devise 3.5.2 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +14 -15
  3. data/CHANGELOG.md +57 -1125
  4. data/CODE_OF_CONDUCT.md +22 -0
  5. data/CONTRIBUTING.md +2 -0
  6. data/Gemfile +3 -3
  7. data/Gemfile.lock +80 -80
  8. data/MIT-LICENSE +1 -1
  9. data/README.md +27 -18
  10. data/app/controllers/devise/confirmations_controller.rb +1 -1
  11. data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
  12. data/app/controllers/devise/passwords_controller.rb +5 -4
  13. data/app/controllers/devise/registrations_controller.rb +5 -5
  14. data/app/controllers/devise/sessions_controller.rb +7 -7
  15. data/app/controllers/devise/unlocks_controller.rb +2 -2
  16. data/app/controllers/devise_controller.rb +20 -9
  17. data/app/mailers/devise/mailer.rb +4 -0
  18. data/app/views/devise/confirmations/new.html.erb +1 -1
  19. data/app/views/devise/mailer/password_change.html.erb +3 -0
  20. data/app/views/devise/shared/_links.html.erb +1 -1
  21. data/bin/test +13 -0
  22. data/config/locales/en.yml +2 -0
  23. data/devise.gemspec +2 -3
  24. data/gemfiles/Gemfile.rails-4.1-stable +4 -4
  25. data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
  26. data/gemfiles/Gemfile.rails-4.2-stable +4 -4
  27. data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
  28. data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
  29. data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
  30. data/lib/devise/controllers/helpers.rb +20 -24
  31. data/lib/devise/controllers/rememberable.rb +8 -1
  32. data/lib/devise/encryptor.rb +4 -4
  33. data/lib/devise/failure_app.rb +33 -12
  34. data/lib/devise/hooks/timeoutable.rb +5 -3
  35. data/lib/devise/mailers/helpers.rb +1 -1
  36. data/lib/devise/models/authenticatable.rb +5 -1
  37. data/lib/devise/models/confirmable.rb +6 -6
  38. data/lib/devise/models/database_authenticatable.rb +20 -7
  39. data/lib/devise/models/lockable.rb +1 -1
  40. data/lib/devise/models/recoverable.rb +3 -7
  41. data/lib/devise/models/rememberable.rb +38 -24
  42. data/lib/devise/models/timeoutable.rb +0 -6
  43. data/lib/devise/models.rb +1 -1
  44. data/lib/devise/omniauth/url_helpers.rb +62 -4
  45. data/lib/devise/parameter_sanitizer.rb +176 -61
  46. data/lib/devise/rails/routes.rb +54 -31
  47. data/lib/devise/rails/warden_compat.rb +1 -10
  48. data/lib/devise/rails.rb +1 -10
  49. data/lib/devise/strategies/authenticatable.rb +1 -1
  50. data/lib/devise/strategies/database_authenticatable.rb +3 -3
  51. data/lib/devise/strategies/rememberable.rb +3 -6
  52. data/lib/devise/test_helpers.rb +10 -5
  53. data/lib/devise/token_generator.rb +1 -41
  54. data/lib/devise/version.rb +1 -1
  55. data/lib/devise.rb +115 -20
  56. data/lib/generators/active_record/devise_generator.rb +11 -5
  57. data/lib/generators/active_record/templates/migration.rb +2 -2
  58. data/lib/generators/active_record/templates/migration_existing.rb +2 -2
  59. data/lib/generators/devise/install_generator.rb +15 -0
  60. data/lib/generators/devise/orm_helpers.rb +1 -18
  61. data/lib/generators/devise/views_generator.rb +14 -3
  62. data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
  63. data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
  64. data/lib/generators/templates/devise.rb +19 -17
  65. data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
  66. data/lib/generators/templates/markerb/password_change.markerb +3 -0
  67. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  68. data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
  69. data/test/controllers/custom_registrations_controller_test.rb +5 -5
  70. data/test/controllers/custom_strategy_test.rb +7 -5
  71. data/test/controllers/helper_methods_test.rb +22 -0
  72. data/test/controllers/helpers_test.rb +1 -1
  73. data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
  74. data/test/controllers/internal_helpers_test.rb +8 -10
  75. data/test/controllers/load_hooks_controller_test.rb +1 -1
