devise 3.2.1 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +58 -10
- data/CHANGELOG.md +199 -979
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +73 -8
- data/Gemfile +19 -11
- data/Gemfile.lock +152 -119
- data/ISSUE_TEMPLATE.md +19 -0
- data/MIT-LICENSE +1 -1
- data/README.md +347 -93
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +20 -8
- data/app/controllers/devise/registrations_controller.rb +34 -19
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +4 -2
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +28 -14
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/bin/test +13 -0
- data/config/locales/en.yml +22 -17
- data/devise.gemspec +7 -6
- data/gemfiles/Gemfile.rails-4.1-stable +32 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +32 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.0-stable +33 -0
- data/gemfiles/Gemfile.rails-5.0-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
- data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
- data/guides/bug_report_templates/integration_test.rb +106 -0
- data/lib/devise.rb +107 -84
- data/lib/devise/controllers/helpers.rb +111 -31
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +39 -26
- data/lib/devise/controllers/store_location.rb +31 -2
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +98 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models.rb +3 -1
- data/lib/devise/models/authenticatable.rb +63 -36
- data/lib/devise/models/confirmable.rb +121 -41
- data/lib/devise/models/database_authenticatable.rb +66 -23
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +2 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +12 -3
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +2 -0
- data/lib/devise/parameter_sanitizer.rb +131 -69
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/secret_key_finder.rb +25 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -5
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/generators/active_record/devise_generator.rb +47 -10
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +9 -5
- data/lib/generators/devise/install_generator.rb +22 -0
- data/lib/generators/devise/orm_helpers.rb +8 -19
- data/lib/generators/devise/views_generator.rb +51 -28
- data/lib/generators/mongoid/devise_generator.rb +22 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +64 -35
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +42 -0
- data/test/controllers/custom_strategy_test.rb +10 -6
- data/test/controllers/helper_methods_test.rb +24 -0
- data/test/controllers/helpers_test.rb +88 -40
- data/test/controllers/inherited_controller_i18n_messages_test.rb +53 -0
- data/test/controllers/internal_helpers_test.rb +31 -22
- data/test/controllers/load_hooks_controller_test.rb +21 -0
- data/test/controllers/passwords_controller_test.rb +8 -5
- data/test/controllers/sessions_controller_test.rb +42 -33
- data/test/controllers/url_helpers_test.rb +13 -5
- data/test/delegator_test.rb +3 -1
- data/test/devise_test.rb +34 -19
- data/test/failure_app_test.rb +150 -42
- data/test/generators/active_record_generator_test.rb +58 -31
- data/test/generators/controllers_generator_test.rb +50 -0
- data/test/generators/devise_generator_test.rb +4 -2
- data/test/generators/install_generator_test.rb +16 -3
- data/test/generators/mongoid_generator_test.rb +5 -3
- data/test/generators/views_generator_test.rb +40 -2
- data/test/helpers/devise_helper_test.rb +20 -20
- data/test/integration/authenticatable_test.rb +134 -141
- data/test/integration/confirmable_test.rb +109 -67
- data/test/integration/database_authenticatable_test.rb +36 -23
- data/test/integration/http_authenticatable_test.rb +29 -20
- data/test/integration/lockable_test.rb +52 -49
- data/test/integration/mounted_engine_test.rb +38 -0
- data/test/integration/omniauthable_test.rb +30 -15
- data/test/integration/recoverable_test.rb +76 -61
- data/test/integration/registerable_test.rb +107 -91
- data/test/integration/rememberable_test.rb +82 -30
- data/test/integration/timeoutable_test.rb +48 -40
- data/test/integration/trackable_test.rb +15 -8
- data/test/mailers/confirmation_instructions_test.rb +16 -14
- data/test/mailers/email_changed_test.rb +132 -0
- data/test/mailers/mailer_test.rb +20 -0
- data/test/mailers/reset_password_instructions_test.rb +13 -11
- data/test/mailers/unlock_instructions_test.rb +12 -10
