devise 3.2.2 → 4.6.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/CHANGELOG.md +242 -978
- data/MIT-LICENSE +1 -1
- data/README.md +371 -100
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +21 -8
- data/app/controllers/devise/registrations_controller.rb +59 -26
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +12 -19
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +9 -5
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +16 -7
- data/app/views/devise/passwords/new.html.erb +9 -5
- data/app/views/devise/registrations/edit.html.erb +29 -15
- data/app/views/devise/registrations/new.html.erb +20 -9
- data/app/views/devise/sessions/new.html.erb +19 -10
- data/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +9 -9
- data/app/views/devise/unlocks/new.html.erb +9 -5
- data/config/locales/en.yml +23 -17
- data/lib/devise/controllers/helpers.rb +112 -32
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +42 -26
- data/lib/devise/controllers/store_location.rb +31 -5
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +125 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models/authenticatable.rb +82 -56
- data/lib/devise/models/confirmable.rb +125 -42
- data/lib/devise/models/database_authenticatable.rb +110 -32
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +4 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +20 -4
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/models.rb +3 -1
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +4 -0
- data/lib/devise/parameter_sanitizer.rb +139 -65
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/secret_key_finder.rb +27 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +14 -6
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/devise.rb +111 -84
- data/lib/generators/active_record/devise_generator.rb +49 -12
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +7 -5
- data/lib/generators/devise/install_generator.rb +21 -0
- data/lib/generators/devise/orm_helpers.rb +10 -21
- data/lib/generators/devise/views_generator.rb +49 -28
- data/lib/generators/mongoid/devise_generator.rb +21 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +81 -36
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +6 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +9 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +5 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +14 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +12 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +11 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +5 -2
- metadata +52 -280
- data/.gitignore +0 -10
- data/.travis.yml +0 -20
- data/.yardopts +0 -9
- data/CONTRIBUTING.md +0 -14
- data/Gemfile +0 -31
- data/Gemfile.lock +0 -160
- data/Rakefile +0 -35
- data/devise.gemspec +0 -27
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
- data/test/controllers/custom_strategy_test.rb +0 -62
- data/test/controllers/helpers_test.rb +0 -276
- data/test/controllers/internal_helpers_test.rb +0 -120
- data/test/controllers/passwords_controller_test.rb +0 -31
- data/test/controllers/sessions_controller_test.rb +0 -99
- data/test/controllers/url_helpers_test.rb +0 -59
- data/test/delegator_test.rb +0 -19
- data/test/devise_test.rb +0 -94
- data/test/failure_app_test.rb +0 -232
- data/test/generators/active_record_generator_test.rb +0 -103
- data/test/generators/devise_generator_test.rb +0 -39
- data/test/generators/install_generator_test.rb +0 -13
- data/test/generators/mongoid_generator_test.rb +0 -23
- data/test/generators/views_generator_test.rb +0 -67
- data/test/helpers/devise_helper_test.rb +0 -51
- data/test/integration/authenticatable_test.rb +0 -713
- data/test/integration/confirmable_test.rb +0 -284
- data/test/integration/database_authenticatable_test.rb +0 -84
- data/test/integration/http_authenticatable_test.rb +0 -105
- data/test/integration/lockable_test.rb +0 -239
- data/test/integration/omniauthable_test.rb +0 -133
- data/test/integration/recoverable_test.rb +0 -334
- data/test/integration/registerable_test.rb +0 -349
- data/test/integration/rememberable_test.rb +0 -167
- data/test/integration/timeoutable_test.rb +0 -183
- data/test/integration/trackable_test.rb +0 -92
- data/test/mailers/confirmation_instructions_test.rb +0 -115
- data/test/mailers/reset_password_instructions_test.rb +0 -96
- data/test/mailers/unlock_instructions_test.rb +0 -91
- data/test/mapping_test.rb +0 -127
