devise 3.5.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +14 -15
- data/CHANGELOG.md +57 -1125
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +3 -3
- data/Gemfile.lock +80 -80
- data/MIT-LICENSE +1 -1
- data/README.md +27 -18
- data/app/controllers/devise/confirmations_controller.rb +1 -1
- data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
- data/app/controllers/devise/passwords_controller.rb +5 -4
- data/app/controllers/devise/registrations_controller.rb +5 -5
- data/app/controllers/devise/sessions_controller.rb +7 -7
- data/app/controllers/devise/unlocks_controller.rb +2 -2
- data/app/controllers/devise_controller.rb +20 -9
- data/app/mailers/devise/mailer.rb +4 -0
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/shared/_links.html.erb +1 -1
- data/bin/test +13 -0
- data/config/locales/en.yml +2 -0
- data/devise.gemspec +2 -3
- data/gemfiles/Gemfile.rails-4.1-stable +4 -4
- data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
- data/gemfiles/Gemfile.rails-4.2-stable +4 -4
- data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
- data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
- data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
- data/lib/devise/controllers/helpers.rb +20 -24
- data/lib/devise/controllers/rememberable.rb +8 -1
- data/lib/devise/encryptor.rb +4 -4
- data/lib/devise/failure_app.rb +33 -12
- data/lib/devise/hooks/timeoutable.rb +5 -3
- data/lib/devise/mailers/helpers.rb +1 -1
- data/lib/devise/models/authenticatable.rb +5 -1
- data/lib/devise/models/confirmable.rb +6 -6
- data/lib/devise/models/database_authenticatable.rb +20 -7
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/recoverable.rb +3 -7
- data/lib/devise/models/rememberable.rb +38 -24
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/models.rb +1 -1
- data/lib/devise/omniauth/url_helpers.rb +62 -4
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails/routes.rb +54 -31
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/rails.rb +1 -10
- data/lib/devise/strategies/authenticatable.rb +1 -1
- data/lib/devise/strategies/database_authenticatable.rb +3 -3
- data/lib/devise/strategies/rememberable.rb +3 -6
- data/lib/devise/test_helpers.rb +10 -5
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +115 -20
- data/lib/generators/active_record/devise_generator.rb +11 -5
- data/lib/generators/active_record/templates/migration.rb +2 -2
- data/lib/generators/active_record/templates/migration_existing.rb +2 -2
- data/lib/generators/devise/install_generator.rb +15 -0
- data/lib/generators/devise/orm_helpers.rb +1 -18
- data/lib/generators/devise/views_generator.rb +14 -3
- data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
- data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
- data/lib/generators/templates/devise.rb +19 -17
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/test/controllers/custom_registrations_controller_test.rb +5 -5
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +22 -0
- data/test/controllers/helpers_test.rb +1 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
- data/test/controllers/internal_helpers_test.rb +8 -10
- data/test/controllers/load_hooks_controller_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +4 -3
- data/test/controllers/sessions_controller_test.rb +21 -18
- data/test/controllers/url_helpers_test.rb +1 -1
- data/test/devise_test.rb +27 -0
- data/test/failure_app_test.rb +37 -15
- data/test/generators/active_record_generator_test.rb +0 -26
- data/test/generators/install_generator_test.rb +14 -3
- data/test/generators/views_generator_test.rb +7 -0
- data/test/helpers/devise_helper_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +18 -18
- data/test/integration/confirmable_test.rb +5 -5
- data/test/integration/database_authenticatable_test.rb +1 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +4 -3
- data/test/integration/omniauthable_test.rb +12 -10
- data/test/integration/recoverable_test.rb +10 -10
- data/test/integration/registerable_test.rb +9 -11
- data/test/integration/rememberable_test.rb +42 -7
- data/test/integration/timeoutable_test.rb +16 -4
- data/test/integration/trackable_test.rb +1 -1
- data/test/mailers/confirmation_instructions_test.rb +6 -6
- data/test/mailers/reset_password_instructions_test.rb +5 -5
- data/test/mailers/unlock_instructions_test.rb +5 -5
- data/test/models/confirmable_test.rb +25 -1
- data/test/models/database_authenticatable_test.rb +26 -6
- data/test/models/lockable_test.rb +1 -1
- data/test/models/recoverable_test.rb +23 -0
- data/test/models/rememberable_test.rb +48 -95
- data/test/models/validatable_test.rb +2 -10
- data/test/models_test.rb +15 -6
- data/test/omniauth/url_helpers_test.rb +4 -7
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +1 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -1
- data/test/rails_app/app/controllers/application_controller.rb +2 -2
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
- data/test/rails_app/app/controllers/users_controller.rb +5 -5
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/config/application.rb +1 -1
- data/test/rails_app/config/boot.rb +4 -4
- data/test/rails_app/config/environments/test.rb +6 -1
- data/test/rails_app/config/initializers/devise.rb +1 -1
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/rails_app/config/routes.rb +5 -0
