devise 3.2.1 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +58 -10
- data/CHANGELOG.md +199 -979
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +73 -8
- data/Gemfile +19 -11
- data/Gemfile.lock +152 -119
- data/ISSUE_TEMPLATE.md +19 -0
- data/MIT-LICENSE +1 -1
- data/README.md +347 -93
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +20 -8
- data/app/controllers/devise/registrations_controller.rb +34 -19
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +4 -2
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +28 -14
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/bin/test +13 -0
- data/config/locales/en.yml +22 -17
- data/devise.gemspec +7 -6
- data/gemfiles/Gemfile.rails-4.1-stable +32 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +32 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.0-stable +33 -0
- data/gemfiles/Gemfile.rails-5.0-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
- data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
- data/guides/bug_report_templates/integration_test.rb +106 -0
- data/lib/devise.rb +107 -84
- data/lib/devise/controllers/helpers.rb +111 -31
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +39 -26
- data/lib/devise/controllers/store_location.rb +31 -2
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +98 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models.rb +3 -1
- data/lib/devise/models/authenticatable.rb +63 -36
- data/lib/devise/models/confirmable.rb +121 -41
- data/lib/devise/models/database_authenticatable.rb +66 -23
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +2 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +12 -3
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +2 -0
- data/lib/devise/parameter_sanitizer.rb +131 -69
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/secret_key_finder.rb +25 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -5
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/generators/active_record/devise_generator.rb +47 -10
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +9 -5
- data/lib/generators/devise/install_generator.rb +22 -0
- data/lib/generators/devise/orm_helpers.rb +8 -19
- data/lib/generators/devise/views_generator.rb +51 -28
- data/lib/generators/mongoid/devise_generator.rb +22 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +64 -35
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +42 -0
- data/test/controllers/custom_strategy_test.rb +10 -6
- data/test/controllers/helper_methods_test.rb +24 -0
- data/test/controllers/helpers_test.rb +88 -40
- data/test/controllers/inherited_controller_i18n_messages_test.rb +53 -0
- data/test/controllers/internal_helpers_test.rb +31 -22
- data/test/controllers/load_hooks_controller_test.rb +21 -0
- data/test/controllers/passwords_controller_test.rb +8 -5
- data/test/controllers/sessions_controller_test.rb +42 -33
- data/test/controllers/url_helpers_test.rb +13 -5
- data/test/delegator_test.rb +3 -1
- data/test/devise_test.rb +34 -19
- data/test/failure_app_test.rb +150 -42
- data/test/generators/active_record_generator_test.rb +58 -31
- data/test/generators/controllers_generator_test.rb +50 -0
- data/test/generators/devise_generator_test.rb +4 -2
- data/test/generators/install_generator_test.rb +16 -3
- data/test/generators/mongoid_generator_test.rb +5 -3
- data/test/generators/views_generator_test.rb +40 -2
- data/test/helpers/devise_helper_test.rb +20 -20
- data/test/integration/authenticatable_test.rb +134 -141
- data/test/integration/confirmable_test.rb +109 -67
- data/test/integration/database_authenticatable_test.rb +36 -23
- data/test/integration/http_authenticatable_test.rb +29 -20
- data/test/integration/lockable_test.rb +52 -49
- data/test/integration/mounted_engine_test.rb +38 -0
- data/test/integration/omniauthable_test.rb +30 -15
- data/test/integration/recoverable_test.rb +76 -61