- data/test/models/authenticatable_test.rb +0 -13
- data/test/models/confirmable_test.rb +0 -454
- data/test/models/database_authenticatable_test.rb +0 -249
- data/test/models/lockable_test.rb +0 -298
- data/test/models/omniauthable_test.rb +0 -7
- data/test/models/recoverable_test.rb +0 -184
- data/test/models/registerable_test.rb +0 -7
- data/test/models/rememberable_test.rb +0 -183
- data/test/models/serializable_test.rb +0 -49
- data/test/models/timeoutable_test.rb +0 -51
- data/test/models/trackable_test.rb +0 -13
- data/test/models/validatable_test.rb +0 -127
- data/test/models_test.rb +0 -144
- data/test/omniauth/config_test.rb +0 -57
- data/test/omniauth/url_helpers_test.rb +0 -54
- data/test/orm/active_record.rb +0 -10
- data/test/orm/mongoid.rb +0 -13
- data/test/parameter_sanitizer_test.rb +0 -81
- data/test/rails_app/Rakefile +0 -6
- data/test/rails_app/app/active_record/admin.rb +0 -6
- data/test/rails_app/app/active_record/shim.rb +0 -2
- data/test/rails_app/app/active_record/user.rb +0 -6
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
- data/test/rails_app/app/controllers/admins_controller.rb +0 -11
- data/test/rails_app/app/controllers/application_controller.rb +0 -9
- data/test/rails_app/app/controllers/home_controller.rb +0 -25
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
- data/test/rails_app/app/controllers/users_controller.rb +0 -31
- data/test/rails_app/app/helpers/application_helper.rb +0 -3
- data/test/rails_app/app/mailers/users/mailer.rb +0 -12
- data/test/rails_app/app/mongoid/admin.rb +0 -29
- data/test/rails_app/app/mongoid/shim.rb +0 -23
- data/test/rails_app/app/mongoid/user.rb +0 -39
- data/test/rails_app/app/views/admins/index.html.erb +0 -1
- data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/home/index.html.erb +0 -1
- data/test/rails_app/app/views/home/join.html.erb +0 -1
- data/test/rails_app/app/views/home/private.html.erb +0 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/layouts/application.html.erb +0 -24
- data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
- data/test/rails_app/app/views/users/index.html.erb +0 -1
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
- data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
- data/test/rails_app/bin/bundle +0 -3
- data/test/rails_app/bin/rails +0 -4
- data/test/rails_app/bin/rake +0 -4
- data/test/rails_app/config/application.rb +0 -40
- data/test/rails_app/config/boot.rb +0 -14
- data/test/rails_app/config/database.yml +0 -18
- data/test/rails_app/config/environment.rb +0 -5
- data/test/rails_app/config/environments/development.rb +0 -30
- data/test/rails_app/config/environments/production.rb +0 -80
- data/test/rails_app/config/environments/test.rb +0 -36
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
- data/test/rails_app/config/initializers/devise.rb +0 -181
- data/test/rails_app/config/initializers/inflections.rb +0 -2
- data/test/rails_app/config/initializers/secret_token.rb +0 -8
- data/test/rails_app/config/initializers/session_store.rb +0 -1
- data/test/rails_app/config/routes.rb +0 -104
- data/test/rails_app/config.ru +0 -4
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
- data/test/rails_app/db/schema.rb +0 -55
- data/test/rails_app/lib/shared_admin.rb +0 -17
- data/test/rails_app/lib/shared_user.rb +0 -29
- data/test/rails_app/public/404.html +0 -26
- data/test/rails_app/public/422.html +0 -26
- data/test/rails_app/public/500.html +0 -26
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/routes_test.rb +0 -250
- data/test/support/assertions.rb +0 -40
- data/test/support/helpers.rb +0 -70
- data/test/support/integration.rb +0 -92
- data/test/support/locale/en.yml +0 -8
- data/test/support/webrat/integrations/rails.rb +0 -24
- data/test/test_helper.rb +0 -27
- data/test/test_helpers_test.rb +0 -173
- data/test/test_models.rb +0 -33
@@ -1,184 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class RecoverableTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
def setup
|
6
|
-
setup_mailer
|
7
|
-
end
|
8
|
-
|
9
|
-
test 'should not generate reset password token after creating a record' do
|
10
|
-
assert_nil new_user.reset_password_token
|
11
|
-
end
|
12
|
-
|
13
|
-
test 'should never generate the same reset password token for different users' do
|
14
|
-
reset_password_tokens = []
|
15
|
-
3.times do
|
16
|
-
user = create_user
|
17
|
-
user.send_reset_password_instructions
|
18
|
-
token = user.reset_password_token
|
19
|
-
