devise 3.2.2 → 4.6.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/CHANGELOG.md +242 -978
- data/MIT-LICENSE +1 -1
- data/README.md +371 -100
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +21 -8
- data/app/controllers/devise/registrations_controller.rb +59 -26
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +12 -19
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +9 -5
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +16 -7
- data/app/views/devise/passwords/new.html.erb +9 -5
- data/app/views/devise/registrations/edit.html.erb +29 -15
- data/app/views/devise/registrations/new.html.erb +20 -9
- data/app/views/devise/sessions/new.html.erb +19 -10
- data/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +9 -9
- data/app/views/devise/unlocks/new.html.erb +9 -5
- data/config/locales/en.yml +23 -17
- data/lib/devise/controllers/helpers.rb +112 -32
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +42 -26
- data/lib/devise/controllers/store_location.rb +31 -5
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +125 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models/authenticatable.rb +82 -56
- data/lib/devise/models/confirmable.rb +125 -42
- data/lib/devise/models/database_authenticatable.rb +110 -32
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +4 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +20 -4
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/models.rb +3 -1
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +4 -0
- data/lib/devise/parameter_sanitizer.rb +139 -65
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/secret_key_finder.rb +27 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +14 -6
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/devise.rb +111 -84
- data/lib/generators/active_record/devise_generator.rb +49 -12
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +7 -5
- data/lib/generators/devise/install_generator.rb +21 -0
- data/lib/generators/devise/orm_helpers.rb +10 -21
- data/lib/generators/devise/views_generator.rb +49 -28
- data/lib/generators/mongoid/devise_generator.rb +21 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +81 -36
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +6 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +9 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +5 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +14 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +12 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +11 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +5 -2
- metadata +52 -280
- data/.gitignore +0 -10
- data/.travis.yml +0 -20
- data/.yardopts +0 -9
- data/CONTRIBUTING.md +0 -14
- data/Gemfile +0 -31
- data/Gemfile.lock +0 -160
- data/Rakefile +0 -35
- data/devise.gemspec +0 -27
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
- data/test/controllers/custom_strategy_test.rb +0 -62
- data/test/controllers/helpers_test.rb +0 -276
- data/test/controllers/internal_helpers_test.rb +0 -120
- data/test/controllers/passwords_controller_test.rb +0 -31
- data/test/controllers/sessions_controller_test.rb +0 -99
- data/test/controllers/url_helpers_test.rb +0 -59
- data/test/delegator_test.rb +0 -19
- data/test/devise_test.rb +0 -94
- data/test/failure_app_test.rb +0 -232
- data/test/generators/active_record_generator_test.rb +0 -103
- data/test/generators/devise_generator_test.rb +0 -39
- data/test/generators/install_generator_test.rb +0 -13
- data/test/generators/mongoid_generator_test.rb +0 -23
- data/test/generators/views_generator_test.rb +0 -67
- data/test/helpers/devise_helper_test.rb +0 -51
- data/test/integration/authenticatable_test.rb +0 -713
- data/test/integration/confirmable_test.rb +0 -284
- data/test/integration/database_authenticatable_test.rb +0 -84
- data/test/integration/http_authenticatable_test.rb +0 -105
- data/test/integration/lockable_test.rb +0 -239
- data/test/integration/omniauthable_test.rb +0 -133
- data/test/integration/recoverable_test.rb +0 -334
- data/test/integration/registerable_test.rb +0 -349
- data/test/integration/rememberable_test.rb +0 -167
- data/test/integration/timeoutable_test.rb +0 -183
- data/test/integration/trackable_test.rb +0 -92
- data/test/mailers/confirmation_instructions_test.rb +0 -115
- data/test/mailers/reset_password_instructions_test.rb +0 -96
- data/test/mailers/unlock_instructions_test.rb +0 -91