  76. data/test/controllers/passwords_controller_test.rb +4 -3
  77. data/test/controllers/sessions_controller_test.rb +21 -18
  78. data/test/controllers/url_helpers_test.rb +1 -1
  79. data/test/devise_test.rb +27 -0
  80. data/test/failure_app_test.rb +37 -15
  81. data/test/generators/active_record_generator_test.rb +0 -26
  82. data/test/generators/install_generator_test.rb +14 -3
  83. data/test/generators/views_generator_test.rb +7 -0
  84. data/test/helpers/devise_helper_test.rb +1 -1
  85. data/test/integration/authenticatable_test.rb +18 -18
  86. data/test/integration/confirmable_test.rb +5 -5
  87. data/test/integration/database_authenticatable_test.rb +1 -1
  88. data/test/integration/http_authenticatable_test.rb +4 -5
  89. data/test/integration/lockable_test.rb +4 -3
  90. data/test/integration/omniauthable_test.rb +12 -10
  91. data/test/integration/recoverable_test.rb +10 -10
  92. data/test/integration/registerable_test.rb +9 -11
  93. data/test/integration/rememberable_test.rb +42 -7
  94. data/test/integration/timeoutable_test.rb +16 -4
  95. data/test/integration/trackable_test.rb +1 -1
  96. data/test/mailers/confirmation_instructions_test.rb +6 -6
  97. data/test/mailers/reset_password_instructions_test.rb +5 -5
  98. data/test/mailers/unlock_instructions_test.rb +5 -5
  99. data/test/models/confirmable_test.rb +25 -1
  100. data/test/models/database_authenticatable_test.rb +26 -6
  101. data/test/models/lockable_test.rb +1 -1
  102. data/test/models/recoverable_test.rb +23 -0
  103. data/test/models/rememberable_test.rb +48 -95
  104. data/test/models/validatable_test.rb +2 -10
  105. data/test/models_test.rb +15 -6
  106. data/test/omniauth/url_helpers_test.rb +4 -7
  107. data/test/orm/active_record.rb +6 -1
  108. data/test/parameter_sanitizer_test.rb +103 -53
  109. data/test/rails_app/app/active_record/user.rb +1 -0
  110. data/test/rails_app/app/active_record/user_without_email.rb +8 -0
  111. data/test/rails_app/app/controllers/admins_controller.rb +1 -1
  112. data/test/rails_app/app/controllers/application_controller.rb +2 -2
  113. data/test/rails_app/app/controllers/home_controller.rb +5 -1
  114. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
  115. data/test/rails_app/app/controllers/users_controller.rb +5 -5
  116. data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
  117. data/test/rails_app/config/application.rb +1 -1
  118. data/test/rails_app/config/boot.rb +4 -4
  119. data/test/rails_app/config/environments/test.rb +6 -1
  120. data/test/rails_app/config/initializers/devise.rb +1 -1
  121. data/test/rails_app/config/initializers/secret_token.rb +1 -6
  122. data/test/rails_app/config/routes.rb +5 -0
  123. data/test/rails_app/lib/shared_user_without_email.rb +26 -0
  124. data/test/routes_test.rb +28 -13
  125. data/test/support/helpers.rb +4 -0
  126. data/test/support/http_method_compatibility.rb +51 -0
  127. data/test/support/webrat/integrations/rails.rb +9 -0
  128. data/test/test_helpers_test.rb +5 -5
  129. data/test/test_models.rb +1 -1
  130. metadata +41 -45
  131. data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
  132. data/gemfiles/Gemfile.rails-4.0-stable +0 -29
  133. data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
  134. data/script/cached-bundle +0 -49
  135. data/script/s3-put +0 -71
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class DeviseHelperTest < ActionDispatch::IntegrationTest
3
+ class DeviseHelperTest < Devise::IntegrationTest
4
4
  setup do
5
5
  model_labels = { models: { user: "the user" } }
6
6
  translations = {
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class AuthenticationSanityTest < ActionDispatch::IntegrationTest
3
+ class AuthenticationSanityTest < Devise::IntegrationTest
4
4
  test 'home should be accessible without sign in' do
5
5
  visit '/'
6
6
  assert_response :success
@@ -134,7 +134,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
134
134
  end
135
135
  end
136
136
 
