devise 3.3.0 → 3.5.10

data/test/rails_app/config/initializers/devise.rb

@@ -31,7 +31,7 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # You can also supply hash where the value is a boolean expliciting if authentication
   # should be aborted or not if the value is not present. By default is empty.
-  # config.authentication_keys = [ :email ]
+  # config.authentication_keys = [:email]
 
   # Configure parameters from the request object used for authentication. Each entry
   # given should be a request method and it will automatically be passed to
@@ -43,12 +43,12 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [:email]
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email ]
+  config.strip_whitespace_keys = [:email]
 
   # Tell if authentication through request.params is enabled. True by default.
   # config.params_authenticatable = true
@@ -77,21 +77,18 @@ Devise.setup do |config|
   # config.allow_unconfirmed_access_for = 2.days
 
   # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
+  # config.confirmation_keys = [:email]
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
 
-  # If true, a valid remember token can be re-used between multiple browsers.
-  # config.remember_across_browsers = true
-
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
-  # config.password_length = 8..128
+  # Range for password length. Default is 8..72.
+  # config.password_length = 8..72
 
   # Regex to use to validate the email address
   # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
@@ -108,7 +105,7 @@ Devise.setup do |config|
   # config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
+  # config.unlock_keys = [:email]
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
@@ -127,20 +124,20 @@ Devise.setup do |config|
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
+  # config.reset_password_keys = [:email]
 
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
   config.reset_password_within = 2.hours
 
+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  # config.sign_in_after_reset_password = true
+
   # Setup a pepper to generate the encrypted password.
   config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
 
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
-
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "users/sessions/new". It's turned off by default because it's slower if you

data/test/rails_app/config/routes.rb

@@ -13,9 +13,7 @@ Rails.application.routes.draw do
     end
   end
 
-  resources :admins, only: [:index] do
-    get :expire, on: :member
-  end
+  resources :admins, only: [:index]
 
   # Users scope
   devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }
@@ -30,6 +28,11 @@ Rails.application.routes.draw do
     router_name: :fake_engine,
     module: :devise
 
+  devise_for :user_without_email,
+    class_name: 'UserWithoutEmail',
+    router_name: :main_app,
+    module: :devise
+
   as :user do
     get "/as/sign_in", to: "devise/sessions#new"
   end

data/test/rails_app/db/migrate/20100401102949_create_tables.rb

@@ -33,7 +33,7 @@ class CreateTables < ActiveRecord::Migration
       t.string   :unlock_token # Only if unlock strategy is :email or :both
       t.datetime :locked_at
 
-      t.timestamps
+      t.timestamps null: false
     end
 
     create_table :admins do |t|
@@ -60,7 +60,7 @@ class CreateTables < ActiveRecord::Migration
       ## Attribute for testing route blocks
       t.boolean :active, default: false
 
-      t.timestamps
+      t.timestamps null: false
     end
   end
 

data/test/rails_app/lib/shared_user.rb

@@ -4,7 +4,7 @@ module SharedUser
   included do
     devise :database_authenticatable, :confirmable, :lockable, :recoverable,
            :registerable, :rememberable, :timeoutable,
-           :trackable, :validatable, :omniauthable, password_length: 7..128
+           :trackable, :validatable, :omniauthable, password_length: 7..72
 
     attr_accessor :other_key
 

data/test/rails_app/lib/shared_user_without_email.rb

@@ -0,0 +1,26 @@
+module SharedUserWithoutEmail
+  extend ActiveSupport::Concern
+
+  included do
+    # NOTE: This is missing :validatable and :confirmable, as they both require
+    # an email field at the moment. It is also missing :omniauthable because that
+    # adds unnecessary complexity to the setup
+    devise :database_authenticatable, :lockable, :recoverable,
+           :registerable, :rememberable, :timeoutable,
+           :trackable
+  end
+
+  # This test stub is a bit rubbish because it's tied very closely to the
+  # implementation where we care about this one case. However, completely
+  # removing the email field breaks "recoverable" tests completely, so we are
+  # just taking the approach here that "email" is something that is a not an
+  # ActiveRecord field.
+  def email_changed?
+    raise NoMethodError
+  end
+
+  def respond_to?(method_name, include_all=false)
+    return false if method_name.to_sym == :email_changed?
+    super(method_name, include_all)
+  end
+end

data/test/rails_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class RailsTest < ActiveSupport::TestCase
+  test 'correct initializer position' do
+    initializer = Devise::Engine.initializers.detect { |i| i.name == 'devise.omniauth' }
+    assert_equal :load_config_initializers, initializer.after
+    assert_equal :build_middleware_stack, initializer.before
+  end
+end

data/test/support/helpers.rb

@@ -8,12 +8,15 @@ class ActiveSupport::TestCase
   end
 
   def store_translations(locale, translations, &block)
-    begin
-      I18n.backend.store_translations(locale, translations)
-      yield
-    ensure
-      I18n.reload!
-    end
+    # Calling 'available_locales' before storing the translations to ensure
+    # that the I18n backend will be initialized before we store our custom
+    # translations, so they will always override the translations for the
+    # YML file.
+    I18n.available_locales
+    I18n.backend.store_translations(locale, translations)
+    yield
+  ensure
+    I18n.reload!
   end
 
   def generate_unique_email
@@ -43,6 +46,10 @@ class ActiveSupport::TestCase
     Admin.create!(valid_attributes)
   end
 
