devise 3.5.10 → 4.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +9 -9
- data/CHANGELOG.md +33 -1188
- data/Gemfile +0 -1
- data/Gemfile.lock +15 -18
- data/MIT-LICENSE +1 -1
- data/README.md +20 -10
- data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
- data/app/controllers/devise/passwords_controller.rb +2 -2
- data/app/controllers/devise/registrations_controller.rb +2 -2
- data/app/controllers/devise/sessions_controller.rb +4 -4
- data/app/controllers/devise/unlocks_controller.rb +1 -1
- data/app/controllers/devise_controller.rb +11 -7
- data/devise.gemspec +2 -3
- data/gemfiles/Gemfile.rails-4.1-stable +0 -1
- data/gemfiles/Gemfile.rails-4.1-stable.lock +38 -41
- data/gemfiles/Gemfile.rails-4.2-stable +0 -1
- data/gemfiles/Gemfile.rails-4.2-stable.lock +47 -50
- data/gemfiles/Gemfile.rails-5.0-beta +37 -0
- data/gemfiles/Gemfile.rails-5.0-beta.lock +242 -0
- data/lib/devise.rb +8 -8
- data/lib/devise/controllers/helpers.rb +7 -11
- data/lib/devise/failure_app.rb +17 -9
- data/lib/devise/models/authenticatable.rb +5 -1
- data/lib/devise/models/confirmable.rb +3 -4
- data/lib/devise/models/database_authenticatable.rb +1 -0
- data/lib/devise/models/lockable.rb +1 -5
- data/lib/devise/models/rememberable.rb +5 -11
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails.rb +1 -10
- data/lib/devise/rails/routes.rb +25 -14
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/strategies/rememberable.rb +6 -3
- data/lib/devise/test_helpers.rb +9 -4
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +3 -3
- data/lib/generators/active_record/templates/migration.rb +1 -1
- data/lib/generators/active_record/templates/migration_existing.rb +1 -1
- data/lib/generators/devise/orm_helpers.rb +0 -17
- data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
- data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
- data/lib/generators/templates/devise.rb +4 -5
- data/test/controllers/custom_registrations_controller_test.rb +5 -5
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +3 -2
- data/test/controllers/helpers_test.rb +1 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
- data/test/controllers/internal_helpers_test.rb +8 -10
- data/test/controllers/load_hooks_controller_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +4 -3
- data/test/controllers/sessions_controller_test.rb +21 -18
- data/test/controllers/url_helpers_test.rb +1 -1
- data/test/failure_app_test.rb +19 -14
- data/test/generators/active_record_generator_test.rb +0 -26
- data/test/helpers/devise_helper_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +18 -18
- data/test/integration/confirmable_test.rb +5 -5
- data/test/integration/database_authenticatable_test.rb +1 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +4 -3
- data/test/integration/omniauthable_test.rb +1 -1
- data/test/integration/recoverable_test.rb +10 -10
- data/test/integration/registerable_test.rb +9 -11
- data/test/integration/rememberable_test.rb +7 -43
- data/test/integration/timeoutable_test.rb +4 -4
- data/test/integration/trackable_test.rb +1 -1
- data/test/models/confirmable_test.rb +5 -13
- data/test/models/lockable_test.rb +0 -22
- data/test/models/rememberable_test.rb +0 -12
- data/test/models/validatable_test.rb +2 -10
- data/test/omniauth/url_helpers_test.rb +1 -2
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +3 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -1
- data/test/rails_app/app/controllers/application_controller.rb +2 -2
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
- data/test/rails_app/app/controllers/users_controller.rb +5 -5
- data/test/rails_app/config/application.rb +1 -1
- data/test/rails_app/config/boot.rb +3 -3
- data/test/rails_app/config/environments/test.rb +6 -1
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/routes_test.rb +26 -11
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helpers_test.rb +3 -3
- metadata +13 -31
- data/gemfiles/Gemfile.rails-3.2-stable +0 -29
- data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -172