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/routes_test.rb +28 -13
- data/test/support/helpers.rb +4 -0
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helpers_test.rb +5 -5
- data/test/test_models.rb +1 -1
- metadata +41 -45
- data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
- data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
- data/script/cached-bundle +0 -49
- data/script/s3-put +0 -71
|
@@ -4,13 +4,9 @@ Devise.setup do |config|
|
|
|
4
4
|
# The secret key used by Devise. Devise uses this key to generate
|
|
5
5
|
# random tokens. Changing this key will render invalid all existing
|
|
6
6
|
# confirmation, reset password and unlock tokens in the database.
|
|
7
|
-
# Devise will use the `secret_key_base`
|
|
7
|
+
# Devise will use the `secret_key_base` as its `secret_key`
|
|
8
8
|
# by default. You can change it below and use your own secret key.
|
|
9
|
-
<% if rails_4? -%>
|
|
10
9
|
# config.secret_key = '<%= SecureRandom.hex(64) %>'
|
|
11
|
-
<% else -%>
|
|
12
|
-
config.secret_key = '<%= SecureRandom.hex(64) %>'
|
|
13
|
-
<% end -%>
|
|
14
10
|
|
|
15
11
|
# ==> Mailer Configuration
|
|
16
12
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
|
@@ -21,6 +17,9 @@ Devise.setup do |config|
|
|
|
21
17
|
# Configure the class responsible to send e-mails.
|
|
22
18
|
# config.mailer = 'Devise::Mailer'
|
|
23
19
|
|
|
20
|
+
# Configure the parent class responsible to send e-mails.
|
|
21
|
+
# config.parent_mailer = 'ActionMailer::Base'
|
|
22
|
+
|
|
24
23
|
# ==> ORM configuration
|
|
25
24
|
# Load and configure the ORM. Supports :active_record (default) and
|
|
26
25
|
# :mongoid (bson_ext recommended) by default. Other ORMs may be
|
|
@@ -92,19 +91,22 @@ Devise.setup do |config|
|
|
|
92
91
|
# config.clean_up_csrf_token_on_authentication = true
|
|
93
92
|
|
|
94
93
|
# ==> Configuration for :database_authenticatable
|
|
95
|
-
# For bcrypt, this is the cost for hashing the password and defaults to
|
|
96
|
-
# using other
|
|
94
|
+
# For bcrypt, this is the cost for hashing the password and defaults to 11. If
|
|
95
|
+
# using other algorithms, it sets how many times you want the password to be hashed.
|
|
97
96
|
#
|
|
98
97
|
# Limiting the stretches to just one in testing will increase the performance of
|
|
99
98
|
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
|
|
100
99
|
# a value less than 10 in other environments. Note that, for bcrypt (the default
|
|
101
|
-
#
|
|
100
|
+
# algorithm), the cost increases exponentially with the number of stretches (e.g.
|
|
102
101
|
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
|
|
103
|
-
config.stretches = Rails.env.test? ? 1 :
