devise 3.2.2 → 4.6.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/CHANGELOG.md +242 -978
- data/MIT-LICENSE +1 -1
- data/README.md +371 -100
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +21 -8
- data/app/controllers/devise/registrations_controller.rb +59 -26
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +12 -19
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +9 -5
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +16 -7
- data/app/views/devise/passwords/new.html.erb +9 -5
- data/app/views/devise/registrations/edit.html.erb +29 -15
- data/app/views/devise/registrations/new.html.erb +20 -9
- data/app/views/devise/sessions/new.html.erb +19 -10
- data/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +9 -9
- data/app/views/devise/unlocks/new.html.erb +9 -5
- data/config/locales/en.yml +23 -17
- data/lib/devise/controllers/helpers.rb +112 -32
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +42 -26
- data/lib/devise/controllers/store_location.rb +31 -5
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +125 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models/authenticatable.rb +82 -56
- data/lib/devise/models/confirmable.rb +125 -42
- data/lib/devise/models/database_authenticatable.rb +110 -32
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +4 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +20 -4
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/models.rb +3 -1
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +4 -0
- data/lib/devise/parameter_sanitizer.rb +139 -65
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/secret_key_finder.rb +27 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +14 -6
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/devise.rb +111 -84
- data/lib/generators/active_record/devise_generator.rb +49 -12
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +7 -5
- data/lib/generators/devise/install_generator.rb +21 -0
- data/lib/generators/devise/orm_helpers.rb +10 -21
- data/lib/generators/devise/views_generator.rb +49 -28
- data/lib/generators/mongoid/devise_generator.rb +21 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +81 -36
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +6 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +9 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +5 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +14 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +12 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +11 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +5 -2
- metadata +52 -280
- data/.gitignore +0 -10
- data/.travis.yml +0 -20
- data/.yardopts +0 -9
- data/CONTRIBUTING.md +0 -14
- data/Gemfile +0 -31
- data/Gemfile.lock +0 -160
- data/Rakefile +0 -35
- data/devise.gemspec +0 -27
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
- data/test/controllers/custom_strategy_test.rb +0 -62
- data/test/controllers/helpers_test.rb +0 -276
- data/test/controllers/internal_helpers_test.rb +0 -120
- data/test/controllers/passwords_controller_test.rb +0 -31
- data/test/controllers/sessions_controller_test.rb +0 -99
- data/test/controllers/url_helpers_test.rb +0 -59
- data/test/delegator_test.rb +0 -19
- data/test/devise_test.rb +0 -94
- data/test/failure_app_test.rb +0 -232
- data/test/generators/active_record_generator_test.rb +0 -103
- data/test/generators/devise_generator_test.rb +0 -39
- data/test/generators/install_generator_test.rb +0 -13
- data/test/generators/mongoid_generator_test.rb +0 -23
- data/test/generators/views_generator_test.rb +0 -67
- data/test/helpers/devise_helper_test.rb +0 -51
- data/test/integration/authenticatable_test.rb +0 -713
- data/test/integration/confirmable_test.rb +0 -284
- data/test/integration/database_authenticatable_test.rb +0 -84
- data/test/integration/http_authenticatable_test.rb +0 -105
- data/test/integration/lockable_test.rb +0 -239
- data/test/integration/omniauthable_test.rb +0 -133
- data/test/integration/recoverable_test.rb +0 -334
- data/test/integration/registerable_test.rb +0 -349
- data/test/integration/rememberable_test.rb +0 -167
- data/test/integration/timeoutable_test.rb +0 -183
- data/test/integration/trackable_test.rb +0 -92
- data/test/mailers/confirmation_instructions_test.rb +0 -115