assert !reset_password_tokens.include?(token)
|
20
|
-
reset_password_tokens << token
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
test 'should reset password and password confirmation from params' do
|
25
|
-
user = create_user
|
26
|
-
user.reset_password!('123456789', '987654321')
|
27
|
-
assert_equal '123456789', user.password
|
28
|
-
assert_equal '987654321', user.password_confirmation
|
29
|
-
end
|
30
|
-
|
31
|
-
test 'should reset password and save the record' do
|
32
|
-
assert create_user.reset_password!('123456789', '123456789')
|
33
|
-
end
|
34
|
-
|
35
|
-
test 'should clear reset password token while reseting the password' do
|
36
|
-
user = create_user
|
37
|
-
assert_nil user.reset_password_token
|
38
|
-
|
39
|
-
user.send_reset_password_instructions
|
40
|
-
assert_present user.reset_password_token
|
41
|
-
assert user.reset_password!('123456789', '123456789')
|
42
|
-
assert_nil user.reset_password_token
|
43
|
-
end
|
44
|
-
|
45
|
-
test 'should not clear reset password token if record is invalid' do
|
46
|
-
user = create_user
|
47
|
-
user.send_reset_password_instructions
|
48
|
-
assert_present user.reset_password_token
|
49
|
-
assert_not user.reset_password!('123456789', '987654321')
|
50
|
-
assert_present user.reset_password_token
|
51
|
-
end
|
52
|
-
|
53
|
-
test 'should not reset password with invalid data' do
|
54
|
-
user = create_user
|
55
|
-
user.stubs(:valid?).returns(false)
|
56
|
-
assert_not user.reset_password!('123456789', '987654321')
|
57
|
-
end
|
58
|
-
|
59
|
-
test 'should reset reset password token and send instructions by email' do
|
60
|
-
user = create_user
|
61
|
-
assert_email_sent do
|
62
|
-
token = user.reset_password_token
|
63
|
-
user.send_reset_password_instructions
|
64
|
-
assert_not_equal token, user.reset_password_token
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
test 'should find a user to send instructions by email' do
|
69
|
-
user = create_user
|
70
|
-
reset_password_user = User.send_reset_password_instructions(:email => user.email)
|
71
|
-
assert_equal reset_password_user, user
|
72
|
-
end
|
73
|
-
|
74
|
-
test 'should return a new record with errors if user was not found by e-mail' do
|
75
|
-
reset_password_user = User.send_reset_password_instructions(:email => "invalid@example.com")
|
76
|
-
assert_not reset_password_user.persisted?
|
77
|
-
assert_equal "not found", reset_password_user.errors[:email].join
|
78
|
-
end
|
79
|
-
|
80
|
-
test 'should find a user to send instructions by authentication_keys' do
|
81
|
-
swap Devise, :authentication_keys => [:username, :email] do
|
82
|
-
user = create_user
|
83
|
-
reset_password_user = User.send_reset_password_instructions(:email => user.email, :username => user.username)
|
84
|
-
assert_equal reset_password_user, user
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
test 'should require all reset_password_keys' do
|
89
|
-
swap Devise, :reset_password_keys => [:username, :email] do
|
90
|
-
user = create_user
|
91
|
-
reset_password_user = User.send_reset_password_instructions(:email => user.email)
|
92
|
-
assert_not reset_password_user.persisted?
|
93
|
-
assert_equal "can't be blank", reset_password_user.errors[:username].join
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
test 'should reset reset_password_token before send the reset instructions email' do
|
98
|
-
user = create_user
|
99
|
-
token = user.reset_password_token
|
100
|
-
User.send_reset_password_instructions(:email => user.email)
|
101
|
-
assert_not_equal token, user.reload.reset_password_token
|
102
|
-
end
|
103
|
-
|
104
|
-
test 'should send email instructions to the user reset his password' do
|
105
|
-
user = create_user
|
106
|
-
assert_email_sent do
|
107
|
-
User.send_reset_password_instructions(:email => user.email)
|
108
|
-
end
|
109
|
-
end
|
110
|
-
|
111
|
-
test 'should find a user to reset his password based on the raw token' do
|
112
|
-
user = create_user
|
113
|
-
raw = user.send_reset_password_instructions
|
114
|
-
|
115
|
-
reset_password_user = User.reset_password_by_token(:reset_password_token => raw)
|
116
|
-
assert_equal reset_password_user, user
|
117
|
-
end
|
118
|
-
|
119
|
-
test 'should return a new record with errors if no reset_password_token is found' do
|
120
|
-
reset_password_user = User.reset_password_by_token(:reset_password_token => 'invalid_token')
|
121
|
-
assert_not reset_password_user.persisted?
