devise 3.2.4 → 4.0.0

data/test/models/recoverable_test.rb

@@ -23,13 +23,13 @@ class RecoverableTest < ActiveSupport::TestCase
 
   test 'should reset password and password confirmation from params' do
     user = create_user
-    user.reset_password!('123456789', '987654321')
+    user.reset_password('123456789', '987654321')
     assert_equal '123456789', user.password
     assert_equal '987654321', user.password_confirmation
   end
 
   test 'should reset password and save the record' do
-    assert create_user.reset_password!('123456789', '123456789')
+    assert create_user.reset_password('123456789', '123456789')
   end
 
   test 'should clear reset password token while reseting the password' do
@@ -38,7 +38,53 @@ class RecoverableTest < ActiveSupport::TestCase
 
     user.send_reset_password_instructions
     assert_present user.reset_password_token
-    assert user.reset_password!('123456789', '123456789')
+    assert user.reset_password('123456789', '123456789')
+    assert_nil user.reset_password_token
+  end
+
+  test 'should not clear reset password token for new user' do
+    user = new_user
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+
+    user.save
+    assert_present user.reset_password_token
+  end
+
+  test 'should clear reset password token if changing password' do
+    user = create_user
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.password = "123456678"
+    user.password_confirmation = "123456678"
+    user.save!
+    assert_nil user.reset_password_token
+  end
+
+  test 'should clear reset password token if changing email' do
+    user = create_user
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.email = "another@example.com"
+    user.save!
+    assert_nil user.reset_password_token
+  end
+
+  test 'should clear reset password successfully even if there is no email' do
+    user = create_user_without_email
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.password = "123456678"
+    user.password_confirmation = "123456678"
+    user.save!
     assert_nil user.reset_password_token
   end
 
@@ -46,14 +92,14 @@ class RecoverableTest < ActiveSupport::TestCase
     user = create_user
     user.send_reset_password_instructions
     assert_present user.reset_password_token
-    assert_not user.reset_password!('123456789', '987654321')
+    assert_not user.reset_password('123456789', '987654321')
     assert_present user.reset_password_token
   end
 
   test 'should not reset password with invalid data' do
     user = create_user
     user.stubs(:valid?).returns(false)
-    assert_not user.reset_password!('123456789', '987654321')
+    assert_not user.reset_password('123456789', '987654321')
   end
 
   test 'should reset reset password token and send instructions by email' do
@@ -135,6 +181,7 @@ class RecoverableTest < ActiveSupport::TestCase
     reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '')
     assert_not reset_password_user.errors.empty?
     assert_match "can't be blank", reset_password_user.errors[:password].join
+    assert_equal raw, reset_password_user.reset_password_token
   end
 
   test 'should reset successfully user password given the new password and confirmation' do
@@ -142,15 +189,17 @@ class RecoverableTest < ActiveSupport::TestCase
     old_password = user.password
     raw  = user.send_reset_password_instructions
 
-    User.reset_password_by_token(
+    reset_password_user = User.reset_password_by_token(
       reset_password_token: raw,
       password: 'new_password',
       password_confirmation: 'new_password'
     )
-    user.reload
+    assert_nil reset_password_user.reset_password_token
 
+    user.reload
     assert_not user.valid_password?(old_password)
     assert user.valid_password?('new_password')
+    assert_nil user.reset_password_token
   end
 
   test 'should not reset password after reset_password_within time' do
@@ -181,4 +230,22 @@ class RecoverableTest < ActiveSupport::TestCase
       :reset_password_token
     ]
   end
+
+  test 'should return a user based on the raw token' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+
+    assert_equal User.with_reset_password_token(raw), user
+  end
+
+  test 'should return the same reset password token as generated' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+    assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
+  end
+
+  test 'should return nil if a user based on the raw token is not found' do
+    assert_equal User.with_reset_password_token('random-token'), nil
+  end
+
 end

data/test/models/rememberable_test.rb

@@ -13,6 +13,7 @@ class RememberableTest < ActiveSupport::TestCase
     user = create_user
     user.expects(:valid?).never
     user.remember_me!
+    assert user.remember_created_at
   end
 
   test 'forget_me should not clear remember token if using salt' do
@@ -33,145 +34,118 @@ class RememberableTest < ActiveSupport::TestCase
   test 'serialize into cookie' do
     user = create_user
     user.remember_me!
-    assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
+    id, token, date = User.serialize_into_cookie(user)
+    assert_equal id, user.to_key
+    assert_equal token, user.authenticatable_salt
+    assert date.is_a?(String)
   end
 
   test 'serialize from cookie' do
     user = create_user
     user.remember_me!
-    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
+    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc)
   end
 