- data/gemfiles/Gemfile.rails-4.0-stable +0 -30
- data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -166
- data/script/cached-bundle +0 -49
- data/script/s3-put +0 -71
- data/test/time_helpers.rb +0 -137
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class ConfirmationTest <
|
|
3
|
+
class ConfirmationTest < Devise::IntegrationTest
|
|
4
4
|
|
|
5
5
|
def visit_user_confirmation_with_token(confirmation_token)
|
|
6
6
|
visit user_confirmation_path(confirmation_token: confirmation_token)
|
|
@@ -184,14 +184,14 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
184
184
|
|
|
185
185
|
test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
|
|
186
186
|
user = create_user(confirm: false)
|
|
187
|
-
post user_confirmation_path(format: 'xml'), user: { email: user.email }
|
|
187
|
+
post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
|
|
188
188
|
assert_response :success
|
|
189
189
|
assert_equal response.body, {}.to_xml
|
|
190
190
|
end
|
|
191
191
|
|
|
192
192
|
test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
|
|
193
193
|
create_user(confirm: false)
|
|
194
|
-
post user_confirmation_path(format: 'xml'), user: { email: 'invalid.test@test.com' }
|
|
194
|
+
post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
|
|
195
195
|
assert_response :unprocessable_entity
|
|
196
196
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
197
197
|
end
|
|
@@ -213,7 +213,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
213
213
|
test 'request an account confirmation account with JSON, should return an empty JSON' do
|
|
214
214
|
user = create_user(confirm: false)
|
|
215
215
|
|
|
216
|
-
post user_confirmation_path, user: { email: user.email }, format: :json
|
|
216
|
+
post user_confirmation_path, params: { user: { email: user.email }, format: :json }
|
|
217
217
|
assert_response :success
|
|
218
218
|
assert_equal response.body, {}.to_json
|
|
219
219
|
end
|
|
@@ -249,7 +249,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
|
|
|
249
249
|
end
|
|
250
250
|
end
|
|
251
251
|
|
|
252
|
-
class ConfirmationOnChangeTest <
|
|
252
|
+
class ConfirmationOnChangeTest < Devise::IntegrationTest
|
|
253
253
|
def create_second_admin(options={})
|
|
254
254
|
@admin = nil
|
|
255
255
|
create_admin(options)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class DatabaseAuthenticationTest <
|
|
3
|
+
class DatabaseAuthenticationTest < Devise::IntegrationTest
|
|
4
4
|
test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
|
|
5
5
|
create_user(email: 'Foo@Bar.com')
|
|
6
6
|
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class HttpAuthenticationTest <
|
|
3
|
+
class HttpAuthenticationTest < Devise::IntegrationTest
|
|
4
4
|
test 'handles unverified requests gets rid of caches but continues signed in' do
|
|
5
5
|
swap ApplicationController, allow_forgery_protection: true do
|
|
6
6
|
create_user
|
|
7
|
-
post exhibit_user_url(1), {
|
|
7
|
+
post exhibit_user_url(1), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" }
|
|
8
8
|
assert warden.authenticated?(:user)
|
|
9
9
|
assert_equal "User is authenticated", response.body
|
|
10
10
|
end
|
|
@@ -89,17 +89,16 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
|
|
|
89
89
|
end
|
|
90
90
|
|
|
91
91
|
private
|
|
92
|
-
|
|
93
92
|
def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
|
|
94
93
|
user = create_user
|
|
95
|
-
get users_path(format: :xml), {
|
|
94
|
+
get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
|
|
96
95
|
user
|
|
97
96
|
end
|
|
98
97
|
|
|
99
98
|
# Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
|
|
100
99
|
def add_oauth2_header
|
|
101
100
|
user = create_user
|
|
102
|
-
get users_path(format: :xml), {
|
|
101
|
+
get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
|
|
103
102
|
end
|
|
104
103
|
|
|
105
104
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class LockTest <
|
|
3
|
+
class LockTest < Devise::IntegrationTest
|
|
4
4
|
|
|
5
5
|
def visit_user_unlock_with_token(unlock_token)
|
|
6
6
|