+  def create_user_without_email(attributes={})
+    UserWithoutEmail.create!(valid_attributes(attributes))
+  end
+
   # Execute the block setting the given values and restoring old values after
   # the block is executed.
   def swap(object, new_values)

data/test/support/integration.rb

@@ -15,7 +15,7 @@ class ActionDispatch::IntegrationTest
         created_at: Time.now.utc
       )
       user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at]
-      user.confirm! unless options[:confirm] == false
+      user.confirm unless options[:confirm] == false
       user.lock_access! if options[:locked] == true
       user
     end
@@ -28,7 +28,7 @@ class ActionDispatch::IntegrationTest
         password: '123456', password_confirmation: '123456',
         active: options[:active]
       )
-      admin.confirm! unless options[:confirm] == false
+      admin.confirm unless options[:confirm] == false
       admin
     end
   end

data/test/test_helper.rb

@@ -17,6 +17,10 @@ Webrat.configure do |config|
   config.open_error_files = false
 end
 
+if ActiveSupport.respond_to?(:test_order)
+  ActiveSupport.test_order = :random
+end
+
 OmniAuth.config.logger = Logger.new('/dev/null')
 
 # Add support to load paths so we can overwrite broken webrat setup
@@ -27,3 +31,4 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
 require "rails/generators/test_case"
 require "generators/devise/install_generator"
 require "generators/devise/views_generator"
+require "generators/devise/controllers_generator"

data/test/test_helpers_test.rb

@@ -34,7 +34,7 @@ class TestHelpersTest < ActionController::TestCase
 
   test "does not redirect with valid user" do
     user = create_user
-    user.confirm!
+    user.confirm
 
     sign_in user
     get :index
@@ -46,7 +46,7 @@ class TestHelpersTest < ActionController::TestCase
     assert_response :redirect
 
     user = create_user
-    user.confirm!
+    user.confirm
 
     sign_in user
     get :index
@@ -55,7 +55,7 @@ class TestHelpersTest < ActionController::TestCase
 
   test "redirects if valid user signed out" do
     user = create_user
-    user.confirm!
+    user.confirm
 
     sign_in user
     get :index
@@ -105,7 +105,7 @@ class TestHelpersTest < ActionController::TestCase
       end
 
       user = create_user
-      user.confirm!
+      user.confirm
       sign_in user
     ensure
       Warden::Manager._after_set_user.pop
@@ -118,7 +118,7 @@ class TestHelpersTest < ActionController::TestCase
         flunk "callback was called while it should not"
       end
       user = create_user
-      user.confirm!
+      user.confirm
 
       sign_in user
       sign_out user
@@ -146,7 +146,7 @@ class TestHelpersTest < ActionController::TestCase
 
   test "allows to sign in with different users" do
     first_user = create_user
-    first_user.confirm!
+    first_user.confirm
 
     sign_in first_user
     get :index
@@ -154,10 +154,25 @@ class TestHelpersTest < ActionController::TestCase
     sign_out first_user
 
     second_user = create_user
-    second_user.confirm!
+    second_user.confirm
 
     sign_in second_user
     get :index
     assert_match /User ##{second_user.id}/, @response.body
   end
+
+  test "creates a new warden proxy if the request object has changed" do
+    old_warden_proxy = warden
+    @request = ActionController::TestRequest.new
+    new_warden_proxy = warden
+
+    assert_not_equal old_warden_proxy, new_warden_proxy
+  end
+
+  test "doesn't create a new warden proxy if the request object hasn't changed" do
+    old_warden_proxy = warden
+    new_warden_proxy = warden
+
+    assert_equal old_warden_proxy, new_warden_proxy
+  end
 end

data/test/test_models.rb

@@ -20,8 +20,8 @@ class UserWithCustomEncryption < User
 end
 
 class UserWithVirtualAttributes < User
-  devise case_insensitive_keys: [ :email, :email_confirmation ]
-  validates :email, presence: true, confirmation: {on: :create}
+  devise case_insensitive_keys: [:email, :email_confirmation]
+  validates :email, presence: true, confirmation: { on: :create }
 end
 
