devise 3.5.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +14 -15
- data/CHANGELOG.md +57 -1125
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +3 -3
- data/Gemfile.lock +80 -80
- data/MIT-LICENSE +1 -1
- data/README.md +27 -18
- data/app/controllers/devise/confirmations_controller.rb +1 -1
- data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
- data/app/controllers/devise/passwords_controller.rb +5 -4
- data/app/controllers/devise/registrations_controller.rb +5 -5
- data/app/controllers/devise/sessions_controller.rb +7 -7
- data/app/controllers/devise/unlocks_controller.rb +2 -2
- data/app/controllers/devise_controller.rb +20 -9
- data/app/mailers/devise/mailer.rb +4 -0
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/shared/_links.html.erb +1 -1
- data/bin/test +13 -0
- data/config/locales/en.yml +2 -0
- data/devise.gemspec +2 -3
- data/gemfiles/Gemfile.rails-4.1-stable +4 -4
- data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
- data/gemfiles/Gemfile.rails-4.2-stable +4 -4
- data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
- data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
- data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
- data/lib/devise/controllers/helpers.rb +20 -24
- data/lib/devise/controllers/rememberable.rb +8 -1
- data/lib/devise/encryptor.rb +4 -4
- data/lib/devise/failure_app.rb +33 -12
- data/lib/devise/hooks/timeoutable.rb +5 -3
- data/lib/devise/mailers/helpers.rb +1 -1
- data/lib/devise/models/authenticatable.rb +5 -1
- data/lib/devise/models/confirmable.rb +6 -6
- data/lib/devise/models/database_authenticatable.rb +20 -7
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/recoverable.rb +3 -7
- data/lib/devise/models/rememberable.rb +38 -24
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/models.rb +1 -1
- data/lib/devise/omniauth/url_helpers.rb +62 -4
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails/routes.rb +54 -31
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/rails.rb +1 -10
- data/lib/devise/strategies/authenticatable.rb +1 -1
- data/lib/devise/strategies/database_authenticatable.rb +3 -3
- data/lib/devise/strategies/rememberable.rb +3 -6
- data/lib/devise/test_helpers.rb +10 -5
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +115 -20
- data/lib/generators/active_record/devise_generator.rb +11 -5
- data/lib/generators/active_record/templates/migration.rb +2 -2
- data/lib/generators/active_record/templates/migration_existing.rb +2 -2
- data/lib/generators/devise/install_generator.rb +15 -0
- data/lib/generators/devise/orm_helpers.rb +1 -18
- data/lib/generators/devise/views_generator.rb +14 -3
- data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
- data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
- data/lib/generators/templates/devise.rb +19 -17
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/test/controllers/custom_registrations_controller_test.rb +5 -5
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +22 -0
- data/test/controllers/helpers_test.rb +1 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
- data/test/controllers/internal_helpers_test.rb +8 -10
- data/test/controllers/load_hooks_controller_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +4 -3
- data/test/controllers/sessions_controller_test.rb +21 -18
- data/test/controllers/url_helpers_test.rb +1 -1
- data/test/devise_test.rb +27 -0
- data/test/failure_app_test.rb +37 -15
- data/test/generators/active_record_generator_test.rb +0 -26
- data/test/generators/install_generator_test.rb +14 -3
- data/test/generators/views_generator_test.rb +7 -0
- data/test/helpers/devise_helper_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +18 -18
- data/test/integration/confirmable_test.rb +5 -5
- data/test/integration/database_authenticatable_test.rb +1 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +4 -3
- data/test/integration/omniauthable_test.rb +12 -10
- data/test/integration/recoverable_test.rb +10 -10
- data/test/integration/registerable_test.rb +9 -11
- data/test/integration/rememberable_test.rb +42 -7
- data/test/integration/timeoutable_test.rb +16 -4
- data/test/integration/trackable_test.rb +1 -1
- data/test/mailers/confirmation_instructions_test.rb +6 -6