- data/test/mailers/reset_password_instructions_test.rb +0 -96
- data/test/mailers/unlock_instructions_test.rb +0 -91
- data/test/mapping_test.rb +0 -127
- data/test/models/authenticatable_test.rb +0 -13
- data/test/models/confirmable_test.rb +0 -454
- data/test/models/database_authenticatable_test.rb +0 -249
- data/test/models/lockable_test.rb +0 -298
- data/test/models/omniauthable_test.rb +0 -7
- data/test/models/recoverable_test.rb +0 -184
- data/test/models/registerable_test.rb +0 -7
- data/test/models/rememberable_test.rb +0 -183
- data/test/models/serializable_test.rb +0 -49
- data/test/models/timeoutable_test.rb +0 -51
- data/test/models/trackable_test.rb +0 -13
- data/test/models/validatable_test.rb +0 -127
- data/test/models_test.rb +0 -144
- data/test/omniauth/config_test.rb +0 -57
- data/test/omniauth/url_helpers_test.rb +0 -54
- data/test/orm/active_record.rb +0 -10
- data/test/orm/mongoid.rb +0 -13
- data/test/parameter_sanitizer_test.rb +0 -81
- data/test/rails_app/Rakefile +0 -6
- data/test/rails_app/app/active_record/admin.rb +0 -6
- data/test/rails_app/app/active_record/shim.rb +0 -2
- data/test/rails_app/app/active_record/user.rb +0 -6
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
- data/test/rails_app/app/controllers/admins_controller.rb +0 -11
- data/test/rails_app/app/controllers/application_controller.rb +0 -9
- data/test/rails_app/app/controllers/home_controller.rb +0 -25
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
- data/test/rails_app/app/controllers/users_controller.rb +0 -31
- data/test/rails_app/app/helpers/application_helper.rb +0 -3
- data/test/rails_app/app/mailers/users/mailer.rb +0 -12
- data/test/rails_app/app/mongoid/admin.rb +0 -29
- data/test/rails_app/app/mongoid/shim.rb +0 -23
- data/test/rails_app/app/mongoid/user.rb +0 -39
- data/test/rails_app/app/views/admins/index.html.erb +0 -1
- data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/home/index.html.erb +0 -1
- data/test/rails_app/app/views/home/join.html.erb +0 -1
- data/test/rails_app/app/views/home/private.html.erb +0 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/layouts/application.html.erb +0 -24
- data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
- data/test/rails_app/app/views/users/index.html.erb +0 -1
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
- data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
- data/test/rails_app/bin/bundle +0 -3
- data/test/rails_app/bin/rails +0 -4
- data/test/rails_app/bin/rake +0 -4
- data/test/rails_app/config/application.rb +0 -40
- data/test/rails_app/config/boot.rb +0 -14
- data/test/rails_app/config/database.yml +0 -18
- data/test/rails_app/config/environment.rb +0 -5
- data/test/rails_app/config/environments/development.rb +0 -30
- data/test/rails_app/config/environments/production.rb +0 -80
- data/test/rails_app/config/environments/test.rb +0 -36
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
- data/test/rails_app/config/initializers/devise.rb +0 -181
- data/test/rails_app/config/initializers/inflections.rb +0 -2
- data/test/rails_app/config/initializers/secret_token.rb +0 -8
- data/test/rails_app/config/initializers/session_store.rb +0 -1
- data/test/rails_app/config/routes.rb +0 -104
- data/test/rails_app/config.ru +0 -4
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
- data/test/rails_app/db/schema.rb +0 -55
- data/test/rails_app/lib/shared_admin.rb +0 -17
- data/test/rails_app/lib/shared_user.rb +0 -29
- data/test/rails_app/public/404.html +0 -26
- data/test/rails_app/public/422.html +0 -26
- data/test/rails_app/public/500.html +0 -26
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/routes_test.rb +0 -250
- data/test/support/assertions.rb +0 -40
- data/test/support/helpers.rb +0 -70
- data/test/support/integration.rb +0 -92
- data/test/support/locale/en.yml +0 -8
- data/test/support/webrat/integrations/rails.rb +0 -24
- data/test/test_helper.rb +0 -27
- data/test/test_helpers_test.rb +0 -173
- data/test/test_models.rb +0 -33
@@ -1,167 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class RememberMeTest < ActionDispatch::IntegrationTest
|
4
|
-
def create_user_and_remember(add_to_token='')
|
5
|
-
user = create_user
|
6
|
-
user.remember_me!
