devise 3.2.1 → 4.4.3

data/test/orm/active_record.rb

@@ -1,10 +1,24 @@
+# frozen_string_literal: true
+
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
 ActiveRecord::Base.include_root_in_json = true
 
-ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__))
+migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__)
+if Devise::Test.rails52?
+  ActiveRecord::MigrationContext.new(migrate_path).migrate
+else
+  ActiveRecord::Migrator.migrate(migrate_path)
+end
 
 class ActiveSupport::TestCase
-  self.use_transactional_fixtures = true
+  if Devise::Test.rails5?
+    self.use_transactional_tests = true
+  else
+    # Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5.
+    require 'test_after_commit'
+    self.use_transactional_fixtures = true
+  end
+
   self.use_instantiated_fixtures  = false
 end

data/test/orm/mongoid.rb

@@ -1,13 +1,15 @@
+# frozen_string_literal: true
+
 require 'mongoid/version'
 
 Mongoid.configure do |config|
-  config.connect_to("devise-test-suite")
+  config.load!('test/support/mongoid.yml')
   config.use_utc = true
   config.include_root_in_json = true
 end
 
 class ActiveSupport::TestCase
   setup do
-    Mongoid.purge!
+    Mongoid.default_session.drop
   end
 end

data/test/parameter_sanitizer_test.rb

@@ -1,81 +1,77 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 require 'devise/parameter_sanitizer'
 
-class BaseSanitizerTest < ActiveSupport::TestCase
+class ParameterSanitizerTest < ActiveSupport::TestCase
   def sanitizer(params)
-    Devise::BaseSanitizer.new(User, :user, params)
+    params = ActionController::Parameters.new(params)
+    Devise::ParameterSanitizer.new(User, :user, params)
   end
 
-  test 'returns chosen params' do
-    sanitizer = sanitizer(user: { "email" => "jose" })
-    assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_in))
+  test 'permits the default parameters for sign in' do
+    sanitizer = sanitizer('user' => { 'email' => 'jose' })
+    sanitized = sanitizer.sanitize(:sign_in)
+
+    assert_equal({ 'email' => 'jose' }, sanitized)
   end
-end
 
-if defined?(ActionController::StrongParameters)
-  require 'active_model/forbidden_attributes_protection'
+  test 'permits the default parameters for sign up' do
+    sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' })
+    sanitized = sanitizer.sanitize(:sign_up)
 
-  class ParameterSanitizerTest < ActiveSupport::TestCase
-    def sanitizer(params)
-      params = ActionController::Parameters.new(params)
-      Devise::ParameterSanitizer.new(User, :user, params)
-    end
+    assert_equal({ 'email' => 'jose' }, sanitized)
+  end
 
-    test 'filters some parameters on sign in by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
-      assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
-    end
+  test 'permits the default parameters for account update' do
+    sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' })
+    sanitized = sanitizer.sanitize(:account_update)
 
-    test 'handles auth keys as a hash' do
-      swap Devise, :authentication_keys => {:email => true} do
-        sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-        assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
-      end
-    end
+    assert_equal({ 'email' => 'jose' }, sanitized)
+  end
 
-    test 'filters some parameters on sign up by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
-      assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_up))
-    end
+  test 'permits news parameters for an existing action' do
+    sanitizer = sanitizer('user' => { 'username' => 'jose' })
+    sanitizer.permit(:sign_in, keys: [:username])
+    sanitized = sanitizer.sanitize(:sign_in)
 
-    test 'filters some parameters on account update by default' do
-      sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
-      assert_equal({ "email" => "jose" }, sanitizer.sanitize(:account_update))
-    end
+    assert_equal({ 'username' => 'jose' }, sanitized)
+  end
 
-    test 'allows custom hooks' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-      sanitizer.for(:sign_in) { |user| user.permit(:email, :password) }
-      assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
+  test 'permits news parameters for an existing action with a block' do
+    sanitizer = sanitizer('user' => { 'username' => 'jose' })
+    sanitizer.permit(:sign_in) do |user|
+      user.permit(:username)
     end
 
-    test 'adding multiple permitted parameters' do
-      sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" })
-      sanitizer.for(:sign_in).concat([:username, :role])
-      assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.sanitize(:sign_in))
-    end
+    sanitized = sanitizer.sanitize(:sign_in)
 