|
122
|
-
assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
|
123
|
-
end
|
124
|
-
|
125
|
-
test 'should return a new record with errors if reset_password_token is blank' do
|
126
|
-
reset_password_user = User.reset_password_by_token(:reset_password_token => '')
|
127
|
-
assert_not reset_password_user.persisted?
|
128
|
-
assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join
|
129
|
-
end
|
130
|
-
|
131
|
-
test 'should return a new record with errors if password is blank' do
|
132
|
-
user = create_user
|
133
|
-
raw = user.send_reset_password_instructions
|
134
|
-
|
135
|
-
reset_password_user = User.reset_password_by_token(:reset_password_token => raw, :password => '')
|
136
|
-
assert_not reset_password_user.errors.empty?
|
137
|
-
assert_match "can't be blank", reset_password_user.errors[:password].join
|
138
|
-
end
|
139
|
-
|
140
|
-
test 'should reset successfully user password given the new password and confirmation' do
|
141
|
-
user = create_user
|
142
|
-
old_password = user.password
|
143
|
-
raw = user.send_reset_password_instructions
|
144
|
-
|
145
|
-
User.reset_password_by_token(
|
146
|
-
:reset_password_token => raw,
|
147
|
-
:password => 'new_password',
|
148
|
-
:password_confirmation => 'new_password'
|
149
|
-
)
|
150
|
-
user.reload
|
151
|
-
|
152
|
-
assert_not user.valid_password?(old_password)
|
153
|
-
assert user.valid_password?('new_password')
|
154
|
-
end
|
155
|
-
|
156
|
-
test 'should not reset password after reset_password_within time' do
|
157
|
-
swap Devise, :reset_password_within => 1.hour do
|
158
|
-
user = create_user
|
159
|
-
raw = user.send_reset_password_instructions
|
160
|
-
|
161
|
-
old_password = user.password
|
162
|
-
user.reset_password_sent_at = 2.days.ago
|
163
|
-
user.save!
|
164
|
-
|
165
|
-
reset_password_user = User.reset_password_by_token(
|
166
|
-
:reset_password_token => raw,
|
167
|
-
:password => 'new_password',
|
168
|
-
:password_confirmation => 'new_password'
|
169
|
-
)
|
170
|
-
user.reload
|
171
|
-
|
172
|
-
assert user.valid_password?(old_password)
|
173
|
-
assert_not user.valid_password?('new_password')
|
174
|
-
assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
test 'required_fields should contain the fields that Devise uses' do
|
179
|
-
assert_same_content Devise::Models::Recoverable.required_fields(User), [
|
180
|
-
:reset_password_sent_at,
|
181
|
-
:reset_password_token
|
182
|
-
]
|
183
|
-
end
|
184
|
-
end
|
@@ -1,183 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class RememberableTest < ActiveSupport::TestCase
|
4
|
-
def resource_class
|
5
|
-
User
|
6
|
-
end
|
7
|
-
|
8
|
-
def create_resource
|
9
|
-
create_user
|
10
|
-
end
|
11
|
-
|
12
|
-
test 'remember_me should not generate a new token if using salt' do
|
13
|
-
user = create_user
|
14
|
-
user.expects(:valid?).never
|
15
|
-
user.remember_me!
|
16
|
-
end
|
17
|
-
|
18
|
-
test 'forget_me should not clear remember token if using salt' do
|
19
|
-
user = create_user
|
20
|
-
user.remember_me!
|
21
|
-
user.expects(:valid?).never
|
22
|
-
user.forget_me!
|
23
|
-
end
|
24
|
-
|
25
|
-
test 'can generate remember token' do
|
26
|
-
user = create_user
|
27
|
-
user.singleton_class.send(:attr_accessor, :remember_token)
|
28
|
-
User.to_adapter.expects(:find_first).returns(nil)
|
29
|
-
user.remember_me!
