devise 3.2.3 → 3.2.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/Gemfile +2 -2
- data/Gemfile.lock +6 -6
- data/README.md +7 -0
- data/Rakefile +1 -1
- data/app/controllers/devise/confirmations_controller.rb +2 -2
- data/app/controllers/devise/omniauth_callbacks_controller.rb +2 -2
- data/app/controllers/devise/passwords_controller.rb +3 -3
- data/app/controllers/devise/registrations_controller.rb +7 -7
- data/app/controllers/devise/sessions_controller.rb +6 -6
- data/app/controllers/devise/unlocks_controller.rb +2 -2
- data/app/controllers/devise_controller.rb +3 -3
- data/app/helpers/devise_helper.rb +2 -2
- data/app/views/devise/confirmations/new.html.erb +2 -2
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +3 -3
- data/app/views/devise/passwords/new.html.erb +2 -2
- data/app/views/devise/registrations/edit.html.erb +6 -6
- data/app/views/devise/registrations/new.html.erb +4 -4
- data/app/views/devise/sessions/new.html.erb +3 -3
- data/app/views/devise/unlocks/new.html.erb +2 -2
- data/devise.gemspec +1 -1
- data/gemfiles/Gemfile.rails-3.2-stable +3 -3
- data/gemfiles/Gemfile.rails-4.0-stable +3 -3
- data/gemfiles/Gemfile.rails-head +3 -3
- data/lib/devise.rb +3 -3
- data/lib/devise/controllers/helpers.rb +5 -5
- data/lib/devise/controllers/rememberable.rb +3 -3
- data/lib/devise/controllers/sign_in_out.rb +8 -8
- data/lib/devise/failure_app.rb +3 -3
- data/lib/devise/hooks/activatable.rb +1 -1
- data/lib/devise/hooks/lockable.rb +1 -1
- data/lib/devise/hooks/proxy.rb +1 -1
- data/lib/devise/hooks/rememberable.rb +1 -1
- data/lib/devise/hooks/timeoutable.rb +1 -1
- data/lib/devise/hooks/trackable.rb +1 -1
- data/lib/devise/mailers/helpers.rb +8 -8
- data/lib/devise/models/authenticatable.rb +3 -3
- data/lib/devise/models/confirmable.rb +9 -9
- data/lib/devise/models/database_authenticatable.rb +1 -1
- data/lib/devise/models/lockable.rb +6 -6
- data/lib/devise/models/omniauthable.rb +1 -1
- data/lib/devise/models/recoverable.rb +1 -1
- data/lib/devise/models/rememberable.rb +3 -3
- data/lib/devise/models/trackable.rb +1 -1
- data/lib/devise/models/validatable.rb +6 -6
- data/lib/devise/modules.rb +9 -9
- data/lib/devise/omniauth/url_helpers.rb +2 -2
- data/lib/devise/rails.rb +1 -1
- data/lib/devise/rails/routes.rb +81 -81
- data/lib/devise/test_helpers.rb +2 -2
- data/lib/devise/time_inflector.rb +1 -1
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +6 -6
- data/lib/generators/active_record/templates/migration.rb +4 -4
- data/lib/generators/active_record/templates/migration_existing.rb +4 -4
- data/lib/generators/devise/devise_generator.rb +3 -3
- data/lib/generators/devise/views_generator.rb +29 -18
- data/lib/generators/mongoid/devise_generator.rb +19 -19
- data/lib/generators/templates/README +2 -2
- data/lib/generators/templates/devise.rb +9 -7
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -2
- data/test/controllers/helpers_test.rb +31 -31
- data/test/controllers/internal_helpers_test.rb +6 -6
- data/test/controllers/sessions_controller_test.rb +18 -18
- data/test/controllers/url_helpers_test.rb +4 -4
- data/test/delegator_test.rb +1 -1
- data/test/devise_test.rb +3 -3
- data/test/failure_app_test.rb +21 -21
- data/test/generators/active_record_generator_test.rb +4 -4
- data/test/generators/devise_generator_test.rb +2 -2
- data/test/generators/mongoid_generator_test.rb +1 -1
- data/test/generators/views_generator_test.rb +30 -1
- data/test/helpers/devise_helper_test.rb +11 -11
- data/test/integration/authenticatable_test.rb +42 -42
- data/test/integration/confirmable_test.rb +46 -46
- data/test/integration/database_authenticatable_test.rb +16 -16
- data/test/integration/http_authenticatable_test.rb +11 -11
