devise 3.2.1 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +58 -10
- data/CHANGELOG.md +199 -979
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +73 -8
- data/Gemfile +19 -11
- data/Gemfile.lock +152 -119
- data/ISSUE_TEMPLATE.md +19 -0
- data/MIT-LICENSE +1 -1
- data/README.md +347 -93
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +20 -8
- data/app/controllers/devise/registrations_controller.rb +34 -19
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +4 -2
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +28 -14
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/bin/test +13 -0
- data/config/locales/en.yml +22 -17
- data/devise.gemspec +7 -6
- data/gemfiles/Gemfile.rails-4.1-stable +32 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +32 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.0-stable +33 -0
- data/gemfiles/Gemfile.rails-5.0-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
- data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
- data/guides/bug_report_templates/integration_test.rb +106 -0
- data/lib/devise.rb +107 -84
- data/lib/devise/controllers/helpers.rb +111 -31
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +39 -26
- data/lib/devise/controllers/store_location.rb +31 -2
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +98 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models.rb +3 -1
- data/lib/devise/models/authenticatable.rb +63 -36
- data/lib/devise/models/confirmable.rb +121 -41
- data/lib/devise/models/database_authenticatable.rb +66 -23
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +2 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +12 -3
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +2 -0
- data/lib/devise/parameter_sanitizer.rb +131 -69
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/secret_key_finder.rb +25 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -5
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/generators/active_record/devise_generator.rb +47 -10
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +9 -5
- data/lib/generators/devise/install_generator.rb +22 -0
- data/lib/generators/devise/orm_helpers.rb +8 -19
- data/lib/generators/devise/views_generator.rb +51 -28
- data/lib/generators/mongoid/devise_generator.rb +22 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +64 -35
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +42 -0
- data/test/controllers/custom_strategy_test.rb +10 -6
- data/test/controllers/helper_methods_test.rb +24 -0
- data/test/controllers/helpers_test.rb +88 -40
- data/test/controllers/inherited_controller_i18n_messages_test.rb +53 -0
- data/test/controllers/internal_helpers_test.rb +31 -22
- data/test/controllers/load_hooks_controller_test.rb +21 -0
- data/test/controllers/passwords_controller_test.rb +8 -5
- data/test/controllers/sessions_controller_test.rb +42 -33
- data/test/controllers/url_helpers_test.rb +13 -5
- data/test/delegator_test.rb +3 -1
- data/test/devise_test.rb +34 -19
- data/test/failure_app_test.rb +150 -42
- data/test/generators/active_record_generator_test.rb +58 -31
- data/test/generators/controllers_generator_test.rb +50 -0
- data/test/generators/devise_generator_test.rb +4 -2
- data/test/generators/install_generator_test.rb +16 -3
- data/test/generators/mongoid_generator_test.rb +5 -3
- data/test/generators/views_generator_test.rb +40 -2
- data/test/helpers/devise_helper_test.rb +20 -20
- data/test/integration/authenticatable_test.rb +134 -141
- data/test/integration/confirmable_test.rb +109 -67
- data/test/integration/database_authenticatable_test.rb +36 -23
- data/test/integration/http_authenticatable_test.rb +29 -20
- data/test/integration/lockable_test.rb +52 -49
- data/test/integration/mounted_engine_test.rb +38 -0
- data/test/integration/omniauthable_test.rb +30 -15
- data/test/integration/recoverable_test.rb +76 -61
- data/test/integration/registerable_test.rb +107 -91
- data/test/integration/rememberable_test.rb +82 -30
- data/test/integration/timeoutable_test.rb +48 -40
- data/test/integration/trackable_test.rb +15 -8
- data/test/mailers/confirmation_instructions_test.rb +16 -14
- data/test/mailers/email_changed_test.rb +132 -0
- data/test/mailers/mailer_test.rb +20 -0
- data/test/mailers/reset_password_instructions_test.rb +13 -11
