devise 3.5.2 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +14 -15
  3. data/CHANGELOG.md +57 -1125
  4. data/CODE_OF_CONDUCT.md +22 -0
  5. data/CONTRIBUTING.md +2 -0
  6. data/Gemfile +3 -3
  7. data/Gemfile.lock +80 -80
  8. data/MIT-LICENSE +1 -1
  9. data/README.md +27 -18
  10. data/app/controllers/devise/confirmations_controller.rb +1 -1
  11. data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
  12. data/app/controllers/devise/passwords_controller.rb +5 -4
  13. data/app/controllers/devise/registrations_controller.rb +5 -5
  14. data/app/controllers/devise/sessions_controller.rb +7 -7
  15. data/app/controllers/devise/unlocks_controller.rb +2 -2
  16. data/app/controllers/devise_controller.rb +20 -9
  17. data/app/mailers/devise/mailer.rb +4 -0
  18. data/app/views/devise/confirmations/new.html.erb +1 -1
  19. data/app/views/devise/mailer/password_change.html.erb +3 -0
  20. data/app/views/devise/shared/_links.html.erb +1 -1
  21. data/bin/test +13 -0
  22. data/config/locales/en.yml +2 -0
  23. data/devise.gemspec +2 -3
  24. data/gemfiles/Gemfile.rails-4.1-stable +4 -4
  25. data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
  26. data/gemfiles/Gemfile.rails-4.2-stable +4 -4
  27. data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
  28. data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
  29. data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
  30. data/lib/devise/controllers/helpers.rb +20 -24
  31. data/lib/devise/controllers/rememberable.rb +8 -1
  32. data/lib/devise/encryptor.rb +4 -4
  33. data/lib/devise/failure_app.rb +33 -12
  34. data/lib/devise/hooks/timeoutable.rb +5 -3
  35. data/lib/devise/mailers/helpers.rb +1 -1
  36. data/lib/devise/models/authenticatable.rb +5 -1
  37. data/lib/devise/models/confirmable.rb +6 -6
  38. data/lib/devise/models/database_authenticatable.rb +20 -7
  39. data/lib/devise/models/lockable.rb +1 -1
  40. data/lib/devise/models/recoverable.rb +3 -7
  41. data/lib/devise/models/rememberable.rb +38 -24
  42. data/lib/devise/models/timeoutable.rb +0 -6
  43. data/lib/devise/models.rb +1 -1
  44. data/lib/devise/omniauth/url_helpers.rb +62 -4
  45. data/lib/devise/parameter_sanitizer.rb +176 -61
  46. data/lib/devise/rails/routes.rb +54 -31
  47. data/lib/devise/rails/warden_compat.rb +1 -10
  48. data/lib/devise/rails.rb +1 -10
  49. data/lib/devise/strategies/authenticatable.rb +1 -1
  50. data/lib/devise/strategies/database_authenticatable.rb +3 -3
  51. data/lib/devise/strategies/rememberable.rb +3 -6
  52. data/lib/devise/test_helpers.rb +10 -5
  53. data/lib/devise/token_generator.rb +1 -41
  54. data/lib/devise/version.rb +1 -1
  55. data/lib/devise.rb +115 -20
  56. data/lib/generators/active_record/devise_generator.rb +11 -5
  57. data/lib/generators/active_record/templates/migration.rb +2 -2
  58. data/lib/generators/active_record/templates/migration_existing.rb +2 -2
  59. data/lib/generators/devise/install_generator.rb +15 -0
  60. data/lib/generators/devise/orm_helpers.rb +1 -18
  61. data/lib/generators/devise/views_generator.rb +14 -3
  62. data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
  63. data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
  64. data/lib/generators/templates/devise.rb +19 -17
  65. data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
  66. data/lib/generators/templates/markerb/password_change.markerb +3 -0
  67. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  68. data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
  69. data/test/controllers/custom_registrations_controller_test.rb +5 -5
  70. data/test/controllers/custom_strategy_test.rb +7 -5
  71. data/test/controllers/helper_methods_test.rb +22 -0
  72. data/test/controllers/helpers_test.rb +1 -1
  73. data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
  74. data/test/controllers/internal_helpers_test.rb +8 -10
  75. data/test/controllers/load_hooks_controller_test.rb +1 -1