- data/test/integration/lockable_test.rb +37 -37
- data/test/integration/omniauthable_test.rb +3 -3
- data/test/integration/recoverable_test.rb +41 -41
- data/test/integration/registerable_test.rb +49 -49
- data/test/integration/rememberable_test.rb +13 -13
- data/test/integration/timeoutable_test.rb +7 -7
- data/test/integration/trackable_test.rb +2 -2
- data/test/mailers/confirmation_instructions_test.rb +4 -4
- data/test/mailers/reset_password_instructions_test.rb +3 -3
- data/test/mailers/unlock_instructions_test.rb +2 -2
- data/test/models/authenticatable_test.rb +3 -3
- data/test/models/confirmable_test.rb +31 -31
- data/test/models/database_authenticatable_test.rb +27 -27
- data/test/models/lockable_test.rb +29 -29
- data/test/models/recoverable_test.rb +19 -19
- data/test/models/rememberable_test.rb +8 -8
- data/test/models/serializable_test.rb +8 -8
- data/test/models/timeoutable_test.rb +1 -1
- data/test/models/validatable_test.rb +11 -11
- data/test/omniauth/config_test.rb +3 -3
- data/test/omniauth/url_helpers_test.rb +3 -3
- data/test/parameter_sanitizer_test.rb +1 -1
- data/test/rails_app/app/controllers/admins_controller.rb +1 -1
- data/test/rails_app/app/controllers/application_controller.rb +2 -2
- data/test/rails_app/app/controllers/home_controller.rb +1 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
- data/test/rails_app/app/controllers/users_controller.rb +5 -5
- data/test/rails_app/app/mailers/users/mailer.rb +4 -4
- data/test/rails_app/app/mongoid/admin.rb +11 -11
- data/test/rails_app/app/mongoid/shim.rb +2 -2
- data/test/rails_app/app/mongoid/user.rb +19 -19
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/config/application.rb +2 -2
- data/test/rails_app/config/initializers/devise.rb +3 -3
- data/test/rails_app/config/initializers/secret_token.rb +1 -1
- data/test/rails_app/config/routes.rb +43 -43
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +7 -7
- data/test/rails_app/lib/shared_admin.rb +4 -4
- data/test/routes_test.rb +59 -59
- data/test/support/helpers.rb +4 -4
- data/test/support/integration.rb +12 -12
- data/test/test_helpers_test.rb +3 -3
- data/test/test_models.rb +5 -5
- metadata +4 -4
|
@@ -3,17 +3,17 @@ require 'test_helper'
|
|
|
3
3
|
class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
4
4
|
|
|
5
5
|
def visit_user_confirmation_with_token(confirmation_token)
|
|
6
|
-
visit user_confirmation_path(:
|
|
6
|
+
visit user_confirmation_path(confirmation_token: confirmation_token)
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def resend_confirmation
|
|
10
|
-
user = create_user(:
|
|
10
|
+
user = create_user(confirm: false)
|
|
11
11
|
ActionMailer::Base.deliveries.clear
|
|
12
12
|
|
|
13
13
|
visit new_user_session_path
|
|
14
14
|
click_link "Didn't receive confirmation instructions?"
|
|
15
15
|
|
|
16
|
-
fill_in 'email', :
|
|
16
|
+
fill_in 'email', with: user.email
|
|
17
17
|
click_button 'Resend confirmation instructions'
|
|
18
18
|
end
|
|
19
19
|
|
|
@@ -39,8 +39,8 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
|
|
42
|
-
swap Devise, :
|
|
43
|
-
user = create_user(:
|
|
42
|
+
swap Devise, confirm_within: 3.days do
|
|
43
|
+
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
|
44
44
|
assert_not user.confirmed?
|
|
45
45
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
|
46
46
|
|
|
@@ -51,8 +51,8 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
test 'user with valid confirmation token should be able to confirm an account before the token has expired' do
|
|
54
|
-
swap Devise, :
|
|
55
|
-
user = create_user(:
|
|
54
|
+
swap Devise, confirm_within: 3.days do
|
|
55
|
+
user = create_user(confirm: false, confirmation_sent_at: 2.days.ago)
|
|
56
56
|
assert_not user.confirmed?