-  test 'raises a RuntimeError if authenticatable_salt is nil' do
-    user = User.new
-    user.encrypted_password = nil
-    assert_raise RuntimeError do
-      user.rememberable_value
-    end
+  test 'serialize from cookie should accept a String with the datetime seconds and microseconds' do
+    user = create_user
+    user.remember_me!
+    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc.to_f.to_json)
   end
 
-  test 'should respond to remember_me attribute' do
-    assert resource_class.new.respond_to?(:remember_me)
-    assert resource_class.new.respond_to?(:remember_me=)
+  test 'serialize from cookie should return nil with invalid datetime' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, "2013")
   end
 
-  test 'forget_me should clear remember_created_at' do
-    resource = create_resource
-    resource.remember_me!
-    assert_not resource.remember_created_at.nil?
-    resource.forget_me!
-    assert resource.remember_created_at.nil?
+  test 'serialize from cookie should return nil if no resource is found' do
+    assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc)
   end
 
-  test 'forget_me should not try to update resource if it has been destroyed' do
-    resource = create_resource
-    resource.expects(:remember_created_at).never
-    resource.expects(:save).never
-
-    resource.destroy
-    resource.forget_me!
+  test 'serialize from cookie should return nil if no timestamp' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
   end
 
-  test 'remember is expired if not created at timestamp is set' do
-    assert create_resource.remember_expired?
+  test 'serialize from cookie should return nil if timestamp is earlier than token creation' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 1.day.ago)
   end
 
-  test 'serialize should return nil if no resource is found' do
-    assert_nil resource_class.serialize_from_cookie([0], "123")
+  test 'serialize from cookie should return nil if timestamp is older than remember_for' do
+    user = create_user
+    user.remember_created_at = 1.month.ago
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 3.weeks.ago)
   end
 
-  test 'remember me return nil if is a valid resource with invalid token' do
-    resource = create_resource
-    assert_nil resource_class.serialize_from_cookie([resource.id], "123")
+  test 'serialize from cookie me return nil if is a valid resource with invalid token' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc)
   end
 
-  test 'remember for should fallback to devise remember for default configuration' do
-    swap Devise, remember_for: 1.day do
-      resource = create_resource
-      resource.remember_me!
-      assert_not resource.remember_expired?
+  test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
+    user = User.new
+    def user.authenticable_salt; nil; end
+    assert_raise RuntimeError do
+      user.rememberable_value
     end
-  end
 
-  test 'remember expires at should sum date of creation with remember for configuration' do
-    swap Devise, remember_for: 3.days do
-      resource = create_resource
-      resource.remember_me!
-      assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date
-
-      Devise.remember_for = 5.days
-      assert_equal 5.days.from_now.to_date, resource.remember_expires_at.to_date
+    user = User.new
+    def user.authenticable_salt; ""; end
+    assert_raise RuntimeError do
+      user.rememberable_value
     end
   end
 
-  test 'remember should be expired if remember_for is zero' do
-    swap Devise, remember_for: 0.days do
-      Devise.remember_for = 0.days
-      resource = create_resource
-      resource.remember_me!
-      assert resource.remember_expired?
-    end
+  test 'should respond to remember_me attribute' do
+    assert resource_class.new.respond_to?(:remember_me)
+    assert resource_class.new.respond_to?(:remember_me=)
   end
 
-  test 'remember should be expired if it was created before limit time' do
-    swap Devise, remember_for: 1.day do
+  test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do
+    swap Devise, expire_all_remember_me_on_sign_out: true do
       resource = create_resource
       resource.remember_me!
-      resource.remember_created_at = 2.days.ago
-      resource.save
-      assert resource.remember_expired?
-    end
-  end
+      assert_not_nil resource.remember_created_at
 