visit user_unlock_path(unlock_token: unlock_token)
|
|
@@ -132,9 +132,10 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
132
132
|
user = create_user(locked: true)
|
|
133
133
|
ActionMailer::Base.deliveries.clear
|
|
134
134
|
|
|
135
|
-
post user_unlock_path(format: 'xml'), user: {email: user.email}
|
|
135
|
+
post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
|
|
136
136
|
assert_response :success
|
|
137
137
|
assert_equal response.body, {}.to_xml
|
|
138
|
+
|
|
138
139
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
|
139
140
|
end
|
|
140
141
|
|
|
@@ -142,7 +143,7 @@ class LockTest < ActionDispatch::IntegrationTest
|
|
|
142
143
|
user = create_user(locked: false)
|
|
143
144
|
ActionMailer::Base.deliveries.clear
|
|
144
145
|
|
|
145
|
-
post user_unlock_path(format: 'xml'), user: {email: user.email}
|
|
146
|
+
post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
|
|
146
147
|
assert_response :unprocessable_entity
|
|
147
148
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
148
149
|
assert_equal 0, ActionMailer::Base.deliveries.size
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class PasswordTest <
|
|
3
|
+
class PasswordTest < Devise::IntegrationTest
|
|
4
4
|
|
|
5
5
|
def visit_new_password_path
|
|
6
6
|
visit new_user_session_path
|
|
@@ -160,8 +160,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
|
|
|
160
160
|
assert_response :success
|
|
161
161
|
assert_current_url '/users/password'
|
|
162
162
|
assert_have_selector '#error_explanation'
|
|
163
|
-
assert_contain
|
|
164
|
-
"Password confirmation doesn't match Password" : "Password doesn't match confirmation"
|
|
163
|
+
assert_contain "Password confirmation doesn't match Password"
|
|
165
164
|
assert_not user.reload.valid_password?('987654321')
|
|
166
165
|
end
|
|
167
166
|
|
|
@@ -251,14 +250,14 @@ class PasswordTest < ActionDispatch::IntegrationTest
|
|
|
251
250
|
|
|
252
251
|
test 'reset password request with valid E-Mail in XML format should return valid response' do
|
|
253
252
|
create_user
|
|
254
|
-
post user_password_path(format: 'xml'), user: {email: "user@test.com"}
|
|
253
|
+
post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} }
|
|
255
254
|
assert_response :success
|
|
256
255
|
assert_equal response.body, { }.to_xml
|
|
257
256
|
end
|
|
258
257
|
|
|
259
258
|
test 'reset password request with invalid E-Mail in XML format should return valid response' do
|
|
260
259
|
create_user
|
|
261
|
-
post user_password_path(format: 'xml'), user: {email: "invalid.test@test.com"}
|
|
260
|
+
post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} }
|
|
262
261
|
assert_response :unprocessable_entity
|
|
263
262
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
264
263
|
end
|
|
@@ -266,7 +265,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
|
|
|
266
265
|
test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
|
|
267
266
|
swap Devise, paranoid: true do
|
|
268
267
|
create_user
|
|
269
|
-
post user_password_path(format: 'xml'), user: {email: "invalid@test.com"}
|
|
268
|
+
post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} }
|
|
270
269
|
assert_response :success
|
|
271
270
|
assert_equal response.body, { }.to_xml
|
|
272
271
|
end
|
|
@@ -275,8 +274,9 @@ class PasswordTest < ActionDispatch::IntegrationTest
|
|
|
275
274
|
test 'change password with valid parameters in XML format should return valid response' do
|
|
276
275
|
create_user
|
|
277
276
|
request_forgot_password
|
|
278
|
-
put user_password_path(format: 'xml'), user: {
|
|
277
|
+
put user_password_path(format: 'xml'), params: { user: {
|
|
279
278
|
reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321'
|
|
279
|
+
}
|
|
280
280
|
}
|
|
281
281
|
assert_response :success
|
|
282
282
|
assert warden.authenticated?(:user)
|
|
@@ -285,7 +285,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
|
|
|
285
285
|
test 'change password with invalid token in XML format should return invalid response' do
|
|
286
286
|
create_user
|
|
287
287