|
|
57
57
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
|
58
58
|
|
|
@@ -65,14 +65,14 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
65
65
|
test 'user should be redirected to a custom path after confirmation' do
|
|
66
66
|
Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1")
|
|
67
67
|
|
|
68
|
-
user = create_user(:
|
|
68
|
+
user = create_user(confirm: false)
|
|
69
69
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
|
70
70
|
|
|
71
71
|
assert_current_url "/?custom=1"
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
test 'already confirmed user should not be able to confirm the account again' do
|
|
75
|
-
user = create_user(:
|
|
75
|
+
user = create_user(confirm: false)
|
|
76
76
|
user.confirmed_at = Time.now
|
|
77
77
|
user.save
|
|
78
78
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
|
@@ -82,21 +82,21 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
test 'already confirmed user should not be able to confirm the account again neither request confirmation' do
|
|
85
|
-
user = create_user(:
|
|
85
|
+
user = create_user(confirm: false)
|
|
86
86
|
user.confirmed_at = Time.now
|
|
87
87
|
user.save
|
|
88
88
|
|
|
89
89
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
|
90
90
|
assert_contain 'already confirmed'
|
|
91
91
|
|
|
92
|
-
fill_in 'email', :
|
|
92
|
+
fill_in 'email', with: user.email
|
|
93
93
|
click_button 'Resend confirmation instructions'
|
|
94
94
|
assert_contain 'already confirmed'
|
|
95
95
|
end
|
|
96
96
|
|
|
97
97
|
test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
|
|
98
|
-
swap Devise, :
|
|
99
|
-
sign_in_as_user(:
|
|
98
|
+
swap Devise, allow_unconfirmed_access_for: 0.days do
|
|
99
|
+
sign_in_as_user(confirm: false)
|
|
100
100
|
|
|
101
101
|
assert_contain 'You have to confirm your account before continuing'
|
|
102
102
|
assert_not warden.authenticated?(:user)
|
|
@@ -104,9 +104,9 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
104
104
|
end
|
|
105
105
|
|
|
106
106
|
test 'not confirmed user should not see confirmation message if invalid credentials are given' do
|
|
107
|
-
swap Devise, :
|
|
108
|
-
sign_in_as_user(:
|
|
109
|
-
fill_in 'password', :
|
|
107
|
+
swap Devise, allow_unconfirmed_access_for: 0.days do
|
|
108
|
+
sign_in_as_user(confirm: false) do
|
|
109
|
+
fill_in 'password', with: 'invalid'
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
assert_contain 'Invalid email or password'
|
|
@@ -115,8 +115,8 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
115
115
|
end
|
|
116
116
|
|
|
117
117
|
test 'not confirmed user but configured with some days to confirm should be able to sign in' do
|
|
118
|
-
swap Devise, :
|
|
119
|
-
sign_in_as_user(:
|
|
118
|
+
swap Devise, allow_unconfirmed_access_for: 1.day do
|
|
119
|
+
sign_in_as_user(confirm: false)
|
|
120
120
|
|
|
121
121
|
assert_response :success
|
|
122
122
|
assert warden.authenticated?(:user)
|
|
@@ -124,8 +124,8 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
test 'unconfirmed but signed in user should be redirected to their root path' do
|
|
127
|
-
swap Devise, :
|
|
128
|
-
user = sign_in_as_user(:
|
|
127
|
+
swap Devise, allow_unconfirmed_access_for: 1.day do
|
|
128
|
+
user = sign_in_as_user(confirm: false)
|
|
129
129
|
|
|
130
130
|
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
|
131
131
|
assert_contain 'Your account was successfully confirmed.'
|
|
@@ -134,57 +134,57 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
134
134
|
end
|
|
135
135
|
|
|
136
136
|
test 'error message is configurable by resource name' do
|
|
137
|
-
store_translations :en, :
|
|
138
|
-
:
|
|
137
|
+
store_translations :en, devise: {
|
|
138
|
+
failure: { user: { unconfirmed: "Not confirmed user" } }
|
|
139
139
|
} do
|
|
140
|
-
sign_in_as_user(:
|
|
140
|
+
sign_in_as_user(confirm: false)
|
|
141
141
|
assert_contain 'Not confirmed user'
|
|
142
142
|
end
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
|
|
146
|
-
user = create_user(:
|
|
147
|
-
post user_confirmation_path(:
|
|
146
|
+
user = create_user(confirm: false)
|
|
147
|
+
post user_confirmation_path(format: 'xml'), user: { email: user.email }
|
|
148
148
|
assert_response :success
|
|
149
149
|
assert_equal response.body, {}.to_xml
|
|
150
150
|
end
|
|
151
151
|
|
|
152
152
|
test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
|
|
153
|
-
create_user(:
|
|
154
|
-
post user_confirmation_path(:
|
|
153
|
+
create_user(confirm: false)
|
|
154
|
