devise 3.2.4 → 4.0.0

data/test/rails_app/config/initializers/devise.rb

@@ -12,6 +12,8 @@ Devise.setup do |config|
   # note that it will be overwritten if you use your own mailer class with default "from" parameter.
   config.mailer_sender = "please-change-me@config-initializers-devise.com"
 
+
+  config.parent_controller = "ApplicationWithFakeEngine"
   # Configure the class responsible to send e-mails.
   # config.mailer = "Devise::Mailer"
 
@@ -29,7 +31,7 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # You can also supply hash where the value is a boolean expliciting if authentication
   # should be aborted or not if the value is not present. By default is empty.
-  # config.authentication_keys = [ :email ]
+  # config.authentication_keys = [:email]
 
   # Configure parameters from the request object used for authentication. Each entry
   # given should be a request method and it will automatically be passed to
@@ -41,12 +43,12 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [:email]
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email ]
+  config.strip_whitespace_keys = [:email]
 
   # Tell if authentication through request.params is enabled. True by default.
   # config.params_authenticatable = true
@@ -75,21 +77,18 @@ Devise.setup do |config|
   # config.allow_unconfirmed_access_for = 2.days
 
   # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
+  # config.confirmation_keys = [:email]
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
 
-  # If true, a valid remember token can be re-used between multiple browsers.
-  # config.remember_across_browsers = true
-
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
-  # config.password_length = 8..128
+  # Range for password length. Default is 8..72.
+  # config.password_length = 8..72
 
   # Regex to use to validate the email address
   # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
@@ -106,7 +105,7 @@ Devise.setup do |config|
   # config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
+  # config.unlock_keys = [:email]
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
@@ -125,19 +124,19 @@ Devise.setup do |config|
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
+  # config.reset_password_keys = [:email]
 
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
   config.reset_password_within = 2.hours
 
-  # Setup a pepper to generate the encrypted password.
-  config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  # config.sign_in_after_reset_password = true
 
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
+  # Set up a pepper to generate the encrypted password.
+  config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
 
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for

data/test/rails_app/config/initializers/secret_token.rb

@@ -1,8 +1,3 @@
 config = Rails.application.config
 
-if Devise.rails4?
-  config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'
-else
-  config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571'
-  config.session_store :cookie_store, key: "_my_app"
-end
+config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'

data/test/rails_app/config/routes.rb

@@ -13,19 +13,35 @@ Rails.application.routes.draw do
     end
   end
 
-  resources :admins, only: [:index] do
-    get :expire, on: :member
-  end
+  resources :admins, only: [:index]
 
   # Users scope
   devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }
 
+  devise_for :user_on_main_apps,
+    class_name: 'UserOnMainApp',
+    router_name: :main_app,
+    module: :devise
+
+  devise_for :user_on_engines,
+    class_name: 'UserOnEngine',
+    router_name: :fake_engine,
+    module: :devise
+
+  devise_for :user_without_email,
+    class_name: 'UserWithoutEmail',
+    router_name: :main_app,
+    module: :devise
+
   as :user do
     get "/as/sign_in", to: "devise/sessions#new"
   end
 
   get "/sign_in", to: "devise/sessions#new"
 
+  # Routes for custom controller testing
+  devise_for :user, only: [:registrations], controllers: { registrations: "custom/registrations" }, as: :custom, path: :custom
+
   # Admin scope
   devise_for :admin, path: "admin_area", controllers: { sessions: :"admins/sessions" }, skip: :passwords
 
@@ -63,6 +79,10 @@ Rails.application.routes.draw do
     devise_for :homebase_admin, class_name: "Admin", path: "homebase"
   end
 
+  scope(subdomain: 'sub') do
+    devise_for :subdomain_users, class_name: "User", only: [:sessions]
+  end
+
   devise_for :skip_admin, class_name: "Admin", skip: :all
 