  76. data/test/controllers/passwords_controller_test.rb +4 -3
  77. data/test/controllers/sessions_controller_test.rb +21 -18
  78. data/test/controllers/url_helpers_test.rb +1 -1
  79. data/test/devise_test.rb +27 -0
  80. data/test/failure_app_test.rb +37 -15
  81. data/test/generators/active_record_generator_test.rb +0 -26
  82. data/test/generators/install_generator_test.rb +14 -3
  83. data/test/generators/views_generator_test.rb +7 -0
  84. data/test/helpers/devise_helper_test.rb +1 -1
  85. data/test/integration/authenticatable_test.rb +18 -18
  86. data/test/integration/confirmable_test.rb +5 -5
  87. data/test/integration/database_authenticatable_test.rb +1 -1
  88. data/test/integration/http_authenticatable_test.rb +4 -5
  89. data/test/integration/lockable_test.rb +4 -3
  90. data/test/integration/omniauthable_test.rb +12 -10
  91. data/test/integration/recoverable_test.rb +10 -10
  92. data/test/integration/registerable_test.rb +9 -11
  93. data/test/integration/rememberable_test.rb +42 -7
  94. data/test/integration/timeoutable_test.rb +16 -4
  95. data/test/integration/trackable_test.rb +1 -1
  96. data/test/mailers/confirmation_instructions_test.rb +6 -6
  97. data/test/mailers/reset_password_instructions_test.rb +5 -5
  98. data/test/mailers/unlock_instructions_test.rb +5 -5
  99. data/test/models/confirmable_test.rb +25 -1
  100. data/test/models/database_authenticatable_test.rb +26 -6
  101. data/test/models/lockable_test.rb +1 -1
  102. data/test/models/recoverable_test.rb +23 -0
  103. data/test/models/rememberable_test.rb +48 -95
  104. data/test/models/validatable_test.rb +2 -10
  105. data/test/models_test.rb +15 -6
  106. data/test/omniauth/url_helpers_test.rb +4 -7
  107. data/test/orm/active_record.rb +6 -1
  108. data/test/parameter_sanitizer_test.rb +103 -53
  109. data/test/rails_app/app/active_record/user.rb +1 -0
  110. data/test/rails_app/app/active_record/user_without_email.rb +8 -0
  111. data/test/rails_app/app/controllers/admins_controller.rb +1 -1
  112. data/test/rails_app/app/controllers/application_controller.rb +2 -2
  113. data/test/rails_app/app/controllers/home_controller.rb +5 -1
  114. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
  115. data/test/rails_app/app/controllers/users_controller.rb +5 -5
  116. data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
  117. data/test/rails_app/config/application.rb +1 -1
  118. data/test/rails_app/config/boot.rb +4 -4
  119. data/test/rails_app/config/environments/test.rb +6 -1
  120. data/test/rails_app/config/initializers/devise.rb +1 -1
  121. data/test/rails_app/config/initializers/secret_token.rb +1 -6
  122. data/test/rails_app/config/routes.rb +5 -0
  123. data/test/rails_app/lib/shared_user_without_email.rb +26 -0
  124. data/test/routes_test.rb +28 -13
  125. data/test/support/helpers.rb +4 -0
  126. data/test/support/http_method_compatibility.rb +51 -0
  127. data/test/support/webrat/integrations/rails.rb +9 -0
  128. data/test/test_helpers_test.rb +5 -5
  129. data/test/test_models.rb +1 -1
  130. metadata +41 -45
  131. data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
  132. data/gemfiles/Gemfile.rails-4.0-stable +0 -29
  133. data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
  134. data/script/cached-bundle +0 -49
  135. data/script/s3-put +0 -71
@@ -4,13 +4,9 @@ Devise.setup do |config|
4
4
  # The secret key used by Devise. Devise uses this key to generate
5
5
  # random tokens. Changing this key will render invalid all existing
6
6
  # confirmation, reset password and unlock tokens in the database.
7
- # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
7
+ # Devise will use the `secret_key_base` as its `secret_key`
8
8
  # by default. You can change it below and use your own secret key.
9
- <% if rails_4? -%>
10
9
  # config.secret_key = '<%= SecureRandom.hex(64) %>'
11
- <% else -%>
12
- config.secret_key = '<%= SecureRandom.hex(64) %>'
13
- <% end -%>
14
10
 