- data/test/integration/registerable_test.rb +107 -91
- data/test/integration/rememberable_test.rb +82 -30
- data/test/integration/timeoutable_test.rb +48 -40
- data/test/integration/trackable_test.rb +15 -8
- data/test/mailers/confirmation_instructions_test.rb +16 -14
- data/test/mailers/email_changed_test.rb +132 -0
- data/test/mailers/mailer_test.rb +20 -0
- data/test/mailers/reset_password_instructions_test.rb +13 -11
- data/test/mailers/unlock_instructions_test.rb +12 -10
- data/test/mapping_test.rb +15 -6
- data/test/models/authenticatable_test.rb +15 -3
- data/test/models/confirmable_test.rb +190 -95
- data/test/models/database_authenticatable_test.rb +75 -41
- data/test/models/lockable_test.rb +115 -61
- data/test/models/omniauthable_test.rb +3 -1
- data/test/models/recoverable_test.rb +116 -37
- data/test/models/registerable_test.rb +3 -1
- data/test/models/rememberable_test.rb +95 -94
- data/test/models/serializable_test.rb +19 -8
- data/test/models/timeoutable_test.rb +10 -8
- data/test/models/trackable_test.rb +50 -1
- data/test/models/validatable_test.rb +24 -30
- data/test/models_test.rb +19 -8
- data/test/omniauth/config_test.rb +15 -11
- data/test/omniauth/url_helpers_test.rb +8 -9
- data/test/orm/active_record.rb +16 -2
- data/test/orm/mongoid.rb +4 -2
- data/test/parameter_sanitizer_test.rb +53 -57
- data/test/rails_app/app/active_record/admin.rb +2 -0
- data/test/rails_app/app/active_record/shim.rb +3 -1
- data/test/rails_app/app/active_record/user.rb +14 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +9 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +9 -0
- data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
- data/test/rails_app/app/active_record/user_without_email.rb +10 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/admins_controller.rb +3 -6
- data/test/rails_app/app/controllers/application_controller.rb +7 -3
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +32 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +33 -0
- data/test/rails_app/app/controllers/home_controller.rb +7 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +3 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -5
- data/test/rails_app/app/controllers/users_controller.rb +8 -6
- data/test/rails_app/app/helpers/application_helper.rb +2 -0
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +5 -0
- data/test/rails_app/app/mailers/users/mailer.rb +3 -10
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +6 -0
- data/test/rails_app/app/mongoid/admin.rb +13 -11
- data/test/rails_app/app/mongoid/shim.rb +4 -2
- data/test/rails_app/app/mongoid/user.rb +30 -19
- data/test/rails_app/app/mongoid/user_on_engine.rb +41 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +41 -0
- data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +35 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/config/application.rb +13 -5
- data/test/rails_app/config/boot.rb +17 -4
- data/test/rails_app/config/environment.rb +2 -0
- data/test/rails_app/config/environments/development.rb +2 -0
- data/test/rails_app/config/environments/production.rb +10 -2
- data/test/rails_app/config/environments/test.rb +14 -3
- data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
- data/test/rails_app/config/initializers/devise.rb +22 -21
- data/test/rails_app/config/initializers/inflections.rb +2 -0
- data/test/rails_app/config/initializers/secret_token.rb +3 -6
- data/test/rails_app/config/initializers/session_store.rb +2 -0
- data/test/rails_app/config/routes.rb +67 -43
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +16 -10
- data/test/rails_app/db/schema.rb +2 -0
- data/test/rails_app/lib/shared_admin.rb +10 -4
- data/test/rails_app/lib/shared_user.rb +4 -1
- data/test/rails_app/lib/shared_user_without_email.rb +28 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +15 -0
- data/test/rails_test.rb +11 -0
- data/test/routes_test.rb +92 -61
