locked user should be able to unlock account" do
@@ -85,64 +87,65 @@ class LockTest < ActionDispatch::IntegrationTest
 
     assert_current_url "/users/sign_in"
     assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
-    assert_not user.reload.access_locked?
+    refute user.reload.access_locked?
   end
 
   test "user should not send a new e-mail if already locked" do
-    user = create_user(:locked => true)
+    user = create_user(locked: true)
     user.failed_attempts = User.maximum_attempts + 1
     user.save!
 
     ActionMailer::Base.deliveries.clear
 
-    sign_in_as_user(:password => "invalid")
+    sign_in_as_user(password: "invalid")
     assert_contain 'Your account is locked.'
     assert ActionMailer::Base.deliveries.empty?
   end
 
   test 'error message is configurable by resource name' do
-    store_translations :en, :devise => {
-        :failure => {:user => {:locked => "You are locked!"}}
+    store_translations :en, devise: {
+        failure: {user: {locked: "You are locked!"}}
     } do
 
-      user = create_user(:locked => true)
+      user = create_user(locked: true)
       user.failed_attempts = User.maximum_attempts + 1
       user.save!
 
-      sign_in_as_user(:password => "invalid")
+      sign_in_as_user(password: "invalid")
       assert_contain "You are locked!"
     end
   end
 
   test "user should not be able to sign in when locked" do
-    store_translations :en, :devise => {
-        :failure => {:user => {:locked => "You are locked!"}}
+    store_translations :en, devise: {
+        failure: {user: {locked: "You are locked!"}}
     } do
 
-      user = create_user(:locked => true)
+      user = create_user(locked: true)
       user.failed_attempts = User.maximum_attempts + 1
       user.save!
 
-      sign_in_as_user(:password => "123456")
+      sign_in_as_user(password: "123456")
       assert_contain "You are locked!"
     end
   end
 
   test 'user should be able to request a new unlock token via XML request' do
-    user = create_user(:locked => true)
+    user = create_user(locked: true)
     ActionMailer::Base.deliveries.clear
 
-    post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
+    post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
     assert_response :success
     assert_equal response.body, {}.to_xml
+
     assert_equal 1, ActionMailer::Base.deliveries.size
   end
 
   test 'unlocked user should not be able to request a unlock token via XML request' do
-    user = create_user(:locked => false)
+    user = create_user(locked: false)
     ActionMailer::Base.deliveries.clear
 
-    post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
+    post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
     assert_response :unprocessable_entity
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
     assert_equal 0, ActionMailer::Base.deliveries.size
@@ -152,84 +155,84 @@ class LockTest < ActionDispatch::IntegrationTest
     user = create_user()
     raw  = user.lock_access!
     assert user.access_locked?
-    get user_unlock_path(:format => 'xml', :unlock_token => raw)
+    get user_unlock_path(format: 'xml', unlock_token: raw)
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
 
 
   test 'user with invalid unlock token should not be able to unlock the account via XML request' do
-    get user_unlock_path(:format => 'xml', :unlock_token => 'invalid_token')
+    get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
     assert_response :unprocessable_entity
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test "when using json to ask a unlock request, should not return the user" do
-    user = create_user(:locked => true)
-    post user_unlock_path(:format => "json", :user => {:email => user.email})
+    user = create_user(locked: true)
+    post user_unlock_path(format: "json", user: {email: user.email})
     assert_response :success
     assert_equal response.body, {}.to_json
   end
 
-  test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
-    swap Devise, :paranoid => true do
-      user = create_user(:locked => true)
+  test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do
+    swap Devise, paranoid: true do
+      user = create_user(locked: true)
 
       visit new_user_session_path
       click_link "Didn't receive unlock instructions?"
 
-      fill_in 'email', :with => user.email
+      fill_in 'email', with: user.email
       click_button 'Resend unlock instructions'
 
       assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
     end
   end
 
-  test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
-    swap Devise, :paranoid => true do
-      user = create_user(:locked => false)
+  test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is not locked" do
+    swap Devise, paranoid: true do
+      user = create_user(locked: false)
 
       visit new_user_session_path
       click_link "Didn't receive unlock instructions?"
 
-      fill_in 'email', :with => user.email
+      fill_in 'email', with: user.email
       click_button 'Resend unlock instructions'
 
       assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
     end
   end
 
-  test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
-    swap Devise, :paranoid => true do
+  test "in paranoid mode, when trying to unlock a user that does not exists it should not say that it does not exists" do
+    swap Devise, paranoid: true do
       visit new_user_session_path
       click_link "Didn't receive unlock instructions?"
 
-      fill_in 'email', :with => "arandomemail@hotmail.com"
+      fill_in 'email', with: "arandomemail@hotmail.com"
       click_button 'Resend unlock instructions'
 
       assert_not_contain "1 error prohibited this user from being saved:"
       assert_not_contain "Email not found"
       assert_current_url "/users/sign_in"
 
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
 
     end
   end
 
   test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
-    swap Devise, :paranoid => true, :maximum_attempts => 1 do
-      user = create_user(:locked => false)
+    swap Devise, paranoid: true, maximum_attempts: 1 do
+      user = create_user(locked: false)
 
       visit new_user_session_path
-      fill_in 'email', :with => user.email
-      fill_in 'password', :with => "abadpassword"
-      click_button 'Sign in'
+      fill_in 'email', with: user.email
+      fill_in 'password', with: "abadpassword"
+      click_button 'Log in'
 