|
request_forgot_password
|
|
288
|
-
put user_password_path(format: 'xml'), user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'}
|
|
288
|
+
put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} }
|
|
289
289
|
assert_response :unprocessable_entity
|
|
290
290
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
291
291
|
end
|
|
@@ -293,7 +293,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
|
|
|
293
293
|
test 'change password with invalid new password in XML format should return invalid response' do
|
|
294
294
|
user = create_user
|
|
295
295
|
request_forgot_password
|
|
296
|
-
put user_password_path(format: 'xml'), user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'}
|
|
296
|
+
put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} }
|
|
297
297
|
assert_response :unprocessable_entity
|
|
298
298
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
299
299
|
end
|
|
@@ -301,7 +301,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
|
|
|
301
301
|
test "when using json requests to ask a confirmable request, should not return the object" do
|
|
302
302
|
user = create_user(confirm: false)
|
|
303
303
|
|
|
304
|
-
post user_password_path(format: :json), user: { email: user.email }
|
|
304
|
+
post user_password_path(format: :json), params: { user: { email: user.email } }
|
|
305
305
|
|
|
306
306
|
assert_response :success
|
|
307
307
|
assert_equal response.body, "{}"
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class RegistrationTest <
|
|
3
|
+
class RegistrationTest < Devise::IntegrationTest
|
|
4
4
|
|
|
5
5
|
test 'a guest admin should be able to sign in successfully' do
|
|
6
6
|
get new_admin_session_path
|
|
@@ -110,8 +110,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
|
|
|
110
110
|
assert_template 'registrations/new'
|
|
111
111
|
assert_have_selector '#error_explanation'
|
|
112
112
|
assert_contain "Email is invalid"
|
|
113
|
-
assert_contain
|
|
114
|
-
"Password confirmation doesn't match Password" : "Password doesn't match confirmation"
|
|
113
|
+
assert_contain "Password confirmation doesn't match Password"
|
|
115
114
|
assert_contain "2 errors prohibited"
|
|
116
115
|
assert_nil User.to_adapter.find_first
|
|
117
116
|
|
|
@@ -217,8 +216,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
|
|
|
217
216
|
fill_in 'current password', with: '12345678'
|
|
218
217
|
click_button 'Update'
|
|
219
218
|
|
|
220
|
-
assert_contain
|
|
221
|
-
"Password confirmation doesn't match Password" : "Password doesn't match confirmation"
|
|
219
|
+
assert_contain "Password confirmation doesn't match Password"
|
|
222
220
|
assert_not User.to_adapter.find_first.valid_password?('pas123')
|
|
223
221
|
end
|
|
224
222
|
|
|
@@ -259,7 +257,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
|
|
|
259
257
|
end
|
|
260
258
|
|
|
261
259
|
test 'an admin sign up with valid information in XML format should return valid response' do
|
|
262
|
-
post admin_registration_path(format: 'xml'), admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
|
|
260
|
+
post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
|
|
263
261
|
assert_response :success
|
|
264
262
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
|
|
265
263
|
|
|
@@ -268,7 +266,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
|
|
|
268
266
|
end
|
|
269
267
|
|
|
270
268
|
test 'a user sign up with valid information in XML format should return valid response' do
|
|
271
|
-
post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
|
|
269
|
+
post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
|
|
272
270
|
assert_response :success
|
|
273
271
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
|
274
272
|
|
|
@@ -277,21 +275,21 @@ class RegistrationTest < ActionDispatch::IntegrationTest
|
|
|
277
275
|
end
|
|
278
276
|
|
|
279
277
|
test 'a user sign up with invalid information in XML format should return invalid response' do
|
|
280
|
-
post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' }
|
|
278
|
+