   # Routes for format=false testing

data/test/rails_app/db/migrate/20100401102949_create_tables.rb

@@ -33,7 +33,7 @@ class CreateTables < ActiveRecord::Migration
       t.string   :unlock_token # Only if unlock strategy is :email or :both
       t.datetime :locked_at
 
-      t.timestamps
+      t.timestamps null: false
     end
 
     create_table :admins do |t|
@@ -60,7 +60,7 @@ class CreateTables < ActiveRecord::Migration
       ## Attribute for testing route blocks
       t.boolean :active, default: false
 
-      t.timestamps
+      t.timestamps null: false
     end
   end
 

data/test/rails_app/lib/shared_user.rb

@@ -4,7 +4,7 @@ module SharedUser
   included do
     devise :database_authenticatable, :confirmable, :lockable, :recoverable,
            :registerable, :rememberable, :timeoutable,
-           :trackable, :validatable, :omniauthable
+           :trackable, :validatable, :omniauthable, password_length: 7..72
 
     attr_accessor :other_key
 

data/test/rails_app/lib/shared_user_without_email.rb

@@ -0,0 +1,26 @@
+module SharedUserWithoutEmail
+  extend ActiveSupport::Concern
+
+  included do
+    # NOTE: This is missing :validatable and :confirmable, as they both require
+    # an email field at the moment. It is also missing :omniauthable because that
+    # adds unnecessary complexity to the setup
+    devise :database_authenticatable, :lockable, :recoverable,
+           :registerable, :rememberable, :timeoutable,
+           :trackable
+  end
+
+  # This test stub is a bit rubbish because it's tied very closely to the
+  # implementation where we care about this one case. However, completely
+  # removing the email field breaks "recoverable" tests completely, so we are
+  # just taking the approach here that "email" is something that is a not an
+  # ActiveRecord field.
+  def email_changed?
+    raise NoMethodError
+  end
+
+  def respond_to?(method_name, include_all=false)
+    return false if method_name.to_sym == :email_changed?
+    super(method_name, include_all)
+  end
+end

data/test/rails_app/lib/shared_user_without_omniauth.rb

@@ -0,0 +1,13 @@
+module SharedUserWithoutOmniauth
+  extend ActiveSupport::Concern
+
+  included do
+    devise :database_authenticatable, :confirmable, :lockable, :recoverable,
+      :registerable, :rememberable, :timeoutable,
+      :trackable, :validatable
+  end
+
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+end

data/test/rails_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class RailsTest < ActiveSupport::TestCase
+  test 'correct initializer position' do
+    initializer = Devise::Engine.initializers.detect { |i| i.name == 'devise.omniauth' }
+    assert_equal :load_config_initializers, initializer.after
+    assert_equal :build_middleware_stack, initializer.before
+  end
+end

data/test/routes_test.rb

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-ExpectedRoutingError = Devise.rails4? ? MiniTest::Assertion : ActionController::RoutingError
+ExpectedRoutingError = MiniTest::Assertion
 
 class DefaultRoutingTest < ActionController::TestCase
   test 'map new user session' do
@@ -96,12 +96,12 @@ class DefaultRoutingTest < ActionController::TestCase
   test 'map omniauth callbacks' do
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :get})
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :post})
-    assert_named_route "/users/auth/facebook/callback", :user_omniauth_callback_path, :facebook
+    assert_named_route "/users/auth/facebook/callback", :user_facebook_omniauth_callback_path
 
     # named open_id
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :get})
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :post})
-    assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google
+    assert_named_route "/users/auth/google/callback", :user_google_omniauth_callback_path
 
     assert_raise ExpectedRoutingError do
       assert_recognizes({controller: 'ysers/omniauth_callbacks', action: 'twitter'}, {path: 'users/auth/twitter/callback', method: :get})
@@ -202,37 +202,52 @@ class CustomizedRoutingTest < ActionController::TestCase
   end
 
   test 'map with format false for sessions' do
-    assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in', method: :get})
+    expected_params = {controller: 'devise/sessions', action: 'new'}
+    expected_params[:format] = false if Devise.rails5?
+
+    assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in.xml', method: :get})
     end
   end
 