- data/test/mailers/reset_password_instructions_test.rb +5 -5
- data/test/mailers/unlock_instructions_test.rb +5 -5
- data/test/models/confirmable_test.rb +25 -1
- data/test/models/database_authenticatable_test.rb +26 -6
- data/test/models/lockable_test.rb +1 -1
- data/test/models/recoverable_test.rb +23 -0
- data/test/models/rememberable_test.rb +48 -95
- data/test/models/validatable_test.rb +2 -10
- data/test/models_test.rb +15 -6
- data/test/omniauth/url_helpers_test.rb +4 -7
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +1 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -1
- data/test/rails_app/app/controllers/application_controller.rb +2 -2
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
- data/test/rails_app/app/controllers/users_controller.rb +5 -5
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/config/application.rb +1 -1
- data/test/rails_app/config/boot.rb +4 -4
- data/test/rails_app/config/environments/test.rb +6 -1
- data/test/rails_app/config/initializers/devise.rb +1 -1
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/rails_app/config/routes.rb +5 -0
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/routes_test.rb +28 -13
- data/test/support/helpers.rb +4 -0
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helpers_test.rb +5 -5
- data/test/test_models.rb +1 -1
- metadata +41 -45
- data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
- data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
- data/script/cached-bundle +0 -49
- data/script/s3-put +0 -71
|
@@ -1,81 +1,131 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
require 'devise/parameter_sanitizer'
|
|
3
3
|
|
|
4
|
-
class
|
|
4
|
+
class ParameterSanitizerTest < ActiveSupport::TestCase
|
|
5
5
|
def sanitizer(params)
|
|
6
|
-
|
|
6
|
+
params = ActionController::Parameters.new(params)
|
|
7
|
+
Devise::ParameterSanitizer.new(User, :user, params)
|
|
7
8
|
end
|
|
8
9
|
|
|
9
|
-
test '
|
|
10
|
-
sanitizer = sanitizer(user
|
|
11
|
-
|
|
10
|
+
test 'permits the default parameters for sign in' do
|
|
11
|
+
sanitizer = sanitizer('user' => { 'email' => 'jose' })
|
|
12
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
13
|
+
|
|
14
|
+
assert_equal({ 'email' => 'jose' }, sanitized)
|
|
12
15
|
end
|
|
13
|
-
end
|
|
14
16
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
+
test 'permits the default parameters for sign up' do
|
|
18
|
+
sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' })
|
|
19
|
+
sanitized = sanitizer.sanitize(:sign_up)
|
|
17
20
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
params = ActionController::Parameters.new(params)
|
|
21
|
-
Devise::ParameterSanitizer.new(User, :user, params)
|
|
22
|
-
end
|
|
21
|
+
assert_equal({ 'email' => 'jose' }, sanitized)
|
|
22
|
+
end
|
|
23
23
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
end
|
|
24
|
+
test 'permits the default parameters for account update' do
|
|
25
|
+
sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' })
|
|
26
|
+
sanitized = sanitizer.sanitize(:account_update)
|
|
28
27
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
|
|
32
|
-
assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
|
|
33
|
-
end
|
|
34
|
-
end
|
|
28
|
+
assert_equal({ 'email' => 'jose' }, sanitized)
|
|
29
|
+
end
|
|
35
30
|
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
31
|
+
test 'permits news parameters for an existing action' do
|
|
32
|
+
sanitizer = sanitizer('user' => { 'username' => 'jose' })
|
|
33
|
+
sanitizer.permit(:sign_in, keys: [:username])
|
|
34
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
35
|
+
|
|
36
|
+
assert_equal({ 'username' => 'jose' }, sanitized)
|
|
37
|
+
end
|
|
40
38
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
39
|
+
test 'permits news parameters for an existing action with a block' do
|
|
40
|
+
sanitizer = sanitizer('user' => { 'username' => 'jose' })
|
|
41
|
+
sanitizer.permit(:sign_in) do |user|
|
|
42
|
+
user.permit(:username)
|
|
44
43
|
end
|
|
45
44
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
45
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
46
|
+
|
|
47
|
+
assert_equal({ 'username' => 'jose' }, sanitized)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