- data/test/mapping_test.rb +0 -127
- data/test/models/authenticatable_test.rb +0 -13
- data/test/models/confirmable_test.rb +0 -454
- data/test/models/database_authenticatable_test.rb +0 -249
- data/test/models/lockable_test.rb +0 -298
- data/test/models/omniauthable_test.rb +0 -7
- data/test/models/recoverable_test.rb +0 -184
- data/test/models/registerable_test.rb +0 -7
- data/test/models/rememberable_test.rb +0 -183
- data/test/models/serializable_test.rb +0 -49
- data/test/models/timeoutable_test.rb +0 -51
- data/test/models/trackable_test.rb +0 -13
- data/test/models/validatable_test.rb +0 -127
- data/test/models_test.rb +0 -144
- data/test/omniauth/config_test.rb +0 -57
- data/test/omniauth/url_helpers_test.rb +0 -54
- data/test/orm/active_record.rb +0 -10
- data/test/orm/mongoid.rb +0 -13
- data/test/parameter_sanitizer_test.rb +0 -81
- data/test/rails_app/Rakefile +0 -6
- data/test/rails_app/app/active_record/admin.rb +0 -6
- data/test/rails_app/app/active_record/shim.rb +0 -2
- data/test/rails_app/app/active_record/user.rb +0 -6
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
- data/test/rails_app/app/controllers/admins_controller.rb +0 -11
- data/test/rails_app/app/controllers/application_controller.rb +0 -9
- data/test/rails_app/app/controllers/home_controller.rb +0 -25
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
- data/test/rails_app/app/controllers/users_controller.rb +0 -31
- data/test/rails_app/app/helpers/application_helper.rb +0 -3
- data/test/rails_app/app/mailers/users/mailer.rb +0 -12
- data/test/rails_app/app/mongoid/admin.rb +0 -29
- data/test/rails_app/app/mongoid/shim.rb +0 -23
- data/test/rails_app/app/mongoid/user.rb +0 -39
- data/test/rails_app/app/views/admins/index.html.erb +0 -1
- data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/home/index.html.erb +0 -1
- data/test/rails_app/app/views/home/join.html.erb +0 -1
- data/test/rails_app/app/views/home/private.html.erb +0 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/layouts/application.html.erb +0 -24
- data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
- data/test/rails_app/app/views/users/index.html.erb +0 -1
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
- data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
- data/test/rails_app/bin/bundle +0 -3
- data/test/rails_app/bin/rails +0 -4
- data/test/rails_app/bin/rake +0 -4
- data/test/rails_app/config/application.rb +0 -40
- data/test/rails_app/config/boot.rb +0 -14
- data/test/rails_app/config/database.yml +0 -18
- data/test/rails_app/config/environment.rb +0 -5
- data/test/rails_app/config/environments/development.rb +0 -30
- data/test/rails_app/config/environments/production.rb +0 -80
- data/test/rails_app/config/environments/test.rb +0 -36
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
- data/test/rails_app/config/initializers/devise.rb +0 -181
- data/test/rails_app/config/initializers/inflections.rb +0 -2
- data/test/rails_app/config/initializers/secret_token.rb +0 -8
- data/test/rails_app/config/initializers/session_store.rb +0 -1
- data/test/rails_app/config/routes.rb +0 -104
- data/test/rails_app/config.ru +0 -4
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
- data/test/rails_app/db/schema.rb +0 -55
- data/test/rails_app/lib/shared_admin.rb +0 -17
- data/test/rails_app/lib/shared_user.rb +0 -29
- data/test/rails_app/public/404.html +0 -26
- data/test/rails_app/public/422.html +0 -26
- data/test/rails_app/public/500.html +0 -26
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/routes_test.rb +0 -250
- data/test/support/assertions.rb +0 -40
- data/test/support/helpers.rb +0 -70
- data/test/support/integration.rb +0 -92
- data/test/support/locale/en.yml +0 -8
- data/test/support/webrat/integrations/rails.rb +0 -24
- data/test/test_helper.rb +0 -27
- data/test/test_helpers_test.rb +0 -173
- data/test/test_models.rb +0 -33
@@ -1,239 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class LockTest < ActionDispatch::IntegrationTest
|
4
|
-
|
5
|
-
def visit_user_unlock_with_token(unlock_token)
|
6
|
-
visit user_unlock_path(:unlock_token => unlock_token)
|
7
|
-
end
|
8
|
-
|
9
|
-
def send_unlock_request
|
10
|
-
user = create_user(:locked => true)
|
11
|
-
ActionMailer::Base.deliveries.clear
|
12
|
-
|
13
|
-
visit new_user_session_path
|
14
|
-
click_link "Didn't receive unlock instructions?"