   test 'map with format false for passwords' do
-    assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password', method: :post})
+    expected_params = {controller: 'devise/passwords', action: 'create'}
+    expected_params[:format] = false if Devise.rails5?
+
+    assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post})
     assert_raise ExpectedRoutingError do
-      assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password.xml', method: :post})
+      assert_recognizes(expected_params, {path: '/htmlonly_admin/password.xml', method: :post})
     end
   end
 
   test 'map with format false for registrations' do
-    assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up', method: :get})
+    expected_params = {controller: 'devise/registrations', action: 'new'}
+    expected_params[:format] = false if Devise.rails5?
+
+    assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up.xml', method: :get})
     end
   end
 
   test 'map with format false for confirmations' do
-    assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation', method: :get})
+    expected_params = {controller: 'devise/confirmations', action: 'show'}
+    expected_params[:format] = false if Devise.rails5?
+
+    assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation.xml', method: :get})
     end
   end
 
   test 'map with format false for unlocks' do
-    assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock', method: :get})
+    expected_params = {controller: 'devise/unlocks', action: 'show'}
+    expected_params[:format] = false if Devise.rails5?
+
+    assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_users/unlock.xml', method: :get})
     end
   end
 
@@ -241,11 +256,13 @@ class CustomizedRoutingTest < ActionController::TestCase
   end
 
   test 'checks if mapping has proper configuration for omniauth callback' do
-    assert_raise ArgumentError do
-      @routes.dup.eval_block do
-        devise_for :admin, controllers: {omniauth_callbacks: "users/omniauth_callbacks"}
+    e = assert_raise ArgumentError do
+      routes = ActionDispatch::Routing::RouteSet.new
+      routes.draw do
+        devise_for :not_omniauthable, class_name: 'Admin', controllers: {omniauth_callbacks: "users/omniauth_callbacks"}
       end
     end
+    assert_match "Mapping omniauth_callbacks on a resource that is not omniauthable", e.message
   end
 end
 

data/test/support/assertions.rb

@@ -9,10 +9,9 @@ class ActiveSupport::TestCase
     assert assertion.blank?
   end
 
-  def assert_not_blank(assertion)
-    assert !assertion.blank?
+  def assert_present(assertion)
+    assert assertion.present?
   end
-  alias :assert_present :assert_not_blank
 
   def assert_email_sent(address = nil, &block)
     assert_difference('ActionMailer::Base.deliveries.size', &block)

data/test/support/helpers.rb

@@ -8,12 +8,15 @@ class ActiveSupport::TestCase
   end
 
   def store_translations(locale, translations, &block)
-    begin
-      I18n.backend.store_translations(locale, translations)
-      yield
-    ensure
-      I18n.reload!
-    end
+    # Calling 'available_locales' before storing the translations to ensure
+    # that the I18n backend will be initialized before we store our custom
+    # translations, so they will always override the translations for the
+    # YML file.
+    I18n.available_locales
+    I18n.backend.store_translations(locale, translations)
+    yield
+  ensure
+    I18n.reload!
   end
 
   def generate_unique_email
@@ -43,6 +46,10 @@ class ActiveSupport::TestCase
     Admin.create!(valid_attributes)
   end
 
+  def create_user_without_email(attributes={})
+    UserWithoutEmail.create!(valid_attributes(attributes))
+  end
+
   # Execute the block setting the given values and restoring old values after
   # the block is executed.
   def swap(object, new_values)