- data/test/mapping_test.rb +15 -6
- data/test/models/authenticatable_test.rb +15 -3
- data/test/models/confirmable_test.rb +190 -95
- data/test/models/database_authenticatable_test.rb +75 -41
- data/test/models/lockable_test.rb +115 -61
- data/test/models/omniauthable_test.rb +3 -1
- data/test/models/recoverable_test.rb +116 -37
- data/test/models/registerable_test.rb +3 -1
- data/test/models/rememberable_test.rb +95 -94
- data/test/models/serializable_test.rb +19 -8
- data/test/models/timeoutable_test.rb +10 -8
- data/test/models/trackable_test.rb +50 -1
- data/test/models/validatable_test.rb +24 -30
- data/test/models_test.rb +19 -8
- data/test/omniauth/config_test.rb +15 -11
- data/test/omniauth/url_helpers_test.rb +8 -9
- data/test/orm/active_record.rb +16 -2
- data/test/orm/mongoid.rb +4 -2
- data/test/parameter_sanitizer_test.rb +53 -57
- data/test/rails_app/app/active_record/admin.rb +2 -0
- data/test/rails_app/app/active_record/shim.rb +3 -1
- data/test/rails_app/app/active_record/user.rb +14 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +9 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +9 -0
- data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
- data/test/rails_app/app/active_record/user_without_email.rb +10 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/admins_controller.rb +3 -6
- data/test/rails_app/app/controllers/application_controller.rb +7 -3
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +32 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +33 -0
- data/test/rails_app/app/controllers/home_controller.rb +7 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +3 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -5
- data/test/rails_app/app/controllers/users_controller.rb +8 -6
- data/test/rails_app/app/helpers/application_helper.rb +2 -0
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +5 -0
- data/test/rails_app/app/mailers/users/mailer.rb +3 -10
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +6 -0
- data/test/rails_app/app/mongoid/admin.rb +13 -11
- data/test/rails_app/app/mongoid/shim.rb +4 -2
- data/test/rails_app/app/mongoid/user.rb +30 -19
- data/test/rails_app/app/mongoid/user_on_engine.rb +41 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +41 -0
- data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +35 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/config/application.rb +13 -5
- data/test/rails_app/config/boot.rb +17 -4
- data/test/rails_app/config/environment.rb +2 -0
- data/test/rails_app/config/environments/development.rb +2 -0
- data/test/rails_app/config/environments/production.rb +10 -2
- data/test/rails_app/config/environments/test.rb +14 -3
- data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
- data/test/rails_app/config/initializers/devise.rb +22 -21
- data/test/rails_app/config/initializers/inflections.rb +2 -0
- data/test/rails_app/config/initializers/secret_token.rb +3 -6
- data/test/rails_app/config/initializers/session_store.rb +2 -0
- data/test/rails_app/config/routes.rb +67 -43
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +16 -10
- data/test/rails_app/db/schema.rb +2 -0
- data/test/rails_app/lib/shared_admin.rb +10 -4
- data/test/rails_app/lib/shared_user.rb +4 -1
- data/test/rails_app/lib/shared_user_without_email.rb +28 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +15 -0
- data/test/rails_test.rb +11 -0
- data/test/routes_test.rb +92 -61
- data/test/secret_key_finder_test.rb +97 -0
- data/test/support/action_controller/record_identifier.rb +12 -0
- data/test/support/assertions.rb +4 -14
- data/test/support/helpers.rb +23 -10
- data/test/support/http_method_compatibility.rb +53 -0
- data/test/support/integration.rb +19 -16
- data/test/support/mongoid.yml +6 -0
- data/test/support/webrat/integrations/rails.rb +11 -0
- data/test/{test_helpers_test.rb → test/controller_helpers_test.rb} +60 -40
- data/test/test/integration_helpers_test.rb +34 -0
- data/test/test_helper.rb +9 -0
- data/test/test_models.rb +8 -6
- metadata +123 -53
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
@@ -1,16 +1,24 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class RememberMeTest <
|
5
|
+
class RememberMeTest < Devise::IntegrationTest
|
4
6
|
def create_user_and_remember(add_to_token='')
|
5
7
|
user = create_user
|
6
8
|
user.remember_me!