- data/test/secret_key_finder_test.rb +97 -0
- data/test/support/action_controller/record_identifier.rb +12 -0
- data/test/support/assertions.rb +4 -14
- data/test/support/helpers.rb +23 -10
- data/test/support/http_method_compatibility.rb +53 -0
- data/test/support/integration.rb +19 -16
- data/test/support/mongoid.yml +6 -0
- data/test/support/webrat/integrations/rails.rb +11 -0
- data/test/{test_helpers_test.rb → test/controller_helpers_test.rb} +60 -40
- data/test/test/integration_helpers_test.rb +34 -0
- data/test/test_helper.rb +9 -0
- data/test/test_models.rb +8 -6
- metadata +123 -53
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
@@ -1,33 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class HttpAuthenticationTest <
|
5
|
+
class HttpAuthenticationTest < Devise::IntegrationTest
|
6
|
+
test 'sign in with HTTP should not run model validations' do
|
7
|
+
sign_in_as_new_user_with_http
|
8
|
+
|
9
|
+
refute User.validations_performed
|
10
|
+
end
|
11
|
+
|
4
12
|
test 'handles unverified requests gets rid of caches but continues signed in' do
|
5
|
-
swap ApplicationController, :
|
13
|
+
swap ApplicationController, allow_forgery_protection: true do
|
6
14
|
create_user
|
7
|
-
post exhibit_user_url(1), {
|
15
|
+
post exhibit_user_url(1), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" }
|
8
16
|
assert warden.authenticated?(:user)
|
9
17
|
assert_equal "User is authenticated", response.body
|
10
18
|
end
|
11
19
|
end
|
12
20
|
|
13
21
|
test 'sign in should authenticate with http' do
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
22
|
+
swap Devise, skip_session_storage: [] do
|
23
|
+
sign_in_as_new_user_with_http
|
24
|
+
assert_response 200
|
25
|
+
assert_match '<email>user@test.com</email>', response.body
|
26
|
+
assert warden.authenticated?(:user)
|
18
27
|
|
19
|
-
|
20
|
-
|
28
|
+
get users_path(format: :xml)
|
29
|
+
assert_response 200
|
30
|
+
end
|
21
31
|
end
|
22
32
|
|
23
33
|
test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
|
24
|
-
swap Devise, :
|
34
|
+
swap Devise, skip_session_storage: [:http_auth] do
|
25
35
|
sign_in_as_new_user_with_http
|
26
36
|
assert_response 200
|
27
37
|
assert_match '<email>user@test.com</email>', response.body
|
28
38
|
assert warden.authenticated?(:user)
|
29
39
|
|
30
|
-
get users_path(:
|
40
|
+
get users_path(format: :xml)
|
31
41
|
assert_response 401
|
32
42
|
end
|
33
43
|
end
|
@@ -42,11 +52,11 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
42
52
|
sign_in_as_new_user_with_http("unknown")
|
43
53
|
assert_equal 401, status
|
44
54
|
assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
|
45
|
-
assert_match "<error>Invalid
|
55
|
+
assert_match "<error>Invalid Email or password.</error>", response.body
|
46
56
|
end
|
47
57
|
|
48
58
|
test 'returns a custom response with www-authenticate and chosen realm' do
|
49
|
-
swap Devise, :
|
59
|
+
swap Devise, http_authentication_realm: "MyApp" do
|
50
60
|
sign_in_as_new_user_with_http("unknown")
|
51
61
|
assert_equal 401, status
|
52
62
|
assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
|
@@ -54,7 +64,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
54
64
|
end
|
55
65
|
|
56
66
|
test 'sign in should authenticate with http even with specific authentication keys' do
|
57
|
-
swap Devise, :
|
67
|
+
swap Devise, authentication_keys: [:username] do
|
58
68
|
sign_in_as_new_user_with_http("usertest")
|
59
69
|
assert_response :success
|
60
70
|
assert_match '<email>user@test.com</email>', response.body
|
@@ -63,7 +73,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
63
73
|
end
|
64
74
|
|
65
75
|
test 'it uses appropriate authentication_keys when configured with hash' do
|
66
|
-
swap Devise, :
|
76
|
+
swap Devise, authentication_keys: { username: false, email: false } do
|
67
77
|
sign_in_as_new_user_with_http("usertest")
|
68
78
|