137
- class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
137
+ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
138
138
  test 'not signed in should not be able to access private route (authenticate denied)' do
139
139
  get private_path
140
140
  assert_redirected_to new_admin_session_path
@@ -254,7 +254,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
254
254
  end
255
255
  end
256
256
 
257
- class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
257
+ class AuthenticationRedirectTest < Devise::IntegrationTest
258
258
  test 'redirect from warden shows sign in or sign up message' do
259
259
  get admins_path
260
260
 
@@ -300,7 +300,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
300
300
  end
301
301
 
302
302
  test 'xml http requests does not store urls for redirect' do
303
- get users_path, {}, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'
303
+ get users_path, headers: { 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest' }
304
304
  assert_equal 401, response.status
305
305
  assert_nil session[:"user_return_to"]
306
306
  end
@@ -317,7 +317,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
317
317
  end
318
318
  end
319
319
 
320
- class AuthenticationSessionTest < ActionDispatch::IntegrationTest
320
+ class AuthenticationSessionTest < Devise::IntegrationTest
321
321
  test 'destroyed account is signed out' do
322
322
  sign_in_as_user
323
323
  get '/users'
@@ -390,7 +390,7 @@ class AuthenticationSessionTest < ActionDispatch::IntegrationTest
390
390
  end
391
391
  end
392
392
 
393
- class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
393
+ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest
394
394
  test 'renders the scoped view if turned on and view is available' do
395
395
  swap Devise, scoped_views: true do
396
396
  assert_raise Webrat::NotFoundError do
@@ -431,7 +431,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
431
431
  end
432
432
  end
433
433
 
434
- class AuthenticationOthersTest < ActionDispatch::IntegrationTest
434
+ class AuthenticationOthersTest < Devise::IntegrationTest
435
435
  test 'handles unverified requests gets rid of caches' do
436
436
  swap ApplicationController, allow_forgery_protection: true do
437
437
  post exhibit_user_url(1)
@@ -472,7 +472,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
472
472
 
473
473
  test 'sign in with script name' do
474
474
  assert_nothing_raised do
475
- get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
475
+ get new_user_session_path, headers: { "SCRIPT_NAME" => "/omg" }
476
476
  fill_in "email", with: "user@test.com"
477
477
  end
478
478
  end
@@ -509,7 +509,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
509
509
 
510
510
  test 'sign in with xml format returns xml response' do
511
511
  create_user
512
- post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
512
+ post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
513
513
  assert_response :success
514
514
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
515
515
  end
@@ -519,13 +519,13 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
519
519
  assert_response :success
520
520
 
521
521
  create_user
522
- post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
522
+ post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
523
523
  assert_response :success
524
524
 
525
525
  get new_user_session_path(format: 'xml')
526
526
  assert_response :success
527
527
 
528
- post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
528
+ post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
529
529
  assert_response :success
530
530
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
531
531
  end
@@ -559,7 +559,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
559
559
  test 'sign out with non-navigational format via XHR does not redirect' do
560
560
  swap Devise, navigational_formats: ['*/*', :html] do
561
561
  sign_in_as_user
562
- xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
562
+ get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
563
563
  assert_response :no_content
564
564
  assert_not warden.authenticated?(:user)
565
565
  end
@@ -569,14 +569,14 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
569
569
  test 'sign out with navigational format via XHR does redirect' do
570
570
  swap Devise, navigational_formats: ['*/*', :html] do
571
571
  sign_in_as_user
572
- xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" }
572
+ get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" }
573
573
  assert_response :redirect
574
574
  assert_not warden.authenticated?(:user)
575
575
  end
576
576
  end
577
577
  end
578
578
 
579
- class AuthenticationKeysTest < ActionDispatch::IntegrationTest
579
+ class AuthenticationKeysTest < Devise::IntegrationTest
580
580
  test 'missing authentication keys cause authentication to abort' do
581
581
  swap Devise, authentication_keys: [:subdomain] do
582
582
  sign_in_as_user
@@ -593,7 +593,7 @@ class AuthenticationKeysTest < ActionDispatch::IntegrationTest
593
593
  end
594
594
  end
595
595
 