15
11
  # ==> Mailer Configuration
16
12
  # Configure the e-mail address which will be shown in Devise::Mailer,
@@ -21,6 +17,9 @@ Devise.setup do |config|
21
17
  # Configure the class responsible to send e-mails.
22
18
  # config.mailer = 'Devise::Mailer'
23
19
 
20
+ # Configure the parent class responsible to send e-mails.
21
+ # config.parent_mailer = 'ActionMailer::Base'
22
+
24
23
  # ==> ORM configuration
25
24
  # Load and configure the ORM. Supports :active_record (default) and
26
25
  # :mongoid (bson_ext recommended) by default. Other ORMs may be
@@ -92,19 +91,22 @@ Devise.setup do |config|
92
91
  # config.clean_up_csrf_token_on_authentication = true
93
92
 
94
93
  # ==> Configuration for :database_authenticatable
95
- # For bcrypt, this is the cost for hashing the password and defaults to 10. If
96
- # using other encryptors, it sets how many times you want the password re-encrypted.
94
+ # For bcrypt, this is the cost for hashing the password and defaults to 11. If
95
+ # using other algorithms, it sets how many times you want the password to be hashed.
97
96
  #
98
97
  # Limiting the stretches to just one in testing will increase the performance of
99
98
  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
100
99
  # a value less than 10 in other environments. Note that, for bcrypt (the default
101
- # encryptor), the cost increases exponentially with the number of stretches (e.g.
100
+ # algorithm), the cost increases exponentially with the number of stretches (e.g.
102
101
  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
103
- config.stretches = Rails.env.test? ? 1 : 10
102
+ config.stretches = Rails.env.test? ? 1 : 11
104
103
 
105
- # Setup a pepper to generate the encrypted password.
104
+ # Set up a pepper to generate the hashed password.
106
105
  # config.pepper = '<%= SecureRandom.hex(64) %>'
107
106
 
107
+ # Send a notification email when the user's password is changed
108
+ # config.send_password_change_notification = false
109
+
108
110
  # ==> Configuration for :confirmable
109
111
  # A period that the user is allowed to access the website even without
110
112
  # confirming their account. For instance, if set to 2.days, the user will be
@@ -146,12 +148,12 @@ Devise.setup do |config|
146
148
 
147
149
  # ==> Configuration for :validatable
148
150
  # Range for password length.
149
- config.password_length = 8..72
151
+ config.password_length = 6..128
150
152
 
151
153
  # Email regex used to validate email formats. It simply asserts that
152
154
  # one (and only one) @ exists in the given string. This is mainly
153
155
  # to give user feedback and not to assert the e-mail validity.
154
- # config.email_regexp = /\A[^@]+@[^@]+\z/
156
+ config.email_regexp = /\A[^@]+@[^@]+\z/
155
157
 
156
158
  # ==> Configuration for :timeoutable
157
159
  # The time you want to timeout the user session without activity. After this
@@ -199,11 +201,11 @@ Devise.setup do |config|
199
201
  # config.sign_in_after_reset_password = true
200
202
 
201
203
  # ==> Configuration for :encryptable
202
- # Allow you to use another encryption algorithm besides bcrypt (default). You can use
203
- # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
204
- # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
205
- # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
206
- # REST_AUTH_SITE_KEY to pepper).
204
+ # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
205
+ # You can use :sha1, :sha512 or algorithms from others authentication tools as
206
+ # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
207
+ # for default behavior) and :restful_authentication_sha1 (then you should set
208
+ # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
207
209
  #
208
210
  # Require the `devise-encryptable` gem when using anything other than bcrypt
209
211
  # config.encryptor = :sha512
@@ -2,4 +2,4 @@ Welcome <%= @email %>!
2
2
 
3
3
  You can confirm your account through the link below:
4
4
 
5
- <%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>
5
+ [Confirm my account](<%= confirmation_url(@resource, confirmation_token: @token) %>)
@@ -0,0 +1,3 @@
1
+ <p>Hello <%= @resource.email %>!</p>
2
+
3
+ <p>We're contacting you to notify you that your password has been changed.</p>
@@ -2,7 +2,7 @@ Hello <%= @resource.email %>!
2
2
 
3
3
  Someone has requested a link to change your password, and you can do this through the link below.
4
4
 
5
- <%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
5
+ [Change my password](<%= edit_password_url(@resource, reset_password_token: @token) %>)
6
6
 
7
7
  If you didn't request this, please ignore this email.
8
8
  Your password won't change until you access the link above and create a new one.
@@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in
4
4
 