assert_response :success
|
69
79
|
assert_match '<email>user@test.com</email>', response.body
|
@@ -72,7 +82,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
72
82
|
end
|
73
83
|
|
74
84
|
test 'it uses the appropriate key when configured explicitly' do
|
75
|
-
swap Devise, :
|
85
|
+
swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do
|
76
86
|
sign_in_as_new_user_with_http("usertest")
|
77
87
|
assert_response :success
|
78
88
|
assert_match '<email>user@test.com</email>', response.body
|
@@ -81,7 +91,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
81
91
|
end
|
82
92
|
|
83
93
|
test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
|
84
|
-
swap Devise, :
|
94
|
+
swap Devise, http_authenticatable: true do
|
85
95
|
add_oauth2_header
|
86
96
|
assert_equal 401, status
|
87
97
|
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
|
@@ -89,17 +99,16 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
89
99
|
end
|
90
100
|
|
91
101
|
private
|
92
|
-
|
93
102
|
def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
|
94
103
|
user = create_user
|
95
|
-
get users_path(:
|
104
|
+
get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
|
96
105
|
user
|
97
106
|
end
|
98
107
|
|
99
108
|
# Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
|
100
109
|
def add_oauth2_header
|
101
110
|
user = create_user
|
102
|
-
get users_path(:
|
111
|
+
get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
|
103
112
|
end
|
104
113
|
|
105
114
|
end
|
@@ -1,20 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class LockTest <
|
5
|
+
class LockTest < Devise::IntegrationTest
|
4
6
|
|
5
7
|
def visit_user_unlock_with_token(unlock_token)
|
6
|
-
visit user_unlock_path(:
|
8
|
+
visit user_unlock_path(unlock_token: unlock_token)
|
7
9
|
end
|
8
10
|
|
9
11
|
def send_unlock_request
|
10
|
-
user = create_user(:
|
12
|
+
user = create_user(locked: true)
|
11
13
|
ActionMailer::Base.deliveries.clear
|
12
14
|
|
13
15
|
visit new_user_session_path
|
14
16
|
click_link "Didn't receive unlock instructions?"
|
15
17
|
|
16
18
|
Devise.stubs(:friendly_token).returns("abcdef")
|
17
|
-
fill_in 'email', :
|
19
|
+
fill_in 'email', with: user.email
|
18
20
|
click_button 'Resend unlock instructions'
|
19
21
|
end
|
20
22
|
|
@@ -22,7 +24,7 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
22
24
|
send_unlock_request
|
23
25
|
|
24
26
|
assert_template 'sessions/new'
|
25
|
-
assert_contain 'You will receive an email with instructions
|
27
|
+
assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes'
|
26
28
|
|
27
29
|
mail = ActionMailer::Base.deliveries.last
|
28
30
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
@@ -39,13 +41,13 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
39
41
|
end
|
40
42
|
|
41
43
|
test 'unlocked user should not be able to request a unlock token' do
|
42
|
-
user = create_user(:
|
44
|
+
user = create_user(locked: false)
|
43
45
|
ActionMailer::Base.deliveries.clear
|
44
46
|
|
45
47
|
visit new_user_session_path
|
46
48
|
click_link "Didn't receive unlock instructions?"
|
47
49
|
|
48
|
-
fill_in 'email', :
|
50
|
+
fill_in 'email', with: user.email
|
49
51
|
click_button 'Resend unlock instructions'
|
50
52
|
|
51
53
|
assert_template 'unlocks/new'
|
@@ -75,7 +77,7 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
75
77
|
assert_response :success
|
76
78
|
assert_current_url '/users/unlock?unlock_token=invalid_token'
|
77
79
|
assert_have_selector '#error_explanation'
|
78
|
-
assert_contain
|
80
|
+
assert_contain %r{Unlock token(.*)invalid}
|
79
81
|
end
|
80
82
|
|
81
83
|
test "locked user should be able to unlock account" do
|
@@ -85,64 +87,65 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
85
87
|
|
86
88
|
assert_current_url "/users/sign_in"
|
87
89
|
assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
|
88
|
-
|
90
|
+
refute user.reload.access_locked?