|
7
|
-
raw_cookie = User.serialize_into_cookie(user).tap { |a| a
|
9
|
+
raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }
|
8
10
|
cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
|
9
11
|
user
|
10
12
|
end
|
11
13
|
|
12
14
|
def generate_signed_cookie(raw_cookie)
|
13
|
-
request =
|
15
|
+
request = if Devise::Test.rails51? || Devise::Test.rails52?
|
16
|
+
ActionController::TestRequest.create(Class.new) # needs a "controller class"
|
17
|
+
elsif Devise::Test.rails5?
|
18
|
+
ActionController::TestRequest.create
|
19
|
+
else
|
20
|
+
ActionController::TestRequest.new
|
21
|
+
end
|
14
22
|
request.cookie_jar.signed['raw_cookie'] = raw_cookie
|
15
23
|
request.cookie_jar['raw_cookie']
|
16
24
|
end
|
@@ -25,37 +33,39 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
25
33
|
Time.parse(expires).utc
|
26
34
|
end
|
27
35
|
|
28
|
-
test 'do not remember the user if
|
36
|
+
test 'do not remember the user if they have not checked remember me option' do
|
29
37
|
sign_in_as_user
|
30
38
|
assert_nil request.cookies["remember_user_cookie"]
|
31
39
|
end
|
32
40
|
|
33
41
|
test 'handle unverified requests gets rid of caches' do
|
34
|
-
swap ApplicationController, :
|
42
|
+
swap ApplicationController, allow_forgery_protection: true do
|
35
43
|
post exhibit_user_url(1)
|
36
|
-
|
44
|
+
refute warden.authenticated?(:user)
|
37
45
|
|
38
46
|
create_user_and_remember
|
39
47
|
post exhibit_user_url(1)
|
40
48
|
assert_equal "User is not authenticated", response.body
|
41
|
-
|
49
|
+
refute warden.authenticated?(:user)
|
42
50
|
end
|
43
51
|
end
|
44
52
|
|
45
53
|
test 'handle unverified requests does not create cookies on sign in' do
|
46
|
-
swap ApplicationController, :
|
54
|
+
swap ApplicationController, allow_forgery_protection: true do
|
47
55
|
get new_user_session_path
|
48
56
|
assert request.session[:_csrf_token]
|
49
57
|
|
50
|
-
post user_session_path, :
|
51
|
-
|
52
|
-
|
53
|
-
|
58
|
+
post user_session_path, params: {
|
59
|
+
authenticity_token: "oops",
|
60
|
+
user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
|
61
|
+
}
|
62
|
+
refute warden.authenticated?(:user)
|
63
|
+
refute request.cookies['remember_user_token']
|
54
64
|
end
|
55
65
|
end
|
56
66
|
|
57
67
|
test 'generate remember token after sign in' do
|
58
|
-
sign_in_as_user :
|
68
|
+
sign_in_as_user remember_me: true
|
59
69
|
assert request.cookies['remember_user_token']