-    test 'removing multiple default parameters' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
-      sanitizer.for(:sign_in).delete(:email)
-      sanitizer.for(:sign_in).delete(:password)
-      assert_equal({ "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
-    end
+    assert_equal({ 'username' => 'jose' }, sanitized)
+  end
 
-    test 'raises on unknown hooks' do
-      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-      assert_raise NotImplementedError do
-        sanitizer.sanitize(:unknown)
-      end
-    end
+  test 'permit parameters for new actions' do
+    sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'name' => 'Jose' })
+    sanitizer.permit(:invite_user, keys: [:email, :name])
+
+    sanitized = sanitizer.sanitize(:invite_user)
 
-    test 'passes parameters to filter as arguments to sanitizer' do
-      params = {user: stub}
-      sanitizer = Devise::ParameterSanitizer.new(User, :user, params)
+    assert_equal({ 'email' => 'jose@omglol', 'name' => 'Jose' }, sanitized)
+  end
 
-      params[:user].expects(:permit).with(kind_of(Symbol), kind_of(Symbol), kind_of(Symbol))
+  test 'fails when we do not have any permitted parameters for the action' do
+    sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid' })
 
-      sanitizer.sanitize(:sign_in)
+    assert_raise NotImplementedError do
+      sanitizer.sanitize(:unknown)
     end
   end
+
+  test 'removes permitted parameters' do
+    sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'username' => 'jose' })
+
+    sanitizer.permit(:sign_in, keys: [:username], except: [:email])
+    sanitized = sanitizer.sanitize(:sign_in)
+
+    assert_equal({ 'username' => 'jose' }, sanitized)
+  end
 end

data/test/rails_app/app/active_record/admin.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'shared_admin'
 
 class Admin < ActiveRecord::Base

data/test/rails_app/app/active_record/shim.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 module Shim
-end
+end

data/test/rails_app/app/active_record/user.rb

@@ -1,6 +1,20 @@
+# frozen_string_literal: true
+
 require 'shared_user'
 
 class User < ActiveRecord::Base
   include Shim
   include SharedUser
+  include ActiveModel::Serializers::Xml if Devise::Test.rails5?
+
+  validates :sign_in_count, presence: true
+
+  cattr_accessor :validations_performed
+
+  after_validation :after_validation_callback
+
+  def after_validation_callback
+    # used to check in our test if the validations were called
+    @@validations_performed = true
+  end
 end

data/test/rails_app/app/active_record/user_on_engine.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'shared_user_without_omniauth'
+
+class UserOnEngine < ActiveRecord::Base
+  self.table_name = 'users'
+  include Shim
+  include SharedUserWithoutOmniauth
+end

data/test/rails_app/app/active_record/user_on_main_app.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'shared_user_without_omniauth'
+
+class UserOnMainApp < ActiveRecord::Base
+  self.table_name = 'users'
+  include Shim
+  include SharedUserWithoutOmniauth
+end

data/test/rails_app/app/active_record/user_with_validations.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'shared_user'
+
+class UserWithValidations < ActiveRecord::Base
+  self.table_name = 'users'
+  include Shim
+  include SharedUser
+
+  validates :email, presence: true
+end
+

data/test/rails_app/app/active_record/user_without_email.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "shared_user_without_email"
+
+class UserWithoutEmail < ActiveRecord::Base
+  self.table_name = 'users'
+  include Shim
+  include SharedUserWithoutEmail
+end
+

data/test/rails_app/app/controllers/admins/sessions_controller.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 class Admins::SessionsController < Devise::SessionsController
   def new
     flash[:special] = "Welcome to #{controller_path.inspect} controller!"
     super
   end
-end
+end

data/test/rails_app/app/controllers/admins_controller.rb

@@ -1,11 +1,8 @@
+# frozen_string_literal: true
+
 class AdminsController < ApplicationController
-  before_filter :authenticate_admin!
+  before_action :authenticate_admin!
 