|
89
91
|
end
|
90
92
|
|
91
93
|
test "user should not send a new e-mail if already locked" do
|
92
|
-
user = create_user(:
|
94
|
+
user = create_user(locked: true)
|
93
95
|
user.failed_attempts = User.maximum_attempts + 1
|
94
96
|
user.save!
|
95
97
|
|
96
98
|
ActionMailer::Base.deliveries.clear
|
97
99
|
|
98
|
-
sign_in_as_user(:
|
100
|
+
sign_in_as_user(password: "invalid")
|
99
101
|
assert_contain 'Your account is locked.'
|
100
102
|
assert ActionMailer::Base.deliveries.empty?
|
101
103
|
end
|
102
104
|
|
103
105
|
test 'error message is configurable by resource name' do
|
104
|
-
store_translations :en, :
|
105
|
-
:
|
106
|
+
store_translations :en, devise: {
|
107
|
+
failure: {user: {locked: "You are locked!"}}
|
106
108
|
} do
|
107
109
|
|
108
|
-
user = create_user(:
|
110
|
+
user = create_user(locked: true)
|
109
111
|
user.failed_attempts = User.maximum_attempts + 1
|
110
112
|
user.save!
|
111
113
|
|
112
|
-
sign_in_as_user(:
|
114
|
+
sign_in_as_user(password: "invalid")
|
113
115
|
assert_contain "You are locked!"
|
114
116
|
end
|
115
117
|
end
|
116
118
|
|
117
119
|
test "user should not be able to sign in when locked" do
|
118
|
-
store_translations :en, :
|
119
|
-
:
|
120
|
+
store_translations :en, devise: {
|
121
|
+
failure: {user: {locked: "You are locked!"}}
|
120
122
|
} do
|
121
123
|
|
122
|
-
user = create_user(:
|
124
|
+
user = create_user(locked: true)
|
123
125
|
user.failed_attempts = User.maximum_attempts + 1
|
124
126
|
user.save!
|
125
127
|
|
126
|
-
sign_in_as_user(:
|
128
|
+
sign_in_as_user(password: "123456")
|
127
129
|
assert_contain "You are locked!"
|
128
130
|
end
|
129
131
|
end
|
130
132
|
|
131
133
|
test 'user should be able to request a new unlock token via XML request' do
|
132
|
-
user = create_user(:
|
134
|
+
user = create_user(locked: true)
|
133
135
|
ActionMailer::Base.deliveries.clear
|
134
136
|
|
135
|
-
post user_unlock_path(:
|
137
|
+
post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
|
136
138
|
assert_response :success
|
137
139
|
assert_equal response.body, {}.to_xml
|
140
|
+
|
138
141
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
139
142
|
end
|
140
143
|
|
141
144
|
test 'unlocked user should not be able to request a unlock token via XML request' do
|
142
|
-
user = create_user(:
|
145
|
+
user = create_user(locked: false)
|
143
146
|
ActionMailer::Base.deliveries.clear
|
144
147
|
|
145
|
-
post user_unlock_path(:
|
148
|
+
post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
|
146
149
|
assert_response :unprocessable_entity
|
147
150
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
148
151
|
assert_equal 0, ActionMailer::Base.deliveries.size
|
@@ -152,84 +155,84 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
152
155
|
user = create_user()
|
153
156
|
raw = user.lock_access!
|
154
157
|
assert user.access_locked?