-  test 'remember should not be expired if it was created within the limit time' do
-    swap Devise, remember_for: 30.days do
-      resource = create_resource
-      resource.remember_me!
-      resource.remember_created_at = (30.days.ago + 2.minutes)
-      resource.save
-      assert_not resource.remember_expired?
+      resource.forget_me!
+      assert_nil resource.remember_created_at
     end
   end
 
-  test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do
-    swap Devise, remember_for: 5.minutes do
+  test 'forget_me should not clear remember_created_at if expire_all_remember_me_on_sign_out is false' do
+    swap Devise, expire_all_remember_me_on_sign_out: false do
       resource = create_resource
-      resource.remember_me!(false)
-      assert resource.remember_created_at
+      resource.remember_me!
 
-      resource.remember_created_at = old = 10.minutes.ago
-      resource.save
+      assert_not_nil resource.remember_created_at
 
-      resource.remember_me!(false)
-      assert_not_equal old.to_i, resource.remember_created_at.to_i
+      resource.forget_me!
+      assert_not_nil resource.remember_created_at
     end
   end
 
-  test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do
-    swap Devise, remember_for: 1.year do
-      resource = create_resource
-      resource.remember_me!(false)
-      assert resource.remember_created_at
-
-      resource.remember_created_at = old = 10.minutes.ago.utc
-      resource.save
+  test 'forget_me should not try to update resource if it has been destroyed' do
+    resource = create_resource
+    resource.expects(:remember_created_at).never
+    resource.expects(:save).never
 
-      resource.remember_me!(false)
-      assert_equal old.to_i, resource.remember_created_at.to_i
-    end
+    resource.destroy
+    resource.forget_me!
   end
 
-  test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do
-    swap Devise, remember_for: 1.year do
+  test 'remember expires at uses remember for configuration' do
+    swap Devise, remember_for: 3.days do
       resource = create_resource
-      resource.remember_me!(true)
-      assert resource.remember_created_at
-
-      resource.remember_created_at = old = 10.minutes.ago
-      resource.save
+      resource.remember_me!
+      assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date
 
-      resource.remember_me!(true)
-      assert_not_equal old, resource.remember_created_at
+      Devise.remember_for = 5.days
+      assert_equal 5.days.from_now.to_date, resource.remember_expires_at.to_date
     end
   end
 

data/test/models/trackable_test.rb

@@ -10,4 +10,32 @@ class TrackableTest < ActiveSupport::TestCase
       :sign_in_count
     ]
   end
+
+  test 'update_tracked_fields should only set attributes but not save the record' do
+    user = create_user
+    request = mock
+    request.stubs(:remote_ip).returns("127.0.0.1")
+
+    assert_nil user.current_sign_in_ip
+    assert_nil user.last_sign_in_ip
+    assert_nil user.current_sign_in_at
+    assert_nil user.last_sign_in_at
+    assert_equal 0, user.sign_in_count
+
+    user.update_tracked_fields(request)
+
+    assert_equal "127.0.0.1", user.current_sign_in_ip
+    assert_equal "127.0.0.1", user.last_sign_in_ip
+    assert_not_nil user.current_sign_in_at
+    assert_not_nil user.last_sign_in_at
+    assert_equal 1, user.sign_in_count
+
+    user.reload
+
+    assert_nil user.current_sign_in_ip
+    assert_nil user.last_sign_in_ip
+    assert_nil user.current_sign_in_at
+    assert_nil user.last_sign_in_at
+    assert_equal 0, user.sign_in_count
+  end
 end

data/test/models/validatable_test.rb

@@ -57,11 +57,7 @@ class ValidatableTest < ActiveSupport::TestCase
     user = new_user(password: 'new_password', password_confirmation: 'blabla')
     assert user.invalid?
 
-    if Devise.rails4?
-      assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
-    else
-      assert_equal 'doesn\'t match confirmation', user.errors[:password].join
-    end
+    assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
   end
 
   test 'should require password when updating/resetting password' do
@@ -79,23 +75,19 @@ class ValidatableTest < ActiveSupport::TestCase
     user.password_confirmation = 'another_password'
     assert user.invalid?
 