   def index
   end
-
-  def expire
-    admin_session['last_request_at'] = 31.minutes.ago.utc
-    render :text => 'Admin will be expired on next request'
-  end
 end

data/test/rails_app/app/controllers/application_controller.rb

@@ -1,9 +1,13 @@
+# frozen_string_literal: true
+
 # Filters added to this controller apply to all controllers in the application.
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
   protect_from_forgery
-  before_filter :current_user, :unless => :devise_controller?
-  before_filter :authenticate_user!, :if => :devise_controller?
-  respond_to *Mime::SET.map(&:to_sym)
+  before_action :current_user, unless: :devise_controller?
+  before_action :authenticate_user!, if: :devise_controller?
+  respond_to(*Mime::SET.map(&:to_sym))
+
+  devise_group :commenter, contains: [:user, :admin]
 end

data/test/rails_app/app/controllers/application_with_fake_engine.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class ApplicationWithFakeEngine < ApplicationController
+  private
+
+  helper_method :fake_engine
+  def fake_engine
+    @fake_engine ||= FakeEngine.new
+  end
+end
+
+class FakeEngine
+  def user_on_engine_confirmation_path
+    '/user_on_engine/confirmation'
+  end
+
+  def new_user_on_engine_session_path
+    '/user_on_engine/confirmation/new'
+  end
+
+  def new_user_on_engine_registration_path
+    '/user_on_engine/registration/new'
+  end
+
+  def new_user_on_engine_password_path
+    '/user_on_engine/password/new'
+  end
+
+  def new_user_on_engine_unlock_path
+    '/user_on_engine/unlock/new'
+  end
+end

data/test/rails_app/app/controllers/custom/registrations_controller.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Custom::RegistrationsController < Devise::RegistrationsController
+  def new
+    super do |resource|
+      @new_block_called = true
+    end
+  end
+
+  def create
+    super do |resource|
+      @create_block_called = true
+    end
+  end
+
+  def update
+    super do |resource|
+      @update_block_called = true
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def update_block_called?
+    @update_block_called == true
+  end
+
+  def new_block_called?
+    @new_block_called == true
+  end
+end

data/test/rails_app/app/controllers/home_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class HomeController < ApplicationController
   def index
   end
@@ -20,6 +22,10 @@ class HomeController < ApplicationController
   end
 
   def unauthenticated
-    render :text => "unauthenticated", :status => :unauthorized
+    if Devise::Test.rails5?
+      render body: "unauthenticated", status: :unauthorized
+    else
+      render text: "unauthenticated", status: :unauthorized
+    end
   end
 end

data/test/rails_app/app/controllers/publisher/registrations_controller.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 class Publisher::RegistrationsController < ApplicationController
-end
+end

data/test/rails_app/app/controllers/publisher/sessions_controller.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 class Publisher::SessionsController < ApplicationController
-end
+end

data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb

@@ -1,14 +1,16 @@
+# frozen_string_literal: true
+
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
   def facebook
-    data = env["omniauth.auth"]
+    data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : request.env["omniauth.auth"]
     session["devise.facebook_data"] = data["extra"]["user_hash"]
-    render :json => data
+    render json: data
   end
 
   def sign_in_facebook
-    user = User.find_by_email('user@test.com')
+    user = User.to_adapter.find_first(email: 'user@test.com')
     user.remember_me = true
     sign_in user
-    render :text => ""
+    render (Devise::Test.rails5? ? :body : :text) => ""
   end
-end
+end

data/test/rails_app/app/controllers/users_controller.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 class UsersController < ApplicationController
-  prepend_before_filter :current_user, :only => :exhibit
-  before_filter :authenticate_user!, :except => [:accept, :exhibit]
+  prepend_before_action :current_user, only: :exhibit
+  before_action :authenticate_user!, except: [:accept, :exhibit]
   respond_to :html, :xml
 
   def index
@@ -9,11 +11,11 @@ class UsersController < ApplicationController
   end
 
   def edit_form
-    user_session['last_request_at'] = 31.minutes.ago.utc
+    user_session['last_request_at'] = params.fetch(:last_request_at, 31.minutes.ago.utc)
   end
 
   def update_form
-    render :text => 'Update'
+    render (Devise::Test.rails5? ? :body : :text) => 'Update'
   end
 
   def accept
@@ -21,11 +23,11 @@ class UsersController < ApplicationController
   end
 
   def exhibit
-    render :text => current_user ? "User is authenticated" : "User is not authenticated"
+    render (Devise::Test.rails5? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated"
   end
 
   def expire
     user_session['last_request_at'] = 31.minutes.ago.utc
-    render :text => 'User will be expired on next request'
+    render (Devise::Test.rails5? ? :body : :text) => 'User will be expired on next request'
   end
 end