post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } }
|
|
281
279
|
assert_response :unprocessable_entity
|
|
282
280
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
283
281
|
end
|
|
284
282
|
|
|
285
283
|
test 'a user update information with valid data in XML format should return valid response' do
|
|
286
284
|
user = sign_in_as_user
|
|
287
|
-
put user_registration_path(format: 'xml'), user: { current_password: '12345678', email: 'user.new@test.com' }
|
|
285
|
+
put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } }
|
|
288
286
|
assert_response :success
|
|
289
287
|
assert_equal user.reload.email, 'user.new@test.com'
|
|
290
288
|
end
|
|
291
289
|
|
|
292
290
|
test 'a user update information with invalid data in XML format should return invalid response' do
|
|
293
291
|
user = sign_in_as_user
|
|
294
|
-
put user_registration_path(format: 'xml'), user: { current_password: 'invalid', email: 'user.new@test.com' }
|
|
292
|
+
put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } }
|
|
295
293
|
assert_response :unprocessable_entity
|
|
296
294
|
assert_equal user.reload.email, 'user@test.com'
|
|
297
295
|
end
|
|
@@ -304,7 +302,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
|
|
|
304
302
|
end
|
|
305
303
|
end
|
|
306
304
|
|
|
307
|
-
class ReconfirmableRegistrationTest <
|
|
305
|
+
class ReconfirmableRegistrationTest < Devise::IntegrationTest
|
|
308
306
|
test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do
|
|
309
307
|
sign_in_as_admin
|
|
310
308
|
get edit_admin_registration_path
|
|
@@ -1,11 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class RememberMeTest <
|
|
4
|
-
if (Rails::VERSION::MAJOR < 4) || (Rails::VERSION::MAJOR >= 4 && Rails::VERSION::MINOR < 1)
|
|
5
|
-
require 'time_helpers'
|
|
6
|
-
include ActiveSupport::Testing::TimeHelpers
|
|
7
|
-
end
|
|
8
|
-
|
|
3
|
+
class RememberMeTest < Devise::IntegrationTest
|
|
9
4
|
def create_user_and_remember(add_to_token='')
|
|
10
5
|
user = create_user
|
|
11
6
|
user.remember_me!
|
|
@@ -15,7 +10,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
|
15
10
|
end
|
|
16
11
|
|
|
17
12
|
def generate_signed_cookie(raw_cookie)
|
|
18
|
-
request = ActionDispatch::TestRequest.new
|
|
13
|
+
request = Devise.rails5? ? ActionDispatch::TestRequest.create : ActionDispatch::TestRequest.new
|
|
19
14
|
request.cookie_jar.signed['raw_cookie'] = raw_cookie
|
|
20
15
|
request.cookie_jar['raw_cookie']
|
|
21
16
|
end
|
|
@@ -52,8 +47,10 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
|
52
47
|
get new_user_session_path
|
|
53
48
|
assert request.session[:_csrf_token]
|
|
54
49
|
|
|
55
|
-
post user_session_path,
|
|
56
|
-
|
|
50
|
+
post user_session_path, params: {
|
|
51
|
+
authenticity_token: "oops",
|
|
52
|
+
user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
|
|
53
|
+
}
|
|
57
54
|
assert_not warden.authenticated?(:user)
|
|
58
55
|
assert_not request.cookies['remember_user_token']
|
|
59
56
|
end
|
|
@@ -97,6 +94,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
|
97
94
|
assert_response :success
|
|
98
95
|
assert warden.authenticated?(:user)
|
|
99
96
|
assert warden.user(:user) == user
|
|
97
|
+
assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
|
|
100
98
|
end
|
|
101
99
|
|
|
102
100
|
test 'remember the user before sign up and redirect them to their home' do
|
|
@@ -122,40 +120,6 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
|
122
120
|
end
|
|
123
121
|
end
|
|
124
122
|
|
|
125
|
-
test 'extends remember period when extend remember period config is true' do
|
|
126
|
-
swap Devise, extend_remember_period: true, remember_for: 1.year do
|
|
127
|
-
user = create_user_and_remember
|
|
128
|
-
old_remember_token = nil
|
|
129
|
-
|
|
130
|
-
travel_to 1.day.ago do
|
|
131
|
-
get root_path
|
|
132
|
-
old_remember_token = request.cookies['remember_user_token']
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
get root_path
|
|
136
|
-
current_remember_token = request.cookies['remember_user_token']
|
|
137