-    if Devise.rails4?
-      assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
-    else
-      assert_equal 'doesn\'t match confirmation', user.errors[:password].join
-    end
+    assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
   end
 
-  test 'should require a password with minimum of 6 characters' do
+  test 'should require a password with minimum of 7 characters' do
     user = new_user(password: '12345', password_confirmation: '12345')
     assert user.invalid?
-    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
+    assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join
   end
 
-  test 'should require a password with maximum of 128 characters long' do
-    user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
+  test 'should require a password with maximum of 72 characters long' do
+    user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
     assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+    assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
   end
 
   test 'should not require password length when it\'s not changed' do
@@ -109,10 +101,10 @@ class ValidatableTest < ActiveSupport::TestCase
   end
 
   test 'should complain about length even if password is not required' do
-    user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
+    user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
     user.stubs(:password_required?).returns(false)
     assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+    assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
   end
 
   test 'should not be included in objects with invalid API' do

data/test/models_test.rb

@@ -92,13 +92,20 @@ class ActiveRecordTest < ActiveSupport::TestCase
   end
 end
 
+module StubModelFilters
+  def stub_filter(name)
+    define_singleton_method(name) { |*| nil }
+  end
+end
+
 class CheckFieldsTest < ActiveSupport::TestCase
   test 'checks if the class respond_to the required fields' do
     Player = Class.new do
       extend Devise::Models
+      extend StubModelFilters
 
-      def self.before_validation(instance)
-      end
+      stub_filter :before_validation
+      stub_filter :after_update
 
       devise :database_authenticatable
 
@@ -113,9 +120,10 @@ class CheckFieldsTest < ActiveSupport::TestCase
   test 'raises Devise::Models::MissingAtrribute and shows the missing attribute if the class doesn\'t respond_to one of the attributes' do
     Clown = Class.new do
       extend Devise::Models
+      extend StubModelFilters
 
-      def self.before_validation(instance)
-      end
+      stub_filter :before_validation
+      stub_filter :after_update
 
       devise :database_authenticatable
 
@@ -130,9 +138,10 @@ class CheckFieldsTest < ActiveSupport::TestCase
   test 'raises Devise::Models::MissingAtrribute with all the missing attributes if there is more than one' do
     Magician = Class.new do
       extend Devise::Models
+      extend StubModelFilters
 
-      def self.before_validation(instance)
-      end
+      stub_filter :before_validation
+      stub_filter :after_update
 
       devise :database_authenticatable
     end

data/test/omniauth/url_helpers_test.rb

@@ -1,24 +1,21 @@
 require 'test_helper'
 
 class OmniAuthRoutesTest < ActionController::TestCase
-  ExpectedUrlGeneratiorError = Devise.rails4? ?
-    ActionController::UrlGenerationError : ActionController::RoutingError
-
   tests ApplicationController
 
   def assert_path(action, provider, with_param=true)
     # Resource param
     assert_equal @controller.send(action, :user, provider),
-                 @controller.send("user_#{action}", provider)
+                 @controller.send("user_#{provider}_#{action}")
 
     # With an object
     assert_equal @controller.send(action, User.new, provider),
-                 @controller.send("user_#{action}", provider)
+                 @controller.send("user_#{provider}_#{action}")
 
     if with_param
       # Default url params
       assert_equal @controller.send(action, :user, provider, param: 123),
-                   @controller.send("user_#{action}", provider, param: 123)
+                   @controller.send("user_#{provider}_#{action}", param: 123)
     end
   end
 
@@ -33,7 +30,7 @@ class OmniAuthRoutesTest < ActionController::TestCase
   test 'should generate authorization path' do
     assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
 
-    assert_raise ExpectedUrlGeneratiorError do
+    assert_raise NoMethodError do
       @controller.omniauth_authorize_path(:user, :github)
     end
   end

data/test/orm/active_record.rb

@@ -5,6 +5,11 @@ ActiveRecord::Base.include_root_in_json = true
 ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__))
 
 class ActiveSupport::TestCase
-  self.use_transactional_fixtures = true
+  if Rails.version >= '5.0.0'
+    self.use_transactional_tests = true
+  else
+    self.use_transactional_fixtures = true
+  end
+
   self.use_instantiated_fixtures  = false
 end