|
|
102
|
+
config.stretches = Rails.env.test? ? 1 : 11
|
|
104
103
|
|
|
105
|
-
#
|
|
104
|
+
# Set up a pepper to generate the hashed password.
|
|
106
105
|
# config.pepper = '<%= SecureRandom.hex(64) %>'
|
|
107
106
|
|
|
107
|
+
# Send a notification email when the user's password is changed
|
|
108
|
+
# config.send_password_change_notification = false
|
|
109
|
+
|
|
108
110
|
# ==> Configuration for :confirmable
|
|
109
111
|
# A period that the user is allowed to access the website even without
|
|
110
112
|
# confirming their account. For instance, if set to 2.days, the user will be
|
|
@@ -146,12 +148,12 @@ Devise.setup do |config|
|
|
|
146
148
|
|
|
147
149
|
# ==> Configuration for :validatable
|
|
148
150
|
# Range for password length.
|
|
149
|
-
config.password_length =
|
|
151
|
+
config.password_length = 6..128
|
|
150
152
|
|
|
151
153
|
# Email regex used to validate email formats. It simply asserts that
|
|
152
154
|
# one (and only one) @ exists in the given string. This is mainly
|
|
153
155
|
# to give user feedback and not to assert the e-mail validity.
|
|
154
|
-
|
|
156
|
+
config.email_regexp = /\A[^@]+@[^@]+\z/
|
|
155
157
|
|
|
156
158
|
# ==> Configuration for :timeoutable
|
|
157
159
|
# The time you want to timeout the user session without activity. After this
|
|
@@ -199,11 +201,11 @@ Devise.setup do |config|
|
|
|
199
201
|
# config.sign_in_after_reset_password = true
|
|
200
202
|
|
|
201
203
|
# ==> Configuration for :encryptable
|
|
202
|
-
# Allow you to use another encryption algorithm besides bcrypt (default).
|
|
203
|
-
# :sha1, :sha512 or
|
|
204
|
-
# :authlogic_sha512 (then you should set stretches above to 20
|
|
205
|
-
# and :restful_authentication_sha1 (then you should set
|
|
206
|
-
# REST_AUTH_SITE_KEY to pepper).
|
|
204
|
+
# Allow you to use another hashing or encryption algorithm besides bcrypt (default).
|
|
205
|
+
# You can use :sha1, :sha512 or algorithms from others authentication tools as
|
|
206
|
+
# :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
|
|
207
|
+
# for default behavior) and :restful_authentication_sha1 (then you should set
|
|
208
|
+
# stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
|
|
207
209
|
#
|
|
208
210
|
# Require the `devise-encryptable` gem when using anything other than bcrypt
|
|
209
211
|
# config.encryptor = :sha512
|
|
@@ -2,7 +2,7 @@ Hello <%= @resource.email %>!
|
|
|
2
2
|
|
|
3
3
|
Someone has requested a link to change your password, and you can do this through the link below.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
[Change my password](<%= edit_password_url(@resource, reset_password_token: @token) %>)
|
|
6
6
|
|
|
7
7
|
If you didn't request this, please ignore this email.
|
|
8
8
|
Your password won't change until you access the link above and create a new one.
|
|
@@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in
|
|
|
4
4
|
|
|
5
5
|
Click the link below to unlock your account:
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
[Unlock my account](<%= unlock_url(@resource, unlock_token: @token) %>)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class CustomRegistrationsControllerTest <
|
|
3
|
+
class CustomRegistrationsControllerTest < Devise::ControllerTestCase
|
|
4
4
|
tests Custom::RegistrationsController
|
|
5
5
|
|
|
6
6
|
include Devise::TestHelpers
|
|
@@ -12,24 +12,24 @@ class CustomRegistrationsControllerTest < ActionController::TestCase
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
test "yield resource to block on create success" do
|
|
15
|
-
post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
|
|
15
|
+
post :create, params: { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
|
|
16
16
|
assert @controller.create_block_called?, "create failed to yield resource to provided block"
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
test "yield resource to block on create failure" do
|
|
20
|
-
post :create, { user: { } }
|
|
20
|
+
post :create, params: { user: { } }
|
|
21
21
|
assert @controller.create_block_called?, "create failed to yield resource to provided block"
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
test "yield resource to block on update success" do
|
|
25
25
|
sign_in @user
|
|
26
|
-
put :update, { user: { current_password: @password } }
|
|
26
|
+
put :update, params: { user: { current_password: @password } }
|
|
27
27
|
assert @controller.update_block_called?, "update failed to yield resource to provided block"
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
test "yield resource to block on update failure" do
|
|
31
31
|
sign_in @user
|
|
32
|
-
put :update, { user: { } }
|
|
32
|
+
put :update, params: { user: { } }
|
|
33
33
|
assert @controller.update_block_called?, "update failed to yield resource to provided block"
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -24,7 +24,7 @@ class CustomStrategy < Warden::Strategies::Base
|
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
class CustomStrategyTest <
|
|
27
|
+
class CustomStrategyTest < Devise::ControllerTestCase
|
|
28
28
|
tests CustomStrategyController
|
|
29
29
|
|
|
30
30
|
include Devise::TestHelpers
|
|
@@ -41,8 +41,9 @@ class CustomStrategyTest < ActionController::TestCase
|
|
|
41
41
|
ret = get :new
|
|
42
42
|
|
|
43
43
|
# check the returned rack array
|
|
44
|
-
assert ret.is_a?(Array)
|
|
45
|
-
assert_equal 400, ret.first
|
|
44
|
+
# assert ret.is_a?(Array)
|
|
45
|
+
# assert_equal 400, ret.first
|
|
46
|
+
assert ret.is_a?(ActionDispatch::TestResponse)