|
15
|
-
|
16
|
-
Devise.stubs(:friendly_token).returns("abcdef")
|
17
|
-
fill_in 'email', :with => user.email
|
18
|
-
click_button 'Resend unlock instructions'
|
19
|
-
end
|
20
|
-
|
21
|
-
test 'user should be able to request a new unlock token' do
|
22
|
-
send_unlock_request
|
23
|
-
|
24
|
-
assert_template 'sessions/new'
|
25
|
-
assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
|
26
|
-
|
27
|
-
mail = ActionMailer::Base.deliveries.last
|
28
|
-
assert_equal 1, ActionMailer::Base.deliveries.size
|
29
|
-
assert_equal ['please-change-me@config-initializers-devise.com'], mail.from
|
30
|
-
assert_match user_unlock_path(unlock_token: 'abcdef'), mail.body.encoded
|
31
|
-
end
|
32
|
-
|
33
|
-
test 'user should receive the instructions from a custom mailer' do
|
34
|
-
User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
|
35
|
-
|
36
|
-
send_unlock_request
|
37
|
-
|
38
|
-
assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
|
39
|
-
end
|
40
|
-
|
41
|
-
test 'unlocked user should not be able to request a unlock token' do
|
42
|
-
user = create_user(:locked => false)
|
43
|
-
ActionMailer::Base.deliveries.clear
|
44
|
-
|
45
|
-
visit new_user_session_path
|
46
|
-
click_link "Didn't receive unlock instructions?"
|
47
|
-
|
48
|
-
fill_in 'email', :with => user.email
|
49
|
-
click_button 'Resend unlock instructions'
|
50
|
-
|
51
|
-
assert_template 'unlocks/new'
|
52
|
-
assert_contain 'not locked'
|
53
|
-
assert_equal 0, ActionMailer::Base.deliveries.size
|
54
|
-
end
|
55
|
-
|
56
|
-
test 'unlocked pages should not be available if email strategy is disabled' do
|
57
|
-
visit "/admin_area/sign_in"
|
58
|
-
|
59
|
-
assert_raise Webrat::NotFoundError do
|
60
|
-
click_link "Didn't receive unlock instructions?"
|
61
|
-
end
|
62
|
-
|
63
|
-
assert_raise NameError do
|
64
|
-
visit new_admin_unlock_path
|
65
|
-
end
|
66
|
-
|
67
|
-
assert_raise ActionController::RoutingError do
|
68
|
-
visit "/admin_area/unlock/new"
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
test 'user with invalid unlock token should not be able to unlock an account' do
|
73
|
-
visit_user_unlock_with_token('invalid_token')
|
74
|
-
|
75
|
-
assert_response :success
|
76
|
-
assert_current_url '/users/unlock?unlock_token=invalid_token'
|
77
|
-
assert_have_selector '#error_explanation'
|
78
|
-
assert_contain /Unlock token(.*)invalid/
|
79
|
-
end
|
80
|
-
|
81
|
-
test "locked user should be able to unlock account" do
|
82
|
-
user = create_user
|
83
|
-
raw = user.lock_access!
|
84
|
-
visit_user_unlock_with_token(raw)
|
85
|
-
|
86
|
-
assert_current_url "/users/sign_in"
|
87
|
-
assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
|
88
|
-
assert_not user.reload.access_locked?
|
89
|
-
end
|
90
|
-
|
91
|
-
test "user should not send a new e-mail if already locked" do
|
92
|
-
user = create_user(:locked => true)
|
93
|
-
user.failed_attempts = User.maximum_attempts + 1
|
94
|
-
user.save!
|
95
|
-
|
96
|
-
ActionMailer::Base.deliveries.clear
|
97
|
-
|
98
|
-
sign_in_as_user(:password => "invalid")
|
99
|
-
assert_contain 'Your account is locked.'