|
60
70
|
end
|
61
71
|
|
@@ -63,15 +73,15 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
63
73
|
# We test this by asserting the cookie is not sent after the redirect
|
64
74
|
# since we changed the domain. This is the only difference with the
|
65
75
|
# previous test.
|
66
|
-
swap Devise, :
|
67
|
-
sign_in_as_user :
|
76
|
+
swap Devise, rememberable_options: { domain: "omg.somewhere.com" } do
|
77
|
+
sign_in_as_user remember_me: true
|
68
78
|
assert_nil request.cookies["remember_user_token"]
|
69
79
|
end
|
70
80
|
end
|
71
81
|
|
72
82
|
test 'generate remember token with a custom key' do
|
73
|
-
swap Devise, :
|
74
|
-
sign_in_as_user :
|
83
|
+
swap Devise, rememberable_options: { key: "v1lat_token" } do
|
84
|
+
sign_in_as_user remember_me: true
|
75
85
|
assert request.cookies["v1lat_token"]
|
76
86
|
end
|
77
87
|
end
|
@@ -79,7 +89,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
79
89
|
test 'generate remember token after sign in setting session options' do
|
80
90
|
begin
|
81
91
|
Rails.configuration.session_options[:domain] = "omg.somewhere.com"
|
82
|
-
sign_in_as_user :
|
92
|
+
sign_in_as_user remember_me: true
|
83
93
|
assert_nil request.cookies["remember_user_token"]
|
84
94
|
ensure
|
85
95
|
Rails.configuration.session_options.delete(:domain)
|
@@ -92,10 +102,9 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
92
102
|
assert_response :success
|
93
103
|
assert warden.authenticated?(:user)
|
94
104
|
assert warden.user(:user) == user
|
95
|
-
assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
|
96
105
|
end
|
97
106
|
|
98
|
-
test 'remember the user before sign up and redirect
|
107
|
+
test 'remember the user before sign up and redirect them to their home' do
|
99
108
|
create_user_and_remember
|
100
109
|
get new_user_registration_path
|
101
110
|
assert warden.authenticated?(:user)
|
@@ -103,14 +112,14 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
103
112
|
end
|
104
113
|
|
105
114
|
test 'does not extend remember period through sign in' do
|
106
|
-
swap Devise, :
|
115
|
+
swap Devise, extend_remember_period: true, remember_for: 1.year do
|
107
116
|
user = create_user
|
108
117
|
user.remember_me!
|
109
118
|
|
110
119
|
user.remember_created_at = old = 10.days.ago
|
111
120
|
user.save
|
112
121
|
|
113
|
-
sign_in_as_user :
|
122
|
+
sign_in_as_user remember_me: true
|
114
123
|
user.reload
|
115
124
|
|
116
125
|
assert warden.user(:user) == user
|
@@ -118,26 +127,60 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
118
127
|
end
|
119
128
|
end
|
120
129
|
|
130
|
+
test 'extends remember period when extend remember period config is true' do
|
131
|
+
swap Devise, extend_remember_period: true, remember_for: 1.year do
|
132
|
+
create_user_and_remember
|
133
|
+
old_remember_token = nil
|
134
|
+
|
135
|
+
travel_to 1.day.ago do
|
136
|
+
get root_path
|
137
|
+
old_remember_token = request.cookies['remember_user_token']
|
138
|
+
end
|
139
|
+
|
140
|
+
get root_path
|
141
|
+
current_remember_token = request.cookies['remember_user_token']
|
142
|
+
|
143
|
+
refute_equal old_remember_token, current_remember_token
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
147
|
+
test 'does not extend remember period when extend period config is false' do
|
148
|
+