|
7
|
-
raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
|
8
|
-
cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
|
9
|
-
user
|
10
|
-
end
|
11
|
-
|
12
|
-
def generate_signed_cookie(raw_cookie)
|
13
|
-
request = ActionDispatch::TestRequest.new
|
14
|
-
request.cookie_jar.signed['raw_cookie'] = raw_cookie
|
15
|
-
request.cookie_jar['raw_cookie']
|
16
|
-
end
|
17
|
-
|
18
|
-
def signed_cookie(key)
|
19
|
-
controller.send(:cookies).signed[key]
|
20
|
-
end
|
21
|
-
|
22
|
-
def cookie_expires(key)
|
23
|
-
cookie = response.headers["Set-Cookie"].split("\n").grep(/^#{key}/).first
|
24
|
-
expires = cookie.split(";").map(&:strip).grep(/^expires=/).first
|
25
|
-
Time.parse(expires).utc
|
26
|
-
end
|
27
|
-
|
28
|
-
test 'do not remember the user if he has not checked remember me option' do
|
29
|
-
sign_in_as_user
|
30
|
-
assert_nil request.cookies["remember_user_cookie"]
|
31
|
-
end
|
32
|
-
|
33
|
-
test 'handle unverified requests gets rid of caches' do
|
34
|
-
swap ApplicationController, :allow_forgery_protection => true do
|
35
|
-
post exhibit_user_url(1)
|
36
|
-
assert_not warden.authenticated?(:user)
|
37
|
-
|
38
|
-
create_user_and_remember
|
39
|
-
post exhibit_user_url(1)
|
40
|
-
assert_equal "User is not authenticated", response.body
|
41
|
-
assert_not warden.authenticated?(:user)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
test 'handle unverified requests does not create cookies on sign in' do
|
46
|
-
swap ApplicationController, :allow_forgery_protection => true do
|
47
|
-
get new_user_session_path
|
48
|
-
assert request.session[:_csrf_token]
|
49
|
-
|
50
|
-
post user_session_path, :authenticity_token => "oops", :user =>
|
51
|
-
{ email: "jose.valim@gmail.com", password: "123456", :remember_me => "1" }
|
52
|
-
assert_not warden.authenticated?(:user)
|
53
|
-
assert_not request.cookies['remember_user_token']
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
test 'generate remember token after sign in' do
|
58
|
-
sign_in_as_user :remember_me => true
|
59
|
-
assert request.cookies['remember_user_token']
|
60
|
-
end
|
61
|
-
|
62
|
-
test 'generate remember token after sign in setting cookie options' do
|
63
|
-
# We test this by asserting the cookie is not sent after the redirect
|
64
|
-
# since we changed the domain. This is the only difference with the
|
65
|
-
# previous test.
|
66
|
-
swap Devise, :rememberable_options => { :domain => "omg.somewhere.com" } do
|
67
|
-
sign_in_as_user :remember_me => true
|
68
|
-
assert_nil request.cookies["remember_user_token"]
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
test 'generate remember token with a custom key' do
|
73
|
-
swap Devise, :rememberable_options => { :key => "v1lat_token" } do
|
74
|
-
sign_in_as_user :remember_me => true
|
75
|
-
assert request.cookies["v1lat_token"]
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
test 'generate remember token after sign in setting session options' do
|
80
|
-
begin
|
81
|
-
Rails.configuration.session_options[:domain] = "omg.somewhere.com"
|
82
|
-
sign_in_as_user :remember_me => true
|
83
|
-
assert_nil request.cookies["remember_user_token"]
|
84
|
-
ensure
|
85
|
-
Rails.configuration.session_options.delete(:domain)
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
test 'remember the user before sign in' do
|
90
|
-
user = create_user_and_remember
|
91
|
-
get users_path
|
92
|
-
assert_response :success
|
93
|
-
assert warden.authenticated?(:user)
|
94
|
-
assert warden.user(:user) == user
|
95
|
-
assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
|
96
|
-
end
|
97
|
-
|
98
|
-
test 'remember the user before sign up and redirect him to his home' do
|
99
|
-
create_user_and_remember
|
100
|
-
get new_user_registration_path
|
101
|
-
assert warden.authenticated?(:user)
|
102
|
-
assert_redirected_to root_path
|
103
|
-
end
|
104
|
-
|
105
|
-
test 'does not extend remember period through sign in' do
|
106
|
-
swap Devise, :extend_remember_period => true, :remember_for => 1.year do
|
107
|
-
user = create_user
|
108
|
-
user.remember_me!