test 'permit parameters for new actions' do
|
|
51
|
+
sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'name' => 'Jose' })
|
|
52
|
+
sanitizer.permit(:invite_user, keys: [:email, :name])
|
|
53
|
+
|
|
54
|
+
sanitized = sanitizer.sanitize(:invite_user)
|
|
55
|
+
|
|
56
|
+
assert_equal({ 'email' => 'jose@omglol', 'name' => 'Jose' }, sanitized)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
test 'fails when we do not have any permitted parameters for the action' do
|
|
60
|
+
sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid' })
|
|
61
|
+
|
|
62
|
+
assert_raise NotImplementedError do
|
|
63
|
+
sanitizer.sanitize(:unknown)
|
|
50
64
|
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
test 'removes permitted parameters' do
|
|
68
|
+
sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'username' => 'jose' })
|
|
51
69
|
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
70
|
+
sanitizer.permit(:sign_in, keys: [:username], except: [:email])
|
|
71
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
72
|
+
|
|
73
|
+
assert_equal({ 'username' => 'jose' }, sanitized)
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
class DeprecatedParameterSanitizerAPITest < ActiveSupport::TestCase
|
|
78
|
+
class CustomSanitizer < Devise::ParameterSanitizer
|
|
79
|
+
def sign_in
|
|
80
|
+
default_params.permit(:username)
|
|
56
81
|
end
|
|
82
|
+
end
|
|
57
83
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
84
|
+
def sanitizer(params)
|
|
85
|
+
params = ActionController::Parameters.new(params)
|
|
86
|
+
Devise::ParameterSanitizer.new(User, :user, params)
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
test 'overriding instance methods have precedence over the default sanitized attributes' do
|
|
90
|
+
assert_deprecated do
|
|
91
|
+
params = ActionController::Parameters.new(user: { "username" => "jose", "name" => "Jose" })
|
|
92
|
+
sanitizer = CustomSanitizer.new(User, :user, params)
|
|
93
|
+
|
|
94
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
95
|
+
|
|
96
|
+
assert_equal({ "username" => "jose" }, sanitized)
|
|
63
97
|
end
|
|
98
|
+
end
|
|
64
99
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
100
|
+
test 'adding new parameters by mutating the Array' do
|
|
101
|
+
assert_deprecated do
|
|
102
|
+
sanitizer = sanitizer('user' => { 'username' => 'jose' })
|
|
103
|
+
sanitizer.for(:sign_in) << :username
|
|
104
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
105
|
+
|
|
106
|
+
assert_equal({ 'username' => 'jose' }, sanitized)
|
|
70
107
|
end
|
|
108
|
+
end
|
|
71
109
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
110
|
+
test 'adding new parameters with a block' do
|
|
111
|
+
assert_deprecated do
|
|
112
|
+
sanitizer = sanitizer('user' => { 'username' => 'jose' })
|
|
113
|
+
sanitizer.for(:sign_in) { |user| user.permit(:username) }
|
|
75
114
|
|
|
76
|
-
|
|
115
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
116
|
+
|
|
117
|
+
assert_equal({ 'username' => 'jose' }, sanitized)
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
test 'removing multiple default parameters' do
|
|
122
|
+
assert_deprecated do
|
|
123
|
+
sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid', 'remember_me' => '1' })
|
|
124
|
+
sanitizer.for(:sign_in).delete(:email)
|
|
125
|
+
sanitizer.for(:sign_in).delete(:password)
|
|
126
|
+
sanitized = sanitizer.sanitize(:sign_in)
|
|
77
127
|
|
|
78
|
-
|
|
128
|
+
assert_equal({ 'remember_me' => '1' }, sanitized)
|
|
79
129
|
end
|
|
80
130
|
end
|
|
81
131
|
end
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
|
|
4
4
|
class ApplicationController < ActionController::Base
|
|
5
5
|
protect_from_forgery
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
before_action :current_user, unless: :devise_controller?
|
|
7
|
+
before_action :authenticate_user!, if: :devise_controller?
|
|
8
8
|
respond_to *Mime::SET.map(&:to_sym)
|
|
9
9
|
|
|
10
10
|
devise_group :commenter, contains: [:user, :admin]
|
|
@@ -20,6 +20,10 @@ class HomeController < ApplicationController
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def unauthenticated
|
|
23
|
-
|
|
23
|
+
if Devise.rails5?