|
-
|
|
138
|
-
refute_equal old_remember_token, current_remember_token
|
|
139
|
-
end
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
test 'does not extend remember period when extend period config is false' do
|
|
143
|
-
swap Devise, extend_remember_period: false, remember_for: 1.year do
|
|
144
|
-
user = create_user_and_remember
|
|
145
|
-
old_remember_token = nil
|
|
146
|
-
|
|
147
|
-
travel_to 1.day.ago do
|
|
148
|
-
get root_path
|
|
149
|
-
old_remember_token = request.cookies['remember_user_token']
|
|
150
|
-
end
|
|
151
|
-
|
|
152
|
-
get root_path
|
|
153
|
-
current_remember_token = request.cookies['remember_user_token']
|
|
154
|
-
|
|
155
|
-
assert_equal old_remember_token, current_remember_token
|
|
156
|
-
end
|
|
157
|
-
end
|
|
158
|
-
|
|
159
123
|
test 'do not remember other scopes' do
|
|
160
124
|
create_user_and_remember
|
|
161
125
|
get root_path
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class SessionTimeoutTest <
|
|
3
|
+
class SessionTimeoutTest < Devise::IntegrationTest
|
|
4
4
|
|
|
5
5
|
def last_request_at
|
|
6
6
|
@controller.user_session['last_request_at']
|
|
@@ -20,7 +20,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
|
20
20
|
old_last_request = last_request_at
|
|
21
21
|
assert_not_nil last_request_at
|
|
22
22
|
|
|
23
|
-
get users_path, {
|
|
23
|
+
get users_path, headers: { 'devise.skip_trackable' => true }
|
|
24
24
|
assert_equal old_last_request, last_request_at
|
|
25
25
|
end
|
|
26
26
|
|
|
@@ -32,7 +32,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
|
32
32
|
new_time = 2.seconds.from_now
|
|
33
33
|
Time.stubs(:now).returns(new_time)
|
|
34
34
|
|
|
35
|
-
get users_path, {
|
|
35
|
+
get users_path, headers: { 'devise.skip_timeoutable' => true }
|
|
36
36
|
assert_equal old_last_request, last_request_at
|
|
37
37
|
end
|
|
38
38
|
|
|
@@ -115,7 +115,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
|
115
115
|
user = sign_in_as_user
|
|
116
116
|
get expire_user_path(user)
|
|
117
117
|
|
|
118
|
-
post "/users/sign_in", email: user.email, password: "123456"
|
|
118
|
+
post "/users/sign_in", params: { email: user.email, password: "123456" }
|
|
119
119
|
|
|
120
120
|
assert_response :redirect
|
|
121
121
|
follow_redirect!
|
|
@@ -114,7 +114,7 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|
|
114
114
|
|
|
115
115
|
assert_email_not_sent do
|
|
116
116
|
user.save!
|
|
117
|
-
|
|
117
|
+
assert !user.confirmed?
|
|
118
118
|
end
|
|
119
119
|
end
|
|
120
120
|
|
|
@@ -401,14 +401,6 @@ class ReconfirmableTest < ActiveSupport::TestCase
|
|
|
401
401
|
assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded
|
|
402
402
|
end
|
|
403
403
|
|
|
404
|
-
test 'should send confirmation instructions by email after changing email from nil' do
|
|
405
|
-
admin = create_admin(email: nil)
|
|
406
|
-
assert_email_sent "new_test@example.com" do
|
|
407
|
-
assert admin.update_attributes(email: 'new_test@example.com')
|
|
408
|
-
end
|
|
409
|
-
assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded
|
|
410
|
-
end
|
|
411
|
-
|
|
412
404
|
test 'should not send confirmation by email after changing password' do
|
|
413
405
|
admin = create_admin
|
|
414
406
|
assert admin.confirm
|
|
@@ -496,8 +488,8 @@ class ReconfirmableTest < ActiveSupport::TestCase
|
|
|
496
488
|
end
|
|
497
489
|
|
|
498
490
|
test 'should not require reconfirmation after creating a record' do
|
|
499
|
-
|
|
500
|
-
assert !
|
|
491
|
+
user = create_admin
|
|
492
|
+
assert !user.pending_reconfirmation?
|
|
501
493
|
end
|
|
502
494
|
|
|
503
495
|
test 'should not require reconfirmation after creating a record with #save called in callback' do
|
|
@@ -505,7 +497,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
|
|
|
505
497
|
after_create :save
|
|
506
498
|
end
|
|
507
499
|
|
|
508
|
-
|
|
509
|
-
assert !
|
|
500
|
+
user = Admin::WithSaveInCallback.create(valid_attributes.except(:username))
|
|
501
|
+
assert !user.pending_reconfirmation?
|
|
510
502
|
end
|
|
511
503
|
end
|