data/test/support/http_method_compatibility.rb

@@ -0,0 +1,51 @@
+module Devise
+  class IntegrationTest < ActionDispatch::IntegrationTest
+    # %w( get post patch put head delete xml_http_request
+    #           xhr get_via_redirect post_via_redirect
+    #         ).each do |method|
+    %w( get post put ).each do |method|
+      if Rails.version >= '5.0.0'
+        define_method(method) do |url, options={}|
+          if options.empty?
+            super url
+          else
+            super url, options
+          end
+        end
+      else
+        define_method(method) do |url, options={}|
+          if options[:xhr]==true
+            xml_http_request  __method__, url, options[:params] || {}, options[:headers]
+          else
+            super url, options[:params] || {}, options[:headers]
+          end
+        end
+      end
+    end
+  end
+
+  class ControllerTestCase < ActionController::TestCase
+    # %w( get post patch put head delete xml_http_request
+    #           xhr get_via_redirect post_via_redirect
+    #         ).each do |method|
+    %w( get post put ).each do |method|
+      if Rails.version >= '5.0.0'
+        define_method(method) do |action, options={}|
+          if options.empty?
+            super action
+          else
+            super action, options
+          end
+        end
+      else
+        define_method(method) do |action, options={}|
+          if options[:xhr]==true
+            xml_http_request  __method__, action, options[:params] || {}, options[:headers]
+          else
+            super action, options[:params] || {}, options[:headers]
+          end
+        end
+      end
+    end
+  end
+end

data/test/support/integration.rb

@@ -15,7 +15,7 @@ class ActionDispatch::IntegrationTest
         created_at: Time.now.utc
       )
       user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at]
-      user.confirm! unless options[:confirm] == false
+      user.confirm unless options[:confirm] == false
       user.lock_access! if options[:locked] == true
       user
     end
@@ -28,7 +28,7 @@ class ActionDispatch::IntegrationTest
         password: '123456', password_confirmation: '123456',
         active: options[:active]
       )
-      admin.confirm! unless options[:confirm] == false
+      admin.confirm unless options[:confirm] == false
       admin
     end
   end
@@ -40,7 +40,7 @@ class ActionDispatch::IntegrationTest
     fill_in 'password', with: options[:password] || '12345678'
     check 'remember me' if options[:remember_me] == true
     yield if block_given?
-    click_button 'Sign In'
+    click_button 'Log In'
     user
   end
 
@@ -50,7 +50,7 @@ class ActionDispatch::IntegrationTest
     fill_in 'email', with: 'admin@test.com'
     fill_in 'password', with: '123456'
     yield if block_given?
-    click_button 'Sign In'
+    click_button 'Log In'
     admin
   end
 

data/test/support/webrat/integrations/rails.rb

@@ -14,6 +14,15 @@ module Webrat
       ::Rails.logger
     end
   end
+
+  class RailsAdapter
+    protected
+
+    def do_request(http_method, url, data, headers)
+      update_protocol(url)
+      integration_session.send(http_method, normalize_url(url), params: data, headers: headers)
+    end
+  end
 end
 
 module ActionDispatch #:nodoc:

data/test/test_helper.rb

@@ -17,6 +17,12 @@ Webrat.configure do |config|
   config.open_error_files = false
 end
 
+if ActiveSupport.respond_to?(:test_order)
+  ActiveSupport.test_order = :random
+end
+
+OmniAuth.config.logger = Logger.new('/dev/null')
+
 # Add support to load paths so we can overwrite broken webrat setup
 $:.unshift File.expand_path('../support', __FILE__)
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
@@ -25,3 +31,4 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
 require "rails/generators/test_case"
 require "generators/devise/install_generator"
 require "generators/devise/views_generator"
+require "generators/devise/controllers_generator"

data/test/test_helpers_test.rb

@@ -1,15 +1,9 @@
 require 'test_helper'
 
-class TestHelpersTest < ActionController::TestCase
+class TestHelpersTest < Devise::ControllerTestCase
   tests UsersController
   include Devise::TestHelpers
 
-  class CustomFailureApp < Devise::FailureApp
-    def redirect
-      self.status = 306
-    end
-  end
-
   test "redirects if attempting to access a page unauthenticated" do
     get :index
     assert_redirected_to new_user_session_path
@@ -33,14 +27,14 @@ class TestHelpersTest < ActionController::TestCase
       assert !user.active_for_authentication?
 