|
|
24
|
+
render body: "unauthenticated", status: :unauthorized
|
|
25
|
+
else
|
|
26
|
+
render text: "unauthenticated", status: :unauthorized
|
|
27
|
+
end
|
|
24
28
|
end
|
|
25
29
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
2
2
|
def facebook
|
|
3
|
-
data = env["omniauth.auth"]
|
|
3
|
+
data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : env["omniauth.auth"]
|
|
4
4
|
session["devise.facebook_data"] = data["extra"]["user_hash"]
|
|
5
5
|
render json: data
|
|
6
6
|
end
|
|
@@ -9,6 +9,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
|
9
9
|
user = User.to_adapter.find_first(email: 'user@test.com')
|
|
10
10
|
user.remember_me = true
|
|
11
11
|
sign_in user
|
|
12
|
-
render
|
|
12
|
+
render (Devise.rails5? ? :body : :text) => ""
|
|
13
13
|
end
|
|
14
14
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class UsersController < ApplicationController
|
|
2
|
-
|
|
3
|
-
|
|
2
|
+
prepend_before_action :current_user, only: :exhibit
|
|
3
|
+
before_action :authenticate_user!, except: [:accept, :exhibit]
|
|
4
4
|
respond_to :html, :xml
|
|
5
5
|
|
|
6
6
|
def index
|
|
@@ -13,7 +13,7 @@ class UsersController < ApplicationController
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def update_form
|
|
16
|
-
render
|
|
16
|
+
render (Devise.rails5? ? :body : :text) => 'Update'
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def accept
|
|
@@ -21,11 +21,11 @@ class UsersController < ApplicationController
|
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
def exhibit
|
|
24
|
-
render
|
|
24
|
+
render (Devise.rails5? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated"
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def expire
|
|
28
28
|
user_session['last_request_at'] = 31.minutes.ago.utc
|
|
29
|
-
render
|
|
29
|
+
render (Devise.rails5? ? :body : :text) => 'User will be expired on next request'
|
|
30
30
|
end
|
|
31
31
|
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require "shared_user_without_email"
|
|
2
|
+
|
|
3
|
+
class UserWithoutEmail
|
|
4
|
+
include Mongoid::Document
|
|
5
|
+
include Shim
|
|
6
|
+
include SharedUserWithoutEmail
|
|
7
|
+
|
|
8
|
+
field :username, type: String
|
|
9
|
+
field :facebook_token, type: String
|
|
10
|
+
|
|
11
|
+
## Database authenticatable
|
|
12
|
+
field :email, type: String, default: ""
|
|
13
|
+
field :encrypted_password, type: String, default: ""
|
|
14
|
+
|
|
15
|
+
## Recoverable
|
|
16
|
+
field :reset_password_token, type: String
|
|
17
|
+
field :reset_password_sent_at, type: Time
|
|
18
|
+
|
|
19
|
+
## Rememberable
|
|
20
|
+
field :remember_created_at, type: Time
|
|
21
|
+
|
|
22
|
+
## Trackable
|
|
23
|
+
field :sign_in_count, type: Integer, default: 0
|
|
24
|
+
field :current_sign_in_at, type: Time
|
|
25
|
+
field :last_sign_in_at, type: Time
|
|
26
|
+
field :current_sign_in_ip, type: String
|
|
27
|
+
field :last_sign_in_ip, type: String
|
|
28
|
+
|
|
29
|
+
## Lockable
|
|
30
|
+
field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
|
31
|
+
field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
|
32
|
+
field :locked_at, type: Time
|
|
33
|
+
end
|
|
@@ -28,7 +28,7 @@ module RailsApp
|
|
|
28
28
|
|
|
29
29
|
# Configure sensitive parameters which will be filtered from the log file.
|
|
30
30
|
config.filter_parameters << :password
|
|
31
|
-
config.assets.enabled = false
|
|
31
|
+
# config.assets.enabled = false
|
|
32
32
|
|
|
33
33
|
config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
|
|
34
34
|
|
|
@@ -3,12 +3,12 @@ unless defined?(DEVISE_ORM)
|
|
|
3
3
|
end
|
|
4
4
|
|
|
5
5
|
module Devise
|
|
6
|
-
# Detection for minor differences between Rails
|
|
7
|
-
def self.
|
|
8
|
-
Rails.version.start_with? '
|
|
6
|
+
# Detection for minor differences between Rails 4 and 5 in tests.
|
|
7
|
+
def self.rails5?
|
|
8
|
+
Rails.version.start_with? '5'
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
# Set up gems listed in the Gemfile.
|
|
13
13
|
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
|
|
14
|
-
require 'bundler/setup' if File.