- data/test/mailers/unlock_instructions_test.rb +12 -10
- data/test/mapping_test.rb +15 -6
- data/test/models/authenticatable_test.rb +15 -3
- data/test/models/confirmable_test.rb +190 -95
- data/test/models/database_authenticatable_test.rb +75 -41
- data/test/models/lockable_test.rb +115 -61
- data/test/models/omniauthable_test.rb +3 -1
- data/test/models/recoverable_test.rb +116 -37
- data/test/models/registerable_test.rb +3 -1
- data/test/models/rememberable_test.rb +95 -94
- data/test/models/serializable_test.rb +19 -8
- data/test/models/timeoutable_test.rb +10 -8
- data/test/models/trackable_test.rb +50 -1
- data/test/models/validatable_test.rb +24 -30
- data/test/models_test.rb +19 -8
- data/test/omniauth/config_test.rb +15 -11
- data/test/omniauth/url_helpers_test.rb +8 -9
- data/test/orm/active_record.rb +16 -2
- data/test/orm/mongoid.rb +4 -2
- data/test/parameter_sanitizer_test.rb +53 -57
- data/test/rails_app/app/active_record/admin.rb +2 -0
- data/test/rails_app/app/active_record/shim.rb +3 -1
- data/test/rails_app/app/active_record/user.rb +14 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +9 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +9 -0
- data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
- data/test/rails_app/app/active_record/user_without_email.rb +10 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/admins_controller.rb +3 -6
- data/test/rails_app/app/controllers/application_controller.rb +7 -3
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +32 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +33 -0
- data/test/rails_app/app/controllers/home_controller.rb +7 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +3 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -5
- data/test/rails_app/app/controllers/users_controller.rb +8 -6
- data/test/rails_app/app/helpers/application_helper.rb +2 -0
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +5 -0
- data/test/rails_app/app/mailers/users/mailer.rb +3 -10
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +6 -0
- data/test/rails_app/app/mongoid/admin.rb +13 -11
- data/test/rails_app/app/mongoid/shim.rb +4 -2
- data/test/rails_app/app/mongoid/user.rb +30 -19
- data/test/rails_app/app/mongoid/user_on_engine.rb +41 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +41 -0
- data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +35 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/config/application.rb +13 -5
- data/test/rails_app/config/boot.rb +17 -4
- data/test/rails_app/config/environment.rb +2 -0
- data/test/rails_app/config/environments/development.rb +2 -0
- data/test/rails_app/config/environments/production.rb +10 -2
- data/test/rails_app/config/environments/test.rb +14 -3
- data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
- data/test/rails_app/config/initializers/devise.rb +22 -21
- data/test/rails_app/config/initializers/inflections.rb +2 -0
- data/test/rails_app/config/initializers/secret_token.rb +3 -6
- data/test/rails_app/config/initializers/session_store.rb +2 -0
- data/test/rails_app/config/routes.rb +67 -43
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +16 -10
- data/test/rails_app/db/schema.rb +2 -0
- data/test/rails_app/lib/shared_admin.rb +10 -4
- data/test/rails_app/lib/shared_user.rb +4 -1
- data/test/rails_app/lib/shared_user_without_email.rb +28 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +15 -0
- data/test/rails_test.rb +11 -0
- data/test/routes_test.rb +92 -61
- data/test/secret_key_finder_test.rb +97 -0
- data/test/support/action_controller/record_identifier.rb +12 -0
- data/test/support/assertions.rb +4 -14
- data/test/support/helpers.rb +23 -10
- data/test/support/http_method_compatibility.rb +53 -0
- data/test/support/integration.rb +19 -16
- data/test/support/mongoid.yml +6 -0
- data/test/support/webrat/integrations/rails.rb +11 -0
- data/test/{test_helpers_test.rb → test/controller_helpers_test.rb} +60 -40
- data/test/test/integration_helpers_test.rb +34 -0
- data/test/test_helper.rb +9 -0
- data/test/test_models.rb +8 -6
- metadata +123 -53
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
@@ -1,7 +1,9 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class OmniauthableTest < ActiveSupport::TestCase
|
4
6
|