|
155
|
-
get user_unlock_path(:
|
158
|
+
get user_unlock_path(format: 'xml', unlock_token: raw)
|
156
159
|
assert_response :success
|
157
160
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
158
161
|
end
|
159
162
|
|
160
163
|
|
161
164
|
test 'user with invalid unlock token should not be able to unlock the account via XML request' do
|
162
|
-
get user_unlock_path(:
|
165
|
+
get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
|
163
166
|
assert_response :unprocessable_entity
|
164
167
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
165
168
|
end
|
166
169
|
|
167
170
|
test "when using json to ask a unlock request, should not return the user" do
|
168
|
-
user = create_user(:
|
169
|
-
post user_unlock_path(:
|
171
|
+
user = create_user(locked: true)
|
172
|
+
post user_unlock_path(format: "json", user: {email: user.email})
|
170
173
|
assert_response :success
|
171
174
|
assert_equal response.body, {}.to_json
|
172
175
|
end
|
173
176
|
|
174
|
-
test "in paranoid mode, when trying to unlock
|
175
|
-
swap Devise, :
|
176
|
-
user = create_user(:
|
177
|
+
test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do
|
178
|
+
swap Devise, paranoid: true do
|
179
|
+
user = create_user(locked: true)
|
177
180
|
|
178
181
|
visit new_user_session_path
|
179
182
|
click_link "Didn't receive unlock instructions?"
|
180
183
|
|
181
|
-
fill_in 'email', :
|
184
|
+
fill_in 'email', with: user.email
|
182
185
|
click_button 'Resend unlock instructions'
|
183
186
|
|
184
187
|
assert_current_url "/users/sign_in"
|
185
|
-
assert_contain "If your account exists, you will receive an email with instructions
|
188
|
+
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
|
186
189
|
end
|
187
190
|
end
|
188
191
|
|
189
|
-
test "in paranoid mode, when trying to unlock
|
190
|
-
swap Devise, :
|
191
|
-
user = create_user(:
|
192
|
+
test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is not locked" do
|
193
|
+
swap Devise, paranoid: true do
|
194
|
+
user = create_user(locked: false)
|
192
195
|
|
193
196
|
visit new_user_session_path
|
194
197
|
click_link "Didn't receive unlock instructions?"
|
195
198
|
|
196
|
-
fill_in 'email', :
|
199
|
+
fill_in 'email', with: user.email
|
197
200
|
click_button 'Resend unlock instructions'
|
198
201
|
|
199
202
|
assert_current_url "/users/sign_in"
|
200
|
-
assert_contain "If your account exists, you will receive an email with instructions
|
203
|
+
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
|
201
204
|
end
|
202
205
|
end
|
203
206
|
|
204
|
-
test "in paranoid mode, when trying to unlock
|
205
|
-
swap Devise, :
|
207
|
+
test "in paranoid mode, when trying to unlock a user that does not exists it should not say that it does not exists" do
|
208
|
+
swap Devise, paranoid: true do
|
206
209
|
visit new_user_session_path
|
207
210
|
click_link "Didn't receive unlock instructions?"
|
208
211
|
|
209
|
-
fill_in 'email', :
|
212
|
+
fill_in 'email', with: "arandomemail@hotmail.com"
|
210
213
|
click_button 'Resend unlock instructions'
|
211
214
|
|
212
215
|
assert_not_contain "1 error prohibited this user from being saved:"
|
213
216
|
assert_not_contain "Email not found"
|
214
217
|
assert_current_url "/users/sign_in"
|
215
218
|
|
216
|
-
assert_contain "If your account exists, you will receive an email with instructions
|
219
|
+
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
|
217
220
|
|
218
221
|
end
|
219
222
|
end
|
220
223
|
|
221
224
|
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
|
222
|
-
swap Devise, :
|
223
|
-
user = create_user(:
|
225
|
+
swap Devise, paranoid: true, maximum_attempts: 1 do
|
226
|
+
user = create_user(locked: false)
|
224
227
|
|
225
228
|
visit new_user_session_path
|
226
|
-
fill_in 'email', :
|
227
|
-
fill_in 'password', :
|
228
|
-
click_button '
|
229
|
+
fill_in 'email', with: user.email
|
230
|
+
fill_in 'password', with: "abadpassword"