|
30
|
-
assert user.remember_token
|
31
|
-
end
|
32
|
-
|
33
|
-
test 'serialize into cookie' do
|
34
|
-
user = create_user
|
35
|
-
user.remember_me!
|
36
|
-
assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
|
37
|
-
end
|
38
|
-
|
39
|
-
test 'serialize from cookie' do
|
40
|
-
user = create_user
|
41
|
-
user.remember_me!
|
42
|
-
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
|
43
|
-
end
|
44
|
-
|
45
|
-
test 'raises a RuntimeError if authenticatable_salt is nil' do
|
46
|
-
user = User.new
|
47
|
-
user.encrypted_password = nil
|
48
|
-
assert_raise RuntimeError do
|
49
|
-
user.rememberable_value
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
test 'should respond to remember_me attribute' do
|
54
|
-
assert resource_class.new.respond_to?(:remember_me)
|
55
|
-
assert resource_class.new.respond_to?(:remember_me=)
|
56
|
-
end
|
57
|
-
|
58
|
-
test 'forget_me should clear remember_created_at' do
|
59
|
-
resource = create_resource
|
60
|
-
resource.remember_me!
|
61
|
-
assert_not resource.remember_created_at.nil?
|
62
|
-
resource.forget_me!
|
63
|
-
assert resource.remember_created_at.nil?
|
64
|
-
end
|
65
|
-
|
66
|
-
test 'forget_me should not try to update resource if it has been destroyed' do
|
67
|
-
resource = create_resource
|
68
|
-
resource.expects(:remember_created_at).never
|
69
|
-
resource.expects(:save).never
|
70
|
-
|
71
|
-
resource.destroy
|
72
|
-
resource.forget_me!
|
73
|
-
end
|
74
|
-
|
75
|
-
test 'remember is expired if not created at timestamp is set' do
|
76
|
-
assert create_resource.remember_expired?
|
77
|
-
end
|
78
|
-
|
79
|
-
test 'serialize should return nil if no resource is found' do
|
80
|
-
assert_nil resource_class.serialize_from_cookie([0], "123")
|
81
|
-
end
|
82
|
-
|
83
|
-
test 'remember me return nil if is a valid resource with invalid token' do
|
84
|
-
resource = create_resource
|
85
|
-
assert_nil resource_class.serialize_from_cookie([resource.id], "123")
|
86
|
-
end
|
87
|
-
|
88
|
-
test 'remember for should fallback to devise remember for default configuration' do
|
89
|
-
swap Devise, :remember_for => 1.day do
|
90
|
-
resource = create_resource
|
91
|
-
resource.remember_me!
|
92
|
-
assert_not resource.remember_expired?
|
93
|
-
end
|
94
|
-
end
|
95
|
-
|
96
|
-
test 'remember expires at should sum date of creation with remember for configuration' do
|
97
|
-
swap Devise, :remember_for => 3.days do
|
98
|
-
resource = create_resource
|
99
|
-
resource.remember_me!
|
100
|
-
assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date
|
101
|
-
|
102
|
-
Devise.remember_for = 5.days
|
103
|
-
assert_equal 5.days.from_now.to_date, resource.remember_expires_at.to_date
|
104
|
-
end
|
105
|
-
end
|
106
|
-
|
107
|
-
test 'remember should be expired if remember_for is zero' do
|
108
|
-
swap Devise, :remember_for => 0.days do
|
109
|
-
Devise.remember_for = 0.days
|
110
|
-
resource = create_resource
|
111
|
-
resource.remember_me!
|
112
|
-
assert resource.remember_expired?
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
test 'remember should be expired if it was created before limit time' do
|
117
|
-
swap Devise, :remember_for => 1.day do
|
118
|
-
resource = create_resource
|
119
|
-
resource.remember_me!
|
120
|
-
resource.remember_created_at = 2.days.ago
|
121
|
-
resource.save
|
122
|
-
assert resource.remember_expired?