swap Devise, extend_remember_period: false, remember_for: 1.year do
|
149
|
+
create_user_and_remember
|
150
|
+
old_remember_token = nil
|
151
|
+
|
152
|
+
travel_to 1.day.ago do
|
153
|
+
get root_path
|
154
|
+
old_remember_token = request.cookies['remember_user_token']
|
155
|
+
end
|
156
|
+
|
157
|
+
get root_path
|
158
|
+
current_remember_token = request.cookies['remember_user_token']
|
159
|
+
|
160
|
+
assert_equal old_remember_token, current_remember_token
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
121
164
|
test 'do not remember other scopes' do
|
122
165
|
create_user_and_remember
|
123
166
|
get root_path
|
124
167
|
assert_response :success
|
125
168
|
assert warden.authenticated?(:user)
|
126
|
-
|
169
|
+
refute warden.authenticated?(:admin)
|
127
170
|
end
|
128
171
|
|
129
172
|
test 'do not remember with invalid token' do
|
130
173
|
create_user_and_remember('add')
|
131
174
|
get users_path
|
132
|
-
|
175
|
+
refute warden.authenticated?(:user)
|
133
176
|
assert_redirected_to new_user_session_path
|
134
177
|
end
|
135
178
|
|
136
179
|
test 'do not remember with expired token' do
|
137
180
|
create_user_and_remember
|
138
|
-
swap Devise, :
|
181
|
+
swap Devise, remember_for: 0.days do
|
139
182
|
get users_path
|
140
|
-
|
183
|
+
refute warden.authenticated?(:user)
|
141
184
|
assert_redirected_to new_user_session_path
|
142
185
|
end
|
143
186
|
end
|
@@ -147,12 +190,12 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
147
190
|
get users_path
|
148
191
|
assert warden.authenticated?(:user)
|
149
192
|
|
150
|
-
|
151
|
-
|
193
|
+
delete destroy_user_session_path
|
194
|
+
refute warden.authenticated?(:user)
|
152
195
|
assert_nil warden.cookies['remember_user_token']
|
153
196
|
|
154
197
|
get users_path
|
155
|
-
|
198
|
+
refute warden.authenticated?(:user)
|
156
199
|
end
|
157
200
|
|
158
201
|
test 'changing user password expires remember me token' do
|
@@ -162,6 +205,15 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
162
205
|
user.save!
|
163
206
|
|
164
207
|
get users_path
|
165
|
-
|
208
|
+
refute warden.authenticated?(:user)
|
209
|
+
end
|
210
|
+
|
211
|
+
test 'valid sign in calls after_remembered callback' do
|
212
|
+
user = create_user_and_remember
|
213
|
+
|
214
|
+
User.expects(:serialize_from_cookie).returns user
|
215
|
+
user.expects :after_remembered
|
216
|
+
|
217
|
+
get new_user_registration_path
|
166
218
|
end
|
167
219
|
end
|
@@ -1,6 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class SessionTimeoutTest <
|
5
|
+
class SessionTimeoutTest < Devise::IntegrationTest
|
4
6
|
|
5
7
|
def last_request_at
|
6
8
|
@controller.user_session['last_request_at']
|
@@ -8,12 +10,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
8
10
|
|
9
11
|
test 'set last request at in user session after each request' do
|
10
12
|
sign_in_as_user
|
11
|
-
old_last_request = last_request_at
|
12
13
|
assert_not_nil last_request_at
|
13
14
|
|
15
|
+
@controller.user_session.delete('last_request_at')
|
14
16
|
get users_path
|
15
17
|
assert_not_nil last_request_at
|
16
|
-
assert_not_equal old_last_request, last_request_at
|
17
18
|
end
|
18
19
|
|
19
20
|
test 'set last request at in user session after each request is skipped if tracking is disabled' do
|
@@ -21,7 +22,19 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
21
22