+
post user_confirmation_path(format: 'xml'), user: { email: 'invalid.test@test.com' }
|
|
155
155
|
assert_response :unprocessable_entity
|
|
156
156
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
157
157
|
end
|
|
158
158
|
|
|
159
159
|
test 'confirm account with valid confirmation token in XML format should return valid response' do
|
|
160
|
-
user = create_user(:
|
|
161
|
-
get user_confirmation_path(:
|
|
160
|
+
user = create_user(confirm: false)
|
|
161
|
+
get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml')
|
|
162
162
|
assert_response :success
|
|
163
163
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
|
164
164
|
end
|
|
165
165
|
|
|
166
166
|
test 'confirm account with invalid confirmation token in XML format should return invalid response' do
|
|
167
|
-
create_user(:
|
|
168
|
-
get user_confirmation_path(:
|
|
167
|
+
create_user(confirm: false)
|
|
168
|
+
get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml')
|
|
169
169
|
assert_response :unprocessable_entity
|
|
170
170
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
test 'request an account confirmation account with JSON, should return an empty JSON' do
|
|
174
|
-
user = create_user(:
|
|
174
|
+
user = create_user(confirm: false)
|
|
175
175
|
|
|
176
|
-
post user_confirmation_path, :
|
|
176
|
+
post user_confirmation_path, user: { email: user.email }, format: :json
|
|
177
177
|
assert_response :success
|
|
178
178
|
assert_equal response.body, {}.to_json
|
|
179
179
|
end
|
|
180
180
|
|
|
181
181
|
test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
|
|
182
|
-
swap Devise, :
|
|
183
|
-
user = create_user(:
|
|
182
|
+
swap Devise, paranoid: true do
|
|
183
|
+
user = create_user(confirm: false)
|
|
184
184
|
visit new_user_session_path
|
|
185
185
|
|
|
186
186
|
click_link "Didn't receive confirmation instructions?"
|
|
187
|
-
fill_in 'email', :
|
|
187
|
+
fill_in 'email', with: user.email
|
|
188
188
|
click_button 'Resend confirmation instructions'
|
|
189
189
|
|
|
190
190
|
assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
|
|
@@ -193,11 +193,11 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
193
193
|
end
|
|
194
194
|
|
|
195
195
|
test "when in paranoid mode and with a invalid e-mail, should not say that the e-mail is invalid" do
|
|
196
|
-
swap Devise, :
|
|
196
|
+
swap Devise, paranoid: true do
|
|
197
197
|
visit new_user_session_path
|
|
198
198
|
|
|
199
199
|
click_link "Didn't receive confirmation instructions?"
|
|
200
|
-
fill_in 'email', :
|
|
200
|
+
fill_in 'email', with: "idonthavethisemail@gmail.com"
|
|
201
201
|
click_button 'Resend confirmation instructions'
|
|
202
202
|
|
|
203
203
|
assert_not_contain "1 error prohibited this user from being saved:"
|
|
@@ -216,17 +216,17 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
|
|
|
216
216
|
end
|
|
217
217
|
|
|
218
218
|
def visit_admin_confirmation_with_token(confirmation_token)
|
|
219
|
-
visit admin_confirmation_path(:
|
|
219
|
+
visit admin_confirmation_path(confirmation_token: confirmation_token)
|
|
220
220
|
end
|
|
221
221
|
|
|
222
222
|
test 'admin should be able to request a new confirmation after email changed' do
|
|
223
223
|
admin = create_admin
|
|
224
|
-
admin.update_attributes(:
|
|
224
|
+
admin.update_attributes(email: 'new_test@example.com')
|
|
225
225
|
|
|
226
226
|
visit new_admin_session_path
|
|
227
227
|
click_link "Didn't receive confirmation instructions?"
|
|
228
228
|
|
|
229
|
-
fill_in 'email', :
|
|
229
|
+
fill_in 'email', with: admin.unconfirmed_email
|
|
230
230
|
assert_difference "ActionMailer::Base.deliveries.size" do
|
|
231
231
|
click_button 'Resend confirmation instructions'
|
|
232
232
|
end
|
|
@@ -237,7 +237,7 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
|
|
|
237
237
|
|
|
238
238
|
test 'admin with valid confirmation token should be able to confirm email after email changed' do
|
|
239
239
|
admin = create_admin
|
|
240
|
-
admin.update_attributes(:
|
|
240
|
+
admin.update_attributes(email: 'new_test@example.com')
|
|
241
241
|
assert_equal 'new_test@example.com', admin.unconfirmed_email
|
|
242
242
|
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
|
243
243
|
|
|
@@ -249,13 +249,13 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
|
|
|
249
249
|
|
|
250
250
|
test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do
|
|
251
251
|
admin = create_admin
|
|
252
|
-
admin.update_attributes(:
|
|
252
|
+