test 'required_fields should contain the fields that Devise uses' do
|
5
|
-
|
7
|
+
assert_equal Devise::Models::Omniauthable.required_fields(User), []
|
6
8
|
end
|
7
9
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class RecoverableTest < ActiveSupport::TestCase
|
@@ -23,13 +25,13 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
23
25
|
|
24
26
|
test 'should reset password and password confirmation from params' do
|
25
27
|
user = create_user
|
26
|
-
user.reset_password
|
28
|
+
user.reset_password('123456789', '987654321')
|
27
29
|
assert_equal '123456789', user.password
|
28
30
|
assert_equal '987654321', user.password_confirmation
|
29
31
|
end
|
30
32
|
|
31
33
|
test 'should reset password and save the record' do
|
32
|
-
assert create_user.reset_password
|
34
|
+
assert create_user.reset_password('123456789', '123456789')
|
33
35
|
end
|
34
36
|
|
35
37
|
test 'should clear reset password token while reseting the password' do
|
@@ -38,7 +40,53 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
38
40
|
|
39
41
|
user.send_reset_password_instructions
|
40
42
|
assert_present user.reset_password_token
|
41
|
-
assert user.reset_password
|
43
|
+
assert user.reset_password('123456789', '123456789')
|
44
|
+
assert_nil user.reset_password_token
|
45
|
+
end
|
46
|
+
|
47
|
+
test 'should not clear reset password token for new user' do
|
48
|
+
user = new_user
|
49
|
+
assert_nil user.reset_password_token
|
50
|
+
|
51
|
+
user.send_reset_password_instructions
|
52
|
+
assert_present user.reset_password_token
|
53
|
+
|
54
|
+
user.save
|
55
|
+
assert_present user.reset_password_token
|
56
|
+
end
|
57
|
+
|
58
|
+
test 'should clear reset password token if changing password' do
|
59
|
+
user = create_user
|
60
|
+
assert_nil user.reset_password_token
|
61
|
+
|
62
|
+
user.send_reset_password_instructions
|
63
|
+
assert_present user.reset_password_token
|
64
|
+
user.password = "123456678"
|
65
|
+
user.password_confirmation = "123456678"
|
66
|
+
user.save!
|
67
|
+
assert_nil user.reset_password_token
|
68
|
+
end
|
69
|
+
|
70
|
+
test 'should clear reset password token if changing email' do
|
71
|
+
user = create_user
|
72
|
+
assert_nil user.reset_password_token
|
73
|
+
|
74
|
+
user.send_reset_password_instructions
|
75
|
+
assert_present user.reset_password_token
|
76
|
+
user.email = "another@example.com"
|
77
|
+
user.save!
|
78
|
+
assert_nil user.reset_password_token
|
79
|
+
end
|
80
|
+
|
81
|
+
test 'should clear reset password successfully even if there is no email' do
|
82
|
+
user = create_user_without_email
|
83
|
+
assert_nil user.reset_password_token
|
84
|
+
|
85
|
+
user.send_reset_password_instructions
|
86
|
+
assert_present user.reset_password_token
|
87
|
+
user.password = "123456678"
|
88
|
+
user.password_confirmation = "123456678"
|
89
|
+
user.save!
|
42
90
|
assert_nil user.reset_password_token
|
43
91
|
end
|
44
92
|
|
@@ -46,14 +94,14 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
46
94
|
user = create_user
|
47
95
|
user.send_reset_password_instructions
|
48
96
|
assert_present user.reset_password_token
|
49
|
-
|
97
|
+
refute user.reset_password('123456789', '987654321')
|
50
98
|
assert_present user.reset_password_token
|
51
99
|
end
|
52
100
|
|
53
101
|
test 'should not reset password with invalid data' do
|
54
102
|
user = create_user
|
55
103
|
user.stubs(:valid?).returns(false)
|
56
|
-
|
104
|
+
refute user.reset_password('123456789', '987654321')
|
57
105
|
end
|
58
106
|
|
59
107
|
test 'should reset reset password token and send instructions by email' do
|
@@ -67,29 +115,29 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
67
115
|
|
68
116
|
test 'should find a user to send instructions by email' do
|
69
117
|
user = create_user
|
70
|
-
reset_password_user = User.send_reset_password_instructions(:
|
118
|
+
reset_password_user = User.send_reset_password_instructions(email: user.email)
|
71
119
|
assert_equal reset_password_user, user
|
72
120
|
end
|
73
121
|
|
74
122
|
test 'should return a new record with errors if user was not found by e-mail' do
|
75
|
-
reset_password_user = User.send_reset_password_instructions(:
|
76
|
-
|
123
|
+
reset_password_user = User.send_reset_password_instructions(email: "invalid@example.com")
|
124
|
+
refute reset_password_user.persisted?