|
109
|
-
|
110
|
-
user.remember_created_at = old = 10.days.ago
|
111
|
-
user.save
|
112
|
-
|
113
|
-
sign_in_as_user :remember_me => true
|
114
|
-
user.reload
|
115
|
-
|
116
|
-
assert warden.user(:user) == user
|
117
|
-
assert_equal old.to_i, user.remember_created_at.to_i
|
118
|
-
end
|
119
|
-
end
|
120
|
-
|
121
|
-
test 'do not remember other scopes' do
|
122
|
-
create_user_and_remember
|
123
|
-
get root_path
|
124
|
-
assert_response :success
|
125
|
-
assert warden.authenticated?(:user)
|
126
|
-
assert_not warden.authenticated?(:admin)
|
127
|
-
end
|
128
|
-
|
129
|
-
test 'do not remember with invalid token' do
|
130
|
-
create_user_and_remember('add')
|
131
|
-
get users_path
|
132
|
-
assert_not warden.authenticated?(:user)
|
133
|
-
assert_redirected_to new_user_session_path
|
134
|
-
end
|
135
|
-
|
136
|
-
test 'do not remember with expired token' do
|
137
|
-
create_user_and_remember
|
138
|
-
swap Devise, :remember_for => 0 do
|
139
|
-
get users_path
|
140
|
-
assert_not warden.authenticated?(:user)
|
141
|
-
assert_redirected_to new_user_session_path
|
142
|
-
end
|
143
|
-
end
|
144
|
-
|
145
|
-
test 'do not remember the user anymore after forget' do
|
146
|
-
create_user_and_remember
|
147
|
-
get users_path
|
148
|
-
assert warden.authenticated?(:user)
|
149
|
-
|
150
|
-
get destroy_user_session_path
|
151
|
-
assert_not warden.authenticated?(:user)
|
152
|
-
assert_nil warden.cookies['remember_user_token']
|
153
|
-
|
154
|
-
get users_path
|
155
|
-
assert_not warden.authenticated?(:user)
|
156
|
-
end
|
157
|
-
|
158
|
-
test 'changing user password expires remember me token' do
|
159
|
-
user = create_user_and_remember
|
160
|
-
user.password = "another_password"
|
161
|
-
user.password_confirmation = "another_password"
|
162
|
-
user.save!
|
163
|
-
|
164
|
-
get users_path
|
165
|
-
assert_not warden.authenticated?(:user)
|
166
|
-
end
|
167
|
-
end
|
@@ -1,183 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
4
|
-
|
5
|
-
def last_request_at
|
6
|
-
@controller.user_session['last_request_at']
|
7
|
-
end
|
8
|
-
|
9
|
-
test 'set last request at in user session after each request' do
|
10
|
-
sign_in_as_user
|
11
|
-
old_last_request = last_request_at
|
12
|
-
assert_not_nil last_request_at
|
13
|
-
|
14
|
-
get users_path
|
15
|
-
assert_not_nil last_request_at
|
16
|
-
assert_not_equal old_last_request, last_request_at
|
17
|
-
end
|
18
|
-
|
19
|
-
test 'set last request at in user session after each request is skipped if tracking is disabled' do
|
20
|
-
sign_in_as_user
|
21
|
-
old_last_request = last_request_at
|
22
|
-
assert_not_nil last_request_at
|
23
|
-
|
24
|
-
get users_path, {}, 'devise.skip_trackable' => true
|
25
|
-
assert_equal old_last_request, last_request_at
|
26
|
-
end
|
27
|
-
|
28
|
-
test 'does not time out user session before default limit time' do
|
29
|
-
sign_in_as_user
|
30
|
-
assert_response :success
|
31
|
-
assert warden.authenticated?(:user)
|
32
|
-
|
33
|
-
get users_path
|
34
|
-
assert_response :success
|
35
|
-
assert warden.authenticated?(:user)
|
36
|
-
end
|
37
|
-
|
38
|
-
test 'time out user session after default limit time when sign_out_all_scopes is false' do
|
39
|
-
swap Devise, sign_out_all_scopes: false do
|
40
|
-
sign_in_as_admin
|
41
|
-
|
42
|
-
user = sign_in_as_user
|
43
|
-
get expire_user_path(user)
|
44
|
-
assert_not_nil last_request_at
|
45
|
-
|
46
|
-
get users_path
|
47
|
-
assert_redirected_to users_path
|
48
|
-
assert_not warden.authenticated?(:user)
|
49
|
-
assert warden.authenticated?(:admin)
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
test 'time out all sessions after default limit time when sign_out_all_scopes is true' do
|
54
|
-
swap Devise, sign_out_all_scopes: true do
|
55
|
-
sign_in_as_admin
|
56
|
-
|
57
|
-
user = sign_in_as_user
|
58
|
-
get expire_user_path(user)
|
59
|
-
assert_not_nil last_request_at
|
60
|
-
|
61
|
-
get root_path
|
62
|
-
assert_not warden.authenticated?(:user)
|
63
|
-
assert_not warden.authenticated?(:admin)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
test 'time out user session after deault limit time and redirect to latest get request' do
|
68
|
-
user = sign_in_as_user
|
69
|
-
visit edit_form_user_path(user)
|
70
|
-
|
71
|
-
click_button 'Update'
|
72
|
-
sign_in_as_user
|
73
|
-
|
74
|
-
assert_equal edit_form_user_url(user), current_url
|
75
|
-
end
|
76
|
-
|
77
|
-
test 'time out is not triggered on sign out' do
|
78
|
-
user = sign_in_as_user
|
79
|
-
get expire_user_path(user)
|
80
|
-
|
81
|
-
get destroy_user_session_path
|
82
|
-
|
83
|
-
assert_response :redirect
|
84
|
-
assert_redirected_to root_path
|
85
|
-
follow_redirect!