admin.update_attributes(email: 'first_test@example.com')
|
|
253
253
|
assert_equal 'first_test@example.com', admin.unconfirmed_email
|
|
254
254
|
|
|
255
255
|
raw_confirmation_token = admin.raw_confirmation_token
|
|
256
256
|
admin = Admin.find(admin.id)
|
|
257
257
|
|
|
258
|
-
admin.update_attributes(:
|
|
258
|
+
admin.update_attributes(email: 'second_test@example.com')
|
|
259
259
|
assert_equal 'second_test@example.com', admin.unconfirmed_email
|
|
260
260
|
|
|
261
261
|
visit_admin_confirmation_with_token(raw_confirmation_token)
|
|
@@ -271,10 +271,10 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
|
|
|
271
271
|
|
|
272
272
|
test 'admin email should be unique also within unconfirmed_email' do
|
|
273
273
|
admin = create_admin
|
|
274
|
-
admin.update_attributes(:
|
|
274
|
+
admin.update_attributes(email: 'new_admin_test@example.com')
|
|
275
275
|
assert_equal 'new_admin_test@example.com', admin.unconfirmed_email
|
|
276
276
|
|
|
277
|
-
create_second_admin(:
|
|
277
|
+
create_second_admin(email: "new_admin_test@example.com")
|
|
278
278
|
|
|
279
279
|
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
|
280
280
|
assert_have_selector '#error_explanation'
|
|
@@ -2,21 +2,21 @@ require 'test_helper'
|
|
|
2
2
|
|
|
3
3
|
class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest
|
|
4
4
|
test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
|
|
5
|
-
create_user(:
|
|
5
|
+
create_user(email: 'Foo@Bar.com')
|
|
6
6
|
|
|
7
7
|
sign_in_as_user do
|
|
8
|
-
fill_in 'email', :
|
|
8
|
+
fill_in 'email', with: 'foo@bar.com'
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
assert warden.authenticated?(:user)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
|
|
15
|
-
swap Devise, :
|
|
16
|
-
create_user(:
|
|
15
|
+
swap Devise, case_insensitive_keys: [] do
|
|
16
|
+
create_user(email: 'Foo@Bar.com')
|
|
17
17
|
|
|
18
18
|
sign_in_as_user do
|
|
19
|
-
fill_in 'email', :
|
|
19
|
+
fill_in 'email', with: 'foo@bar.com'
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
assert_not warden.authenticated?(:user)
|
|
@@ -24,21 +24,21 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
|
|
27
|
-
create_user(:
|
|
27
|
+
create_user(email: ' foo@bar.com ')
|
|
28
28
|
|
|
29
29
|
sign_in_as_user do
|
|
30
|
-
fill_in 'email', :
|
|
30
|
+
fill_in 'email', with: 'foo@bar.com'
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
assert warden.authenticated?(:user)
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
|
|
37
|
-
swap Devise, :
|
|
38
|
-
create_user(:
|
|
37
|
+
swap Devise, strip_whitespace_keys: [] do
|
|
38
|
+
create_user(email: 'foo@bar.com')
|
|
39
39
|
|
|
40
40
|
sign_in_as_user do
|
|
41
|
-
fill_in 'email', :
|
|
41
|
+
fill_in 'email', with: ' foo@bar.com '
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
assert_not warden.authenticated?(:user)
|
|
@@ -46,16 +46,16 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
test 'sign in should not authenticate if not using proper authentication keys' do
|
|
49
|
-
swap Devise, :
|
|
49
|
+
swap Devise, authentication_keys: [:username] do
|
|
50
50
|
sign_in_as_user
|
|
51
51
|
assert_not warden.authenticated?(:user)
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
test 'sign in with invalid email should return to sign in form with error message' do
|
|
56
|
-
store_translations :en, :
|
|
56
|
+
store_translations :en, devise: { failure: { admin: { not_found_in_database: 'Invalid email address' } } } do
|
|
57
57
|
sign_in_as_admin do
|
|
58
|
-
fill_in 'email', :
|
|
58
|
+
fill_in 'email', with: 'wrongemail@test.com'
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
assert_contain 'Invalid email address'
|
|
@@ -65,7 +65,7 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
65
65
|
|
|
66
66
|
test 'sign in with invalid pasword should return to sign in form with error message' do
|
|
67
67
|
sign_in_as_admin do
|
|
68
|
-
fill_in 'password', :
|
|
68
|
+
fill_in 'password', with: 'abcdef'
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
assert_contain 'Invalid email or password'
|
|
@@ -73,9 +73,9 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
73
73
|
end
|
|
74
74
|
|
|
75
75
|
test 'error message is configurable by resource name' do
|
|
76
|
-
store_translations :en, :
|
|
76
|
+
store_translations :en, devise: { failure: { admin: { invalid: "Invalid credentials" } } } do
|
|
77
77
|
sign_in_as_admin do
|
|
78
|
-
fill_in 'password', :
|
|
78
|
+
fill_in 'password', with: 'abcdef'