596
- class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest
596
+ class AuthenticationRequestKeysTest < Devise::IntegrationTest
597
597
  test 'request keys are used on authentication' do
598
598
  host! 'foo.bar.baz'
599
599
 
@@ -634,7 +634,7 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest
634
634
  end
635
635
  end
636
636
 
637
- class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
637
+ class AuthenticationSignOutViaTest < Devise::IntegrationTest
638
638
  def sign_in!(scope)
639
639
  sign_in_as_admin(visit: send("new_#{scope}_session_path"))
640
640
  assert warden.authenticated?(scope)
@@ -689,7 +689,7 @@ class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
689
689
  end
690
690
  end
691
691
 
692
- class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest
692
+ class DoubleAuthenticationRedirectTest < Devise::IntegrationTest
693
693
  test 'signed in as user redirects when visiting user sign in page' do
694
694
  sign_in_as_user
695
695
  get new_user_session_path(format: :html)
@@ -712,7 +712,7 @@ class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest
712
712
  end
713
713
  end
714
714
 
715
- class DoubleSignOutRedirectTest < ActionDispatch::IntegrationTest
715
+ class DoubleSignOutRedirectTest < Devise::IntegrationTest
716
716
  test 'sign out after already having signed out redirects to sign in' do
717
717
  sign_in_as_user
718
718
 
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class ConfirmationTest < ActionDispatch::IntegrationTest
3
+ class ConfirmationTest < Devise::IntegrationTest
4
4
 
5
5
  def visit_user_confirmation_with_token(confirmation_token)
6
6
  visit user_confirmation_path(confirmation_token: confirmation_token)
@@ -184,14 +184,14 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
184
184
 
185
185
  test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
186
186
  user = create_user(confirm: false)
187
- post user_confirmation_path(format: 'xml'), user: { email: user.email }
187
+ post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
188
188
  assert_response :success
189
189
  assert_equal response.body, {}.to_xml
190
190
  end
191
191
 
192
192
  test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
193
193
  create_user(confirm: false)
194
- post user_confirmation_path(format: 'xml'), user: { email: 'invalid.test@test.com' }
194
+ post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
195
195
  assert_response :unprocessable_entity
196
196
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
197
197
  end
@@ -213,7 +213,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
213
213
  test 'request an account confirmation account with JSON, should return an empty JSON' do
214
214
  user = create_user(confirm: false)
215
215
 
216
- post user_confirmation_path, user: { email: user.email }, format: :json
216
+ post user_confirmation_path, params: { user: { email: user.email }, format: :json }
217
217
  assert_response :success
218
218
  assert_equal response.body, {}.to_json
219
219
  end
@@ -249,7 +249,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
249
249
  end
250
250
  end
251
251
 
252
- class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
252
+ class ConfirmationOnChangeTest < Devise::IntegrationTest
253
253
  def create_second_admin(options={})
254
254
  @admin = nil
255
255
  create_admin(options)
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest
3
+ class DatabaseAuthenticationTest < Devise::IntegrationTest
4
4
  test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
5
5
  create_user(email: 'Foo@Bar.com')
6
6
 
@@ -1,10 +1,10 @@
1
1
  require 'test_helper'
2
2
 
3
- class HttpAuthenticationTest < ActionDispatch::IntegrationTest
3
+ class HttpAuthenticationTest < Devise::IntegrationTest
4
4
  test 'handles unverified requests gets rid of caches but continues signed in' do
5
5
  swap ApplicationController, allow_forgery_protection: true do
6
6
  create_user
7
- post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
7
+ post exhibit_user_url(1), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" }
8
8
  assert warden.authenticated?(:user)
9
9
  assert_equal "User is authenticated", response.body
10
10
  end
@@ -89,17 +89,16 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
89
89
  end
90
90
 
91
91
  private
92
-
93
92
  def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
94
93
  user = create_user
95
- get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
94
+ get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
96
95
  user
97
96
  end
98
97
 