       sign_in user
-      get :accept, id: user
+      get :accept, params: { id: user }
       assert_nil assigns(:current_user)
     end
   end
 
   test "does not redirect with valid user" do
     user = create_user
-    user.confirm!
+    user.confirm
 
     sign_in user
     get :index
@@ -52,7 +46,7 @@ class TestHelpersTest < ActionController::TestCase
     assert_response :redirect
 
     user = create_user
-    user.confirm!
+    user.confirm
 
     sign_in user
     get :index
@@ -61,7 +55,7 @@ class TestHelpersTest < ActionController::TestCase
 
   test "redirects if valid user signed out" do
     user = create_user
-    user.confirm!
+    user.confirm
 
     sign_in user
     get :index
@@ -72,12 +66,30 @@ class TestHelpersTest < ActionController::TestCase
   end
 
   test "respects custom failure app" do
-    begin
-      Devise.warden_config.failure_app = CustomFailureApp
+    custom_failure_app = Class.new(Devise::FailureApp) do
+      def redirect
+        self.status = 300
+      end
+    end
+
+    swap Devise.warden_config, failure_app: custom_failure_app do
       get :index
-      assert_response 306
-    ensure
-      Devise.warden_config.failure_app = Devise::FailureApp
+      assert_response 300
+    end
+  end
+
+  test "passes given headers from the failure app to the response" do
+    custom_failure_app = Class.new(Devise::FailureApp) do
+      def respond
+        self.status = 401
+        self.response.headers["CUSTOMHEADER"] = 1
+      end
+    end
+
+    swap Devise.warden_config, failure_app: custom_failure_app do
+      sign_in create_user
+      get :index
+      assert_equal 1, @response.headers["CUSTOMHEADER"]
     end
   end
 
@@ -93,7 +105,7 @@ class TestHelpersTest < ActionController::TestCase
       end
 
       user = create_user
-      user.confirm!
+      user.confirm
       sign_in user
     ensure
       Warden::Manager._after_set_user.pop
@@ -106,7 +118,7 @@ class TestHelpersTest < ActionController::TestCase
         flunk "callback was called while it should not"
       end
       user = create_user
-      user.confirm!
+      user.confirm
 
       sign_in user
       sign_out user
@@ -134,7 +146,7 @@ class TestHelpersTest < ActionController::TestCase
 
   test "allows to sign in with different users" do
     first_user = create_user
-    first_user.confirm!
+    first_user.confirm
 
     sign_in first_user
     get :index
@@ -142,32 +154,25 @@ class TestHelpersTest < ActionController::TestCase
     sign_out first_user
 
     second_user = create_user
-    second_user.confirm!
+    second_user.confirm
 
     sign_in second_user
     get :index
     assert_match /User ##{second_user.id}/, @response.body
   end
 
+  test "creates a new warden proxy if the request object has changed" do
+    old_warden_proxy = warden
+    @request = Devise.rails5? ? ActionController::TestRequest.create : ActionController::TestRequest.new
+    new_warden_proxy = warden
 
-  test "passes  given headers from the failure app to the response" do
-
-    begin
-      old_failure_app = Devise.warden_config[:failure_app]
-      class CustomTestFailureApp < Devise::FailureApp
-        def respond
-          self.status = 401
-          self.response.headers["CUSTOMHEADER"] = 1
-        end
-      end
-      Devise.warden_config[:failure_app] = CustomTestFailureApp
-      user = create_user
-      sign_in user
-      get :index
-      assert_equal 1, @response.headers["CUSTOMHEADER"]
-    ensure
-      Devise.warden_config[:failure_app] = old_failure_app
-    end
+    assert_not_equal old_warden_proxy, new_warden_proxy
   end
 
+  test "doesn't create a new warden proxy if the request object hasn't changed" do
+    old_warden_proxy = warden
+    new_warden_proxy = warden
+
+    assert_equal old_warden_proxy, new_warden_proxy
+  end
 end