5
5
  Click the link below to unlock your account:
6
6
 
7
- <%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>
7
+ [Unlock my account](<%= unlock_url(@resource, unlock_token: @token) %>)
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class CustomRegistrationsControllerTest < ActionController::TestCase
3
+ class CustomRegistrationsControllerTest < Devise::ControllerTestCase
4
4
  tests Custom::RegistrationsController
5
5
 
6
6
  include Devise::TestHelpers
@@ -12,24 +12,24 @@ class CustomRegistrationsControllerTest < ActionController::TestCase
12
12
  end
13
13
 
14
14
  test "yield resource to block on create success" do
15
- post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
15
+ post :create, params: { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
16
16
  assert @controller.create_block_called?, "create failed to yield resource to provided block"
17
17
  end
18
18
 
19
19
  test "yield resource to block on create failure" do
20
- post :create, { user: { } }
20
+ post :create, params: { user: { } }
21
21
  assert @controller.create_block_called?, "create failed to yield resource to provided block"
22
22
  end
23
23
 
24
24
  test "yield resource to block on update success" do
25
25
  sign_in @user
26
- put :update, { user: { current_password: @password } }
26
+ put :update, params: { user: { current_password: @password } }
27
27
  assert @controller.update_block_called?, "update failed to yield resource to provided block"
28
28
  end
29
29
 
30
30
  test "yield resource to block on update failure" do
31
31
  sign_in @user
32
- put :update, { user: { } }
32
+ put :update, params: { user: { } }
33
33
  assert @controller.update_block_called?, "update failed to yield resource to provided block"
34
34
  end
35
35
 
@@ -24,7 +24,7 @@ class CustomStrategy < Warden::Strategies::Base
24
24
  end
25
25
  end
26
26
 
27
- class CustomStrategyTest < ActionController::TestCase
27
+ class CustomStrategyTest < Devise::ControllerTestCase
28
28
  tests CustomStrategyController
29
29
 
30
30
  include Devise::TestHelpers
@@ -41,8 +41,9 @@ class CustomStrategyTest < ActionController::TestCase
41
41
  ret = get :new
42
42
 
43
43
  # check the returned rack array
44
- assert ret.is_a?(Array)
45
- assert_equal 400, ret.first
44
+ # assert ret.is_a?(Array)
45
+ # assert_equal 400, ret.first
46
+ assert ret.is_a?(ActionDispatch::TestResponse)
46
47
 
47
48
  # check the saved response as well. This is purely so that the response is available to the testing framework
48
49
  # for verification. In production, the above array would be delivered directly to Rack.
@@ -53,8 +54,9 @@ class CustomStrategyTest < ActionController::TestCase
53
54
  ret = get :new
54
55
 
55
56
  # check the returned rack array
56
- assert ret.is_a?(Array)
57
- assert_equal ret.third['X-FOO'], 'BAR'
57
+ # assert ret.is_a?(Array)
58
+ # assert_equal ret.third['X-FOO'], 'BAR'
59
+ assert ret.is_a?(ActionDispatch::TestResponse)
58
60
 
59
61
  # check the saved response headers as well.
60
62
  assert_equal response.headers['X-FOO'], 'BAR'
@@ -0,0 +1,22 @@
1
+ require 'test_helper'
2
+
3
+ class ApiController < ActionController::Metal
4
+ include Devise::Controllers::Helpers
5
+ end
6
+
7
+ class HelperMethodsTest < Devise::ControllerTestCase
8
+ tests ApiController
9
+
10
+ test 'includes Devise::Controllers::Helpers' do
11
+ assert_includes @controller.class.ancestors, Devise::Controllers::Helpers
12
+ end
13
+
14
+ test 'does not respond_to helper or helper_method' do
15
+ refute_respond_to @controller.class, :helper
16
+ refute_respond_to @controller.class, :helper_method
17
+ end
18
+
19
+ test 'defines methods like current_user' do
20
+ assert_respond_to @controller, :current_user
21
+ end
22
+ end
@@ -1,7 +1,7 @@
1
1
  require 'test_helper'
2
2
  require 'ostruct'
3
3
 
4
- class ControllerAuthenticatableTest < ActionController::TestCase
4
+ class ControllerAuthenticatableTest < Devise::ControllerTestCase
5
5
  tests ApplicationController
6
6
 