|
|
14
|
+
require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
|
|
@@ -19,7 +19,12 @@ RailsApp::Application.configure do
|
|
|
19
19
|
else
|
|
20
20
|
config.serve_static_assets = true
|
|
21
21
|
end
|
|
22
|
-
|
|
22
|
+
|
|
23
|
+
if Rails.version >= "5.0.0"
|
|
24
|
+
config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'}
|
|
25
|
+
else
|
|
26
|
+
config.static_cache_control = "public, max-age=3600"
|
|
27
|
+
end
|
|
23
28
|
|
|
24
29
|
# Show full error reports and disable caching.
|
|
25
30
|
config.consider_all_requests_local = true
|
|
@@ -135,7 +135,7 @@ Devise.setup do |config|
|
|
|
135
135
|
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
|
136
136
|
# config.sign_in_after_reset_password = true
|
|
137
137
|
|
|
138
|
-
#
|
|
138
|
+
# Set up a pepper to generate the encrypted password.
|
|
139
139
|
config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
|
|
140
140
|
|
|
141
141
|
# ==> Scopes configuration
|
|
@@ -1,8 +1,3 @@
|
|
|
1
1
|
config = Rails.application.config
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'
|
|
5
|
-
else
|
|
6
|
-
config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571'
|
|
7
|
-
config.session_store :cookie_store, key: "_my_app"
|
|
8
|
-
end
|
|
3
|
+
config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'
|
|
@@ -28,6 +28,11 @@ Rails.application.routes.draw do
|
|
|
28
28
|
router_name: :fake_engine,
|
|
29
29
|
module: :devise
|
|
30
30
|
|
|
31
|
+
devise_for :user_without_email,
|
|
32
|
+
class_name: 'UserWithoutEmail',
|
|
33
|
+
router_name: :main_app,
|
|
34
|
+
module: :devise
|
|
35
|
+
|
|
31
36
|
as :user do
|
|
32
37
|
get "/as/sign_in", to: "devise/sessions#new"
|
|
33
38
|
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
module SharedUserWithoutEmail
|
|
2
|
+
extend ActiveSupport::Concern
|
|
3
|
+
|
|
4
|
+
included do
|
|
5
|
+
# NOTE: This is missing :validatable and :confirmable, as they both require
|
|
6
|
+
# an email field at the moment. It is also missing :omniauthable because that
|
|
7
|
+
# adds unnecessary complexity to the setup
|
|
8
|
+
devise :database_authenticatable, :lockable, :recoverable,
|
|
9
|
+
:registerable, :rememberable, :timeoutable,
|
|
10
|
+
:trackable
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# This test stub is a bit rubbish because it's tied very closely to the
|
|
14
|
+
# implementation where we care about this one case. However, completely
|
|
15
|
+
# removing the email field breaks "recoverable" tests completely, so we are
|
|
16
|
+
# just taking the approach here that "email" is something that is a not an
|
|
17
|
+
# ActiveRecord field.
|
|
18
|
+
def email_changed?
|
|
19
|
+
raise NoMethodError
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def respond_to?(method_name, include_all=false)
|
|
23
|
+
return false if method_name.to_sym == :email_changed?
|
|
24
|
+
super(method_name, include_all)
|
|
25
|
+
end
|
|
26
|
+
end
|
data/test/routes_test.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
ExpectedRoutingError =
|
|
3
|
+
ExpectedRoutingError = MiniTest::Assertion
|
|
4
4
|
|
|
5
5
|
class DefaultRoutingTest < ActionController::TestCase
|
|
6
6
|
test 'map new user session' do
|
|
@@ -96,12 +96,12 @@ class DefaultRoutingTest < ActionController::TestCase
|
|
|
96
96
|
test 'map omniauth callbacks' do
|
|
97
97
|
assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :get})
|
|
98
98
|
assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :post})
|
|
99
|
-
assert_named_route "/users/auth/facebook/callback", :
|
|
99
|
+
assert_named_route "/users/auth/facebook/callback", :user_facebook_omniauth_callback_path
|
|
100
100
|
|
|
101
101
|
# named open_id
|
|
102
102
|
assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :get})
|
|
103
103
|
assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :post})
|
|
104
|
-
assert_named_route "/users/auth/google/callback", :
|
|
104
|
+
assert_named_route "/users/auth/google/callback", :user_google_omniauth_callback_path
|
|
105
105
|
|
|
106
106
|
assert_raise ExpectedRoutingError do
|
|
107
107
|
assert_recognizes({controller: 'ysers/omniauth_callbacks', action: 'twitter'}, {path: 'users/auth/twitter/callback', method: :get})
|
|
@@ -202,37 +202,52 @@ class CustomizedRoutingTest < ActionController::TestCase
|
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
test 'map with format false for sessions' do
|
|
205
|
-
|
|
205
|
+
expected_params = {controller: 'devise/sessions', action: 'new'}
|
|
206
|
+
expected_params[:format] = false if Devise.rails5?