99
98
  # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
100
99
  def add_oauth2_header
101
100
  user = create_user
102
- get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
101
+ get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
103
102
  end
104
103
 
105
104
  end
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class LockTest < ActionDispatch::IntegrationTest
3
+ class LockTest < Devise::IntegrationTest
4
4
 
5
5
  def visit_user_unlock_with_token(unlock_token)
6
6
  visit user_unlock_path(unlock_token: unlock_token)
@@ -132,9 +132,10 @@ class LockTest < ActionDispatch::IntegrationTest
132
132
  user = create_user(locked: true)
133
133
  ActionMailer::Base.deliveries.clear
134
134
 
135
- post user_unlock_path(format: 'xml'), user: {email: user.email}
135
+ post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
136
136
  assert_response :success
137
137
  assert_equal response.body, {}.to_xml
138
+
138
139
  assert_equal 1, ActionMailer::Base.deliveries.size
139
140
  end
140
141
 
@@ -142,7 +143,7 @@ class LockTest < ActionDispatch::IntegrationTest
142
143
  user = create_user(locked: false)
143
144
  ActionMailer::Base.deliveries.clear
144
145
 
145
- post user_unlock_path(format: 'xml'), user: {email: user.email}
146
+ post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
146
147
  assert_response :unprocessable_entity
147
148
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
148
149
  assert_equal 0, ActionMailer::Base.deliveries.size
@@ -1,7 +1,7 @@
1
1
  require 'test_helper'
2
2
 
3
3
 
4
- class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
4
+ class OmniauthableIntegrationTest < Devise::IntegrationTest
5
5
  FACEBOOK_INFO = {
6
6
  "id" => '12345',
7
7
  "link" => 'http://facebook.com/josevalim',
@@ -20,9 +20,11 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
20
20
  "credentials" => {"token" => 'plataformatec'},
21
21
  "extra" => {"user_hash" => FACEBOOK_INFO}
22
22
  }
23
+ OmniAuth.config.add_camelization 'facebook', 'FaceBook'
23
24
  end
24
25
 
25
26
  teardown do
27
+ OmniAuth.config.camelizations.delete('facebook')
26
28
  OmniAuth.config.test_mode = false
27
29
  end
28
30
 
@@ -40,7 +42,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
40
42
 
41
43
  test "can access omniauth.auth in the env hash" do
42
44
  visit "/users/sign_in"
43
- click_link "Sign in with Facebook"
45
+ click_link "Sign in with FaceBook"
44
46
 
45
47
  json = ActiveSupport::JSON.decode(response.body)
46
48
 
@@ -54,7 +56,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
54
56
  test "cleans up session on sign up" do
55
57
  assert_no_difference "User.count" do
56
58
  visit "/users/sign_in"
57
- click_link "Sign in with Facebook"
59
+ click_link "Sign in with FaceBook"
58
60
  end
59
61
 
60
62
  assert session["devise.facebook_data"]
@@ -75,7 +77,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
75
77
  test "cleans up session on cancel" do
76
78
  assert_no_difference "User.count" do
77
79
  visit "/users/sign_in"
78
- click_link "Sign in with Facebook"
80
+ click_link "Sign in with FaceBook"
79
81
  end
80
82
 
81
83
  assert session["devise.facebook_data"]
@@ -86,7 +88,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
86
88
  test "cleans up session on sign in" do
87
89
  assert_no_difference "User.count" do
88
90
  visit "/users/sign_in"
89
- click_link "Sign in with Facebook"
91
+ click_link "Sign in with FaceBook"
90
92
  end
91
93
 
92
94
  assert session["devise.facebook_data"]
@@ -96,13 +98,13 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
96
98
 
97
99
  test "sign in and send remember token if configured" do
98
100
  visit "/users/sign_in"
99
- click_link "Sign in with Facebook"
101
+ click_link "Sign in with FaceBook"
100
102
  assert_nil warden.cookies["remember_user_token"]
101
103
 