|
86
|
-
assert_contain 'Signed out successfully'
|
87
|
-
end
|
88
|
-
|
89
|
-
test 'expired session is not extended by sign in page' do
|
90
|
-
user = sign_in_as_user
|
91
|
-
get expire_user_path(user)
|
92
|
-
assert warden.authenticated?(:user)
|
93
|
-
|
94
|
-
get "/users/sign_in"
|
95
|
-
assert_redirected_to "/users/sign_in"
|
96
|
-
follow_redirect!
|
97
|
-
|
98
|
-
assert_response :success
|
99
|
-
assert_contain 'Sign in'
|
100
|
-
assert_not warden.authenticated?(:user)
|
101
|
-
end
|
102
|
-
|
103
|
-
test 'time out is not triggered on sign in' do
|
104
|
-
user = sign_in_as_user
|
105
|
-
get expire_user_path(user)
|
106
|
-
|
107
|
-
post "/users/sign_in", :email => user.email, :password => "123456"
|
108
|
-
|
109
|
-
assert_response :redirect
|
110
|
-
follow_redirect!
|
111
|
-
assert_contain 'You are signed in'
|
112
|
-
end
|
113
|
-
|
114
|
-
test 'admin does not explode on time out' do
|
115
|
-
admin = sign_in_as_admin
|
116
|
-
get expire_admin_path(admin)
|
117
|
-
|
118
|
-
Admin.send :define_method, :reset_authentication_token! do
|
119
|
-
nil
|
120
|
-
end
|
121
|
-
|
122
|
-
begin
|
123
|
-
get admins_path
|
124
|
-
assert_redirected_to admins_path
|
125
|
-
assert_not warden.authenticated?(:admin)
|
126
|
-
ensure
|
127
|
-
Admin.send(:remove_method, :reset_authentication_token!)
|
128
|
-
end
|
129
|
-
end
|
130
|
-
|
131
|
-
test 'user configured timeout limit' do
|
132
|
-
swap Devise, :timeout_in => 8.minutes do
|
133
|
-
user = sign_in_as_user
|
134
|
-
|
135
|
-
get users_path
|
136
|
-
assert_not_nil last_request_at
|
137
|
-
assert_response :success
|
138
|
-
assert warden.authenticated?(:user)
|
139
|
-
|
140
|
-
get expire_user_path(user)
|
141
|
-
get users_path
|
142
|
-
assert_redirected_to users_path
|
143
|
-
assert_not warden.authenticated?(:user)
|
144
|
-
end
|
145
|
-
end
|
146
|
-
|
147
|
-
test 'error message with i18n' do
|
148
|
-
store_translations :en, :devise => {
|
149
|
-
:failure => { :user => { :timeout => 'Session expired!' } }
|
150
|
-
} do
|
151
|
-
user = sign_in_as_user
|
152
|
-
|
153
|
-
get expire_user_path(user)
|
154
|
-
get root_path
|
155
|
-
follow_redirect!
|
156
|
-
assert_contain 'Session expired!'
|
157
|
-
end
|
158
|
-
end
|
159
|
-
|
160
|
-
test 'error message with i18n with double redirect' do
|
161
|
-
store_translations :en, :devise => {
|
162
|
-
:failure => { :user => { :timeout => 'Session expired!' } }
|
163
|
-
} do
|
164
|
-
user = sign_in_as_user
|
165
|
-
|
166
|
-
get expire_user_path(user)
|
167
|
-
get users_path
|
168
|
-
follow_redirect!