|
231
|
+
click_button 'Log in'
|
229
232
|
|
230
|
-
fill_in 'email', :
|
231
|
-
fill_in 'password', :
|
232
|
-
click_button '
|
233
|
+
fill_in 'email', with: user.email
|
234
|
+
fill_in 'password', with: "abadpassword"
|
235
|
+
click_button 'Log in'
|
233
236
|
|
234
237
|
assert_current_url "/users/sign_in"
|
235
238
|
assert_not_contain "locked"
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'test_helper'
|
4
|
+
|
5
|
+
class MyMountableEngine
|
6
|
+
def self.call(env)
|
7
|
+
['200', { 'Content-Type' => 'text/html' }, ['Rendered content of MyMountableEngine']]
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
# If disable_clear_and_finalize is set to true, Rails will not clear other routes when calling
|
12
|
+
# again the draw method. Look at the source code at:
|
13
|
+
# http://www.rubydoc.info/docs/rails/ActionDispatch/Routing/RouteSet:draw
|
14
|
+
Rails.application.routes.disable_clear_and_finalize = true
|
15
|
+
|
16
|
+
Rails.application.routes.draw do
|
17
|
+
authenticate(:user) do
|
18
|
+
mount MyMountableEngine, at: '/mountable_engine'
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
class AuthenticatedMountedEngineTest < Devise::IntegrationTest
|
23
|
+
test 'redirects to the sign in page when not authenticated' do
|
24
|
+
get '/mountable_engine'
|
25
|
+
follow_redirect!
|
26
|
+
|
27
|
+
assert_response :ok
|
28
|
+
assert_contain 'You need to sign in or sign up before continuing.'
|
29
|
+
end
|
30
|
+
|
31
|
+
test 'renders the mounted engine when authenticated' do
|
32
|
+
sign_in_as_user
|
33
|
+
get '/mountable_engine'
|
34
|
+
|
35
|
+
assert_response :success
|
36
|
+
assert_contain 'Rendered content of MyMountableEngine'
|
37
|
+
end
|
38
|
+
end
|
@@ -1,7 +1,9 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
|
4
|
-
class OmniauthableIntegrationTest <
|
6
|
+
class OmniauthableIntegrationTest < Devise::IntegrationTest
|
5
7
|
FACEBOOK_INFO = {
|
6
8
|
"id" => '12345',
|
7
9
|
"link" => 'http://facebook.com/josevalim',
|
@@ -20,9 +22,11 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
|
20
22
|
"credentials" => {"token" => 'plataformatec'},
|
21
23
|
"extra" => {"user_hash" => FACEBOOK_INFO}
|
22
24
|
}
|
25
|
+
OmniAuth.config.add_camelization 'facebook', 'FaceBook'
|
23
26
|
end
|
24
27
|
|
25
28
|
teardown do
|
29
|
+
OmniAuth.config.camelizations.delete('facebook')
|
26
30
|
OmniAuth.config.test_mode = false
|
27
31
|
end
|
28
32
|
|
@@ -38,9 +42,20 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
|
38
42
|
end
|
39
43
|
end
|
40
44
|
|
45
|
+
test "omniauth sign in should not run model validations" do
|
46
|
+
stub_action!(:sign_in_facebook) do
|
47
|
+
create_user
|
48
|
+
visit "/users/sign_in"
|
49
|
+
click_link "Sign in with FaceBook"
|
50
|
+
assert warden.authenticated?(:user)
|
51
|
+
|
52
|
+
refute User.validations_performed
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
41
56
|
test "can access omniauth.auth in the env hash" do
|
42
57
|
visit "/users/sign_in"
|
43
|
-
click_link "Sign in with
|
58
|
+
click_link "Sign in with FaceBook"
|
44
59
|
|
45
60
|
json = ActiveSupport::JSON.decode(response.body)
|
46
61
|
|
@@ -54,28 +69,28 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
|
54
69
|
test "cleans up session on sign up" do
|
55
70
|
assert_no_difference "User.count" do
|
56
71
|
visit "/users/sign_in"
|
57
|
-
click_link "Sign in with
|
72
|
+
click_link "Sign in with FaceBook"
|
58
73
|
end
|
59
74
|
|
60
75
|
assert session["devise.facebook_data"]
|
61
76
|
|
62
77
|
assert_difference "User.count" do
|
63
78
|
visit "/users/sign_up"
|
64
|
-
fill_in "Password", :
|
65
|
-
fill_in "Password confirmation", :
|
79
|
+
fill_in "Password", with: "12345678"
|
80
|
+
fill_in "Password confirmation", with: "12345678"
|
66
81
|
click_button "Sign up"
|
67
82
|
end
|
68
83
|
|
69
84
|
assert_current_url "/"
|
70
85
|
assert_contain "You have signed up successfully."