102
104
  stub_action!(:sign_in_facebook) do
103
105
  create_user
104
106
  visit "/users/sign_in"
105
- click_link "Sign in with Facebook"
107
+ click_link "Sign in with FaceBook"
106
108
  assert warden.authenticated?(:user)
107
109
  assert warden.cookies["remember_user_token"]
108
110
  end
@@ -118,16 +120,16 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
118
120
  OmniAuth.config.mock_auth[:facebook] = :access_denied
119
121
  visit "/users/auth/facebook/callback?error=access_denied"
120
122
  assert_current_url "/users/sign_in"
121
- assert_contain 'Could not authenticate you from Facebook because "Access denied".'
123
+ assert_contain 'Could not authenticate you from FaceBook because "Access denied".'
122
124
  end
123
125
 
124
126
  test "handles other exceptions from OmniAuth" do
125
127
  OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
126
128
 
127
129
  visit "/users/sign_in"
128
- click_link "Sign in with Facebook"
130
+ click_link "Sign in with FaceBook"
129
131
 
130
132
  assert_current_url "/users/sign_in"
131
- assert_contain 'Could not authenticate you from Facebook because "Invalid credentials".'
133
+ assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
132
134
  end
133
135
  end
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class PasswordTest < ActionDispatch::IntegrationTest
3
+ class PasswordTest < Devise::IntegrationTest
4
4
 
5
5
  def visit_new_password_path
6
6
  visit new_user_session_path
@@ -160,8 +160,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
160
160
  assert_response :success
161
161
  assert_current_url '/users/password'
162
162
  assert_have_selector '#error_explanation'
163
- assert_contain Devise.rails4? ?
164
- "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
163
+ assert_contain "Password confirmation doesn't match Password"
165
164
  assert_not user.reload.valid_password?('987654321')
166
165
  end
167
166
 
@@ -251,14 +250,14 @@ class PasswordTest < ActionDispatch::IntegrationTest
251
250
 
252
251
  test 'reset password request with valid E-Mail in XML format should return valid response' do
253
252
  create_user
254
- post user_password_path(format: 'xml'), user: {email: "user@test.com"}
253
+ post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} }
255
254
  assert_response :success
256
255
  assert_equal response.body, { }.to_xml
257
256
  end
258
257
 
259
258
  test 'reset password request with invalid E-Mail in XML format should return valid response' do
260
259
  create_user
261
- post user_password_path(format: 'xml'), user: {email: "invalid.test@test.com"}
260
+ post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} }
262
261
  assert_response :unprocessable_entity
263
262
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
264
263
  end
@@ -266,7 +265,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
266
265
  test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
267
266
  swap Devise, paranoid: true do
268
267
  create_user
269
- post user_password_path(format: 'xml'), user: {email: "invalid@test.com"}
268
+ post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} }
270
269
  assert_response :success
271
270
  assert_equal response.body, { }.to_xml
272
271
  end
@@ -275,8 +274,9 @@ class PasswordTest < ActionDispatch::IntegrationTest
275
274
  test 'change password with valid parameters in XML format should return valid response' do
276
275
  create_user
277
276
  request_forgot_password
278
- put user_password_path(format: 'xml'), user: {
277
+ put user_password_path(format: 'xml'), params: { user: {
279
278
  reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321'
279
+ }
280
280
  }
281
281
  assert_response :success
282
282
  assert warden.authenticated?(:user)
@@ -285,7 +285,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
285
285
  test 'change password with invalid token in XML format should return invalid response' do
286
286
  create_user
287
287
  request_forgot_password
288
- put user_password_path(format: 'xml'), user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'}
288
+ put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} }
289
289
  assert_response :unprocessable_entity
290
290
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
291
291
  end
@@ -293,7 +293,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
293
293
  test 'change password with invalid new password in XML format should return invalid response' do
294
294
  user = create_user
295
295
  request_forgot_password
296
- put user_password_path(format: 'xml'), user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'}
296
+ put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} }
297
297
  assert_response :unprocessable_entity
298
298
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
299
299
  end
@@ -301,7 +301,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
301
301
  test "when using json requests to ask a confirmable request, should not return the object" do
302
302
  user = create_user(confirm: false)
303
303
 
304
- post user_password_path(format: :json), user: { email: user.email }
304
+ post user_password_path(format: :json), params: { user: { email: user.email } }
305
305
 