7
7
  def setup
@@ -14,7 +14,7 @@ class AnotherInheritedController < SessionsInheritedController
14
14
  end
15
15
  end
16
16
 
17
- class InheritedControllerTest < ActionController::TestCase
17
+ class InheritedControllerTest < Devise::ControllerTestCase
18
18
  tests SessionsInheritedController
19
19
 
20
20
  def setup
@@ -32,7 +32,7 @@ class InheritedControllerTest < ActionController::TestCase
32
32
  end
33
33
  end
34
34
 
35
- class AnotherInheritedControllerTest < ActionController::TestCase
35
+ class AnotherInheritedControllerTest < Devise::ControllerTestCase
36
36
  tests AnotherInheritedController
37
37
 
38
38
  def setup
@@ -3,7 +3,7 @@ require 'test_helper'
3
3
  class MyController < DeviseController
4
4
  end
5
5
 
6
- class HelpersTest < ActionController::TestCase
6
+ class HelpersTest < Devise::ControllerTestCase
7
7
  tests MyController
8
8
 
9
9
  def setup
@@ -36,18 +36,16 @@ class HelpersTest < ActionController::TestCase
36
36
  test 'get resource params from request params using resource name as key' do
37
37
  user_params = {'email' => 'shirley@templar.com'}
38
38
 
39
- params = if Devise.rails4?
40
- # Stub controller name so strong parameters can filter properly.
41
- # DeviseController does not allow any parameters by default.
42
- @controller.stubs(:controller_name).returns(:sessions_controller)
39
+ # Stub controller name so strong parameters can filter properly.
40
+ # DeviseController does not allow any parameters by default.
41
+ @controller.stubs(:controller_name).returns(:sessions_controller)
42
+
43
+ params = ActionController::Parameters.new({'user' => user_params})
43
44
 
44
- ActionController::Parameters.new({'user' => user_params})
45
- else
46
- HashWithIndifferentAccess.new({'user' => user_params})
47
- end
48
45
  @controller.stubs(:params).returns(params)
49
46
 
50
- assert_equal user_params, @controller.send(:resource_params)
47
+ res_params = @controller.send(:resource_params).permit!.to_h
48
+ assert_equal user_params, res_params
51
49
  end
52
50
 
53
51
  test 'resources methods are not controller actions' do
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class LoadHooksControllerTest < ActionController::TestCase
3
+ class LoadHooksControllerTest < Devise::ControllerTestCase
4
4
  setup do
5
5
  ActiveSupport.on_load(:devise_controller) do
6
6
  define_method :defined_by_load_hook do
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class PasswordsControllerTest < ActionController::TestCase
3
+ class PasswordsControllerTest < Devise::ControllerTestCase
4
4
  tests Devise::PasswordsController
5
5
  include Devise::TestHelpers
6
6
 
@@ -11,8 +11,9 @@ class PasswordsControllerTest < ActionController::TestCase
11
11
  end
12
12
 
13
13
  def put_update_with_params
14
- put :update, "user" => {
15
- "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567"
14
+ put :update, params: { "user" => {
15
+ "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567"
16
+ }
16
17
  }
17
18
  end
18
19
 
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class SessionsControllerTest < ActionController::TestCase
3
+ class SessionsControllerTest < Devise::ControllerTestCase
4
4
  tests Devise::SessionsController
5
5
  include Devise::TestHelpers
6
6
 
@@ -12,9 +12,10 @@ class SessionsControllerTest < ActionController::TestCase
12
12
  request.env["devise.mapping"] = Devise.mappings[:user]
13
13
  request.session["user_return_to"] = 'foo.bar'
14
14
  create_user
15
- post :create, user: {
16
- email: "wrong@email.com",
17
- password: "wrongpassword"
15
+ post :create, params: { user: {
16
+ email: "wrong@email.com",
17
+ password: "wrongpassword"
18
+ }
18
19
  }
19
20
  assert_equal 200, @response.status
20
21
  ensure
@@ -37,11 +38,11 @@ class SessionsControllerTest < ActionController::TestCase
37
38
 
38
39
  user = create_user
39
40
  user.confirm
40
- post :create, user: {
41
- email: user.email,
42
- password: user.password
41
+ post :create, params: { user: {
42
+ email: user.email,
43
+ password: user.password
44
+ }
43
45
  }
44
-
45
46
  assert_nil request.session["user_return_to"]
46
47
  end
47
48
 