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
assert_contain 'Invalid credentials'
|
|
@@ -2,7 +2,7 @@ require 'test_helper'
|
|
|
2
2
|
|
|
3
3
|
class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
4
4
|
test 'handles unverified requests gets rid of caches but continues signed in' do
|
|
5
|
-
swap ApplicationController, :
|
|
5
|
+
swap ApplicationController, allow_forgery_protection: true do
|
|
6
6
|
create_user
|
|
7
7
|
post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
|
|
8
8
|
assert warden.authenticated?(:user)
|
|
@@ -16,18 +16,18 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
16
16
|
assert_match '<email>user@test.com</email>', response.body
|
|
17
17
|
assert warden.authenticated?(:user)
|
|
18
18
|
|
|
19
|
-
get users_path(:
|
|
19
|
+
get users_path(format: :xml)
|
|
20
20
|
assert_response 200
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
|
|
24
|
-
swap Devise, :
|
|
24
|
+
swap Devise, skip_session_storage: [:http_auth] do
|
|
25
25
|
sign_in_as_new_user_with_http
|
|
26
26
|
assert_response 200
|
|
27
27
|
assert_match '<email>user@test.com</email>', response.body
|
|
28
28
|
assert warden.authenticated?(:user)
|
|
29
29
|
|
|
30
|
-
get users_path(:
|
|
30
|
+
get users_path(format: :xml)
|
|
31
31
|
assert_response 401
|
|
32
32
|
end
|
|
33
33
|
end
|
|
@@ -46,7 +46,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
test 'returns a custom response with www-authenticate and chosen realm' do
|
|
49
|
-
swap Devise, :
|
|
49
|
+
swap Devise, http_authentication_realm: "MyApp" do
|
|
50
50
|
sign_in_as_new_user_with_http("unknown")
|
|
51
51
|
assert_equal 401, status
|
|
52
52
|
assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
|
|
@@ -54,7 +54,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
test 'sign in should authenticate with http even with specific authentication keys' do
|
|
57
|
-
swap Devise, :
|
|
57
|
+
swap Devise, authentication_keys: [:username] do
|
|
58
58
|
sign_in_as_new_user_with_http("usertest")
|
|
59
59
|
assert_response :success
|
|
60
60
|
assert_match '<email>user@test.com</email>', response.body
|
|
@@ -63,7 +63,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
test 'it uses appropriate authentication_keys when configured with hash' do
|
|
66
|
-
swap Devise, :
|
|
66
|
+
swap Devise, authentication_keys: ActiveSupport::OrderedHash[:username, false, :email, false] do
|
|
67
67
|
sign_in_as_new_user_with_http("usertest")
|
|
68
68
|
assert_response :success
|
|
69
69
|
assert_match '<email>user@test.com</email>', response.body
|
|
@@ -72,7 +72,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
test 'it uses the appropriate key when configured explicitly' do
|
|
75
|
-
swap Devise, :
|
|
75
|
+
swap Devise, authentication_keys: ActiveSupport::OrderedHash[:email, false, :username, false], http_authentication_key: :username do
|
|
76
76
|
sign_in_as_new_user_with_http("usertest")
|
|
77
77
|
assert_response :success
|
|
78
78
|
assert_match '<email>user@test.com</email>', response.body
|
|
@@ -81,7 +81,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
|
|
84
|
-
swap Devise, :
|
|
84
|
+
swap Devise, http_authenticatable: true do
|
|
85
85
|
add_oauth2_header
|
|
86
86
|
assert_equal 401, status
|
|
87
87
|
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
|
|
@@ -92,14 +92,14 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
92
92
|
|
|
93
93
|
def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
|
|
94
94
|
user = create_user
|
|
95
|
-
get users_path(:
|
|
95
|
+
get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
|
|
96
96
|
user
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
# Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
|
|
100
100
|
def add_oauth2_header
|
|
101
101
|
user = create_user
|
|
102
|
-
get users_path(:
|
|
102
|
+
get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
|
|
103
103
|
end
|
|
104
104
|
|
|
105
105
|
end
|
|
@@ -3,18 +3,18 @@ require 'test_helper'
|
|
|
3
3
|
class LockTest < ActionDispatch::IntegrationTest
|
|
4
4
|
|
|
5
5
|
def visit_user_unlock_with_token(unlock_token)
|
|
6
|
-
visit user_unlock_path(:
|
|
6
|
+
visit user_unlock_path(unlock_token: unlock_token)
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def send_unlock_request
|
|
10
|
-
user = create_user(:
|
|
10
|
+
user = create_user(locked: true)
|
|
11
11
|
ActionMailer::Base.deliveries.clear
|
|
12
12
|
|
|
13
13
|
visit new_user_session_path
|
|
14
14
|
click_link "Didn't receive unlock instructions?"