|
|
46
47
|
|
|
47
48
|
# check the saved response as well. This is purely so that the response is available to the testing framework
|
|
48
49
|
# for verification. In production, the above array would be delivered directly to Rack.
|
|
@@ -53,8 +54,9 @@ class CustomStrategyTest < ActionController::TestCase
|
|
|
53
54
|
ret = get :new
|
|
54
55
|
|
|
55
56
|
# check the returned rack array
|
|
56
|
-
assert ret.is_a?(Array)
|
|
57
|
-
assert_equal ret.third['X-FOO'], 'BAR'
|
|
57
|
+
# assert ret.is_a?(Array)
|
|
58
|
+
# assert_equal ret.third['X-FOO'], 'BAR'
|
|
59
|
+
assert ret.is_a?(ActionDispatch::TestResponse)
|
|
58
60
|
|
|
59
61
|
# check the saved response headers as well.
|
|
60
62
|
assert_equal response.headers['X-FOO'], 'BAR'
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class ApiController < ActionController::Metal
|
|
4
|
+
include Devise::Controllers::Helpers
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
class HelperMethodsTest < Devise::ControllerTestCase
|
|
8
|
+
tests ApiController
|
|
9
|
+
|
|
10
|
+
test 'includes Devise::Controllers::Helpers' do
|
|
11
|
+
assert_includes @controller.class.ancestors, Devise::Controllers::Helpers
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
test 'does not respond_to helper or helper_method' do
|
|
15
|
+
refute_respond_to @controller.class, :helper
|
|
16
|
+
refute_respond_to @controller.class, :helper_method
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
test 'defines methods like current_user' do
|
|
20
|
+
assert_respond_to @controller, :current_user
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -14,7 +14,7 @@ class AnotherInheritedController < SessionsInheritedController
|
|
|
14
14
|
end
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
class InheritedControllerTest <
|
|
17
|
+
class InheritedControllerTest < Devise::ControllerTestCase
|
|
18
18
|
tests SessionsInheritedController
|
|
19
19
|
|
|
20
20
|
def setup
|
|
@@ -32,7 +32,7 @@ class InheritedControllerTest < ActionController::TestCase
|
|
|
32
32
|
end
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
class AnotherInheritedControllerTest <
|
|
35
|
+
class AnotherInheritedControllerTest < Devise::ControllerTestCase
|
|
36
36
|
tests AnotherInheritedController
|
|
37
37
|
|
|
38
38
|
def setup
|
|
@@ -3,7 +3,7 @@ require 'test_helper'