@@ -51,9 +52,10 @@ class SessionsControllerTest < ActionController::TestCase
51
52
 
52
53
  user = create_user
53
54
  user.confirm
54
- post :create, format: 'json', user: {
55
- email: user.email,
56
- password: user.password
55
+ post :create, params: { format: 'json', user: {
56
+ email: user.email,
57
+ password: user.password
58
+ }
57
59
  }
58
60
 
59
61
  assert_equal 'foo.bar', request.session["user_return_to"]
@@ -61,9 +63,10 @@ class SessionsControllerTest < ActionController::TestCase
61
63
 
62
64
  test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
63
65
  request.env["devise.mapping"] = Devise.mappings[:user]
64
- post :create, user: {
65
- email: "nosuchuser@example.com",
66
- password: "wevdude"
66
+ post :create, params: { user: {
67
+ email: "nosuchuser@example.com",
68
+ password: "wevdude"
69
+ }
67
70
  }
68
71
  assert_equal 200, @response.status
69
72
  assert_template "devise/sessions/new"
@@ -73,11 +76,11 @@ class SessionsControllerTest < ActionController::TestCase
73
76
  request.env["devise.mapping"] = Devise.mappings[:user]
74
77
  user = create_user
75
78
  user.confirm
76
- post :create, format: 'json', user: {
77
- email: user.email,
78
- password: user.password
79
+ post :create, params: { format: 'json', user: {
80
+ email: user.email,
81
+ password: user.password
82
+ }
79
83
  }
80
-
81
84
  delete :destroy, format: 'json'
82
85
  assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
83
86
  assert_equal 204, @response.status
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class RoutesTest < ActionController::TestCase
3
+ class RoutesTest < Devise::ControllerTestCase
4
4
  tests ApplicationController
5
5
 
6
6
  def assert_path_and_url(name, prepend_path=nil)
data/test/devise_test.rb CHANGED
@@ -35,6 +35,33 @@ class DeviseTest < ActiveSupport::TestCase
35
35
  end
36
36
  end
37
37
 
38
+ test 'setup block warns about defaults changing' do
39
+ Devise.app_set_configs = Set.new
40
+
41
+ ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /email_regexp/ }
42
+ ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ }
43
+ ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ }
44
+ ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ }
45
+ ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /strip_whitespace_keys/ }
46
+
47
+ Devise.setup do
48
+ end
49
+ end
50
+
51
+ test 'setup block doest not warns when the change is explicit set' do
52
+ ActiveSupport::Deprecation.expects(:warn).never
53
+
54
+ swap Devise,
55
+ email_regexp: /@/,
56
+ reconfirmable: false,
57
+ sign_out_via: :get,
58
+ skip_session_storage: [],
59
+ strip_whitespace_keys: [] do
60
+ Devise.setup do
61
+ end
62
+ end
63
+ end
64
+
38
65
  test 'stores warden configuration' do
39
66
  assert_kind_of Devise::Delegator, Devise.warden_config.failure_app
40
67
  assert_equal :user, Devise.warden_config.default_scope
@@ -53,11 +53,16 @@ class FailureTest < ActiveSupport::TestCase
53
53
  'REQUEST_METHOD' => 'GET',
54
54
  'warden.options' => { scope: :user },
55
55
  'rack.session' => {},
56
- 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime::HTML),
56
+ 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime[:html]),
57
57
  'rack.input' => "",
58
58
  'warden' => OpenStruct.new(message: nil)
59
59
  }.merge!(env_params)
60
60
 
61
+ # Passing nil for action_dispatch.request.formats prevents the default from being used in Rails 5, need to remove it
62
+ if env.has_key?('action_dispatch.request.formats') && env['action_dispatch.request.formats'].nil?
63
+ env.delete 'action_dispatch.request.formats' unless env['action_dispatch.request.formats']
64
+ end
65
+
61
66
  @response = (env.delete(:app) || Devise::FailureApp).call(env).to_a
62
67
  @request = ActionDispatch::Request.new(env)
63
68
  end
@@ -155,7 +160,7 @@ class FailureTest < ActiveSupport::TestCase
155
160
  assert_equal 'text/html; charset=utf-8', @response.second['Content-Type']
156
161
  end
157
162
 