|
|
207
|
+
|
|
208
|
+
assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get})
|
|
206
209
|
assert_raise ExpectedRoutingError do
|
|
207
|
-
assert_recognizes(
|
|
210
|
+
assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in.xml', method: :get})
|
|
208
211
|
end
|
|
209
212
|
end
|
|
210
213
|
|
|
211
214
|
test 'map with format false for passwords' do
|
|
212
|
-
|
|
215
|
+
expected_params = {controller: 'devise/passwords', action: 'create'}
|
|
216
|
+
expected_params[:format] = false if Devise.rails5?
|
|
217
|
+
|
|
218
|
+
assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post})
|
|
213
219
|
assert_raise ExpectedRoutingError do
|
|
214
|
-
assert_recognizes(
|
|
220
|
+
assert_recognizes(expected_params, {path: '/htmlonly_admin/password.xml', method: :post})
|
|
215
221
|
end
|
|
216
222
|
end
|
|
217
223
|
|
|
218
224
|
test 'map with format false for registrations' do
|
|
219
|
-
|
|
225
|
+
expected_params = {controller: 'devise/registrations', action: 'new'}
|
|
226
|
+
expected_params[:format] = false if Devise.rails5?
|
|
227
|
+
|
|
228
|
+
assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get})
|
|
220
229
|
assert_raise ExpectedRoutingError do
|
|
221
|
-
assert_recognizes(
|
|
230
|
+
assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up.xml', method: :get})
|
|
222
231
|
end
|
|
223
232
|
end
|
|
224
233
|
|
|
225
234
|
test 'map with format false for confirmations' do
|
|
226
|
-
|
|
235
|
+
expected_params = {controller: 'devise/confirmations', action: 'show'}
|
|
236
|
+
expected_params[:format] = false if Devise.rails5?
|
|
237
|
+
|
|
238
|
+
assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get})
|
|
227
239
|
assert_raise ExpectedRoutingError do
|
|
228
|
-
assert_recognizes(
|
|
240
|
+
assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation.xml', method: :get})
|
|
229
241
|
end
|
|
230
242
|
end
|
|
231
243
|
|
|
232
244
|
test 'map with format false for unlocks' do
|
|
233
|
-
|
|
245
|
+
expected_params = {controller: 'devise/unlocks', action: 'show'}
|
|
246
|
+
expected_params[:format] = false if Devise.rails5?
|
|
247
|
+
|
|
248
|
+
assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get})
|
|
234
249
|
assert_raise ExpectedRoutingError do
|
|
235
|
-
assert_recognizes(
|
|
250
|
+
assert_recognizes(expected_params, {path: '/htmlonly_users/unlock.xml', method: :get})
|
|
236
251
|
end
|
|
237
252
|
end
|
|
238
253
|
|
data/test/support/helpers.rb
CHANGED
|
@@ -46,6 +46,10 @@ class ActiveSupport::TestCase
|
|
|
46
46
|
Admin.create!(valid_attributes)
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
def create_user_without_email(attributes={})
|
|
50
|
+
UserWithoutEmail.create!(valid_attributes(attributes))
|
|
51
|
+
end
|
|
52
|
+
|
|
49
53
|
# Execute the block setting the given values and restoring old values after
|
|
50
54
|
# the block is executed.
|
|
51
55
|
def swap(object, new_values)
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
module Devise
|
|
2
|
+
class IntegrationTest < ActionDispatch::IntegrationTest
|
|
3
|
+
# %w( get post patch put head delete xml_http_request
|
|
4
|
+
# xhr get_via_redirect post_via_redirect
|
|
5
|
+
# ).each do |method|
|
|
6
|
+
%w( get post put ).each do |method|
|
|
7
|
+
if Rails.version >= '5.0.0'
|
|
8
|
+
define_method(method) do |url, options={}|
|
|
9
|
+
if options.empty?