|
169
|
-
follow_redirect!
|
170
|
-
assert_contain 'Session expired!'
|
171
|
-
end
|
172
|
-
end
|
173
|
-
|
174
|
-
test 'time out not triggered if remembered' do
|
175
|
-
user = sign_in_as_user :remember_me => true
|
176
|
-
get expire_user_path(user)
|
177
|
-
assert_not_nil last_request_at
|
178
|
-
|
179
|
-
get users_path
|
180
|
-
assert_response :success
|
181
|
-
assert warden.authenticated?(:user)
|
182
|
-
end
|
183
|
-
end
|
@@ -1,92 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class TrackableHooksTest < ActionDispatch::IntegrationTest
|
4
|
-
|
5
|
-
test "current and last sign in timestamps are updated on each sign in" do
|
6
|
-
user = create_user
|
7
|
-
assert_nil user.current_sign_in_at
|
8
|
-
assert_nil user.last_sign_in_at
|
9
|
-
|
10
|
-
sign_in_as_user
|
11
|
-
user.reload
|
12
|
-
|
13
|
-
assert_kind_of Time, user.current_sign_in_at
|
14
|
-
assert_kind_of Time, user.last_sign_in_at
|
15
|
-
|
16
|
-
assert_equal user.current_sign_in_at, user.last_sign_in_at
|
17
|
-
assert user.current_sign_in_at >= user.created_at
|
18
|
-
|
19
|
-
visit destroy_user_session_path
|
20
|
-
new_time = 2.seconds.from_now
|
21
|
-
Time.stubs(:now).returns(new_time)
|
22
|
-
|
23
|
-
sign_in_as_user
|
24
|
-
user.reload
|
25
|
-
assert user.current_sign_in_at > user.last_sign_in_at
|
26
|
-
end
|
27
|
-
|
28
|
-
test "current and last sign in remote ip are updated on each sign in" do
|
29
|
-
user = create_user
|
30
|
-
assert_nil user.current_sign_in_ip
|
31
|
-
assert_nil user.last_sign_in_ip
|
32
|
-
|
33
|
-
sign_in_as_user
|
34
|
-
user.reload
|
35
|
-
|
36
|
-
assert_equal "127.0.0.1", user.current_sign_in_ip
|
37
|
-
assert_equal "127.0.0.1", user.last_sign_in_ip
|
38
|
-
end
|
39
|
-
|
40
|
-
test "current remote ip returns original ip behind a non transparent proxy" do
|
41
|
-
user = create_user
|
42
|
-
|
43
|
-
arbitrary_ip = '200.121.1.69'
|
44
|
-
sign_in_as_user do
|
45
|
-
header 'HTTP_X_FORWARDED_FOR', arbitrary_ip
|
46
|
-
end
|
47
|
-
user.reload
|
48
|
-
assert_equal arbitrary_ip, user.current_sign_in_ip
|
49
|
-
end
|
50
|
-
|
51
|
-
test "increase sign in count" do
|
52
|
-
user = create_user
|
53
|
-
assert_equal 0, user.sign_in_count
|
54
|
-
|
55
|
-
sign_in_as_user
|
56
|
-
user.reload
|
57
|
-
assert_equal 1, user.sign_in_count
|
58
|
-
|
59
|
-
visit destroy_user_session_path
|
60
|
-
sign_in_as_user
|
61
|
-
user.reload
|
62
|
-
assert_equal 2, user.sign_in_count
|
63
|
-
end
|
64
|
-
|
65
|
-
test "does not update anything if user has signed out along the way" do
|
66
|
-
swap Devise, :allow_unconfirmed_access_for => 0 do
|
67
|
-
user = create_user(:confirm => false)
|
68
|
-
sign_in_as_user
|
69
|
-
|
70
|
-
user.reload
|
71
|
-
assert_nil user.current_sign_in_at
|
72
|
-
assert_nil user.last_sign_in_at
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
test "do not track if devise.skip_trackable is set" do
|
77
|
-
user = create_user
|
78
|
-
sign_in_as_user do
|
79
|
-
header 'devise.skip_trackable', '1'
|
80
|
-
end
|
81
|
-
user.reload
|
82
|
-
assert_equal 0, user.sign_in_count
|
83
|
-
visit destroy_user_session_path
|
84
|
-
|
85
|
-
sign_in_as_user do
|
86
|
-
header 'devise.skip_trackable', false
|
87
|
-
end
|
88
|
-
user.reload
|
89
|
-
assert_equal 1, user.sign_in_count
|
90
|
-
end
|
91
|
-
|
92
|
-
end
|
@@ -1,115 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class ConfirmationInstructionsTest < ActionMailer::TestCase
|
4
|
-
|
5
|
-
def setup
|
6
|
-
setup_mailer
|
7
|
-
Devise.mailer = 'Devise::Mailer'