|
77
125
|
assert_equal "not found", reset_password_user.errors[:email].join
|
78
126
|
end
|
79
127
|
|
80
128
|
test 'should find a user to send instructions by authentication_keys' do
|
81
|
-
swap Devise, :
|
129
|
+
swap Devise, authentication_keys: [:username, :email] do
|
82
130
|
user = create_user
|
83
|
-
reset_password_user = User.send_reset_password_instructions(:
|
131
|
+
reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username)
|
84
132
|
assert_equal reset_password_user, user
|
85
133
|
end
|
86
134
|
end
|
87
135
|
|
88
136
|
test 'should require all reset_password_keys' do
|
89
|
-
swap Devise, :
|
137
|
+
swap Devise, reset_password_keys: [:username, :email] do
|
90
138
|
user = create_user
|
91
|
-
reset_password_user = User.send_reset_password_instructions(:
|
92
|
-
|
139
|
+
reset_password_user = User.send_reset_password_instructions(email: user.email)
|
140
|
+
refute reset_password_user.persisted?
|
93
141
|
assert_equal "can't be blank", reset_password_user.errors[:username].join
|
94
142
|
end
|
95
143
|
end
|
@@ -97,34 +145,34 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
97
145
|
test 'should reset reset_password_token before send the reset instructions email' do
|
98
146
|
user = create_user
|
99
147
|
token = user.reset_password_token
|
100
|
-
User.send_reset_password_instructions(:
|
148
|
+
User.send_reset_password_instructions(email: user.email)
|
101
149
|
assert_not_equal token, user.reload.reset_password_token
|
102
150
|
end
|
103
151
|
|
104
|
-
test 'should send email instructions to the user reset
|
152
|
+
test 'should send email instructions to the user reset their password' do
|
105
153
|
user = create_user
|
106
154
|
assert_email_sent do
|
107
|
-
User.send_reset_password_instructions(:
|
155
|
+
User.send_reset_password_instructions(email: user.email)
|
108
156
|
end
|
109
157
|
end
|
110
158
|
|
111
|
-
test 'should find a user to reset
|
159
|
+
test 'should find a user to reset their password based on the raw token' do
|
112
160
|
user = create_user
|
113
161
|
raw = user.send_reset_password_instructions
|
114
162
|
|
115
|
-
reset_password_user = User.reset_password_by_token(:
|
163
|
+
reset_password_user = User.reset_password_by_token(reset_password_token: raw)
|
116
164
|
assert_equal reset_password_user, user
|
117
165
|
end
|
118
166
|
|
119
167
|
test 'should return a new record with errors if no reset_password_token is found' do
|
120
|
-
reset_password_user = User.reset_password_by_token(:
|
121
|
-
|
168
|
+
reset_password_user = User.reset_password_by_token(reset_password_token: 'invalid_token')
|
169
|
+
refute reset_password_user.persisted?
|
122
170
|
assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
|
123
171
|
end
|
124
172
|
|
125
173
|
test 'should return a new record with errors if reset_password_token is blank' do
|
126
|
-
reset_password_user = User.reset_password_by_token(:
|
127
|
-
|
174
|
+
reset_password_user = User.reset_password_by_token(reset_password_token: '')
|
175
|
+
refute reset_password_user.persisted?
|
128
176
|
assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join
|
129
177
|
end
|
130
178
|
|
@@ -132,9 +180,20 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
132
180
|
user = create_user
|
133
181
|
raw = user.send_reset_password_instructions
|
134
182
|
|
135
|
-
reset_password_user = User.reset_password_by_token(:
|
136
|
-
|
183
|
+
reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '')
|
184
|
+
refute reset_password_user.errors.empty?
|
185
|
+
assert_match "can't be blank", reset_password_user.errors[:password].join
|
186
|
+
assert_equal raw, reset_password_user.reset_password_token
|
187
|
+
end
|
188
|
+
|
189
|
+
test 'should return a new record with errors if password is not provided' do
|
190
|
+
user = create_user
|
191
|
+
raw = user.send_reset_password_instructions
|
192
|
+
|
193
|
+
reset_password_user = User.reset_password_by_token(reset_password_token: raw)
|
194
|
+
refute reset_password_user.errors.empty?