|
100
|
-
assert ActionMailer::Base.deliveries.empty?
|
101
|
-
end
|
102
|
-
|
103
|
-
test 'error message is configurable by resource name' do
|
104
|
-
store_translations :en, :devise => {
|
105
|
-
:failure => {:user => {:locked => "You are locked!"}}
|
106
|
-
} do
|
107
|
-
|
108
|
-
user = create_user(:locked => true)
|
109
|
-
user.failed_attempts = User.maximum_attempts + 1
|
110
|
-
user.save!
|
111
|
-
|
112
|
-
sign_in_as_user(:password => "invalid")
|
113
|
-
assert_contain "You are locked!"
|
114
|
-
end
|
115
|
-
end
|
116
|
-
|
117
|
-
test "user should not be able to sign in when locked" do
|
118
|
-
store_translations :en, :devise => {
|
119
|
-
:failure => {:user => {:locked => "You are locked!"}}
|
120
|
-
} do
|
121
|
-
|
122
|
-
user = create_user(:locked => true)
|
123
|
-
user.failed_attempts = User.maximum_attempts + 1
|
124
|
-
user.save!
|
125
|
-
|
126
|
-
sign_in_as_user(:password => "123456")
|
127
|
-
assert_contain "You are locked!"
|
128
|
-
end
|
129
|
-
end
|
130
|
-
|
131
|
-
test 'user should be able to request a new unlock token via XML request' do
|
132
|
-
user = create_user(:locked => true)
|
133
|
-
ActionMailer::Base.deliveries.clear
|
134
|
-
|
135
|
-
post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
|
136
|
-
assert_response :success
|
137
|
-
assert_equal response.body, {}.to_xml
|
138
|
-
assert_equal 1, ActionMailer::Base.deliveries.size
|
139
|
-
end
|
140
|
-
|
141
|
-
test 'unlocked user should not be able to request a unlock token via XML request' do
|
142
|
-
user = create_user(:locked => false)
|
143
|
-
ActionMailer::Base.deliveries.clear
|
144
|
-
|
145
|
-
post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
|
146
|
-
assert_response :unprocessable_entity
|
147
|
-
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
148
|
-
assert_equal 0, ActionMailer::Base.deliveries.size
|
149
|
-
end
|
150
|
-
|
151
|
-
test 'user with valid unlock token should be able to unlock account via XML request' do
|
152
|
-
user = create_user()
|
153
|
-
raw = user.lock_access!
|
154
|
-
assert user.access_locked?
|
155
|
-
get user_unlock_path(:format => 'xml', :unlock_token => raw)
|
156
|
-
assert_response :success
|
157
|
-
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
158
|
-
end
|
159
|
-
|
160
|
-
|
161
|
-
test 'user with invalid unlock token should not be able to unlock the account via XML request' do
|
162
|
-
get user_unlock_path(:format => 'xml', :unlock_token => 'invalid_token')
|
163
|
-
assert_response :unprocessable_entity
|
164
|
-
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
165
|
-
end
|
166
|
-
|
167
|
-
test "when using json to ask a unlock request, should not return the user" do
|
168
|
-
user = create_user(:locked => true)
|
169
|
-
post user_unlock_path(:format => "json", :user => {:email => user.email})
|
170
|
-
assert_response :success
|
171
|
-
assert_equal response.body, {}.to_json
|
172
|
-
end
|
173
|
-
|
174
|
-
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
|
175
|
-
swap Devise, :paranoid => true do
|
176
|
-
user = create_user(:locked => true)
|
177
|
-
|
178
|
-
visit new_user_session_path
|
179
|
-
click_link "Didn't receive unlock instructions?"
|
180
|
-
|
181
|
-
fill_in 'email', :with => user.email
|
182
|
-
click_button 'Resend unlock instructions'
|
183
|
-
|
184
|
-
assert_current_url "/users/sign_in"
|
185
|
-
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
|
186
|
-
end
|
187
|
-
end
|
188
|
-
|
189
|
-
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
|
190
|
-
swap Devise, :paranoid => true do
|
191
|
-
user = create_user(:locked => false)
|
192
|
-
|
193
|
-
visit new_user_session_path
|
194
|
-
click_link "Didn't receive unlock instructions?"