158
- test 'setup a default message' do
163
+ test 'set up a default message' do
159
164
  call_failure
160
165
  assert_match(/You are being/, @response.last.body)
161
166
  assert_match(/redirected/, @response.last.body)
@@ -164,14 +169,14 @@ class FailureTest < ActiveSupport::TestCase
164
169
 
165
170
  test 'works for any navigational format' do
166
171
  swap Devise, navigational_formats: [:xml] do
167
- call_failure('formats' => Mime::XML)
172
+ call_failure('formats' => Mime[:xml])
168
173
  assert_equal 302, @response.first
169
174
  end
170
175
  end
171
176
 
172
177
  test 'redirects the correct format if it is a non-html format request' do
173
178
  swap Devise, navigational_formats: [:js] do
174
- call_failure('formats' => Mime::JS)
179
+ call_failure('formats' => Mime[:js])
175
180
  assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"]
176
181
  end
177
182
  end
@@ -179,18 +184,18 @@ class FailureTest < ActiveSupport::TestCase
179
184
 
180
185
  context 'For HTTP request' do
181
186
  test 'return 401 status' do
182
- call_failure('formats' => Mime::XML)
187
+ call_failure('formats' => Mime[:xml])
183
188
  assert_equal 401, @response.first
184
189
  end
185
190
 
186
191
  test 'return appropriate body for xml' do
187
- call_failure('formats' => Mime::XML)
192
+ call_failure('formats' => Mime[:xml])
188
193
  result = %(<?xml version="1.0" encoding="UTF-8"?>\n<errors>\n <error>You need to sign in or sign up before continuing.</error>\n</errors>\n)
189
194
  assert_equal result, @response.last.body
190
195
  end
191
196
 
192
197
  test 'return appropriate body for json' do
193
- call_failure('formats' => Mime::JSON)
198
+ call_failure('formats' => Mime[:json])
194
199
  result = %({"error":"You need to sign in or sign up before continuing."})
195
200
  assert_equal result, @response.last.body
196
201
  end
@@ -201,26 +206,26 @@ class FailureTest < ActiveSupport::TestCase
201
206
  end
202
207
 
203
208
  test 'return WWW-authenticate headers if model allows' do
204
- call_failure('formats' => Mime::XML)
209
+ call_failure('formats' => Mime[:xml])
205
210
  assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
206
211
  end
207
212
 
208
213
  test 'does not return WWW-authenticate headers if model does not allow' do
209
214
  swap Devise, http_authenticatable: false do
210
- call_failure('formats' => Mime::XML)
215
+ call_failure('formats' => Mime[:xml])
211
216
  assert_nil @response.second["WWW-Authenticate"]
212
217
  end
213
218
  end
214
219
 
215
220
  test 'works for any non navigational format' do
216
221
  swap Devise, navigational_formats: [] do
217
- call_failure('formats' => Mime::HTML)
222
+ call_failure('formats' => Mime[:html])
218
223
  assert_equal 401, @response.first
219
224
  end
220
225
  end
221
226
 
222
227
  test 'uses the failure message as response body' do
223
- call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(message: :invalid))
228
+ call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid))
224
229
  assert_match '<error>Invalid email or password.</error>', @response.third.body
225
230
  end
226
231
 
@@ -228,7 +233,7 @@ class FailureTest < ActiveSupport::TestCase
228
233
  context 'when http_authenticatable_on_xhr is false' do
229
234
  test 'dont return 401 with navigational formats' do
230
235
  swap Devise, http_authenticatable_on_xhr: false do
231
- call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
236
+ call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
232
237
  assert_equal 302, @response.first
233
238
  assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
234
239
  end
@@ -236,7 +241,7 @@ class FailureTest < ActiveSupport::TestCase
236
241
 
237
242
  test 'dont return 401 with non navigational formats' do
238
243
  swap Devise, http_authenticatable_on_xhr: false do
239
- call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
244
+ call_failure('formats' => Mime[:json], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
240
245
  assert_equal 302, @response.first
241
246
  assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"]
242
247
  end
@@ -246,14 +251,14 @@ class FailureTest < ActiveSupport::TestCase
246
251
  context 'when http_authenticatable_on_xhr is true' do
247
252
  test 'return 401' do
248
253
  swap Devise, http_authenticatable_on_xhr: true do
249
- call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
254
+ call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
250
255
  assert_equal 401, @response.first
251
256
  end
252
257
  end
253
258
 