|
137
195
|
assert_match "can't be blank", reset_password_user.errors[:password].join
|
196
|
+
assert_equal raw, reset_password_user.reset_password_token
|
138
197
|
end
|
139
198
|
|
140
199
|
test 'should reset successfully user password given the new password and confirmation' do
|
@@ -142,19 +201,21 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
142
201
|
old_password = user.password
|
143
202
|
raw = user.send_reset_password_instructions
|
144
203
|
|
145
|
-
User.reset_password_by_token(
|
146
|
-
:
|
147
|
-
:
|
148
|
-
:
|
204
|
+
reset_password_user = User.reset_password_by_token(
|
205
|
+
reset_password_token: raw,
|
206
|
+
password: 'new_password',
|
207
|
+
password_confirmation: 'new_password'
|
149
208
|
)
|
150
|
-
|
209
|
+
assert_nil reset_password_user.reset_password_token
|
151
210
|
|
152
|
-
|
211
|
+
user.reload
|
212
|
+
refute user.valid_password?(old_password)
|
153
213
|
assert user.valid_password?('new_password')
|
214
|
+
assert_nil user.reset_password_token
|
154
215
|
end
|
155
216
|
|
156
217
|
test 'should not reset password after reset_password_within time' do
|
157
|
-
swap Devise, :
|
218
|
+
swap Devise, reset_password_within: 1.hour do
|
158
219
|
user = create_user
|
159
220
|
raw = user.send_reset_password_instructions
|
160
221
|
|
@@ -163,22 +224,40 @@ class RecoverableTest < ActiveSupport::TestCase
|
|
163
224
|
user.save!
|
164
225
|
|
165
226
|
reset_password_user = User.reset_password_by_token(
|
166
|
-
:
|
167
|
-
:
|
168
|
-
:
|
227
|
+
reset_password_token: raw,
|
228
|
+
password: 'new_password',
|
229
|
+
password_confirmation: 'new_password'
|
169
230
|
)
|
170
231
|
user.reload
|
171
232
|
|
172
233
|
assert user.valid_password?(old_password)
|
173
|
-
|
234
|
+
refute user.valid_password?('new_password')
|
174
235
|
assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
|
175
236
|
end
|
176
237
|
end
|
177
238
|
|
178
239
|
test 'required_fields should contain the fields that Devise uses' do
|
179
|
-
|
240
|
+
assert_equal Devise::Models::Recoverable.required_fields(User), [
|
180
241
|
:reset_password_sent_at,
|
181
242
|
:reset_password_token
|
182
243
|
]
|
183
|
-
end
|
244
|
+
end
|
245
|
+
|
246
|
+
test 'should return a user based on the raw token' do
|
247
|
+
user = create_user
|
248
|
+
raw = user.send_reset_password_instructions
|
249
|
+
|
250
|
+
assert_equal User.with_reset_password_token(raw), user
|
251
|
+
end
|
252
|
+
|
253
|
+
test 'should return the same reset password token as generated' do
|
254
|
+
user = create_user
|
255
|
+
raw = user.send_reset_password_instructions
|
256
|
+
assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
|
257
|
+
end
|
258
|
+
|
259
|
+
test 'should return nil if a user based on the raw token is not found' do
|
260
|
+
assert_nil User.with_reset_password_token('random-token')
|
261
|
+
end
|
262
|
+
|
184
263
|
end
|
@@ -1,7 +1,9 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class RegisterableTest < ActiveSupport::TestCase
|
4
6
|
test 'required_fields should contain the fields that Devise uses' do
|
5
|
-
|
7
|
+
assert_equal Devise::Models::Registerable.required_fields(User), []
|
6
8
|
end
|
7
9
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class RememberableTest < ActiveSupport::TestCase
|
@@ -13,6 +15,19 @@ class RememberableTest < ActiveSupport::TestCase
|
|
13
15
|
user = create_user
|
14
16
|
user.expects(:valid?).never
|
15
17
|
user.remember_me!
|
18
|
+
assert user.remember_created_at
|
19
|
+
end
|
20
|
+
|
21
|
+
test 'remember_me should not generate a new token if valid token exists' do
|
22
|
+
user = create_user
|
23
|
+
user.singleton_class.send(:attr_accessor, :remember_token)
|
24
|
+
User.to_adapter.expects(:find_first).returns(nil)
|
25
|
+
|
26
|
+
user.remember_me!
|
27
|
+
existing_token = user.remember_token
|
28
|
+
|
29
|
+
user.remember_me!