-      fill_in 'email', :with => user.email
-      fill_in 'password', :with => "abadpassword"
-      click_button 'Sign in'
+      fill_in 'email', with: user.email
+      fill_in 'password', with: "abadpassword"
+      click_button 'Log in'
 
       assert_current_url "/users/sign_in"
       assert_not_contain "locked"

data/test/integration/mounted_engine_test.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class MyMountableEngine
+  def self.call(env)
+    ['200', { 'Content-Type' => 'text/html' }, ['Rendered content of MyMountableEngine']]
+  end
+end
+
+# If disable_clear_and_finalize is set to true, Rails will not clear other routes when calling
+# again the draw method. Look at the source code at:
+# http://www.rubydoc.info/docs/rails/ActionDispatch/Routing/RouteSet:draw
+Rails.application.routes.disable_clear_and_finalize = true
+
+Rails.application.routes.draw do
+  authenticate(:user) do
+    mount MyMountableEngine, at: '/mountable_engine'
+  end
+end
+
+class AuthenticatedMountedEngineTest < Devise::IntegrationTest
+  test 'redirects to the sign in page when not authenticated' do
+    get '/mountable_engine'
+    follow_redirect!
+
+    assert_response :ok
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+
+  test 'renders the mounted engine when authenticated' do
+    sign_in_as_user
+    get '/mountable_engine'
+
+    assert_response :success
+    assert_contain 'Rendered content of MyMountableEngine'
+  end
+end

data/test/integration/omniauthable_test.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 
-class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
+class OmniauthableIntegrationTest < Devise::IntegrationTest
   FACEBOOK_INFO = {
     "id" => '12345',
     "link" => 'http://facebook.com/josevalim',
@@ -20,9 +22,11 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
       "credentials" => {"token" => 'plataformatec'},
       "extra" => {"user_hash" => FACEBOOK_INFO}
     }
+    OmniAuth.config.add_camelization 'facebook', 'FaceBook'
   end
 
   teardown do
+    OmniAuth.config.camelizations.delete('facebook')
     OmniAuth.config.test_mode = false
   end
 
@@ -38,9 +42,20 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
     end
   end
 
+  test "omniauth sign in should not run model validations" do
+    stub_action!(:sign_in_facebook) do
+      create_user
+      visit "/users/sign_in"
+      click_link "Sign in with FaceBook"
+      assert warden.authenticated?(:user)
+
+      refute User.validations_performed
+    end
+  end
+
   test "can access omniauth.auth in the env hash" do
     visit "/users/sign_in"
-    click_link "Sign in with Facebook"
+    click_link "Sign in with FaceBook"
 
     json = ActiveSupport::JSON.decode(response.body)
 
@@ -54,28 +69,28 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
   test "cleans up session on sign up" do
     assert_no_difference "User.count" do
       visit "/users/sign_in"
-      click_link "Sign in with Facebook"
+      click_link "Sign in with FaceBook"
     end
 
     assert session["devise.facebook_data"]
 
     assert_difference "User.count" do
       visit "/users/sign_up"
-      fill_in "Password", :with => "12345678"
-      fill_in "Password confirmation", :with => "12345678"
+      fill_in "Password", with: "12345678"
+      fill_in "Password confirmation", with: "12345678"
       click_button "Sign up"
     end
 
     assert_current_url "/"
     assert_contain "You have signed up successfully."
     assert_contain "Hello User user@example.com"
-    assert_not session["devise.facebook_data"]
+    refute session["devise.facebook_data"]
   end
 
   test "cleans up session on cancel" do
     assert_no_difference "User.count" do
       visit "/users/sign_in"
-      click_link "Sign in with Facebook"
+      click_link "Sign in with FaceBook"
     end
 
     assert session["devise.facebook_data"]
@@ -86,7 +101,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
   test "cleans up session on sign in" do
     assert_no_difference "User.count" do
       visit "/users/sign_in"
-      click_link "Sign in with Facebook"
+      click_link "Sign in with FaceBook"
     end
 
     assert session["devise.facebook_data"]
@@ -96,13 +111,13 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
 
   test "sign in and send remember token if configured" do
     visit "/users/sign_in"
-    click_link "Sign in with Facebook"
+    click_link "Sign in with FaceBook"
     assert_nil warden.cookies["remember_user_token"]
 
     stub_action!(:sign_in_facebook) do
       create_user
       visit "/users/sign_in"
-      click_link "Sign in with Facebook"
+      click_link "Sign in with FaceBook"
       assert warden.authenticated?(:user)
       assert warden.cookies["remember_user_token"]
     end
@@ -111,23 +126,23 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
   test "generates a proper link when SCRIPT_NAME is set" do
     header 'SCRIPT_NAME', '/q'
     visit "/users/sign_in"
-    assert_select "a", :href => "/q/users/auth/facebook"
+    assert_select "a", href: "/q/users/auth/facebook"
   end
 
   test "handles callback error parameter according to the specification" do
     OmniAuth.config.mock_auth[:facebook] = :access_denied
     visit "/users/auth/facebook/callback?error=access_denied"
     assert_current_url "/users/sign_in"
-    assert_contain 'Could not authenticate you from Facebook because "Access denied".'
+    assert_contain 'Could not authenticate you from FaceBook because "Access denied".'
   end
 
-  test "handles other exceptions from omniauth" do
+  test "handles other exceptions from OmniAuth" do
     OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
 
     visit "/users/sign_in"
-    click_link "Sign in with Facebook"
+    click_link "Sign in with FaceBook"
 
     assert_current_url "/users/sign_in"
-    assert_contain 'Could not authenticate you from Facebook because "Invalid credentials".'
+    assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
   end
 end