254
259
  test 'skip WWW-Authenticate header' do
255
260
  swap Devise, http_authenticatable_on_xhr: true do
256
- call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
261
+ call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
257
262
  assert_nil @response.second['WWW-Authenticate']
258
263
  end
259
264
  end
@@ -294,5 +299,22 @@ class FailureTest < ActiveSupport::TestCase
294
299
  assert @response.third.body.include?('<h2>Log in</h2>')
295
300
  assert @response.third.body.include?('Your account is not activated yet.')
296
301
  end
302
+
303
+ if Rails.application.config.respond_to?(:relative_url_root)
304
+ test 'calls the original controller with the proper environment considering the relative url root' do
305
+ swap Rails.application.config, relative_url_root: "/sample" do
306
+ env = {
307
+ "warden.options" => { recall: "devise/sessions#new", attempted_path: "/sample/users/sign_in"},
308
+ "devise.mapping" => Devise.mappings[:user],
309
+ "warden" => stub_everything
310
+ }
311
+ call_failure(env)
312
+ assert @response.third.body.include?('<h2>Log in</h2>')
313
+ assert @response.third.body.include?('Invalid email or password.')
314
+ assert_equal @request.env["SCRIPT_NAME"], '/sample'
315
+ assert_equal @request.env["PATH_INFO"], '/users/sign_in'
316
+ end
317
+ end
318
+ end
297
319
  end
298
320
  end
@@ -69,7 +69,6 @@ if DEVISE_ORM == :active_record
69
69
  setup :prepare_destination
70
70
 
71
71
  test "all files are properly created in rails 4.0" do
72
- ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false)
73
72
  simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
74
73
  run_generator ["monster"]
75
74
 
@@ -80,30 +79,5 @@ if DEVISE_ORM == :active_record
80
79
  end
81
80
  end
82
81
 
83
- test "all files are properly created in rails 3.2 when strong_parameters gem is not installed" do
84
- ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true)
85
- ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(false)
86
- simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
87
- run_generator ["monster"]
88
-
89
- assert_file "app/models/rails_engine/monster.rb", /devise/
90
- assert_file "app/models/rails_engine/monster.rb" do |content|
91
- assert_match /attr_accessible :email/, content
92
- end
93
- end
94
- end
95
-
96
- test "all files are properly created in rails 3.2 when strong_parameters gem is installed" do
97
- ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true)
98
- ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(true)
99
- simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
100
- run_generator ["monster"]
101
-
102
- assert_file "app/models/rails_engine/monster.rb", /devise/
103
- assert_file "app/models/rails_engine/monster.rb" do |content|
104
- assert_no_match /attr_accessible :email/, content
105
- end
106
- end
107
- end
108
82
  end
109
83
  end
@@ -5,9 +5,20 @@ class InstallGeneratorTest < Rails::Generators::TestCase
5
5
  destination File.expand_path("../../tmp", __FILE__)
6
6
  setup :prepare_destination
7
7
 
8
- test "Assert all files are properly created" do
9
- run_generator
10
- assert_file "config/initializers/devise.rb"
8
+ test "assert all files are properly created" do
9
+ run_generator(["--orm=active_record"])
10
+ assert_file "config/initializers/devise.rb", /devise\/orm\/active_record/
11
11
  assert_file "config/locales/devise.en.yml"
12
12
  end
13
+
14
+ test "fails if no ORM is specified" do
15
+ stderr = capture(:stderr) do
16
+ run_generator
17
+ end
18
+
19
+ assert_match %r{An ORM must be set to install Devise}, stderr
20
+
21
+ assert_no_file "config/initializers/devise.rb"
22
+ assert_no_file "config/locales/devise.en.yml"
23
+ end
13
24
  end
@@ -46,6 +46,13 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
46
46
  assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb"
47
47
  end
48
48
 
49
+ test "Assert mailer specific directory with simple form" do
50
+ run_generator %w(-v mailer -b simple_form_for)
51
+ assert_file "app/views/devise/mailer/confirmation_instructions.html.erb"
52
+ assert_file "app/views/devise/mailer/reset_password_instructions.html.erb"
53
+ assert_file "app/views/devise/mailer/unlock_instructions.html.erb"
54
+ end
55
+
49
56
  test "Assert specified directories with scope" do
50
57
  run_generator %w(users -v sessions)
51
58
  assert_file "app/views/users/sessions/new.html.erb"