|
8
|
-
Devise.mailer_sender = 'test@example.com'
|
9
|
-
end
|
10
|
-
|
11
|
-
def teardown
|
12
|
-
Devise.mailer = 'Devise::Mailer'
|
13
|
-
Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
|
14
|
-
end
|
15
|
-
|
16
|
-
def user
|
17
|
-
@user ||= create_user
|
18
|
-
end
|
19
|
-
|
20
|
-
def mail
|
21
|
-
@mail ||= begin
|
22
|
-
user
|
23
|
-
ActionMailer::Base.deliveries.first
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
test 'email sent after creating the user' do
|
28
|
-
assert_not_nil mail
|
29
|
-
end
|
30
|
-
|
31
|
-
test 'content type should be set to html' do
|
32
|
-
assert mail.content_type.include?('text/html')
|
33
|
-
end
|
34
|
-
|
35
|
-
test 'send confirmation instructions to the user email' do
|
36
|
-
mail
|
37
|
-
assert_equal [user.email], mail.to
|
38
|
-
end
|
39
|
-
|
40
|
-
test 'setup sender from configuration' do
|
41
|
-
assert_equal ['test@example.com'], mail.from
|
42
|
-
end
|
43
|
-
|
44
|
-
test 'setup sender from custom mailer defaults' do
|
45
|
-
Devise.mailer = 'Users::Mailer'
|
46
|
-
assert_equal ['custom@example.com'], mail.from
|
47
|
-
end
|
48
|
-
|
49
|
-
test 'setup sender from custom mailer defaults with proc' do
|
50
|
-
Devise.mailer = 'Users::FromProcMailer'
|
51
|
-
assert_equal ['custom@example.com'], mail.from
|
52
|
-
end
|
53
|
-
|
54
|
-
test 'custom mailer renders parent mailer template' do
|
55
|
-
Devise.mailer = 'Users::Mailer'
|
56
|
-
assert_not_blank mail.body.encoded
|
57
|
-
end
|
58
|
-
|
59
|
-
test 'setup reply to as copy from sender' do
|
60
|
-
assert_equal ['test@example.com'], mail.reply_to
|
61
|
-
end
|
62
|
-
|
63
|
-
test 'setup reply to as different if set in defaults' do
|
64
|
-
Devise.mailer = 'Users::ReplyToMailer'
|
65
|
-
assert_equal ['custom@example.com'], mail.from
|
66
|
-
assert_equal ['custom_reply_to@example.com'], mail.reply_to
|
67
|
-
end
|
68
|
-
|
69
|
-
test 'setup subject from I18n' do
|
70
|
-
store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :subject => 'Account Confirmation' } } } do
|
71
|
-
assert_equal 'Account Confirmation', mail.subject
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
test 'subject namespaced by model' do
|
76
|
-
store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :user_subject => 'User Account Confirmation' } } } do
|
77
|
-
assert_equal 'User Account Confirmation', mail.subject
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
test 'body should have user info' do
|
82
|
-
assert_match user.email, mail.body.encoded
|
83
|
-
end
|
84
|
-
|
85
|
-
test 'body should have link to confirm the account' do
|
86
|
-
host = ActionMailer::Base.default_url_options[:host]
|
87
|
-
|
88
|
-
if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/confirmation\?confirmation_token=([^"]+)">}
|
89
|
-
assert_equal Devise.token_generator.digest(user.class, :confirmation_token, $1), user.confirmation_token
|
90
|
-
else
|
91
|
-
flunk "expected confirmation url regex to match"
|
92
|
-
end
|
93
|
-
end
|
94
|
-
|
95
|
-
test 'renders a scoped if scoped_views is set to true' do
|
96
|
-
swap Devise, :scoped_views => true do
|
97
|
-
assert_equal user.email, mail.body.decoded
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
test 'renders a scoped if scoped_views is set in the mailer class' do
|
102
|
-
begin
|
103
|
-
Devise::Mailer.scoped_views = true
|
104
|
-
assert_equal user.email, mail.body.decoded
|
105
|
-
ensure
|
106
|
-
Devise::Mailer.send :remove_instance_variable, :@scoped_views
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