|
|
15
15
|
|
|
16
16
|
Devise.stubs(:friendly_token).returns("abcdef")
|
|
17
|
-
fill_in 'email', :
|
|
17
|
+
fill_in 'email', with: user.email
|
|
18
18
|
click_button 'Resend unlock instructions'
|
|
19
19
|
end
|
|
20
20
|
|
|
@@ -39,13 +39,13 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
test 'unlocked user should not be able to request a unlock token' do
|
|
42
|
-
user = create_user(:
|
|
42
|
+
user = create_user(locked: false)
|
|
43
43
|
ActionMailer::Base.deliveries.clear
|
|
44
44
|
|
|
45
45
|
visit new_user_session_path
|
|
46
46
|
click_link "Didn't receive unlock instructions?"
|
|
47
47
|
|
|
48
|
-
fill_in 'email', :
|
|
48
|
+
fill_in 'email', with: user.email
|
|
49
49
|
click_button 'Resend unlock instructions'
|
|
50
50
|
|
|
51
51
|
assert_template 'unlocks/new'
|
|
@@ -89,60 +89,60 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
89
89
|
end
|
|
90
90
|
|
|
91
91
|
test "user should not send a new e-mail if already locked" do
|
|
92
|
-
user = create_user(:
|
|
92
|
+
user = create_user(locked: true)
|
|
93
93
|
user.failed_attempts = User.maximum_attempts + 1
|
|
94
94
|
user.save!
|
|
95
95
|
|
|
96
96
|
ActionMailer::Base.deliveries.clear
|
|
97
97
|
|
|
98
|
-
sign_in_as_user(:
|
|
98
|
+
sign_in_as_user(password: "invalid")
|
|
99
99
|
assert_contain 'Your account is locked.'
|
|
100
100
|
assert ActionMailer::Base.deliveries.empty?
|
|
101
101
|
end
|
|
102
102
|
|
|
103
103
|
test 'error message is configurable by resource name' do
|
|
104
|
-
store_translations :en, :
|
|
105
|
-
:
|
|
104
|
+
store_translations :en, devise: {
|
|
105
|
+
failure: {user: {locked: "You are locked!"}}
|
|
106
106
|
} do
|
|
107
107
|
|
|
108
|
-
user = create_user(:
|
|
108
|
+
user = create_user(locked: true)
|
|
109
109
|
user.failed_attempts = User.maximum_attempts + 1
|
|
110
110
|
user.save!
|
|
111
111
|
|
|
112
|
-
sign_in_as_user(:
|
|
112
|
+
sign_in_as_user(password: "invalid")
|
|
113
113
|
assert_contain "You are locked!"
|
|
114
114
|
end
|
|
115
115
|
end
|
|
116
116
|
|
|
117
117
|
test "user should not be able to sign in when locked" do
|
|
118
|
-
store_translations :en, :
|
|
119
|
-
:
|
|
118
|
+
store_translations :en, devise: {
|
|
119
|
+
failure: {user: {locked: "You are locked!"}}
|
|
120
120
|
} do
|
|
121
121
|
|
|
122
|
-
user = create_user(:
|
|
122
|
+
user = create_user(locked: true)
|
|
123
123
|
user.failed_attempts = User.maximum_attempts + 1
|
|
124
124
|
user.save!
|
|
125
125
|
|
|
126
|
-
sign_in_as_user(:
|
|
126
|
+
sign_in_as_user(password: "123456")
|
|
127
127
|
assert_contain "You are locked!"
|
|
128
128
|
end
|
|
129
129
|
end
|
|
130
130
|
|
|
131
131
|
test 'user should be able to request a new unlock token via XML request' do
|
|
132
|
-
user = create_user(:
|
|
132
|
+
user = create_user(locked: true)
|
|
133
133
|
ActionMailer::Base.deliveries.clear
|
|
134
134
|
|
|
135
|
-
post user_unlock_path(:
|
|
135
|
+
post user_unlock_path(format: 'xml'), user: {email: user.email}
|
|
136
136
|
assert_response :success
|
|
137
137
|
assert_equal response.body, {}.to_xml
|
|
138
138
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
|
139
139
|
end
|
|
140
140
|
|
|
141
141
|
test 'unlocked user should not be able to request a unlock token via XML request' do
|
|
142
|
-
user = create_user(:
|
|
142
|
+
user = create_user(locked: false)
|
|
143
143
|
ActionMailer::Base.deliveries.clear
|
|
144
144
|
|
|
145
|
-
post user_unlock_path(:
|
|
145
|
+
post user_unlock_path(format: 'xml'), user: {email: user.email}
|
|
146
146
|
assert_response :unprocessable_entity
|
|
147
147
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
148
148
|
assert_equal 0, ActionMailer::Base.deliveries.size
|
|
@@ -152,33 +152,33 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
152
152
|
user = create_user()
|
|
153
153
|
raw = user.lock_access!