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
|
-
test 'remember should not be expired if it was created within the limit time' do
|
127
|
-
swap Devise, :remember_for => 30.days do
|
128
|
-
resource = create_resource
|
129
|
-
resource.remember_me!
|
130
|
-
resource.remember_created_at = (30.days.ago + 2.minutes)
|
131
|
-
resource.save
|
132
|
-
assert_not resource.remember_expired?
|
133
|
-
end
|
134
|
-
end
|
135
|
-
|
136
|
-
test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do
|
137
|
-
swap Devise, :remember_for => 5.minutes do
|
138
|
-
resource = create_resource
|
139
|
-
resource.remember_me!(false)
|
140
|
-
assert resource.remember_created_at
|
141
|
-
|
142
|
-
resource.remember_created_at = old = 10.minutes.ago
|
143
|
-
resource.save
|
144
|
-
|
145
|
-
resource.remember_me!(false)
|
146
|
-
assert_not_equal old.to_i, resource.remember_created_at.to_i
|
147
|
-
end
|
148
|
-
end
|
149
|
-
|
150
|
-
test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do
|
151
|
-
swap Devise, :remember_for => 1.year do
|
152
|
-
resource = create_resource
|
153
|
-
resource.remember_me!(false)
|
154
|
-
assert resource.remember_created_at
|
155
|
-
|
156
|
-
resource.remember_created_at = old = 10.minutes.ago.utc
|
157
|
-
resource.save
|
158
|
-
|
159
|
-
resource.remember_me!(false)
|
160
|
-
assert_equal old.to_i, resource.remember_created_at.to_i
|
161
|
-
end
|
162
|
-
end
|
163
|
-
|
164
|
-
test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do
|
165
|
-
swap Devise, :remember_for => 1.year do
|
166
|
-
resource = create_resource
|
167
|
-
resource.remember_me!(true)
|
168
|
-
assert resource.remember_created_at
|
169
|
-
|
170
|
-
resource.remember_created_at = old = 10.minutes.ago
|
171
|
-
resource.save
|
172
|
-
|
173
|
-
resource.remember_me!(true)
|
174
|
-
assert_not_equal old, resource.remember_created_at
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
test 'should have the required_fields array' do
|
179
|
-
assert_same_content Devise::Models::Rememberable.required_fields(User), [
|
180
|
-
:remember_created_at
|
181
|
-
]
|
182
|
-
end
|
183
|
-
end
|
@@ -1,49 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class SerializableTest < ActiveSupport::TestCase
|
4
|
-
setup do
|
5
|
-
@user = create_user
|
6
|
-
end
|
7
|
-
|
8
|
-
test 'should not include unsafe keys on XML' do
|
9
|
-
assert_match(/email/, @user.to_xml)
|
10
|
-
assert_no_match(/confirmation-token/, @user.to_xml)
|
11
|
-
end
|
12
|
-
|
13
|
-
test 'should not include unsafe keys on XML even if a new except is provided' do
|
14
|
-
assert_no_match(/email/, @user.to_xml(:except => :email))
|
15
|
-
assert_no_match(/confirmation-token/, @user.to_xml(:except => :email))
|
16
|
-
end
|
17
|
-
|
18
|
-
test 'should include unsafe keys on XML if a force_except is provided' do
|
19
|
-
assert_no_match(/<email/, @user.to_xml(:force_except => :email))
|
20
|
-
assert_match(/confirmation-token/, @user.to_xml(:force_except => :email))
|
21
|
-
end
|
22
|
-
|
23
|
-
test 'should not include unsafe keys on JSON' do
|
24
|
-
keys = from_json().keys.select{ |key| !key.include?("id") }
|
25
|
-
assert_equal %w(created_at email facebook_token updated_at username), keys.sort
|
26
|
-
end
|
27
|
-
|
28
|
-
test 'should not include unsafe keys on JSON even if a new except is provided' do
|
29
|
-
assert_no_key "email", from_json(:except => :email)
|
30
|
-
assert_no_key "confirmation_token", from_json(:except => :email)
|
31
|
-
end
|
32
|
-
|
33
|
-
test 'should include unsafe keys on JSON if a force_except is provided' do
|
34
|
-