306
306
  assert_response :success
307
307
  assert_equal response.body, "{}"
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class RegistrationTest < ActionDispatch::IntegrationTest
3
+ class RegistrationTest < Devise::IntegrationTest
4
4
 
5
5
  test 'a guest admin should be able to sign in successfully' do
6
6
  get new_admin_session_path
@@ -110,8 +110,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
110
110
  assert_template 'registrations/new'
111
111
  assert_have_selector '#error_explanation'
112
112
  assert_contain "Email is invalid"
113
- assert_contain Devise.rails4? ?
114
- "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
113
+ assert_contain "Password confirmation doesn't match Password"
115
114
  assert_contain "2 errors prohibited"
116
115
  assert_nil User.to_adapter.find_first
117
116
 
@@ -217,8 +216,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
217
216
  fill_in 'current password', with: '12345678'
218
217
  click_button 'Update'
219
218
 
220
- assert_contain Devise.rails4? ?
221
- "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
219
+ assert_contain "Password confirmation doesn't match Password"
222
220
  assert_not User.to_adapter.find_first.valid_password?('pas123')
223
221
  end
224
222
 
@@ -259,7 +257,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
259
257
  end
260
258
 
261
259
  test 'an admin sign up with valid information in XML format should return valid response' do
262
- post admin_registration_path(format: 'xml'), admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
260
+ post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
263
261
  assert_response :success
264
262
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
265
263
 
@@ -268,7 +266,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
268
266
  end
269
267
 
270
268
  test 'a user sign up with valid information in XML format should return valid response' do
271
- post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
269
+ post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
272
270
  assert_response :success
273
271
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
274
272
 
@@ -277,21 +275,21 @@ class RegistrationTest < ActionDispatch::IntegrationTest
277
275
  end
278
276
 
279
277
  test 'a user sign up with invalid information in XML format should return invalid response' do
280
- post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' }
278
+ post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } }
281
279
  assert_response :unprocessable_entity
282
280
  assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
283
281
  end
284
282
 
285
283
  test 'a user update information with valid data in XML format should return valid response' do
286
284
  user = sign_in_as_user
287
- put user_registration_path(format: 'xml'), user: { current_password: '12345678', email: 'user.new@test.com' }
285
+ put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } }
288
286
  assert_response :success
289
287
  assert_equal user.reload.email, 'user.new@test.com'
290
288
  end
291
289
 
292
290
  test 'a user update information with invalid data in XML format should return invalid response' do
293
291
  user = sign_in_as_user
294
- put user_registration_path(format: 'xml'), user: { current_password: 'invalid', email: 'user.new@test.com' }
292
+ put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } }
295
293
  assert_response :unprocessable_entity
296
294
  assert_equal user.reload.email, 'user@test.com'
297
295
  end
@@ -304,7 +302,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
304
302
  end
305
303
  end
306
304
 
307
- class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
305
+ class ReconfirmableRegistrationTest < Devise::IntegrationTest
308
306
  test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do
309
307
  sign_in_as_admin
310
308
  get edit_admin_registration_path
@@ -1,16 +1,16 @@
1
1
  require 'test_helper'
2
2
 
3
- class RememberMeTest < ActionDispatch::IntegrationTest
3
+ class RememberMeTest < Devise::IntegrationTest
4
4
  def create_user_and_remember(add_to_token='')
5
5
  user = create_user
6
6
  user.remember_me!
7
- raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
7
+ raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }
8
8
  cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
9
9
  user
10
10
  end
11
11
 
12
12
  def generate_signed_cookie(raw_cookie)
13
- request = ActionDispatch::TestRequest.new
13
+ request = Devise.rails5? ? ActionDispatch::TestRequest.create : ActionDispatch::TestRequest.new
14
14
  request.cookie_jar.signed['raw_cookie'] = raw_cookie
15
15
  request.cookie_jar['raw_cookie']
16
16
  end
@@ -47,8 +47,10 @@ class RememberMeTest < ActionDispatch::IntegrationTest
47
47
  get new_user_session_path
48
48
  assert request.session[:_csrf_token]
49
49
 