|
195
|
-
|
196
|
-
fill_in 'email', :with => user.email
|
197
|
-
click_button 'Resend unlock instructions'
|
198
|
-
|
199
|
-
assert_current_url "/users/sign_in"
|
200
|
-
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
|
201
|
-
end
|
202
|
-
end
|
203
|
-
|
204
|
-
test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
|
205
|
-
swap Devise, :paranoid => true do
|
206
|
-
visit new_user_session_path
|
207
|
-
click_link "Didn't receive unlock instructions?"
|
208
|
-
|
209
|
-
fill_in 'email', :with => "arandomemail@hotmail.com"
|
210
|
-
click_button 'Resend unlock instructions'
|
211
|
-
|
212
|
-
assert_not_contain "1 error prohibited this user from being saved:"
|
213
|
-
assert_not_contain "Email not found"
|
214
|
-
assert_current_url "/users/sign_in"
|
215
|
-
|
216
|
-
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
|
217
|
-
|
218
|
-
end
|
219
|
-
end
|
220
|
-
|
221
|
-
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
|
222
|
-
swap Devise, :paranoid => true, :maximum_attempts => 1 do
|
223
|
-
user = create_user(:locked => false)
|
224
|
-
|
225
|
-
visit new_user_session_path
|
226
|
-
fill_in 'email', :with => user.email
|
227
|
-
fill_in 'password', :with => "abadpassword"
|
228
|
-
click_button 'Sign in'
|
229
|
-
|
230
|
-
fill_in 'email', :with => user.email
|
231
|
-
fill_in 'password', :with => "abadpassword"
|
232
|
-
click_button 'Sign in'
|
233
|
-
|
234
|
-
assert_current_url "/users/sign_in"
|
235
|
-
assert_not_contain "locked"
|
236
|
-
end
|
237
|
-
end
|
238
|
-
|
239
|
-
end
|
@@ -1,133 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
|
4
|
-
class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
|
5
|
-
FACEBOOK_INFO = {
|
6
|
-
"id" => '12345',
|
7
|
-
"link" => 'http://facebook.com/josevalim',
|
8
|
-
"email" => 'user@example.com',
|
9
|
-
"first_name" => 'Jose',
|
10
|
-
"last_name" => 'Valim',
|
11
|
-
"website" => 'http://blog.plataformatec.com.br'
|
12
|
-
}
|
13
|
-
|
14
|
-
setup do
|
15
|
-
OmniAuth.config.test_mode = true
|
16
|
-
OmniAuth.config.mock_auth[:facebook] = {
|
17
|
-
"uid" => '12345',
|
18
|
-
"provider" => 'facebook',
|
19
|
-
"user_info" => {"nickname" => 'josevalim'},
|
20
|
-
"credentials" => {"token" => 'plataformatec'},
|
21
|
-
"extra" => {"user_hash" => FACEBOOK_INFO}
|
22
|
-
}
|
23
|
-
end
|
24
|
-
|
25
|
-
teardown do
|
26
|
-
OmniAuth.config.test_mode = false
|
27
|
-
end
|
28
|
-
|
29
|
-
def stub_action!(name)
|
30
|
-
Users::OmniauthCallbacksController.class_eval do
|
31
|
-
alias_method :__old_facebook, :facebook
|
32
|
-
alias_method :facebook, name
|
33
|
-
end
|
34
|
-
yield
|
35
|
-
ensure
|
36
|
-
Users::OmniauthCallbacksController.class_eval do
|
37
|
-
alias_method :facebook, :__old_facebook
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
test "can access omniauth.auth in the env hash" do
|
42
|
-
visit "/users/sign_in"
|
43
|
-
click_link "Sign in with Facebook"
|
44
|
-
|
45
|
-
json = ActiveSupport::JSON.decode(response.body)
|
46
|
-
|
47
|
-
assert_equal "12345", json["uid"]
|
48
|
-
assert_equal "facebook", json["provider"]
|
49
|
-
assert_equal "josevalim", json["user_info"]["nickname"]
|
50
|
-
assert_equal FACEBOOK_INFO, json["extra"]["user_hash"]
|
51
|
-
assert_equal "plataformatec", json["credentials"]["token"]
|
52
|
-
end
|
53
|
-
|
54
|
-
test "cleans up session on sign up" do
|
55
|
-
assert_no_difference "User.count" do
|
56
|
-
visit "/users/sign_in"
|
57
|
-
click_link "Sign in with Facebook"
|
58
|
-
end
|
59
|
-
|
60
|
-
assert session["devise.facebook_data"]
|
61
|
-
|
62
|
-
assert_difference "User.count" do
|
63
|
-
visit "/users/sign_up"
|
64
|
-
fill_in "Password", :with => "12345678"
|
65
|
-
fill_in "Password confirmation", :with => "12345678"
|
66
|
-
click_button "Sign up"
|
67
|
-
end
|
68
|
-
|
69
|
-
assert_current_url "/"
|
70
|
-
assert_contain "You have signed up successfully."