|
|
|
3
3
|
class MyController < DeviseController
|
|
4
4
|
end
|
|
5
5
|
|
|
6
|
-
class HelpersTest <
|
|
6
|
+
class HelpersTest < Devise::ControllerTestCase
|
|
7
7
|
tests MyController
|
|
8
8
|
|
|
9
9
|
def setup
|
|
@@ -36,18 +36,16 @@ class HelpersTest < ActionController::TestCase
|
|
|
36
36
|
test 'get resource params from request params using resource name as key' do
|
|
37
37
|
user_params = {'email' => 'shirley@templar.com'}
|
|
38
38
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
39
|
+
# Stub controller name so strong parameters can filter properly.
|
|
40
|
+
# DeviseController does not allow any parameters by default.
|
|
41
|
+
@controller.stubs(:controller_name).returns(:sessions_controller)
|
|
42
|
+
|
|
43
|
+
params = ActionController::Parameters.new({'user' => user_params})
|
|
43
44
|
|
|
44
|
-
ActionController::Parameters.new({'user' => user_params})
|
|
45
|
-
else
|
|
46
|
-
HashWithIndifferentAccess.new({'user' => user_params})
|
|
47
|
-
end
|
|
48
45
|
@controller.stubs(:params).returns(params)
|
|
49
46
|
|
|
50
|
-
|
|
47
|
+
res_params = @controller.send(:resource_params).permit!.to_h
|
|
48
|
+
assert_equal user_params, res_params
|
|
51
49
|
end
|
|
52
50
|
|
|
53
51
|
test 'resources methods are not controller actions' do
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class PasswordsControllerTest <
|
|
3
|
+
class PasswordsControllerTest < Devise::ControllerTestCase
|
|
4
4
|
tests Devise::PasswordsController
|
|
5
5
|
include Devise::TestHelpers
|
|
6
6
|
|
|
@@ -11,8 +11,9 @@ class PasswordsControllerTest < ActionController::TestCase
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def put_update_with_params
|
|
14
|
-
put :update, "user" => {
|
|
15
|
-
|
|
14
|
+
put :update, params: { "user" => {
|
|
15
|
+
"reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567"
|
|
16
|
+
}
|
|
16
17
|
}
|
|
17
18
|
end
|
|
18
19
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'test_helper'
|
|
2
2
|
|
|
3
|
-
class SessionsControllerTest <
|
|
3
|
+
class SessionsControllerTest < Devise::ControllerTestCase
|
|
4
4
|
tests Devise::SessionsController
|
|
5
5
|
include Devise::TestHelpers
|
|
6
6
|
|
|
@@ -12,9 +12,10 @@ class SessionsControllerTest < ActionController::TestCase
|
|
|
12
12
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
13
13
|
request.session["user_return_to"] = 'foo.bar'
|
|
14
14
|
create_user
|
|
15
|
-
post :create, user: {
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
post :create, params: { user: {
|
|
16
|
+
email: "wrong@email.com",
|
|
17
|
+
password: "wrongpassword"
|
|
18
|
+
}
|
|
18
19
|
}
|
|
19
20
|
assert_equal 200, @response.status
|
|
20
21
|
ensure
|
|
@@ -37,11 +38,11 @@ class SessionsControllerTest < ActionController::TestCase
|
|
|
37
38
|
|
|
38
39
|
user = create_user
|
|
39
40
|
user.confirm
|
|
40
|
-
post :create, user: {
|
|
41
|
-
|
|
42
|
-
|
|
41
|
+
post :create, params: { user: {
|
|
42
|
+
email: user.email,
|
|
43
|
+
password: user.password
|
|
44
|
+
}
|
|
43
45
|
}
|
|
44
|
-
|
|
45
46
|
assert_nil request.session["user_return_to"]
|
|
46
47
|
end
|
|
47
48
|
|
|
@@ -51,9 +52,10 @@ class SessionsControllerTest < ActionController::TestCase
|
|
|
51
52
|
|
|
52
53
|
user = create_user
|
|
53
54
|
user.confirm
|
|
54
|
-
post :create, format: 'json', user: {
|
|
55
|
-
|
|
56
|
-
|
|
55
|
+
post :create, params: { format: 'json', user: {
|
|
56
|
+
email: user.email,
|
|
57
|
+
password: user.password
|
|
58
|
+
}
|
|
57
59
|
}
|
|
58
60
|
|
|
59
61
|
assert_equal 'foo.bar', request.session["user_return_to"]
|
|
@@ -61,9 +63,10 @@ class SessionsControllerTest < ActionController::TestCase
|
|
|
61
63
|
|
|
62
64
|
test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
|
|
63
65
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
64
|
-
post :create, user: {
|
|
65
|
-
|
|
66
|
-
|
|
66
|
+
post :create, params: { user: {
|
|
67
|
+
email: "nosuchuser@example.com",
|
|
68
|
+
password: "wevdude"
|
|
69
|
+
}
|
|
67
70
|
}
|
|
68
71
|
assert_equal 200, @response.status
|
|
69
72
|
assert_template "devise/sessions/new"
|
|
@@ -73,11 +76,11 @@ class SessionsControllerTest < ActionController::TestCase
|
|
|
73
76
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
74
77
|
user = create_user
|
|
75
78
|
user.confirm
|
|
76
|
-
post :create, format: 'json', user: {
|
|
77
|
-
|
|
78
|
-
|
|
79
|
+
post :create, params: { format: 'json', user: {
|
|
80