50
- post user_session_path, authenticity_token: "oops", user:
51
- { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
50
+ post user_session_path, params: {
51
+ authenticity_token: "oops",
52
+ user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
53
+ }
52
54
  assert_not warden.authenticated?(:user)
53
55
  assert_not request.cookies['remember_user_token']
54
56
  end
@@ -92,7 +94,6 @@ class RememberMeTest < ActionDispatch::IntegrationTest
92
94
  assert_response :success
93
95
  assert warden.authenticated?(:user)
94
96
  assert warden.user(:user) == user
95
- assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
96
97
  end
97
98
 
98
99
  test 'remember the user before sign up and redirect them to their home' do
@@ -118,6 +119,40 @@ class RememberMeTest < ActionDispatch::IntegrationTest
118
119
  end
119
120
  end
120
121
 
122
+ test 'extends remember period when extend remember period config is true' do
123
+ swap Devise, extend_remember_period: true, remember_for: 1.year do
124
+ user = create_user_and_remember
125
+ old_remember_token = nil
126
+
127
+ travel_to 1.day.ago do
128
+ get root_path
129
+ old_remember_token = request.cookies['remember_user_token']
130
+ end
131
+
132
+ get root_path
133
+ current_remember_token = request.cookies['remember_user_token']
134
+
135
+ refute_equal old_remember_token, current_remember_token
136
+ end
137
+ end
138
+
139
+ test 'does not extend remember period when extend period config is false' do
140
+ swap Devise, extend_remember_period: false, remember_for: 1.year do
141
+ user = create_user_and_remember
142
+ old_remember_token = nil
143
+
144
+ travel_to 1.day.ago do
145
+ get root_path
146
+ old_remember_token = request.cookies['remember_user_token']
147
+ end
148
+
149
+ get root_path
150
+ current_remember_token = request.cookies['remember_user_token']
151
+
152
+ assert_equal old_remember_token, current_remember_token
153
+ end
154
+ end
155
+
121
156
  test 'do not remember other scopes' do
122
157
  create_user_and_remember
123
158
  get root_path
@@ -135,7 +170,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
135
170
 
136
171
  test 'do not remember with expired token' do
137
172
  create_user_and_remember
138
- swap Devise, remember_for: 0 do
173
+ swap Devise, remember_for: 0.days do
139
174
  get users_path
140
175
  assert_not warden.authenticated?(:user)
141
176
  assert_redirected_to new_user_session_path
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class SessionTimeoutTest < ActionDispatch::IntegrationTest
3
+ class SessionTimeoutTest < Devise::IntegrationTest
4
4
 
5
5
  def last_request_at
6
6
  @controller.user_session['last_request_at']
@@ -20,7 +20,19 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
20
20
  old_last_request = last_request_at
21
21
  assert_not_nil last_request_at
22
22
 
23
- get users_path, {}, 'devise.skip_trackable' => true
23
+ get users_path, headers: { 'devise.skip_trackable' => true }
24
+ assert_equal old_last_request, last_request_at
25
+ end
26
+
27
+ test 'does not set last request at in user session after each request if timeoutable is disabled' do
28
+ sign_in_as_user
29
+ old_last_request = last_request_at
30
+ assert_not_nil last_request_at
31
+
32
+ new_time = 2.seconds.from_now
33
+ Time.stubs(:now).returns(new_time)
34
+
35
+ get users_path, headers: { 'devise.skip_timeoutable' => true }
24
36
  assert_equal old_last_request, last_request_at
25
37
  end
26
38
 
@@ -103,7 +115,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
103
115
  user = sign_in_as_user
104
116
  get expire_user_path(user)
105
117
 
106
- post "/users/sign_in", email: user.email, password: "123456"
118
+ post "/users/sign_in", params: { email: user.email, password: "123456" }
107
119
 
108
120
  assert_response :redirect
109
121
  follow_redirect!
@@ -163,7 +175,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
163
175
  assert warden.authenticated?(:user)
164
176
  end
165
177
 
166
- test 'does not crashes when the last_request_at is a String' do
178
+ test 'does not crash when the last_request_at is a String' do
167
179
  user = sign_in_as_user
168
180
 
169
181
  get edit_form_user_path(user, last_request_at: Time.now.utc.to_s)