|
71
|
-
assert_contain "Hello User user@example.com"
|
72
|
-
assert_not session["devise.facebook_data"]
|
73
|
-
end
|
74
|
-
|
75
|
-
test "cleans up session on cancel" do
|
76
|
-
assert_no_difference "User.count" do
|
77
|
-
visit "/users/sign_in"
|
78
|
-
click_link "Sign in with Facebook"
|
79
|
-
end
|
80
|
-
|
81
|
-
assert session["devise.facebook_data"]
|
82
|
-
visit "/users/cancel"
|
83
|
-
assert !session["devise.facebook_data"]
|
84
|
-
end
|
85
|
-
|
86
|
-
test "cleans up session on sign in" do
|
87
|
-
assert_no_difference "User.count" do
|
88
|
-
visit "/users/sign_in"
|
89
|
-
click_link "Sign in with Facebook"
|
90
|
-
end
|
91
|
-
|
92
|
-
assert session["devise.facebook_data"]
|
93
|
-
sign_in_as_user
|
94
|
-
assert !session["devise.facebook_data"]
|
95
|
-
end
|
96
|
-
|
97
|
-
test "sign in and send remember token if configured" do
|
98
|
-
visit "/users/sign_in"
|
99
|
-
click_link "Sign in with Facebook"
|
100
|
-
assert_nil warden.cookies["remember_user_token"]
|
101
|
-
|
102
|
-
stub_action!(:sign_in_facebook) do
|
103
|
-
create_user
|
104
|
-
visit "/users/sign_in"
|
105
|
-
click_link "Sign in with Facebook"
|
106
|
-
assert warden.authenticated?(:user)
|
107
|
-
assert warden.cookies["remember_user_token"]
|
108
|
-
end
|
109
|
-
end
|
110
|
-
|
111
|
-
test "generates a proper link when SCRIPT_NAME is set" do
|
112
|
-
header 'SCRIPT_NAME', '/q'
|
113
|
-
visit "/users/sign_in"
|
114
|
-
assert_select "a", :href => "/q/users/auth/facebook"
|
115
|
-
end
|
116
|
-
|
117
|
-
test "handles callback error parameter according to the specification" do
|
118
|
-
OmniAuth.config.mock_auth[:facebook] = :access_denied
|
119
|
-
visit "/users/auth/facebook/callback?error=access_denied"
|
120
|
-
assert_current_url "/users/sign_in"
|
121
|
-
assert_contain 'Could not authenticate you from Facebook because "Access denied".'
|
122
|
-
end
|
123
|
-
|
124
|
-
test "handles other exceptions from omniauth" do
|
125
|
-
OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
|
126
|
-
|
127
|
-
visit "/users/sign_in"
|
128
|
-
click_link "Sign in with Facebook"
|
129
|
-
|
130
|
-
assert_current_url "/users/sign_in"
|
131
|
-
assert_contain 'Could not authenticate you from Facebook because "Invalid credentials".'
|
132
|
-
end
|
133
|
-
end
|