assert_no_key "email", from_json(:force_except => :email)
|
35
|
-
assert_key "confirmation_token", from_json(:force_except => :email)
|
36
|
-
end
|
37
|
-
|
38
|
-
def assert_key(key, subject)
|
39
|
-
assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}"
|
40
|
-
end
|
41
|
-
|
42
|
-
def assert_no_key(key, subject)
|
43
|
-
assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}"
|
44
|
-
end
|
45
|
-
|
46
|
-
def from_json(options=nil)
|
47
|
-
ActiveSupport::JSON.decode(@user.to_json(options))["user"]
|
48
|
-
end
|
49
|
-
end
|
@@ -1,51 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class TimeoutableTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
test 'should be expired' do
|
6
|
-
assert new_user.timedout?(31.minutes.ago)
|
7
|
-
end
|
8
|
-
|
9
|
-
test 'should not be expired' do
|
10
|
-
assert_not new_user.timedout?(29.minutes.ago)
|
11
|
-
end
|
12
|
-
|
13
|
-
test 'should not be expired when params is nil' do
|
14
|
-
assert_not new_user.timedout?(nil)
|
15
|
-
end
|
16
|
-
|
17
|
-
test 'should use timeout_in method' do
|
18
|
-
user = new_user
|
19
|
-
user.instance_eval { def timeout_in; 10.minutes end }
|
20
|
-
|
21
|
-
assert user.timedout?(12.minutes.ago)
|
22
|
-
assert_not user.timedout?(8.minutes.ago)
|
23
|
-
end
|
24
|
-
|
25
|
-
test 'should not be expired when timeout_in method returns nil' do
|
26
|
-
user = new_user
|
27
|
-
user.instance_eval { def timeout_in; nil end }
|
28
|
-
assert_not user.timedout?(10.hours.ago)
|
29
|
-
end
|
30
|
-
|
31
|
-
test 'fallback to Devise config option' do
|
32
|
-
swap Devise, :timeout_in => 1.minute do
|
33
|
-
user = new_user
|
34
|
-
assert user.timedout?(2.minutes.ago)
|
35
|
-
assert_not user.timedout?(30.seconds.ago)
|
36
|
-
|
37
|
-
Devise.timeout_in = 5.minutes
|
38
|
-
assert_not user.timedout?(2.minutes.ago)
|
39
|
-
assert user.timedout?(6.minutes.ago)
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
test 'required_fields should contain the fields that Devise uses' do
|
44
|
-
assert_same_content Devise::Models::Timeoutable.required_fields(User), []
|
45
|
-
end
|
46
|
-
|
47
|
-
test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do
|
48
|
-
user = create_admin(remember_created_at: Time.current)
|
49
|
-
assert user.timedout?(31.minutes.ago)
|
50
|
-
end
|
51
|
-
end
|
@@ -1,13 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class TrackableTest < ActiveSupport::TestCase
|
4
|
-
test 'required_fields should contain the fields that Devise uses' do
|
5
|
-
assert_same_content Devise::Models::Trackable.required_fields(User), [
|
6
|
-
:current_sign_in_at,
|
7
|
-
:current_sign_in_ip,
|
8
|
-
:last_sign_in_at,
|
9
|
-
:last_sign_in_ip,
|
10
|
-
:sign_in_count
|
11
|
-
]
|
12
|
-
end
|
13
|
-
end
|
@@ -1,127 +0,0 @@
|
|
1
|
-
# encoding: UTF-8
|
2
|
-
require 'test_helper'
|
3
|
-
|
4
|
-
class ValidatableTest < ActiveSupport::TestCase
|
5
|
-
test 'should require email to be set' do
|
6
|
-
user = new_user(:email => nil)
|
7
|
-
assert user.invalid?
|
8
|
-
assert user.errors[:email]
|
9
|
-
assert_equal 'can\'t be blank', user.errors[:email].join
|
10
|
-
end
|
11
|
-
|
12
|
-
test 'should require uniqueness of email if email has changed, allowing blank' do
|
13
|
-
existing_user = create_user
|
14
|
-
|
15
|
-
user = new_user(:email => '')
|
16
|
-
assert user.invalid?
|
17
|
-
assert_no_match(/taken/, user.errors[:email].join)
|
18
|
-
|
19
|
-
user.email = existing_user.email
|
20
|
-
assert user.invalid?
|
21
|
-
assert_match(/taken/, user.errors[:email].join)
|
22
|
-
|
23
|
-
user.save(:validate => false)
|
24
|
-
assert user.valid?