|
-
test 'mailer sender accepts a proc' do
|
111
|
-
swap Devise, :mailer_sender => proc { "another@example.com" } do
|
112
|
-
assert_equal ['another@example.com'], mail.from
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
@@ -1,96 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class ResetPasswordInstructionsTest < ActionMailer::TestCase
|
4
|
-
def setup
|
5
|
-
setup_mailer
|
6
|
-
Devise.mailer = 'Devise::Mailer'
|
7
|
-
Devise.mailer_sender = 'test@example.com'
|
8
|
-
end
|
9
|
-
|
10
|
-
def teardown
|
11
|
-
Devise.mailer = 'Devise::Mailer'
|
12
|
-
Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
|
13
|
-
end
|
14
|
-
|
15
|
-
def user
|
16
|
-
@user ||= begin
|
17
|
-
user = create_user
|
18
|
-
user.send_reset_password_instructions
|
19
|
-
user
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
def mail
|
24
|
-
@mail ||= begin
|
25
|
-
user
|
26
|
-
ActionMailer::Base.deliveries.last
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
test 'email sent after reseting the user password' do
|
31
|
-
assert_not_nil mail
|
32
|
-
end
|
33
|
-
|
34
|
-
test 'content type should be set to html' do
|
35
|
-
assert mail.content_type.include?('text/html')
|
36
|
-
end
|
37
|
-
|
38
|
-
test 'send confirmation instructions to the user email' do
|
39
|
-
assert_equal [user.email], mail.to
|
40
|
-
end
|
41
|
-
|
42
|
-
test 'setup sender from configuration' do
|
43
|
-
assert_equal ['test@example.com'], mail.from
|
44
|
-
end
|
45
|
-
|
46
|
-
test 'setup sender from custom mailer defaults' do
|
47
|
-
Devise.mailer = 'Users::Mailer'
|
48
|
-
assert_equal ['custom@example.com'], mail.from
|
49
|
-
end
|
50
|
-
|
51
|
-
test 'setup sender from custom mailer defaults with proc' do
|
52
|
-
Devise.mailer = 'Users::FromProcMailer'
|
53
|
-
assert_equal ['custom@example.com'], mail.from
|
54
|
-
end
|
55
|
-
|
56
|
-
test 'custom mailer renders parent mailer template' do
|
57
|
-
Devise.mailer = 'Users::Mailer'
|
58
|
-
assert_not_blank mail.body.encoded
|
59
|
-
end
|
60
|
-
|
61
|
-
test 'setup reply to as copy from sender' do
|
62
|
-
assert_equal ['test@example.com'], mail.reply_to
|
63
|
-
end
|
64
|
-
|
65
|
-
test 'setup subject from I18n' do
|
66
|
-
store_translations :en, :devise => { :mailer => { :reset_password_instructions => { :subject => 'Reset instructions' } } } do
|
67
|
-
assert_equal 'Reset instructions', mail.subject
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
|
-
test 'subject namespaced by model' do
|
72
|
-
store_translations :en, :devise => { :mailer => { :reset_password_instructions => { :user_subject => 'User Reset Instructions' } } } do
|
73
|
-
assert_equal 'User Reset Instructions', mail.subject
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
test 'body should have user info' do
|
78
|
-
assert_match user.email, mail.body.encoded
|
79
|
-
end
|
80
|
-
|
81
|
-
test 'body should have link to confirm the account' do
|
82
|
-
host = ActionMailer::Base.default_url_options[:host]
|
83
|
-
|
84
|
-
if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/password/edit\?reset_password_token=([^"]+)">}
|
85
|
-
assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token
|
86
|
-
else
|
87
|
-
flunk "expected reset password url regex to match"
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
|
-
test 'mailer sender accepts a proc' do
|
92
|
-
swap Devise, :mailer_sender => proc { "another@example.com" } do
|
93
|
-
assert_equal ['another@example.com'], mail.from
|
94
|
-
end
|
95
|
-
end
|
96
|
-
end
|