|
+
email: user.email,
|
|
81
|
+
password: user.password
|
|
82
|
+
}
|
|
79
83
|
}
|
|
80
|
-
|
|
81
84
|
delete :destroy, format: 'json'
|
|
82
85
|
assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
|
|
83
86
|
assert_equal 204, @response.status
|
data/test/devise_test.rb
CHANGED
|
@@ -35,6 +35,33 @@ class DeviseTest < ActiveSupport::TestCase
|
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
+
test 'setup block warns about defaults changing' do
|
|
39
|
+
Devise.app_set_configs = Set.new
|
|
40
|
+
|
|
41
|
+
ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /email_regexp/ }
|
|
42
|
+
ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ }
|
|
43
|
+
ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ }
|
|
44
|
+
ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ }
|
|
45
|
+
ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /strip_whitespace_keys/ }
|
|
46
|
+
|
|
47
|
+
Devise.setup do
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
test 'setup block doest not warns when the change is explicit set' do
|
|
52
|
+
ActiveSupport::Deprecation.expects(:warn).never
|
|
53
|
+
|
|
54
|
+
swap Devise,
|
|
55
|
+
email_regexp: /@/,
|
|
56
|
+
reconfirmable: false,
|
|
57
|
+
sign_out_via: :get,
|
|
58
|
+
skip_session_storage: [],
|
|
59
|
+
strip_whitespace_keys: [] do
|
|
60
|
+
Devise.setup do
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
38
65
|
test 'stores warden configuration' do
|
|
39
66
|
assert_kind_of Devise::Delegator, Devise.warden_config.failure_app
|
|
40
67
|
assert_equal :user, Devise.warden_config.default_scope
|
data/test/failure_app_test.rb
CHANGED
|
@@ -53,11 +53,16 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
53
53
|
'REQUEST_METHOD' => 'GET',
|
|
54
54
|
'warden.options' => { scope: :user },
|
|
55
55
|
'rack.session' => {},
|
|
56
|
-
'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime
|
|
56
|
+
'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime[:html]),
|
|
57
57
|
'rack.input' => "",
|
|
58
58
|
'warden' => OpenStruct.new(message: nil)
|
|
59
59
|
}.merge!(env_params)
|
|
60
60
|
|
|
61
|
+
# Passing nil for action_dispatch.request.formats prevents the default from being used in Rails 5, need to remove it
|
|
62
|
+
if env.has_key?('action_dispatch.request.formats') && env['action_dispatch.request.formats'].nil?
|
|
63
|
+
env.delete 'action_dispatch.request.formats' unless env['action_dispatch.request.formats']
|
|
64
|
+
end
|
|
65
|
+
|
|
61
66
|
@response = (env.delete(:app) || Devise::FailureApp).call(env).to_a
|
|
62
67
|
@request = ActionDispatch::Request.new(env)
|
|
63
68
|
end
|
|
@@ -155,7 +160,7 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
155
160
|
assert_equal 'text/html; charset=utf-8', @response.second['Content-Type']
|
|
156
161
|
end
|
|
157
162
|
|
|
158
|
-
test '
|
|
163
|
+
test 'set up a default message' do
|
|
159
164
|
call_failure
|
|
160
165
|
assert_match(/You are being/, @response.last.body)
|
|
161
166
|
assert_match(/redirected/, @response.last.body)
|
|
@@ -164,14 +169,14 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
164
169
|
|
|
165
170
|
test 'works for any navigational format' do
|
|
166
171
|
swap Devise, navigational_formats: [:xml] do
|
|
167
|
-
call_failure('formats' => Mime
|
|
172
|
+
call_failure('formats' => Mime[:xml])
|
|
168
173
|
assert_equal 302, @response.first
|
|
169
174
|
end
|
|
170
175
|
end
|
|
171
176
|
|
|
172
177
|
test 'redirects the correct format if it is a non-html format request' do
|
|
173
178
|
swap Devise, navigational_formats: [:js] do
|
|
174
|
-
call_failure('formats' => Mime
|
|
179
|
+
call_failure('formats' => Mime[:js])
|
|
175
180
|
assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"]
|
|
176
181
|
end
|
|
177
182
|
end
|
|
@@ -179,18 +184,18 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
179
184
|
|
|
180
185
|
context 'For HTTP request' do
|
|
181
186
|
test 'return 401 status' do
|
|
182
|
-
call_failure('formats' => Mime
|
|
187
|
+
call_failure('formats' => Mime[:xml])
|
|
183
188
|
assert_equal 401, @response.first
|
|
184
189
|
end
|
|
185
190
|
|
|
186
191
|
test 'return appropriate body for xml' do
|
|
187
|
-
call_failure('formats' => Mime
|
|
192
|
+
call_failure('formats' => Mime[:xml])
|
|
188
193
|
result = %(<?xml version="1.0" encoding="UTF-8"?>\n<errors>\n <error>You need to sign in or sign up before continuing.</error>\n</errors>\n)
|
|
189
194
|