|
old_last_request = last_request_at
|
22
23
|
assert_not_nil last_request_at
|
23
24
|
|
24
|
-
get users_path, {
|
25
|
+
get users_path, headers: { 'devise.skip_trackable' => true }
|
26
|
+
assert_equal old_last_request, last_request_at
|
27
|
+
end
|
28
|
+
|
29
|
+
test 'does not set last request at in user session after each request if timeoutable is disabled' do
|
30
|
+
sign_in_as_user
|
31
|
+
old_last_request = last_request_at
|
32
|
+
assert_not_nil last_request_at
|
33
|
+
|
34
|
+
new_time = 2.seconds.from_now
|
35
|
+
Time.stubs(:now).returns(new_time)
|
36
|
+
|
37
|
+
get users_path, headers: { 'devise.skip_timeoutable' => true }
|
25
38
|
assert_equal old_last_request, last_request_at
|
26
39
|
end
|
27
40
|
|
@@ -35,14 +48,19 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
35
48
|
assert warden.authenticated?(:user)
|
36
49
|
end
|
37
50
|
|
38
|
-
test 'time out user session after default limit time' do
|
39
|
-
|
40
|
-
|
41
|
-
assert_not_nil last_request_at
|
51
|
+
test 'time out user session after default limit time when sign_out_all_scopes is false' do
|
52
|
+
swap Devise, sign_out_all_scopes: false do
|
53
|
+
sign_in_as_admin
|
42
54
|
|
43
|
-
|
44
|
-
|
45
|
-
|
55
|
+
user = sign_in_as_user
|
56
|
+
get expire_user_path(user)
|
57
|
+
assert_not_nil last_request_at
|
58
|
+
|
59
|
+
get users_path
|
60
|
+
assert_redirected_to users_path
|
61
|
+
refute warden.authenticated?(:user)
|
62
|
+
assert warden.authenticated?(:admin)
|
63
|
+
end
|
46
64
|
end
|
47
65
|
|
48
66
|
test 'time out all sessions after default limit time when sign_out_all_scopes is true' do
|
@@ -54,8 +72,8 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
54
72
|
assert_not_nil last_request_at
|
55
73
|
|
56
74
|
get root_path
|
57
|
-
|
58
|
-
|
75
|
+
refute warden.authenticated?(:user)
|
76
|
+
refute warden.authenticated?(:admin)
|
59
77
|
end
|
60
78
|
end
|
61
79
|
|
@@ -73,7 +91,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
73
91
|
user = sign_in_as_user
|
74
92
|
get expire_user_path(user)
|
75
93
|
|
76
|
-
|
94
|
+
delete destroy_user_session_path
|
77
95
|
|
78
96
|
assert_response :redirect
|
79
97
|
assert_redirected_to root_path
|
@@ -92,39 +110,22 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
92
110
|
|
93
111
|
assert_response :success
|
94
112
|
assert_contain 'Sign in'
|
95
|
-
|
113
|
+
refute warden.authenticated?(:user)
|
96
114
|
end
|
97
115
|
|
98
116
|
test 'time out is not triggered on sign in' do
|
99
117
|
user = sign_in_as_user
|
100
118
|
get expire_user_path(user)
|
101
119
|
|
102
|
-
post "/users/sign_in", :email
|
120
|
+
post "/users/sign_in", params: { email: user.email, password: "123456" }
|
103
121
|
|
104
122
|
assert_response :redirect
|
105
123
|
follow_redirect!
|
106
124
|
assert_contain 'You are signed in'
|
107
125
|
end
|
108
126
|
|
109
|
-
test 'admin does not explode on time out' do
|
110
|
-
admin = sign_in_as_admin
|
111
|
-
get expire_admin_path(admin)
|
112
|
-
|
113
|
-
Admin.send :define_method, :reset_authentication_token! do
|
114
|
-
nil
|
115
|
-
end
|
116
|
-
|
117
|
-
begin
|
118
|
-
get admins_path
|
119
|
-
assert_redirected_to admins_path
|
120
|
-
assert_not warden.authenticated?(:admin)
|
121
|
-
ensure
|
122
|
-
Admin.send(:remove_method, :reset_authentication_token!)