|
|
10
|
+
super url
|
|
11
|
+
else
|
|
12
|
+
super url, options
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
else
|
|
16
|
+
define_method(method) do |url, options={}|
|
|
17
|
+
if options[:xhr]==true
|
|
18
|
+
xml_http_request __method__, url, options[:params] || {}, options[:headers]
|
|
19
|
+
else
|
|
20
|
+
super url, options[:params] || {}, options[:headers]
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
class ControllerTestCase < ActionController::TestCase
|
|
28
|
+
# %w( get post patch put head delete xml_http_request
|
|
29
|
+
# xhr get_via_redirect post_via_redirect
|
|
30
|
+
# ).each do |method|
|
|
31
|
+
%w( get post put ).each do |method|
|
|
32
|
+
if Rails.version >= '5.0.0'
|
|
33
|
+
define_method(method) do |action, options={}|
|
|
34
|
+
if options.empty?
|
|
35
|
+
super action
|
|
36
|
+
else
|
|
37
|
+
super action, options
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
else
|
|
41
|
+
define_method(method) do |action, options={}|
|
|
42
|
+
if options[:xhr]==true
|
|
43
|
+
xml_http_request __method__, action, options[:params] || {}, options[:headers]
|
|
44
|
+
else
|
|
45
|
+
super action, options[:params] || {}, options[:headers]
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
@@ -14,6 +14,15 @@ module Webrat
|
|
|
14
14
|
::Rails.logger
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
|
+
|
|
18
|
+
class RailsAdapter
|
|
19
|
+
protected
|
|
20
|
+
|
|
21
|
+
def do_request(http_method, url, data, headers)
|
|
22
|
+
update_protocol(url)
|
|
23
|
+
integration_session.send(http_method, normalize_url(url), params: data, headers: headers)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
17
26
|
end
|
|
18
27
|
|
|
19
28
|
module ActionDispatch #:nodoc:
|
data/test/test_helpers_test.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class TestHelpersTest <
|
|
3
|
+
class TestHelpersTest < Devise::ControllerTestCase
|
|
4
4
|
tests UsersController
|
|
5
5
|
include Devise::TestHelpers
|
|
6
6
|
|
|
@@ -27,7 +27,7 @@ class TestHelpersTest < ActionController::TestCase
|
|
|
27
27
|
assert !user.active_for_authentication?
|
|
28
28
|
|
|
29
29
|
sign_in user
|
|
30
|
-
get :accept, id: user
|
|
30
|
+
get :accept, params: { id: user }
|
|
31
31
|
assert_nil assigns(:current_user)
|
|
32
32
|
end
|
|
33
33
|
end
|
|
@@ -68,13 +68,13 @@ class TestHelpersTest < ActionController::TestCase
|
|
|
68
68
|
test "respects custom failure app" do
|
|
69
69
|
custom_failure_app = Class.new(Devise::FailureApp) do
|
|
70
70
|
def redirect
|
|
71
|
-
self.status =
|
|
71
|
+
self.status = 300
|
|
72
72
|
end
|
|
73
73
|
end
|
|
74
74
|
|
|
75
75
|
swap Devise.warden_config, failure_app: custom_failure_app do
|
|
76
76
|
get :index
|
|
77
|
-
assert_response
|
|
77
|
+
assert_response 300
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
@@ -163,7 +163,7 @@ class TestHelpersTest < ActionController::TestCase
|
|
|
163
163
|
|
|
164
164
|
test "creates a new warden proxy if the request object has changed" do
|
|
165
165
|
old_warden_proxy = warden
|
|
166
|
-
@request = ActionController::TestRequest.new
|
|
166
|
+
@request = Devise.rails5? ? ActionController::TestRequest.create : ActionController::TestRequest.new
|
|
167
167
|
new_warden_proxy = warden
|
|
168
168
|
|
|
169
169
|
assert_not_equal old_warden_proxy, new_warden_proxy
|