assert_equal result, @response.last.body
|
|
190
195
|
end
|
|
191
196
|
|
|
192
197
|
test 'return appropriate body for json' do
|
|
193
|
-
call_failure('formats' => Mime
|
|
198
|
+
call_failure('formats' => Mime[:json])
|
|
194
199
|
result = %({"error":"You need to sign in or sign up before continuing."})
|
|
195
200
|
assert_equal result, @response.last.body
|
|
196
201
|
end
|
|
@@ -201,26 +206,26 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
201
206
|
end
|
|
202
207
|
|
|
203
208
|
test 'return WWW-authenticate headers if model allows' do
|
|
204
|
-
call_failure('formats' => Mime
|
|
209
|
+
call_failure('formats' => Mime[:xml])
|
|
205
210
|
assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
|
|
206
211
|
end
|
|
207
212
|
|
|
208
213
|
test 'does not return WWW-authenticate headers if model does not allow' do
|
|
209
214
|
swap Devise, http_authenticatable: false do
|
|
210
|
-
call_failure('formats' => Mime
|
|
215
|
+
call_failure('formats' => Mime[:xml])
|
|
211
216
|
assert_nil @response.second["WWW-Authenticate"]
|
|
212
217
|
end
|
|
213
218
|
end
|
|
214
219
|
|
|
215
220
|
test 'works for any non navigational format' do
|
|
216
221
|
swap Devise, navigational_formats: [] do
|
|
217
|
-
call_failure('formats' => Mime
|
|
222
|
+
call_failure('formats' => Mime[:html])
|
|
218
223
|
assert_equal 401, @response.first
|
|
219
224
|
end
|
|
220
225
|
end
|
|
221
226
|
|
|
222
227
|
test 'uses the failure message as response body' do
|
|
223
|
-
call_failure('formats' => Mime
|
|
228
|
+
call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid))
|
|
224
229
|
assert_match '<error>Invalid email or password.</error>', @response.third.body
|
|
225
230
|
end
|
|
226
231
|
|
|
@@ -228,7 +233,7 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
228
233
|
context 'when http_authenticatable_on_xhr is false' do
|
|
229
234
|
test 'dont return 401 with navigational formats' do
|
|
230
235
|
swap Devise, http_authenticatable_on_xhr: false do
|
|
231
|
-
call_failure('formats' => Mime
|
|
236
|
+
call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
|
|
232
237
|
assert_equal 302, @response.first
|
|
233
238
|
assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
|
|
234
239
|
end
|
|
@@ -236,7 +241,7 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
236
241
|
|
|
237
242
|
test 'dont return 401 with non navigational formats' do
|
|
238
243
|
swap Devise, http_authenticatable_on_xhr: false do
|
|
239
|
-
call_failure('formats' => Mime
|
|
244
|
+
call_failure('formats' => Mime[:json], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
|
|
240
245
|
assert_equal 302, @response.first
|
|
241
246
|
assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"]
|
|
242
247
|
end
|
|
@@ -246,14 +251,14 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
246
251
|
context 'when http_authenticatable_on_xhr is true' do
|
|
247
252
|
test 'return 401' do
|
|
248
253
|
swap Devise, http_authenticatable_on_xhr: true do
|
|
249
|
-
call_failure('formats' => Mime
|
|
254
|
+
call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
|
|
250
255
|
assert_equal 401, @response.first
|
|
251
256
|
end
|
|
252
257
|
end
|
|
253
258
|
|
|
254
259
|
test 'skip WWW-Authenticate header' do
|
|
255
260
|
swap Devise, http_authenticatable_on_xhr: true do
|
|
256
|
-
call_failure('formats' => Mime
|
|
261
|
+
call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
|
|
257
262
|
assert_nil @response.second['WWW-Authenticate']
|
|
258
263
|
end
|
|
259
264
|
end
|
|
@@ -294,5 +299,22 @@ class FailureTest < ActiveSupport::TestCase
|
|
|
294
299
|
assert @response.third.body.include?('<h2>Log in</h2>')
|
|
295
300
|
assert @response.third.body.include?('Your account is not activated yet.')
|
|
296
301
|
end
|
|
302
|
+
|
|
303
|
+
if Rails.application.config.respond_to?(:relative_url_root)
|
|
304
|
+
test 'calls the original controller with the proper environment considering the relative url root' do
|
|
305
|
+
swap Rails.application.config, relative_url_root: "/sample" do
|
|
306
|
+
env = {
|
|
307
|
+
"warden.options" => { recall: "devise/sessions#new", attempted_path: "/sample/users/sign_in"},
|
|
308
|
+
"devise.mapping" => Devise.mappings[:user],
|
|
309
|
+
"warden" => stub_everything
|
|
310
|
+
}
|
|
311
|
+
call_failure(env)
|
|
312
|
+
assert @response.third.body.include?('<h2>Log in</h2>')
|
|
313
|
+
assert @response.third.body.include?('Invalid email or password.')