|
30
|
+
assert_equal existing_token, user.remember_token
|
16
31
|
end
|
17
32
|
|
18
33
|
test 'forget_me should not clear remember token if using salt' do
|
@@ -33,150 +48,136 @@ class RememberableTest < ActiveSupport::TestCase
|
|
33
48
|
test 'serialize into cookie' do
|
34
49
|
user = create_user
|
35
50
|
user.remember_me!
|
36
|
-
|
51
|
+
id, token, date = User.serialize_into_cookie(user)
|
52
|
+
assert_equal id, user.to_key
|
53
|
+
assert_equal token, user.authenticatable_salt
|
54
|
+
assert date.is_a?(String)
|
37
55
|
end
|
38
56
|
|
39
57
|
test 'serialize from cookie' do
|
40
58
|
user = create_user
|
41
59
|
user.remember_me!
|
42
|
-
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
|
60
|
+
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc)
|
43
61
|
end
|
44
62
|
|
45
|
-
test '
|
46
|
-
user =
|
47
|
-
user.
|
48
|
-
|
49
|
-
user.rememberable_value
|
50
|
-
end
|
63
|
+
test 'serialize from cookie should accept a String with the datetime seconds and microseconds' do
|
64
|
+
user = create_user
|
65
|
+
user.remember_me!
|
66
|
+
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc.to_f.to_json)
|
51
67
|
end
|
52
68
|
|
53
|
-
test 'should
|
54
|
-
|
55
|
-
|
69
|
+
test 'serialize from cookie should return nil with invalid datetime' do
|
70
|
+
user = create_user
|
71
|
+
user.remember_me!
|
72
|
+
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, "2013")
|
56
73
|
end
|
57
74
|
|
58
|
-
test '
|
59
|
-
|
60
|
-
resource.remember_me!
|
61
|
-
assert_not resource.remember_created_at.nil?
|
62
|
-
resource.forget_me!
|
63
|
-
assert resource.remember_created_at.nil?
|
75
|
+
test 'serialize from cookie should return nil if no resource is found' do
|
76
|
+
assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc)
|
64
77
|
end
|
65
78
|
|
66
|
-
test '
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
resource.destroy
|
72
|
-
resource.forget_me!
|
79
|
+
test 'serialize from cookie should return nil if no timestamp' do
|
80
|
+
user = create_user
|
81
|
+
user.remember_me!
|
82
|
+
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
|
73
83
|
end
|
74
84
|
|
75
|
-
test '
|
76
|
-
|
85
|
+
test 'serialize from cookie should return nil if timestamp is earlier than token creation' do
|
86
|
+
user = create_user
|
87
|
+
user.remember_me!
|
88
|
+
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 1.day.ago)
|
77
89
|
end
|
78
90
|
|
79
|
-
test 'serialize should return nil if
|
80
|
-
|
91
|
+
test 'serialize from cookie should return nil if timestamp is older than remember_for' do
|
92
|
+
user = create_user
|
93
|
+
user.remember_created_at = 1.month.ago
|
94
|
+
user.remember_me!
|
95
|
+
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 3.weeks.ago)
|
81
96
|
end
|
82
97
|
|
83
|
-
test '
|
84
|
-
|
85
|
-
|
98
|
+
test 'serialize from cookie me return nil if is a valid resource with invalid token' do
|
99
|
+
user = create_user
|
100
|
+
user.remember_me!
|
101
|
+
assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc)
|
86
102
|
end
|
87
103
|
|
88
|
-
test '
|
89
|
-
|
90
|
-
|
91
|
-
resource.remember_me!
|
92
|
-
assert_not resource.remember_expired?
|
93
|
-
end
|
94
|
-
end
|
104
|
+
test 'raises a RuntimeError if the user does not implements a rememberable value' do
|
105
|
+
user = User.new
|
106
|
+
assert_raise(RuntimeError) { user.rememberable_value }
|
95
107
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
resource.remember_me!
|
100
|
-
assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date
|
108
|
+
user_with_remember_token = User.new
|
109
|
+
def user_with_remember_token.remember_token; '123-token'; end
|
110
|
+
assert_equal '123-token', user_with_remember_token.rememberable_value
|
101
111
|
|
102
|
-
|
103
|
-
|
104
|
-
|
112
|
+
user_with_salt = User.new
|
113
|
+
def user_with_salt.authenticatable_salt; '123-salt'; end
|
114
|
+
assert_equal '123-salt', user_with_salt.rememberable_value
|
105
115
|
end
|
106
116
|
|
107
|
-
test '
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
assert resource.remember_expired?