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
127
|
test 'user configured timeout limit' do
|
127
|
-
swap Devise, :
|
128
|
+
swap Devise, timeout_in: 8.minutes do
|
128
129
|
user = sign_in_as_user
|
129
130
|
|
130
131
|
get users_path
|
@@ -135,13 +136,13 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
135
136
|
get expire_user_path(user)
|
136
137
|
get users_path
|
137
138
|
assert_redirected_to users_path
|
138
|
-
|
139
|
+
refute warden.authenticated?(:user)
|
139
140
|
end
|
140
141
|
end
|
141
142
|
|
142
143
|
test 'error message with i18n' do
|
143
|
-
store_translations :en, :
|
144
|
-
:
|
144
|
+
store_translations :en, devise: {
|
145
|
+
failure: { user: { timeout: 'Session expired!' } }
|
145
146
|
} do
|
146
147
|
user = sign_in_as_user
|
147
148
|
|
@@ -153,8 +154,8 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
153
154
|
end
|
154
155
|
|
155
156
|
test 'error message with i18n with double redirect' do
|
156
|
-
store_translations :en, :
|
157
|
-
:
|
157
|
+
store_translations :en, devise: {
|
158
|
+
failure: { user: { timeout: 'Session expired!' } }
|
158
159
|
} do
|
159
160
|
user = sign_in_as_user
|
160
161
|
|
@@ -167,7 +168,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
167
168
|
end
|
168
169
|
|
169
170
|
test 'time out not triggered if remembered' do
|
170
|
-
user = sign_in_as_user :
|
171
|
+
user = sign_in_as_user remember_me: true
|
171
172
|
get expire_user_path(user)
|
172
173
|
assert_not_nil last_request_at
|
173
174
|
|
@@ -175,4 +176,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
175
176
|
assert_response :success
|
176
177
|
assert warden.authenticated?(:user)
|
177
178
|
end
|
179
|
+
|
180
|
+
test 'does not crash when the last_request_at is a String' do
|
181
|
+
user = sign_in_as_user
|
182
|
+
|
183
|
+
get edit_form_user_path(user, last_request_at: Time.now.utc.to_s)
|
184
|
+
get users_path
|
185
|
+
end
|
178
186
|
end
|
@@ -1,6 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
|
-
class TrackableHooksTest <
|
5
|
+
class TrackableHooksTest < Devise::IntegrationTest
|
6
|
+
test "trackable should not run model validations" do
|
7
|
+
sign_in_as_user
|
8
|
+
|
9
|
+
refute User.validations_performed
|
10
|
+
end
|
4
11
|
|
5
12
|
test "current and last sign in timestamps are updated on each sign in" do
|
6
13
|
user = create_user
|
@@ -10,13 +17,13 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest
|
|
10
17
|
sign_in_as_user
|
11
18
|
user.reload
|
12
19
|
|
13
|
-
|
14
|
-
|
20
|
+
assert user.current_sign_in_at.acts_like?(:time)
|
21
|
+
assert user.last_sign_in_at.acts_like?(:time)
|
15
22
|
|
16
23
|
assert_equal user.current_sign_in_at, user.last_sign_in_at
|
17
24
|
assert user.current_sign_in_at >= user.created_at
|
18
25
|
|
19
|
-
|
26
|
+
delete destroy_user_session_path
|
20
27
|
new_time = 2.seconds.from_now
|
21
28
|
Time.stubs(:now).returns(new_time)
|
22
29
|
|
@@ -56,15 +63,15 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest
|
|
56
63
|
user.reload
|
57
64
|
assert_equal 1, user.sign_in_count
|
58
65
|
|
59
|
-
|
66
|
+
delete destroy_user_session_path
|
60
67
|
sign_in_as_user
|
61
68
|
user.reload
|
62
69
|
assert_equal 2, user.sign_in_count
|
63
70
|
end
|
64
71
|
|
65
72
|
test "does not update anything if user has signed out along the way" do
|
66
|
-
swap Devise, :
|
67
|
-
user = create_user(:
|
73
|
+
swap Devise, allow_unconfirmed_access_for: 0.days do
|
74
|
+
user = create_user(confirm: false)
|
68
75
|
sign_in_as_user
|
69
76
|
|
70
77
|
user.reload
|
@@ -80,7 +87,7 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest
|
|
80
87
|
end
|
81
88
|
user.reload
|
82
89
|
assert_equal 0, user.sign_in_count
|
83
|
-
|
90
|
+
delete destroy_user_session_path
|
84
91
|
|
85
92
|
sign_in_as_user do
|
86
93
|
header 'devise.skip_trackable', false
|