|
|
314
|
+
assert_equal @request.env["SCRIPT_NAME"], '/sample'
|
|
315
|
+
assert_equal @request.env["PATH_INFO"], '/users/sign_in'
|
|
316
|
+
end
|
|
317
|
+
end
|
|
318
|
+
end
|
|
297
319
|
end
|
|
298
320
|
end
|
|
@@ -69,7 +69,6 @@ if DEVISE_ORM == :active_record
|
|
|
69
69
|
setup :prepare_destination
|
|
70
70
|
|
|
71
71
|
test "all files are properly created in rails 4.0" do
|
|
72
|
-
ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false)
|
|
73
72
|
simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
|
|
74
73
|
run_generator ["monster"]
|
|
75
74
|
|
|
@@ -80,30 +79,5 @@ if DEVISE_ORM == :active_record
|
|
|
80
79
|
end
|
|
81
80
|
end
|
|
82
81
|
|
|
83
|
-
test "all files are properly created in rails 3.2 when strong_parameters gem is not installed" do
|
|
84
|
-
ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true)
|
|
85
|
-
ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(false)
|
|
86
|
-
simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
|
|
87
|
-
run_generator ["monster"]
|
|
88
|
-
|
|
89
|
-
assert_file "app/models/rails_engine/monster.rb", /devise/
|
|
90
|
-
assert_file "app/models/rails_engine/monster.rb" do |content|
|
|
91
|
-
assert_match /attr_accessible :email/, content
|
|
92
|
-
end
|
|
93
|
-
end
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
test "all files are properly created in rails 3.2 when strong_parameters gem is installed" do
|
|
97
|
-
ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true)
|
|
98
|
-
ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(true)
|
|
99
|
-
simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
|
|
100
|
-
run_generator ["monster"]
|
|
101
|
-
|
|
102
|
-
assert_file "app/models/rails_engine/monster.rb", /devise/
|
|
103
|
-
assert_file "app/models/rails_engine/monster.rb" do |content|
|
|
104
|
-
assert_no_match /attr_accessible :email/, content
|
|
105
|
-
end
|
|
106
|
-
end
|
|
107
|
-
end
|
|
108
82
|
end
|
|
109
83
|
end
|
|
@@ -5,9 +5,20 @@ class InstallGeneratorTest < Rails::Generators::TestCase
|
|
|
5
5
|
destination File.expand_path("../../tmp", __FILE__)
|
|
6
6
|
setup :prepare_destination
|
|
7
7
|
|
|
8
|
-
test "
|
|
9
|
-
run_generator
|
|
10
|
-
assert_file "config/initializers/devise.rb"
|
|
8
|
+
test "assert all files are properly created" do
|
|
9
|
+
run_generator(["--orm=active_record"])
|
|
10
|
+
assert_file "config/initializers/devise.rb", /devise\/orm\/active_record/
|
|
11
11
|
assert_file "config/locales/devise.en.yml"
|
|
12
12
|
end
|
|
13
|
+
|
|
14
|
+
test "fails if no ORM is specified" do
|
|
15
|
+
stderr = capture(:stderr) do
|
|
16
|
+
run_generator
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
assert_match %r{An ORM must be set to install Devise}, stderr
|
|
20
|
+
|
|
21
|
+
assert_no_file "config/initializers/devise.rb"
|
|
22
|
+
assert_no_file "config/locales/devise.en.yml"
|
|
23
|
+
end
|
|
13
24
|
end
|
|
@@ -46,6 +46,13 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
|
|
|
46
46
|
assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb"
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
test "Assert mailer specific directory with simple form" do
|
|
50
|
+
run_generator %w(-v mailer -b simple_form_for)
|
|
51
|
+
assert_file "app/views/devise/mailer/confirmation_instructions.html.erb"
|
|
52
|
+
assert_file "app/views/devise/mailer/reset_password_instructions.html.erb"
|
|
53
|
+
assert_file "app/views/devise/mailer/unlock_instructions.html.erb"
|
|
54
|
+
end
|
|
55
|
+
|
|
49
56
|
test "Assert specified directories with scope" do
|
|
50
57
|
run_generator %w(users -v sessions)
|
|
51
58
|
assert_file "app/views/users/sessions/new.html.erb"
|