 class Several < Admin

data/test/time_helpers.rb

@@ -0,0 +1,137 @@
+# A copy of Rails time helpers. With this file we can support the `travel_to`
+# helper for Rails versions prior 4.1.
+# File origin: https://github.com/rails/rails/blob/52ce6ece8c8f74064bb64e0a0b1ddd83092718e1/activesupport/lib/active_support/testing/time_helpers.rb
+module ActiveSupport
+  module Testing
+    class SimpleStubs # :nodoc:
+      Stub = Struct.new(:object, :method_name, :original_method)
+
+      def initialize
+        @stubs = {}
+      end
+
+      def stub_object(object, method_name, return_value)
+        key = [object.object_id, method_name]
+
+        if stub = @stubs[key]
+          unstub_object(stub)
+        end
+
+        new_name = "__simple_stub__#{method_name}"
+
+        @stubs[key] = Stub.new(object, method_name, new_name)
+
+        object.singleton_class.send :alias_method, new_name, method_name
+        object.define_singleton_method(method_name) { return_value }
+      end
+
+      def unstub_all!
+        @stubs.each_value do |stub|
+          unstub_object(stub)
+        end
+        @stubs = {}
+      end
+
+      private
+
+        def unstub_object(stub)
+          singleton_class = stub.object.singleton_class
+          singleton_class.send :undef_method, stub.method_name
+          singleton_class.send :alias_method, stub.method_name, stub.original_method
+          singleton_class.send :undef_method, stub.original_method
+        end
+    end
+
+    # Contains helpers that help you test passage of time.
+    module TimeHelpers
+      # Changes current time to the time in the future or in the past by a given time difference by
+      # stubbing +Time.now+, +Date.today+, and +DateTime.now+.
+      #
+      #   Time.current     # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel 1.day
+      #   Time.current     # => Sun, 10 Nov 2013 15:34:49 EST -05:00
+      #   Date.current     # => Sun, 10 Nov 2013
+      #   DateTime.current # => Sun, 10 Nov 2013 15:34:49 -0500
+      #
+      # This method also accepts a block, which will return the current time back to its original
+      # state at the end of the block:
+      #
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel 1.day do
+      #     User.create.created_at # => Sun, 10 Nov 2013 15:34:49 EST -05:00
+      #   end
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      def travel(duration, &block)
+        travel_to Time.now + duration, &block
+      end
+
+      # Changes current time to the given time by stubbing +Time.now+,
+      # +Date.today+, and +DateTime.now+ to return the time or date passed into this method.
+      #
+      #   Time.current     # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel_to Time.new(2004, 11, 24, 01, 04, 44)
+      #   Time.current     # => Wed, 24 Nov 2004 01:04:44 EST -05:00
+      #   Date.current     # => Wed, 24 Nov 2004
+      #   DateTime.current # => Wed, 24 Nov 2004 01:04:44 -0500
+      #
+      # Dates are taken as their timestamp at the beginning of the day in the
+      # application time zone. <tt>Time.current</tt> returns said timestamp,
+      # and <tt>Time.now</tt> its equivalent in the system time zone. Similarly,
+      # <tt>Date.current</tt> returns a date equal to the argument, and
+      # <tt>Date.today</tt> the date according to <tt>Time.now</tt>, which may
+      # be different. (Note that you rarely want to deal with <tt>Time.now</tt>,
+      # or <tt>Date.today</tt>, in order to honor the application time zone
+      # please always use <tt>Time.current</tt> and <tt>Date.current</tt>.)
+      #
+      # Note that the usec for the time passed will be set to 0 to prevent rounding
+      # errors with external services, like MySQL (which will round instead of floor,
+      # leading to off-by-one-second errors).
+      #
+      # This method also accepts a block, which will return the current time back to its original
+      # state at the end of the block:
+      #
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel_to Time.new(2004, 11, 24, 01, 04, 44) do
+      #     Time.current # => Wed, 24 Nov 2004 01:04:44 EST -05:00
+      #   end
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      def travel_to(date_or_time)
+        if date_or_time.is_a?(Date) && !date_or_time.is_a?(DateTime)
+          now = date_or_time.midnight.to_time
+        else
+          now = date_or_time.to_time.change(usec: 0)
+        end
+
+        simple_stubs.stub_object(Time, :now, now)
+        simple_stubs.stub_object(Date, :today, now.to_date)
+        simple_stubs.stub_object(DateTime, :now, now.to_datetime)
+
+        if block_given?
+          begin
+            yield
+          ensure
+            travel_back
+          end
+        end
+      end
+
+      # Returns the current time back to its original state, by removing the stubs added by
+      # `travel` and `travel_to`.
+      #
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel_to Time.new(2004, 11, 24, 01, 04, 44)
+      #   Time.current # => Wed, 24 Nov 2004 01:04:44 EST -05:00
+      #   travel_back
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      def travel_back
+        simple_stubs.unstub_all!
+      end
+
+      private
+
+        def simple_stubs
+          @simple_stubs ||= SimpleStubs.new
+        end
+    end
+  end
+end