|
|
154
154
|
assert user.access_locked?
|
|
155
|
-
get user_unlock_path(:
|
|
155
|
+
get user_unlock_path(format: 'xml', unlock_token: raw)
|
|
156
156
|
assert_response :success
|
|
157
157
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
|
158
158
|
end
|
|
159
159
|
|
|
160
160
|
|
|
161
161
|
test 'user with invalid unlock token should not be able to unlock the account via XML request' do
|
|
162
|
-
get user_unlock_path(:
|
|
162
|
+
get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
|
|
163
163
|
assert_response :unprocessable_entity
|
|
164
164
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
165
165
|
end
|
|
166
166
|
|
|
167
167
|
test "when using json to ask a unlock request, should not return the user" do
|
|
168
|
-
user = create_user(:
|
|
169
|
-
post user_unlock_path(:
|
|
168
|
+
user = create_user(locked: true)
|
|
169
|
+
post user_unlock_path(format: "json", user: {email: user.email})
|
|
170
170
|
assert_response :success
|
|
171
171
|
assert_equal response.body, {}.to_json
|
|
172
172
|
end
|
|
173
173
|
|
|
174
174
|
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
|
|
175
|
-
swap Devise, :
|
|
176
|
-
user = create_user(:
|
|
175
|
+
swap Devise, paranoid: true do
|
|
176
|
+
user = create_user(locked: true)
|
|
177
177
|
|
|
178
178
|
visit new_user_session_path
|
|
179
179
|
click_link "Didn't receive unlock instructions?"
|
|
180
180
|
|
|
181
|
-
fill_in 'email', :
|
|
181
|
+
fill_in 'email', with: user.email
|
|
182
182
|
click_button 'Resend unlock instructions'
|
|
183
183
|
|
|
184
184
|
assert_current_url "/users/sign_in"
|
|
@@ -187,13 +187,13 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
187
187
|
end
|
|
188
188
|
|
|
189
189
|
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
|
|
190
|
-
swap Devise, :
|
|
191
|
-
user = create_user(:
|
|
190
|
+
swap Devise, paranoid: true do
|
|
191
|
+
user = create_user(locked: false)
|
|
192
192
|
|
|
193
193
|
visit new_user_session_path
|
|
194
194
|
click_link "Didn't receive unlock instructions?"
|
|
195
195
|
|
|
196
|
-
fill_in 'email', :
|
|
196
|
+
fill_in 'email', with: user.email
|
|
197
197
|
click_button 'Resend unlock instructions'
|
|
198
198
|
|
|
199
199
|
assert_current_url "/users/sign_in"
|
|
@@ -202,11 +202,11 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
|
|
205
|
-
swap Devise, :
|
|
205
|
+
swap Devise, paranoid: true do
|
|
206
206
|
visit new_user_session_path
|
|
207
207
|
click_link "Didn't receive unlock instructions?"
|
|
208
208
|
|
|
209
|
-
fill_in 'email', :
|
|
209
|
+
fill_in 'email', with: "arandomemail@hotmail.com"
|
|
210
210
|
click_button 'Resend unlock instructions'
|
|
211
211
|
|
|
212
212
|
assert_not_contain "1 error prohibited this user from being saved:"
|
|
@@ -219,16 +219,16 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
219
219
|
end
|
|
220
220
|
|
|
221
221
|
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
|
|
222
|
-
swap Devise, :
|
|
223
|
-
user = create_user(:
|
|
222
|
+
swap Devise, paranoid: true, maximum_attempts: 1 do
|
|
223
|
+
user = create_user(locked: false)
|
|
224
224
|
|
|
225
225
|
visit new_user_session_path
|
|
226
|
-
fill_in 'email', :
|
|
227
|
-
fill_in 'password', :
|
|
226
|
+
fill_in 'email', with: user.email
|
|
227
|
+
fill_in 'password', with: "abadpassword"
|
|
228
228
|
click_button 'Sign in'
|
|
229
229
|
|
|
230
|
-
fill_in 'email', :
|
|
231
|
-
fill_in 'password', :
|
|
230
|
+
fill_in 'email', with: user.email
|
|
231
|
+
fill_in 'password', with: "abadpassword"
|
|
232
232
|
click_button 'Sign in'
|
|
233
233
|
|
|
234
234
|
assert_current_url "/users/sign_in"
|