|
117
|
+
test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
|
118
|
+
user = User.new
|
119
|
+
def user.authenticatable_salt; nil; end
|
120
|
+
assert_raise RuntimeError do
|
121
|
+
user.rememberable_value
|
113
122
|
end
|
114
|
-
end
|
115
123
|
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
resource.remember_created_at = 2.days.ago
|
121
|
-
resource.save
|
122
|
-
assert resource.remember_expired?
|
124
|
+
user = User.new
|
125
|
+
def user.authenticatable_salt; ""; end
|
126
|
+
assert_raise RuntimeError do
|
127
|
+
user.rememberable_value
|
123
128
|
end
|
124
129
|
end
|
125
130
|
|
126
|
-
test '
|
127
|
-
|
131
|
+
test 'should respond to remember_me attribute' do
|
132
|
+
assert resource_class.new.respond_to?(:remember_me)
|
133
|
+
assert resource_class.new.respond_to?(:remember_me=)
|
134
|
+
end
|
135
|
+
|
136
|
+
test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do
|
137
|
+
swap Devise, expire_all_remember_me_on_sign_out: true do
|
128
138
|
resource = create_resource
|
129
139
|
resource.remember_me!
|
130
|
-
resource.remember_created_at
|
131
|
-
|
132
|
-
|
140
|
+
assert_not_nil resource.remember_created_at
|
141
|
+
|
142
|
+
resource.forget_me!
|
143
|
+
assert_nil resource.remember_created_at
|
133
144
|
end
|
134
145
|
end
|
135
146
|
|
136
|
-
test '
|
137
|
-
swap Devise, :
|
147
|
+
test 'forget_me should not clear remember_created_at if expire_all_remember_me_on_sign_out is false' do
|
148
|
+
swap Devise, expire_all_remember_me_on_sign_out: false do
|
138
149
|
resource = create_resource
|
139
|
-
resource.remember_me!
|
140
|
-
assert resource.remember_created_at
|
150
|
+
resource.remember_me!
|
141
151
|
|
142
|
-
resource.remember_created_at
|
143
|
-
resource.save
|
152
|
+
assert_not_nil resource.remember_created_at
|
144
153
|
|
145
|
-
resource.
|
146
|
-
|
154
|
+
resource.forget_me!
|
155
|
+
assert_not_nil resource.remember_created_at
|
147
156
|
end
|
148
157
|
end
|
149
158
|
|
150
|
-
test '
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
assert resource.remember_created_at
|
155
|
-
|
156
|
-
resource.remember_created_at = old = 10.minutes.ago.utc
|
157
|
-
resource.save
|
159
|
+
test 'forget_me should not try to update resource if it has been destroyed' do
|
160
|
+
resource = create_resource
|
161
|
+
resource.expects(:remember_created_at).never
|
162
|
+
resource.expects(:save).never
|
158
163
|
|
159
|
-
|
160
|
-
|
161
|
-
end
|
164
|
+
resource.destroy
|
165
|
+
resource.forget_me!
|
162
166
|
end
|
163
167
|
|
164
|
-
test '
|
165
|
-
swap Devise, :
|
168
|
+
test 'remember expires at uses remember for configuration' do
|
169
|
+
swap Devise, remember_for: 3.days do
|
166
170
|
resource = create_resource
|
167
|
-
resource.remember_me!
|
168
|
-
|
169
|
-
|
170
|
-
resource.remember_created_at = old = 10.minutes.ago
|
171
|
-
resource.save
|
171
|
+
resource.remember_me!
|
172
|
+
assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date
|
172
173
|
|
173
|
-
|
174
|
-
|
174
|
+
Devise.remember_for = 5.days
|
175
|
+
assert_equal 5.days.from_now.to_date, resource.remember_expires_at.to_date
|
175
176
|
end
|
176
177
|
end
|
177
178
|
|
178
179
|
test 'should have the required_fields array' do
|
179
|
-
|
180
|
+
assert_equal Devise::Models::Rememberable.required_fields(User), [
|
180
181
|
:remember_created_at
|
181
182
|
]
|
182
183
|
end
|