|
25
|
-
end
|
26
|
-
|
27
|
-
test 'should require correct email format if email has changed, allowing blank' do
|
28
|
-
user = new_user(:email => '')
|
29
|
-
assert user.invalid?
|
30
|
-
assert_not_equal 'is invalid', user.errors[:email].join
|
31
|
-
|
32
|
-
%w{invalid_email_format 123 $$$ () ☃ bla@bla.}.each do |email|
|
33
|
-
user.email = email
|
34
|
-
assert user.invalid?, 'should be invalid with email ' << email
|
35
|
-
assert_equal 'is invalid', user.errors[:email].join
|
36
|
-
end
|
37
|
-
|
38
|
-
user.save(:validate => false)
|
39
|
-
assert user.valid?
|
40
|
-
end
|
41
|
-
|
42
|
-
test 'should accept valid emails' do
|
43
|
-
%w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test 1☃3@mail.test).each do |email|
|
44
|
-
user = new_user(:email => email)
|
45
|
-
assert user.valid?, 'should be valid with email ' << email
|
46
|
-
assert_blank user.errors[:email]
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
test 'should require password to be set when creating a new record' do
|
51
|
-
user = new_user(:password => '', :password_confirmation => '')
|
52
|
-
assert user.invalid?
|
53
|
-
assert_equal 'can\'t be blank', user.errors[:password].join
|
54
|
-
end
|
55
|
-
|
56
|
-
test 'should require confirmation to be set when creating a new record' do
|
57
|
-
user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
|
58
|
-
assert user.invalid?
|
59
|
-
|
60
|
-
if Devise.rails4?
|
61
|
-
assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
|
62
|
-
else
|
63
|
-
assert_equal 'doesn\'t match confirmation', user.errors[:password].join
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
test 'should require password when updating/resetting password' do
|
68
|
-
user = create_user
|
69
|
-
|
70
|
-
user.password = ''
|
71
|
-
user.password_confirmation = ''
|
72
|
-
|
73
|
-
assert user.invalid?
|
74
|
-
assert_equal 'can\'t be blank', user.errors[:password].join
|
75
|
-
end
|
76
|
-
|
77
|
-
test 'should require confirmation when updating/resetting password' do
|
78
|
-
user = create_user
|
79
|
-
user.password_confirmation = 'another_password'
|
80
|
-
assert user.invalid?
|
81
|
-
|
82
|
-
if Devise.rails4?
|
83
|
-
assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
|
84
|
-
else
|
85
|
-
assert_equal 'doesn\'t match confirmation', user.errors[:password].join
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
test 'should require a password with minimum of 6 characters' do
|
90
|
-
user = new_user(:password => '12345', :password_confirmation => '12345')
|
91
|
-
assert user.invalid?
|
92
|
-
assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
|
93
|
-
end
|
94
|
-
|
95
|
-
test 'should require a password with maximum of 128 characters long' do
|
96
|
-
user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
|
97
|
-
assert user.invalid?
|
98
|
-
assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
|
99
|
-
end
|
100
|
-
|
101
|
-
test 'should not require password length when it\'s not changed' do
|
102
|
-
user = create_user.reload
|
103
|
-
user.password = user.password_confirmation = nil
|
104
|
-
assert user.valid?
|
105
|
-
|
106
|
-
user.password_confirmation = 'confirmation'
|
107
|
-
assert user.invalid?
|
108
|
-
assert_not (user.errors[:password].join =~ /is too long/)
|
109
|
-
end
|
110
|
-
|
111
|
-
test 'should complain about length even if password is not required' do
|
112
|
-
user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
|
113
|
-
user.stubs(:password_required?).returns(false)
|
114
|
-
assert user.invalid?
|
115
|
-
assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
|
116
|
-
end
|
117
|
-
|
118
|
-
test 'should not be included in objects with invalid API' do
|
119
|
-
assert_raise RuntimeError do
|
120
|
-
Class.new.send :include, Devise::Models::Validatable
|
121
|
-
end
|
122
|
-
end
|
123
|
-
|
124
|
-
test 'required_fields should be an empty array' do
|
125
|
-
assert_equal Devise::Models::Validatable.required_fields(User), []
|
126
|
-
end
|
127
|
-
end
|