|
71
86
|
assert_contain "Hello User user@example.com"
|
72
|
-
|
87
|
+
refute session["devise.facebook_data"]
|
73
88
|
end
|
74
89
|
|
75
90
|
test "cleans up session on cancel" do
|
76
91
|
assert_no_difference "User.count" do
|
77
92
|
visit "/users/sign_in"
|
78
|
-
click_link "Sign in with
|
93
|
+
click_link "Sign in with FaceBook"
|
79
94
|
end
|
80
95
|
|
81
96
|
assert session["devise.facebook_data"]
|
@@ -86,7 +101,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
|
86
101
|
test "cleans up session on sign in" do
|
87
102
|
assert_no_difference "User.count" do
|
88
103
|
visit "/users/sign_in"
|
89
|
-
click_link "Sign in with
|
104
|
+
click_link "Sign in with FaceBook"
|
90
105
|
end
|
91
106
|
|
92
107
|
assert session["devise.facebook_data"]
|
@@ -96,13 +111,13 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
|
96
111
|
|
97
112
|
test "sign in and send remember token if configured" do
|
98
113
|
visit "/users/sign_in"
|
99
|
-
click_link "Sign in with
|
114
|
+
click_link "Sign in with FaceBook"
|
100
115
|
assert_nil warden.cookies["remember_user_token"]
|
101
116
|
|
102
117
|
stub_action!(:sign_in_facebook) do
|
103
118
|
create_user
|
104
119
|
visit "/users/sign_in"
|
105
|
-
click_link "Sign in with
|
120
|
+
click_link "Sign in with FaceBook"
|
106
121
|
assert warden.authenticated?(:user)
|
107
122
|
assert warden.cookies["remember_user_token"]
|
108
123
|
end
|
@@ -111,23 +126,23 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
|
111
126
|
test "generates a proper link when SCRIPT_NAME is set" do
|
112
127
|
header 'SCRIPT_NAME', '/q'
|
113
128
|
visit "/users/sign_in"
|
114
|
-
assert_select "a", :
|
129
|
+
assert_select "a", href: "/q/users/auth/facebook"
|
115
130
|
end
|
116
131
|
|
117
132
|
test "handles callback error parameter according to the specification" do
|
118
133
|
OmniAuth.config.mock_auth[:facebook] = :access_denied
|
119
134
|
visit "/users/auth/facebook/callback?error=access_denied"
|
120
135
|
assert_current_url "/users/sign_in"
|
121
|
-
assert_contain 'Could not authenticate you from
|
136
|
+
assert_contain 'Could not authenticate you from FaceBook because "Access denied".'
|
122
137
|
end
|
123
138
|
|
124
|
-
test "handles other exceptions from
|
139
|
+
test "handles other exceptions from OmniAuth" do
|
125
140
|
OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
|
126
141
|
|
127
142
|
visit "/users/sign_in"
|
128
|
-
click_link "Sign in with
|
143
|
+
click_link "Sign in with FaceBook"
|
129
144
|
|
130
145
|
assert_current_url "/users/sign_in"
|
131
|
-
assert_contain 'Could not authenticate you from
|
146
|
+
assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
|
132
147
|
end
|
133
148
|
end
|